[clamav-users] Clamav EOL Policy and Signatures
Scott Kitterman
debian at kitterman.com
Thu Mar 23 21:32:32 UTC 2023
I don't know if this is new or if I missed it before, but, now that I've
looked at https://docs.clamav.net/faq/faq-eol.html again, I have questions/
comments about the provision of signature support to EOL releases.
A little over a month ago (Feb 18) one of the Fedora clamav maintainers raised
concerns about the planned EOL date for 0.103.
First, I see the planned EOL data on clamav.net is the same as then. Is the
assessment about extending the support period still ongoing?
Second, we had some discussions about distros patching for security updates
after the support period if needed. I noticed today that the scheduled
termination date for being able to download signatures is the same as the EOL
date. That's a problem.
If 0.103 is going to be unable to download signatures as soon as Sep-14 2023,
then that means it's useless after that date. My recollection is that
historically signatures were only blocked for older versions when it was
technically unavoidable. As long as users can download signatures, then
distros can support users on older releases for as long as they can manage to
backport security fixes. If that's no longer the case, I don't know that it's
going to be feasible to ship it in a release.
Am I misunderstanding the table?
Scott K
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20230323/97874bf9/attachment.sig>
More information about the clamav-users
mailing list