subject:"Bug#811069\: ITP\: lbfgsb \-\- Limited\-memory quasi\-Newton bound\-constrained optimization"

Bug#811069: ITP: lbfgsb -- Limited-memory quasi-Newton bound-constrained optimization

2016-02-20 Thread Paul Wise

On Mon, 2016-01-18 at 13:29 +0100, Gard Spreemann wrote:

> I'm sorry, I seem to have spoken too soon. Most of these are the
> incompatible, older version 2 of L-BFGS-B. An exception is
> python-scipy, which really does bundle version 3 (with minor trivial
> patches).

Please still report them to the security team and pursue getting them
ported to the latest version and the embeds removed upstream.

> I have now contacted upstream and notified them of some of these
> things, including prebuilt binaries, some metadata mess and some
> missing copyright notes.

Great, thanks.

When contacting upstream, you may want to point them at this:

https://wiki.debian.org/UpstreamGuide

-- 
bye,
pabs

https://wiki.debian.org/PaulWise




signature.asc
Description: This is a digitally signed message part

Bug#811069: ITP: lbfgsb -- Limited-memory quasi-Newton bound-constrained optimization

2016-01-18 Thread Gard Spreemann

Hi Paul, and thanks for your feedback!

On Sat, 16 Jan 2016 22:28:50 +0800 Paul Wise  wrote:
> On Fri, Jan 15, 2016 at 7:52 PM, Gard Spreemann wrote:
> 
> > A search on codesearch.debian.net reveals that at least the following
> > packages in Debian bundle duplicates of the code:
> > - python-scipy (see also #778635)
> > - vxl
> > - nwchem
> > - plastimatch
> > - psi4
> >
> > I believe that Debian should provide lbfgsb as a standalone library,
> > as it is useful in its own right and its presence could lead to code
> > deduplication in the future.
> 
> Please report these to the Debian security team so they can record the
> info in their metadata:
> 
> https://wiki.debian.org/EmbeddedCodeCopies

I'm sorry, I seem to have spoken too soon. Most of these are the
incompatible, older version 2 of L-BFGS-B. An exception is
python-scipy, which really does bundle version 3 (with minor trivial
patches).

> > Note that upstream's tarball
> > (http://users.iems.northwestern.edu/~nocedal/Software/Lbfgsb.3.0.tar.gz)
> > contains a few prebuilt binaries, and is also a minor tarbomb.
> 
> Ick, that is something that needs fixing upstream.

I have now contacted upstream and notified them of some of these
things, including prebuilt binaries, some metadata mess and some
missing copyright notes.

Bug#811069: ITP: lbfgsb -- Limited-memory quasi-Newton bound-constrained optimization

2016-01-16 Thread Paul Wise

On Fri, Jan 15, 2016 at 7:52 PM, Gard Spreemann wrote:

> A search on codesearch.debian.net reveals that at least the following
> packages in Debian bundle duplicates of the code:
> - python-scipy (see also #778635)
> - vxl
> - nwchem
> - plastimatch
> - psi4
>
> I believe that Debian should provide lbfgsb as a standalone library,
> as it is useful in its own right and its presence could lead to code
> deduplication in the future.

Please report these to the Debian security team so they can record the
info in their metadata:

https://wiki.debian.org/EmbeddedCodeCopies

> Note that upstream's tarball
> (http://users.iems.northwestern.edu/~nocedal/Software/Lbfgsb.3.0.tar.gz)
> contains a few prebuilt binaries, and is also a minor tarbomb.

Ick, that is something that needs fixing upstream.

> Upstream seems very inactive in the sense that the code appears to be
> "done". I have maintained a package for personal use since 2013 and
> have never experienced problems. I thus feel I could handle maintaing
> the package also for a wider user base going forward.

You might want to check it over using check-all-the-things (in
experimental), that will probably show some things that need
polishing. You might also want to suggest that upstream put their code
in a VCS repository and read our upstream guide.

https://wiki.debian.org/UpstreamGuide

-- 
bye,
pabs

https://wiki.debian.org/PaulWise

Bug#811069: ITP: lbfgsb -- Limited-memory quasi-Newton bound-constrained optimization

2016-01-15 Thread Gard Spreemann

Package: wnpp
Severity: wishlist
Owner: Gard Spreemann 

* Package name: lbfgsb
  Version : 3.0
  Upstream Author : Ciyou Zhu, Richard Byrd, Jorge Nocedal, Jose Luis Morales
* URL : http://users.iems.northwestern.edu/~nocedal/lbfgsb.html
* License : BSD-3-clause
  Programming Lang: Fortran
  Description : Limited-memory quasi-Newton bound-constrained optimization

The library is a widely used implementation of a bounded,
limited-memory BFGS algorithm.

A search on codesearch.debian.net reveals that at least the following
packages in Debian bundle duplicates of the code:
- python-scipy (see also #778635)
- vxl
- nwchem
- plastimatch
- psi4

I believe that Debian should provide lbfgsb as a standalone library,
as it is useful in its own right and its presence could lead to code
deduplication in the future.

Note that upstream's tarball
(http://users.iems.northwestern.edu/~nocedal/Software/Lbfgsb.3.0.tar.gz)
contains a few prebuilt binaries, and is also a minor tarbomb.

Upstream seems very inactive in the sense that the code appears to be
"done". I have maintained a package for personal use since 2013 and
have never experienced problems. I thus feel I could handle maintaing
the package also for a wider user base going forward.

I would need a sponsor.

Bug#811069: ITP: lbfgsb -- Limited-memory quasi-Newton bound-constrained optimization

Bug#811069: ITP: lbfgsb -- Limited-memory quasi-Newton bound-constrained optimization

Bug#811069: ITP: lbfgsb -- Limited-memory quasi-Newton bound-constrained optimization

Bug#811069: ITP: lbfgsb -- Limited-memory quasi-Newton bound-constrained optimization

4 matches

Site Navigation

Mail list logo

Footer information