Bug#747032: RFS: libjs-zxcvbn/1.0+dfsg.1-1
Thanks Helmut. Eriberto 2014-09-12 5:27 GMT-03:00 Helmut Grohne hel...@subdivi.de: On Thu, Sep 11, 2014 at 08:54:09AM -0300, Eriberto Mota wrote: Jackub, do you have conviction that buildd has Internet access? Nevertheless, the download when building is undesirable. Jakub was meaning to say that even though policy does not allow interacting with the internet during build, many of the currently running buildds do not enforce this. So at the moment you could likely upload a (policy violating) package that downloads stuff during build and have it successfully built on most buildds. That said, this topic is not uncontroversial as some folks would like to be able to use apt-get source during build as a means for avoiding more binary packages postfixed -source. Helmut -- To UNSUBSCRIBE, email to debian-mentors-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140912082707.ga19...@alf.mars -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#747032: RFS: libjs-zxcvbn/1.0+dfsg.1-1
On Thu, Sep 11, 2014 at 08:54:09AM -0300, Eriberto Mota wrote: Jackub, do you have conviction that buildd has Internet access? Nevertheless, the download when building is undesirable. Jakub was meaning to say that even though policy does not allow interacting with the internet during build, many of the currently running buildds do not enforce this. So at the moment you could likely upload a (policy violating) package that downloads stuff during build and have it successfully built on most buildds. That said, this topic is not uncontroversial as some folks would like to be able to use apt-get source during build as a means for avoiding more binary packages postfixed -source. Helmut -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#747032: RFS: libjs-zxcvbn/1.0+dfsg.1-1
I completely agree that downloading anything at build-time is a no-no, but... * Eriberto Mota eribe...@debian.org, 2014-09-10, 15:45: 3. The buildd system, that builds packages in Debian, don't have access to the Internet. This is a common misconception. Buildds do not block Internet access. (Although hopefully they will do this in the future!) -- Jakub Wilk -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#747032: RFS: libjs-zxcvbn/1.0+dfsg.1-1
Hum... Yesterday, in #debian-mentors (IRC), bremner confirmed that buildd block the Internet access. [15:27] eriberto Hi! A package in main can't download files when building. But in Debian Policy the §2.2.1 doesn't is clear about it. Can I use the §2.2.1 to this case? [15:29] bremner eriberto: no amount of policy-lawyering will magically give you network access on the buildd [15:31] eriberto bremmer, ok. So, to confirm, the buildd doesn't have Internet access, right? [15:31] bremner correct. [15:31] bremner in any case, it makes no sense for a source package to download things. How could the ftp-masters possibly check such a thing? [15:32] eriberto Yeap. [15:32] eriberto I think that is a DFSG violation too. [15:33] bremner I guess. It seems kindof hypothetical. [15:34] eriberto A discrimination against persons that no have Internet access. These person can't build the package. [15:35] bremner ok, but aside from a Debian themed trivia quiz, why is it important to decide? [15:35] geofft what are you actually trying to do? [15:36] geofft (there's some discussion on debian-devel that access to the Debian archive itself is a special case) [15:36] geofft (but chances are your package is not a special case, which is why Im asking :) ) [15:38] eriberto I am replying about a package that needs sponsor. [15:39] eriberto But is all right. Thanks guys! [15:39] bremner In that case I'd restrict yourself to the non-philosophical point that package will just be rejected by ftp-masters, and if it isn't, it will ftbfs everywhere [15:40] eriberto Yes. I am writing about why the package can't be put in Debian. Jackub, do you have conviction that buildd has Internet access? Nevertheless, the download when building is undesirable. Cheers, Eriberto 2014-09-11 8:07 GMT-03:00 Jakub Wilk jw...@debian.org: I completely agree that downloading anything at build-time is a no-no, but... * Eriberto Mota eribe...@debian.org, 2014-09-10, 15:45: 3. The buildd system, that builds packages in Debian, don't have access to the Internet. This is a common misconception. Buildds do not block Internet access. (Although hopefully they will do this in the future!) -- Jakub Wilk -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#747032: RFS: libjs-zxcvbn/1.0+dfsg.1-1
Please, ignore it: 1. d/changelog: remove the word 'bug'. Cheers, Eriberto -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#747032: RFS: libjs-zxcvbn/1.0+dfsg.1-1
Hi again. I did new tests and the package, when building, downloads lots of files from http://en.wiktionary.org/wiki/Wiktionary. The download files at build time is discouraged because: 1. The package can be afected by a worm or can act as a spyware. 2. The package can't be built offline. Maybe it will make the package non-free, because now we can have discrimination against persons that no have Internet access (see DFSG[1]). The Debian Policy §2.2.1 says: 2.2.1 The main archive area The main archive area comprises the Debian distribution. Only the packages in this area are considered part of the distribution. None of the packages in the main archive area require software outside of that area to function. [...] In addition, the packages in main: - must not require or recommend a package outside of main for compilation or execution [...]. 3. The buildd system, that builds packages in Debian, don't have access to the Internet. 4. The injected files can violate the original license of the upstream source code. Cheers, Eriberto 2014-09-10 12:50 GMT-03:00 Eriberto eribe...@eriberto.pro.br: Please, ignore it: 1. d/changelog: remove the word 'bug'. Cheers, Eriberto -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#747032: RFS: libjs-zxcvbn/1.0+dfsg.1-1
On 09-Sep-2014, Eriberto Mota wrote: About your package, please: Thank you for reviewing and providing feedback on this package. 2. d/control: in short description there is an 'indent' signal. Please, change to a simple dash. Do the same in d/copyright. I don't know what “indent signal” is. Are you referring to a punctuation character? All the control files in a Debian source package are Unicode URL:https://www.debian.org/doc/debian-policy/ch-controlfields.html, so as far as I can tell these control fields can contain any appropriate punctuation. Is there some other problem with these fields? 3. d/copyright: there are files licensing to other authors that not Dropbox. Please, review carefully all files. As help, use 'grep -sriA25 copyright *'. Thank you, I will look more closely and update the copyright information. 4. Your package doesn't build in my machine. It stops showing '( cd scripts python build_frequency_lists.py )' in screen. You later appeared to get further in the build process. Is this still a problem for you? On 10-Sep-2014, Eriberto Mota wrote: I did new tests and the package, when building, downloads lots of files from http://en.wiktionary.org/wiki/Wiktionary. The download files at build time is discouraged […] I agree with these reasons. Do you have a different approach which would avoid generated files in the source package without corresponding source? I would like to find a solution that improves the upstream package and doesn't bundle sourceless data files, but upstream are not responsive to discussing these improvements. Maybe I'll need to host a fork myself. -- \ “I moved into an all-electric house. I forgot and left the | `\ porch light on all day. When I got home the front door wouldn't | _o__)open.” —Steven Wright | Ben Finney b...@benfinney.id.au signature.asc Description: Digital signature
Bug#747032: RFS: libjs-zxcvbn/1.0+dfsg.1-1
2014-09-10 19:15 GMT-03:00 Ben Finney ben+deb...@benfinney.id.au: On 09-Sep-2014, Eriberto Mota wrote: About your package, please: Thank you for reviewing and providing feedback on this package. I am glad to help you. 2. d/control: in short description there is an 'indent' signal. Please, change to a simple dash. Do the same in d/copyright. I don't know what “indent signal” is. Are you referring to a punctuation character? All the control files in a Debian source package are Unicode URL:https://www.debian.org/doc/debian-policy/ch-controlfields.html, so as far as I can tell these control fields can contain any appropriate punctuation. Is there some other problem with these fields? Sorry but I am not English native. I will try explain using the characters. I would like that you to change — by -. 3. d/copyright: there are files licensing to other authors that not Dropbox. Please, review carefully all files. As help, use 'grep -sriA25 copyright *'. Thank you, I will look more closely and update the copyright information. Ok! 4. Your package doesn't build in my machine. It stops showing '( cd scripts python build_frequency_lists.py )' in screen. You later appeared to get further in the build process. Is this still a problem for you? No. When downloading, the screen activities stop some time. So, I waited more time and I saw the package building. On 10-Sep-2014, Eriberto Mota wrote: I did new tests and the package, when building, downloads lots of files from http://en.wiktionary.org/wiki/Wiktionary. The download files at build time is discouraged […] I agree with these reasons. Do you have a different approach which would avoid generated files in the source package without corresponding source? I would like to find a solution that improves the upstream package and doesn't bundle sourceless data files, but upstream are not responsive to discussing these improvements. Maybe I'll need to host a fork myself. I think that there are four solutions (maybe you will need ask about it in debian-legal, maybe no): 1. If the license permit, you can package the files from http://en.wiktionary.org/wiki/Wiktionary. However I have doubts if you can do it (gather all files in a tarball and package it). 2. You can make a package that shows an notification to user and downloads the files via postinst script. The site must allow it. I think that this package will be contrib[1]. 3. You can write a d/README.Debian to instruct the final user to download and install the files. 4. You can do a complete fork in GitHub. [1] https://www.debian.org/doc/debian-policy/ch-archive.html#s-contrib Good night from Brazil! Cheers, Eriberto -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#747032: RFS: libjs-zxcvbn/1.0+dfsg.1-1
tags 747032 pending thanks Hi Ben, About your package, please: 1. d/changelog: remove the word 'bug'. 2. d/control: in short description there is an 'indent' signal. Please, change to a simple dash. Do the same in d/copyright. 3. d/copyright: there are files licensing to other authors that not Dropbox. Please, review carefully all files. As help, use 'grep -sriA25 copyright *'. 4. Your package doesn't build in my machine. It stops showing '( cd scripts python build_frequency_lists.py )' in screen. Thanks for your work. Cheers, Eriberto 2014-05-04 18:32 GMT-03:00 Ben Finney ben+deb...@benfinney.id.au: Package: sponsorship-requests Severity: wishlist Control: tags 726171 + pending Control: block 726171 by -1 I am looking for a sponsor for my package ‘libjs-zxcvbn’: Package name: libjs-zxcvbn Version : 1.0+dfsg.1-1 Upstream Author : Dan Wheeler d...@dropbox.com URL : https://tech.dropbox.com/2012/04/zxcvbn-realistic-password-strength-estimation/ License : Expat Section : web It builds these binary packages: libjs-zxcvbn - realistic password strength estimation — JavaScript library You can get the package with ‘dget’: $ dget -x http://mentors.debian.net/debian/pool/main/l/libjs-zxcvbn/libjs-zxcvbn_1.0+dfsg.1-1.dsc More information about ‘zxcvbn’ can be obtained from URL:https://mentors.debian.net/package/libjs-zxcvbn and in the ITP bug report URL:http://bugs.debian.org/726171. -- \“Spam will be a thing of the past in two years' time.” —Bill | `\ Gates, 2004-01-24 | _o__) | Ben Finney b...@benfinney.id.au -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#747032: RFS: libjs-zxcvbn/1.0+dfsg.1-1
Package: sponsorship-requests Severity: wishlist Control: tags 726171 + pending Control: block 726171 by -1 I am looking for a sponsor for my package ‘libjs-zxcvbn’: Package name: libjs-zxcvbn Version : 1.0+dfsg.1-1 Upstream Author : Dan Wheeler d...@dropbox.com URL : https://tech.dropbox.com/2012/04/zxcvbn-realistic-password-strength-estimation/ License : Expat Section : web It builds these binary packages: libjs-zxcvbn - realistic password strength estimation — JavaScript library You can get the package with ‘dget’: $ dget -x http://mentors.debian.net/debian/pool/main/l/libjs-zxcvbn/libjs-zxcvbn_1.0+dfsg.1-1.dsc More information about ‘zxcvbn’ can be obtained from URL:https://mentors.debian.net/package/libjs-zxcvbn and in the ITP bug report URL:http://bugs.debian.org/726171. -- \“Spam will be a thing of the past in two years' time.” —Bill | `\ Gates, 2004-01-24 | _o__) | Ben Finney b...@benfinney.id.au signature.asc Description: Digital signature
Bug#747032: RFS: libjs-zxcvbn/1.0+dfsg.1-1
Ben Finney ben+deb...@benfinney.id.au writes: You can get the package with ‘dget’: Sorry, the URL was wrong there. Corrected:: $ dget -x http://mentors.debian.net/debian/pool/main/libj/libjs-zxcvbn/libjs-zxcvbn_1.0+dfsg.1-1.dsc More information about ‘zxcvbn’ can be obtained from URL:https://mentors.debian.net/package/libjs-zxcvbn and in the ITP bug report URL:http://bugs.debian.org/726171. I look forward to working with a sponsor for this package. -- \“Perchance you who pronounce my sentence are in greater fear | `\ than I who receive it.” —Giordano Bruno, burned at the stake by | _o__) the Catholic church for the heresy of heliocentrism, 1600-02-16 | Ben Finney b...@benfinney.id.au -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
