ts.debian.org/debian-security-tools/2021/01/msg00018.html
Thanks for your contribution :)
--
Samuel Henrique
merge and leave it in debian/master, to be uploaded
as soon as the freeze is gone.
Cheers,
--
Samuel Henrique
Hello Arnaud,
I believe you mentioned you were interested in reviewing this upload,
do you still have plans to do it?
I can help but I wanted to avoid duplication of work.
Thanks,
--
Samuel Henrique
, it might
take a few days.
If you have a request pending a response for at least 2 weeks, please
let me know and I'll prioritize it.
I've sent you a private reply before, as I was busy, but now I've got
enough time to catch up with the backlog, sorry for that.
Regards,
--
Samuel Henrique
Hello Sven,
> Please re-assign me to the proxytunnel project.
Done, I've set the new expiration date to be end of 2022.
Regards,
--
Samuel Henrique
Hello Francisco,
> I'm looking for a sponsor for a new package, stegseek [1].
>
> Please, could you review and upload it for the experimental?
Uploaded, thanks for working on it :)
Cheers,
--
Samuel Henrique
ency set to medium and without regressions).
I'm actually not being exactly correct on this again, so please refer
to the official doc at:
https://release.debian.org/bullseye/freeze_policy.html
We can still upload "Only small, targeted fixes" up until at least 2021-03-12.
Cheers,
--
Samuel Henrique
gt; Would the jumbo patch have to go through NEW? I only see john,
> john-data and john-dbgsym in Kali (i.e. same package names as in
> Debian).
Oh noes, that was a brainfart, the actual deadline is 2021-02-12 (only
small changes allowed after this date), still not enough time though.
Cheers,
--
Samuel Henrique
Hello Sven,
> According to https://ftp-master.debian.org/dm.txt I am still missing DM
> permissions for ed2k-hash. Would you please check this?
I had forgotten about it, it's done now, thanks for the heads up!
Cheers,
--
Samuel Henrique
an easy change.
* testing will have to be extensive, considering the scope of the
changes and how john has all sorts of tweaks for different
architectures
> In other news: I just uploaded plaso with the last RC bug fixed.
Great, thanks for joining the team :)
--
Samuel Henrique
ation-awesome-scripts-suite" also provides a
script for Windows but I guess there's not much use for us (only if we
want to package as a payload).
Cheers,
--
Samuel Henrique
it will be, so feel free to ask for
help.
Considering we have until around Friday to make it to bullseye, I can
spend some extra time on it to make it happen (if it's feasible, of
course).
Cheers,
[0] https://gitlab.com/kalilinux/packages/john
--
Samuel Henrique
ys to
> migrate).
I miscalculated it, we have until around this Friday for the uploads
to reach testing (if urgency set to medium and without regressions).
Cheers,
[0] https://github.com/verbnetworks/arpwitch
--
Samuel Henrique
.
Once again, thanks for your work :)
--
Samuel Henrique
days left for this work (for the packages that take 10 days to
migrate).
Cheers,
[0] https://release.debian.org/bullseye/freeze_policy.html
[1] For which in one case I could patch upstream to enable a "rootless build"
--
Samuel Henrique
Hello Aleksey,
> [1] https://salsa.debian.org/pkg-security-team/libpff
Awesome, uploaded, I will give you DM permissions once the package
hits the archive,
Thanks for your work!
--
Samuel Henrique
see the last 3 uploads were done by you (since 2018) and you have
been doing a good amount of work there.
Cheers :)
--
Samuel Henrique
Hello Aleksey,
> Could you, please, give me DM upload rights for rhash?
Done! Thanks for your work!
It should take a few minutes for the permissions to take effect, you
will receive an email once it's done
--
Samuel Henrique
> upload to unstable right away.
>
> We don't have to care about programs manually compiled by the user, those
> are outside of our control. And honestly, we're not speaking of a popular
> library here so...
Agreed and uploaded!
--
Samuel Henrique
t to hear, I don't really remember how much is still missing to
be done as I know you pushed more changes.
I take it that since you still have intent, and packaging is on salsa, the
rest of the team is free to help on any changes needed and hopefully we can
make it reach bullseye :)
Cheers,
--
Samuel Henrique
ded, have a good weekend :)
--
Samuel Henrique
Thanks for that Raphaƫl and Unit193 :)
--
Samuel Henrique
Hello Christian,
I hope you are doing well,
I'm sending a ping on this thread as we are getting closer to the bullseye
freeze, but there's still time to get this package on it.
Regards,
--
Samuel Henrique
ust the binNMUs are fine.
Views from the rest of the team are welcome :)
Regards,
--
Samuel Henrique
create a bug against release.debian.org and wait for the ACK
for the upload (freel free to CC me). I suggest taking a look at the
current open bugs to look for examples.
Thanks for your work :)
--
Samuel Henrique
; the backwards compatibility
breakage, the risk here being that things built outside our official
repos might inadvertently break when linked against the new package.
In the end, if upstream does not provide a new release with a bump, we
will have to evaluate which will be the alternative with less
downsides.
Regards,
--
Samuel Henrique
ing the whole section and please feel free to reach
out to me or to the list if you have any questions,
Thanks for your work
--
Samuel Henrique
Francisco, can you ask to join the team through Salsa?
Thanks,
--
Samuel Henrique
,
--
Samuel Henrique
,
--
Samuel Henrique
is sleuthkit itself.
Regards,
--
Samuel Henrique
Hello Aleksey,
Given that I knew I wouldn't need to ask for any changes in your
upload, I let this review request skip ahead of my TODO list.
Uploaded.
Just a reminder (I believe I said it before), please apply for DM, I
would be happy to advocate for you :)
Thanks,
--
Samuel Henrique
rease the security and
reliability of the binaries.
Typos:
Just in case you've missed it; lintian spotted a few typos on the
project, you might wanna fix that or log a ticket. Please note that
this is definitely not a blocker and can be addressed in the future, I
just wanted to report them out.
Alright, I believe that's it, I tried to perform an in-depth review
since it's the first contribution to the team and some of the things
here are not blockers, please feel free to discuss any of the topics.
Thank you for your work and contributions :)
Regards,
--
Samuel Henrique
but they happen
because the submodule is a library that should be packaged separately.
Not all libraries need/should be packaged separately, but some do, so
it's on a per case basis.
I will review the package soon, so I will be able to give a more
specific feedback,
Thanks for your work,
--
Samuel Henrique
ood chunk of policy violations.
Llintian gets called on salsa-ci automatically (together with some
other tools to check package issues) and it's also a good idea to make
sure you run it when building the package locally (if you don't
already) so you can catch the issues before pushing.
Rrgards,
-
in the repo, it will run when a
debian/salsa-ci.yml file gets pushed.
--
Samuel Henrique
not a DD, anybody will be happy to extend it.
Tell me if you're still having issues,
Regards,
--
Samuel Henrique
.
Sven, you did a very good job on the package and I gave you DM
permission so you can work on the new upstream release
"v1.10.20200507" that happened a few days ago :)
Regards,
--
Samuel Henrique
nds to ftp-master
Guess you can do this one yourself now, happy uploading :)
Regards,
--
Samuel Henrique
to push changes, you can take this opportunity to
also bump DH13.
I believe that's all, you did a very good job with the package and
I'll be happy to upload it after you solve these small issues.
Thanks for your work.
Regards,
--
Samuel Henrique
Hey,
Sorry is taking me so long to review, but I will get to it before the
end of the week,
As usual, if someone has the time, feel free to do it before me.
Regards,
--
Samuel Henrique
package, it's very interesting
and I will try it out myself for some domains I own, the autopkgtest
also leads to some interesting results, hahaha.
Thanks for your work
--
Samuel Henrique
just ask someone to bump the
expiration for you.
--
Samuel Henrique
Hi all,
> Thus I'm really tempted to grant commit rights.
>
> What do you think?
I think it's a good idea as well.
--
Samuel Henrique
doing soon).
> Thank you for your patience and your precious help Samuel.
You're welcome, I'm happy to help.
Package uploaded, keep up the good work :)
--
Samuel Henrique
Regards,
--
Samuel Henrique
r you pick.
Also, thanks for your inputs Marcos and Julian,
Regards,
--
Samuel Henrique
why, but this case is very rare from
what I've seen.
Regards,
--
Samuel Henrique
how to address it.
3) "I: brutespray source: out-of-date-standards-version 4.4.1
(released 2019-09-29) (current is 4.5.0)" Please take a look at the
Debian policy upgrade checklist and bump the version to 4.5.0.
Thanks for your work on the package!
[0] https://lintian.debian.org/tags/rules-req
it's not as precise as having the
commit id.
The package is also not building for me, and I believe it's a general
issue, it's better if you take a look at that before we push it to the
team's repo as you can freely mess with the git history for now.
Thanks for your work,
--
Samuel Henrique
er with fingerprint
3DF5E8AA43FC9FDFD086F195ADF50EDAF8ADD585
Uploading samueloph-1585779012.dak-commands to ftp-master
Done :)
Feel free to ping the list, or me, if you have any trouble.
Regards,
--
Samuel Henrique
Hello all,
On Sun, 9 Feb 2020 at 00:25, Samuel Henrique wrote:
>
> I ended up not doing it before the end of FOSDEM, but will do it soon (in
> 7 days time),
>
> Thanks. It would be nice to have a script to configure our repositories
>> with that kind of change.
date
> https://gitlab.com/kalilinux/tools/packaging/tree/master/auto-update.d
>
> Feel free to re-use adapt and make it available in the pkg-security-team
> repo:
>
That' s great, will do it.
Regards,
--
Samuel Henrique
= False
[dch]
multimaint-merge = True
Regards,
--
Samuel Henrique
Hello Adrian,
It's very likely that the pipeline never worked for them and that you were
the first one to trigger it.
I can't confirm right now but I would say don't worry about it.
Regards
Hello Sven,
I believe you forgot to push the pristine-tar branch, can you do it?
Regards,
--
Samuel Henrique
.
>
+1, and it also hides the file from the salsa wgui, which is not that much
of a big
deal, but in an similar pro/cons scenario I would rather have it in
debian/gbp.conf.
[0]
https://salsa.debian.org/salsa-ci-team/pipeline#skipping-the-whole-pipeline-on-push
--
Samuel Henrique
e if I'm
wrong.
So the updated proposal would be (drop export-dir and cleaner):
[DEFAULT]
debian-branch = debian/master
pristine-tar = True
[buildpackage]
sign-tags = True
[import-orig]
filter-pristine-tar = True
[pq]
patch-numbers = False
[dch]
multimaint-merge = True
Regards,
--
Samuel Henrique
DM only one advocate is required, more is better, sometimes other
people from the team might do it when they see your application, or you
might ask them directly, but you already have the required number of
advocates so you can start the process as soon as you want, it's your
call now to wait or not :)
Regards,
--
Samuel Henrique
should be DM/DDs already.
PS.: If you've been contributing to the team for some time and
you feel like you're ready to become a DM/DD, feel free to ping
whoever worked more with you to discuss about it, sometimes
we just overlook things and forget to ask people to apply.
Regards,
--
Samuel
Hello Sven,
Uploaded, sorry for the delay.
--
Samuel Henrique
upload.
I will raise a thread on debian-legal next time I have some free time to
see what people
think about this. But it's sure that in a best case scenario at least
d/copyright will need
to be changed.
Thanks for your work!
--
Samuel Henrique
Hello Aleksey,
Thanks for working on this, uploaded.
You forgot to add the hashtag to the closes entry in changelog, I did that
for you.
Regards,
--
Samuel Henrique
this is feasible, or even if they don't have any idea about it.
Regards,
--
Samuel Henrique
same
issue as o-saft,
another ssl vuln detector, as it needs to have an old version of openssl to
check for legacy
stuff, otherwise it won't support them.
Regards,
--
Samuel Henrique
ntime,
> actually it's the diff of o-saft and o-saft-dev :-)
>
> You may use it like:
> env inst=/usr/share/o-saft INSTALL.sh --install --n
>
> Let me know if I should improve or adapt INSTALL.sh.
>
So yeah, we need to think about a way of having o-saft with support
for all of the openssl things, and also probably split the package into a
gui
and a dev one.
Thanks!
[0]https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=803259
--
Samuel Henrique
Uploaded.
Regards,
All done, yml pushed and pipelines enabled for all of our packages.
I'm fine with it, but please make sure to skip the CI for the initial
> push. Otherwise you will have grumpy salsa admins. They asked the python
> team to not do this at all. (But python team has many more packages)
>
>
>
Hey team,
If nobody objects, I will be enabling and pushing salsa-ci.yml to all of
our packages soon.
Cheers,
--
Samuel Henrique
Hello Sven,
Uploaded, thanks for your work, and congratulations on being listed as an
Author[0].
[0]
https://github.com/dyne/Tomb/blame/187a627022f759f4f3b8b4fc1c07ccc2dc68ba03/AUTHORS.md#L31
--
Samuel Henrique
ardent fan of viewing CI logs.
>
> fair enough. I noticed that the python team has two channels:
> #debian-python for humans, and #debian-python-changes for notifications.
> maybe we could do something similar?
Regards,
--
Samuel Henrique
Hello Sven et all,
After you sent this email somebody triggered a binNMU so now it should be
all fine.
I believe this happened because SZ Lin didn't make a source-only upload,
and that is required for the testing migration now.
Regards,
--
Samuel Henrique
lsa.debian.org/pkg-security-team/t50/commit/9b22426eb48a1564ca1415b3916ed2eebecbcc70
--
Samuel Henrique
ctive here is identify the source of the non-reproducibility
on i386, in order to know if it's related to some cpu specific thing being
changed at compilation time, which would consist of RC bug.
Thanks,
[0]
https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/t50.html
.
--
Samuel Henrique
is that mdk3 doesn't support 5.8Ghz AFAIK.
Regards,
--
Samuel Henrique
write one already but you will need two.
I have some stuff from DebConf19 to work on during the following days.
Thanks,
--
Samuel Henrique
tures, today is the last day to request for bursaries (during the
registration part).
If not, you will have to find a way of getting one more DD signature before
starting the process.
Regards,
[0]https://nm.debian.org/process/613/keycheck
[1]https://debconf19.debconf.org/
--
Samuel Henrique
Hello Marcos,
Uploaded,
Thanks,
--
Samuel Henrique
Hello Marcos,
Sponsored,
Thanks
--
Samuel Henrique
Hello Marcos,
Upstream fixed two bugs in braa [0].
>
The two fixes that I can see on the package aren't upstream's, one is yours
and the other one is from Helmut, I'm assuming you mean these two.
> Please review/upload.
Done,
Thanks,
--
Samuel Henrique
Hello,
Uploaded,
Thanks,
--
Samuel Henrique
Hello Sven,
I wonder whether there should be tags in our repository marking the
> recent bpo9 uploads of cowpatty, aircrack-ng and arno-iptables-
> firewall.
>
Yeah, I had forgot about them, all pushed now.
Thanks,
--
Samuel Henrique
check if this check is also failing on your machine?
This is a blocker for migration to testing, so without fixing that, the
package will not arrive to Buster.
As the package has autopkgtests, it takes only 2 days to migrate to
Testing, so as long as the upload is made until ~8th February it should be
ok.
[0]https://wiki.debian.org/sbuild#Using_autopkgtest
Regards,
--
Samuel Henrique
Hello Aleksey,
Uploaded, thanks for your work :)
--
Samuel Henrique
Hello Marcos,
Created:
https://salsa.debian.org/pkg-security-team/pyrit
Please note that if you want to see pyrit on Buster, you only have some
days left until the soft freeze.
Thanks,
--
Samuel Henrique
I don't know if I will have time to, but if you feel like you could use
some help, please let us know on the list and maybe someone can give a
little hand. Considering we are close fo the soft freeze, I think radare2
would have to be uploaded very soon.
Regards,
--
Samuel Henrique
Hello Sven,
I believe we should not backport 2.0.3-1 anymore but start to do so
> with 2.0.3-2.
>
Perfect, uploaded.
Thanks,
--
Samuel Henrique
Hello,
Regarding the smoke tests you added, I think it would be better to declare
>> them as "Restriciton: superficial"[0]:
>>
> Done.
>
Sponsored, thanks for your work!
--
Samuel Henrique
Hello Aleksey,
On Fri, Jan 18, 2019 at 10:55 PM Samuel Henrique
> wrote:
>
>> Regarding the smoke tests you added, I think it would be better to
>> declare them as "Restriction: superficial"[0]:
>>
> Done.
>
Sponsored :)
> This simplifies backpo
a side note, I'm not sure I know the difference between:
> debhelper (>= 12~)
>
and
> debhelper (>= 12)
>
If anybody could give me a light here, I appreciate :)
Thanks for your work Aleksey, I will upload as soon as you add the tests
restriction.
--
Samuel Henrique
complete have to leave
> to you?
Yep, that's the steps, feel free to do it and ping me once you want me to
review and sponsor, please note that we can only upload after 2.0.3-1 hits
testing.
Thanks for your work Sven,
Regards,
--
Samuel Henrique
kaging flaws in
> place.
>
Let's just backport 2.0.3-1.
Regards,
--
Samuel Henrique
org/pkg-security-team/gpart
>
As this package is currently being maintained by Eriberto and he is very
active, It is better if he sponsor the upload.
Otherwise, in case he doesn't have time in the near future, I can do it.
Regards,
--
Samuel Henrique
Hello Everyone,
Finally got some free time to review the package, I think everything is ok,
I just did some little changes on d/copyright.
Thank you everybody who helped review and test the package, and Sven for
the packaging :)
Uploaded.
--
Samuel Henrique
o a comment asking if that was needed, I
didn't properly read the scripts yet but agree with you, we can remove that
parts because they are for versions prior to old-old-stable. Feel free to
remove them.
Regards,
[0]https://release.debian.org/buster/freeze_policy.html
--
Samuel Henrique
Hello Aleksey,
I just noticed another thing, you can update d/watch now to follow github
tags, the upstream started tagging releases recently. Could you please
commit that? I'm not sure if it's worth another upload, but at least it
will be already fixed on git.
Thanks,
--
Samuel Henrique
work Sven.
* Note that you don't have to be a DD or DM to review the package, everyone
is welcomed and that's a good way of learning packaging, you also don't
have to check everything, feel free to send checklists of the parts you
checked and confirmed that are ok.
--
Samuel Henrique
on the email that this was announced),
but there's a chance that's only gonna be a problem until we release Buster.
Anyway that is not a problem as long as you're aware that you have to roll
it back for backports, at least for now.
Regards,
--
Samuel Henrique
"Forwarded" tag[0].
Thanks for your work, and a happy new year.
[0]https://dep-team.pages.debian.net/deps/dep3/
--
Samuel Henrique
, there should be a button to join the team on the wgui
but I'm not familiar on where should it be, this can be solved later as you
have access on the one I created now.
I will probably be able to review the package tomorrow after reviewing
Aleksey's libpff.
Thanks for your work
--
Samuel Henrique
101 - 200 of 231 matches
Mail list logo