Re: Validating tarballs against git repositories

There are many important and useful things here, but I want to address this one point: On 2024-03-30 00:29, Russ Allbery wrote: > Antonio Russo writes: > >> If that's the case, could make those files at packaging time, analogous >> to the DFSG-exclude stripping process? >

Re: Validating tarballs against git repositories

On 2024-03-29 22:41, Guillem Jover wrote: > Hi! > > On Fri, 2024-03-29 at 18:21:27 -0600, Antonio Russo wrote: >> This is a vector I've been somewhat paranoid about myself, and I >> typically check the difference between git archive $TAG and the downloaded >> tar

Validating tarballs against git repositories

into the configure script. That modification could have been flagged using this kind of process. While this would be a lot of work, I believe doing so would require a much larger amount of additional complexity in orchestrating attacks against Debian in the future. Best, Antonio Russo

time_t transition and bugs

package-specific issues. Best, Antonio Russo OpenPGP_0xB01C53D5DED4A4EE.asc Description: OpenPGP public key OpenPGP_signature.asc Description: OpenPGP digital signature

Hyphens in man pages

Hello, I discovered a new pet peeve today: if you search for a command in a manual page, say -e in man 1 zgrep, it's a crapshot whether just searching for '-e' will find the command or not. The reason is that "-" may been accidentally encoded as ‐ instead of -. Now, depending on your email

Bug#1041718: ITP: keepassxc-proxy-client -- Library to access a running KeepassXC instance

Package: wnpp Severity: wishlist Owner: Antonio Russo X-Debbugs-Cc: debian-devel@lists.debian.org * Package name: keepassxc-proxy-client Version : 0.1.6 Upstream Contact: Henrik Böving * URL : https://github.com/hargoniX/keepassxc-proxy-client * License : ISC

Re: Dependency for pre-configure script

On 3/18/23 09:19, Russ Allbery wrote: > Antonio Russo writes: > >> Indeed, trying to install a package with a pre-depends on certbot that >> has a debconf debian/config file does not have certbot installed by the >> time the debconf script starts. This is on tes

Dependency for pre-configure script

Hello, I'm trying to perform a task during debian/package.config which requires another package to be installed. I initially thought pre-depends would be strong enough, because [1] describes it by: This field is like Depends, except that it also forces dpkg to complete installation of

Re: Question Re: Advertising in Packages

On 8/15/21 9:06 PM, Paul Wise wrote: > On Mon, Aug 16, 2021 at 2:22 AM Antonio Russo wrote: > >>"Can one advertise non-free services in a Debian package? >> Is doing so a violation of some Debian policy? > > There is no specific rule against this, but I

Question Re: Advertising in Packages

Hello, I have a question that I originally posed in debian-vote, but was directed here instead: "Can one advertise non-free services in a Debian package? Is doing so a violation of some Debian policy? Again, if this is the wrong venue, I'm sorry. The details are filed against

[OFFTOPIC] partially-trusted debs (was Bug#990521: I wonder whether bug ...)

On 7/1/21 7:38 PM, Jeremy Stanley wrote: > On 2021-07-02 01:24:09 + (+), Paul Wise wrote: >> >> For sophisticated users it isn't very hard to verify that packages >> don't do anything malicious as root. `apt install --download-only`, >> `dpkg-deb --raw-extract`, read the maintainer scripts

Kernel building question (Is -j8 safe and correct?)

Hello, I'm trying to build a Debian bullseye kernel (with KASAN enabled, but that's irrelevant). I'm following [1], and the critical command $ fakeroot make -f debian/rules.gen binary-arch_i386_none_real does not suggest using -j8 (or -jnumber_of_cores). 1. Is it safe to add -j8 ? 2. Will

Re: dovecot-antispam rebuild (or is there a way to automatically rebuild a package)

On 1/27/21 12:58 AM, Sebastian Ramacher wrote: > > For step 2 someone needs to request a binNMU > > reportbug release.debian.org -> binNMU > > See also https://wiki.debian.org/binNMU > > Best > Thank you (for the info, and processing the binNMU)! Antonio OpenPGP_0xB01C53D5DED4A4EE.asc

dovecot-antispam rebuild (or is there a way to automatically rebuild a package)

Hello, I'm watching dovecot's progress through unstable [1] and it's blocked by dovecot-antispam [2]. If I understand correctly, it's because dovecot-antispam depends on dovecot-abi-2.3.abiv11, which is not provided by the new version of dovecot-core (which instead provides a new abi virtual

Re: [FIXED] Re: Network and KDE lost after testing upgrade

On 1/11/21 9:52 PM, Xavier wrote: > > Hi, > > bug is fixed with libx11-6 2:1.7.0-2 (I don't know why) > > Cheers, > Xavier > Can you check your apt logs if libx11-xcb1 got out of sync? I ran into massive problems with almost everything X-related when libx11-xcb got ahead of libx11-6.

Accepted kcollectd 0.10.2-2 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sat, 30 Nov 2019 22:01:59 -0700 Source: kcollectd Architecture: source Version: 0.10.2-2 Distribution: unstable Urgency: medium Maintainer: Debian/Kubuntu Qt/KDE Maintainers Changed-By: Antonio Russo Changes: kcollectd (0.10.2-2

Accepted kcollectd 0.10.2-1 (source amd64) into unstable, unstable

-By: Antonio Russo Description: kcollectd - simple collectd graphing front-end for KDE Closes: 814935 874938 912460 927455 935485 939293 Changes: kcollectd (0.10.2-1) unstable; urgency=medium . * Update debian/control for inclusion in Qt/KDE. * Squash and clean up changelog/unreleased versions

Bug#942249: ITP: inkscape-ext-textext -- Re-editable LaTeX graphics for Inkscape

Package: wnpp Severity: wishlist X-Debbugs-CC: debian-devel@lists.debian.org * Package name: inkscape-ext-textext Version : 0.12.0~git36-gbbb55e6-1 Upstream Author : Jan Winkler * URL : https://textext.github.io/textext * License : AGPL * Vcs

Bug#941708: ITP: nextcloud-server -- Nextcloud folder synchronization tool (server)

Package: wnpp Severity: wishlist X-Debbugs-CC: debian-devel@lists.debian.org * Package name: nextcloud-server Version : 0.1.7 Upstream Author : Antonio Russo * URL : https://gitlab.com/aerusso/nextcloud-server-deb * License : AGPL * Vcs

Bug#891890: ITP: zfs-linux-git -- zfsonlinux packaging tracking git master

Package: wnpp Severity: wishlist X-Debbugs-CC: debian-devel@lists.debian.org --- Please fill out the fields below. --- Package name: zfs-linux-git Version: 0.8~ Upstream Author: Brian Behlendorf URL: http://www.zfsonlinux.org/ License: CDDL