[Pkg-clamav-devel] Bug#826406: Bug#826406: Too abrupt removal of AllowSupplementaryGroups option in stable

Hans van Kranenburg hans.van.kranenburg at mendix.com
Sun Jun 5 20:55:58 UTC 2016 

Hi Sebastian,

On 06/05/2016 08:09 PM, Sebastian Andrzej Siewior wrote:
> On 2016-06-05 13:27:08 [+0200], Hans van Kranenburg wrote:
>
>> The version in the main Debian Stable archive (so not in the additional
>> jessie-updates) has the option AllowSupplementaryGroups removed (see
>> #822444), which prevents the program from starting when this option is
>> present in the configuration file:
>>
>> clamd[27916]: ERROR: Parse error at line 12: Unknown option
>> AllowSupplementaryGroups
>> clamd[27916]: ERROR: Can't open/parse the config file /etc/clamav/clamd.conf
>>
>> I had to set this option to be able to use clamav with postfix on my
>> incoming mail servers, and I should not expect them to stop processing mail
>> because of stable updates.
>>
>> Updates of packages in Debian Stable must never break existing installations
>> by changing APIs (configuration file considered being some kind of API).
>
> I wasn't aware that this might break existing installations. I had always the
> debconf popping up and the the diff was simple so…
>
>> At least make the option deprecated and ignore it with a warning if set, and
>> only make it disappear when upgrading to Stretch.
>
> So you want me to do another stable update and ignore this option if
> set/unset. Sounds reasonable give the circumstances. Did you have
> unattended-upgrades running?

Yes, it was upgraded by unattended, so my day started with figuring out 
what happened, after a report from a user expecting some mail, and 
nagios yelling about the deferred mail queue size in a few locations.

I'd recommend to do a regression update, since you don't know where this 
configuration exists and since it's possible to get those mail servers, 
or whatever it is going again with another update if the user didn't 
find out yet it was broken.

I don't think the change of forcing/defaulting the option to True would 
lead to any problem in stable, as the whole option was a bit stupid to 
begin with imho. It took me a few hours and a few w*f moments while 
upgrading from Wheezy a while ago to debug and find out about it. :o)

Going back to the old behaviour is also not an option, because it will 
make users angry who found out, or read this report today, threw out the 
option to fix it and then have their clamav broken another time. :D

Thanks,

-- 
Hans van Kranenburg - System / Network Engineer
T +31 (0)10 2760434 | hans.van.kranenburg at mendix.com | www.mendix.com

More information about the Pkg-clamav-devel mailing list