Re: [arch-general] ClamAV should be update to 0.93
* Attila [EMAIL PROTECTED] wrote: On Sonntag, 4. Mai 2008 22:28 Tino Reichardt wrote: It isn't to hard. Its just the plain truth. If the maintainer hasn't the time, he should give the package to someone else, which has the time. Okay, if you reduce this only to maintaining than it could be true but i suggest to think this to the end and this means for me that every distro without a company in the backhand can't ensure fulltime maintaining. Sorry to say, but if you want a guarantee than you have to buy it. But perhaps i can't recognize the problem because i don't think that clamav is so a important package for archlinux. For me there be more ways than only to asking for an package update. Another option could be to make this update, runs it and send the maintainer an email I asked that: Should I build a new package ? about the result. At this point it ends for the user and the devs itselfs have to look if there is a problem with maintaining or not. PS: I am not an admin of some important server which needs an update ;) Everybody of us here has root acount and so at the end we all be admins.-) Admin of an important server != admin of some private notebook ;) -- regards, TR pgpUhvBp1jgZB.pgp Description: PGP signature
Re: [arch-general] ClamAV should be update to 0.93
On Montag, 5. Mai 2008 08:12 Tino Reichardt wrote: I asked that: Should I build a new package ? Sorry, i overread this. Admin of an important server != admin of some private notebook ;) I want only to show that at the end everybody is an admin but okay i stop joking.-) See you, Attila
Re: [arch-general] ClamAV should be update to 0.93
On Sun 2008-05-04 12:47 , Tino Reichardt wrote: * pyther [EMAIL PROTECTED] wrote: * Tino Reichardt [EMAIL PROTECTED] wrote: Hello list, clamav should be updated. Why does the update of clamav take so long ? Should I build a new package ? Because the developers have a life, if you need a new package use abs and compile it. If they don't have the time to be a maintainer for some package, they shouldn't be the maintainer of it! My time is also short and thats the reason why I am no trusted user or the maintainer of packages like clamav. Being a security update it should be somewhat high priority, if the maintainer didn't update it yet is because he simply don't have the time to do so (and test it). Your whining is not helping anyone; bear in mind that the number of devs/TUs is limited and they have to manage a huge number of packages. If you want to help someway, you could update the package, test it and send the sources (PKGBUILD and other stuff) to the maintainer or maybe even in this mailing list. tl;dr : STFU. -- Alessio (molok) Bolognino Please send personal email to [EMAIL PROTECTED] Public Key http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xFE0270FB GPG Key ID = 1024D / FE0270FB 2007-04-11 Key Fingerprint = 9AF8 9011 F271 450D 59CF 2D7D 96C9 8F2A FE02 70FB pgptQuCRFvEbS.pgp Description: PGP signature
Re: [arch-general] ClamAV should be update to 0.93
On Sun, May 04, 2008 at 03:14:24PM +0200, solsTiCe d'Hiver wrote: when i try to use your PKGBUILD, i got this error Sorry, but the attached PKGBUILD is only a replacement for the one in the complete clamav makepkg-tarball. Get the complete clamav directory from abs (/var/abs/extra/clamav/) and replace the PKGBUILD there with mine. Or do simply change: pkgver=0.92 to pkgver=0.93 in current PKGBUILD (yes, that's all) do a: makepkg -g PKGBUILD and then a: makepkg Sorry for confusing the world ;-) Yes: a simple needed change and a rebuild could be sooo strong ;-) Maybe we have a Dev with 10 minutes time for changing and rebuilding... Gerhard -- DSSP - Deutschland sucht den Super Papst Casting mit Fliege
Re: [arch-general] ClamAV should be update to 0.93
* Alessio Bolognino [EMAIL PROTECTED] wrote: On Sun 2008-05-04 12:47 , Tino Reichardt wrote: * pyther [EMAIL PROTECTED] wrote: * Tino Reichardt [EMAIL PROTECTED] wrote: Hello list, clamav should be updated. Why does the update of clamav take so long ? Should I build a new package ? Because the developers have a life, if you need a new package use abs and compile it. If they don't have the time to be a maintainer for some package, they shouldn't be the maintainer of it! My time is also short and thats the reason why I am no trusted user or the maintainer of packages like clamav. Being a security update it should be somewhat high priority, if the maintainer didn't update it yet is because he simply don't have the time to do so (and test it). This exactly is the point! Versions before 0.92 are vulnerable, that should be fixed, as soon as possible. Your whining is not helping anyone; bear in mind that the number of devs/TUs is limited and they have to manage a huge number of packages. If you want to help someway, you could update the package, test it and send the sources (PKGBUILD and other stuff) to the maintainer or maybe even in this mailing list. I did not whine! I build it myself clamav by just replacing the $pkgver on my private x86_64 box. I just wanted to call some attention. But Arch Linux is known to be very up to date on nearly all packages. Why not on that security realted issue ? When clamav 0.94 is released, where should I upload the new PKGBUILD including the binaries for x86_64 and i686 ? Sorry for my english, it isn't the best :) -- regards, TR pgpc8ZBnGFu0j.pgp Description: PGP signature
Re: [arch-general] ClamAV should be update to 0.93
* Attila [EMAIL PROTECTED] wrote: On Sonntag, 4. Mai 2008 12:47 Tino Reichardt wrote: If they don't have the time to be a maintainer for some package, they shouldn't be the maintainer of it! For me this is definitely too hard. And unfair because archlinux is a distribution (as a lot of other too) which is managed by private individual for private individual. The devs of archlinux gives us with abs a perfect and easy understandable way to make in the most cases updates at the time we wants it. Irony on: That is why other distros with another package magagment needs fulltime maintaining.-) And to the argument of that clamav is a security update: This is only relevant for servers which have windows clients and in this case, sorry, this is at first the job of the admin of the server and opps this be you and not the maintainer of a package. It isn't to hard. Its just the plain truth. If the maintainer hasn't the time, he should give the package to someone else, which has the time. PS: I am not an admin of some important server which needs an update ;) -- regards, TR What if there are no other devs/maintainer? Maintainers have to be trusted, have to prove that they know what their doing etc... I wouldn't want someone random person from the community becoming a maintainer for a package or two, because you don't know what he or she knows. I wouldn't want to install a pkg that wipes out my whole /usr dir by mistake. Also if security is a big concern arch isn't probably the best distro to be using.
Re: [arch-general] ClamAV should be update to 0.93
On Sonntag, 4. Mai 2008 22:28 Tino Reichardt wrote: It isn't to hard. Its just the plain truth. If the maintainer hasn't the time, he should give the package to someone else, which has the time. Okay, if you reduce this only to maintaining than it could be true but i suggest to think this to the end and this means for me that every distro without a company in the backhand can't ensure fulltime maintaining. Sorry to say, but if you want a guarantee than you have to buy it. But perhaps i can't recognize the problem because i don't think that clamav is so a important package for archlinux. For me there be more ways than only to asking for an package update. Another option could be to make this update, runs it and send the maintainer an email about the result. At this point it ends for the user and the devs itselfs have to look if there is a problem with maintaining or not. PS: I am not an admin of some important server which needs an update ;) Everybody of us here has root acount and so at the end we all be admins.-) See you, Attila
Re: [arch-general] ClamAV should be update to 0.93
* Tino Reichardt [EMAIL PROTECTED] wrote: Hello list, clamav should be updated. Why does the update of clamav take so long ? Should I build a new package ? -- regards, TR
Re: [arch-general] ClamAV should be update to 0.93
On Wed, 2008-04-16 at 18:38 +0200, Tino Reichardt wrote: Hello list, clamav should be updated. I filed a bug with the two CVE links for the two security issues fixed by clamav 0.93 here http://bugs.archlinux.org/task/10214 signature.asc Description: This is a digitally signed message part
[arch-general] ClamAV should be update to 0.93
Hello list, clamav should be updated. -- regards, TR pgplsBCMitnUu.pgp Description: PGP signature
Re: [arch-general] ClamAV should be update to 0.93
On Wed, 2008-04-16 at 18:38 +0200, Tino Reichardt wrote: Hello list, clamav should be updated. I read about this in the news today. http://www.computerworlduk.com/technology/security-products/prevention/news/index.cfm?RSSnewsid=8536 0.93 fixes a security bug. Tino Reichardt, can you please file a bug in bugs.archlinux.org? Set Category to 'Security' Regards, Hussam Al-Tayeb signature.asc Description: This is a digitally signed message part
