Re: Reporting unmaintained packages

To: Francesco Ariis <fa-ml@ariis.it>
Cc: debian-user@lists.debian.org
Subject: Re: Reporting unmaintained packages
From: Francois Gouget <fgouget@free.fr>
Date: Tue, 19 Jan 2016 16:27:36 +0100 (CET)
Message-id: <[🔎] alpine.DEB.2.20.1601191550240.3410@amboise>
In-reply-to: <[🔎] 20160118144057.GA13853@casa.casa>
References: <[🔎] alpine.DEB.2.20.1601181227330.10988@amboise> <[🔎] 20160118144057.GA13853@casa.casa>

On Mon, 18 Jan 2016, Francesco Ariis wrote:

> On Mon, Jan 18, 2016 at 12:36:34PM +0100, Francois Gouget wrote:
> >> The clamav-unofficial-sigs package has quite important bugs that cause 
> >> it to fail to retrieve the SecuriteInfo virus signatures and send cron 
> >> spam every 4 hours.
> >> 
> >> [..]
> >> 
> >> So what's the proper way to report this issue?
> 
> Hello Francois,
>     I assume the bug you are talking about is #783228 [1].
> clamav-unofficial-sigs is not maintained by a single person, but by
> ClamAV Team.

Actually I think the following three bugs are duplicates of each other. 
At least now if not initially (various SecuriteInfo databases went 
offline progressively so symptoms changed over time).

* 783228: clamav-unofficial-sigs: securiteinfo databases not available any more
  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783228

* 784832: clamav-unofficial-sigs: Multiple error message at each execution
  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=784832

* 774763: clamav-unofficial-sigs: Updating the databases timeouts on a regular basis
  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774763
  (the timeouts are now 404s)

Here is the activity for these bugs:

Bug    | Reported   | User-provided workaround | ClamAV Team reply
774763 | 2015/01/07 | 2015/04/24               | none
783228 | 2015/04/24 | 2015/04/24               | none
784832 | 2015/05/09 | 2016/01/18               | none

So the the issues were reported over a year ago, workarounds provided 
over 8 months ago, but the ClamAV team is nowhere to be found, hasn't 
asked for more details, hasn't closed duplicate bugs, hasn't made any 
new release of this package.

So I did send more data for bug 774763 and 784832 but I'm mostly just 
repeating information that's already available on bug 783228. So given 
that information was available 9 months ago I'm not too hopeful.

I could also send a patch but is it really necessary when the 'fix' is 
as simple as setting si_dbs="" in 00-clamav-unofficial-sigs.conf as was 
described in bug 783228 (again, 9 months ago)?

The right fix might be to upgrade to the newer upstream version 
available from GitHub as reported in bug 785130, 9 months ago (that bug 
got no reply at all).

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=785130

But then is it really the place of a user to provide a brand new package 
for the maintainer to just push out? And I'm not willing to take over 
maintainership because a) I'm not a Debian developer and b) I know I 
won't have time to keep doing it.

-- 
Francois Gouget <fgouget@free.fr>              http://fgouget.free.fr/
                           La terre est une bêta...

Reply to:

Follow-Ups:
- Re: Reporting unmaintained packages
  - From: Brian <ad44@cityscape.co.uk>

References:
- Reporting unmaintained packages
  - From: Francois Gouget <fgouget@free.fr>
- Re: Reporting unmaintained packages
  - From: Francesco Ariis <fa-ml@ariis.it>

Prev by Date: Re: eagle-lin64-7.5.0.run, won't
Next by Date: Re: Libre graphics could become the standard if we push right now
Previous by thread: Re: Reporting unmaintained packages
Next by thread: Re: Reporting unmaintained packages
Index(es):
- Date
- Thread