[clamav-users] Debian packaging
Simon Hobson
linux at thehobsons.co.uk
Wed Feb 12 16:03:03 UTC 2014
Greg Folkert <greg at donor.com> wrote:
> Debian Stable is that. If you must have 0.98.1, you should also be using
> "backports"... at least I used to until I just used Sid for everything.
> Backports help extend Stable's longevity and "freshness" a bit... but it
> is no guarantee 0.98.1 will be there.
Actually it should filter down once it's gone through some testing. "Stable" means different things to different packages - and AFAIK policy hasn't changed much in terms of updating "volatile" security related packages like ClamAV.
Matthew Newton <mcn4 at leicester.ac.uk> wrote:
> Debian's policy is to ensure that stable means stable - so they
> only generally apply security patches. There was a "volatile"
> repository once as they realised that software like ClamAV needs
> updating more but conflicted with normal policy; it looks like
> it's been replaced, but I don't know if they still maintain the
> ClamAV package there.
It is still there, just under a different name - should be covered by the <version>/updates (eg wheezy/updates) source.
http://www.debian.org/security/
As for installing the update, as pointed out there are several options. If you have wheezy/updates in your apt-sources list then it should appear (eventually) after passing through Debian's quality processes.
If you want it sooner, then pull it from testing - something I've done with a few packages from time to time. I've found that mostly things are "fairly reliable" by the time they reach testing - but it's worth a scan of the bugs list first.
Or if you want bleeding edge - either install from upstream source, or install from unstable. Unstable can be, well, unstable - so you roll your dice and take your chances.
Personally, I try to avoid installing from source. Not because I can't do it (I have done it when I've had no option), but I have to consider maintainability - especially if I've moved on and the system gets inherited by someone with "limited" Linux/FOSS skills. YMMV - what you do on a home system (only you to consider) or in an environment where there are plenty of experienced Linux/FOSS admins is one thing; what you do when there's no such people around is another.
More information about the clamav-users
mailing list