On Fri, 28 Dec 2007 13:47:31 -0800, Florin Andrei wrote: Funny. The differerent design of the Fedora clamav packages has been a topic on various lists long ago. Actually, there's some rationale behind the complexity of the Fedora clamav packages: packager's decision based on security and versatility beyond basic clamav usage. The packages include %doc files. You can't avoid reading them. The packages are not compatible with Dag's packages. They have never been compatible with Dag's. This is no secret. They do work, albeit differently than Dag's. Unfortunately, the clamav users within the Fedora community have not cared enough about clamav in Fedora as would be necessary to either a) reach a consensus on how to package them, b) work with the original Fedora packager on enhancing them with a more convenient setup procedure, or c) do sufficient lobbying in order to convince Fedora Project leadership that something is "wrong" with Fedora's clamav packages and may need decision-finding on a higher level.

On Dec 28, 2007 5:10 PM, Michael Schwendt <bugs.michael(a)gmx.net&gt; wrote: I had a couple of conversations along the above. Enrico's position was it worked for him and that other changes were not what he had in mind. While it could have been the time I asked about (during one of the flame wars), translation issues, or the reality of it.. it was pretty much either his way or someone else maintain it and all his other packages. Since that was not what I was looking for.. I decided to let it rest. There has been a push to patch the EPEL packages to be more like the DAG clamav ones for 'various' reasons, but it has been held up in review for quite some time. -- Stephen J Smoogen. -- CSIRT/Linux System Administrator How far that little candle throws his beams! So shines a good deed in a naughty world. = Shakespeare. "The Merchant of Venice"

Stephen John Smoogen wrote: I don't know what are the approval criteria, but the following test must be passed by any package containing a daemon (service) before it's released: A package containing a daemon (service) must successfully execute "service daemon-init-script start" after the package has been installed. This command must launch a working instance of the daemon, with at least the basic functions enabled, the definition of "basic" depending on the daemon. No configuration changes should be required for that. Examples: Apache, Sendmail, Postfix, Squid. -- Florin Andrei http://florin.myip.org/

Florin Andrei píše v Pá 28. 12. 2007 v 19:20 -0800: Sorry, but this is simply not true. I own 2 packages that will never work like that. They need a manual configuration before they can be started. Dan

On Fri, 28 Dec 2007 18:38:29 -0700, Stephen John Smoogen wrote: If the documentation files are followed, it does work, doesn't it? And packages like exim-clamav do work, too? Btw, I'm not sure that Enrico also maintains the packages in EPEL. That's news to me that he wanted to drop all his packages. It would have been even more reason to make it an important issue for one of the relevant committees.

On Fri, 28 Dec 2007 19:16:27 -0800, Florin Andrei wrote: Please don't just repeat complaints without substance. Then be the volunteer to provide a package that includes the configuration files for such a "most basic" clamav daemon. AIUI, the Fedora clamav packager doesn't want to provide such defaults because he thinks it would be wrong to do that. The Fedora Package Collection is not closed, however, it is open to the community. You are not supposed to run that. Read the documentation first.

Michael Schwendt wrote: You are free to tell me what to do only _after_ you come up with a reasonable explanation as to why clamav is different from all other daemons out there and so it requires a different packaging philosophy. Until then, shut up. -- Florin Andrei http://florin.myip.org/

On Sat, 29 Dec 2007 10:34:29 -0700, Stephen John Smoogen wrote: Quote: | 'clamav-milter' itself should work out-of-the-box (after | commenting out the 'Example' line in /etc/clamd.d/milter.conf); Is that true? (I think requiring the admin to acknowledge an example config file is not asked too much) But I referred to the case the Fedora packager doesn't like: a single system-wide clamd instance. Surely such a service can be provided in a separate package, building on top of the clamav base (like the exim-clamav package for Exim does it). Because everytime it comes up, it's ignorance that leads to the initial complaints. Not all files in /etc/rc.d/init.d/ are service initscripts. None of the documentation claims that one should start clamav like that. Then, a person who complains is told about the need to complete configuration files first (which sounds like an interactive helper-script could aid with that), and the person still doesn't admit that the packages work. Instead, it is repeated that those configuration steps should not be necessary at all, and it is referred to a 3rd party package which starts a single preconfigured daemon. The Fedora packager points out what he thinks is wrong about starting a single clamd, and the discussion loops back to the beginning. That's why I suggest this issue is taken in front of a relevant Fedora technical committee to decide on whether it is too complicated to set up the packages and whether the packages fit into the Fedora Packaging philosophy. The initial package reviews have not been straight-forward, especially not since they contained technical problems and typos, which caused them to malfunction and which lead to a series of questions and answers about several aspects of the package design. For example, the purpose of the sub-packages, "virtual packages" and "capabilities" was not obvious or lead to feedback. At least one bigger thread should be on old fedora-extras-list. Is setting up Samba or ntpd so much easier? Heavy usage of virtual packages/capabilities in the clamav packaging may be intimidating, but it boils down to a documentation issue (and the package %descriptions explain quite a bit already).

On Sat, 29 Dec 2007 10:40:40 -0800, Florin Andrei wrote: "from all other daemons"? -> FUD.

Michael Schwendt wrote: Are you living in the same universe like everyone else? ntp can be launched immediately after it's installed. "service ntpd start" and it's working already. Samba may require setting up the workgroup at least, a couple more config items at most, then it's good to go. Or you can simply launch it as is and it will still work, albeit using the default workgroup. This is acceptable. This is very different from the situation with the EPEL clamav packages. -- Florin Andrei http://florin.myip.org/

On Sat, 29 Dec 2007 12:04:16 -0700, Kevin Fenzi wrote: What exactly would make the current packages "more usable"? Why can't a volunteer create and maintain a clamav configuration add-on package, which offers a single system-wide clamav daemon if that is requested by the clamav user base in Fedora/EPEL?

Kevin Fenzi wrote: Shouldn't this be brought up to the level of FESCo? Solving it only for EPEL if that is even possible seems the wrong solution to me. Rahul

On Sat, 29 Dec 2007 14:06:13 -0700, Kevin Fenzi wrote: Cannot find this in bugzilla. The /etc/sysconfig script disables the automatic update on purpose (to prevent unauthorized network access) and warns the user about that default. What is wrong with that? Is this in bugzilla? It also mails warnings and errors. Is this in bugzilla? https://bugzilla.redhat.com/239037 Just a %doc issue so far, IMO. Unless it is ruled that clamav must be in a single package. https://bugzilla.redhat.com/322381 - WONTFIX The list is interesting, but it adds more than what I thought has been the primary (only?) issue with the Fedora clamav packages.

On Sun, Dec 30, 2007 at 12:27:42AM +0100, Dag Wieers wrote: I would say they most certainly are _not_ copmatible. :) I don't use EPEL's clam packages either and instead use exclude/includepkgs to pull them in from rpmforge explicitly. Kind of a mess, but hey it works. :) Ray

On Dec 29, 2007 4:27 PM, Dag Wieers <dag(a)wieers.com&gt; wrote: I do not know. FUD is an overused acronym and probably is a corollary to Godwin's law. It also depends on the tone and how it was said. Email is not a medium to give tone or meaning to statements.. it is a medium for partisan bickering. This is not an issue that can be solved in a one paragraph email. It is a problem that will take a multi-line sets of emails and people reasonably listening to each other, asking for clarifications, and working towards and accepting an 'imperfect' middle ground. -- Stephen J Smoogen. -- CSIRT/Linux System Administrator How far that little candle throws his beams! So shines a good deed in a naughty world. = Shakespeare. "The Merchant of Venice"

On Dec 29, 2007 11:40 AM, Florin Andrei <florin(a)andrei.myip.org&gt; wrote: Comments like this one and others do not help get a fix. They just stir emotional hot-buttons that make sure that fixes don't happen. Yes clamav in EPEL/Fedora is not packaged the way that other repositories do it. It causes conflicts and other issues and does not seem to be what people expect out of a system service. However, every thread that has started like this one has has just made the package more stuck in the way it is. So while we work out human issues on our part (which will take as long as any EU debate..) how can we get your system working again. My first suggestion would be to back out the clamav from EPEL and also figure out what packages you are wanting from each repository.. and why. Second put in yum-priorities to put each repository at a level... its not a great fix.. having 'local' repos is a better fix but that is outside the scope of this email. -- Stephen J Smoogen. -- CSIRT/Linux System Administrator How far that little candle throws his beams! So shines a good deed in a naughty world. = Shakespeare. "The Merchant of Venice"

Michael Schwendt wrote: That sounds good enough. Still not perfect, but it's something that can be lived with. -- Florin Andrei http://florin.myip.org/

Hi, On Sat, 2007-12-29 at 10:17 +0100, Dan Horák wrote: So your package must be fixed, too. Regards, -- Devrim GÜNDÜZ , RHCE PostgreSQL Replication, Consulting, Custom Development, 24x7 support Managed Services, Shared and Dedicated Hosting Co-Authors: plPHP, ODBCng - http://www.commandprompt.com/

On Mon, 31 Dec 2007 11:30:37 -0700, Kevin Fenzi wrote: It's not mandatory, but it's nice to the user. Installation of a package should not enable a network-using service automatically. Accessing the network to download data may be seen as a lesser problem than binding a service to a public port. But both are issues where the user/admin ought to opt-in rather than opt-out. This question is biased. The update feature is not missing, it can be enabled for automated downloads if the software is told to do that. uid/gid removal IMO is a "must not" unless all files with that uid/gid are removed as well. Yes, based on older [similar threads] that was my impression. The typical clamav-in-fedora critic complains that starting clamd takes more than installing the package and running a service script. It is certainly not the first time somebody tried to run the wrapper-script without even skimming over the readme file.

On Jan 1, 2008 9:10 PM, Steven Pritchard <steve(a)silug.org&gt; wrote: Yes and other packages (many more in the past)... it is a line that core packages seem to fall on both sides of. Do not turn on unless there is a network, do not run if there isn't a general configuration, do not have a configuration unless it is useful out-of-the-box for a large segment. -- Stephen J Smoogen. -- CSIRT/Linux System Administrator How far that little candle throws his beams! So shines a good deed in a naughty world. = Shakespeare. "The Merchant of Venice"

Michael Schwendt wrote: OK ... people can argue about this until we are all blue in the face. The real answer, however is what your customers want. People who routinely do not give their customers what they want find themselves without any customers. SO, I would think long and hard about such flaming comments as I have seen on this thread. If you don't care much for/about your customers, eventually you won't have to. Thanks, Johnny Hughes

On Wed, Jan 02, 2008 at 02:48:21PM +0100, Michael Schwendt wrote: There are users however, and shouldn't it be your goal to make your package as useable as it can be by as many users as possible -- taking into account their feedback (no matter how combative it may seem to the maintainer)? Even if you don't consider "users" customers, the effects are the same. People will go elsewhere to fufill their need. And a packager that says "whoop dee doo I don't care" maybe isn't the best maintainer for that package. :) Just my $0.02 Ray

Michael Schwendt wrote: Thank God for definitions - the perfect shelter against harsh, cold, inconvenient reality. -- Florin Andrei http://florin.myip.org/