[Pkg-clamav-devel] Processing of clamav_0.98.4+dfsg-1_i386.changes

Thu Jul 3 20:13:20 UTC 2014

On July 3, 2014 3:26:49 PM EDT, Andreas Cadhalpun <andreas.cadhalpun at googlemail.com> wrote:
>Hi,
>
>On 03.07.2014 19:10, Sebastian Andrzej Siewior wrote:
>> On 2014-07-03 17:37:58 [+0200], Andreas Cadhalpun wrote:
>>>>>> Maybe they can manage to sign their tags.
>>>>>
>>>>> That would be good, although I don't know if uscan can verify
>signed tags.
>>>>> Or would there be detached signatures on the download page?
>>>>
>>>> Argh, right. No, it would be part of the tag. So it wouldn't be of
>any
>>>> use for use then :P
>>>
>>> Except if uscan can be thought to verify signed tags...
>>
>> Those tags are a little different. This tag signes the commit and not
>> something that we download. I don't see how uscan could verify those
>> apart from a git tree.
>
>Yes, this probably won't work. :(
>
>>> I see you backported a patch to expose cl_initialize_crypto in
>clamav.h.
>>> Have you already tested/patched the reverse dependencies?
>
>Looking closer, I think now that cl_initialize_crypto and 
>cl_cleanup_crypto are in clamav.h, they should be moved from 
>CLAMAV_PRIVATE to CLAMAV_PUBLIC in libclamav/libclamav.map.

Should discuss with upstream. 

>> - havp: #753530
>>    doesn't look very well maintained. For that reason we might want
>to
>>    bump the so number of the version to make sure the "old" version
>works
>>    even if nobody updates the packages.
>>    Besides that, it is only on unstable so we don't have to worry
>about
>>    stable :)
>
>Not very well maintained means in this case completely unmaintained 
>since three years. Given that it has now 5 RC bugs, it's probably best 
>to remove it from the archive.

Upstream havp offered to do a new release to fix this issue, so depending on how hard the RC bugs are to fix, it might be worth an NMU.

>> - dansguardian: #753533
>>    I opened that bug against stable. Which remainds, shouldn't
>oldstable
>>    be gone by now?
>
>It has the same version in stable and unstable, so the stable update is
>
>just the same as the update in unstable.

Oldstable has LTS support by a dedicated team. We can ignore it.

>> - c-icap-modules: started yesterday, should be finished by tonight :)
>
>OK.
>
>> - python-pyclamav: haven't look at it yet.
>
>I just looked into this one and the attached patch should be enough,
>but 
>I'm not sure how to test that.
>
>Scott, since you are the only uploader of python-pyclamav, can you 
>verify that this patch is good?

I can try it.

>By the way, python-pyclamav seems to be dead upstream since 2008 and 
>superseeded by python-pyclamd, which seems to be unmaintained in Debian
>
>since 2011, while the last upstream version is from 2014-06-23.
>
>You might want to consider to take over python-pyclamd and remove 
>python-clamav from unstable.

Python-pyclamd doesn't fully replace python-clamav.  It requires little enough maintenance that I think it's worth keeping. 

I'll look into the patch and pyclamd.

Thanks,

Scott K