Bug#927909: ITP: golang-github-gcla-deep -- Golang deep variable equality test that returns human-readable differences

[Dawid Dziurla]

Package: wnpp
Severity: wishlist
Owner: Dawid Dziurla 

* Package name: golang-github-gcla-deep
  Version : 1.0.2-1
  Upstream Author : Graham Clark, Daniel Nichter
* URL : https://github.com/gcla/deep
* License : Expat
  Programming Lang: Go
  Description : Golang deep variable equality test that returns 
human-readable differences

 Deep Variable Equality for Humans.
 .
 This package provides a single function: deep.Equal. It's like
 reflect.DeepEqual (http://golang.org/pkg/reflect/#DeepEqual) but
 much friendlier to humans (or any sentient being) for two reason:
  • deep.Equal returns a list of differences
  • deep.Equal does not compare unexported fields (by default)
 .
 This is a fork of go-test/deep package with an additional feature.
 .
 Message from author about changes made in fork:
 Some packages may require Equal()'s parameters to be set in a
 particular way that is incompatible with other users within
 the same program. The global configuration parameters can be
 changed and restored, but this could lead to bugs due to race
 conditions. This commit makes the parameters that control
 Equal()'s operation part of a structure, Comparer, for which
 Equal() is now a method. Users can configure their own
 Comparer struct if desired. To preserve the existing package
 interface, the package-level Equals() method will use a
 default Comparer object that relies on pointers to the current
 global configuration parameters (pointers so that the
 operation of the global Equals() function will change
 immediately upon changing the value of any global
 configuration setting).

This package in the dependency tree of upcoming "termshark" package (#927799).

Bug#927899: ITP: cage -- A Wayland kiosk

[Birger Schacht]

Package: wnpp
Severity: wishlist
Owner: Birger Schacht 

* Package name: cage
  Version : 0.1
  Upstream Author : Jente Hidskes
* URL : https://www.hjdskes.nl/projects/cage/
* License : MIT
  Programming Lang: C
  Description : A Wayland kiosk

Cage is a kiosk compositor for Wayland. A kiosk is a window manager (in
the X11 world) or compositor (in the Wayland world) that is designed for
a user experience wherein user interaction and activities outside the
scope of the running application are prevented. That is, a kiosk
compositor displays a single maximized application at a time and
prevents the user from interacting with anything but this application.

Bug#927898: ITP: rsendmail -- safer sendmail command to send email without passwords, over SSH

[Antoine Beaupre]

Package: wnpp
Severity: wishlist
Owner: Antoine Beaupre 

* Package name: rsendmail
  Version : 1.0.1
  Upstream Author : Antoine Beaupré 
* URL : https://gitlab.com/anarcat/rsendmail/
* License : AGPLv3
  Programming Lang: Python
  Description : safer sendmail command to send email without passwords, 
over SSH

This command aims at replacing the builtin sendmail command which
gives too much privileges to the caller. For example, Postfix's
sendmail(1) command can list the mail queue (-bp), rehash the alias
database (-bi), start a daemon (-bl, -bd), or flush the queue (-q);
all remnants of the old Sendmail binary, which probably is
turing-complete on its own.

It's a mess. All I want to do is to easily queue up mails on a remote
system without giving any extra privileges to the remote system. In
turns, this makes configuring a satellite system like a laptop or a
workstaiton as simple as adding an SSH key to be added to an
authorized_keys file. That key can then send email, but only send
email: no shell access or server management.

This can of course be accomplished by a regular SMTP client, but that
requires passwords, and passwords are weak.



So I built the above already. I didn't think of packaging it for
Debian until someone said "oh i'm not going to use this because it's
not in Debian", so here we are.

This is what I like to describe as "modern UUCP", more or
less. Instead of relying on SMTP for transport, I rely on SSH, which
brings a bunch of interesting properties. I am not aware of anything
like that currently in the archive.

I would be happy to co-maintain it with the relevant Python team but
maybe it's better if I just maintain my own stuff too. :)

Bug#927897: ITP: golang-github-gcla-gowid -- Compositional widgets for terminal user interfaces, inspired by urwid

[Dawid Dziurla]

Package: wnpp
Severity: wishlist
Owner: Dawid Dziurla 

* Package name: golang-github-gcla-gowid
  Version : 1.0.0-1
  Upstream Author : Graham Clark
* URL : https://github.com/gcla/gowid
* License : Expat
  Programming Lang: Go
  Description : Compositional widgets for terminal user interfaces, 
inspired by urwid

 Gowid provides widgets and a framework for making terminal user
 interfaces. It's written in Go and inspired by urwid (http://urwid.org).
 .
 Widgets out-of-the-box include:
  • input components like button,
checkbox and an editable text field with support for passwords
  • layout components for arranging widgets in columns, rows and a grid
  • structured components - a tree, an infinite list and a table
  • pre-canned widgets - a progress bar, a modal dialog, a bar graph and a menu
  • a VT220-compatible terminal widget, heavily cribbed from urwid
 .
 All widgets support interaction with the mouse when the terminal allows.
 .
 Gowid is built on top of the fantastic tcell
 (https://github.com/gdamore/tcell) package.
 
This package in the dependency tree of upcoming "termshark" package (#927799).

Bug#927895: ITP: golang-github-go-test-deep -- Golang deep variable equality test that returns human-readable differences

[Dawid Dziurla]

Package: wnpp
Severity: wishlist
Owner: Dawid Dziurla 

* Package name: golang-github-go-test-deep
  Version : 1.0.1-1
  Upstream Author : Daniel Nichter
* URL : https://github.com/go-test/deep
* License : Expat
  Programming Lang: Go
  Description : Golang deep variable equality test that returns 
human-readable differences

 Deep Variable Equality for Humans.
 .
 This package provides a single function: deep.Equal. It's like
 reflect.DeepEqual (http://golang.org/pkg/reflect/#DeepEqual) but
 much friendlier to humans (or any sentient being) for two reason:
  • deep.Equal returns a list of differences
  • deep.Equal does not compare unexported fields (by default)
  
This package in the dependency tree of upcoming "termshark" package (#927799).

Bug#927894: ITP: golang-github-guptarohit-asciigraph -- Make lightweight ASCII line graph in CLI apps with no other dependencies

[Dawid Dziurla]

Package: wnpp
Severity: wishlist
Owner: Dawid Dziurla 

* Package name: golang-github-guptarohit-asciigraph
  Version : 0.4.1-1
  Upstream Author : Rohit Gupta
* URL : https://github.com/guptarohit/asciigraph
* License : BSD-3-clause
  Programming Lang: Go
  Description : Make lightweight ASCII line graph in CLI apps with no other 
dependencies

 This package is a Golang port of library asciichart
 written by @kroitor (https://github.com/kroitor).
 .
 Console ASCII line charts in pure Golang with no dependencies.
 
This package in the dependency tree of upcoming "termshark" package (#927799).

Bug#927869: ITP: python-webvtt -- Read, write and segment WebVTT caption files

[Michael Fladischer]

Package: wnpp
Severity: wishlist
Owner: Michael Fladischer 

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

* Package name: python-webvtt
  Version : 0.4.2
  Upstream Author : Alejandro Mendez 
* URL : https://github.com/glut23/webvtt-py/
* License : Expat
  Programming Lang: Python
  Description : Read, write and segment WebVTT caption files

 Python module for reading/writing WebVTT caption files. It also features
 caption segmentation useful when captioning HLS videos.
 .
 Converting captions from other formats is supported for:
  * SubRip (.srt)
  * YouTube SBV (.sbv)

I do intend to maintain this package as part of DPMT.

-BEGIN PGP SIGNATURE-

iQFFBAEBCgAvFiEEqVSlRXW87UkkCnJc/9PIi5l90WoFAlzATVsRHGZsYWRpQGRl
Ymlhbi5vcmcACgkQ/9PIi5l90Wq/qAf/UjH/hUjkZdSFx7Cyi3YqPWC1itkFLKEi
DmkiG7i/98XsHsntOvzhKpcVmwm7bhy0e/T3TPO8GKmD8F/2QEty0ypFFKSv9RXB
QTdvbIDUkNVOPT2B7yBN1cTPb1s6CFpOUAKXG4//LhpN4RpfU0yDqNoOSLGgOlu6
nXkFMMuTNrwj1MyyE46LjhyZZQ8yW+dPzCJ9LEJf5hKOmdqz4+vJslEOj732rLKk
IQOnNYDa5LNcinHbIYzxluYJv/26bLOZaDkMYwus0KGwbD/BqlLPMvubh5viJT/O
eBCQbUKpRWHQb6Cmvdj67M3rA1ntwE3EqNE+mK9yz4pSiacnRkomeQ==
=JcuJ
-END PGP SIGNATURE-

Re: Bug#927725: Please build with --enable-mmdblookup

[Dmitry Smirnov]

On Tuesday, 23 April 2019 7:12:17 PM AEST Michael Biebl wrote:
> Maybe it would even make sense to fold rsyslog-relp, rsyslog-gnutls and
> rsyslog-gssapi into this rsyslog-extras package.

I'd say that IMHO relp should be in the core package. I always have it on all 
my machines and it is the most used/useful extension for centralized logging.

-- 
Regards,
 Dmitry Smirnov.

---

If liberty means anything at all, it means the right to tell people what
they do not want to hear.
-- George Orwell


signature.asc
Description: This is a digitally signed message part.

Bug#927866: ITP: node-re2 -- Node.js bindings for RE2, a fast and safe regular expression engine

[Jérémy Lal]

Package: wnpp
Severity: wishlist
Owner: Jérémy Lal 

* Package name: node-re2
  Version : 1.8.4
  Upstream Author : Eugene Lazutkin  
(http://lazutkin.com/)
* URL : http://github.com/uhop/node-re2
* License : BSD-3-Clause
  Programming Lang: JavaScript
  Description : Node.js bindings for RE2, a fast and safe regular 
expression engine

This package provides bindings to a safer alternative to the native
JavaScript regular expression engine, without supporting features
that are targets for Denial-Of-Service attacks, like backreferences
and lookahead assertions.

It is particularly of interest because Regular Expression Denial of Service
plagues v8, the JavaScript engine at the core of Node.js and Chromium:

https://snyk.io/vuln/SNYK-UPSTREAM-NODE-72328
https://bugs.chromium.org/p/v8/issues/detail?id=287
https://github.com/nodejs/node/issues/9337

Re: Hurd-i386 and kfreebsd-{i386,amd64} removal

[Joerg Jaspert]

On 15381 March 1977, Aurelien Jarno wrote:


> It would be nice to have a bit more than 2 weeks to do all of that.
Ok. How much? Is 6 or 8 weeks better? I don't think, given how long this
is on the table already, it doesn't make much difference if its 2 or 8.
Just something thats clear defined and not some random, non-clear
"sometime in the future" point.

The hurd-i386 architecture has been moved to to debian-ports yesterday.
I hope it shows the willingness to do that. Please give us at least 4
more weeks to do the remaining kfreebsd-*. That will provide some margin
to account for the non-infinite free time to work on that (especially in
the freeze period) and possibly to get more disk space for the
debian-ports machine.


Thats ok, end of May is a nice point to take.

Thanks for the work and the timeframe for the rest!

--
bye, Joerg

Re: Bug#927725: Please build with --enable-mmdblookup

[Guillem Jover]

On Tue, 2019-04-23 at 19:35:50 -0500, John Goerzen wrote:
> On Tue, Apr 23 2019, Michael Biebl wrote:
> > Am 23.04.19 um 11:12 schrieb Michael Biebl:
> >> But splitting each tiny module into a separate package adds significant
> >> overhead packaging-wise.
> >
> > (not to forget NEW round trips)
> 
> What about an approach like exim4-daemon-light vs. exim4-daemon-heavy?
> Maybe have two rsyslogs, one of which has all the deps enabled and the
> other doesn't.

I don't think this makes sense here, as following the exim example
would seem to imply shipping the rsyslog binary twice, which is not
necessary as it supports actual plugins compared with exim.

Thanks,
Guillem

Re: Bug#927725: Please build with --enable-mmdblookup

[Guillem Jover]

On Wed, 2019-04-24 at 04:39:50 -0400, Anthony DeRobertis wrote:
> On 4/23/19 5:12 AM, Michael Biebl wrote:
> > My main concern is to keep the rsyslog core package reasonably small
> > (dependency wise).

I think either a new package for this plugin or a conglomerate package
with extra stuff sound good. Also nothing says there cannot be both,
say based on expected use or size of pulled dependencies.

> If you check 
> ,
> note that a Depends is only required if "the depended-on package is required
> for the depending package to provide a significant amount of functionality".
> That, taken together with the tools typically installing Recommends by
> default, means you can make the libraries Recommends, not Depends. Or maybe
> even as Suggests.
> 
> Ideally, rsyslog would give a nice error if it fails to load a plugin due to
> a missing shared library, but even without that you can just mention needing
> to install Recommends and/or Suggests to use various optional plugins in the
> package extended description, README.Debian, etc.

I don't think this is well suited at all for plugins. The failure mode
of a missing shared library is actually the nice one, the real problem
here is if there's some kind of versioned ABI dependency (not represented
via versioned symbols), which might make the plugin load but misbehave
afterwards.

Conditional loading of external shared libraries is not a very robust
way to integrate software. When upstreams go to the trouble of doing
it properly via plugins (as is the case here), the split boundary for
such plugins should really always be the plugins themselves (if a
split is desired at all), because the program has intimate knowledge
about the ABI between itself and its plugins.

That policy section might deserve some clarification too.

Thanks,
Guillem

Re: Bug#927725: Please build with --enable-mmdblookup

[Sam Hartman]

> "John" == John Goerzen  writes:

John> On Tue, Apr 23 2019, Michael Biebl wrote:

>> Am 23.04.19 um 11:12 schrieb Michael Biebl:
>> 
>>> But splitting each tiny module into a separate package adds
>>> significant overhead packaging-wise.
>> 
>> (not to forget NEW round trips)

John> What about an approach like exim4-daemon-light
John> vs. exim4-daemon-heavy?  Maybe have two rsyslogs, one of which
John> has all the deps enabled and the other doesn't.

Speaking entirely as an individual only vaguely familiar with the
situation.  I think that for rsyslogd a -extras package makes more
sense.  I don't think the deps have much of a cost if you don't install
them.

--Sam

Re: Bug#927725: Please build with --enable-mmdblookup

[Anthony DeRobertis]

On 4/23/19 5:12 AM, Michael Biebl wrote:


My main concern is to keep the rsyslog core package reasonably small
(dependency wise).



If you check 
, 
note that a Depends is only required if "the depended-on package is 
required for the depending package to provide a significant amount of 
functionality". That, taken together with the tools typically installing 
Recommends by default, means you can make the libraries Recommends, not 
Depends. Or maybe even as Suggests.


Ideally, rsyslog would give a nice error if it fails to load a plugin 
due to a missing shared library, but even without that you can just 
mention needing to install Recommends and/or Suggests to use various 
optional plugins in the package extended description, README.Debian, etc.


(Of course, this does make the packaging a bit more complicated, since 
you'll need to add some -d options to your dpkg-shlibdeps call. Probably 
easier than even more extra packages, though.)

Zaprojektuję i wykonam dla Ciebie Stronę lub Sklep WWW.

[Creative Team | Strony,Sklepy WWW]

Dzień dobry,



widoczność w sieci jest nieodzownym elementem każdego biznesu.



Mamy świadomość, jak ważna jest* Strona i Sklep internetowy* przy prowadzeniu 
własnej firmy.



Z nadzieją, na możliwość przedstawienia Państwu naszej propozycji na ten temat, 
prosimy o przesłanie wiadomości zwrotnej: *TAK*. 



Creative Team | Strony, Sklepy Online