Some more news about WHY there is no good outcome from GNU/Linux (GNU/Linux-libre) in the near future:
First the news perhaps many have already read as Red Hat has announced their Enterprise-oriented system-distribution no longer being "open-source". Attention therefore also: If you want to post only single-sided criticism about "Red Hat" as company or "why they are the inbound evil in its pure form", please don't. Yes, this is not a fine announcement and wind for sailing in the definite wrong direction. But as always: It is one decision of many and we are here not bound to it.
Second is a bit more of problem as ClamAV announced also vesion 0.105 will definitely need Rust for compiling. To quote:
We decided to extend the life of the 0.103 LTS release because of the significant changes to the build system in 0.104 and the change in 0.105 requiring the Rust programming language toolchain to compile ClamAV.
But there is even more to acknowledge:
ClamAV 0.103.0 was initially released on Sept. 14, 2020. With the additional year of support, and considering the change in the EOL Policy that allows one additional year of access for signature updates, this means that EOL dates for ClamAV 0.103 LTS are as follows:
- Expected End of Life (EOL): Sept. 14, 2024
- Patch versions continue until: Sept. 14, 2024
- Internal signature load testing until: Sept. 14, 2024
- Database downloads allowed until: Sept. 14, 2025
You look close enough? I underline the term again: Database downloads allowed until: Sept. 14, 2025
This is includes also: Currently, every version from ClamAV 0.102 and down, including all patch versions, are unsupported, and are actively blocked from downloading new updates. (source: https://docs.clamav.net/faq/faq-eol.html)
So the elementary question: Where is the "free as in freedom" here? Answer: There is none or at minimum we would need to port back the databases to come for older releases. You can clearly see where the decision is and it is not for "stable development", more towards "progress at any cost". But also to link their argumentation for including Rust as it just fair to do and they have for sure a reasoning: https://docs.clamav.net/faq/faq-rust.html
Yes, the more services are focussed only towards the "global network" (internet) in a whole, the more security-issues will occur and the more complex solutions to oppose them have to be. The reasoning for the change towards Rust is nevertheless a major issue as neither the licensing-problems are solved nor the the further to include dependencies are cleared up. So no fork is helping and also no rewrite as the issues persist.
And I repeat again why we have decided against Rust: Not only because of its questionable licensing. For compilation there is always cargo needed as there is no way around. Who makes sure that every further dependency downloaded at build-time is licensed free, libre and permissive? Exactly: No one. So at a point we will have decide if we can further safe include clamav or need to remove it fully. Nevertheless: For the moment the decision is not needed, but surely to be discussed.
And this all demonstrates one elemental point very well: We have lost control as we have given up and handed out essential parts of the system-infrastructure towards outside parties, we once thought being trustworthy. But the question would be: Are they for real trustworthy as they decide for us towards for our "well-being"? We are not talking about some health-situation, but about keeping data and information in hands. So the situation is also crucial and exactly the point why HyperbolaBSD is coming to existance. ClamAV is in hands and development of Cisco Systems, so this company is surely interested that people will always use their newest release. And how can we call those dependencies "free and libre" compatible? How can we even dare to ignore those parts for so long? Our goal as project is to emancipate every user hosting own services, being independent for the whole lifespan in regards to the own decision either to upgrade or not.
Yes, that "internet" is big, full with services and different protocols and not easy in many parts. But do we really want to hand out elementals of our data? For what pricing? To be seen? To get in "touch and contact"? I vote for that we step back and look at those crude picture for a moment. For me speaking: I don't want all of this at once and want to decide on my own, when something works ... why do I always need the newest update? Just because someone tells me? The own decision is important, not someone else positioning.
Human being in favor with clear principles and so also for freedom in soft- and hardware!
Certainly anyone who has the power to make you believe absurdities has the power to make you commit injustices: For a life of every being full with peace and kindness, including diversity and freedom. Capitalism is destroying our minds, the planet itself and the universe in the end!