[Pkg-clamav-devel] [bubulle at debian.org: Bug#523573: clamav: [debconf_rewrite] Debconf templates and debian/control review]

Michael Tautschnig mt at debian.org
Sat Apr 11 13:02:14 UTC 2009


Hi all,

As briefly discussed with Stephen on IRC, we should try to reach consensus here
before replying to Christian. Note that this must happen before Tuesday.
Probably we should also agree on who actually sends out this response. I'll try
to bring up all my points in this mail, so anybody else doing a later review may
send out the comments without awaiting further response from my side.

Just one point that I'd like to discuss as well: Should we ask Christian to
allows us to change the other template files as well (adding and removing some
questions, we've got a few bug reports about this) and then get all the changes
reviewed at once?

[...]

I'll keep the full patch inline so later comments can follow up on this one,
even if commenting parts I didn't say anything about them.

> --- clamav.old/debian/clamav-milter.templates	2009-03-26 19:12:49.816449140 +0100
> +++ clamav/debian/clamav-milter.templates	2009-04-11 09:03:18.482051647 +0200
> @@ -1,26 +1,33 @@
> +# These templates have been reviewed by the debian-l10n-english
> +# team
> +#
> +# If modifications/additions/rewording are needed, please ask
> +# debian-l10n-english at lists.debian.org for advice.
> +#
> +# Even minor modifications require translation updates and such
> +# changes should be coordinated with translators and reviewers.
> +
>  Template: clamav-milter/debconf
>  Type: boolean
>  Default: true
>  _Description: Handle the configuration file automatically?
>   Some options must be configured for clamav-milter.
>   .
> - The ClamAV suite won't work if it isn't configured. If you do not
> + It won't work if it isn't configured. If you do not
>   configure it automatically, you'll have to configure
> - /etc/clamav/clamav-milter.conf manually or run 'dpkg-reconfigure clamav-milter'
> + /etc/clamav/clamav-milter.conf manually or run "dpkg-reconfigure clamav-milter"
>   later. In any case, manual changes in /etc/clamav/clamav-milter.conf will
>   be respected.
>  
>  Template: clamav-milter/MilterSocket
>  Type: string
>  Default: /var/run/clamav/milter.ctl
> -_Description: Define the interface through to communicate with sendmail:
> - Possible formats are:
> - .
> - Unix domain socket: [[unix|local]:]/path/to/file
> - .
> - IPv4 socket: inet:port@[hostname|ip-address]
> - .
> - IPv6 socket: inet6:port@[hostname|ip-address]
> +_Description: Communication interface with Sendmail:
> + Please choose the method that should be used by clamav-milter to
> + communicate with Sendmail. The following formats can be used:
> +  - Unix domain socket: [[unix|local]:]/path/to/file
> +  - IPv4 socket       : inet:port@[hostname|ip-address]
> +  - IPv6 socket       : inet6:port@[hostname|ip-address]
>  
>  Template: clamav-milter/FixStaleSocket
>  Type: boolean
> @@ -32,142 +39,168 @@
>  Default: clamav
>  _Description: User to run clamav-milter as:
>   It is recommended to run the ClamAV programs as a non-privileged user.
> - This will work with most MTAs with a little tweaking, but if you want to
> - use clamd for filesystem scans, running as root is probably unavoidable.
> + This will work with most MTAs with a little tweaking.
> + .
>   Please see README.Debian in the clamav-base package for details.
>  
>  Template: clamav-milter/AddGroups
>  Type: string
>  _Description: Groups for clamav-milter (space-separated):
>   By default, clamav-milter runs as a non-privileged user. If you need
> - clamav-milter to be able to access files owned by another user (e.g., in
> - combination with an MTA), then you will need to add clamav to the group for
> - that piece of software. Please see README.Debian in the clamav-base package for
> + clamav-milter to be able to access files owned by another user (for
> + instance when it is used in combination with an MTA), this user
> + need to be added to the relevant group(s).
> + .
> + Please see README.Debian in the clamav-base package for
>   details.
>  

IMHO in "this user need to be added ..." it is not clear what "this" is
referring to. Should probably be rephrased to "the user running clamav-milter
need to be added ..."

>  Template: clamav-milter/ReadTimeout
>  Type: string
>  Default: 120
> -_Description: Waiting for data from clamd will timeout after this time (seconds):
> - Set to a value of '0' to disable the timeout.
> +_Description: Wait timeout for data coming from clamd:
> + Please enter the delay (in seconds) before clamav-milter times out when it is
> + waiting for incoming data from clamd.
> + .
> + Choosing "0" will disable this timeout.
>  
>  Template: clamav-milter/Foreground
>  Type: boolean
>  Default: false
> -_Description: Stay in foreground (don't fork)?
> +_Description: Should clamav-milter stay in foreground (not forking)?
>  
>  Template: clamav-milter/Chroot
>  Type: string
>  _Description: Chroot to directory:
> - Chrooting is performed just after reading the config file and before dropping
> - privileges. An empty value means don't chroot.
> + Clamav-milter can run in a chroot jail. It will enter it after reading
> + the configuration file and before dropping root privileges.
> + .
> + If this field is left empty, no chrooting will occur.
>  
>  Template: clamav-milter/PidFile
>  Type: string
>  Default: /var/run/clamav/clamav-milter.pid
>  _Description: PID file:
> - This option allows you to save a process identifier of the listening daemon
> - (main thread).
> + Please specify the process identifier file location for clamav-milter's
> + listening daemon (main thread).
>  
>  Template: clamav-milter/TemporaryDirectory
>  Type: string
>  Default: /tmp
> -_Description: Optional path to the global temporary directory:
> -  If unset, $TMPDIR and $TEMP will be honored.
> +_Description: Global temporary directory path:
> + Please specify the directory for clamav-milter's temporary files.
> + If unset, $TMPDIR and $TEMP will be honored.
> 

I think "Global" should just be dropped.

>  Template: clamav-milter/ClamdSocket
>  Type: string
>  Default: unix:/var/run/clamav/clamd.ctl
> -_Description: Define the clamd socket to connect to for scanning:
> - To refer to a local unix socket using a absolute path, use unix:path (e.g.,
> - unix:/var/run/clamd/clamd.socket). A local or remote TCP socket is specified
> - using the tcp:host:port syntax. The host can be a hostname or an ip address;
> - the ":port" field is only required for IPv6 addresses, otherwise it defaults to
> - 3310 (e.g., tcp:192.168.0.1).
> - .
> - This option can be repeated several times (separated by whitespace) with
> - different sockets or even with the same socket: clamd servers will be selected
> - in a round-robin fashion.
> +_Description: Clamd socket to connect to for scanning:
> + Please specify the socket to use to connect to the ClamAV daemon for
> + scanning purposes. Possible choices are:
> +  - a local unix socket using an absolute path, in "unix:path" format
> +    (for example: unix:/var/run/clamd/clamd.socket);
> +  - a local or remote TCP socket in "tcp:host:port" format (for example:
> +    tcp:192.168.0.1). The "host" value can be either a hostname or an IP
> +    address, and the "port" is only required for IPv6 addresses,
> +    defaulting to 3310 otherwise.
> + .
> + You may specify multiple choices, separated by spaces. In such cases, the
> + clamd servers will be selected in a round-robin fashion.
> 

"In such cases" -- does one need to use plural here?

>  Template: clamav-milter/LocalNet
>  Type: string
> -_Description: Exclusions - IP ranges:
> - Messages originating from these hosts/networks will not be scanned.  This
> - option takes a host(name)/mask pair in CIRD notation and can be repeated
> - several times (separated by whitespace). If "/mask" is omitted, a host is
> - assumed.  To specify a locally originated, non-smtp, email use the keyword
> - "local".
> +_Description: Hosts excluded from scanning:
> + Please specify, in CIDR notation (host(name)/mask), the hosts for
> + which no scanning should be performed on incoming mail. Multiple entries
> + should be separated by spaces. The "local" shortcut can be used to
> + specify locally-originated (non-SMTP) email.
>   .
> - If unset, everything regardless of the origin is scanned.
> + If this field is left empty, all incoming mail will be scanned.
>  
>  Template: clamav-milter/Whitelist
>  Type: string
> -_Description: Exclusions - Regular expressions:
> - This option specifies a file which contains a list of POSIX regular
> - expressions. Addresses (sent to or from) matching these regexes will not be
> - scanned.  Optionally each line can start with the string "From:" or "To:"
> - (note: no whitespace after the colon) indicating if it is, respectively, the
> - sender or recipient that is to be whitelisted.  If the field is missing, "To:"
> - is assumed.
> - .
> - Lines in this file starting with #, : or ! are ignored.
> +_Description: Mail addresses whitelist:
> + Please specify the path to a whitelist file, listing email addresses
> + that should cause scanning to be bypassed.
> + .
> + Each line in this file should be a POSIX regular expression; lines
> + starting with "#", ":" or "!" will be ignored as comments.
> + .
> + Lines may start with "From:" (with no space after the colon) to make
> + the whitelisting apply to matching sender addresses; otherwise, or
> + with a "To:" prefix, it affects recipient addresses.
>  
>  Template: clamav-milter/OnClean
>  Type: select
> -Choices: Accept, Reject, Defer, Blackhole, Quarantine
> +__Choices: Accept, Reject, Defer, Blackhole, Quarantine
>  Default: Accept
> -_Description: Action to be performed on clean messages (mostly useful for testing):
> - The following actions are available:
> - .
> - - Accept: The message is accepted for delievery
> - .
> - - Reject: Immediately refuse delievery (a 5xx error is returned to the peer)
> +_Description: Action to perform on clean messages:
> + Please choose the action to perform on "clean" messages:
>   .
> - - Defer: Return a temporary failure message (4xx) to the peer
> +  - Accept    : accept the message for delivery;
> +  - Reject    : immediately refuse delivery (with a 5xx error);
> +  - Defer     : return a temporary failure message (4xx);
> +  - Blackhole : accept the message then drop it;
> +  - Quarantine: accept the message then quarantine it. With
> +                Sendmail, the quarantine queue can be examined
> +                with "mailq -qQ". With Postfix, such mails are placed
> +                on hold.
>   .
> - - Blackhole (not available for OnFail): Like accept but the message is sent to
> -   oblivion
> - .
> - - Quarantine (not available for OnFail): Like accept but message is quarantined
> -   instead of being delivered In sendmail the quarantine queue can be examined
> -   via mailq -qQ For Postfix this causes the message to be accepted but placed
> -   on hold
> + This setting is meant for testing purposes only.
> 

I think Stephen already suggested it earlier on: we should drop this option.

>  Template: clamav-milter/OnInfected
>  Type: select
> -Choices: Accept, Reject, Defer, Blackhole, Quarantine
> +__Choices: Accept, Reject, Defer, Blackhole, Quarantine
>  Default: Quarantine
> -_Description: Action to be performed on infected messages:
> +_Description: Action to perform on infected messages:
> + Please choose the action to perform on "infected" messages:
> + .
> +  - Accept    : accept the message for delivery;
> +  - Reject    : immediately refuse delivery (with a 5xx error);
> +  - Defer     : return a temporary failure message (4xx);
> +  - Blackhole : accept the message then drop it;
> +  - Quarantine: accept the message then quarantine it. With
> +                Sendmail, the quarantine queue can be examined
> +                with "mailq -qQ". With Postfix, such mails are placed
> +                on hold.
>  
>  Template: clamav-milter/OnFail
>  Type: select
> -Choices: Accept, Reject, Defer, Blackhole, Quarantine
> +__Choices: Accept, Reject, Defer
>  Default: Defer
> -_Description: Action to be performed on error conditions:
> - This includes failure to allocate data structures, no scanners available,
> - network timeouts, unknown scanner replies and the like)
> +_Description: Action to perform on error conditions:
> + Please choose the action to perform on errors such as failure to
> + allocate data structures, no scanners available,
> + network timeouts, unknown scanner replies...:
> + .
> +  - Accept: accept the message for delivery;
> +  - Reject: immediately refuse delivery (with a 5xx error);
> +  - Defer : return a temporary failure message (4xx).
>  
>  Template: clamav-milter/RejectMsg
>  Type: string
>  _Description: Specific rejection reason for infected messages:
> - It is only useful together with "OnInfected Reject".  The string "%v", if
> - present, will be replaced with the virus name.
> + Please specify the rejection reason that will be included in reject mails.
> + .
> + This option is only useful together with "OnInfected Reject".
> + .
> + The "%v" string may be used to include the virus name.
>  
>  Template: clamav-milter/AddHeader
>  Type: boolean
>  Default: false
>  _Description: Add headers to processed messages?
> - If adding headers is enabled, "X-Virus-Scanned" and "X-Virus-Status" headers
> + If you choose this option, "X-Virus-Scanned" and "X-Virus-Status" headers
>   will be attached to each processed message, possibly replacing existing
> - headers. 
> + similar headers. 
>  
>  Template: clamav-milter/LogFile
>  Type: string
>  Default: none
> -_Description: Log to file:
> - LogFile must be writable for the user running daemon.  A full path is required.
> +_Description: Log file for clamav-milter:
> + Specify the full path to the clamav-milter log file, which must be
> + writable for the clamav daemon.
>   .
> - Logging via syslog is configured independently of this entry.
> + Logging via syslog is configured independently of this setting.
>  
>  Template: clamav-milter/LogFileUnlock
>  Type: boolean
> @@ -179,8 +212,9 @@
>  Template: clamav-milter/LogFileMaxSize
>  Type: string
>  Default: 1M
> -_Description: Maximum size of the log file (unit Mb):
> - Set to a value of '0' to disable the timeout.
> +_Description: Maximum size of the log file (MB):
> + Please specify the maximum size for the log file. Using "0" will
> + allow that file to grow indefinitely.
>  
>  Template: clamav-milter/LogTime
>  Type: boolean
> @@ -190,13 +224,16 @@
>  Template: clamav-milter/LogSyslog
>  Type: boolean
>  Default: false
> -_Description: Use system logger (can work together with LogFile)?
> +_Description: Use system logger?
> + Please choose whether you want to use the system logger (syslog). This
> + option can be used along with logging in a dedicated file.
>  
>  Template: clamav-milter/LogFacility
>  Type: string
>  Default: LOG_LOCAL6
> -_Description: Specify the type of syslog messages:
> - Please refer to 'man syslog' for facility names.
> +_Description: Type of syslog messages:
> + Please choose the type of syslog messages as detailed in the system
> + logger's documentation.
>  
>  Template: clamav-milter/LogVerbose
>  Type: boolean
> @@ -205,15 +242,21 @@
>  
>  Template: clamav-milter/LogInfected
>  Type: select
> -Choices: Off, Basic, Full
> +__Choices: Off, Basic, Full
>  Default: Off
> -_Description: What should be logged when a message is infected:
> - Possible values are Off (the default - nothing is logged), Basic (minimal info
> - logged), Full (verbose info logged)
> +_Description: Information to log on infected messages:
> + Please choose the level of information that will be logged when infected
> + messages are found:
> +  - Off  : no logging;
> +  - Basic: minimal information;
> +  - Full : verbose information.
>  
>  Template: clamav-milter/MaxFileSize
>  Type: string
>  Default: 25M
> -_Description: Messages larger than this value won't be scanned (unit Mb):
> - Make sure this value is lower than StreamMaxLength in clamd.conf
> -
> +_Description: Size limit for scanned messages (MB):
> + Please specify the maximum size for scanned messages. Messages bigger than
> + this limit will not be scanned.
> + .
> + You should check that this value is lower than the value of "StreamMaxLength"
> + in the clamd.conf file.
> --- clamav.old/debian/control	2009-03-26 19:12:49.816449140 +0100
> +++ clamav/debian/control	1970-01-01 01:00:00.000000000 +0100
> @@ -1,90 +0,0 @@
> -Source: clamav
> -Section: misc
> -Priority: optional
> -Maintainer: Bernd Zeimetz <bzed at debian.org>
> -Build-Depends: debhelper (>= 5.0.61), po-debconf, dpkg-dev (>= 1.14.8),
> - quilt, autotools-dev, 
> - python-all-dev, python-support (>= 0.4),
> - xsltproc, docbook-xsl, docbook-xml,
> - libxt-dev, lesstif2-dev, libxaw7-dev, libncurses-dev,
> - libdbus-1-dev, libglib2.0-dev, libdbus-glib-1-dev, makedev
> -Standards-Version: 3.8.0
> -Homepage: http://gpsd.berlios.de/
> -XS-Python-Version: all
> -
> -Package: clamav
> -Architecture: any
> -Depends: python, netbase, lsb-base (>= 3.0-6), ${shlibs:Depends}, ${misc:Depends}
> -Recommends: gpsd-clients
> -Suggests: udev
> -Description: GPS (Global Positioning System) daemon
> - gpsd is a service daemon that monitors one or more GPSes attached to a host
> - computer through serial or USB ports, making all data on the location/course/
> - velocity of the sensors available to be queried on TCP port 2947 of the host
> - computer.
> - .
> - With gpsd, multiple GPS client applications can share access to GPSes without
> - contention or loss of data. Also, gpsd responds to queries with a format that
> - is substantially easier to parse than the NMEA 0183 emitted by most GPSes.
> -
> -Package: gpsd-clients
> -Architecture: any
> -Depends: ${shlibs:Depends}, ${misc:Depends}
> -Suggests: python-gps, gpsd
> -Description: Clients for the GPS daemon
> - gpsd is a service daemon that monitors one or more GPSes attached to a host
> - computer through serial or USB ports, making all data on the location/course/
> - velocity of the sensors available to be queried on TCP port 2947 of the host
> - computer.
> - .
> - This package contains auxiliary tools and example clients for monitoring and
> - testing gpsd.
> -
> -Package: python-gps
> -Architecture: any
> -Section: python
> -Replaces: gpsd-clients (<< 2.34.dfsg-1)
> -Depends: ${shlibs:Depends}, ${misc:Depends}, ${python:Depends}
> -Recommends: gpsd
> -Provides: ${python:Provides}
> -Description: Python interface to gpsd and testing environment
> - gpsd is a service daemon that monitors one or more GPSes attached to a host
> - computer through serial or USB ports, making all data on the location/course/
> - velocity of the sensors available to be queried on TCP port 2947 of the host
> - computer.
> - .
> - This package contains a Python interface to conntect to gpsd, together with
> - a module providing a controlled testing environment. It also ships two tools
> - which utilize the interface: gpsprof for latency-profiling and gpsfake to
> - simulate a GPS by playing back a logfile.
> -
> -Package: libgps17
> -Architecture: any
> -Section: libs
> -Depends: ${shlibs:Depends}, ${misc:Depends}
> -Description: C library for communicating with GPS devices
> - libgps is a service library for querying GPS devices. There are two
> - interfaces supported by it:
> -   * A high-level interface that goes through gpsd, a service daemon that
> -     monitors one or more GPS devices. It is intended for concurrent use by
> -     several applications.
> -   * A low-level interface that speaks directly with the serial or USB
> -     device to which the GPS is attached.
> -
> -Package: libgps-dev
> -Architecture: any
> -Section: libdevel
> -Depends: libgps17 (= ${binary:Version}), ${misc:Depends}
> -Conflicts: gpsd (<< 2.34.dfsg-1)
> -Description: C library for communicating with GPS devices (development files)
> - libgps is a service library for querying GPS devices. There are two
> - interfaces supported by it:
> -   * A high-level interface that goes through gpsd, a service daemon that
> -     monitors one or more GPS devices. It is intended for concurrent use by
> -     several applications.
> -   * A low-level interface that speaks directly with the serial or USB
> -     device to which the GPS is attached.
> - .
> - This package contains the header and development files needed to build
> - programs and packages using libgps.
> -

There's something wrong with the patch - why does it include a dropped (and
strange) control file?

Best,
Michael

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 194 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-clamav-devel/attachments/20090411/e739fb8f/attachment.pgp>


More information about the Pkg-clamav-devel mailing list