On Mon, 31 Dec 2007 11:30:37 -0700, Kevin Fenzi wrote:
On Sat, 29 Dec 2007 22:40:22 +0100
bugs.michael(a)gmx.net (Michael Schwendt) wrote:
> On Sat, 29 Dec 2007 14:06:13 -0700, Kevin Fenzi wrote:
>
> > - freshclam should work when the package is installed. Currently it
> > requires you to comment a line in a script for no reason I can
> > tell.
>
> Cannot find this in bugzilla. The /etc/sysconfig script disables the
> automatic update on purpose (to prevent unauthorized network access)
> and warns the user about that default. What is wrong with that?
Where is there a requirement that network access should require
configuration changes?
It's not mandatory, but it's nice to the user.
Should we modify any other network accessing
services to require a config change before using the network?
Installation of a package should not enable a network-using service
automatically. Accessing the network to download data may be seen as a
lesser problem than binding a service to a public port. But both are issues
where the user/admin ought to opt-in rather than opt-out.
What good would clamav be on a machine thats not on a network and
what
good is it with no up 2 date virus definitions?
This question is biased. The update feature is not missing, it can be
enabled for automated downloads if the software is told to do that.
> > - The package could not remove the clamav user on removal.
This I guess is part of the fedora-usermanagement setup.
uid/gid removal IMO is a "must not" unless all files with that uid/gid are
removed as well.
> > I'm sure I could look around for more issues.
> >
> > > Why can't a volunteer create and maintain a clamav configuration
> > > add-on package, which offers a single system-wide clamav daemon if
> > > that is requested by the clamav user base in Fedora/EPEL?
> >
> > I suppose someone could... thats not my issue however. My issues
> > are in the clamav package itself, not just not having a system wide
> > clamd.
>
> The list is interesting, but it adds more than what I thought has
> been the primary (only?) issue with the Fedora clamav packages.
Really? So the only real issue you see is that there is no system wide
clamd setup?
Yes, based on older [similar threads] that was my impression. The typical
clamav-in-fedora critic complains that starting clamd takes more than
installing the package and running a service script. It is certainly not
the first time somebody tried to run the wrapper-script without even
skimming over the readme file.