jdow wrote:
Denis, that should not be required, period. ClamAV is out of date. It has a denial of service vulnerability for the version RedHat supplies. 0.90 is what is suggested by the ClamAV people for use. You should get CERT advisories, fellas. Amd you should act on them.
jdow, I agree with you it shouldn't be required. However filing bugs to bugzilla is a *very* important part of the Fedora community process. Were you to complain to fedora-extras-list or fedora-devel-list about a particular package problem, you would get that same exact answer.
I maintain Inkscape, and I can tell you I get a bugzilla request for an upgrade within *hours* of every new release :-) even though i don't need them since i'm on the upstream mailing list anyways...
Essentially it saddens me greatly when i read a post that encourages people to use a package from a third-party repo because the one in extras is unusable. But there's nothing I can do about it, I'm not a clamav expert or user so I can't file a bug myself with any sort of credibility. The issue cannot be brought up to the devel list without having existing user-filed bugzilla entries to back up claims.
-denis
