Re: Q: Debian position on bundled libraries
Le jeudi 23 août 2018 à 06:59:45+0200, Alec Leamas a écrit : > [may I keep bundled libraries?] Hi Alec, Please note that I'm a little new to the Policy and these packaging questions, so my thoughts probably require to be confirmed by a more experimented person. Per Debian's Policy section 4.13[1], the embedding of a code from an other software packages should be avoided, unless the included package is explicitly intended to work this way. I'd say that as soon as there's no other way of having your package work (right, there's always another way, but my guess is that we don't expect someone to do hours of work that'll be a pain in the ass to maintain just for that, especially if the bundled library is a patched set of the original one) properly, it won't be a problem. That said, you'll have to reference properly the d/copyright file, and you should probably strip out all trivially out-strippable libraries that are already packaged in Debian or packageable by themselves. HTH. [1] https://www.debian.org/doc/debian-policy/ch-source.html#s-embeddedfiles -- Pierre-Elliott Bécue GPG: 9AE0 4D98 6400 E3B6 7528 F493 0D44 2664 1949 74E2 It's far easier to fight for one's principles than to live up to them. signature.asc Description: PGP signature
Re: salsa irker bot moved to ssl
Le jeudi 23 août 2018 à 07:01:21+0200, Alexander Wirt a écrit : > On Thu, 23 Aug 2018, Raphael Hertzog wrote: > > Hi, > > > On Sun, 29 Jul 2018, Alexander Wirt wrote: > > > in the face of the current spam attacks I implemented CertFP for my > > > irker instance. I also updated the default irc link in gitlab. However, > > > it is possible that every project using the bot has to migrate the server > > > setting to ssl. So if you miss messages from salsa bot, please check that > > > you > > > use ircs://irc.oftc.net:6697/ as server setting in the irker integration. > > > > > > > Can't you do a global update in the gitlab database to replace the old > > default value with the new default value ? > > > > I just noticed that we're lacking notifications for most of our packages > > in the pkg-security-team and the setup script we used[1] does not include > > the IRC URI explicitly so it would have to be fixed first and then I would > > have to rerun it on all our repositories. > > > > A simple SQL update query would save us a lot of time. Thank you for > > considering it. > Sure, do you have the query? And please ensure not to affect bots > running on other networks. Assuming the DB schema is the same on your instance (I don't see any reason why it wouldn't) Can you send me (the best would be in a file, but we may think about alternatives) the output of SELECT * FROM services WHERE type='IrkerService'; Cheers, -- Pierre-Elliott Bécue GPG: 9AE0 4D98 6400 E3B6 7528 F493 0D44 2664 1949 74E2 It's far easier to fight for one's principles than to live up to them. signature.asc Description: PGP signature
Re: salsa irker bot moved to ssl
On Thu, 23 Aug 2018, Raphael Hertzog wrote: Hi, > On Sun, 29 Jul 2018, Alexander Wirt wrote: > > in the face of the current spam attacks I implemented CertFP for my > > irker instance. I also updated the default irc link in gitlab. However, > > it is possible that every project using the bot has to migrate the server > > setting to ssl. So if you miss messages from salsa bot, please check that > > you > > use ircs://irc.oftc.net:6697/ as server setting in the irker integration. > > Can't you do a global update in the gitlab database to replace the old > default value with the new default value ? > > I just noticed that we're lacking notifications for most of our packages > in the pkg-security-team and the setup script we used[1] does not include > the IRC URI explicitly so it would have to be fixed first and then I would > have to rerun it on all our repositories. > > A simple SQL update query would save us a lot of time. Thank you for > considering it. Sure, do you have the query? And please ensure not to affect bots running on other networks. Alex signature.asc Description: PGP signature
Q: Debian position on bundled libraries
Dear list, Still investigating packaging opencpn[1]. In this context I have looked into the bundling [2]. Here is some libraries to unbundle; this could certainly could be done, However, the core issue is a few libraries which cannot realistically be unbundled. One example is mygdal, a heavily patched subset of the gdal package. So, before proceeding with this work I'd like to know how to handle a situation like this. Under what conditions (if any) is bundling actually OK? I deliberately avoid the "convenience copy" term used by the Policy Manual since i think the term bundled is more accurate here - the plain copies are not a problem. Cheers! --alec [1] https://opencpn.org/ [2] https://github.com/OpenCPN/OpenCPN/issues/1124
Re: salsa irker bot moved to ssl
Hi, On Sun, 29 Jul 2018, Alexander Wirt wrote: > in the face of the current spam attacks I implemented CertFP for my > irker instance. I also updated the default irc link in gitlab. However, > it is possible that every project using the bot has to migrate the server > setting to ssl. So if you miss messages from salsa bot, please check that you > use ircs://irc.oftc.net:6697/ as server setting in the irker integration. Can't you do a global update in the gitlab database to replace the old default value with the new default value ? I just noticed that we're lacking notifications for most of our packages in the pkg-security-team and the setup script we used[1] does not include the IRC URI explicitly so it would have to be fixed first and then I would have to rerun it on all our repositories. A simple SQL update query would save us a lot of time. Thank you for considering it. Cheers, [1] https://salsa.debian.org/mehdi/salsa-scripts/blob/master/irker.sh -- Raphaël Hertzog ◈ Debian Developer Support Debian LTS: https://www.freexian.com/services/debian-lts.html Learn to master Debian: https://debian-handbook.info/get/ signature.asc Description: PGP signature
Bug#906986: ITP: golang-github-xanzy-go-gitlab -- Simple and uniform GitLab API for Go
Package: wnpp Severity: wishlist Owner: Felix Lechner * Package name: golang-github-xanzy-go-gitlab Version : 0.10.8 Upstream Author : Sander van Harmelen * URL : https://github.com/xanzy/go-github/ * License : Apache-2.0 Programming Lang: Go Description : Simple and uniform GitLab API for Go This package provides a GitLab API that enables Go programs to interact with GitLab in a simple and uniform way. It covers most of the existing Gitlab API calls and is updated regularly to add new or missing endpoints. A golang library, it is a prerequisite for git-lab (#898246). The package will be maintained as part of the go-team on Salsa. Thank you!
Bug#906983: ITP: gr-dab -- Gnuradio blocks and tools for receiving DAB and DAB+ radio
Package: wnpp Severity: wishlist Owner: Ruben Undheim * Package name: gr-dab Version : 0.1? (to be released) Upstream Author : Andreas Müller, Moritz Luca Schmid etc. * URL : https://github.com/andrmuel/gr-dab * License : GPL-3+ Programming Lang: C++, Python Description : Gnuradio blocks and tools for receiving DAB and DAB+ radio gr-dab contains necessary DSP blocks for receiving DAB and DAB+ transmissions using a software defined radio such as hackrf, rtl-sdr, USRP etc. Currently, I plan to maintain it myself, but it may also fit in the Hamradio Maintainers Team with other GNU radio packages.
Migrating away from ucf without dpkg prompting
Hello, I am working on fixing bug #905178 which is caused by moving away from using ucf to manage /etc/default/apt-cacher back to handling it as a standard dpkg conffile. I have a working solution which avoids unnecessary prompting. This is to remove the ucf version of the file in the preinst unless it is modified. dpkg then installs the new version without prompting. Can I check that this is the correct way to address it, or should I take an alternative approach? Many thanks. Mark
Bug#906930: ITP: prometheus-trafficserver-exporter -- Prometheus exporter for Apache Traffic Server
Package: wnpp Severity: wishlist Owner: Emanuele Rocca * Package name: prometheus-trafficserver-exporter Version : 0.0.2 Upstream Author : Greg Dallavalle * URL : https://github.com/gdvalle/trafficserver_exporter * License : Apache-2.0 Programming Lang: Python Description : Prometheus exporter for Apache Traffic Server prometheus-trafficserver-exporter is an Apache Traffic Server metrics exporter for Prometheus. It uses the stats_over_http Traffic Server plugin to translate JSON data into Prometheus format.
Re: headsup - various redis modules now proprietary!
Hi Robert, > RedisLabs have changed the license of various modules to be > incompatible with DFSG guideline 6: the 'Common Clause' rider. > > https://redislabs.com/community/commons-clause/ > > Some examples - redis-timeseries, redisearch, rejson, [..] Filed RC bug for src:redisearch as #906920. As I understnd it, the Redis server itself will remain BSD. Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-
Re: Bug#906907: ITP: pw -- A simple command-line password manager
On Wed, 22 Aug 2018 09:49:28 +0200, Dashamir Hoxha wrote: >On Wed, Aug 22, 2018 at 9:09 AM Carsten Schoenert >wrote: >> This is the third ITP about 'pw'. The last one has produced a longish >> thread on d-d. >> >> https://lists.debian.org/debian-devel/2018/07/msg00199.html >> >> The information about this new ITP says nothing about the addressed >> concerns from the last one. What has been changed since then that would >> qualify this ITP to been accepted into the archive? >> > >It is actually the second attempt, because the first request had a mistake >in the subject format and was quickly replaced by the second one. You should make yourself familiar with how the BTS works. It allows magically to rename a bug, and to close and re-open bugs. -- -- !! No courtesy copies, please !! - Marc Haber | " Questions are the | Mailadresse im Header Mannheim, Germany | Beginning of Wisdom " | Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 621 72739834
Re: Q: Where is keyring packaging guideline?
Hi, 2018年8月21日(火) 14:39 Paul Wise : > > On Tue, Aug 21, 2018 at 1:21 PM, Kentaro Hayashi wrote: > > > I want to make 3rd party keyring package (ITP). In the advance, I > > want to know a best practice about *keyring* packaging. Any hints? > > There are some best practices for using 3rd party apt repos here: > > https://wiki.debian.org/DebianRepository/UseThirdParty Thanks! I've not checked it, so it is very helpful. It seems that what I want exactly. > > sudo apt install -y -V --allow-unauthenticated foobar-keyring > > This is reasonable because there is no correct key yet before > > installing it. > > I don't think this is appropriate at all. Instead, always use an > out-of-band mechanism for confirming the appropriate OpenPGP keys. > Having the keyring package in Debian itself is a good idea, but at > very bare minimum, download the key or fingerprint from a website that > uses a valid TLS certificate according to the X.509 CA trust model. I know that it is not appropriate way, but I didn't know that wiki page [1] at that time. [1] https://wiki.debian.org/DebianRepository/UseThirdParty > > So, I plan to make one more 3rd party keryring into Debian.> > That seems like a reasonable way to provide a secure mechanism to install it. Now I understand that it is good enough to follow the instruction on wiki content about 3rd party repository. [1] No need to do 3rd party keyring ITP in this case. Thanks for all kindly advice! -- Kentaro Hayashi
Bug#906913: ITP: golang-github-j-keck-arping -- library to ping a host per arp datagram or query a host mac address
Package: wnpp Severity: wishlist Owner: Dmitry Smirnov X-Debbugs-CC: debian-devel@lists.debian.org, pkg-go-maintain...@lists.alioth.debian.org Control: affects -1 golang-github-appc-cni Package name: golang-github-j-keck-arping Version: 0.0~git20160618 Upstream Author: Jürgen Keck License: Expat URL: https://github.com/j-keck/arping Vcs-Browser: https://salsa.debian.org/go-team/packages/golang-github-j-keck-arping Description: library to ping a host per arp datagram or query a host mac address arping is a native go library to ping a host per arp datagram or query a host mac address. signature.asc Description: This is a digitally signed message part.
Re: Bug#906907: ITP: pw -- A simple command-line password manager
On Wed, Aug 22, 2018 at 9:09 AM Carsten Schoenert wrote: > This is the third ITP about 'pw'. The last one has produced a longish > thread on d-d. > > https://lists.debian.org/debian-devel/2018/07/msg00199.html > > The information about this new ITP says nothing about the addressed > concerns from the last one. What has been changed since then that would > qualify this ITP to been accepted into the archive? > It is actually the second attempt, because the first request had a mistake in the subject format and was quickly replaced by the second one. I have already replied this question here: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906907#20 In short, I have fixed the problem that was pointed out and I have also made some other small changes/improvements. I can also provide links to commits and changes if needed. > Am 22.08.18 um 06:32 schrieb Dashamir Hoxha: > > Package: wnpp > > Severity: wishlist > > > > Description: > > A simple command-line password manager that keeps passwords inside a > > gpg encrypted tgz archive. The content of the archive is a directory > tree > > with a file for each password entry. The first line of the file is the > > password, and the rest can optionally be additional or related info. > > It provides commands for manipulating the passwords, allowing the user > > to add, remove, edit, generate passwords etc. > > > > Repository: https://gitlab.com/dashohoxha/pw > > Documentation: https://dashohoxha.gitlab.io/pw/man/ > > > > https://bugs.debian.org/903814 > https://bugs.debian.org/903814 > https://bugs.debian.org/906907 > > -- > Regards > Carsten Schoenert >
Re: headsup - various redis modules now proprietary!
On Wed, Aug 22, 2018 at 01:02:30PM +1200, Robert Collins wrote: > RedisLabs have changed the license of various modules to be > incompatible with DFSG guideline 6: the 'Common Clause' rider. > > https://redislabs.com/community/commons-clause/ "Therefore, the no-sale restriction imposed by Commons Clause means that any software under this new license is non-open source by definition. However, in practice, Commons Clause only adds a limitation concerning fair use, and we believe that both licensing approaches share the same core value of making software available for use by anyone." Looks like everybody loses. -- WBR, wRAR signature.asc Description: PGP signature
Re: Bug#906907: ITP: pw -- A simple command-line password manager
This is the third ITP about 'pw'. The last one has produced a longish thread on d-d. https://lists.debian.org/debian-devel/2018/07/msg00199.html The information about this new ITP says nothing about the addressed concerns from the last one. What has been changed since then that would qualify this ITP to been accepted into the archive? Am 22.08.18 um 06:32 schrieb Dashamir Hoxha: > Package: wnpp > Severity: wishlist > > Description: > A simple command-line password manager that keeps passwords inside a > gpg encrypted tgz archive. The content of the archive is a directory tree > with a file for each password entry. The first line of the file is the > password, and the rest can optionally be additional or related info. > It provides commands for manipulating the passwords, allowing the user > to add, remove, edit, generate passwords etc. > > Repository: https://gitlab.com/dashohoxha/pw > Documentation: https://dashohoxha.gitlab.io/pw/man/ > https://bugs.debian.org/903814 https://bugs.debian.org/903814 https://bugs.debian.org/906907 -- Regards Carsten Schoenert
