date:20130530

On Wed, 29 May 2013 23:12:39 +0300, Andrei POPESCU
andreimpope...@gmail.com wrote:
On Mi, 29 mai 13, 21:52:04, Marc Haber wrote:
 Yes. And many systems have intermittent connectivity, which rules out
 non-queueing mini-MTAs. Exim does the Job pretty well, and people who
 know what an MTA is will probably install their own anyway, so there
 is no need to change.

Exim is a listening daemon, even if it listens only on localhost in the 
default configuration.

It comes listening on localhost in default configuration. It can be
trivially configured not to listen at all, or to listen on all
interfaces.

Greetings
Marc
-- 
-- !! No courtesy copies, please !! -
Marc Haber |Questions are the | Mailadresse im Header
Mannheim, Germany  | Beginning of Wisdom  | http://www.zugschlus.de/
Nordisch by Nature | Lt. Worf, TNG Rightful Heir | Fon: *49 621 72739834


--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/e1ui00y-0008jk...@swivel.zugschlus.de

Re: default MTA

On Thu, 30 May 2013 10:18:07 +0300, Andrei POPESCU
andreimpope...@gmail.com wrote:
Maybe it makes sense to have virtual packages like mta-daemon, 
mta-forwarder, etc.? (regardless of which, if any, is installed by 
default)

Show code, or at least an explanation about how you intend to do that.
How will, for example, the virtual package provided by exim change
depending on the setting for the QUEUERUNNER config option?

Greetings
Marc
-- 
-- !! No courtesy copies, please !! -
Marc Haber |Questions are the | Mailadresse im Header
Mannheim, Germany  | Beginning of Wisdom  | http://www.zugschlus.de/
Nordisch by Nature | Lt. Worf, TNG Rightful Heir | Fon: *49 621 72739834


--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/e1ui02t-0008jy...@swivel.zugschlus.de

Re: default MTA

2013-05-30 Thread Stefano Zacchiroli

On Thu, May 30, 2013 at 12:16:38PM +0200, Carlos Alberto Lopez Perez wrote:
 On 29/05/13 08:18, Chris Knadle wrote:
- Exim is more popular
  
  http://www.securityspace.com/s_survey/data/man.201201/mxsurvey.html
 This is actually quite interesting.
 
 Given that Postfix is the default MTA on RHEL/CentOS, SLES (SUSE) and
 Ubuntu; meanwhile Exim is only the default on Debian (AFAIK).
 
 I wonder if this means that Debian is used in more mail servers than the
 rest of the distributions together.

Indeed it is interesting. Whereas Debian has a majority of GNU/Linux
installation for _web_ servers according to:

  http://w3techs.com/technologies/details/os-linux/all/all

it's a _relative_ majority, smaller than the sum of the other distros
you've cited.

Here's an experimental way to test the assumption of Debian leadership
on the mail server market: let's switch our default to Postfix and see
if the figures change :-) /SCNR
-- 
Stefano Zacchiroli  . . . . . . .  z...@upsilon.cc . . . . o . . . o . o
Maître de conférences . . . . . http://upsilon.cc/zack . . . o . . . o o
Former Debian Project Leader  . . @zack on identi.ca . . o o o . . . o .
« the first rule of tautology club is the first rule of tautology club »


signature.asc
Description: Digital signature

Re: default MTA

On Thu, 30 May 2013 04:04:14 +0800, Thomas Goirand z...@debian.org
wrote:
On 05/29/2013 11:32 PM, Javier Fernandez-Sanguino wrote:
 On 29 May 2013 17:11, Josselin Mouette j...@debian.org wrote:
  Le mercredi 29 mai 2013 à 16:31 +0200, Javier Fernandez-Sanguino a
  écrit :
  He will see a notification on his desktop. Clear, understandable and
  translated in his configured language:
  https://git.gnome.org/browse/gnome-disk-utility/tree/src/notify/gdusdmonitor.c
  (The code is different but already here in squeeze and wheezy.)
 I'm happy to see this use case is covered in GNOME.

Me as well.

Though not everyone uses GNOME (someone pointed out earlier in this list
that we have more than 40 window managers in Debian!), and it is
desirable, IMO, to also handle their use case.

I think that people who are able to replace the default desktop with
the desktop of their choice should be trusted to read their local mail
as well. We may document this, but I don't think that we should spend
personpower to provide a technical solution to that. There are things
more important than that.

We should make local mail or other messages trivially and
automatically visible for people who have installed Debian in NNF[1]
compliant way, but if one has gone to length to use something
non-default, I think we can safely trust those people with taking
other measures as well.

Greetings
Marc

[1] Next, next, finish
-- 
-- !! No courtesy copies, please !! -
Marc Haber |Questions are the | Mailadresse im Header
Mannheim, Germany  | Beginning of Wisdom  | http://www.zugschlus.de/
Nordisch by Nature | Lt. Worf, TNG Rightful Heir | Fon: *49 621 72739834


--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/e1ui04x-0008k9...@swivel.zugschlus.de

Re: default MTA

On Thursday, May 30, 2013 12:16:38 PM Carlos Alberto Lopez Perez wrote:
 On 29/05/13 08:18, Chris Knadle wrote:
- Exim is more popular

  http://www.securityspace.com/s_survey/data/man.201201/mxsurvey.html
 
 This is actually quite interesting.
 
 Given that Postfix is the default MTA on RHEL/CentOS, SLES (SUSE) and
 Ubuntu; meanwhile Exim is only the default on Debian (AFAIK).
 
 I wonder if this means that Debian is used in more mail servers than the
 rest of the distributions together.

Since ~80% of the Exim installations are for an ancient version that AFAIK 
tell from a few moments of checking was never the version in a Debian release, 
I don't think that's it.

Scott K

signature.asc
Description: This is a digitally signed message part.

Re: systemd .service file conversion

2013-05-30 Thread Sune Vuorela

On 2013-05-30, Riku Voipio riku.voi...@iki.fi wrote:
 By switching early we can affect how a piece of software will evolve.
 Is there something you would like to change in systemd? Now it still
 probably possible - 2 years from now it has shipped in RHEL, and books
 will have been written about it - and changing it will be much harder.

 So our inability choose early means that we cannot influence the
 community as large - or even our own distribution in long term. While
 we are busy maintaining multiple indirection layers to support user
 choice, the early switching distributions are crafting the software
 that will eventually become the choice.

Wise words.

/Sune


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/slrnkqe9ja.j8.nos...@sshway.ssh.pusling.com

Re: default MTA

2013-05-30 Thread Bjørn Mork

Ben Hutchings b...@decadent.org.uk writes:
 On Wed, May 29, 2013 at 09:06:59PM +0200, Adam Borowski wrote:
 On Wed, May 29, 2013 at 05:11:35PM +0200, Josselin Mouette wrote:
  Le mercredi 29 mai 2013 à 16:31 +0200, Javier Fernandez-Sanguino a
  écrit : 
   Take for example, smartmoontools [1]. Currently, if an end-user
   installs smartmoontools and a hard-disk fails (i.e. smartd detects a
   problem with one HD) he will *not* see any notification: the failure
   is sent through local e-mail.
  
  He will see a notification on his desktop. Clear, understandable and
  translated in his configured language:
  https://git.gnome.org/browse/gnome-disk-utility/tree/src/notify/gdusdmonitor.c
  (The code is different but already here in squeeze and wheezy.)
 
 What you propose requires:
 * adding desktop environment specific code to every facility that may need
   to send notifications
 * adding such notifications to every other desktop environment

 Wrong, we already have org.freedesktop.Notifications in GNOME,
 KDE and Xfce.

  So those two points become:

 * adding cross-desktop code to every facility that may need to send
   notifications
 * adding a notification daemon to task-lxde

 There are libraries to help with the first point, of course.

Wouldn't a daemon watching /var/mail/root and turning any mail into
desktop notifications solve most of this, while still allowing the same
notifications to reach a sysadmin on non-desktop systems?

The issue that worries me most about these desktop notification plans is
the possibility that some package may decide to unnecessarily drop
support for non-desktop systems, adding dependencies on the desktop
notification system. I believe we already have had a few examples of
such unnecessary dependencies on services which are nice to have, like
GNOME depending on NetworkManager for example.

The Clear, understandable and translated in his configured language
point is unrelated the notification system.  That requirement should be
at least as strict for any mail to root.


Bjørn


--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/871u8opye0@nemi.mork.no

Re: default MTA

On Wed, 29 May 2013 19:45:06 -0400, Chris Knadle
chris.kna...@coredump.us wrote:
I don't like the fact that the /etc/exim4/passwd.client 
file is in a plaintext format, but there are usually several such files on 
systems such that realistically we're only really safe as long as the 
machines we run haven't been broken into.

And if you think about things, it is clear that the client needs the
plaintext password to be able to use it.

Even if certificate authentication, the most secure authentication
scheme available today, is used, you need the private key on the
client.

 That's exactly the point, and is why I would prefer not to write those
 notifications into a file that no one ever looks at.  (Which is why I
 don't find sending them to syslog much more appealing, since the average
 desktop user is never going to look there either.)

Somehow this problem reminds me of the event log used on a popular 
operating system.  Most users don't read that log either.

This is partly caused by the utter unusability of the default program
delivered to read that binary log. Even the best Jvaqbjf people I know
need to be poked to use Rirag Ivrjre. Usually, this results in a quick
solution since the Jvaqbjf Event Log isn't as bad as its reputation
past the usual access method. But people rather continue blind
trial-and-error methods before taking a look at their logs.

Btw, I fear that systemd's binary logs are going to import this method
of inefficient work in our world. I surely hope I am wrong on this
count.

Greetings
Marc

-- 
-- !! No courtesy copies, please !! -
Marc Haber |Questions are the | Mailadresse im Header
Mannheim, Germany  | Beginning of Wisdom  | http://www.zugschlus.de/
Nordisch by Nature | Lt. Worf, TNG Rightful Heir | Fon: *49 621 72739834


--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/e1ui08g-0008ps...@swivel.zugschlus.de

Re: Debian systemd survey

On Wed, 29 May 2013 13:10:57 -0700, Russ Allbery r...@debian.org
wrote:
Using an imperative language for a descriptive purpose is a bad mismatch
of tools and has been ever since the practical effect of init scripts has
become fairly standardized.

Some init scripts in Debian build dynamic configuration before the
daemon is started. It has grown to be an important part of conffile
and configuration management for software that cannot by itself read
its configuration in snippets from a foo.conf.d directory.

I am not sure how we would handle that in a descriptive approach. It
has once been suggested by people to use wrappers around the daemon
and to call that wrapper from the job description, but that strikes me
as _much_ more ugly than having an init script.

Greetings
Ma old conservative sneg rc

-- 
-- !! No courtesy copies, please !! -
Marc Haber |Questions are the | Mailadresse im Header
Mannheim, Germany  | Beginning of Wisdom  | http://www.zugschlus.de/
Nordisch by Nature | Lt. Worf, TNG Rightful Heir | Fon: *49 621 72739834


--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/e1uhzwx-0008dh...@swivel.zugschlus.de

Re: [clang] Report bugs on packages failing to build with clang

On Thursday, May 30, 2013 10:15:11 AM Sylvestre Ledru wrote:
 On 30/05/2013 01:51, Scott Kitterman wrote:
  Sylvestre Ledru sylves...@debian.org wrote:
  Hello,
  
  With the recent setup of the parallel build infrastructure using clang
  instead of gcc [1], I would like to start to report
  bugs on packages failing to build with clang (with patches if
  possible).
  The severity would be minor.
  Of course, I would do that only when the issue is upstream [2].
  
  Any comments ?
  
  It seems to me that FTBFS with clang should be wishlist.
 
 I also considered this severity but the documentation [1] says
 for any feature request, and also for any bugs that are very difficult
 to fix due to major design considerations.
 Not sure it matches.
 
 Sylvestre
 [1] http://www.debian.org/Bugs/Developer#severities

In that case, I'd say they aren't bugs at all.  It may be that a FTBFS with 
clang is a symptom of some underlying issue that should be addressed, but I 
don't think non-wishlist bugs should be filed ONLY on the basis of that FTBFS.  
All that does is impose a burden on package maintainers to determine if the 
FTBFS is a real issue or not.  I don't think that's appropriate for a MBF.

Scott K


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/2885641.NaKQpy7T89@scott-latitude-e6320

Re: systemd .service file conversion

On Wed, 29 May 2013 21:10:41 +0200, Wouter Verhelst
wou...@debian.org wrote:
At Debian, traditionally we support more than one choice (at least for a
while), until the community at large decides that option X is the best
one (and then we drop support for all the other options). The downside
of that is that it takes a lot longer for us to make a choice, but
eventually you usually get the better option.

The only reason why we seem to be unable to do so this time is that some
people claim the sky will fall if we don't make a choice NOW!!1!

I think it makes perfect sense for us to support systemd, openrc, and
upstart, at least for the time being; I doubt we'll continue supporting
all three options until the end of times, but we don't have to do that.
At any rate, we *need* to support multiple options for our non-Linux
ports, too, so this wouldn't be a lost effort.

The init system case is special because supporting another init script
system will most probably mean that all packages delivering an init
script ($ ls /etc/init.d/ | wc -l = 116 on my small notebook system)
will have to adapt. This is a major transition, and while we offer
multiple init systems as officially supported, additional work is
needed by all developers.

Greetings
Marc
-- 
-- !! No courtesy copies, please !! -
Marc Haber |Questions are the | Mailadresse im Header
Mannheim, Germany  | Beginning of Wisdom  | http://www.zugschlus.de/
Nordisch by Nature | Lt. Worf, TNG Rightful Heir | Fon: *49 621 72739834


--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/e1uhzzb-0008j5...@swivel.zugschlus.de

Re: systemd .service file conversion

On Thu, 30 May 2013 11:46:51 +0300, Riku Voipio riku.voi...@iki.fi
wrote:
By switching early we can affect how a piece of software will evolve.

This is the case with software that has a cooperative upstream.
systemd's upstream is known not to be.

Greetings
Marc
-- 
-- !! No courtesy copies, please !! -
Marc Haber |Questions are the | Mailadresse im Header
Mannheim, Germany  | Beginning of Wisdom  | http://www.zugschlus.de/
Nordisch by Nature | Lt. Worf, TNG Rightful Heir | Fon: *49 621 72739834


--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/e1ui00a-0008jd...@swivel.zugschlus.de

Re: default MTA

On Thu, 30 May 2013 11:11:06 +0200, Bernhard R. Link
brl...@debian.org wrote:
* Chris Knadle chris.kna...@coredump.us [130529 08:29]:
   - Exim configuration is more human readable than Postifx's, IMHO.
 
 Postfix configuration is concise but terse, and there are typically
 blocks of options separated by commas that doesn't easily allow
 commenting on specific config options.

Configurability is an important point. Having had to use postfix lately
I'm quite suprised anyone voluntarily uses that thing. Postfix feels
like some ad-hoc configuration gone absurd, by only making special use
cases configuable and then misusing those options for other things.
Together with this splitting in many little programs which all lack most
of the information, configuring postfix is a large puzzle and any
advanced postfix configuration (even from the official documentation)
looks like McGyver was out of duct-tape but had to build a nuclear reactor
from kitchen parts with only the transparent tape for office use.

While I don't consider postfix as bad as you describe, I tend to
describe Postfix as the menu in a better restaurant: A relatively
small number of sophisticated dishes which you can choose from, and if
you like them, you will be perfectly satisfied. If you want fries
instead of plain potatoes, you're basically hosed.

Exim, on the other hand, is the fully equipped kitchen with a full
larder and fridge, allowing you to cook exactly what you want, if
you're willing to learn cooking or already bring some cooking
knowledge. This approach might lead to something uneatable, though.

Both solutions have their advantages and disadvantages. People should
be able to choose.

For the default case of an user not knowing what an MTA is, both exim
and postfix are suitable to be the default in Debian. Exim's design is
a bit 1990ies, with a big suid root binary, while Postfix's design is
more modern regarding process structure and privilege separation.

Being biased myself, I'd say not to change a running system and to
keep exim as default. It would be nice to debconfize SMTP auth in the
exim is the client case though, as this is a quite common use case.
With my maintainer hat on, Patches are appreciated.

Greetings
Marc
-- 
-- !! No courtesy copies, please !! -
Marc Haber |Questions are the | Mailadresse im Header
Mannheim, Germany  | Beginning of Wisdom  | http://www.zugschlus.de/
Nordisch by Nature | Lt. Worf, TNG Rightful Heir | Fon: *49 621 72739834


--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/e1ui0gx-kg...@swivel.zugschlus.de

Re: Eliminating mail-transport-agent from standard

On Thu, 30 May 2013 12:06:17 +0300, Riku Voipio riku.voi...@iki.fi
wrote:
On Mon, May 27, 2013 at 08:27:36PM -0700, Josh Triplett wrote:
 In addition to determining the MTA pulled in by default for packages
 which require mail-transport-agent in order to function (the provider of
 default-mta), I'd like to propose as a release goal that we not have any
 MTA in standard anymore.  I've actually worked towards this goal for a
 while now, and made a fair bit of progress; this mail documents the
 remaining work required, most of which is simple dependency/priority
 changes and patch application.

+1

In this age of spam, installing email server should be explicit decision
by system admin rather that something that becomes automatically when 
you install Debian.

What is the danger of having a local email server on the system, in
the way we install exim in the default?

Greetings
Marc
-- 
-- !! No courtesy copies, please !! -
Marc Haber |Questions are the | Mailadresse im Header
Mannheim, Germany  | Beginning of Wisdom  | http://www.zugschlus.de/
Nordisch by Nature | Lt. Worf, TNG Rightful Heir | Fon: *49 621 72739834


--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/e1ui0h5-kt...@swivel.zugschlus.de

Re: default MTA

On Wednesday, May 29, 2013 05:11:35 PM Josselin Mouette wrote:
 Le mercredi 29 mai 2013 à 16:31 +0200, Javier Fernandez-Sanguino a
 
 écrit :
  Take for example, smartmoontools [1]. Currently, if an end-user
  installs smartmoontools and a hard-disk fails (i.e. smartd detects a
  problem with one HD) he will *not* see any notification: the failure
  is sent through local e-mail.
 
 He will see a notification on his desktop. Clear, understandable and
 translated in his configured language:
 https://git.gnome.org/browse/gnome-disk-utility/tree/src/notify/gdusdmonitor
 .c (The code is different but already here in squeeze and wheezy.)
 
 I don’t see why he would need to see it again in a cryptic English
 e-mail. You are really looking for a solution to a nonexistent problem.

Desktop notifications are really only useful for informing the user of things 
as they happen.  If the user doesn't happen to be sitting at the screen when 
the notification happens, they'll never know.  Even if they are using a system 
that allows them to go back and review their notification history when they 
return to their system, that's not the normal usage pattern.

Desktop notifications are no more a complete solution to the problem of letting 
the user know than local mail is.

Scott K


--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/5100284.2cAPWE0nHA@scott-latitude-e6320

Re: Proposed mass bug filing: Removal of automake1.4, automake1.9, automake1.10 and automake1.11

2013-05-30 Thread Thorsten Glaser

Eric Dorland eric at debian.org writes:

 at the very beginning of the jessie release cycle I'd like to propose
 a mass bug filing to remove all the current automake packages in
 unstable (automake1.13 is in the NEW queue). Automake 1.4 in

Erm. How about you’d have checked with the maintainers of those
packages *before* shoving automake1.13 as “automake” into NEW,
thus breaking the build of unrelated packages?

http://buildd.debian-ports.org/status/
fetch.php?pkg=libnfsidmaparch=m68kver=0.25-5stamp=1369888632

Manual analysis:

(pbuild7107)aranym:/# apt-get install automake1.11
Reading package lists... Done
Building dependency tree   
Reading state information... Done
Package automake1.11 is a virtual package provided by:
  automake 1:1.11.6-1 [Not candidate version]

E: Package 'automake1.11' has no installation candidate
(pbuild7107)aranym:/# apt-cache policy automake
automake:
  Installed: (none)
  Candidate: 1:1.13.2-1
  Version table:
 1:1.13.2-1 0
500 http://ftp.de.debian.org/debian-ports/ unstable/main m68k 
Packages
 1:1.11.6-1 0
500 http://ftp.de.debian.org/debian-ports/ unstable/main m68k 
Packages

I expect more packages to FTBFS soonish.

There’s no existing bugreport against *either* libnfsidmap *or* automake,
and I’m not filing one because I don’t know which of those packages is in
the wrong, for now, since this apparently didn’t get discussed any further.

bye,
//mirabilos


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/loom.20130530t124356-...@post.gmane.org

Re: X.509 and CA certificates for other purposes (i.e. the IGTF)

2013-05-30 Thread Dennis van Dok

On 26-05-13 20:02, Bastien ROUCARIES wrote:
 On Sat, May 25, 2013 at 2:27 PM, Charles Plessy ple...@debian.org wrote:

 Hi Dennis and everybody,

 somewhat related to this, I would like to know if there is a package that 
 could
 host Amazon's EC2 public certificate ?  In Ubuntu it is added to the 
 euca2ools
 package, because a program of this package can use it, but it is not part of
 the upstream source (which is not Amazon), so I really would prefer to ship
 the certificate somewhere else.

 I proposed ca-certificates earlier, but the result was inconclusive.

 http://bugs.debian.org/573857

 Would there be a volunteer to maintain new package from scratch if needed ?
 
 Maybe crypto consolidation arround libnss will greatly help here.
 jessie release goal ?

Could you elaborate on what it is you propose exactly, because I could
interpret this in many different ways.

D.


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/51a72ee6.7040...@nikhef.nl

Re: systemd .service file conversion

2013-05-30 Thread Sam Morris

On Thu, 30 May 2013 11:38:22 +0200, Salvo Tomaselli wrote:
 I have tried systemd, and I like the approach it has, and in a few years
 I believe it has potential. But... using it to restart my computer i
 need to do an hard reset (and think of how happy would I be if my
 computer had been a server in a rack on the other side of the planet),
 and gave me several problems related to switching from X11 to vt and
 vice versa.

If you haven't already, please file bugs for these issues so that they 
can be investigated and fixed.

-- 
Sam Morris
https://robots.org.uk/
 
PGP key id 1024D/5EA01078
3412 EA18 1277 354B 991B  C869 B219 7FDB 5EA0 1078


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/pan.2013.05.30.10.33...@robots.org.uk

Re: default MTA

2013-05-30 Thread Carlos Alberto Lopez Perez

On 30/05/13 12:27, Scott Kitterman wrote:
 On Thursday, May 30, 2013 12:16:38 PM Carlos Alberto Lopez Perez wrote:
 On 29/05/13 08:18, Chris Knadle wrote:
   - Exim is more popular
   
 http://www.securityspace.com/s_survey/data/man.201201/mxsurvey.html

 This is actually quite interesting.

 Given that Postfix is the default MTA on RHEL/CentOS, SLES (SUSE) and
 Ubuntu; meanwhile Exim is only the default on Debian (AFAIK).

 I wonder if this means that Debian is used in more mail servers than the
 rest of the distributions together.
 
 Since ~80% of the Exim installations are for an ancient version that AFAIK 
 tell from a few moments of checking was never the version in a Debian 
 release, 
 I don't think that's it.
 
 Scott K
 
Exim 4.69 was shipped with Debian 5.0 (Lenny)

http://archive.debian.net/lenny/exim4



signature.asc
Description: OpenPGP digital signature

Re: Eliminating mail-transport-agent from standard

2013-05-30 Thread Neil Williams

On Thu, 30 May 2013 12:40:03 +0200
Marc Haber mh+debian-de...@zugschlus.de wrote:

 On Thu, 30 May 2013 12:06:17 +0300, Riku Voipio riku.voi...@iki.fi
 wrote:
 On Mon, May 27, 2013 at 08:27:36PM -0700, Josh Triplett wrote:
  In addition to determining the MTA pulled in by default for packages
  which require mail-transport-agent in order to function (the provider of
  default-mta), I'd like to propose as a release goal that we not have any
  MTA in standard anymore.  I've actually worked towards this goal for a
  while now, and made a fair bit of progress; this mail documents the
  remaining work required, most of which is simple dependency/priority
  changes and patch application.
 
 +1
 
 In this age of spam, installing email server should be explicit decision
 by system admin rather that something that becomes automatically when 
 you install Debian.
 
 What is the danger of having a local email server on the system, in
 the way we install exim in the default?

Turn that on it's head:

What is the benefit of having a local email server installed on every
system compared to the space it takes up and the fact that it sits
there unconfigured, doing nothing useful?

So far, the only answer I've come across for that is because 'at'
depends on it, to which the correct solution is: apt-get --purge
autoremove at

-- 


Neil Williams
=
http://www.linux.codehelp.co.uk/



pgpwEmW0fnaFZ.pgp
Description: PGP signature

Re: default MTA

On Thursday, May 30, 2013 01:01:46 PM Carlos Alberto Lopez Perez wrote:
 On 30/05/13 12:27, Scott Kitterman wrote:
  On Thursday, May 30, 2013 12:16:38 PM Carlos Alberto Lopez Perez wrote:
  On 29/05/13 08:18, Chris Knadle wrote:
- Exim is more popular

  http://www.securityspace.com/s_survey/data/man.201201/mxsurvey.html
  
  This is actually quite interesting.
  
  Given that Postfix is the default MTA on RHEL/CentOS, SLES (SUSE) and
  Ubuntu; meanwhile Exim is only the default on Debian (AFAIK).
  
  I wonder if this means that Debian is used in more mail servers than the
  rest of the distributions together.
  
  Since ~80% of the Exim installations are for an ancient version that AFAIK
  tell from a few moments of checking was never the version in a Debian
  release, I don't think that's it.
  
  Scott K
 
 Exim 4.69 was shipped with Debian 5.0 (Lenny)
 
 http://archive.debian.net/lenny/exim4

Thanks.  I was looking at it wrong.  It would, however, be a bit surprising if 
1/3 of the mail servers on the internet were running Lenny at this point.  

It's also worth noting that only something like half the servers that provided 
a banner provided enough information to identify the software in use, so I'm 
not sure how much it really tells us.

Scott K

signature.asc
Description: This is a digitally signed message part.

Re: default MTA

On 30-05-13 12:27, Marc Haber wrote:
 We should make local mail or other messages trivially and
 automatically visible for people who have installed Debian in NNF[1]
 compliant way, but if one has gone to length to use something
 non-default, I think we can safely trust those people with taking
 other measures as well.

While that's true, if we're going to be make the effort to make sure
such notifications are trivially and automatically visibe for NNF
users, it would be a waste if we didn't do it in such a way that people
who make only the slightest of modifications could benefit from it as well.

If we're making something GNOME-specific, we don't do that. If we make
an application that fits into any fdo-compliant notification area, we do.

-- 
This end should point toward the ground if you want to go to space.

If it starts pointing toward space you are having a bad problem and you
will not go to space today.

  -- http://xkcd.com/1133/


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/51a73882.4010...@debian.org

Re: X.509 and CA certificates for other purposes (i.e. the IGTF)

2013-05-30 Thread Bastien ROUCARIES

On Thu, May 30, 2013 at 12:50 PM, Dennis van Dok denni...@nikhef.nl wrote:
 On 26-05-13 20:02, Bastien ROUCARIES wrote:
 On Sat, May 25, 2013 at 2:27 PM, Charles Plessy ple...@debian.org wrote:

 Hi Dennis and everybody,

 somewhat related to this, I would like to know if there is a package that 
 could
 host Amazon's EC2 public certificate ?  In Ubuntu it is added to the 
 euca2ools
 package, because a program of this package can use it, but it is not part of
 the upstream source (which is not Amazon), so I really would prefer to ship
 the certificate somewhere else.

 I proposed ca-certificates earlier, but the result was inconclusive.

 http://bugs.debian.org/573857

 Would there be a volunteer to maintain new package from scratch if needed ?

 Maybe crypto consolidation arround libnss will greatly help here.
 jessie release goal ?

 Could you elaborate on what it is you propose exactly, because I could
 interpret this in many different ways.

Using only one lib for crypto (libnss) will allow to use only one
trust certificate format

 D.


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/cae2spaa4bn36e02xmyrady7p7jkln6cbm+nclyn1j-yz-f+...@mail.gmail.com

Re: X.509 and CA certificates for other purposes (i.e. the IGTF)

2013-05-30 Thread Bastien ROUCARIES

On Thu, May 30, 2013 at 12:50 PM, Dennis van Dok denni...@nikhef.nl wrote:
 On 26-05-13 20:02, Bastien ROUCARIES wrote:
 On Sat, May 25, 2013 at 2:27 PM, Charles Plessy ple...@debian.org wrote:

 Hi Dennis and everybody,

 somewhat related to this, I would like to know if there is a package that 
 could
 host Amazon's EC2 public certificate ?  In Ubuntu it is added to the 
 euca2ools
 package, because a program of this package can use it, but it is not part of
 the upstream source (which is not Amazon), so I really would prefer to ship
 the certificate somewhere else.

 I proposed ca-certificates earlier, but the result was inconclusive.

 http://bugs.debian.org/573857

 Would there be a volunteer to maintain new package from scratch if needed ?

 Maybe crypto consolidation arround libnss will greatly help here.
 jessie release goal ?

 Could you elaborate on what it is you propose exactly, because I could
 interpret this in many different ways.

See also https://fedoraproject.org/wiki/FedoraCryptoConsolidation

 D.


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/CAE2SPAa1qk-zLMb2Dau_H1vB9CzJKKye6=cz2re0o_stw9k...@mail.gmail.com

Re: default MTA

On 30-05-13 12:16, Carlos Alberto Lopez Perez wrote:
 On 29/05/13 08:18, Chris Knadle wrote:
   - Exim is more popular

 http://www.securityspace.com/s_survey/data/man.201201/mxsurvey.html
 
 This is actually quite interesting.
 
 Given that Postfix is the default MTA on RHEL/CentOS, SLES (SUSE) and
 Ubuntu; meanwhile Exim is only the default on Debian (AFAIK).
 
 I wonder if this means that Debian is used in more mail servers than the
 rest of the distributions together.

From the bottom of that page:

Exim (465,731 servers)

Version Number of Servers   Percent
4.69368,005 79.02%
4.7636,227  7.78%
4.7220,387  4.38%
4.7710,824  2.32%
4.678,297   1.78%
4.635,689   1.22%
Other   16,302  3.50%

4.69 was the version of exim that shipped with Lenny; squeeze shipped
with 4.72, wheezy with 4.80.

If these are indeed all Debian servers, that would mean that 79.02% of
44.23% of 45.88% of all MX servers queried by these people use a no
longer supported version of Debian.

(79.02%: all exim servers running 4.69; 44.23%: percentage of all
identifiable servers that is running exim; 45.88%: percentage of all MX
servers that is running an identifiable mail server)

-- 
This end should point toward the ground if you want to go to space.

If it starts pointing toward space you are having a bad problem and you
will not go to space today.

  -- http://xkcd.com/1133/


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/51a73b72.6020...@debian.org

Re: Debian systemd survey

2013-05-30 Thread Simon McVittie

On 30/05/13 11:19, Marc Haber wrote:
 On Wed, 29 May 2013 13:10:57 -0700, Russ Allbery r...@debian.org
 wrote:
 Using an imperative language for a descriptive purpose is a bad mismatch
 of tools and has been ever since the practical effect of init scripts has
 become fairly standardized.
 
 Some init scripts in Debian build dynamic configuration before the
 daemon is started. It has grown to be an important part of conffile
 and configuration management for software that cannot by itself read
 its configuration in snippets from a foo.conf.d directory.
 
 I am not sure how we would handle that in a descriptive approach.

My preferred answer is give the daemon better configuration handling,
so you can get maximum benefit from having a declarative init, but if
that isn't an option:

systemd:
ExecStartPre=/usr/share/myservice/hack-up-the-config.sh
ExecStart=/usr/sbin/myservice

Upstart:
pre-start script
  # entirely untested, but [1] suggests that this might be right?
  /usr/share/myservice/hack-up-the-config.sh || { stop; exit 0; }
end script
script
  /usr/sbin/myservice
end script

Or keep using a legacy sysvinit script (they'll have to remain supported
for quite some time, at least in runlevels 2-5, for LSB if nothing
else), or wrap the daemon in a shell script that does some initial setup
and eventually exec()s the real daemon (like openarena-server).

Perhaps your favourite package can't derive much/any benefit from a more
declarative init, but I would guess that 90%+ do. That's still a
significant reduction in the number of lines of shell script boilerplate
in the distribution :-)

S

[1]
http://upstart.ubuntu.com/cookbook/#stop-a-job-from-running-if-a-pre-start-condition-fails


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/51a738eb.9040...@debian.org

Re: default MTA

On Thu, 30 May 2013 06:46:46 -0400, Scott Kitterman
deb...@kitterman.com wrote:
Even if they are using a system 
that allows them to go back and review their notification history when they 
return to their system,

It just occurred to me that you are describing a mail client.

Greetings
Marc
-- 
-- !! No courtesy copies, please !! -
Marc Haber |Questions are the | Mailadresse im Header
Mannheim, Germany  | Beginning of Wisdom  | http://www.zugschlus.de/
Nordisch by Nature | Lt. Worf, TNG Rightful Heir | Fon: *49 621 72739834


--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/e1ui1nv-0001ra...@swivel.zugschlus.de

Re: default MTA

2013-05-30 Thread Chris Knadle

On Thursday, May 30, 2013 05:11:06, Bernhard R. Link wrote:
 * Chris Knadle chris.kna...@coredump.us [130529 08:29]:
- Exim configuration is more human readable than Postifx's, IMHO.

  Postfix configuration is concise but terse, and there are typically
  blocks of options separated by commas that doesn't easily allow
  commenting on specific config options.
 
 Configurability is an important point. Having had to use postfix lately
 I'm quite suprised anyone voluntarily uses that thing. Postfix feels
 like some ad-hoc configuration gone absurd, by only making special use
 cases configuable and then misusing those options for other things.

There's a reason it feels like this.  Postfix was designed with security in 
mind, but wasn't focused on being a general purpose MTA.  It happens to /work/ 
pretty well in that role in many cases, though.

   http://shearer.org/MTA_Comparison#Postfix

Exim is exactly the opposite: its design was focused on being a general 
purpose MTA, but wasn't focused on security.  Yet this doesn't mean that Exim 
is insecure.

   http://shearer.org/MTA_Comparison#Exim

 Together with this splitting in many little programs which all lack most
 of the information, configuring postfix is a large puzzle and any
 advanced postfix configuration (even from the official documentation)
 looks like McGyver was out of duct-tape but had to build a nuclear reactor
 from kitchen parts with only the transparent tape for office use.

This feels like a fitting description.  [Postfix's master.cf file is what I 
find the most confusing.]

 The only positive thing you can say about Postfix' configuration is that
 it might be better than sendmail's.

Sendmail's configuration is so unreadable that nobody [in their right mind] 
configures it in the native format and instead does it with m4 scripts.  
However with m4 scripts I think Sendmail configuration might actually be less 
confusing than Postfix's.

  -- Chris

--
Chris Knadle
chris.kna...@coredump.us
GPG Key: 4096R/0x1E759A726A9FDD74


signature.asc
Description: This is a digitally signed message part.

Re: Eliminating mail-transport-agent from standard

On Thu, 30 May 2013 12:28:28 +0100, Neil Williams
codeh...@debian.org wrote:
What is the benefit of having a local email server installed on every
system compared to the space it takes up and the fact that it sits
there unconfigured, doing nothing useful?

It sits there with a well reasoned default configuration, taking care
of archiving local notifications from a number of subsystems.

It is our fault that we don't provide an adequate way of presenting
those notifications to the local user by default.

Greetings
Marc
-- 
-- !! No courtesy copies, please !! -
Marc Haber |Questions are the | Mailadresse im Header
Mannheim, Germany  | Beginning of Wisdom  | http://www.zugschlus.de/
Nordisch by Nature | Lt. Worf, TNG Rightful Heir | Fon: *49 621 72739834


--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/e1ui1rd-0001rp...@swivel.zugschlus.de

Re: systemd .service file conversion

2013-05-30 Thread Gergely Nagy

Marc Haber mh+debian-de...@zugschlus.de writes:

 On Thu, 30 May 2013 11:46:51 +0300, Riku Voipio riku.voi...@iki.fi
 wrote:
By switching early we can affect how a piece of software will evolve.

 This is the case with software that has a cooperative upstream.
 systemd's upstream is known not to be.

I never quite understood why people seem to think systemd upstream is
uncooperative (well, apart from the whole non-linux porting deal, where
their stance is completely understandable too). My experience so far
suggests otherwise: I've have had very fruitful interactions with them,
multiple times, in person and over the wire aswell.

From the mailing list and IRC channel, I get the same impression I got
when personally involved.

-- 
|8]


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/87mwrc7kuf.fsf@algernon.balabit

Re: default MTA

On Thu, May 30, 2013 at 12:31:22PM +0200, Marc Haber wrote:
 Btw, I fear that systemd's binary logs are going to import this method
 of inefficient work in our world. I surely hope I am wrong on this
 count.

journalctl gives pretty much exactly the same output as
/var/log/messages and so on. As a side-benefit, instead of using grep,
it indexes various things so you can more quickly filter.

For most use caes though, the switch is rather easy:
  journalctl | grep something
vs
  grep something /var/log/messages

and
  journalctl -f
vs
  tail -f /var/log/messages

So if you don't want to know anything, you don't need to know much.
Further, you can keep another syslog running.

In any case, journal is quite efficient.

-- 
Regards,
Olav


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20130530114817.ga16...@bkor.dhs.org

Re: Switching to mozilla ESR in stable-security

2013-05-30 Thread Didier 'OdyX' Raboud

Le jeudi, 30 mai 2013 00.10:11, Philip Hands a écrit :
 Moritz Mühlenhoff j...@inutil.org writes:
  Willi Mann foss...@wm1.at schrieb:
  Moritz Muehlenhoff wrote:
  As such, we'll switch to releasing the ESR releases of iceweasel
  and icedove in stable-security.
  
  wouldn't it be better to do the bumps of major ESR versions in point
  releases? That might also allow a few more extensions to be updated.
  
  We need to release the security updates when ready and cannot
  realistically align the point releases with Mozilla releases.
 
 Does this perhaps indicate that these packages are not really suitable
 for stable, and should instead be provided via backports or some similar
 mechanism (i.e. a mozilla-bikeshed[1])?

I concur. Although I very much understand the practical constraints leading to 
softening the no new upstream versions in stable policy for the specific 
case of browsers, it nevertheless feels as jumping on the no stability exists 
outside of the latest upstream releases bandwagon.

If we can't handle the backporting of serious security issues on top of our 
stable version (in order to maximise the avoidance of regressions), then maybe 
said software shouldn't be shipped in stable in the first place. Thoughts ?

OdyX


signature.asc
Description: This is a digitally signed message part.

Re: libnss consolidation (was: X.509 and CA certificates for other purposes (i.e. the IGTF))

2013-05-30 Thread Dennis van Dok

On 30-05-13 13:16, Bastien ROUCARIES wrote:

 Using only one lib for crypto (libnss) will allow to use only one
 trust certificate format

'Allow only one' doesn't immediately strike me as beneficial, but I see
what you mean. The discussion is similar to others (such as about which
init system to support) where the question is 'why do we have X
implementations of Y?' where X  1.

There are pros and cons to such a bold plan as you propose. I can think
of a few, and I'm sure others can think of many more. But more
importantly, it takes effort to work out the plan, inventory the pros
and cons, calculate the required efford and herd it along. Most work on
Debian is on a voluntary basis, the available effort depends on what
people will want to invest (even just to read this e-mail!). I'm not
volunteering.

But to seed the discussion (maybe):

Pros: having only one crypto system will simplify the handling of
certificates.

Cons:

- not all crypto libraries are equivalent; choosing one will exclude
some functionality provided by others
- we somehow have to deal with legacy systems that can't convert
- adoption of new software that uses something else is harder

Cheers,

Dennis van Dok
-- 
D.H. van Dok :: Software Engineer :: www.nikhef.nl/grid ::
Phone +31 20 592 22 28 :: http://www.nikhef.nl/~dennisvd/


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/51a74103.5040...@nikhef.nl

Bug#710382: ITP: jmtpfs -- FUSE based filesystem for accessing MTP devices

2013-05-30 Thread Apollon Oikonomopoulos

Package: wnpp
Severity: wishlist
Owner: Apollon Oikonomopoulos apoi...@gmail.com

* Package name: jmtpfs
  Version : 0.4
  Upstream Author : Jason Ferrara jason.ferr...@jacquette.com
* URL : 
http://research.jacquette.com/jmtpfs-exchanging-files-between-android-devices-and-linux/
* License : GPL-3
  Programming Lang: C++
  Description : FUSE based filesystem for accessing MTP devices

jmtpfs is a FUSE and libmtp based filesystem for accessing MTP (Media Transfer
Protocol) devices. It was specifically designed for exchaning files between
Linux (and Mac OS X) systems and newer Android devices that support MTP but
not USB Mass Storage.

The goal is to create a well behaved filesystem, allowing tools like find and
rsync to work as expected. MTP file types are set automatically based on file
type detection using libmagic. Setting the file appears to be necessary for
some Android apps, like Gallery, to be able to find and use the files.


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20130530120311.GA15484@marvin

Re: default MTA

On Thu, May 30, 2013 at 01:31:14PM +0200, Wouter Verhelst wrote:
 If we're making something GNOME-specific, we don't do that. If we make
 an application that fits into any fdo-compliant notification area, we do.

Within GNOME we usually create a freedesktop.org solution, then use that
within GNOME. This is how udisks works. A large generic part, then
another GNOME-specific component.

Seems the solutions are very focussed on the assumption that things
cannot be changed. E.g. programs currently send email, so email it has
to be forever.

-- 
Regards,
Olav


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20130530115601.gb16...@bkor.dhs.org

Re: Eliminating mail-transport-agent from standard

2013-05-30 Thread Neil Williams

On Thu, 30 May 2013 13:54:35 +0200
Marc Haber mh+debian-de...@zugschlus.de wrote:

 On Thu, 30 May 2013 12:28:28 +0100, Neil Williams
 codeh...@debian.org wrote:
 What is the benefit of having a local email server installed on every
 system compared to the space it takes up and the fact that it sits
 there unconfigured, doing nothing useful?
 
 It sits there with a well reasoned default configuration, taking care
 of archiving local notifications from a number of subsystems.

There are many systems where such notifications will never be generated
and besides, why isn't /var/log/ suitable for those? (at least as a
fallback?)

It's not a huge issue because the kinds of systems I have in mind will
use multistrap or debootstrap, not d-i, to do the installation so
standard doesn't usually get installed at all.

However, these systems work perfectly well without any MTA and the lack
of notifications is *not* a valid reason to impose an MTA upon them.

There is absolutely no reason why adding Priority: standard to such
systems should impose an MTA.

-- 


Neil Williams
=
http://www.linux.codehelp.co.uk/



pgpswYBbJ7eqr.pgp
Description: PGP signature

Re: default MTA

On Thu, May 30, 2013 at 01:51:11PM +0200, Marc Haber wrote:
 On Thu, 30 May 2013 06:46:46 -0400, Scott Kitterman
 deb...@kitterman.com wrote:
 Even if they are using a system 
 that allows them to go back and review their notification history when they 
 return to their system,
 
 It just occurred to me that you are describing a mail client.

Suggest receiving nagios notifications via email. Sometimes when you're
busy your inbox is overloaded with stuff that is already up. Email is
one way of getting notifications, but for desktop things, it is rather
imperfect. Would be kind of funny to receive an email notification via
email though :P

-- 
Regards,
Olav


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20130530120057.gc16...@bkor.dhs.org

Re: systemd .service file conversion

On Thu, May 30, 2013 at 12:22:34PM +0200, Marc Haber wrote:
 This is the case with software that has a cooperative upstream.
 systemd's upstream is known not to be.

I've seen as well as attended various conferences where systemd was
explained. There have also been various systemd specific events. There
was also a open meeting between systemd developers and systemd users
at FOSDEM (which I attended). Interested people from various
distributions discussed the state of systemd, what they want, etc.
Upstream discussed planned changes, etc.

Above is what happens in practice. Seems cooperative.

-- 
Regards,
Olav


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20130530121102.gd16...@bkor.dhs.org

Re: default MTA

On 30-05-13 13:56, Olav Vitters wrote:
 On Thu, May 30, 2013 at 01:31:14PM +0200, Wouter Verhelst wrote:
 If we're making something GNOME-specific, we don't do that. If we make
 an application that fits into any fdo-compliant notification area, we do.
 
 Within GNOME we usually create a freedesktop.org solution, then use that
 within GNOME. This is how udisks works. A large generic part, then
 another GNOME-specific component.

Sure.

 Seems the solutions are very focussed on the assumption that things
 cannot be changed. E.g. programs currently send email, so email it has
 to be forever.

No, that's not how I interpret the discussion.

Doing important notifications through mail only means that many people
won't see the important notifications due to the way we handle mail by
default currently. So we need to fix that.

However, the mail approach does have certain upsides for large
installations and multi-user systems:
- Regular users can't always see what's in syslog, so getting the output
  of their cron or at jobs there won't help them.
- For the things that really really matter, it makes sense to have them
  sent to a central root mail address, so that in case of a large
  multi-system installation, the sysadmin knows when things go really
  really wrong.

If we configure things so that root mail gets sent to the user that was
created at install time by default, and then install some fdo
notification thing that allows a user to read and mark read or delete
(or both) mails in their local mailbox by default, that should work for
both use cases.

-- 
This end should point toward the ground if you want to go to space.

If it starts pointing toward space you are having a bad problem and you
will not go to space today.

  -- http://xkcd.com/1133/


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/51a7457e.6020...@debian.org

Bug#710385: ITP: ruby-rgen -- Ruby modelling and generator framework

2013-05-30 Thread Stig Sandbeck Mathisen

Package: wnpp
Severity: wishlist
Owner: Stig Sandbeck Mathisen s...@debian.org

* Package name: ruby-rgen
  Version : 0.6.2
  Upstream Author : Martin Thiede
* URL : http://ruby-gen.org/
* License : MIT
  Programming Lang: Ruby
  Description : Ruby modelling and generator framework

RGen is a framework for Model Driven Software Development (MDSD)in Ruby. This
means that it helps you build Metamodels, instantiate Models, modify and
transform Models and finally generate arbitrary textual content from it.

RGen is a dependency for the new future parser in puppet 3.2.x


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/20130530122019.15253.70847.report...@turbotape.w.bitbit.net

Re: default MTA

2013-05-30 Thread Bjørn Mork

Marc Haber mh+debian-de...@zugschlus.de writes:
 On Thu, 30 May 2013 06:46:46 -0400, Scott Kitterman
 deb...@kitterman.com wrote:
Even if they are using a system 
that allows them to go back and review their notification history when they 
return to their system,

 It just occurred to me that you are describing a mail client.

Let's add biff and we have cross-desktop real-time notification in place
:)


Bjørn


--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/8738t4oe7z@nemi.mork.no

Re: systemd .service file conversion

On Thu, May 30, 2013 at 12:21:33PM +0200, Marc Haber wrote:
 The init system case is special because supporting another init script
 system will most probably mean that all packages delivering an init
 script ($ ls /etc/init.d/ | wc -l = 116 on my small notebook system)
 will have to adapt. This is a major transition, and while we offer
 multiple init systems as officially supported, additional work is
 needed by all developers.

The systemd files should be pushed upstream (this is what other
distributions have done and will do). Furthermore, systemd support
sysvinit. Obviously there will be a pain when switching, but then I
guess your argument is that any change is bad?

-- 
Regards,
Olav


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20130530121653.ge16...@bkor.dhs.org

Re: systemd .service file conversion

2013-05-30 Thread Marco d'Itri

On May 30, Gergely Nagy alger...@balabit.hu wrote:

 I never quite understood why people seem to think systemd upstream is
 uncooperative (well, apart from the whole non-linux porting deal, where
 their stance is completely understandable too). My experience so far
There is also the kill features Red Hat does not care about deal, 
and the invent a new a configuration files scheme because it better 
suits RPM and Red Hat policies deal.
Upstream is very cooperative, as long as your needs align with the ones 
of Red Hat.

-- 
ciao,
Marco


signature.asc
Description: Digital signature

Re: Switching to mozilla ESR in stable-security

2013-05-30 Thread Florian Weimer

* Didier Raboud:

 If we can't handle the backporting of serious security issues on top
 of our stable version (in order to maximise the avoidance of
 regressions), then maybe said software shouldn't be shipped in
 stable in the first place. Thoughts ?

Which web browsers would remain in stable if we applied this criterion
consistently?


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/87y5awljc7@mid.deneb.enyo.de

Re: Switching to mozilla ESR in stable-security

2013-05-30 Thread Didier 'OdyX' Raboud

Le jeudi, 30 mai 2013 14.53:44, Florian Weimer a écrit :
 * Didier Raboud:
  If we can't handle the backporting of serious security issues on top
  of our stable version (in order to maximise the avoidance of
  regressions), then maybe said software shouldn't be shipped in
  stable in the first place. Thoughts ?
 
 Which web browsers would remain in stable if we applied this criterion
 consistently?

Although that makes me very sad, if we (collectively) give up packaging 
browser extensions (hence letting our users rely on third-party repositories 
to get access to [non-]free binaries) and frozen browsers in stable, then 
maybe the correct answer to your question is none.

OdyX


--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/201305301520.29815.o...@debian.org

Re: systemd .service file conversion

2013-05-30 Thread Mathieu Parent

(I'm afraid to feed the troll)

2013/5/30 Marco d'Itri m...@linux.it:
 On May 30, Gergely Nagy alger...@balabit.hu wrote:

 I never quite understood why people seem to think systemd upstream is
 uncooperative (well, apart from the whole non-linux porting deal, where
 their stance is completely understandable too). My experience so far
 There is also the kill features Red Hat does not care about deal,

Do you have an example?

 and the invent a new a configuration files scheme because it better
 suits RPM and Red Hat policies deal.

Do you have an example?

I have a example that show systemd taking non-RH solutions: /etc/hostname [ref]

[ref]: http://0pointer.de/blog/projects/the-new-configuration-files

 Upstream is very cooperative, as long as your needs align with the ones
 of Red Hat.

examples?

Regards
--
Mathieu Parent


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/CAFX5sby+c5JAabcZoaByv_=jR5FtYv=0f+lqdrxb4fiwhgx...@mail.gmail.com

Re: [clang] Report bugs on packages failing to build with clang

2013-05-30 Thread Paul Tagliamonte

On Thu, May 30, 2013 at 06:36:32AM -0400, Scott Kitterman wrote:
 In that case, I'd say they aren't bugs at all.  It may be that a FTBFS with 
 clang is a symptom of some underlying issue that should be addressed, but I 
 don't think non-wishlist bugs should be filed ONLY on the basis of that 
 FTBFS.  
 All that does is impose a burden on package maintainers to determine if the 
 FTBFS is a real issue or not.  I don't think that's appropriate for a MBF.

It's not like clang has non-standard ideas regarding the spec, often
times these errors are more strict readings of the spec, and relying on
gcc's quirks isn't a great idea.

If code can be fixed, it'd a good idea, since gcc may (and has, in the
past), changed non-standard behavior to be more correct.


minor severity sounds good to me :)

Cheers,
  Paul

-- 
 .''`.  Paul Tagliamonte paul...@debian.org
: :'  : Proud Debian Developer
`. `'`  4096R / 8F04 9AD8 2C92 066C 7352  D28A 7B58 5B30 807C 2A87
 `- http://people.debian.org/~paultag


signature.asc
Description: Digital signature

Re: Switching to mozilla ESR in stable-security

2013-05-30 Thread Stefano Zacchiroli

On Thu, May 30, 2013 at 03:20:29PM +0200, Didier 'OdyX' Raboud wrote:
  Which web browsers would remain in stable if we applied this criterion
  consistently?
 
 Although that makes me very sad, if we (collectively) give up packaging 
 browser extensions (hence letting our users rely on third-party repositories 
 to get access to [non-]free binaries) and frozen browsers in stable, then 
 maybe the correct answer to your question is none.

And do you think that would be the best outcome for Debian users? FWIW,
I don't. I think the compromise that the security team is proposing is
much more reasonable than such an alternative.

Note that the presence of non-free extension in the 3rd party
repositories that come pre-configured with Debian-distributed browsers
(and incresingly more other software) is a different problem. And one we
should tackle, IMHO, but that's for a separate discussion.

Cheers.
-- 
Stefano Zacchiroli  . . . . . . .  z...@upsilon.cc . . . . o . . . o . o
Maître de conférences . . . . . http://upsilon.cc/zack . . . o . . . o o
Former Debian Project Leader  . . @zack on identi.ca . . o o o . . . o .
« the first rule of tautology club is the first rule of tautology club »


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20130530132922.gb6...@upsilon.cc

Bug#710394: ITP: javamail -- JavaMail API reference implementation

2013-05-30 Thread Emmanuel Bourg

Package: wnpp
Severity: wishlist
Owner: Emmanuel Bourg ebo...@apache.org

* Package name: javamail
  Version : 1.5.0
  Upstream Author : Bill Shannon bill.shannon@oracle
* URL : http://javamail.java.net
* License : CDDL-1.1 | GPL-2 with Classpath Exception
  Programming Lang: Java
  Description : JavaMail API reference implementation

The JavaMail API is a set of abstract APIs that model a mail system. The API
provides a platform independent and protocol independent framework to build
Java technology based email client applications. The JavaMail API provides
facilities for reading and sending email. Service providers implement particular
protocols. Several service providers are included with the JavaMail API package;
others are available separately. The JavaMail API is implemented as a Java
optional package that can be used on JDK 1.4 and later on any operating system.
The JavaMail API is also a required part of the Java Platform, Enterprise 
Edition
(Java EE). 


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20130530132738.3052.87137.reportbug@debiandev

Re: [clang] Report bugs on packages failing to build with clang

On Thursday, May 30, 2013 09:34:06 AM Paul Tagliamonte wrote:
 On Thu, May 30, 2013 at 06:36:32AM -0400, Scott Kitterman wrote:
  In that case, I'd say they aren't bugs at all.  It may be that a FTBFS
  with
  clang is a symptom of some underlying issue that should be addressed, but
  I
  don't think non-wishlist bugs should be filed ONLY on the basis of that
  FTBFS. All that does is impose a burden on package maintainers to
  determine if the FTBFS is a real issue or not.  I don't think that's
  appropriate for a MBF.
 It's not like clang has non-standard ideas regarding the spec, often
 times these errors are more strict readings of the spec, and relying on
 gcc's quirks isn't a great idea.
 
 If code can be fixed, it'd a good idea, since gcc may (and has, in the
 past), changed non-standard behavior to be more correct.
 
 
 minor severity sounds good to me :)

For the ones that are actual errors, I agree.  I don't think that FTBFS with 
clang is sufficient on it's own to determine that an error exists.  Someone 
would need to look at the failure and see if it's really a bug before filing 
non-wishlist bugs.

Scott K

signature.asc
Description: This is a digitally signed message part.

Re: Switching to mozilla ESR in stable-security

2013-05-30 Thread Paul Wise

On Thu, May 30, 2013 at 8:53 PM, Florian Weimer wrote:

 Which web browsers would remain in stable if we applied this criterion
 consistently?

The best browser ever; lynx.

-- 
bye,
pabs

http://wiki.debian.org/PaulWise


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/caktje6gvmdr8pzydemdwyh69c-96cox7hxt-msyx_9-vop-...@mail.gmail.com

Re: default MTA

2013-05-30 Thread Bernhard R. Link

* Marc Haber mh+debian-de...@zugschlus.de  [130530 12:39]:
 While I don't consider postfix as bad as you describe, I tend to
 describe Postfix as the menu in a better restaurant: A relatively
 small number of sophisticated dishes which you can choose from, and
 if you like them, you will be perfectly satisfied. If you want fries
 instead of plain potatoes, you're basically hosed.

It's not that bad. Even the postfix kitchen can make fries. The tricky
part is having one person served potatoes while the other person asks
for fries, because the person putting those on the dish is not allowed
to look at the order so they cannot determine from the drink whom they
are making the food for. You need to employ two of them, one doing
potatoes and the other one fries, but the waiter is not allowed to
chose which kitchen the order is sent to, so you have to tell the waitor
to write the order in a language the kitchen clerk cannot read, so the
kitchen clerk will pass it to the person responsible for reading
obliterated orders and this person you can tell it either give the order
to the kitchen doing potatoes or the kitchen doing fries depending on
what is wanted.

Bernhard R. Link


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20130530135531.ga4...@client.brlink.eu

Re: systemd .service file conversion

Salvo Tomaselli wrote:
 I have tried systemd, and I like the approach it has, and in a few years I 
 believe it has potential. But... using it to restart my computer i need to do 
 an hard reset (and think of how happy would I be if my computer had been a 
 server in a rack on the other side of the planet), and gave me several 
 problems related to switching from X11 to vt and vice versa.

Do you have any reason at all to believe that these were problems with
systemd, rather than problems in Debian configuration or mostly
independent bugs in other software that happened to trigger under
systemd? Most likely the init that works most reliably in Debian for
basic tasks like booting up a common default system and rebooting is
still sysvinit. But that's not because of any positive quality of
sysvinit, but rather because a lot of effort has been spent to paper
over any problems.

ANY init system can be tweaked to be able boot up and reboot a simple
default system. That's not a relevant criterion to choose between them.
If boot fails completely, in most cases that just demonstrates a lack of
final polish. To make meaningful comparisons between systems, you need
to at least see whether there are more fundamental problems underlying
the failures, or why fixing or working around them takes more effort
with some system.


 On a side note about Poettering, sometimes pulseaudio gets pulled in by some 
 package that I install, and when this happens I stop hearing sounds from my 
 computer, then I know I just need to remove it and everything will be fine

I don't think PulseAudio works as an argument against him. See this mail
for more details:
https://lists.debian.org/1354241767.1887.76.camel@glyph.nonexistent.invalid



-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/1369921815.3628.71.camel@glyph.nonexistent.invalid

Re: Switching to mozilla ESR in stable-security

2013-05-30 Thread Philipp Kern


On 2013-05-29 20:50, Josh Triplett wrote:

As a user of sid who also maintains various systems running stable, I
rely on packages like xul-ext-adblock-plus to make it easier to install
specific addons systemwide.  I find it much easier to install those via
the Debian packaging system rather than a user-level mechanism that
involves running Firefox as one or more target users (or more likely
doing the equivalent of creating a xul-ext-* package for local use).  I
realize that you can't maintain the full library of Firefox addons as
packages, but I'm hoping that some of the most common and popular ones
stick around and stay up to date, notably Adblock Plus, HTTPS
Everywhere, and It's All Text.


It was pointed out to me that Chrome supports policy definitions[1] 
where administrators can force certain extensions to be installed[2] and 
up-to-date. Now it might or might not make sense for packages to simply 
ship such a policy file, but at least it would provide a way for the 
administrator to have the same result. But I guess the Mozilla family 
does not support this yet?


Kind regards
Philipp Kern

[1] http://www.chromium.org/administrators/policy-list-3
[2] 
 
 
 
 
 
 
/www.chromium.org/administrators/policy-list-3#ExtensionInstallForcelist



--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/0c705a399566a8ebb190a9ba2f5f2...@hub.kern.lc

Re: systemd .service file conversion

Mathieu Parent wrote:
 2013/5/30 Marco d'Itri m...@linux.it:
  and the invent a new a configuration files scheme because it better
  suits RPM and Red Hat policies deal.
 
 Do you have an example?

I think he's referring to the etc-overrides-lib semantics that systemd
uses for configuration files. But it's wrong to describe that as better
suits RPM and Red Hat policies; it's simply a better system than always
having all configuration files in /etc and expecting users to possibly
modify those same files, for reasons that are not specific to Red Hat.



-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/1369922163.3628.75.camel@glyph.nonexistent.invalid

Re: libnss consolidation (was: X.509 and CA certificates for other purposes (i.e. the IGTF))

2013-05-30 Thread Bastien ROUCARIES

Le 30 mai 2013 14:08, Dennis van Dok denni...@nikhef.nl a écrit :

 On 30-05-13 13:16, Bastien ROUCARIES wrote:

  Using only one lib for crypto (libnss) will allow to use only one
  trust certificate format

 'Allow only one' doesn't immediately strike me as beneficial, but I see
 what you mean. The discussion is similar to others (such as about which
 init system to support) where the question is 'why do we have X
 implementations of Y?' where X  1.

 There are pros and cons to such a bold plan as you propose. I can think
 of a few, and I'm sure others can think of many more. But more
 importantly, it takes effort to work out the plan, inventory the pros
 and cons, calculate the required efford and herd it along. Most work on
 Debian is on a voluntary basis, the available effort depends on what
 people will want to invest (even just to read this e-mail!). I'm not
 volunteering.

 But to seed the discussion (maybe):

 Pros: having only one crypto system will simplify the handling of
 certificates.

Simplify security audit and get faits certification

Avoid lice se issue with openssl ans GPL

Avoid problem with gnutls ans suid

 Cons:

 - not all crypto libraries are equivalent; choosing one will exclude
 some functionality provided by others

SEE compat layer
 - we somehow have to deal with legacy systems that can't convert
 - adoption of new software that uses something else is harder

 Cheers,

 Dennis van Dok
 --
 D.H. van Dok :: Software Engineer :: www.nikhef.nl/grid ::
 Phone +31 20 592 22 28 :: http://www.nikhef.nl/~dennisvd/

Re: X.509 and CA certificates for other purposes (i.e. the IGTF)

2013-05-30 Thread Christoph Anton Mitterer

On Wed, 2013-05-29 at 12:19 +0200, Dennis van Dok wrote:
 ...which is included in mozilla. That discussion should be taken there
 (indeed was[1]) as in Debian it was agreed we're not going to do better
 than Mozilla at judging CAs[2].
Yeah... sure... I was just mentioning it...
Given that Mozilla performs pretty poorly with respect to security (not
only in terms of certificates), that decision was probably not so
good ;)

Cheers,
Chris


smime.p7s
Description: S/MIME cryptographic signature

Re: systemd .service file conversion

2013-05-30 Thread Jonathan Dowland

On Thu, May 30, 2013 at 04:50:15PM +0300, Uoti Urpala wrote:
 Do you have any reason at all to believe that these were problems with
 systemd, rather than problems in Debian configuration or mostly
 independent bugs in other software that happened to trigger under
 systemd?

Whether or not systemd is responsible is not important if we are considering
systemd as a default init: even if it is not responsible, if it exposes
important bugs, those bugs need to be addressed before we could make a switch.
What we need to make sure works is systemd in Debian, that is, integration
is where all the work is going to be.


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20130530141451.GA2864@debian

Re: Switching to mozilla ESR in stable-security

2013-05-30 Thread Christoph Anton Mitterer

Hi Moritz.

Moritz Muehlenhoff wrote:
 In the future the majority of packages should thus rather be installed
 through http://addons.mozilla.org instead of Debian packages.
Form a security POV, I think this is really quite dangerous... actually
tendency should go towards the direction that users install plugins
addons only via the package management system.

These plug-in systems which come with their own package/installation
management are IMHO also quite bad from a philosophical POV... I mean
they try to replace the traditional package management system, which is
there and superior for very good reasons.


Of course this doesn't mean that I wouldn't see the problem you face
with keeping that stuff running and security supported.

Cheers,
Chris.


smime.p7s
Description: S/MIME cryptographic signature

Re: default MTA

2013-05-30 Thread Christoph Anton Mitterer

On Thu, 2013-05-30 at 07:53 -0400, Chris Knadle wrote:
 There's a reason it feels like this.  Postfix was designed with security in 
 mind, but wasn't focused on being a general purpose MTA.  It happens to 
 /work/ 
 pretty well in that role in many cases, though.
 
http://shearer.org/MTA_Comparison#Postfix
Agreed,... but that also somehow indicates to me, that this would be the
more appropriate default MTA.
It will do quite securely what most people need, especially those end
user who have no clue about running mailservers at all.

If an expert admin is used to exim or anything else and thinks postfix
cannot satisfy his demands,... it should be a simple task for him to
switch :)


Chris.


smime.p7s
Description: S/MIME cryptographic signature

Re: default MTA

2013-05-30 Thread Marco d'Itri

On May 30, Chris Knadle chris.kna...@coredump.us wrote:

 There's a reason it feels like this.  Postfix was designed with security in 
 mind, but wasn't focused on being a general purpose MTA.
Says who? Because I was around at the time, and I remember pretty well 
that the goal was to write a sendmail replacement.
And apparently it worked.

I think that ease of configurability is a major plus for Postfix when 
compared to Exim, since a common configurations is just a few lines long.

-- 
ciao,
Marco


signature.asc
Description: Digital signature

Multi-Arch for plugin packages

2013-05-30 Thread John Paul Adrian Glaubitz


Hello!

I am maintaining one of the gkrellm2 plugin packages, namely
gkrellm2-cpufreq. All of these gkrellm2 plugin packages install their
plugins into /usr/lib/gkrellm2/plugins, including mine.

However, I was wondering whether the plugins should actually
get installed into /usr/lib/${DEB_HOST_MULTIARCH}/gkrellm2/plugins.

Since the plugins aren't really considered shared libraries, I
am not sure whether Multi-Arch has to be considered for these.

Anyone knows how Multi-Arch is handled for other similar plugin
packages, other than gkrellm2 plugins?

I have created a Multi-Arch version of my gkrellm2-cpufreq now,
but I haven't uploaded it yet.

Cheers,

Adrian

--
 .''`.  John Paul Adrian Glaubitz
: :' :  Debian Developer - glaub...@debian.org
`. `'   Freie Universitaet Berlin - glaub...@physik.fu-berlin.de
  `-GPG: 62FF 8A75 84E0 2956 9546  0006 7426 3B37 F5B5 F913


--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/51a76a0d.6030...@physik.fu-berlin.de

Re: Multi-Arch for plugin packages

2013-05-30 Thread Aron Xu

On Thu, May 30, 2013 at 11:02 PM, John Paul Adrian Glaubitz
glaub...@physik.fu-berlin.de wrote:
 Hello!

 I am maintaining one of the gkrellm2 plugin packages, namely
 gkrellm2-cpufreq. All of these gkrellm2 plugin packages install their
 plugins into /usr/lib/gkrellm2/plugins, including mine.

 However, I was wondering whether the plugins should actually
 get installed into /usr/lib/${DEB_HOST_MULTIARCH}/gkrellm2/plugins.

 Since the plugins aren't really considered shared libraries, I
 am not sure whether Multi-Arch has to be considered for these.

 Anyone knows how Multi-Arch is handled for other similar plugin
 packages, other than gkrellm2 plugins?

 I have created a Multi-Arch version of my gkrellm2-cpufreq now,
 but I haven't uploaded it yet.

 Cheers,

 Adrian

What we've done to IM module packages are exactly what you described,
they are plugins to UI toolkits (GTK+, Qt). But please be careful to
make sure they really work as expected when co-installed, i.e the i386
version of the application can use plugins from i386 path, and amd64
version of the program likewise.



-- 
Regards,
Aron Xu


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/CAMr=8w5xzOHgvmk0eovZ1EjMh17K=dmr6elpe872jkkyhah...@mail.gmail.com

Re: systemd .service file conversion

2013-05-30 Thread Marco d'Itri

On May 30, Mathieu Parent math.par...@gmail.com wrote:

 (I'm afraid to feed the troll)
Hint: before accusing somebody of trolling it is a good idea to find out 
who he is.

  There is also the kill features Red Hat does not care about deal,
 Do you have an example?
Persistent naming of network interfaces.

  and the invent a new a configuration files scheme because it better
  suits RPM and Red Hat policies deal.
 Do you have an example?
The /etc/ /lib/ /usr/lib/ split with files overriding each other, 
invented because RPM systems do not prompt the user on package upgrades 
and Red Hat does not support upgrading to the next major release.

-- 
ciao,
Marco


signature.asc
Description: Digital signature

Re: systemd .service file conversion

2013-05-30 Thread Mathieu Parent

2013/5/30 Marco d'Itri m...@linux.it:
 On May 30, Mathieu Parent math.par...@gmail.com wrote:

 (I'm afraid to feed the troll)
 Hint: before accusing somebody of trolling it is a good idea to find out
 who he is.
I apologize.



--
Mathieu


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/CAFX5sbw4=z9+sr-fz4jpmmrhjbsywreqcf+ce6dijjcjxpw...@mail.gmail.com

Re: systemd .service file conversion

2013-05-30 Thread Matthias Klumpp

2013/5/30 Marco d'Itri m...@linux.it:
On May 30, Mathieu Parent math.par...@gmail.com wrote:
[···]
There is also the kill features Red Hat does not care about deal,
Do you have an example?
Persistent naming of network interfaces.
... is entirely optional, and can be disabled if someone doesn't want
it - but I can't see what is bad about it...
Also, rationale and introduction to this feature is nicely documented:

http://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames/
Or do you mean something else?

and the invent a new a configuration files scheme because it better
suits RPM and Red Hat policies deal.
Do you have an example?
The /etc/ /lib/ /usr/lib/ split with files overriding each other,
invented because RPM systems do not prompt the user on package upgrades
and Red Hat does not support upgrading to the next major release.
Well, that might have been one reason, but splitting the conf files
has other advantages too. I like that I have the original file as
reference, that I have very small config-override files which can
easily be backed up, and it also simplifies updates, because I don't
have to merge diffs of config files, but just need to adjust them
later, if something has changed.
So, this is not really RHEL specific, and some other non-RH software
also has this scheme of storing config files.
Regards,
Matthias

--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive:
http://lists.debian.org/CAKNHny9ai+tL7mRb5qxyZ5vTWHuW54kRAEXE5f=x9y8tft6...@mail.gmail.com

Re: Multi-Arch for plugin packages

2013-05-30 Thread Simon McVittie

On 30/05/13 16:02, John Paul Adrian Glaubitz wrote:
 I am maintaining one of the gkrellm2 plugin packages, namely
 gkrellm2-cpufreq. All of these gkrellm2 plugin packages install their
 plugins into /usr/lib/gkrellm2/plugins, including mine.

This seems appropriate.

 However, I was wondering whether the plugins should actually
 get installed into /usr/lib/${DEB_HOST_MULTIARCH}/gkrellm2/plugins.

You must install plugins to a location in which they will be loaded
correctly. :-)

It's usually fine for plugins to be in a non-multiarch location, because
you can only have one architecture's gkrellm2 installed - so it's OK
that you can't install gkrellm2-cpufreq:i386 and gkrellm2-cpufreq:amd64
at the same time, because only the one matching the architecture of
gkrellm2 would work anyway.

If the maintainer of gkrellm2 has already made it load from both
traditional and multiarch locations, then you may move the plugin to a
multiarch location (with an appropriate versioned dependency), but I
don't see any particular need to do so.

If the maintainer of gkrellm2 wants to make it load from *only* the
multiarch location, then that's a transition (involving a pile of
versioned Depends/Breaks), which they will have to coordinate with
plugin maintainers like you, and with the release team.

 Anyone knows how Multi-Arch is handled for other similar plugin
 packages, other than gkrellm2 plugins?

telepathy-mission-control-5 specifically isn't Multi-Arch, because I
didn't want to do a small transition (Mission Control + Empathy) for no
actual benefit.

The only plugins that do benefit from being Multi-Arch are those that
are loaded by more than one executable: glibc NSS modules, PAM modules,
ALSA plugins, that sort of thing. These usually have enough
reverse-dependencies that it's worth doing a gradual transition, by
having the plugin-loader load from both locations.

S


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/51a76fef.6060...@debian.org

Re: default MTA

2013-05-30 Thread Russ Allbery

Marc Haber mh+debian-de...@zugschlus.de writes:
 Chris Knadle chris.kna...@coredump.us wrote:

 I don't like the fact that the /etc/exim4/passwd.client file is in a
 plaintext format, but there are usually several such files on systems
 such that realistically we're only really safe as long as the
 machines we run haven't been broken into.

 And if you think about things, it is clear that the client needs the
 plaintext password to be able to use it.

 Even if certificate authentication, the most secure authentication
 scheme available today, is used, you need the private key on the
 client.

Which is why sending mail as a system service when doing so requires a
user's ISP credentials is a dubious idea.  If you send it from a user
process, such as their mail client, you have sophisticated credential
management capabilities available to you: everything from prompting to
using a system keyring that's only decrypted when they're sitting in front
of the computer.  If you insist on giving your system processes the
ability to authenticate as you, you end up storing random clear-text
passwords in configuration files, readily available for theft by anyone
who can read the contents of your hard drive or compromise the system user
the MTA runs as.  It's also a separation of privileges violation: why
should your MTA be able to upload files to your web space or examine your
billing and credit card information at your ISP?

The situation is, of course, much improved if your ISP supports
per-service or per-client passwords, like Google now does, at which point
the password isn't as valuable and the security problem is less worrisome.

You can also ameliorate the problem by using an encrypted file system, of
course.  But I doubt most users are doing that, and it still doesn't solve
the separation of privileges issue.

-- 
Russ Allbery (r...@debian.org)   http://www.eyrie.org/~eagle/


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/87wqqgcw85@windlord.stanford.edu

Bug#710418: ITP: opendb -- PHP and MySQL based inventory application

2013-05-30 Thread Michael Schultheiss

Package: wnpp
Severity: wishlist
Owner: Michael Schultheiss schul...@debian.org

* Package name: opendb
  Version : 1.5.0.7
  Upstream Author : Jason Pell
* URL : http://opendb.iamvegan.net
* License : GPL v2
  Programming Lang: PHP
  Description : PHP and MySQL based inventory application

The Open Media Collectors Database (OpenDb) is a PHP and MySQL based 
inventory application that allows you to easily catalog and lend 
media-related information, including DVD, VCD, CD, VHS, games, books, and 
laser discs.


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/20130530153340.9508.60610.report...@cartman.hq.amellus.com

Re: Multi-Arch for plugin packages

2013-05-30 Thread Wookey

+++ Simon McVittie [2013-05-30 16:27 +0100]:

 The only plugins that do benefit from being Multi-Arch are those that
 are loaded by more than one executable: glibc NSS modules, PAM modules,
 ALSA plugins, that sort of thing. 

Or plugins that are used in build-depends. I don't know if this ever
happens. Ideally not, and only the core program libraries would be
needed to build against, but all sorts of crazy stuff goes on in
people's builds. Does anyone know of examples? 

Wookey
-- 
Principal hats:  Linaro, Emdebian, Wookware, Balloonboard, ARM
http://wookware.org/


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20130530154604.gy14...@stoneboat.aleph1.co.uk

Re: systemd .service file conversion

Jonathan Dowland wrote:
 On Thu, May 30, 2013 at 04:50:15PM +0300, Uoti Urpala wrote:
  Do you have any reason at all to believe that these were problems with
  systemd, rather than problems in Debian configuration or mostly
  independent bugs in other software that happened to trigger under
  systemd?
 
 Whether or not systemd is responsible is not important if we are considering
 systemd as a default init: even if it is not responsible, if it exposes

You have the context wrong here. considering systemd as a default init
is too vague.

 important bugs, those bugs need to be addressed before we could make a switch.
 What we need to make sure works is systemd in Debian, that is, integration
 is where all the work is going to be.

Yes, there is integration work left. But that's really about the
question is Debian ready to switch all user machines to systemd right
now using the current packages?, and I think nobody would answer yes
to that (before also updating systemd to a much newer upstream version,
etc). I'm pretty sure that was not the context of the mail I was
replying to. He was confusing what were likely integration issues with
what would be more fundamental issues with systemd itself (that would
make it less desirable to do the integration work and switch at all),
and I tried to explain the difference.



-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/1369927900.3628.93.camel@glyph.nonexistent.invalid

Re: Debian systemd survey

2013-05-30 Thread Russ Allbery

Marc Haber mh+debian-de...@zugschlus.de writes:
 Russ Allbery r...@debian.org wrote:

 Using an imperative language for a descriptive purpose is a bad
 mismatch of tools and has been ever since the practical effect of init
 scripts has become fairly standardized.

 Some init scripts in Debian build dynamic configuration before the
 daemon is started. It has grown to be an important part of conffile and
 configuration management for software that cannot by itself read its
 configuration in snippets from a foo.conf.d directory.

 I am not sure how we would handle that in a descriptive approach.

Get rid of some of that complexity because it is pointless (you'll find
that much of it is working around inadequacies in sysvinit).  Get rid of
more of it by building a static configuration from the dynamic
configuration when it changes, where appropriate.  For the rest, escape
out to an imperative language to do that work.  Something that upstart
certainly supports, and that I believe systemd does as well.

-- 
Russ Allbery (r...@debian.org)   http://www.eyrie.org/~eagle/


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/87sj14cw3q@windlord.stanford.edu

Re: default MTA

On Thu, 30 May 2013 13:31:14 +0200, Wouter Verhelst
wou...@debian.org wrote:
On 30-05-13 12:27, Marc Haber wrote:
 We should make local mail or other messages trivially and
 automatically visible for people who have installed Debian in NNF[1]
 compliant way, but if one has gone to length to use something
 non-default, I think we can safely trust those people with taking
 other measures as well.

While that's true, if we're going to be make the effort to make sure
such notifications are trivially and automatically visibe for NNF
users, it would be a waste if we didn't do it in such a way that people
who make only the slightest of modifications could benefit from it as well.

If we're making something GNOME-specific, we don't do that. If we make
an application that fits into any fdo-compliant notification area, we do.

I am with you on that count, provided that what we do does not eat too
much effort that we might desperately need somewhere else.

And from the requirement list for the solution of displaying those
messages that has surfaced in this thread, I feel that a mail client
is just the right tool do show the messages.

Greetings
Marc
-- 
-- !! No courtesy copies, please !! -
Marc Haber |Questions are the | Mailadresse im Header
Mannheim, Germany  | Beginning of Wisdom  | http://www.zugschlus.de/
Nordisch by Nature | Lt. Worf, TNG Rightful Heir | Fon: *49 621 72739834


--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/e1ui5im-0004ww...@swivel.zugschlus.de

Re: default MTA

On Thu, 30 May 2013 13:56:02 +0200, Olav Vitters o...@vitters.nl
wrote:
Seems the solutions are very focussed on the assumption that things
cannot be changed. E.g. programs currently send email, so email it has
to be forever.

It is not a good idea to drop the way that  90 % of programs use to
deliver messages. I really hate the idea of having a thing as fragile
as dbus on a server just to collect status messages.

Greetings
Marc
-- 
-- !! No courtesy copies, please !! -
Marc Haber |Questions are the | Mailadresse im Header
Mannheim, Germany  | Beginning of Wisdom  | http://www.zugschlus.de/
Nordisch by Nature | Lt. Worf, TNG Rightful Heir | Fon: *49 621 72739834


--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/e1ui5jb-0004wd...@swivel.zugschlus.de

Re: default MTA

2013-05-30 Thread Philip Hands

Marco d'Itri m...@linux.it writes:

 On May 30, Chris Knadle chris.kna...@coredump.us wrote:

 There's a reason it feels like this.  Postfix was designed with security in 
 mind, but wasn't focused on being a general purpose MTA.
 Says who? Because I was around at the time, and I remember pretty well 
 that the goal was to write a sendmail replacement.
 And apparently it worked.

Well, I'd say that at least part of the motivation was actually to write
a qmail replacement, that didn't have someone with DJB's atitute to
licensing as upstream -- it was for a long time called vmailer
(v==vapour) as coined by DJB, and adopted by Wietse because it amused
him.

Given that it was qmail inspired, which was writen with the similar
approach of having a crowd of distinct daemons perfornming one task
each, with a UID for each, I'd say that the intent was to match qmail's
security focus.

If one were simply trying to replace Sendmail, the result might well
have looked a lot more like Exim, with a monolithic executable, that
forks into the various roles required.

 I think that ease of configurability is a major plus for Postfix when 
 compared to Exim, since a common configurations is just a few lines
 long.

I happen to agree with you, but it's clearly a matter of what one is
used to, and of taste.

It's also a question of what you want to do.  Setting up SMTP-time
rejection based on something like Spamassasin is far easier with Exim,
for instance.

Cheers, Phil.
-- 
|)|  Philip Hands [+44 (0)20 8530 9560]http://www.hands.com/
|-|  HANDS.COM Ltd.http://www.uk.debian.org/
|(|  10 Onslow Gardens, South Woodford, London  E18 1NE  ENGLAND


pgpPHvdXnaqUW.pgp
Description: PGP signature

Bug#710421: ITP: pxe-pdhcp -- ProxyDHCP server for the non-DHCP server host

2013-05-30 Thread Osamu Aoki

Package: wnpp
Severity: wishlist
Owner: Osamu Aoki os...@debian.org

* Package name: pxe-pdhcp
  Version : 0.1
  Upstream Author : FURUHASHI Sadayuki fr _at_ syuki.skr.jp
* URL : http://svn.coderepos.org/share/lang/c/pxe-pdhcp/
* License : MIT
  Programming Lang: C
  Description : ProxyDHCP server for the non-DHCP server host

 Preboot Execution Environment (PXE) is a specification to boot PCs via the
 network connection.
 .
 There are 3 ways to set up the PXE.
  * Only with DHCP using the DHCPOFFER containing the PXE extension.
-- dhcpd running with special DHCPOFFER in dhcpd.conf .
  * Run the ProxyDHCP server on the same server as the DHCP server.
-- pxe + dhcpd running on the same server.
  * Run the ProxyDHCP server on a server different from the DHCP server.
-- pxe-pdhcp (no dhcpd should be installed together)
 .
 This pxe-pdhcp package provides the support to the last option and this
 option is the most useful for people on the consumer grade home network
 since DHCP server can be left untouched which is impossible with other two
 options.
 .
 For BOOTP or DHCP needed for acquiring an IP address, it should be served
 from a different server than the one running this pxe-pdhcp.
 .
 For TFTP needed for transferring files, such as tftpd-hpa (or atftpd), it
 can be run on any server.
 .
 This program is a single purpose package and simpler to configure than the
 multi-feature dnsmasq package for the ProxyDHCP.
---

The upstream source is old (2007) and not active.  But there are patches on the 
web.
The folllowing updates are made to fit for Debian.

  * string boundary patch. (http://d.hatena.ne.jp/flalin/about)
  * etherboot + syslog patch. (daydream.tripp...@gmail.co)
  * add pid file generation patch. (osamu)
  * Add Debian lsb init script. (osamu)
  * Cleaned source tree to make this as new upstream tar.

I will make new URL for updated source as alioth git repo.

Osamu


signature.asc
Description: Digital signature

Re: default MTA

On Thu, 30 May 2013 16:42:28 +0200, Christoph Anton Mitterer
cales...@scientia.net wrote:
Agreed,... but that also somehow indicates to me, that this would be the
more appropriate default MTA.
It will do quite securely what most people need, especially those end
user who have no clue about running mailservers at all.

Exim does it the same way. This is no argument for a change.

Greetings
Marc
-- 
-- !! No courtesy copies, please !! -
Marc Haber |Questions are the | Mailadresse im Header
Mannheim, Germany  | Beginning of Wisdom  | http://www.zugschlus.de/
Nordisch by Nature | Lt. Worf, TNG Rightful Heir | Fon: *49 621 72739834


--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/e1ui5ri-0004xg...@swivel.zugschlus.de

Re: default MTA

On Thu, 30 May 2013 16:53:56 +0200, m...@linux.it (Marco d'Itri) wrote:
I think that ease of configurability is a major plus for Postfix when 
compared to Exim, since a common configurations is just a few lines long.

How many lines does an average update-exim4.conf.conf have?

Greetings
Marc
-- 
-- !! No courtesy copies, please !! -
Marc Haber |Questions are the | Mailadresse im Header
Mannheim, Germany  | Beginning of Wisdom  | http://www.zugschlus.de/
Nordisch by Nature | Lt. Worf, TNG Rightful Heir | Fon: *49 621 72739834


--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/e1ui5sk-0004xo...@swivel.zugschlus.de

Re: Debian systemd survey

On Thu, 30 May 2013 12:32:59 +0100, Simon McVittie s...@debian.org
wrote:
On 30/05/13 11:19, Marc Haber wrote:
 On Wed, 29 May 2013 13:10:57 -0700, Russ Allbery r...@debian.org
 wrote:
 Using an imperative language for a descriptive purpose is a bad mismatch
 of tools and has been ever since the practical effect of init scripts has
 become fairly standardized.
 
 Some init scripts in Debian build dynamic configuration before the
 daemon is started. It has grown to be an important part of conffile
 and configuration management for software that cannot by itself read
 its configuration in snippets from a foo.conf.d directory.
 
 I am not sure how we would handle that in a descriptive approach.

My preferred answer is give the daemon better configuration handling,
so you can get maximum benefit from having a declarative init, but if
that isn't an option:

That is often not an option. In my case, for example, it's skills. I
would not dare to write configuration handling code in C code that is
destined to run as root, while I don't have much issues in writing
such code in perl or even in shell. otoh, I maintain quite some daemon
packages that have their code written in C.

Additionally, this this traditionally written daemon does not work
nicely with systemd, so change the daemon instead of making systemd
behave as if it was destined for Unixoid OSses attitude is a big
topic for systemd opponents.

systemd:
ExecStartPre=/usr/share/myservice/hack-up-the-config.sh
ExecStart=/usr/sbin/myservice

Can the hack-up-the-config.sh give an error message that is shown to
the user? Can it abort the daemon start? How would systemd handle this
case if it is configured to make sure the daemon is always running?

Upstart:
pre-start script
  # entirely untested, but [1] suggests that this might be right?
  /usr/share/myservice/hack-up-the-config.sh || { stop; exit 0; }
end script
script
  /usr/sbin/myservice
end script

Ugly. Same questions apply.

Greetings
Marc
-- 
-- !! No courtesy copies, please !! -
Marc Haber |Questions are the | Mailadresse im Header
Mannheim, Germany  | Beginning of Wisdom  | http://www.zugschlus.de/
Nordisch by Nature | Lt. Worf, TNG Rightful Heir | Fon: *49 621 72739834


--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/e1ui5co-0004w0...@swivel.zugschlus.de

Re: systemd .service file conversion

On Thu, 30 May 2013 17:07:08 +0200, Matthias Klumpp m...@debian.org
wrote:
So, this is not really RHEL specific, and some other non-RH software
also has this scheme of storing config files.

And it is still completely inferior even to dpkg-conffile handling,
which has huge wishes left open as well.

Greetings
Marc
-- 
-- !! No courtesy copies, please !! -
Marc Haber |Questions are the | Mailadresse im Header
Mannheim, Germany  | Beginning of Wisdom  | http://www.zugschlus.de/
Nordisch by Nature | Lt. Worf, TNG Rightful Heir | Fon: *49 621 72739834


--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/e1ui5f6-0004wa...@swivel.zugschlus.de

Re: systemd .service file conversion

On Thu, 30 May 2013 14:16:53 +0200, Olav Vitters o...@vitters.nl
wrote:
On Thu, May 30, 2013 at 12:21:33PM +0200, Marc Haber wrote:
 The init system case is special because supporting another init script
 system will most probably mean that all packages delivering an init
 script ($ ls /etc/init.d/ | wc -l = 116 on my small notebook system)
 will have to adapt. This is a major transition, and while we offer
 multiple init systems as officially supported, additional work is
 needed by all developers.

The systemd files should be pushed upstream (this is what other
distributions have done and will do). Furthermore, systemd support
sysvinit.

How many features of systemd do we lose if we only use it to invoke
daemons via the init script compatibility layer? I doubt the change
makes sense if we end up doing things this way.

Obviously there will be a pain when switching, but then I
guess your argument is that any change is bad?

My argument is that the one job one tool approach that Unixoid OSses
use is a good approach and that I am extremely reluctant to drop it 
for a topic _this_ central in the operating system.

And I am also opposing changes that will help in dropping the
universal out of Debian's claim.

Greetings
Marc
-- 
-- !! No courtesy copies, please !! -
Marc Haber |Questions are the | Mailadresse im Header
Mannheim, Germany  | Beginning of Wisdom  | http://www.zugschlus.de/
Nordisch by Nature | Lt. Worf, TNG Rightful Heir | Fon: *49 621 72739834


--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/e1ui5h3-0004wk...@swivel.zugschlus.de

Re: systemd .service file conversion

On Thu, May 30, 2013 at 04:35:07PM +0200, Marco d'Itri wrote:
 On May 30, Mathieu Parent math.par...@gmail.com wrote:
  Do you have an example?
 The /etc/ /lib/ /usr/lib/ split with files overriding each other, 
 invented because RPM systems do not prompt the user on package upgrades 
 and Red Hat does not support upgrading to the next major release.

I assume this is your interpretation? Upstream never said anything like
above. I forgot the details, just has nothing to do with what you're
suggesting.

In any case, as a sysadmin you can configure systemd in /etc. This is
pretty much like any other package. Aside from that there are some files
somewhere else.

-- 
Regards,
Olav


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20130530162721.gf16...@bkor.dhs.org

Re: systemd .service file conversion

Matthias Klumpp wrote:
 013/5/30 Marco d'Itri m...@linux.it:
  On May 30, Mathieu Parent math.par...@gmail.com wrote:
 [···]
   There is also the kill features Red Hat does not care about deal,
  Do you have an example?
  Persistent naming of network interfaces.
 ... is entirely optional, and can be disabled if someone doesn't want
 it - but I can't see what is bad about it...
 Also, rationale and introduction to this feature is nicely documented:
  
 http://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames/
 Or do you mean something else?

I think Marco meant udev dropping support for the older variant of
persistent names, the one the article you linked to refers at 'For a
longer time udev shipped support for assigning permanent ethX names to
certain interfaces based on their MAC addresses.'.

As described in the article, there certainly were reasons other than
Red Hat does not care about it to drop this feature. Whether it would
have been preferable to keep optional support somewhat longer for
backwards compatibility is another question.



-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/1369931671.3628.106.camel@glyph.nonexistent.invalid

Re: Debian systemd survey

2013-05-30 Thread Steve Langasek

On Wed, May 22, 2013 at 08:35:52PM +0200, John Paul Adrian Glaubitz wrote:
 Please leave the FUD at the door.  Writing upstart jobs is not difficult;
 while there are some gotchas currently with process lifecycle (which will be
 fixed soon), there is also very complete documentation (for these issues,
 and generally).

 systemd's unit files are still way simpler than upstart job files since
 these are just more or less a simple set of instructions to give
 systemd some hints on how to deal with the targets and services, it
 actually does most of the work automatically without the need of scripts
 at all (which are obviously still required for upstart).

That's patently false.  Upstart does not *require* scripts.  It *supports*
scripts, out of a recognition that C is not always the language of choice for
implementation.  This enables upstart jobs to do things like providing
compatibility with existing, shell-based /etc/default/* files than packages
are already using for daemon configuration; it enables rapid prototyping and
more flexible customization and iteration of upstart jobs for debugging and
development (because unlike the systemd developers, the upstart developers
aren't trying to sell anyone a bill of goods about how their existing units
are perfect and nothing will ever need to be patched downstream).  But there
is nothing in upstart that requires the use of scripts; anything that's done
using 'script' in an upstart job could equally be done with 'exec', or could
be built into a C daemon.

The fact that a set of typical startup operations are handled in upstart by
scripts is a design choice to not hard-code such policy into pid 1.  This
does not in any way speak to the complexity of the job file or unit file
syntax.

But this is ground that you and I have covered before, so I'm disappointed
to see this claim being repeated.

  https://lists.debian.org/debian-devel/2012/02/msg00896.html

-- 
Steve Langasek   Give me a lever long enough and a Free OS
Debian Developer   to set it on, and I can move the world.
Ubuntu Developerhttp://www.debian.org/
slanga...@ubuntu.com vor...@debian.org


signature.asc
Description: Digital signature

Re: Multi-Arch for plugin packages

2013-05-30 Thread Steve Langasek

On Thu, May 30, 2013 at 04:27:43PM +0100, Simon McVittie wrote:
  Anyone knows how Multi-Arch is handled for other similar plugin
  packages, other than gkrellm2 plugins?

 telepathy-mission-control-5 specifically isn't Multi-Arch, because I
 didn't want to do a small transition (Mission Control + Empathy) for no
 actual benefit.

 The only plugins that do benefit from being Multi-Arch are those that
 are loaded by more than one executable: glibc NSS modules, PAM modules,
 ALSA plugins, that sort of thing. These usually have enough
 reverse-dependencies that it's worth doing a gradual transition, by
 having the plugin-loader load from both locations.

Right.  The rule of thumb here should be to only put plugins to a multiarch
directory if the loader of the plugins is a library that it's interesting to
enable as Multi-Arch: same.

-- 
Steve Langasek   Give me a lever long enough and a Free OS
Debian Developer   to set it on, and I can move the world.
Ubuntu Developerhttp://www.debian.org/
slanga...@ubuntu.com vor...@debian.org


signature.asc
Description: Digital signature

Re: Debian systemd survey

2013-05-30 Thread Steve Langasek

On Thu, May 30, 2013 at 12:32:59PM +0100, Simon McVittie wrote:
 On 30/05/13 11:19, Marc Haber wrote:
  On Wed, 29 May 2013 13:10:57 -0700, Russ Allbery r...@debian.org
  wrote:
  Using an imperative language for a descriptive purpose is a bad mismatch
  of tools and has been ever since the practical effect of init scripts has
  become fairly standardized.

  Some init scripts in Debian build dynamic configuration before the
  daemon is started. It has grown to be an important part of conffile
  and configuration management for software that cannot by itself read
  its configuration in snippets from a foo.conf.d directory.

  I am not sure how we would handle that in a descriptive approach.

 My preferred answer is give the daemon better configuration handling,
 so you can get maximum benefit from having a declarative init, but if
 that isn't an option:

 systemd:
 ExecStartPre=/usr/share/myservice/hack-up-the-config.sh
 ExecStart=/usr/sbin/myservice

 Upstart:
 pre-start script
   # entirely untested, but [1] suggests that this might be right?
   /usr/share/myservice/hack-up-the-config.sh || { stop; exit 0; }
 end script
 script
   /usr/sbin/myservice
 end script

While you could do it this way, I think it would be better to do this:

  pre-start exec /usr/share/myservice/hack-up-the-config.sh
  exec /usr/sbin/myservice

No need to use 'script' if you're just running a single command (that just
forks a shell uselessly).  And for a pre-start that's not expected to fail
in the normal case, there's no need to worry about a clean stop of the job
from the pre-start; the only difference this makes is to whether upstart
tries repeatedly to start the job and hits the respawn limit, or whether the
job is stopped immediately when there's a failure.  So that's a trade-off
between a little bit of extra log spam, vs. spawning an extra shell.

 Or keep using a legacy sysvinit script (they'll have to remain supported
 for quite some time, at least in runlevels 2-5, for LSB if nothing
 else), or wrap the daemon in a shell script that does some initial setup
 and eventually exec()s the real daemon (like openarena-server).

Yes.  A lot of the people expressing concern about being forced to migrate
to non-sysvinit seem to be overlooking the fact that both upstart and
systemd provide backwards-compatibility for sysvinit scripts.  So changing
the default init comes with no obligation on maintainers to write
configuration files for the new thing before they're convinced of its
utility.

-- 
Steve Langasek   Give me a lever long enough and a Free OS
Debian Developer   to set it on, and I can move the world.
Ubuntu Developerhttp://www.debian.org/
slanga...@ubuntu.com vor...@debian.org


signature.asc
Description: Digital signature

Re: Switching to mozilla ESR in stable-security

2013-05-30 Thread Thomas Goirand

On 05/30/2013 09:29 PM, Stefano Zacchiroli wrote:
 On Thu, May 30, 2013 at 03:20:29PM +0200, Didier 'OdyX' Raboud wrote:
 Which web browsers would remain in stable if we applied this criterion
 consistently?

 Although that makes me very sad, if we (collectively) give up packaging 
 browser extensions (hence letting our users rely on third-party repositories 
 to get access to [non-]free binaries) and frozen browsers in stable, then 
 maybe the correct answer to your question is none.
 
 And do you think that would be the best outcome for Debian users? FWIW,
 I don't. I think the compromise that the security team is proposing is
 much more reasonable than such an alternative.

I agree with both Zack and Didier here.

Maybe the best way forward is to have backports activated by default
(there's already a patch available for that, not sure if it has been
applied to d-i yet). Then when installing a desktop (since backports are
now fully part of Debian), we could provide browsers from there (maybe
as a Recommends:, so it isn't forced into our users ?).

Thoughts?

Thomas


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/51a78c69.40...@debian.org

Re: X.509 and CA certificates for other purposes (i.e. the IGTF)

2013-05-30 Thread Daniel Pocock

On 30/05/13 13:19, Bastien ROUCARIES wrote:
 On Thu, May 30, 2013 at 12:50 PM, Dennis van Dok denni...@nikhef.nl wrote:
 On 26-05-13 20:02, Bastien ROUCARIES wrote:
 On Sat, May 25, 2013 at 2:27 PM, Charles Plessy ple...@debian.org wrote:
 Hi Dennis and everybody,

 somewhat related to this, I would like to know if there is a package that 
 could
 host Amazon's EC2 public certificate ?  In Ubuntu it is added to the 
 euca2ools
 package, because a program of this package can use it, but it is not part 
 of
 the upstream source (which is not Amazon), so I really would prefer to ship
 the certificate somewhere else.

 I proposed ca-certificates earlier, but the result was inconclusive.

 http://bugs.debian.org/573857

 Would there be a volunteer to maintain new package from scratch if needed ?
 Maybe crypto consolidation arround libnss will greatly help here.
 jessie release goal ?
 Could you elaborate on what it is you propose exactly, because I could
 interpret this in many different ways.
 See also https://fedoraproject.org/wiki/FedoraCryptoConsolidation


One of the GSoC project areas that did not go ahead covers this same
topic.  You can find some of the ideas by reading through the proposal I
put up and the responses from three students

http://wiki.debian.org/SummerOfCode2013/Projects#Improving_PKI_on_Debian

Some of it overlaps with what Fedora are discussing



-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/51a78d41.1070...@pocock.com.au

Re: Switching to mozilla ESR in stable-security