On Tue 19 Jan 2016 at 16:27:36 +0100, Francois Gouget wrote: > On Mon, 18 Jan 2016, Francesco Ariis wrote: > > > On Mon, Jan 18, 2016 at 12:36:34PM +0100, Francois Gouget wrote: > > >> The clamav-unofficial-sigs package has quite important bugs that cause > > >> it to fail to retrieve the SecuriteInfo virus signatures and send cron > > >> spam every 4 hours. > > >> > > >> [..] > > >> > > >> So what's the proper way to report this issue? > > > > Hello Francois, > > I assume the bug you are talking about is #783228 [1]. > > clamav-unofficial-sigs is not maintained by a single person, but by > > ClamAV Team. > > Actually I think the following three bugs are duplicates of each other. > At least now if not initially (various SecuriteInfo databases went > offline progressively so symptoms changed over time). > > * 783228: clamav-unofficial-sigs: securiteinfo databases not available any > more > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783228 > > * 784832: clamav-unofficial-sigs: Multiple error message at each execution > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=784832 > > * 774763: clamav-unofficial-sigs: Updating the databases timeouts on a > regular basis > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774763 > (the timeouts are now 404s) > > Here is the activity for these bugs: > > Bug | Reported | User-provided workaround | ClamAV Team reply > 774763 | 2015/01/07 | 2015/04/24 | none > 783228 | 2015/04/24 | 2015/04/24 | none > 784832 | 2015/05/09 | 2016/01/18 | none > > So the the issues were reported over a year ago, workarounds provided > over 8 months ago, but the ClamAV team is nowhere to be found, hasn't > asked for more details, hasn't closed duplicate bugs, hasn't made any > new release of this package.
A small point: duplicate bugs are merged, not closed. You could do it if you are confident in your judgement. A more pertinent point is whether you should be concerned yet about a lack of the response. There could be a perfectly good reason for it. A year can be but the blink of an eyelid in Debian's calendar. :) > So I did send more data for bug 774763 and 784832 but I'm mostly just > repeating information that's already available on bug 783228. So given > that information was available 9 months ago I'm not too hopeful. > > I could also send a patch but is it really necessary when the 'fix' is > as simple as setting si_dbs="" in 00-clamav-unofficial-sigs.conf as was > described in bug 783228 (again, 9 months ago)? > > The right fix might be to upgrade to the newer upstream version > available from GitHub as reported in bug 785130, 9 months ago (that bug > got no reply at all). > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=785130 > > But then is it really the place of a user to provide a brand new package > for the maintainer to just push out? And I'm not willing to take over > maintainership because a) I'm not a Debian developer and b) I know I > won't have time to keep doing it. You've done what you can do. The trick is not to get too disheartened.