On Mon, 18 Jan 2016, Francesco Ariis wrote: > On Mon, Jan 18, 2016 at 12:36:34PM +0100, Francois Gouget wrote: > >> The clamav-unofficial-sigs package has quite important bugs that cause > >> it to fail to retrieve the SecuriteInfo virus signatures and send cron > >> spam every 4 hours. > >> > >> [..] > >> > >> So what's the proper way to report this issue? > > Hello Francois, > I assume the bug you are talking about is #783228 [1]. > clamav-unofficial-sigs is not maintained by a single person, but by > ClamAV Team.
Actually I think the following three bugs are duplicates of each other. At least now if not initially (various SecuriteInfo databases went offline progressively so symptoms changed over time). * 783228: clamav-unofficial-sigs: securiteinfo databases not available any more https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783228 * 784832: clamav-unofficial-sigs: Multiple error message at each execution https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=784832 * 774763: clamav-unofficial-sigs: Updating the databases timeouts on a regular basis https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774763 (the timeouts are now 404s) Here is the activity for these bugs: Bug | Reported | User-provided workaround | ClamAV Team reply 774763 | 2015/01/07 | 2015/04/24 | none 783228 | 2015/04/24 | 2015/04/24 | none 784832 | 2015/05/09 | 2016/01/18 | none So the the issues were reported over a year ago, workarounds provided over 8 months ago, but the ClamAV team is nowhere to be found, hasn't asked for more details, hasn't closed duplicate bugs, hasn't made any new release of this package. So I did send more data for bug 774763 and 784832 but I'm mostly just repeating information that's already available on bug 783228. So given that information was available 9 months ago I'm not too hopeful. I could also send a patch but is it really necessary when the 'fix' is as simple as setting si_dbs="" in 00-clamav-unofficial-sigs.conf as was described in bug 783228 (again, 9 months ago)? The right fix might be to upgrade to the newer upstream version available from GitHub as reported in bug 785130, 9 months ago (that bug got no reply at all). https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=785130 But then is it really the place of a user to provide a brand new package for the maintainer to just push out? And I'm not willing to take over maintainership because a) I'm not a Debian developer and b) I know I won't have time to keep doing it. -- Francois Gouget <fgou...@free.fr> http://fgouget.free.fr/ La terre est une bĂȘta...
