[Bug 1040666] New: clamav-database should provide and obsolete clamav-db
http://bugzilla.suse.com/show_bug.cgi?id=1040666 Bug ID: 1040666 Summary: clamav-database should provide and obsolete clamav-db Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Minor Priority: P5 - None Component: Security Assignee: meissner@suse.com Reporter: astieger@suse.com QA Contact: qa-bugs@suse.de CC: max@suse.com Found By: Security Review Board Blocker: --- A change from Jan 2013:
- Remove the clamav-db subpackage. ClamAV installations should fetch current versions of the virus database directly from upstream. If there really is need for a packaged database, it should be in a separate package.
On Leap, this is currently clamav-database, with weekly updates coming from SLE.
From clamav.spec:
Obsoletes: clamav-db < 0.88.3
We last shipped a clamav-db package in openSUSE 12.2. It's a while back, but we are to retain clamav-database for the Leap use case (should we?), that package should be providing and obsoleting clamav-db? -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1040666 http://bugzilla.suse.com/show_bug.cgi?id=1040666#c1 --- Comment #1 from Reinhard Max <max@suse.com> --- How likely is it that a system that still runs 12.2 and has clamav-db installed can successfully be upgraded to Leap? BTW, in most use cases it makes no sense to use a packaged version of the database for various reasons, which is why I removed it in the first place. AFAIK clamav-database only exists for our internal virus scanning that happens as part of the package building in IBS. I think we don't ship it on SLE, so we also shouldn't ship it (or stop shipping it) on Leap. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1040666 http://bugzilla.suse.com/show_bug.cgi?id=1040666#c2 --- Comment #2 from Andreas Stieger <astieger@suse.com> --- (In reply to Reinhard Max from comment #1)
How likely is it that a system that still runs 12.2 and has clamav-db installed can successfully be upgraded to Leap?
Almost zero, I guess.
BTW, in most use cases it makes no sense to use a packaged version of the database for various reasons, which is why I removed it in the first place.
Correct, unless for air-gapped systems, which are not really exposed.
AFAIK clamav-database only exists for our internal virus scanning that happens as part of the package building in IBS. I think we don't ship it on SLE, so we also shouldn't ship it (or stop shipping it) on Leap.
Agree. Asked for it to be dropped: https://build.opensuse.org/request/show/500074 I guess you can close this bug. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1040666 http://bugzilla.suse.com/show_bug.cgi?id=1040666#c3 Andreas Stieger <astieger@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |FIXED --- Comment #3 from Andreas Stieger <astieger@suse.com> --- clamav-database dropped from Leap 42.3 -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com