Matt Fretwell wrote:
Bill Taroli wrote:
I completely agree with your point. But taken from a different perspective, this may be one reason to justify that such a product not be used in production IT environments. The point should *not* be missed that something so crucial to one's infrastructure -- that you would of course want to keep up to date -- should *require* updating on a weekly basis to solve *software* issues.
Two points this brings forward. Firstly, and foremost, it does have to be
accepted that Clam is still in pre version one state. Stability in any
software can only be achieved after an extended period of updating and
testing to make sure most avenues are covered. Things stabilise and level
off eventually, but that cannot happen straight away from scratch.
Which is exactly why it would be important for some people to choose to wait -- and not be forced or coerced by such dire warnings as (YOU ARE DOWNREV) in the log -- to implement when a new release comes out.
Secondly, if something is that crucial to your infrastucture, (and if
I've said it once, I've said it a thousand times), you should never have a
single point of failure within a system. If you are not running a backup,
then whatever comes is only to be expected. This applies to anything, not
just AV scanning.
Well, backup is one thing. Risk mitigation is another, and is why people needn't feel inferior for being one or two minor releases back (0.83??? for shame! ... and I was already getting those YOU'RE DOWNREV messages in my log as soon as 0.84 launched) when they read woes of issues found by more brave souls on the new releases. It goes hand-in-hand. But one thing is true... if we want good open-source products like this to go mainstream, then eventually they need to understand that people will expect more predictable performance (in terms of upgrades and allowing for a controlled release rather than jumping on every new dev build). And clamav and open-source aren't alone in this... to some extend all software products exhibit this problem, and why people (esp in IT) become so cautious about upgrading without evidence that others have done it without issue. :-)
Bill _______________________________________________ http://lurker.clamav.net/list/clamav-users.html
