Bug#1084854: RFS: python3-nextdns/3.3.0-1 [ITP] -- Python wrapper for NextDNS API
Control: tags -1 + moreinfo - confirmed On Thu, 10 Oct 2024 03:41:25 +0530 Sourav Bhattacharya wrote: > I am looking for a sponsor for my package python3-nextdns: hi Sourav, reviewed your package, and the following issues came up: * the source package name should really be python-nextdns, not python3-nextdns; the latter is the correct name for the binary package only. The related lintian hit (triggered by the "python3" in the source package name) is actually correct and should not be overridden. * control: + salsa git repository homeassistant-team/deps/nextdns either doesn't exist or isn't public. + the repository name should match the source package name. + long description should be expanded to provide information about what the module can do, e.g. does it provide the complete API or just a subset, typical actions, supported/compatible services, and so on. While "This package is a dependency of Home Assistant" may be the reason for packaging it, that kind of info isn't really useful in a package's description. + the ancient version requirement for the python3-aiohttp build-dep can already be satisfied on oldstable and should be dropped. + tests aren't run on build, probably because of a missing explicit build-dep on python3-pytest which makes pybuild fall back to unittests discovery. + linters such as mypy and ruff are mostly useful for upstream developers. With the current packaging, these build-deps don't appear to be actually used at all and could be dropped. * autopkgtest: d/tests/control looks like a verbatim copy of the automagic pybuild autopkgtest. If you want to use that, better remove all of d/tests and add the pybuild autopkgtest the intended way by setting 'Testsuite: autopkgtest-pkg-pybuild' in d/control. If you haven't already, please enable the CI on the salsa repository; the standard recipe is fine. See https://salsa.debian.org/salsa-ci-team/pipeline#activate-salsa-ci Please remove the moreinfo tag (and put me in the CC) once you have an updated package ready. pgpkunSJk_Xu3.pgp Description: OpenPGP digital signature
Bug#1084800: RFS: nxt-python/3.3.0-1 [ITP] -- Python driver/interface/wrapper for the LEGO Mindstorms NXT robot
Control: tags -1 moreinfo On Tue, 8 Oct 2024 18:04:49 +0200 Nicolas Schodet wrote: > I am looking for a sponsor for my package "nxt-python": hi Nicolas, your package is in really good shape overall. Please find my review and suggestions at the bottom of this mail. > About bugs #885467, #937175 and #773201: they were closed when the > package was removed, should I re-open them before the upload, or is > it handled at upload time? See developer reference [0]. > I: nxt-python source: built-using-field-on-arch-all-package (in > section for python3-nxt) Built-Using ${sphinxdoc:Built-Using}, > [debian/control:34] > > I think this is a bug in lintian as this is required by > sphinx, see https://bugs.debian.org/999785 Yep, no action required here AFAICT. > P: nxt-python source: maintainer-manual-page [debian/man/nxt_push.1] > P: nxt-python source: maintainer-manual-page > [debian/man/nxt_server.1] P: nxt-python source: > maintainer-manual-page [debian/man/nxt_test.1] > > I am also the upstream maintainer, I plan to add them to > upstream package in the future. Maybe I should add an > override for this one. No point in overriding a pedantic, factually correct lintian hit. > X: python3-nxt: application-in-library-section python > [...] > python3-nxt: library-package-name-for-application [usr/bin/nxt_test] For tiny/trivial utils in a package that is primarily intended as a public Python module, you should keep the section at python and add an override for the lintian hits. These lintian tags are aimed at actual applications, where the programming language used is but an implementation detail that shouldn't affect the choice of section. > X: nxt-python source: debian-watch-does-not-check-openpgp-signature > [debian/watch] > > This is related to PyPI not encouraging PGP signature. > Should I, as the upstream author, make releases outside of PyPI? It's certainly welcome to have a signature to verify the integrity of upstream releases, but in the end the choice is up to "upstream developer you". Note that there's plenty of projects that publish releases on multiple platforms, so this isn't necessarily a matter of "pypi or not". > X: nxt-python source: very-long-line-length-in-source-file 3559 > > 512 [setup.py:20] > > This is from generated upstream package, quoting the README > inside the setup.py. Feel free to add an override, this lintian tag is just a crude way to detect auto-generated stuff such as minified javascript in places where Debian wants actual source code. Finally, the very minor things that came up during review...: * control: + is the python3-usb build-dependency used for anything other than running tests? If not, it could be marked "". + is Pere still involved with this package? * Please add an autopkgtest. You could probably get away with simply setting 'Testsuite: autopkgtest-pkg-pybuild' in d/control, which would make pybuild run the same tests as on build in an autopkgtest context. * Enable the CI on salsa [1]. This is a very powerful quality control tool for maintainers and sponsors alike. Please remove the moreinfo tag (and put me in the CC) once you have an updated package ready. [0]https://www.debian.org/doc/manuals/developers-reference/pkgs.html#reintroducing-pkgs [1]https://salsa.debian.org/salsa-ci-team/pipeline#activate-salsa-ci pgpAhBmAMWKkZ.pgp Description: OpenPGP digital signature
Bug#1082256: python-pyfakefs FTBFS with Python 3.13
Note that upstream already released a fix for issue #1017 as part of version 5.6.0, and the most recent debci run [1] of 5.6.0-1 with python3 from experimental (python3-defaults/3.12.6-1+exp1) on sep 17th completed without error, just 2 days prior to this bug getting filed. There are a several other upstream issues and pull requests involving (optimisations for) py3.13 such as #1059 and #1063, with a fresh pyfakefs release planned as soon as Python 3.13 itself goes final. [1]https://ci.debian.net/packages/p/python-pyfakefs/unstable/amd64/51807669/ pgp_uIJ3EkO3C.pgp Description: OpenPGP digital signature
Bug#1079510: Seems to work
Control: severity -1 wishlist On Sat, 24 Aug 2024 02:05:07 -0500 Piper McCorkle wrote: > Just built the package on my system with that `Depends` substituted > and downloaded a... RAR'd Linux ISO. Seems to work just fine with > unrar-free. Hi Piper, Bastian, unfortunately, just getting a single download to complete with unrar-free isn't enough to make this switch. Files on Usenet commonly come packed as rar files, often using recent and advanced features of that file format. At the same time, an end user typically has no control over nor advance knowledge of the technical details of uploaded files before downloading them, and at that point simply expect an application such as sabnzbd to work with whatever is thrown at it. That makes full support for the rar format an essential feature. While I sympathise with the desire to get rid of non-free components where possible, doing so for the sabnzbdplus package requires unrar-free to be a feature-complete replacement for the non-free version, including support for the latest rar format, encryption, recovery volumes, and so on. To the best of my knowledge, unrar-free has never met that bar. If you think unrar-free does manage to meet all requirements, please discuss with upstream and convince them to handle unrar-free as an equivalent of the non-free one. As any fallout from this change would cause bug reports on the upstream end, I'm not looking to make such changes to the Debian package without their support. pgpHA2crW1GA_.pgp Description: OpenPGP digital signature
Bug#1080498: RFS: apt-listchanges/4.5 [ITA] -- package change history notification tool
Uploaded, thanks! On Sun, 22 Sep 2024 06:02:19 -0400 Jonathan Kamens wrote: > I gather from context that the "-1" here refers to the bug that the > email is being sent to, and indeed I use this in my Control: header > above to remove the moreinfo tag as you requested, but despite > searching all over for the life of me I can't find where this fact > is explicitly documented anywhere. Do you happen to know? Not really, only seems to be mentioned in an example at [1]. > > * tests: consider adding an autopkgtest ('Testsuite: > >autopkgtest-pkg-pybuild' in d/control is all it takes!) > I don't 100% understand what this does, but I mostly understand it > and in any case it certainly doesn't do any harm to add it so I've > done that, thanks. It automagically runs the same tests pybuild runs on package build in an autopkgtest context; see docs at [2] and CI results at [3]. [1]https://www.debian.org/Bugs/server-control#clone [2]https://salsa.debian.org/python-team/tools/dh-python/-/blob/master/pybuild-autopkgtest.rst?ref_type=heads [3]https://salsa.debian.org/debian/apt-listchanges/-/jobs/6317784#L315 pgpFA_Kg83UrF.pgp Description: OpenPGP digital signature
Bug#1081423: FTBFS with Python 3.13
Control: tags -1 confirmed upstream Control: forwarded -1 https://github.com/CheetahTemplate3/cheetah3/issues/60 Seems upstream is aware of the issue and already committed a fix to git. I prefer to wait for an upstream release; should that take too long I'll add their fix as a patch. pgpKL9X3jAVlM.pgp Description: OpenPGP digital signature
Bug#1080498: RFS: apt-listchanges/4.5 [ITA] -- package change history notification tool
Control: tags -1 moreinfo Control: retitle -1 RFS: apt-listchanges/4.5 -- package change history notification tool On Thu, 05 Sep 2024 00:12:04 -0400 Jonathan Kamens wrote: > I am looking for a sponsor for apt-listchanges. hi Jonathan, took a look at apt-listchanges and some minor issues came up: * copyright: missing copyright holders for multiple translations and documentation files * control: X-Python3-Version specifies a Python version last seen in buster and is probably redundant * tests: consider adding an autopkgtest ('Testsuite: autopkgtest-pkg-pybuild' in d/control is all it takes!) Other than that, things look fine to me. Your RFS mail is tagged ITA, but the maintainer change seems to have been dealt with many revision ago. Any particular reason for continuing to upload to experimental only, now that version 4.x has been out for about a year with nothing major reported in the bug tracker? Please remove the moreinfo tag (and CC me) once you have an updated package ready. pgpc0V0G1sKsN.pgp Description: OpenPGP digital signature
Bug#1080026: RFS: smplayer/24.5.0+ds0-1 -- Complete front-end for MPlayer and mpv
Control: tags -1 moreinfo On Thu, 29 Aug 2024 19:59:57 +0200 Mateusz Łukasik wrote: > I am looking for a sponsor for my package smplayer: hi Mateusz, took a look at the latest smplayer upload on mentors and while the package seems to be in good shape overall, unfortunately some issues remain: * copyright: - missing info for various files under src/findsubtitles/qrestapi/ with copyright held by 'Kitware Inc.'; - lintian hit for an unused-license-paragraph-in-dep5-copyright bsd-2-clause [debian/copyright:115] * rules: note that --fail-missing is the default in compat 13, so the override for that may no longer be needed. * upstream metadata look outdated; bug tracker, support forum, development seem to be located at github nowadays. pgp3gHmYbX4tF.pgp Description: OpenPGP digital signature
Bug#1078852: RFS: ngraph-gtk/6.09.09-1 -- create scientific 2-dimensional graphs
On Sat, 17 Aug 2024 13:29:07 +0900 (JST) Hiroyuki Ito wrote: > Package: sponsorship-requests > Severity: normal > > Dear mentors, > > I am looking for a sponsor for my package "ngraph-gtk": > > * Package name : ngraph-gtk >Version : 6.09.09-1 Uploaded! For a future release, please improve the appstream xml, esp. the use of "replace" in the releases section of the file which appears to simply be a typo: --- $ appstreamcli validate --pedantic --explain ./misc/com.github.htrb.ngraph-gtk.metainfo.xml I: com.github.htrb.ngraph-gtk:25: nonstandard-gnome-extension kudos This tag is a GNOME-specific extension to AppStream and not part of the official specification. Do not expect it to work in all implementations and in all software centers. I: com.github.htrb.ngraph-gtk:141: invalid-child-tag-name Found: replace - Allowed: release Tags of this name are not permitted in this section. I: com.github.htrb.ngraph-gtk:142: invalid-child-tag-name Found: replace - Allowed: release Tags of this name are not permitted in this section. I: com.github.htrb.ngraph-gtk:143: invalid-child-tag-name Found: replace - Allowed: release Tags of this name are not permitted in this section. I: com.github.htrb.ngraph-gtk:144: invalid-child-tag-name Found: replace - Allowed: release Tags of this name are not permitted in this section. I: com.github.htrb.ngraph-gtk:145: invalid-child-tag-name Found: replace - Allowed: release Tags of this name are not permitted in this section. I: com.github.htrb.ngraph-gtk:~: developer-info-missing This component contains no `developer` element with information about its author. ✔ Validation was successful: infos: 7 --- pgpCoROV_emp7.pgp Description: OpenPGP digital signature
Bug#1079028: missing dependency for distutils import
Package: python-pytest-freezegun Severity: grave Version: 0.4.2-1 X-Debbugs-CC: z...@debian.org Hi, I tried to put the new pytest freezegun package to good use in python-tempora, but the binary package seems to be missing a dependency to provide the distutils module, rendering it unusable: ---8< File "/usr/lib/python3/dist-packages/pytest_freezegun.py", line 5, in from distutils.version import LooseVersion ModuleNotFoundError: No module named 'distutils' >8--- Full traceback available at [1]. [1] https://salsa.debian.org/jcfp/python-tempora/-/jobs/6146651 pgpXBWGGmixqi.pgp Description: OpenPGP digital signature
Bug#1071656: autopkgtest failure on archs other than amd64 and i386
On Mon, 24 Jun 2024 15:28:58 +0200 Bernhard Übelacker wrote: > There was a patch pushed to git [3] which explicitly lists valgrind > archs. I stepped over a package valgrind-if-available [4]. > Maybe depending on this might be of some help here? Thanks for the hint about valgrind-if-available. I added a commit to use that instead of the direct dependency on valgrind + hardcoded archs, and modified the autopkgtest script to check for the presence of valgrind to decide whether or not to pass the -m argument. That still leaves open how to proceed with the issue at hand. Bernhard's debugging results point to valgrind as the root cause rather than gpscorrelate itself. I'm tempted to do a fresh upload of the latter with valgrind removed from the tests entirely for the time being, and then either close or reassign this bug. Any objections? pgpmu07R_nAhK.pgp Description: OpenPGP digital signature
Bug#1071845: RM: python-yenc -- ROM; unused python lib, dead upstream
Package: ftp.debian.org Severity: normal X-Debbugs-Cc: python-y...@packages.debian.org Control: affects -1 + src:python-yenc User: ftp.debian@packages.debian.org Usertags: remove Originally packaged as a dependency of sabnzbdplus, but long superseded there; no other reverse deps. Upstream went AWOL years ago, domain taken over by squatters in 2022. pgp6RJQlOVv99.pgp Description: OpenPGP digital signature
Bug#1071656: autopkgtest failure on archs other than amd64 and i386
Package: gpscorrelate Severity: normal Control: found -1 2.1-1 hi Shriram, it seems the recent upload of gpscorrelate has issues preventing migration to testing [1]: the autopkgtest fails for all architectures except amd64 and i386. This could be something really simply causing the output on these platforms to differ in some unimportant way from what the tests expect (like the architecture getting recorded as part of the output with upstream only taking the "standard" archs into account), or something more substantial (actual bugs only triggered on these "other" archs). Some archs have 30 tests failing (s390x), some only one (arm64); and then there's valgrind that is not available on some architectures. I already pushed a fix for the valgrind part to git. Please investigate the failures on the archs where the autopkgtest did run. [1]https://qa.debian.org/excuses.php?package=gpscorrelate pgpdwO_4xbp7f.pgp Description: OpenPGP digital signature
Bug#1070138: RFS: django-anymail/10.3-1 [ITA] -- Django email backend for multiple ESPs (Python 3)
On Sun, 19 May 2024 12:53:59 +0530 Akash Doppalapudi wrote: > I setup tests for this package. > > Sorry, it took this much time, I was a bit busy and tests on this > package were tricky. No worries, we're all volunteers donating precious time and effort. Just pushed a fix to make the on-build tests run against all supported python versions and not run the ones that try to use resources from an external network. Without that, the build would fail on my no-networking-allowed pbuilder setup. Please modify the autopkgtest accordingly, so that it: * excludes tests that use external resources; * loops over all supported python versions; and * tests the installed package, rather than the extracted source package. The last part is typically done by copying the testsuite files to an empty directory provided for this purpose, subsequently running the testsuite from there. See [1] for a generic example. The package should be good to go once the autopkgtest is done. [1]https://salsa.debian.org/jcfp/python-autocommand/-/tree/master/debian/tests pgpSM35fbr25O.pgp Description: OpenPGP digital signature
Bug#1071015: RFS: color-picker/1.0.3-3 -- Powerful screen color picker based on Qt
On Sun, 12 May 2024 20:53:28 -0300 Hugo Torres de Lima wrote: > I am looking for a sponsor for my package color-picker: hi Hugo, uploaded with a minor change to the d/copyright: the year was also bumped to 2024 for upstream, but the packaged release dates back to 2022 so that cannot be correct. I reverted that bit, and already pushed the change to the git repo as well. Otherwise all fine, thanks for your work! pgpmvL0KWFkJT.pgp Description: OpenPGP digital signature
Bug#1070138: RFS: django-anymail/10.3-1 [ITA] -- Django email backend for multiple ESPs (Python 3)
On Wed, 1 May 2024 00:29:49 +0530 Akash Doppalapudi wrote: > I am looking for a sponsor for my package "django-anymail": hi Akash, I granted you maintainer level access to the package's git repo on salsa, please push your changes there. Took a quick look at the package, it seems to be in very good shape overall. You might want to point the watch file to upstream's github though, as the tarballs there include tests and documentation missing from the releases on pypi. And then of course put that stuff to use :) pgp2sxpfik2v7.pgp Description: OpenPGP digital signature
Bug#1069894: RFS: gpscorrelate/2.1-1 -- correlates digital photos with GPS data filling EXIF fields (command line)
Control: tags -1 moreinfo On Fri, 26 Apr 2024 20:30:37 +0530 Shriram Ravindranathan wrote: > I am looking for a sponsor for my package gpscorrelate: hi Shriram, thanks for your interest in adopting this package. I did a review, and the following issues came up: * copyright: + incorrect license for i18n.h (listed as GPL-2+ but file says LGPL-2+) + debian/* license "GPL-2+ or GPL-3" doesn't make sense, as GPL-3 is already included in GPL-2+ * changelog should close the ITA bug when adopting a package * control: ancient version requirement for the libexiv2-dev build-dep should be dropped * gpscorrelate-gui.dirs is redundant; these directories will be created automatically when the files listed in d/gpscorrelate-gui.install get installed * d/README.Debian seems outdated; it talks about a rationale for splitting into two binary packages that aren't interdependent and only recommend one another for docs, but then d/control lists one as a hard dependency of the other. What changed? Does the README or the package need modification? * rules: tests seem to run fine on build if one removes the override. Any reason why they are (still) disabled? If possible, do run tests on build; in case you do decide on keeping them off, you could probably drop the build-dep on exiv2. * Wishlist: add an autopkgtest, based on the upstream testsuite. Something along the lines of copy the "tests" directory to $AUTOPKGTEST_TMP, symlink the gpscorrelate executable, then run ./tests/testsuite should work; if you need an example, the re2c package takes a similar approach. I do realise many of the issues above weren't introduced by you, but that can be an unfortunate side effect of adopting existing packages. You were granted maintainer level access to the package's git repo at https://salsa.debian.org/debian/gpscorrelate, so you may push your current changes and any future work there. Please remove the moreinfo tag (and CC me) once you have an updated package ready. pgpbd9szjTjyV.pgp Description: OpenPGP digital signature
Bug#1070095: RFS: sslscan/2.1.3-1 -- Tests SSL/TLS enabled services to discover supported cipher suites
Control: tags -1 moreinfo On Mon, 29 Apr 2024 20:47:15 -0500 Alejo Marín wrote: > I am looking for a sponsor for my package sslscan: hi Alejo, I took a look at sslscan, and some issues came up during review: * git repository: pristine-tar and upstream branches on salsa are stale (looks like you just forgot to push those?) * copyright: various copyright holders and licenses are missing, see docker_test.sh:4 sslscan.c:6055 tools/iana_tls_ciphersuite_parser.py:4 tools/iana_tls_supported_groups_parser.py:4 win32bit-compat.h:13 Other than that, everything looks good to me. Please remove the moreinfo tag (and CC me directly) once you have an updated package ready. pgpCGVFZwv3eF.pgp Description: OpenPGP digital signature
Bug#1067727: RFS: tcpslice/1.7-1 -- extract pieces of and/or glue together tcpdump files
Control: tags -1 moreinfo On Tue, 26 Mar 2024 02:35:25 -0300 Bruno Naibert wrote: > I am looking for a sponsor for my package tcpslice: hi Bruno, the package looks mostly fine; some minor remarks and questions: * docs: rm? The README and CREDITS files don't serve any purpose as end user documentation; CHANGES is the upstream changelog and would be automatically detected and installed as such by dh_installchangelogs (i.e. no need to list it anywhere). * control: why 'root-requires-root: binary-targets'? What exactly needs root? * salsa-ci.yml: is that allow_failure for reprotest still needed? As for the git repo on salsa: the tags for the packaging should include the revision, e.g. debian/1.7-1 instead of 'debian/1.7' or '1.5', as there could be multiple debian revisions for a single upstream release. Please remove the moreinfo tag (and CC me when doing so) once you have an updated package ready. pgp0tjcfm_uii.pgp Description: OpenPGP digital signature
Bug#1067859: RFS: python-redmine/2.4.0-2 -- Python library for the Redmine RESTful API (Python 3)
Control: tags -1 moreinfo On Thu, 28 Mar 2024 00:07:29 +0530 Akash Doppalapudi wrote: > I am looking for a sponsor for my package python-redmine: hi Akash, it looks like a new upstream release came out very recently, you might want to update the packaging to that. The master branch of the salsa git repo is full of stuff not part of the upstream tarball, particularly __pycache__ dirs with pyc files most likely added by mistake (as part of commit a77a3ff9): $ find . -name *.pyc ./redminelib/resources/__pycache__/__init__.cpython-311.pyc ./redminelib/resources/__pycache__/standard.cpython-311.pyc [etc...] Time for a spring cleanup? The packaging itself looks mostly fine, some minor stuff: * copyright: upstream year needs updating, see their license file. * rules: are those PYBUILD_TEST_ARGS still needed these days? Please remove the moreinfo tag (and CC me directly) once you have an updated package ready. pgpJ8iIBzWKFY.pgp Description: OpenPGP digital signature
Bug#1064924: RFS: python-chameleon/4.5.2-1 [ITA] -- XML-based template compiler - doc
Control: tags -1 moreinfo Hi Akash, Package looks mostly alright, remaining issues should be easy to fix: * control: binary pkg has an unused hardcoded dep on python3-pkg-resources, replaced upstream cf. CHANGES.rst:107 * copyright: upstream year needs updating, see COPYRIGHT.txt * copyright: entry for src/chameleon/astutil.py looks obsolete; the file no longer has a copyright header mentioning edgewall software and appears to have been completely rewritten, see e.g. `git diff upstream/3.8.1 upstream/4.5.2 src/chameleon/astutil.py' * rules: the sphinxdoc override could be replaced with an execute_before that only runs the sphinx build command, that way one can avoid calling dh_sphinxdoc with hardcoded arguments. * the binary pkg includes the upstream testsuite. In previous versions, that consisted of a very limited number of small python files; in the current version, it has grown in size and also includes numerous input files - now making up the bulk of the files in the binary pkg. Consider excluding the test files from install (and drop the associated lintian overrides) unless they are actually needed somehow. pgpwTTlNsfO4k.pgp Description: OpenPGP digital signature
Bug#1065194: RFS: python-raccoon/3.1.1-1 -- Python DataFrame with fast insert and appends (Python 3)
Control: tags -1 moreinfo On Fri, 1 Mar 2024 23:54:26 +0530 Akash Doppalapudi wrote: > I am looking for a sponsor for my package "python-raccoon": hi Akash, thanks for working on this package. Unfortunately, it fails to build, so the following remarks and suggestions are based on the source pkg alone: * please push your changes to the package's VCS; if you need access to its current repository on salsa just let me know (do mention your username there). * multiple build-deps seem to be only needed for running tests, but those are disabled in d/rules (probably because the tarball on pypi doesn't contain any test files in the first place, only the upstream github repo does). Please remove any unused build-deps. * d/rules incorrectly sets PYBUILD_NAME to the source pkg name, this should either be deleted, or set to the name actually used to import the module. * the binary pkg has an unused hardcoded dependency on python3-pkg-resources. * consider adding a very basic autopkgtest by setting 'Testsuite: autopkgtest-pkg-python' in d/control. Build fails with the following error (full log attached): dpkg-source: info: building python-raccoon in python-raccoon_3.1.1-1.dsc debian/rules binary dh binary --with python3 --buildsystem=pybuild dh_update_autotools_config -O--buildsystem=pybuild dh_autoreconf -O--buildsystem=pybuild dh_auto_configure -O--buildsystem=pybuild E: pybuild pybuild:389: configure: plugin pyproject failed with: PEP517 plugin dependencies are not available. Please Build-Depend on pybuild-plugin-pyproject. dh_auto_configure: error: pybuild --configure -i python{version} -p "3.12 3.11" returned exit code 13 make: *** [debian/rules:6: binary] Error 25 Please remove the moreinfo tag (and CC me directly) once you have an updated package ready. [0mI: pbuilder: network access will be disabled during build[0m [0mI: Current time: Thu Mar 21 10:08:25 CET 2024[0m [0mI: pbuilder-time-stamp: 1711012105[0m [0mI: Building the build Environment[0m [0mI: extracting base tarball [/var/cache/pbuilder/sid-base.tgz][0m [0mI: copying local configuration[0m [1;33mW: No local /etc/mailname to copy, relying on /var/cache/pbuilder/build//63818/etc/mailname to be correct[0m [1;33mW: hookdir /root/.pbuilder/hooks/ does not exist, skipping[0m [0mI: mounting /proc filesystem[0m [0mI: mounting /sys filesystem[0m [0mI: creating /{dev,run}/shm[0m [0mI: mounting /dev/pts filesystem[0m [0mI: redirecting /dev/ptmx to /dev/pts/ptmx[0m [0mI: policy-rc.d already exists[0m [1;33mW: Could not create compatibility symlink because /tmp/buildd exists and it is not a directory[0m [0mI: Obtaining the cached apt archive contents[0m [0mI: Copying source file[0m [0mI: copying [./python-raccoon_3.1.1-1.dsc][0m [0mI: copying [./python-raccoon_3.1.1.orig.tar.gz][0m [0mI: copying [./python-raccoon_3.1.1-1.debian.tar.xz][0m [0mI: Extracting source[0m gpgv: Signature made Fri Mar 1 21:50:26 2024 UTC gpgv:using RSA key C8B2A95D8D855A9D8C6F0C78BCBCAE31ECE05007 gpgv: Can't check signature: No public key dpkg-source: warning: cannot verify inline signature for ./python-raccoon_3.1.1-1.dsc: no acceptable signature found dpkg-source: info: extracting python-raccoon in python-raccoon-3.1.1 dpkg-source: info: unpacking python-raccoon_3.1.1.orig.tar.gz dpkg-source: info: unpacking python-raccoon_3.1.1-1.debian.tar.xz [0mI: Not using root during the build.[0m [0mI: Installing the build-deps[0m -> Attempting to satisfy build-dependencies -> Creating pbuilder-satisfydepends-dummy package Package: pbuilder-satisfydepends-dummy Version: 0.invalid.0 Architecture: amd64 Maintainer: Debian Pbuilder Team Description: Dummy package to satisfy dependencies with aptitude - created by pbuilder This package was created automatically by pbuilder to satisfy the build-dependencies of the package being currently built. Depends: debhelper-compat (= 13), dh-python, python3-setuptools, python3-all, python3-pytest, python3-tabulate dpkg-deb: building package 'pbuilder-satisfydepends-dummy' in '/tmp/satisfydepends-aptitude/pbuilder-satisfydepends-dummy.deb'. Selecting previously unselected package pbuilder-satisfydepends-dummy. (Reading database ... 16432 files and directories currently installed.) Preparing to unpack .../pbuilder-satisfydepends-dummy.deb ... Unpacking pbuilder-satisfydepends-dummy (0.invalid.0) ... dpkg: pbuilder-satisfydepends-dummy: dependency problems, but configuring anyway as you requested: pbuilder-satisfydepends-dummy depends on debhelper-compat (= 13); however: Package debhelper-compat is not installed. pbuilder-satisfydepends-dummy depends on dh-python; however: Package dh-python is not installed. pbuilder-satisfydepends-dummy depends on python3-setuptools; however: Package python3-setuptools is not installed. pbuilder-satisfydepends-dummy depends on python3-all; however: Package python3-all is not installed. pbuilder-satisfydepends-dumm
Bug#1060041: Is the python3-objgraph dependency too much
> Package: cherrypy3 > - Or if not - would you be ok to also reduce it to a Suggests as > I've done in Ubuntu [4]? Downgrading the dep to suggested is fine with me. pgpG6jQ8lFih7.pgp Description: OpenPGP digital signature
Bug#1059233: RFS: python-dbutils/3.0.3-1 [ITP] -- tools for providing connections to a database (Python 3)
Control: tags -1 moreinfo On Thu, 21 Dec 2023 18:59:32 + Dale Richards wrote: > I am looking for a sponsor for my package python-dbutils: hi Dale, package looks pretty good, with only some minor issues: * d/python-dbutils-doc.docs: globbing is supported, might want to make use of that (docs/*). * control: 'Testsuite: autopkgtest-pkg-python' is of little use when combined with a non-trivial autopkgtest. * d/tests/control specifies a dependency on python3-pytest, which is probably unnecessary as the testsuite runs fine on build without it (a cursory glance suggest it only uses stdlib's unittest). * lintian hit: P: python-dbutils source: trailing-whitespace [debian/control:27] Please remove the moreinfo tag (and CC me directly) once you have an updated package ready. PS: your domain has its DMARC policy set to 'reject', which is a bad idea if you're sending mail to mailing lists; 'quarantine' is usually the better choice. pgp0Y7Und4nDv.pgp Description: OpenPGP digital signature
Bug#1051183: RFS: gsimplecal/2.5-1 -- lightweight GUI calendar application
Control: tags -1 moreinfo On Mon, 04 Sep 2023 00:44:08 -0300 Hugo Torres wrote: > I am looking for a sponsor for my package gsimplecal: hi Hugo, some minor issues came up during review: * copyright: upstream years outdated (only the years for the packaging were changed, despite the changelog claiming otherwise). * lintian: W: gsimplecal: mismatched-override hardening-no-fortify-functions usr/bin/gsimplecal [usr/share/lintian/overrides/gsimplecal:2] (probably caused by a change in lintian's output format) Please remove the moreinfo tag (and CC me directly) once you have an updated package ready. pgp5YpVHVU391.pgp Description: OpenPGP digital signature
Bug#1050085: RFS: vnstat/2.11-1 -- console-based network traffic monitor
Control: tags -1 moreinfo On Sat, 19 Aug 2023 16:56:12 +0200 Christian Göttsche wrote: > I am looking for a sponsor for my package vnstat: hi Christian, one minor issue: * copyright: years outdated for upstream only Please remove the moreinfo tag (and CC me directly) once you have an updated package ready. pgplt0b38Y5Yi.pgp Description: OpenPGP digital signature
Bug#1043581: CI test 'check-graphical-app.py' failing on multiple archs
Source: gtg Version: 0.6-4 Severity: normal Control: affects -1 src:cheetah Continuous Integration tests are failing on multiple architectures (at least amd64, arm64, ppcel64, riscv64) with the following error: 1073s autopkgtest [14:17:12]: test command1: xvfb-run debian/tests/check-graphical-app 1073s autopkgtest [14:17:12]: test command1: [--- 1107s Warning: AT-SPI's desktop is visible but it has no children. Are you running any AT-SPI-aware applications? 1107s Warning: /tmp/autopkgtest-lxc.w4h_f1ju/downtmp/build.1Kt/src/debian/tests/check-graphical-app.py:13: The requested widget could not be focused: "gtg" application: 1107s pid = run("gtg") 1107s 1107s Creating logfile at /tmp/dogtail-debci/logs/check-graphical-app_20230801-141716_results ... 1107s 2023.08.01 14:17:46 app exists: Failed - None is not a Node 1107s Traceback (most recent call last): 1107s File "/tmp/autopkgtest-lxc.w4h_f1ju/downtmp/build.1Kt/src/debian/tests/check-graphical-app.py", line 17, in 1107s focus.widget.node = focus.app.node.child(name=app_name) 1107s 1107s AttributeError: 'NoneType' object has no attribute 'child' I only noticed because this blocks migration for a recent upload of the cheetah package [1], but the CI logs at [2] show the issue well predates that. [1]https://qa.debian.org/excuses.php?package=cheetah [2]https://ci.debian.net/packages/g/gtg/ pgpH9HMtURdvE.pgp Description: OpenPGP digital signature
Bug#1042362: RFS: streamlink/6.0.1-1 -- CLI for extracting video streams from various websites to a video player
Hi Alexis, thanks for updating the pkg to the latest release. Only one minor issue came up during review: * copyright: info for src/streamlink/webbrowser/cdp/connection.py is missing; see the notice starting at line 109 of that file. pgpR6iWPUYzUy.pgp Description: OpenPGP digital signature
Bug#1040162: RM: python-sabyenc -- ROM; superseeded by sabctools; unused
Package: ftp.debian.org Severity: normal User: ftp.debian@packages.debian.org Usertags: remove X-Debbugs-Cc: python-saby...@packages.debian.org Control: affects -1 + src:python-sabyenc Superseeded by sabctools from the same upstream. The upload of sabnzbdplus/4.0.2-1 removed the sole reverse dependency. Thanks pgp3O94tsKzuY.pgp Description: OpenPGP digital signature
Bug#1038949: sabnzbdplus: CVE-2023-34237
Work in progress on backporting the fix. pgp6ZIQJSn73B.pgp Description: OpenPGP digital signature
Bug#1031720: ITP: sabctools -- C implementations of key functions used within SABnzbd
Package: wnpp Severity: wishlist Owner: j...@debian.org https://github.com/sabnzbd/sabctools Will be replacing python-sabyenc in the upcoming 4.0.0 release of sabnzbdplus. pgpJ9muwSKWRo.pgp Description: OpenPGP digital signature
Bug#1025523: ITP: python-autocommand -- library to generate argparse parsers from function signatures
Package: wnpp Severity: wishlist Owner: j...@debian.org https://github.com/Lucretiel/autocommand New dependency for recent releases of jaraco.text pgp7b4eoguXEA.pgp Description: OpenPGP digital signature
Bug#1018110: RFS: hydrapaper/3.3.1-1 [RC] -- Utility that sets background independently for each monitor
Control: tags -1 moreinfo On Thu, 25 Aug 2022 15:49:14 -0300 Francisco M Neto wrote: > I am looking for a sponsor for my package hydrapaper: hi Francisco, took a look but this package doesn't appear ready for uploading: * changelog: is that bug really fixed just by switching to gtk4? There's still no dependency on python3-pil while the program is directly importing from that module! * copyright: missing entry for the appdata xml file (cc0). * patches: forwarded upstream but the related merge request was closed by yourself; why? is the patch still needed? * watch: multiple empty lines at EOF * control: + short and long description could use an update (upstream describes the program as a "Wallpaper manager with multi monitor support"; mention additional supported desktop environments, etc.) + unused build-dep on python3-willow? + the build-dep on libwnck-3-dev appears to server no other purpose than pulling in the dbus-1 pkgconfig file from libdbus-1-dev; if so, you should depend on the latter directly + libhandy-1-0 is a hard dependency of gir1.2-handy-1 but not imported or linked directly in hydrapaper, so no need to duplicate that here + gir1.2-handy-1 itself looks isn't used at all in the new upstream release so that should go too + ${shlibs:Depends} is pointless for an arch:all Python package Program fails to start (missing dep on something to ensure gi gtk4 is present, installing gir1.2-gtk-4.0 seems to fix that): Traceback (most recent call last): File "/usr/bin/hydrapaper", line 60, in gi.require_version('Gtk', '4.0') File "/usr/lib/python3/dist-packages/gi/__init__.py", line 129, in require_version raise ValueError('Namespace %s not available for version %s' % ValueError: Namespace Gtk not available for version 4.0 Same for adw: Traceback (most recent call last): File "/usr/bin/hydrapaper", line 62, in gi.require_version('Adw', '1') File "/usr/lib/python3/dist-packages/gi/__init__.py", line 126, in require_version raise ValueError('Namespace %s not available' % namespace) ValueError: Namespace Adw not available Probably missing a dependency on python3-dbus too (imported by hydrapaperd)? And python3-pil as mentioned earlier. Please at least take a cursory look at upstream code when packaging major version bumps, and test your packages on a reasonably clean testing/unstable install before asking for sponsorship. Consider adding some basic automated testing, as even a trivial autopkgtest that just calls `hydrapaper --help' would have failed with errors similar to the ones listed above. pgp3ShOEoWh0S.pgp Description: OpenPGP digital signature
Bug#1012401: RFS: csoundqt/1.1.0-1 -- frontend for the csound sound processor
Control: tags -1 moreinfo On Mon, 6 Jun 2022 15:22:07 +0200 Dennis Braun wrote: > I am looking for a sponsor for my package csoundqt: hi Dennis, * copyright is missing info for several files: bin/win-installer.iss src/Examples/CsoundQt/Miscellaneous/Circle_Map.csd src/Examples/CsoundQt/Synths/Sruti-Drone_Box.csd Note that the license for one of the examples is DFSG-incompatible because it carries a non-commercial clause. * d/csoundqt.lintian-overrides overrides two tags, but the actual problem seems to be the presence of a shebang line in the desktop file (at line 1). That line shouldn't be there; patching it out would make the lintian hits disappear. Please remove the moreinfo tag (and put me in the CC) once you have an updated package ready. pgpVVlRJU0Vat.pgp Description: OpenPGP digital signature
Bug#1012484: marked as done (RM: sysbench [ppc64el] -- ROM; breakage in luajit (build-)dependency)
Control: reopen -1 Control: retitle -1 RM: sysbench [ppc64el] -- ROM; breakage in luajit and luajit2 (build-)dependency Turns out luajit2 is also broken on ppc64el; the build itself completes but the program segfaults when running the testsuite. As such, the original request stands: please remove the sysbench package from ppc64el only. Thanks! pgpD5Q5STHs07.pgp Description: OpenPGP digital signature
Bug#1012362: transition: luajit
On Sun, 12 Jun 2022 20:20:50 -0700 "M. Zhou" wrote: > After browsing the corresponding github issues I think there is > virtually nobody working on the ppc64el port. And I don't have any > idea on how to fix it. So let's inform the reverse dependencies to > remove ppc64el support, or switch back to lua. Looking at the buildlogs for sysbench, running the upstream testsuite triggers (apparently) identical segfaults for both ppc64el and ppc64, so in all likelihood the latter is also affected by the underlying issue. > The only outcome for this luajit2 transition is that s390x seems > working. That's a new arch for sysbench too. You gain some, you lose some. pgpoosJS0wW_p.pgp Description: OpenPGP digital signature
Bug#1010663: RFS: strawberry/1.0.4-1 [ITP] -- Audio player and music collection organizer
On Fri, 3 Jun 2022 13:08:55 +0100 Peter B wrote: > > Aside from the dbus xml stuff: what exactly do you mean by the > > comment in the GPL-3 license paragraph? > I'm confused regarding GPL-3 & GPL-3+. We now have a License > paragraph for GPL-3 that excludes later versions, but the full text > in /usr/share/common-licenses/GPL-3 > https://www.gnu.org/licenses/gpl-3.0.html > both include it! The full text includes 'or any later version' in two places: first in paragraph 14, conditional on that being explicitly specified by the program in question; the other as part of an example or how one could apply the terms of the GPL. That example is explicitly outside of the terms and conditions set by the license. So yes, GPL-version-X-only is very much a thing. > > I suspect some of the org.freedesktop.*.xml files on the other > > hand could be based directly on dbus specs [1] or similar generic > > interface definitions for use with qdbusxml2cpp, possibly > > autogenerated by qdbus along the lines of: > > `QT_SELECT=5 qdbus org.freedesktop.Notifications > > /org/freedesktop/Notifications > > org.freedesktop.DBus.Introspectable.Introspect` > I've created separate Files paragraphs for each group of files. > > (I'm not sure what the impact of auto-generation is on the > copyright. I notice that in [3], the author is the upstream > application author, no reference to org.freedesktop) Typically, output produced by a program isn't itself covered by the license of said program. Producing a text on a GPL'ed editor doesn't put that text under the GPL. For org.freedesktop.Notifications.xml and DBus.ObjectManager, I don't see much of a reason to assume it originates from some other project; so those could reasonably fall directly under the default copyright paragraph for strawberry (i.e., no separate entry needed). The org.freedesktop.UDisk2.*.xml files should have their own (collective) entry, as the original for all of the udisk ones seems to be [1] with David Zeuthen as the sole copyright holder. Something similar applies to the org.mpris.*.xml (currently missing from d/copyright), except here the upstream seems to be [2] (debian copyright file at [3]). The org.kde.KGlobalAccel.*.xml appear to be based on files in the kglobalaccel project [4] (debian copyright at [5]) rather than the kde documentation, please update the entry to reflect that. Other than that, the shortname for the LGPL-2 license should have a plus symbol appended to reflect the 'any later version' option, in line with the standard shortnames documented by [6]. [1]https://github.com/storaged-project/udisks/blob/master/data/org.freedesktop.UDisks2.xml [2]https://github.com/eonpatapon/mpDris2/blob/5e5cdacea6e55544064f8b10e0b49bbe2aa044d9/src/mpDris2.in.py#L115 [3]https://salsa.debian.org/debian/mpdris2/-/blob/debian/latest/debian/copyright [4]https://sources.debian.org/src/kglobalaccel/5.94.0-1/src/ [5]https://tracker.debian.org/media/packages/k/kglobalaccel/copyright-5.94.0-1 [6]https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/#license-short-name pgpBcu5XjD4Xp.pgp Description: OpenPGP digital signature
Bug#1011307: 1011307
A request for the removal of sysbench from ppc64el has been filed in order to allow the recent upload to migrate to testing, see #1012484. pgpm6u8lhzQwe.pgp Description: OpenPGP digital signature
Bug#1012484: RM: sysbench [ppc64el] -- ROM; breakage in luajit (build-)dependency
Package: ftp.debian.org Severity: normal Please remove the sysbench package from ppc64el only. Sysbench requires luajit which is currently broken on that arch (see #1011307). Replacing luajit with lua as suggested is not a viable solution for sysbench, hence support for ppc64el was removed in a recent upload. Thanks! pgpA8f9ogKo9f.pgp Description: OpenPGP digital signature
Bug#1005717: RFS: nzbget/21.0+dfsg-2.1 dfsg-2.1 [NMU] [RC] -- command-line based binary newsgrabber for nzb files
I uploaded 21.0+dfsg-2.1 to DELAYED/7. In case you want it cancelled, just let me know. pgp5CxLEtlqgK.pgp Description: OpenPGP digital signature
Bug#1010663: RFS: strawberry/1.0.4-1 [ITP] -- Audio player and music collection organizer
On Sun, 29 May 2022 11:52:53 +0100 Peter wrote: > Updated copyright and reverted to Qt5 Thanks, qt5 seems to be the way to go for now. Looks like there's an error in the dbus copyright entry though, given that the file linked in the comment is under LGPL rather than GPL? And more importantly: the comment only deals with one of the xml files, but (as far as I can tell) these do not all originate from a single source. For example, org.kde.KGlobalAccel.*.xml files appear in the kglobalaccel package; the Udisks stuff might well be based on [2]; mpris/MediaPlayer2 in turn appears in [3]. I suspect some of the org.freedesktop.*.xml files on the other hand could be based directly on dbus specs [1] or similar generic interface definitions for use with qdbusxml2cpp, possibly autogenerated by qdbus along the lines of: `QT_SELECT=5 qdbus org.freedesktop.Notifications /org/freedesktop/Notifications org.freedesktop.DBus.Introspectable.Introspect` Aside from the dbus xml stuff: what exactly do you mean by the comment in the GPL-3 license paragraph? [1]https://dbus.freedesktop.org/doc/dbus-specification.html [2]https://salsa.debian.org/utopia-team/udisks2/-/blob/debian/master/data/org.freedesktop.UDisks2.xml [3]https://sources.debian.org/src/mpdris2/0.9.1-1/src/mpDris2.in.py/#L133 pgpvcqRC6_6_V.pgp Description: OpenPGP digital signature
Bug#1010663: RFS: strawberry/1.0.4-1 [ITP] -- Audio player and music collection organizer
Paul, Thomas, thanks for digging up the old reject. Peter, I did some more digging and found one unresolved copyright issue from my previous comment as well as some fresh ones: * copyright holder Pascal Below for various scrobbler-related files is still missing * copyright holder Nick Lanham missing for savedgroupingmanager.cpp; note that copyright for both .cpp and .h is shared with Jonas Kvinge * missing entry for src/core/lazy.h * as the info for src/dbus/*.xml doesn't seem to exist anywhere in the sources, please add a comment field to that paragraph explaining what the entry is based on * the license paragraph for GPL-3 doesn't restrict the version to v3 only (other than the shortname suggesting so) and lacks a link to the full text of the license on debian systems I noticed you changed the build to qt6 and while that works fine, it does seem that at the moment qt5 is very much the standard qt release in the distribution. A quick comparison using `reverse-depends -b qt6-tools-dev` vs the same for qttools5-dev showed 6 packages build-depending on the former and around 300 on the latter. Is there any particular advantage to using qt6 for strawberry? Don't worry too much about the reprotest, sometimes these things throw a tantrum. pgpJnLp0Q7Zac.pgp Description: OpenPGP digital signature
Bug#1010663: RFS: strawberry/1.0.4-1 [ITP] -- Audio player and music collection organizer
On Thu, 26 May 2022 15:22:09 +0100 Peter wrote: > >> I am looking for a sponsor for my package "strawberry": > I don't have privilege to set up repositories on Salsa, but would > like to have one to run CI. Could someone create an empty > repository for strawberry under debian group? I've just created https://salsa.debian.org/debian/strawberry and granted your account maintainer level access. Once you got that up and running with the CI I'll take another look at the package. pgpqS4uXuanVC.pgp Description: OpenPGP digital signature
Bug#1011377: RFS: ngraph-gtk/6.09.06-1 -- create scientific 2-dimensional graphs
Control: tags -1 moreinfo On Sat, 21 May 2022 18:42:21 +0900 (JST) Hiroyuki Ito wrote: > I am looking for a sponsor for my package ngraph-gtk: hi Hiroyuki, A couple of issues: * copyright: + CC0-1.0 is in common-licenses, no need to have the full license text verbatim in d/copyright + src/gettext.h is under LGPL, not GPL + missing copyright holders and license info for various files under src/gtk/* (at least sourcecompletionwords.*, ruler.c) * control: this combination of build-deps makes no sense: debhelper (>= 12.0.0), debhelper-compat (= 13); you probably want to remove the (leftover?) debhelper one * docs: README and NEWS files aren't useful as documentation (the former only mentions the project's homepage, already documented in the packaging; the latter is but a list of released versions) Nitpicking: * changelog: entry about AC_CHECK_FILE concerns an upstream rather than a debian packaging change * rules: could make use dh_bash-completion or "execute_after" instead of an override Please remove the moreinfo tag (and CC me directly) once you have an updated package ready. pgpu3XefemCrK.pgp Description: OpenPGP digital signature
Bug#1010663: RFS: strawberry/1.0.4-1 [ITP] -- Audio player and music collection organizer
Control: tags -1 moreinfo On Fri, 6 May 2022 13:11:37 +0100 Peter wrote: > I am looking for a sponsor for my package "strawberry": hi Peter, like pollo, I'm puzzled by the mention on the ITP bug of the package being in NEW at some point, only to vanish into thin air? Would be nice to know what happened to it, if only to avoid running into the same problems. Maybe Thomas would like to chime in on this? That said, I took a look anyway. Some comments and observations: - There's an unused manpage in the debian dir, an apparent leftover from the earlier packaging effort - Copyright: * missing copyright holder "Pascal Below" (for various scrobbler-related files) * missing info for 3rdparty/macdeployqt * wrong license for 3rdparty/SPMediaKeyTap * is upstream the sole contributor to the debian packaging? * MIT and Expat license definitions appear identical, please use Expat as the license name throughout and remove the duplicate * the content of the license paragraphs for GPL-3 and GPL-3+ is identical (but obviously shouldn't be) * be careful to exclude copyright claims, comments, etc. from the license paragraphs; i.e. make the definitions for the BSD-style licenses start at "Redistribution and use..." so they're generic and re-usable; everything else belongs in the Files paragraphs - Control: * short description shouldn't start with caps * hardcoded libsqlite3-0 library dependency should be handled by ${shlibs:Depends} (libqt5sql5-sqlite is only recommended by the qt sql lib so that one might actually be justified) * a slightly newer standards-version out has come out recently * VCS: consider setting up a git repo on salsa.debian.org for your packaging work and enabling the CI there: it's a great quality control and collaboration tool, and a real timesaver for reviewers too - Docs: upstream changelog installed as doc rather than as changelog (via dh_installchangelogs) - Rules: better list those files in d/clean instead of using an override - Upstream/metadata: is a github user page -even that of the lead developer- really the best place to contact the upstream project? - Watch: unused dversionmangling - Build: why -fpermissive? - FHS: according to its manpage, the tagreader binary "is not meant to be run on its own"; is /usr/bin really where it should be installed? See https://www.debian.org/doc/packaging-manuals/fhs/ (libexec?) - Lintian: * I: strawberry: desktop-entry-lacks-keywords-entry usr/share/applications/org.strawberrymusicplayer.strawberry.desktop - Tests: upstream ships a testsuite; if possible, please run it on build and/or deploy it as an autopkgtest Please remove the moreinfo tag (and CC me directly) once you have an updated package ready. pgp2hh3B_pHJ0.pgp Description: OpenPGP digital signature
Bug#1010214: 1010214
Looks like it's a change in paramiko triggering this, that needs work in libcloud (and possibly others) to restore compatibility. See these upstream issues: https://github.com/paramiko/paramiko/issues/1961 https://github.com/apache/libcloud/pull/1685 pgp2e4K2m_X3S.pgp Description: OpenPGP digital signature
Bug#1010711: RFS: codelite/16.0.0 dfsg2-1 [QA] -- Powerful and lightweight IDE
On Sat, 07 May 2022 22:29:46 + Håvard F. Aasen wrote: > I am looking for a sponsor for my package "codelite": > > [...] > > The changes is pushed here [1] since I don't have access to the > official repo. Håvard, thanks for your QA work. I only made a small change to the watch file before uploading (it hardcoded "dfsg2" in the version mangling), and consequently also retagged the debian release. I'll push all missing commits from your fork to the package's standard repo soon so it all appears in the expected location. pgpNukxL5aSWV.pgp Description: OpenPGP digital signature
Bug#1010642: RFS: streamlink/4.0.1-1 -- CLI for extracting video streams from various websites to a video player
Control: tags -1 moreinfo On Thu, 5 May 2022 23:34:43 +0200 Alexis Murzeau wrote: > I am looking for a sponsor for my package streamlink for a new hi Alexis, the package as published on mentors ftbfs for me, looks like it's trying to connect to the internet for something to do with intersphinx (docs/conf.py:110 ?). See log excerpt [1] below. Other than that, a few observations: * control: ancient version requirements for python, requests, and pycountry are always met (even in oldstable); * vcs: consider enabling the CI on Salsa, and pushing changes to git before asking for sponsorship - it's a useful quality control tool and a nice timesaver for reviewers too. Please remove the moreinfo tag (and CC me directly) once you have an updated package ready. [1] Tail of buildlog: tests/utils/test_module.py ..[ 96%] tests/utils/test_named_pipe.py ..[ 96%] tests/utils/test_parse.py [ 96%] tests/utils/test_times.py .. [ 96%] tests/utils/test_url.py ... == 4592 passed, 31 skipped in 28.52s === create-stamp debian/debhelper-build-stamp dh_testroot -O--buildsystem=pybuild dh_prep -O--buildsystem=pybuild debian/rules override_dh_auto_install make[1]: Entering directory '/build/streamlink-4.0.1' LC_ALL=C.UTF-8 LANGUAGE=C.UTF-8 PYTHONPATH=/build/streamlink-4.0.1/src make --directory=docs html man make[2]: Entering directory '/build/streamlink-4.0.1/docs' sphinx-build -b html -d _build/doctrees -W . _build/html Running Sphinx v4.5.0 making output directory... done loading intersphinx inventory from https://docs.python-requests.org/en/stable/objects.inv... Warning, treated as error: failed to reach any of the inventories with the following issues: intersphinx inventory 'https://docs.python-requests.org/en/stable/objects.inv' not fetchable due to : HTTPSConnectionPool(host='docs.python-requests.org', port=443): Max retries exceeded with> make[2]: *** [Makefile:45: html] Error 2 make[2]: Leaving directory '/build/streamlink-4.0.1/docs' make[1]: *** [debian/rules:14: override_dh_auto_install] Error 2 make[1]: Leaving directory '/build/streamlink-4.0.1' make: *** [debian/rules:10: binary] Error 2 dpkg-buildpackage: error: debian/rules binary subprocess returned exit status 2 I: copying local configuration E: Failed autobuilding of package I: unmounting dev/pts filesystem I: unmounting dev/shm filesystem I: unmounting proc filesystem I: unmounting sys filesystem I: cleaning the build env I: removing directory /var/cache/pbuilder/build//33402 and its subdirectories pgpVW7NoEO3qY.pgp Description: OpenPGP digital signature
Bug#1008315: xpad: "segmentation fault xpad" on start
Control: tags -1 - moreinfo + confirmed upstream Control: forwarded -1 https://bugs.launchpad.net/xpad/+bug/1971568 > Attached is the gdb backtrace. Thanks, that helped narrow things down. It appears the crash is triggered by enabling the 'Use colors from theme' option (in xpad prefs, under Layout). To get the application to start again, rename or remove the settings file ~/.config/xpad/default-style and things should work again as long as you don't select the aforementioned option. pgpIXV0O8gzV6.pgp Description: OpenPGP digital signature
Bug#1009247: RFS: importlab/0.7-1 [ITP] -- Library to calculate Python dependency graphs
Control: tags -1 moreinfo On Sun, 10 Apr 2022 02:36:55 +0500 Lev Borodin wrote: > I am looking for a sponsor for my package importlab: hi Lev, as mentioned on irc, really solid work! A few comments and suggestions: Copyright: * incorrect year for the upstream copyright (sources mention 2017); * please use standard license shortnames (missing dash, see [1]); * the standalone license paragraph should include the license headers instead of just a oneliner. Rules: consider using debian/clean respectively execute_before_dh_installman instead of the two overrides. This would make the rules file even easier to read and avoid the repeated hardcoding of the buildsystem. Tests: the upstream testsuite looks very usable as a non-trivial autopkgtest (replacing the trivial autopkgtest-pkg-python). The general approach for a python package such as this is to copy the tests and testdata to an empty directory, then loop over all supported python versions; see [2] for a well written example. And lastly, please enable the CI on salsa: it's a great quality control tool and a real timesaver for reviewers too. [1] https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/#license-short-name [2] https://sources.debian.org/src/pyliblo/0.10.0-5/debian/tests/ Please remove the moreinfo tag (and CC me directly) once you have an updated package ready. pgp_i97WxWN9d.pgp Description: OpenPGP digital signature
Bug#1008927: ITP: jaraco.context -- jaraco contextlib extensions
Package: wnpp Severity: wishlist Needed for recent versions of jaraco.text. pgpdu8KJJK9Kr.pgp Description: OpenPGP digital signature
Bug#1008790: RFS: tango-icon-theme/0.8.90-9 [ITA] -- Tango icon library
Control: tags -1 moreinfo On Fri, 01 Apr 2022 17:34:09 + Matteo Bini wrote: > I am looking for a sponsor for my package tango-icon-theme: hi Matteo, the package as uploaded to mentors fails to build from source. Maybe the time has come to convert it to the dh sequencer? Tail of the buildlog: ``` I: Running cd /build/tango-icon-theme-0.8.90/ && env PATH="/usr/sbin:/usr/bin:/sbin:/bin" HOME="/nonexistent" dpkg-buildpackage -us -uc dpkg-buildpackage: info: source package tango-icon-theme dpkg-buildpackage: info: source version 0.8.90-9 dpkg-buildpackage: info: source distribution unstable dpkg-buildpackage: info: source changed by Matteo Bini dpkg-source --before-build . dpkg-buildpackage: info: host architecture amd64 debian/rules clean test -x debian/rules rm -f debian/stamp-makefile-build debian/stamp-makefile-install GCONF_DISABLE_MAKEFILE_SCHEMA_INSTALL=1 /usr/bin/make -C . -k distclean make[1]: Entering directory '/build/tango-icon-theme-0.8.90' make[1]: *** No rule to make target 'distclean'. make[1]: Leaving directory '/build/tango-icon-theme-0.8.90' make: [/usr/share/cdbs/1/class/makefile.mk:91: makefile-clean] Error 2 (ignored) rm -f debian/stamp-autotools rmdir --ignore-fail-on-non-empty . rmdir: failed to remove '.': Invalid argument make: [/usr/share/cdbs/1/class/autotools.mk:64: makefile-clean] Error 1 (ignored) set -e; dh_clean rm -f debian/stamp-autotools-files cd "." && rm -f intltool-extract intltool-merge intltool-update po/.intltool-merge-cache dpkg-source -b . dpkg-source: info: using source format '3.0 (quilt)' dpkg-source: info: building tango-icon-theme using existing ./tango-icon-theme_0.8.90.orig.tar.gz dpkg-source: info: using patch list from debian/patches/series dpkg-source: info: building tango-icon-theme in tango-icon-theme_0.8.90-9.debian.tar.xz dpkg-source: info: building tango-icon-theme in tango-icon-theme_0.8.90-9.dsc debian/rules binary test -x debian/rules dh_testroot dh_clean -k dh_clean: warning: The -k option is not supported in compat 12; use dh_prep instead dh_clean: error: This feature was removed in compat 12. make: *** [/usr/share/cdbs/1/rules/debhelper.mk:215: common-install-prehook-impl] Error 25 dpkg-buildpackage: error: debian/rules binary subprocess returned exit status 2 I: copying local configuration E: Failed autobuilding of package I: unmounting dev/pts filesystem I: unmounting proc filesystem I: unmounting sys filesystem I: cleaning the build env I: removing directory /var/cache/pbuilder/build//54322 and its subdirectories ``` pgp_ecWC_AcZ_.pgp Description: OpenPGP digital signature
Bug#1008315: xpad: "segmentation fault xpad" on start
Control: tags -1 + moreinfo I cannot reproduce this, the program starts normally and works as expected in testing. Any details to share, e.g. desktop environment used, fresh install or update, did xpad work before? Any output if you start the application from a terminal on your desktop? Can you get a backtrace? https://wiki.debian.org/HowToGetABacktrace pgp44K5qTXx64.pgp Description: OpenPGP digital signature
Bug#1000153: RM: python-gntp -- ROM; archived upstream; unused
Package: ftp.debian.org Severity: normal Please remove python-gntp: archived upstream, no reverse (build-) dependencies, low single digit popcon score. Thanks! pgpxdk5KcXi1S.pgp Description: OpenPGP digital signature
Bug#999776: ck: undefined reference to `__sync_fetch_and_add_8' and `__sync_val_compare_and_swap_8' [sysbench on mipsel]
Source: ck Version: 0.7.1-6 hi, I'm seeing build failure for sysbench on mipsel with errors pointing to an issue in ck, and a probably related test failure on mips64el. This happens with both ck 0.7.1-5 and -6; prior to these sysbench wasn't build for either architecture because ck wasn't available. On mips64el [1], the build completes but sysbench's testsuite fails the api_histogram test; on mipsel [2], linking fails with errors similar to those observed in the build of ck/0.7.1-4 [3] on the same arch. In more recent debian revisions of ck, its testsuite has been disabled on the affected architectures. Excerpt from the buildlog on mipsel (with ck/0.7.1-6): """ [...] gcc -DHAVE_CONFIG_H -I. -I../config -I../src -I/usr/include/luajit-2.1 -D__unknown__ -DCK_USE_CC_BUILTINS=1 -DDATADIR=\"/usr/share/sysbench\" -DLIBDIR=\"/usr/lib/mipsel-linux-gnu/sysbench\" -D_GNU_SOURCE -Wdate-time -D_FORTIFY_SOURCE=2 -Wall -Wextra -Wpointer-arith -Wbad-function-cast -Wstrict-prototypes -Wnested-externs -Wno-format-zero-length -Wundef -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wredundant-decls -Wcast-align -Wvla -pthread -O2 -funroll-loops -ggdb3 -g -O2 -ffile-prefix-map=/<>=. -fstack-protector-strong -Wformat -Werror=format-security -c -o sb_counter.o sb_counter.c /bin/bash ../libtool --tag=CC --mode=link gcc -Wall -Wextra -Wpointer-arith -Wbad-function-cast -Wstrict-prototypes -Wnested-externs -Wno-format-zero-length -Wundef -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wredundant-decls -Wcast-align -Wvla -pthread -O2 -funroll-loops -ggdb3 -g -O2 -ffile-prefix-map=/<>=. -fstack-protector-strong -Wformat -Werror=format-security -rdynamic -Wl,-z,relro -Wl,-z,now -L/usr/lib/mipsel-linux-gnu -o sysbench sysbench.o sb_timer.o sb_options.o sb_logger.o db_driver.o sb_histogram.o sb_rand.o sb_thread.o sb_barrier.o sb_lua.o sb_util.o sb_counter.o tests/fileio/libsbfileio.a tests/threads/libsbthreads.a tests/memory/libsbmemory.a tests/cpu/libsbcpu.a tests/mutex/libsbmutex.a drivers/mysql/libsbmysql.a -L/usr/lib/mipsel-linux-gnu/ -lmariadb drivers/pgsql/libsbpgsql.a -L/usr/lib/mipsel-linux-gnu -lpq -lluajit-5.1 -ldl -lck -laio -lm libtool: link: gcc -Wall -Wextra -Wpointer-arith -Wbad-function-cast -Wstrict-prototypes -Wnested-externs -Wno-format-zero-length -Wundef -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wredundant-decls -Wcast-align -Wvla -pthread -O2 -funroll-loops -ggdb3 -g -O2 -ffile-prefix-map=/<>=. -fstack-protector-strong -Wformat -Werror=format-security -rdynamic -Wl,-z -Wl,relro -Wl,-z -Wl,now -o sysbench sysbench.o sb_timer.o sb_options.o sb_logger.o db_driver.o sb_histogram.o sb_rand.o sb_thread.o sb_barrier.o sb_lua.o sb_util.o sb_counter.o -L/usr/lib/mipsel-linux-gnu tests/fileio/libsbfileio.a tests/threads/libsbthreads.a tests/memory/libsbmemory.a tests/cpu/libsbcpu.a tests/mutex/libsbmutex.a drivers/mysql/libsbmysql.a -L/usr/lib/mipsel-linux-gnu/ -lmariadb drivers/pgsql/libsbpgsql.a -lpq -lluajit-5.1 -ldl -lck -laio -lm -pthread /usr/bin/ld: sysbench.o: in function `sb_more_events': ./src/sysbench.c:697: undefined reference to `__sync_fetch_and_add_8' /usr/bin/ld: sysbench.o: in function `ck_pr_faa_64': /usr/include/gcc/ck_pr.h:228: undefined reference to `__sync_fetch_and_add_8' /usr/bin/ld: sb_histogram.o: in function `ck_pr_cas_64_value': /usr/include/gcc/ck_pr.h:203: undefined reference to `__sync_val_compare_and_swap_8' /usr/bin/ld: /usr/include/gcc/ck_pr.h:203: undefined reference to `__sync_val_compare_and_swap_8' /usr/bin/ld: sb_histogram.o: in function `ck_pr_add_64': /usr/include/gcc/ck_pr.h:259: undefined reference to `__sync_fetch_and_add_8' /usr/bin/ld: /usr/include/gcc/ck_pr.h:259: undefined reference to `__sync_fetch_and_add_8' /usr/bin/ld: /usr/include/gcc/ck_pr.h:259: undefined reference to `__sync_fetch_and_add_8' /usr/bin/ld: /usr/include/gcc/ck_pr.h:259: undefined reference to `__sync_fetch_and_add_8' /usr/bin/ld: sb_histogram.o: in function `ck_pr_cas_64_value': /usr/include/gcc/ck_pr.h:203: undefined reference to `__sync_val_compare_and_swap_8' /usr/bin/ld: /usr/include/gcc/ck_pr.h:203: undefined reference to `__sync_val_compare_and_swap_8' /usr/bin/ld: /usr/include/gcc/ck_pr.h:203: undefined reference to `__sync_val_compare_and_swap_8' /usr/bin/ld: /usr/include/gcc/ck_pr.h:203: undefined reference to `__sync_val_compare_and_swap_8' collect2: error: ld returned 1 exit status make[4]: *** [Makefile:560: sysbench] Error 1 [...] dpkg-buildpackage: error: debian/rules binary-arch subprocess returned exit status 2 """ [1]https://buildd.debian.org/status/fetch.php?pkg=sysbench&arch=mips64el&ver=1.0.20%2Bds-2&stamp=1636466286&raw=0 [2]https://buildd.debian.org/status/fetch.php?pkg=sysbench&arch=mipsel&ver=1.0.20%2Bds-2&stamp=1636467712&raw=0 [3]https://buildd.debian.org/status/fetch.php?pkg=ck&arch=mipsel&ver=0.7.1-4&stamp=1630035393&raw=0 pgpK6hEAXch1F.pgp Description: O
Bug#996410: RFS: smplayer/21.8.0-1 -- Complete front-end for MPlayer and mpv
Control: tags -1 moreinfo On Wed, 13 Oct 2021 21:18:34 +0200 Mateusz Łukasik wrote: > I am looking for a sponsor for my package smplayer: hi Mateusz, changelog: '~ds0' is missing from the version, although the upstream tarball is being repacked same as before. upstream/metadata: obsolete field removed by a janitor commit isn't actually gone (change overwritten in a subsequent git merge?). The package FTBFS when build twice in a row. Build log excerpt: """ dpkg-source: info: local changes detected, the modified files are: smplayer-21.8.0/version dpkg-source: error: aborting due to unexpected upstream changes """ Lintian detects various spelling errors: I: smplayer: spelling-error-in-binary usr/bin/smplayer "allows to" I: smplayer: spelling-error-in-binary usr/bin/smplayer Addd I: smplayer: spelling-error-in-binary usr/bin/smplayer abitrate Please remove the moreinfo tag (and CC me directly) once you have an updated package ready. pgpNaVK0mONmW.pgp Description: OpenPGP digital signature
Bug#995645: RFS: python-certbot-dns-standalone/1.0.3-1 [ITP] -- Standalone DNS plugin for Certbot with an integrated DSN server
On Tue, 12 Oct 2021 11:56:27 +0300 Linus Vanas wrote: > I did CC this RFS to the team email but I don't know how to contact > them otherwise. The package however seems to naturally belong under > the team. I agree; many if not all certbot packages are already maintained there. I don't know of any mailing list or irc hideout for that team, so probably best you try contacting the owners directly to bring the package under the team umbrella. I'll hold off the upload for the time being. pgpA8t3JzTpT_.pgp Description: OpenPGP digital signature
Bug#995645: RFS: python-certbot-dns-standalone/1.0.3-1 [ITP] -- Standalone DNS plugin for Certbot with an integrated DSN server
On Mon, 11 Oct 2021 23:08:16 +0300 Linus Vanas wrote: > Lintian in unstable is unhappy due to #995490, but otherwise the > package should be clean now. That look like a lintian issue more than anything else, best to wait until the dust settles. One other thing though: the maintainer is set to the Let's Encrypt team, but their git repo [1] isn't used nor do you appear to be a member [2]. Care to elaborate? Are you in contact with the team? [1] https://salsa.debian.org/letsencrypt-team [2] https://salsa.debian.org/groups/letsencrypt-team/-/group_members pgpdQWslaFgIB.pgp Description: OpenPGP digital signature
Bug#995645: RFS: python-certbot-dns-standalone/1.0.3-1 [ITP] -- Standalone DNS plugin for Certbot with an integrated DSN server
Control: tags -1 moreinfo On Sun, 3 Oct 2021 18:24:34 +0300 Linus Vanas wrote: > I am looking for a sponsor for my package > python-certbot-dns-standalone: hi Linus, The package doesn't build or install any documentation, although upstream provides both sphinx docs and a readme file. End users would definitely benefit from having those available to them. Lintian identified a minor issue: * P: python-certbot-dns-standalone source: trailing-whitespace debian/changelog (line 3) Control: * Typo in short description? ("dsn") * Upstream's very own description of their project ("Standalone DNS Authenticator plugin for Certbot") looks like a prefect short description. Implementation details such as an integrated dns server can go in the long description. Watch: * The uversionmangle seems pointless as it doesn't match any version ever tagged/released by upstream. And lastly, please enable the CI on salsa. It is a most useful quality control tool, and a significant time saver for reviewers too. Please remove the moreinfo tag (and CC me directly) once you have an updated package ready. pgpewp3KGOCHu.pgp Description: OpenPGP digital signature
Bug#995591: RFS: minidb/2.0.5-2 -- simple SQLite3-based store for Python objects
On Mon, 4 Oct 2021 21:19:28 +0200 Maxime Werlen wrote: > Is it really interresting to keep such basic test ? It doesn't test > anything not already tested by upstream tests. Will it not be > simpler to throw them away ? In that case, doing away with this particular autopkgtest is indeed a valid option. My initial review already hinted at the possibility too. pgp5nBgGxoxTi.pgp Description: OpenPGP digital signature
Bug#995591: RFS: minidb/2.0.5-2 -- simple SQLite3-based store for Python objects
On Mon, 4 Oct 2021 11:23:26 +0200 Maxime Werlen wrote: > A new package has been uploaded to mentors. > I hope I've done it correctly :) Close :) For the import.py autopkgtest, just adding "python3-all" to the test dependencies doesn't cause it to be run against all supported python3 versions - unlike on build where the dh sequencer combined with its python3 addon handles that for you. So that autopkgtest actually needs modification to loop over all supported python3 versions. The easiest way to do this is with a shell script mimicking the actions of the upstream-tests script, only this time to run 'import.py'. pgpoQr4di6i0U.pgp Description: OpenPGP digital signature
Bug#995591: RFS: minidb/2.0.5-2 -- simple SQLite3-based store for Python objects
Control: tags -1 moreinfo On Sat, 02 Oct 2021 20:41:32 +0200 Maxime Werlen wrote: > Package: sponsorship-requests > Severity: normal > > Dear mentors, > > I am looking for a sponsor for my package "minidb": hi Maxime, The package is not lintian clean: E: minidb source: missing-build-dependency-for-dh-addon python3 => python3:any | python3-all:any | python3-dev:any | python3-all-dev:any | dh-sequence-python3 Control: The ancient version requirement on the python3 build-dep is always satisfied, please remove. Tests: Consider using the upstream testsuite (currently only run during build) as autopkgtest. Be sure to copy the tests out of the source dir and to loop over all supported python3 versions; there's plenty of packages on the python team repo that can serve as examples, including [1]. The current 'import.py' is rather basic in comparison, doesn't test against all supported versions and should probably be marked "superficial" - if at all retained. Please remove the moreinfo tag (and CC me directly) once you have an updated package ready. [1] https://salsa.debian.org/python-team/packages/puremagic/-/tree/master/debian/tests pgpQ9J9JfKhz5.pgp Description: OpenPGP digital signature
Bug#993499: RFS: python-marshmallow-polyfield/5.10-1 -- marshmallow extension for polymorphic fields
On Fri, 17 Sep 2021 14:09:54 +0200 "Diego M. Rodriguez" wrote: > On Fri, 17 Sep 2021 11:30:24 +0200 Jeroen Ploemen > wrote: > > In that case, for lack of a better option, the upstream git commits > > could serve as a basis for the years. > > Noted - in this instance, 2015 is also the date of the initial git > commit in the upstream repo. Could you let me know if your mention of > "years" implies also declaring the year of the last commit for this > release in d/copyright (ie. 2015-2021)? It does. Copyrights have expiry dates too, so the most recent year matters. pgpUEB42mVL_T.pgp Description: OpenPGP digital signature
Bug#993460: RFS: python-jellyfish/0.8.8-1 -- Library for approximate and phonetic matching of strings
Control: tags -1 moreinfo On Wed, 1 Sep 2021 19:09:54 +0200 "Diego M. Rodriguez" wrote: > Package: sponsorship-requests > Severity: normal > > Dear mentors, > > I am looking for a sponsor for my package "python-jellyfish": hi Diego, copyright: * various copyright holders listed in d/copyright don't have their names appear anywhere in the sources. Please refresh and/or add comment fields detailing what the affected entries are based on. * upstream email address is outdated. rules: * docs are always build, regardless of build profile. Please add a check to avoid running the sphinx commands for the 'nodoc' profile. * why not enable all hardening? Package ftbfs when build twice in a row (missing d/clean entries?). Excerpt from the build log: dpkg-source: info: local changes detected, the modified files are: python-jellyfish-0.8.8/jellyfish.egg-info/PKG-INFO python-jellyfish-0.8.8/jellyfish.egg-info/SOURCES.txt Please remove the moreinfo tag (and CC me directly) once you have an updated package ready. pgpxqH6IklKau.pgp Description: OpenPGP digital signature
Bug#993499: RFS: python-marshmallow-polyfield/5.10-1 -- marshmallow extension for polymorphic fields
On Fri, 17 Sep 2021 10:53:40 +0200 "Diego M. Rodriguez" wrote: > > copyright: where does the 2015 upstream copyright year come from? > > I think it was added during the initial packaging based on the year of > the first upstream public release, but indeed there is no explicit > mention of 2015 in the upstream sources. I have added a comment to > d/copyright, but I'm not sure if this is the best approach - any > guidance would be welcome. In that case, for lack of a better option, the upstream git commits could serve as a basis for the years. pgpz3niKaYoFg.pgp Description: OpenPGP digital signature
Bug#993499: RFS: python-marshmallow-polyfield/5.10-1 -- marshmallow extension for polymorphic fields
Control: tags -1 moreinfo On Thu, 2 Sep 2021 11:09:06 +0200 "Diego M. Rodriguez" wrote: > Package: sponsorship-requests > Severity: normal > > Dear mentors, > > I am looking for a sponsor for my package > "python-marshmallow-polyfield": copyright: where does the 2015 upstream copyright year come from? control: * why hardcode the dependency on python3-marshmallow for the binary pkg? * the build-dep on the same also seems unneeded (at least unless/until tests are re-enabled, see watch) watch: consider using github for upstream releases, as the files published there include the upstream testsuite missing on pypi. And then put those tests to good use, of course :) Please remove the moreinfo tag (and CC me directly) once you have an updated package ready. pgpXJ8RmdTLRb.pgp Description: OpenPGP digital signature
Bug#990235: RFS: python-pylatexenc/2.10-1 [ITP] -- Simple LaTeX parser providing conversion to/from unicode
Control: tags -1 moreinfo On Wed, 23 Jun 2021 18:05:05 +0200 "Diego M. Rodriguez" wrote: > Package: sponsorship-requests > Severity: wishlist > > Dear mentors, > > I am looking for a sponsor for my package "python-pylatexenc": Hi Diego, this package looks quite nice overall, and I like that you've put the salsa CI features to good use too. Couple of questions and (mostly easily fixable) issues though: * The lintian hits on the binary pkg deserve an override: X: python3-pylatexenc: application-in-library-section python usr/bin/latexwalker usr/bin/latexencode usr/bin/latex2text X: python3-pylatexenc: library-package-name-for-application usr/bin/latexwalker usr/bin/latexencode usr/bin/latex2text * Changelog: just the 'Initial release' line closing the ITP bug will do for a new package. That will probably also stop mentors from complaining about "Package closes bugs in a wrong way". * Control: why the old compat level 12? * Copyright: I did initially have my doubts about _uni2latexmap_xml.py being subject to both Expat and W3C, but looking at -legal you did your homework there and came to a reasonable conclusion. * Copyright: there's no mention of any copyright later than 2019 held by Philippe Faist, yet grepping the upstream sources shows entries as recent as 2021 for that person. * Rules: what is the override of dh_auto_clean trying to achieve? * Rules: the help2man target seems to require an installed package in order to succeed. Any way to make this work with just the extracted source package? If not, a comment documenting the requirement would be useful. * Tests: please add non-trivial autopkgtests, based on the upstream testsuite. Be sure to copy the tests out of the source dir and to loop over all supported python3 versions; there's plenty of packages on the python team repo that can serve as examples, including [1]. Please remove the moreinfo tag (and CC me directly) once you have an updated package ready. [1] https://salsa.debian.org/python-team/packages/puremagic/-/tree/master/debian/tests pgpmKCL0KhnlO.pgp Description: OpenPGP digital signature
Bug#993035: bullseye-pu: package sabnzbdplus/3.1.1+dfsg-2
Package: release.debian.org Severity: normal Tags: bullseye User: release.debian@packages.debian.org Usertags: pu X-Debbugs-Cc: t...@security.debian.org The sabnzbdplus package has a security vulnerability, allowing a directory escape in the renamer() function through malicious par2 files. An attacker can create new files anywhere the privileges of the sabnzbdplus process permit, but not overwrite or delete existing files. The attached debdiff fixes the problem by backporting the upstream fix. Tested by downloading a proof-of-concept job designed to trigger the bug. All checks on salsa-ci also complete successfully, including the upstream testsuite used as autopkgtest. Upstream advisory: https://github.com/sabnzbd/sabnzbd/security/advisories/GHSA-jwj3-wrvf-v3rp Upstream fix: https://github.com/sabnzbd/sabnzbd/commit/3766ba54026eaa520dbee5b57a2f33d4954fb98b Security tracker (low severity/no-dsa): https://security-tracker.debian.org/tracker/CVE-2021-29488 sabnzbdplus_3.1.1+dfsg-2+deb11u1.debdiff Description: Binary data pgp5blDmXiTpe.pgp Description: OpenPGP digital signature
Bug#993034: buster-pu: package sabnzbdplus/2.3.6+dfsg-1+deb10u1
Package: release.debian.org Severity: normal Tags: buster User: release.debian@packages.debian.org Usertags: pu X-Debbugs-Cc: t...@security.debian.org The sabnzbdplus package has a security vulnerability, allowing a directory escape in the renamer() function through malicious par2 files. An attacker can create new files anywhere the privileges of the sabnzbdplus process permit, but not overwrite or delete existing files. The attached debdiff fixes the problem by backporting the upstream fix. Tested in buster by downloading a proof-of-concept job designed to trigger the bug. Upstream advisory: https://github.com/sabnzbd/sabnzbd/security/advisories/GHSA-jwj3-wrvf-v3rp Upstream fix: https://github.com/sabnzbd/sabnzbd/commit/3766ba54026eaa520dbee5b57a2f33d4954fb98b Security tracker (low severity/no-dsa): https://security-tracker.debian.org/tracker/CVE-2021-29488 sabnzbdplus_2.3.6+dfsg-1+deb10u2.debdiff Description: Binary data pgp5FxBadDbCh.pgp Description: OpenPGP digital signature
Bug#990643: ITP: puremagic -- pure python module to identify files
Package: wnpp Severity: wishlist https://github.com/cdgriffith/puremagic Needed for future versions of sabnzbdplus pgpMU_iEkGWHb.pgp Description: OpenPGP digital signature
Bug#985733: ITP: jaraco.classes -- additional routines for obtaining the class names
Package: wnpp Severity: wishlist Needed for recent versions of cherrypy3 pgphOZG9MBseU.pgp Description: OpenPGP digital signature
Bug#985731: ITP: jaraco.text -- jaraco text manipulation functions
Package: wnpp Severity: wishlist Needed for recent versions of cherrypy3 pgpzNtlYXk5QQ.pgp Description: OpenPGP digital signature
Bug#985732: ITP: jaraco.collections -- models and classes to supplement the stdlib 'collections' module
Package: wnpp Severity: wishlist Needed for recent versions of cherrypy3 pgpJ9r8I99fgx.pgp Description: OpenPGP digital signature
Bug#985216: RFS: sabnzbdplus/2.3.6+dfsg-1+deb10u1 -- web-based binary newsreader with nzb support
Package: sponsorship-requests Severity: normal X-Debbugs-CC: debian-pyt...@lists.debian.org Dear mentors, Note that this update has been approved by the stable release managers, see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984604 I am looking for a sponsor for my package "sabnzbdplus": * Package name: sabnzbdplus Version : 2.3.6+dfsg-1+deb10u1 Upstream Author : SABnzbd Team * URL : https://sabnzbd.org * License : GPL-2+ and others * Vcs : https://salsa.debian.org/python-team/applications/sabnzbdplus Section : contrib/net It builds those binary packages: sabnzbdplus - web-based binary newsreader with nzb support To access further information about this package, please visit the following URL: https://mentors.debian.net/package/sabnzbdplus/ Alternatively, one can download the package with dget using this command: dget -x https://mentors.debian.net/debian/pool/contrib/s/sabnzbdplus/sabnzbdplus_2.3.6+dfsg-1+deb10u1.dsc Changes since the last upload: sabnzbdplus (2.3.6+dfsg-1+deb10u1) buster; urgency=medium . * Backport upstream security fixes to prevent code execution from the program's web interface through crafted settings. (CVE-2020-13124) Regards, -- jcfp pgpISsGqFbsxQ.pgp Description: OpenPGP digital signature
Bug#984604: buster-pu: package sabnzbdplus/2.3.6+dfsg-1
Package: release.debian.org User: release.debian@packages.debian.org Usertags: pu Tags: buster Severity: normal The sabnzbdplus package in buster is affected by a security issue (CVE-2020-13124), permitting code execution from the program's web interface through crafted settings. By default, the web interface is only accessible from localhost, with no authentication required. Affected versions are 2.0.0RC1 - 3.0.0Beta3 (inclusive), see the upstream security advisory [1] for details. The issue has been fixed in testing and unstable already via a regular upload of a newer upstream release. For buster, the relevant upstream commits have been backported, see the attached debdiff. The security team was contacted but didn't consider this issue severe enough to warrant a DSA, and suggested going with a regular update instead [2]. [1] https://github.com/sabnzbd/sabnzbd/security/advisories/GHSA-9x87-96gg-33w2 [2] https://security-tracker.debian.org/tracker/CVE-2020-13124 buster_sabnzbdplus_2.3.6+dfsg-1.debdiff Description: Binary data pgpt4qFXtIcFX.pgp Description: OpenPGP digital signature
Bug#983754: uses threading.Thread.isAlive(), removed in python3.9
Package: src:cherrypy3 Version: 8.9.1-7 Severity: important Tags: sid bullseye User: debian-pyt...@lists.debian.org Usertags: python3.9 Came across this while working on sabnzbdplus. To reproduce, start sabnzbdplus on the cli in testing|unstable, then shut it down ctrl-c: 2021-03-01 09:59:05,259::ERROR::[_cplogging:219] [01/Mar/2021:09:59:05] ENGINE Error in 'stop' listener > Traceback (most recent call last): File "/usr/lib/python3/dist-packages/cherrypy/process/wspbus.py", line 216, in publish output.append(listener(*args, **kwargs)) File "/usr/lib/python3/dist-packages/cherrypy/process/servers.py", line 264, in stop self.httpserver.stop() File "/usr/lib/python3/dist-packages/cherrypy/wsgiserver/__init__.py", line 2221, in stop self.requests.stop(self.shutdown_timeout) File "/usr/lib/python3/dist-packages/cherrypy/wsgiserver/__init__.py", line 1702, in stop if worker is not current and worker.isAlive(): AttributeError: 'WorkerThread' object has no attribute 'isAlive' According to https://bugs.python.org/issue37804 this method was deprecated in 3.8 and removed in 3.9 in favour of is_alive(). pgp3rKsdRhW6K.pgp Description: OpenPGP digital signature
Bug#983112: cheetah: reduce Build-Depends
Control: tag -1 + confirmed pending Thanks for your report, (the essence of) your patch has been merged into the cheetah packaging on git: https://salsa.debian.org/python-team/packages/cheetah/-/commit/887722262dbf3fa8f5dcb03bedaf9adf1afcdc8a pgpdtVfkmarOY.pgp Description: OpenPGP digital signature
Bug#979433: RFS: sabnzbdplus/3.1.1+dfsg-2 [RC] -- web-based binary newsreader with nzb support
Package: sponsorship-requests Severity: important Dear mentors, I am looking for a sponsor for my package "sabnzbdplus": * Package name: sabnzbdplus Version : 3.1.1+dfsg-2 Upstream Author : The SABnzbd-Team * URL : https://sabnzbd.org * License : GPL-2+ and others * Vcs : https://salsa.debian.org/python-team/packages/sabnzbdplus Section : contrib/net It builds those binary packages: sabnzbdplus - web-based binary newsreader with nzb support To access further information about this package, please visit the following URL: https://mentors.debian.net/package/sabnzbdplus/ Alternatively, one can download the package with dget using this command: dget -x https://mentors.debian.net/debian/pool/contrib/s/sabnzbdplus/sabnzbdplus_3.1.1+dfsg-2.dsc Changes since the last upload: sabnzbdplus (3.1.1+dfsg-2) unstable; urgency=medium . [ JCF Ploemen (jcfp) ] * Tests: adjust syntax of pytest call. (Closes: #979300) . [ Sandro Tosi ] * Use the new Debian Python Team contact name and address Thanks! pgpBAOJldDDjC.pgp Description: OpenPGP digital signature
Bug#979300: sabnzbdplus autopkgtests fail with pytest 6
Control: tag 979300 + confirmed pending On Tue, 5 Jan 2021 00:17:12 +0100 Christian Kastner wrote: > sabnzbdplus autopkgtests fail with pytest 6 in unstable. The problem > seems to be the -k expression used to exclude particular tests: Thanks for your bug report. I already committed a fix [1] for this issue to git a while ago, and just now put up 3.1.1-2 for sponsorship in the python team. [1] https://salsa.debian.org/python-team/packages/sabnzbdplus/-/commit/b74025421a92ba647447e49cf342eb9a71acc422 pgpn0B02vmTF3.pgp Description: OpenPGP digital signature