On Mon, 16 May 2005, Les Mikesell wrote: > On Mon, 2005-05-16 at 09:46, Dag Wieers wrote: > > > Yes, I actually asked the clamav people to not break clamav everytime they > > release a new version. It seems so silly to expect everyone to upgrade the > > day a new version is available. Sadly they still show that very confusing > > message, and I get tons of mail from people that think they have to tell > > me that a new version is released... > > For a virus scanner or other security-related items, it is silly *not* > to update the day a new version is released. Well-written exploits are > capable of flooding the internet in a day. In clam's case it only > matters if the new code is necessary to detect some virus, though, and > they may be making the announcements on changes that only affect > efficiency. Fact is that a new release of the scanner is not always a security related matter. As long as your virus scanner still can download the latest updates (what it didn't do at first), they fixed that but still act as if your system stopped working. A false sense of security is as bad as thinking you have no security even when you do. Because there might be more important security problems that you are ignoring trying to fix this. Remark 1: None of the vendors will ship a new clamav the day it is released without a proper test. And often even not if the previous did not beak anything serious. On the clamav internal mailinglist they announce it a few hours before the mirrors are updated and it appears on freshmeat. Remark 2: If you look at Fedora, they still ship Clamav 0.71. Which is fine since it still downloads the latest viruslist iirc. So yes, the current practice is pretty silly. Making people panic for no reason is even illegal in some environments :) Kind regards, -- dag wieers, dag@xxxxxxxxxx, http://dag.wieers.com/ -- [all I want is a warm bed and a kind word and unlimited power]