Discussion:
[users] Clamav
Pete Geenhuizen
2013-07-01 11:58:11 UTC
Permalink
Clamav 0.97.8 was released in April does anyone know when it will be
available for download?

Pete
--
Unencumbered by the thought process.
-- Click and Clack the Tappet brothers
Dr Andrew C Aitchison
2013-07-02 06:34:36 UTC
Permalink
Post by Pete Geenhuizen
Clamav 0.97.8 was released in April does anyone know when it will be
available for download?
I don't.

There have been a couple of requests on this list and I've asked the
maintainer privately. No response to any of them.

I'm about to move my department from SL5 to SL6; if I don't
hear this week I'll take the opportunity to switch clamav
from rpmforge to epel. The configs are different - the socket is in
a different directory IIRC and I'll have to tweak my mailserver config.

I used to find rpmforge gave me warm glow and epel didn't,
but the total silence on this matter means that I no longer have
instinctively want to use repoforge install of epel.
--
Dr. Andrew C. Aitchison Computer Officer, DPMMS, Cambridge
A.C.Aitchison at dpmms.cam.ac.uk http://www.dpmms.cam.ac.uk/~werdna
Pete Geenhuizen
2013-07-02 11:48:28 UTC
Permalink
I too have a bit of an affinity for rpmforge over epel, but what can you
say?

After I found out that epel had clamav I installed it, and yes it's a
bit of a hassle having to make the tweaks for the file location changes,
but all in all it wasn't too bad.
Post by Dr Andrew C Aitchison
I don't.
There have been a couple of requests on this list and I've asked the
maintainer privately. No response to any of them.
I'm about to move my department from SL5 to SL6; if I don't
hear this week I'll take the opportunity to switch clamav
from rpmforge to epel. The configs are different - the socket is in
a different directory IIRC and I'll have to tweak my mailserver config.
I used to find rpmforge gave me warm glow and epel didn't,
but the total silence on this matter means that I no longer have
instinctively want to use repoforge install of epel.
--
Unencumbered by the thought process.
-- Click and Clack the Tappet brothers
David Hrbáč
2013-07-02 07:06:25 UTC
Permalink
Post by Pete Geenhuizen
Clamav 0.97.8 was released in April does anyone know when it will be
available for download?
Pete
Pete,

Yes we are now having the troubles with the builds. I personally am
trying to get Repoforge out of this situation. It's not so easy since
this process is handled only by Dag, but we are trying to resolve this
issue.

Regards,
David Hrb??
Pete Geenhuizen
2013-07-02 11:50:51 UTC
Permalink
Is this the only rpm with problems? Over the years I've come to rely on
Rpmforge as a good reliable source for programs.

I sure hope that you manage to resolve this and any other issues.

Pete
Post by David Hrbáč
Pete,
Yes we are now having the troubles with the builds. I personally am
trying to get Repoforge out of this situation. It's not so easy since
this process is handled only by Dag, but we are trying to resolve this
issue.
Regards,
David Hrb??
_______________________________________________
users mailing list
users at lists.repoforge.org
http://lists.repoforge.org/mailman/listinfo/users
--
Unencumbered by the thought process.
-- Click and Clack the Tappet brothers
Always Learning
2013-07-02 12:11:19 UTC
Permalink
Post by David Hrbáč
Yes we are now having the troubles with the builds. I personally am
trying to get Repoforge out of this situation. It's not so easy since
this process is handled only by Dag, but we are trying to resolve this
issue.
May we ask what are the problems ?

Thank you.
--
Paul.
England,
EU.

Our systems are exclusively Linux. No Micro$oft Windoze here.
John R. Dennison
2013-07-02 12:52:31 UTC
Permalink
Post by Always Learning
May we ask what are the problems ?
Same old story, just a different day. Single points of failure are a
fail. This is absolutely nothing new and frankly I and quite a few
others don't see any it changing anytime soon.

If you want updates, use EPEL or maintain packages yourself. The trust
that people used to have in rpmforge was justified. The trust that
people still have in rpmforge is not.

This is not a slam on David or any other contributor, either: the issues are
outside their control. The clamav issue that brought this thread to the
list is months old; the overall problem goes back further.

And it's a real shame.





John
--
American youth attributes much more importance to arriving at driver's
license age than at voting age.

-- Marshall McLuhan (1911-1980), Canadian philosopher of communication theory,
Understanding Media (1964)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.repoforge.org/pipermail/users/attachments/20130702/637bcf76/attachment.sig>
Pete Geenhuizen
2013-07-02 13:38:38 UTC
Permalink
Post by John R. Dennison
Same old story, just a different day. Single points of failure are a
fail. This is absolutely nothing new and frankly I and quite a few
others don't see any it changing anytime soon.
If you want updates, use EPEL or maintain packages yourself. The trust
that people used to have in rpmforge was justified. The trust that
people still have in rpmforge is not.
This is not a slam on David or any other contributor, either: the issues are
outside their control. The clamav issue that brought this thread to the
list is months old; the overall problem goes back further.
And it's a real shame.
John
_______________________________________________
users mailing list
users at lists.repoforge.org
http://lists.repoforge.org/mailman/listinfo/users
These problems are new to me, I just recently subscribed to this list to
try to get an answer as to why there was no update to clamav.

It sure is disheartening to see the direction that this repo is headed,
it has been one of the better ones. Sigh.

Pete
--
Unencumbered by the thought process.
-- Click and Clack the Tappet brothers

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.repoforge.org/pipermail/users/attachments/20130702/3afe440d/attachment-0001.html>
David Hrbáč
2013-07-02 14:56:54 UTC
Permalink
May we ask what are the problems ? Thank you.
As I have written: this process is handled __only__ by Dag. This is the
last thing which relies only on Dag. Everything else is now maintained
by at least 2 people.

DH
John R. Dennison
2013-07-02 15:57:36 UTC
Permalink
Post by David Hrbáč
As I have written: this process is handled __only__ by Dag. This is the
last thing which relies only on Dag. Everything else is now maintained
by at least 2 people.
And, unfortunately, it's the single most critical part of the work flow
and the big show-stopper.

I do hope you can get this worked out, but as this has been going on for
some time I can't say I am overly optimistic.





John
--
UNIX Russian Roulette: sudo [ $[ $RANDOM % 6 ] == 0 ] && rm -rf / || echo "You live"

-- Fabian Arrotin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.repoforge.org/pipermail/users/attachments/20130702/dba65937/attachment.sig>
David Hrbáč
2013-07-03 07:40:44 UTC
Permalink
Post by Pete Geenhuizen
Clamav 0.97.8 was released in April does anyone know when it will be
available for download?
Pete
Hi,

As a temporary solution I have published Repoforge Clamav build into my
personal repository.

http://fs11.vsb.cz/hrb33/el6/hrb/testing/x86_64/repoview/letter_c.group.html
http://fs11.vsb.cz/hrb33/el6/hrb/testing/i386/repoview/letter_c.group.html
http://fs11.vsb.cz/hrb33/el5/hrb/testing/x86_64/repoview/letter_c.group.html
http://fs11.vsb.cz/hrb33/el5/hrb/testing/i386/repoview/letter_c.group.html
http://fs11.vsb.cz/hrb33/el4/hrb/testing/x86_64/repoview/letter_c.group.html
http://fs11.vsb.cz/hrb33/el4/hrb/testing/i386/repoview/letter_c.group.html

Sorry for the troubles,
David Hrb??
John R. Dennison
2013-07-03 08:33:12 UTC
Permalink
Post by David Hrbáč
Sorry for the troubles,
Thank you for this, David. And no need to apologize; the fault is not
yours.

I must admit... I find the fact that Dag can take the time to post to
his google+ feed and yet not respond to concerns made by users of his
repo on _his own mailing list_ quite troublesome.

Perhaps it's just time to turn the whole thing over to someone or some
group of people that have the time and ability to return rpmforge to
what it once was - a community vetted and trusted resource.




John
--
We can only be said to be alive in those moments when our hearts are conscious
of our treasures.

-- Thornton Wilder (17 April 1897 - 7 December 1975) American playwright
and novelist
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.repoforge.org/pipermail/users/attachments/20130703/6e252b15/attachment.sig>
David Hrbáč
2013-07-03 10:40:52 UTC
Permalink
Post by John R. Dennison
I must admit... I find the fact that Dag can take the time to post to
his google+ feed and yet not respond to concerns made by users of his
repo on _his own mailing list_ quite troublesome.
Well, Dag has been in a charge for very long time. I dare to blame him
to post to Google+ and not building the stuff. You know, doing something
for very long time may lead into unpleasant duty, ball on the leg.

And of course, there's still a question about the Repoforge. Do we
really want it? Isn't a time for Epel to replace Repoforge? I still want
to keep Repoforge alive bud have no replies from Dag.
Post by John R. Dennison
Perhaps it's just time to turn the whole thing over to someone or some
group of people that have the time and ability to return rpmforge to
what it once was - a community vetted and trusted resource.
Yes, this is something we (Yury, Dennis, me, etc.) hope for.
DH
Mark D. Nagel
2013-07-03 14:13:55 UTC
Permalink
Post by David Hrbáč
Well, Dag has been in a charge for very long time. I dare to blame him
to post to Google+ and not building the stuff. You know, doing
something for very long time may lead into unpleasant duty, ball on
the leg. And of course, there's still a question about the Repoforge.
Do we really want it? Isn't a time for Epel to replace Repoforge? I
still want to keep Repoforge alive bud have no replies from Dag.
Isn't the main differentiator the fact that repoforge has both packages
that extend and packages that replace? EPEL only has the former IIRC.
But I agree -- if this is going to be commanded by only one person, and
that person is burned out, then it may be time to find an alternative.
Perhaps it can be saved if Dag is willing to delegate authority to a
trusted group, though. Regardless, he has been a tireless volunteer for
years and deserves respect for that.

Regards,
Mark
--
Mark D. Nagel, CCIE #3177 <mnagel at willingminds.com>
Principal Consultant, Willing Minds LLC (http://www.willingminds.com)
cell: 949-279-5817, desk: 714-495-4001, fax: 714-646-8277

** For faster support response time, please
** email support at willingminds.com or call 714-495-4000
Yury V. Zaytsev
2013-07-03 15:59:46 UTC
Permalink
Post by Mark D. Nagel
Isn't the main differentiator the fact that repoforge has both
packages
that extend and packages that replace? EPEL only has the former IIRC.
Kind of...

The policy with respect to replacing base packages used to be pretty lax
in the past, but more recently the package base was split in several
repositories, where the basic repoforge repository isn't supposed to
replace base packages anymore (if it does, it's considered a bug).

The packages that replace base system packages were then all moved to an
optional extras repository, which is disabled by default.

At the moment, the main differentiators are (1) number and selection of
packages, (2) support for non EOL-ed ELs, (3) different policies w.r.t.
package configuration, (4) less bureaucratic procedure for including new
packages (which has a number of both up- and down- sides to it).

Therefore, I don't see EPEL as being a replacement for RepoForge,
because the goals of the projects and the implementation strategies for
these goals are quite different, or, rather, I would view RepoForge as a
complement (or an alternative) to EPEL, but given the current state of
affairs, it's prudent to consider EPEL to be a more reliable package
source than RepoForge for the package base that it covers.
Post by Mark D. Nagel
Perhaps it can be saved if Dag is willing to delegate authority to a
trusted group, though.
We are discussing just that at the moment and the stumbling block seems
to be adding new signing keys.

Historically, Dag used to be the only person who was able to sign the
packages, and people had well-deserved trust in him. It's not very clear
on how to proceed with adding new packagers in a way that doesn't
silently delegate this trust to the new people, which, of course, is
completely unacceptable for many reasons.

I'm arguing that a public announcement on the mailing list and an
explicit installation of a new *-release package would be enough of a
warning and makes it a conscious choice of the user as to whether to
continue to trust only Dag or also accept packages signed by others.

I guess we should bring this up in a separate thread on the mailing list
to see what the actual users do think about that.
--
Sincerely yours,
Yury V. Zaytsev
Yury V. Zaytsev
2013-07-03 13:29:23 UTC
Permalink
Post by John R. Dennison
I must admit... I find the fact that Dag can take the time to post to
his google+ feed and yet not respond to concerns made by users of his
repo on _his own mailing list_ quite troublesome.
Don't be too hard on him... that's just life as it is.

Priorities do change as time goes by, tiredness accumulates and often I
find myself doing something else with some spare 15-20 minutes of my
time rather than contributing to the projects that I once was very
actively involved in, and still care about to a certain extent.

I, for once, can't blame him for posting to G+ instead of going through
the mailing lists, maybe you are way more perfect than we are...
Post by John R. Dennison
Perhaps it's just time to turn the whole thing over to someone or some
group of people that have the time and ability to return rpmforge to
what it once was - a community vetted and trusted resource.
We are working on that, and the main problem is not that Dag is being
uncooperative (he is cooperative!), but rather the trivial lack of
manpower. Take me as an example, these days, I'm talking much more than
actually doing something useful...

Don't fret too much over it; either Repoforge will survive, or it will
die, and in neither case the world will come to an end.
--
Sincerely yours,
Yury V. Zaytsev
John R. Dennison
2013-07-03 15:13:36 UTC
Permalink
Post by Yury V. Zaytsev
Don't be too hard on him... that's just life as it is.
I am hardly being "hard" on him. But my last statement still stands: if
he isn't able to do what needs to be done then the keys (literally)
should be turned over to someone that can. It's hardly fair to users of
his repo for updates to just stop showing up because there is a single
point of failure, Yury.
Post by Yury V. Zaytsev
I, for once, can't blame him for posting to G+ instead of going through
the mailing lists, maybe you are way more perfect than we are...
That may be. But if he has time to post reponses to one of the SL lists
he has time to address the concerns in this, his own, list. Either he
cares enough to do so or he doesn't; the fact that he is active
elsewhere does sorta point to the latter, unfortunately.
Post by Yury V. Zaytsev
We are working on that, and the main problem is not that Dag is being
uncooperative (he is cooperative!), but rather the trivial lack of
manpower. Take me as an example, these days, I'm talking much more than
actually doing something useful...
Heh. People have been "working on that" for quite some time. Perhaps
that should be a sign :)
Post by Yury V. Zaytsev
Don't fret too much over it; either Repoforge will survive, or it will
die, and in neither case the world will come to an end.
I must admit that frankly I am hardly concerned if it drops off the face
of the planet or returns to its prior level of support - I am capable of
maintaining my own packages for that which is not available elsewhere.
I still pull repo content catalogs from rpmforge just to keep my indexes
up to date but I've since moved a lot of boxes, both my own and those of
my clients, off of rpmforge. This being said, I'll reiterate again that
I do very much hope that the situation can be corrected.





John
--
The easiest way for your children to learn about money is for you not to
have any.

-- Katharine Whitehorn (1928-), British journalist, writer, and columnist
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.repoforge.org/pipermail/users/attachments/20130703/08267faf/attachment.sig>
Rob Kampen
2013-07-03 09:09:33 UTC
Permalink
Post by David Hrbáč
Post by Pete Geenhuizen
Clamav 0.97.8 was released in April does anyone know when it will be
available for download?
Pete
Hi,
As a temporary solution I have published Repoforge Clamav build into my
personal repository.
http://fs11.vsb.cz/hrb33/el6/hrb/testing/x86_64/repoview/letter_c.group.html
http://fs11.vsb.cz/hrb33/el6/hrb/testing/i386/repoview/letter_c.group.html
http://fs11.vsb.cz/hrb33/el5/hrb/testing/x86_64/repoview/letter_c.group.html
http://fs11.vsb.cz/hrb33/el5/hrb/testing/i386/repoview/letter_c.group.html
http://fs11.vsb.cz/hrb33/el4/hrb/testing/x86_64/repoview/letter_c.group.html
http://fs11.vsb.cz/hrb33/el4/hrb/testing/i386/repoview/letter_c.group.html
Sorry for the troubles,
David Hrb??
Hi David,
these appear to be signed - what key file do we use?
Thanks for your efforts
Rob
Post by David Hrbáč
_______________________________________________
users mailing list
users at lists.repoforge.org
http://lists.repoforge.org/mailman/listinfo/users
-------------- next part --------------
A non-text attachment was scrubbed...
Name: rkampen.vcf
Type: text/x-vcard
Size: 297 bytes
Desc: not available
URL: <http://lists.repoforge.org/pipermail/users/attachments/20130703/4f62c081/attachment.vcf>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4480 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.repoforge.org/pipermail/users/attachments/20130703/4f62c081/attachment.p7s>
David Hrbáč
2013-07-03 10:42:19 UTC
Permalink
Post by Rob Kampen
Hi David,
these appear to be signed - what key file do we use?
Thanks for your efforts
Have no access to RF key, so it's signed with my key.
http://fs11.vsb.cz/hrb33/RPM-GPG-KEY-hrb.txt
DH
Nicolas Thierry-Mieg
2013-07-03 11:45:42 UTC
Permalink
Post by Rob Kampen
Post by David Hrbáč
Post by Pete Geenhuizen
Clamav 0.97.8 was released in April does anyone know when it will be
available for download?
Pete
Hi,
As a temporary solution I have published Repoforge Clamav build into my
personal repository.
http://fs11.vsb.cz/hrb33/el6/hrb/testing/x86_64/repoview/letter_c.group.html
http://fs11.vsb.cz/hrb33/el6/hrb/testing/i386/repoview/letter_c.group.html
http://fs11.vsb.cz/hrb33/el5/hrb/testing/x86_64/repoview/letter_c.group.html
http://fs11.vsb.cz/hrb33/el5/hrb/testing/i386/repoview/letter_c.group.html
http://fs11.vsb.cz/hrb33/el4/hrb/testing/x86_64/repoview/letter_c.group.html
http://fs11.vsb.cz/hrb33/el4/hrb/testing/i386/repoview/letter_c.group.html
Sorry for the troubles,
David Hrb??
Hi David,
these appear to be signed - what key file do we use?
Thanks for your efforts
Rob
how about this:
http://fs11.vsb.cz/hrb33/RPM-GPG-KEY-hrb.txt
Loading...