On Tue, 2 Dec 2008 22:35:11 -0800 Michael Tautschnig <[EMAIL PROTECTED]> wrote: >Hi all, > >Just some notes on the Ubuntu diversions: > >> . >> * Merge from debian unstable, remaining changes: >> - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6 for >> clamav-daemon and clamav-freshclam >> - add debian/usr.bin.freshclam and debian/usr.sbin.clamd >> - debian/clamav-(daemon|freshclam).dirs: add etc/apparmor.d/force-complain >> - debian/clamav-(daemon|freshclam).install: install profiles >> - debian/clamav-(daemon|freshclam).preinst: create symlink for >> force-complain/ on pre-feisty upgrades, upgrades where apparmor-profiles >> profile is unchanged (ie non-enforcing) and upgrades where the profile >> doesn't exist. >> - debian/clamav-(daemon|freshclam).postrm: remove symlink in >> force-complain/ on purge. >> - debian/clamav-(daemon|freshclam).postinst.in: reload apparmor >> - update README.Debian with note on Apparmor > >Ok, so no apparmor in Debian thus far, so these will remain for the future.
Before this team was started (or perhaps just after) I had discussed including this in Debian (it'd be with suggests apparmor vice recommends). It's a very small change that does no harm if one does not have apparmor installed. Having it in the Debian package would make it possible to have identical source in both distros and assist any Debian admin who might have rolled their own apparmor. We've got enough testing of the profile now that I think the change is mature enough to merge back if there is no objection. >> * Enable upstream test suite in debian/rules >> - Not adding valgrind yet due to test failures >> . > >Shouldn't we also enable the test suite for Debian? Unless someone objects, >Scott, could you just merge that stuff? I could, but not right away. I was experimenting with merging using git and have got my local repository in a bad state right now. I need to clear some time to understand/fix what I've done. This is also why the Ubuntu branch is behind. This also needs a bit of discussion. First, enabling the test suite is as simple as adding 'make check' in debian/rules, so anyone with a working git feel free. Second, there is the question of what additional build-dep to add for more tests. It could be valgrind, electric-fence, and/or one othe whose name escapes me (it's a fork of electric-fence). The valgrind tests seem false positive prone from what I've seen. My recommendation is don't add it to the uploaded package for now, but test build with it and then file bugs with upstream on failures. The electric-fence tests pass, but I did not add it for Ubuntu because it's in Universe, not Main and the guidance I got from Ubuntu Security* was to not promote things solely because they'd enhance the test suite of a package. So yes, I'll do it if no one else gets to it first, but we ought to discuss exactly what's wanted for Debian. Scott K * In Ubuntu, Universe does not have any guarantee of security support from Canonical. It is done by the community. _______________________________________________ Pkg-clamav-devel mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/pkg-clamav-devel
