> On Mar 16, 2022, at 10:55 AM, Andrew C Aitchison <andrew@aitchison.me.uk> wrote:
>
> On Wed, 16 Mar 2022, Joel Esler via clamav-users wrote:
>>> On Mar 16, 2022, at 5:35 AM, Gary R. Schmidt <grschmidt@acm.org <mailto:grschmidt@acm.org>> wrote:
>>>
>>> On 16/03/2022 20:19, Christoph Moench-Tegeder via clamav-users wrote:
>>>> ## Joel Esler via clamav-users (clamav-users@lists.clamav.net <mailto:clamav-users@lists.clamav.net>):
>>>>> Can’t use wget.
>>>> Looks like "can't use anything which doesn't look like a web browser",
>>>> as BSD fetch hits the 403, too.
>>>> That's a major PITA on the BSD side (just like openSuse), but it
>>>> was working just fine at the time of the 0.104.2 release (and all
>>>> the time prior to that). Is there any reason behind making the source
>>>> (not talking about the database files) inaccessible like that?
>>>
>>> Hanlon's Razor: "Never attribute to malice what can be adequately explained by neglect, ignorance, or incompetence."
>>>
>>> With the added FLOSS variant, "or trying to show just how much smarter they are than everybody else.”
>>
>> It was done because there are people that download the entire ClamAV package from the same every every 1 minute and do a complete reinstall.
>
> I still do not understand why rate limiting failed to solve this issue.
> Was the problem technical or did policy mean it couldn't be used ?
Rate limiting mitigated it. It didn’t stop it. Data transfer is expensive. ClamAV is funded out of a larger budget, so expenses must be minded.
>
> On Wed, 16 Mar 2022, Joel Esler via clamav-users wrote:
>>> On Mar 16, 2022, at 5:35 AM, Gary R. Schmidt <grschmidt@acm.org <mailto:grschmidt@acm.org>> wrote:
>>>
>>> On 16/03/2022 20:19, Christoph Moench-Tegeder via clamav-users wrote:
>>>> ## Joel Esler via clamav-users (clamav-users@lists.clamav.net <mailto:clamav-users@lists.clamav.net>):
>>>>> Can’t use wget.
>>>> Looks like "can't use anything which doesn't look like a web browser",
>>>> as BSD fetch hits the 403, too.
>>>> That's a major PITA on the BSD side (just like openSuse), but it
>>>> was working just fine at the time of the 0.104.2 release (and all
>>>> the time prior to that). Is there any reason behind making the source
>>>> (not talking about the database files) inaccessible like that?
>>>
>>> Hanlon's Razor: "Never attribute to malice what can be adequately explained by neglect, ignorance, or incompetence."
>>>
>>> With the added FLOSS variant, "or trying to show just how much smarter they are than everybody else.”
>>
>> It was done because there are people that download the entire ClamAV package from the same every every 1 minute and do a complete reinstall.
>
> I still do not understand why rate limiting failed to solve this issue.
> Was the problem technical or did policy mean it couldn't be used ?
Rate limiting mitigated it. It didn’t stop it. Data transfer is expensive. ClamAV is funded out of a larger budget, so expenses must be minded.