Bug#526878: Bug#471801: Bug#526878: Bug#504283: Bug#471801: egroupware adoption or removal?
Hi Jan, Peter and everyone subscribed, as you probably followed on the mentors list, I uploaded new packages to m-d-n and submitted a request for sponsorship in June. Three people replied to my request, one of which actually had suggestions on what to improve about the packages. I appreciate that and tried to fix some of the problems in a second upload. There also were comments on the quality of the egroupware (upstream) codebase, its maintainability, and why it should be dropped from debian. Those were kind of surprising to me. Egroupware has been included in debian before and I didn't expect such strong resentments against a re-inclusion. I think, that there are two kinds of objections, which I tried to outline in my email on June 21st: - Objections related to the packages themselves: Those mainly arise from the fact, that Peter had invested *a lot* of work into the packaging process, some of which I might not have perfectly understood from the beginning. Thus for example I removed the watch file - not knowing, that lintian will complain in --pedantic mode. Also I acknowledged Peter's work, when I ignored most of the lintian warnings originating from his packages. "If they were included before" - so I thought - "they can't be that important". Partially I still believe that if they weren't a big show stopper before, they shouldn't be now. However I intend to fix them over the time of continuous maintenance. - Objections related to the package's content: The egroupware suite Here I disagree with those claiming egroupware was not suitable for inclusion as such. For the last couple of months I did not follow the issue of debian inclusion. I am still willing to do the work. However, as I am neither debian nor egroupware developer, I cannot debate the upstream codebase. If there's enough interest in egroupware on debians side, all it takes is some hints like "fix this, fix that". I'm also confident, that in most cases the egroupware folks are willing to fix upstream issues. If however the debian policy cannot permit egroupware upstream code into debian, then I wont be able to fix that. I can try to pass the messages between debian and egroupware, but it would be way more productive, if upstream issues could be solved by direct communication. To bring the whole thing forward, we could try to agree on the following: - Debian agrees whether its policy is compatible with egroupware upstream code. - If so, I will collect all issues related to the packaging (unmentioned licenses, watch file, unmentioned authors). A couple of them also seems to stem from changes in lintian, and might just be new. - Afterwards I will build new packages fixing the packaging errors and upload them to m-d-n. Theres a lot for me to learn during the process. "This will be a lot of work" is not an issue for me, as long as the overall perspective is to end up with high quality packages (included in debian). Best Regards, Lars Am 29.09.2010 21:40, schrieb Peter Eisentraut: > On ons, 2010-09-29 at 18:46 +0200, Jan Wagner wrote: >> Hi Lars, >> >> On Monday, 3. May 2010, Lars Volker wrote: >>> I've uploaded the new packages to m-d-n and I'd be glad, if one of you >>> could have a look at them. Especially I'm looking forward to hear from >>> Peter again. >> >> even if it would be too late for squeeze, is there any progress on the >> packaging? I did realize, that 1.8 is coming around the corner. > > I think Lars Volker is doing the packaging, but is looking for a > sponsor/mentor in Debian. > -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#526878: Bug#471801: Bug#526878: Bug#504283: Bug#471801: egroupware adoption or removal?
On ons, 2010-09-29 at 18:46 +0200, Jan Wagner wrote: > Hi Lars, > > On Monday, 3. May 2010, Lars Volker wrote: > > I've uploaded the new packages to m-d-n and I'd be glad, if one of you > > could have a look at them. Especially I'm looking forward to hear from > > Peter again. > > even if it would be too late for squeeze, is there any progress on the > packaging? I did realize, that 1.8 is coming around the corner. I think Lars Volker is doing the packaging, but is looking for a sponsor/mentor in Debian. -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#526878: Bug#471801: Bug#526878: Bug#504283: Bug#471801: egroupware adoption or removal?
Hi Lars, On Monday, 3. May 2010, Lars Volker wrote: > I've uploaded the new packages to m-d-n and I'd be glad, if one of you > could have a look at them. Especially I'm looking forward to hear from > Peter again. even if it would be too late for squeeze, is there any progress on the packaging? I did realize, that 1.8 is coming around the corner. With kind regards, Jan. -- Never write mail to , you have been warned! -BEGIN GEEK CODE BLOCK- Version: 3.12 GIT d-- s+: a C+++ UL P+ L+++ E--- W+++ N+++ o++ K++ w--- O M V- PS PE Y++ PGP++ t-- 5 X R tv- b+ DI D+ G++ e++ h r+++ y --END GEEK CODE BLOCK-- signature.asc Description: This is a digitally signed message part.
Bug#504283: Bug#471801: Bug#526878: Bug#504283: Bug#471801: egroupware adoption or removal?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Jan, Hi Peter, Hi all, responding to my last attempt to upload suitable packages to m-d-n, Peter sent me an email explaining various issues and mistakes I had made. I've reviewed his suggestions and came up with the following suggestion: As the most important task is to get egroupware back into a maintained and includable state, I've taken the latest debian/ code from svn-d-o and updated the tarball to the latest upstream release. I've also added myself as Maintainer, but I'm not sure whether this is justified, despite m-d-n stating so. Neither do I want to take away any credit for the great efforts, everyone has put into this, but I also don't want anyone to be annoyed with bug-related information being sent to their addresses. If I should put the QA-address back in, please let me know. The versions I had uploaded to m-d-n before were based on the latest debian versions of stylite's egroupware-epl packages. As this new packages are based on the latest code from svn-d-o, practically all issues should be resolved. With egroupware-egw-pear lintian reported changelog-should-mention-qa, but I'm not sure whether to act upon that or if the package will be out of QA? The native-package-with-dash-version is due to the fact, that the current upstream-version contains a dash in its version number. I've uploaded the new packages to m-d-n and I'd be glad, if one of you could have a look at them. Especially I'm looking forward to hear from Peter again. With kind regards, Lars Am 14.04.2010 15:26, schrieb Jan Wagner: > Hi Lars, > > On Wednesday 14 April 2010 14:45:02 Lars Volker wrote: >> after building Debian packages for the EPL version of egroupware for the >> last year, I also started building packages on opensuse's buildserver. >> They can be downloaded at >> http://download.opensuse.org/repositories/server:/eGroupWare/Debian_5.0/ >> >> After I talked to Ralf about Debian dropping egroupware, we decided that >> I should try to take care of the packages there as well. Therefore I >> corrected most of the lintian errors and warnings in the packages we had >> provided on opensuse's platform so far and uploaded them to mentors.d.n. > > thanks for taking care. > >> I'd really appreciate it, if someone picked up on those and sponsored my >> work. > > Maybe you should get in touch with potential sponsors directly (and keep tese > bugreports updated as well). > >> If you have any questions regarding my work or myself, feel free to ask >> at any time. > > Hmm ... why not based on svn://svn.debian.org/collab-maint/ext- > maint/egroupware/trunk/ (http://svn.debian.org/viewsvn/collab-maint/ext- > maint/egroupware/trunk/) > > Thanks and with kind regards, Jan. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAkvfPo0ACgkQjkLYWQtVFRqgCwCePOjSoGTmnD29N360o+yoRHsR 5xkAn0uIwsVovu3ln08vQsOQ9AlBCaml =WDKv -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#504283: Bug#471801: Bug#526878: Bug#504283: Bug#471801: egroupware adoption or removal?
Hi Lars, On Wednesday 14 April 2010 14:45:02 Lars Volker wrote: > after building Debian packages for the EPL version of egroupware for the > last year, I also started building packages on opensuse's buildserver. > They can be downloaded at > http://download.opensuse.org/repositories/server:/eGroupWare/Debian_5.0/ > > After I talked to Ralf about Debian dropping egroupware, we decided that > I should try to take care of the packages there as well. Therefore I > corrected most of the lintian errors and warnings in the packages we had > provided on opensuse's platform so far and uploaded them to mentors.d.n. thanks for taking care. > I'd really appreciate it, if someone picked up on those and sponsored my > work. Maybe you should get in touch with potential sponsors directly (and keep tese bugreports updated as well). > If you have any questions regarding my work or myself, feel free to ask > at any time. Hmm ... why not based on svn://svn.debian.org/collab-maint/ext- maint/egroupware/trunk/ (http://svn.debian.org/viewsvn/collab-maint/ext- maint/egroupware/trunk/) Thanks and with kind regards, Jan. -- Never write mail to , you have been warned! -BEGIN GEEK CODE BLOCK- Version: 3.12 GIT d-- s+: a C+++ UL P+ L+++ E--- W+++ N+++ o++ K++ w--- O M V- PS PE Y++ PGP++ t-- 5 X R tv- b+ DI D+ G++ e++ h r+++ y --END GEEK CODE BLOCK-- signature.asc Description: This is a digitally signed message part.
Bug#526878: Bug#471801: Bug#526878: Bug#504283: Bug#471801: egroupware adoption or removal?
Hi Jan, hi Peter, Martin, Ralf, after building Debian packages for the EPL version of egroupware for the last year, I also started building packages on opensuse's buildserver. They can be downloaded at http://download.opensuse.org/repositories/server:/eGroupWare/Debian_5.0/ After I talked to Ralf about Debian dropping egroupware, we decided that I should try to take care of the packages there as well. Therefore I corrected most of the lintian errors and warnings in the packages we had provided on opensuse's platform so far and uploaded them to mentors.d.n. I'd really appreciate it, if someone picked up on those and sponsored my work. If you have any questions regarding my work or myself, feel free to ask at any time. Thanks and best regards, Lars Jan Wagner schrieb: Hi Lars, hi Peter, hi Martin, On Tuesday 09 March 2010 10:32:29 Jan Wagner wrote: On Saturday, 22. August 2009, Ralf Becker wrote: Independent of how EGroupware is maintained in Debian in future, I'm happy to work closer together with Debian Security Team, to get earlier information about exploits in embedded code and coordinate security fixes. If I'm going to maintain EGroupware in Debian, everyone can expect same-time releases of Debian packages (to experimental), as the other rpm packages or archives of EGroupware. I don't know, if you have noticed, but egroupware[1] was removed from testing, which results in releasing the next stable version of Debian _without_ egroupware. Actually the package has _no_ maintainer, so there is no work done to change this soon (and Debian ist freezing in the next days, so there is no time to relaxe, if this is intended to). While you released 1.6.003 these days I was remembered about the problem. As staying egroupware seems "most important", the situation seems even more worse. since Ralf did nothing (beside spreading the word), the packages are removed from testing and unstable. Today I accidentaly found the packages from Lars on mentors.d.n: http://mentors.debian.net/cgi-bin/sponsor- pkglist?action=details;package=egroupware Maybe Peter or Martin are willing to sponsor the packages? Thanks and with kind regards, Jan. -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#526878: Bug#471801: Bug#526878: Bug#504283: Bug#471801: egroupware adoption or removal?
Hi Lars, hi Peter, hi Martin, On Tuesday 09 March 2010 10:32:29 Jan Wagner wrote: > On Saturday, 22. August 2009, Ralf Becker wrote: > > Independent of how EGroupware is maintained in Debian in future, I'm > > happy to work closer together with Debian Security Team, to get earlier > > information about exploits in embedded code and coordinate security > > fixes. > > > > If I'm going to maintain EGroupware in Debian, everyone can expect > > same-time releases of Debian packages (to experimental), as the other > > rpm packages or archives of EGroupware. > > I don't know, if you have noticed, but egroupware[1] was removed from > testing, which results in releasing the next stable version of Debian > _without_ egroupware. Actually the package has _no_ maintainer, so there is > no work done to change this soon (and Debian ist freezing in the next days, > so there is no time to relaxe, if this is intended to). > While you released 1.6.003 these days I was remembered about the problem. > As staying egroupware seems "most important", the situation seems even more > worse. since Ralf did nothing (beside spreading the word), the packages are removed from testing and unstable. Today I accidentaly found the packages from Lars on mentors.d.n: http://mentors.debian.net/cgi-bin/sponsor- pkglist?action=details;package=egroupware Maybe Peter or Martin are willing to sponsor the packages? Thanks and with kind regards, Jan. -- Never write mail to , you have been warned! -BEGIN GEEK CODE BLOCK- Version: 3.12 GIT d-- s+: a C+++ UL P+ L+++ E--- W+++ N+++ o++ K++ w--- O M V- PS PE Y++ PGP++ t-- 5 X R tv- b+ DI D+ G++ e++ h r+++ y --END GEEK CODE BLOCK-- signature.asc Description: This is a digitally signed message part.
Bug#504283: Bug#526878: Bug#504283: Bug#471801: egroupware adoption or removal?
Hi Jan, a wasn't aware of that. It's a shame :-( Thought I dont know what more I can do, then to express that I'm willing to maintain it or help someone else to maintain it. The decision about it is with Debian. What we (Stylite GmbH and EGroupware project) can do is building Debian packages on openSUSE build service and making a repository with Debian/Ubuntu packages available via that infrastructure. I agree that's not the same as having EGroupware in Debian and Ubuntu. Ralf Jan Wagner schrieb: > Hi Ralf, > > On Saturday, 22. August 2009, Ralf Becker wrote: >> Independent of how EGroupware is maintained in Debian in future, I'm >> happy to work closer together with Debian Security Team, to get earlier >> information about exploits in embedded code and coordinate security fixes. >> >> If I'm going to maintain EGroupware in Debian, everyone can expect >> same-time releases of Debian packages (to experimental), as the other >> rpm packages or archives of EGroupware. >> >> I will of cause very like try to handle at least the Linux packages of >> EGroupware as close as possible together - thought in the past mostly >> rpm packages benefit from the already nice Debian packages. >> >> I made now many fixes and enhancements to our commercial Debian >> packages, which I plan to integrate (or report back) to Debian. >> >> Anyway most important for me is that EGroupware stays in Debian. >> I'm happy if we (EGroupware project) have a competent and timely >> available Debian maintainer, as we had in the past with Peter. > > I don't know, if you have noticed, but egroupware[1] was removed from > testing, > which results in releasing the next stable version of Debian _without_ > egroupware. Actually the package has _no_ maintainer, so there is no work > done > to change this soon (and Debian ist freezing in the next days, so there is no > time to relaxe, if this is intended to). > While you released 1.6.003 these days I was remembered about the problem. As > staying egroupware seems "most important", the situation seems even more > worse. > > With kind regards, Jan. > [1] http://packages.qa.debian.org/e/egroupware.html -- Ralf Becker Director Software Development Stylite GmbH [open style of IT] Morschheimer Strasse 15 67292 Kirchheimbolanden fon +49 (0) 6352 70629-0 fax +49 (0) 6352 70629-30 mailto: r...@stylite.de www.stylite.de www.egroupware.org Geschäftsführer Andre Keller, Gudrun Müller, Ralf Becker Registergericht Kaiserslautern HRB 30575 Umsatzsteuer-Id / VAT-Id: DE214280951 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#526878: Bug#504283: Bug#471801: egroupware adoption or removal?
Hi Ralf, On Saturday, 22. August 2009, Ralf Becker wrote: > Independent of how EGroupware is maintained in Debian in future, I'm > happy to work closer together with Debian Security Team, to get earlier > information about exploits in embedded code and coordinate security fixes. > > If I'm going to maintain EGroupware in Debian, everyone can expect > same-time releases of Debian packages (to experimental), as the other > rpm packages or archives of EGroupware. > > I will of cause very like try to handle at least the Linux packages of > EGroupware as close as possible together - thought in the past mostly > rpm packages benefit from the already nice Debian packages. > > I made now many fixes and enhancements to our commercial Debian > packages, which I plan to integrate (or report back) to Debian. > > Anyway most important for me is that EGroupware stays in Debian. > I'm happy if we (EGroupware project) have a competent and timely > available Debian maintainer, as we had in the past with Peter. I don't know, if you have noticed, but egroupware[1] was removed from testing, which results in releasing the next stable version of Debian _without_ egroupware. Actually the package has _no_ maintainer, so there is no work done to change this soon (and Debian ist freezing in the next days, so there is no time to relaxe, if this is intended to). While you released 1.6.003 these days I was remembered about the problem. As staying egroupware seems "most important", the situation seems even more worse. With kind regards, Jan. [1] http://packages.qa.debian.org/e/egroupware.html -- Never write mail to , you have been warned! -BEGIN GEEK CODE BLOCK- Version: 3.12 GIT d-- s+: a C+++ UL P+ L+++ E--- W+++ N+++ o++ K++ w--- O M V- PS PE Y++ PGP++ t-- 5 X R tv- b+ DI D+ G++ e++ h r+++ y --END GEEK CODE BLOCK-- signature.asc Description: This is a digitally signed message part.
Bug#504283: Bug#526878: Bug#504283: Bug#471801: egroupware adoption or removal?
Hi Jan, Jan Wagner schrieb: > Hi Ralf, > > one of the main problem for packaging egroupware (not exclusive relevant for > debian) is the huge amount of embedded code copies[1] (search for > 'egroupware'). This was the reason to not include egroupware into sarge and > is > the actual reason for removing from testing. If there pops up a security > problem for any embedded code copy, the (egroupware) package needs fixed in > any way. The ideal solution would be to get rid of the embeddde code copies > in > the egroupware debian package and use the debian package of the embedded code > copy. For example with phpmailer, just the phpmailer package needs to be > fixed > and egroupware is not vuln anymore. > The actual problem is, to fix the problem in the egroupware package too, > which > is a big security mess. Unfortunately the problem is more complex. Here are a few reasons why code it embed into EGroupware instead of using external libraries: - upstream did not accepted patches necessary for bugfixes or enhancements (eg. CalDAV support via HTTP_WebDAV_Server) - missing time and resources to communicate and negotiate with upstream to accept required modifications - not creating more dependencies for inexperienced users mostly using zip archives under windows (I know that matters not for Debian, but it's important for our user base). So far we only have dependencies in either PHP extensions or PEAR packages (for the EGroupware core). - sharing authentication and sessions with other external applications, can usually not be archived with just a parallel installation. Even if the software is untouched (as for example Gallery2) we need to provide configuration files (fetching their data from EGroupware) within their code trees - other stuff like eg. FCKeditor requires to create and/or configure a serverside backend I know most of the above can be solved, if we look only on Debian and EGroupware developers had more resources to spend in that area. Looking at the exploits of the last years - the majority was caused by embed code - most were fixed within days of coming to my knowledge. That process of cause only starts, after the upstream projects published. > So if you could take this code copy issue into account, the conditions for > egroupware in debian would benefit a lot. > > Thanks and with kind regards, Jan. > [1] > http://svn.debian.org/wsvn/secure-testing/data/embedded-code-copies?op=file This list is not up to date. It lists all problems as unfixed, which is not the case: the exploits in these embedded packages are either: - fixed in the most current EGroupware packages or - can not be executed in EGroupware (eg. we use only SMTP in phpMailer) Independent of how EGroupware is maintained in Debian in future, I'm happy to work closer together with Debian Security Team, to get earlier information about exploits in embedded code and coordinate security fixes. If I'm going to maintain EGroupware in Debian, everyone can expect same-time releases of Debian packages (to experimental), as the other rpm packages or archives of EGroupware. I will of cause very like try to handle at least the Linux packages of EGroupware as close as possible together - thought in the past mostly rpm packages benefit from the already nice Debian packages. I made now many fixes and enhancements to our commercial Debian packages, which I plan to integrate (or report back) to Debian. Anyway most important for me is that EGroupware stays in Debian. I'm happy if we (EGroupware project) have a competent and timely available Debian maintainer, as we had in the past with Peter. Ralf -- Ralf Becker Director Software Development Stylite GmbH [open style of IT] Morschheimer Strasse 15 67292 Kirchheimbolanden fon +49 (0) 6352 70629-0 fax +49 (0) 6352 70629-30 mailto: r...@stylite.de www.stylite.de www.egroupware.org Geschäftsführer Andre Keller, Gudrun Müller, Nigel Vickers und Ralf Becker Registergericht Kaiserslautern HRB 30575 Umsatzsteuer-Id / VAT-Id: DE214280951 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#526878: Bug#504283: Bug#471801: egroupware adoption or removal?
Hi Ralf, On Thursday 20 August 2009, Ralf Becker wrote: > I'm one of the admins and the main developer of EGroupware project. > > Naturally I'm very interested that EGroupware stays in Debian. > > I'm building the projects own rpm packages and since a while also Debian > packages for a professional EGroupware line of my company. > > I'm willing to maintain the Debian packages - thought I have no idea > what the non-technical requirements on a Debian maintainer are. one of the main problem for packaging egroupware (not exclusive relevant for debian) is the huge amount of embedded code copies[1] (search for 'egroupware'). This was the reason to not include egroupware into sarge and is the actual reason for removing from testing. If there pops up a security problem for any embedded code copy, the (egroupware) package needs fixed in any way. The ideal solution would be to get rid of the embeddde code copies in the egroupware debian package and use the debian package of the embedded code copy. For example with phpmailer, just the phpmailer package needs to be fixed and egroupware is not vuln anymore. The actual problem is, to fix the problem in the egroupware package too, which is a big security mess. So if you could take this code copy issue into account, the conditions for egroupware in debian would benefit a lot. Thanks and with kind regards, Jan. [1] http://svn.debian.org/wsvn/secure-testing/data/embedded-code- copies?op=file -- Never write mail to , you have been warned! -BEGIN GEEK CODE BLOCK- Version: 3.1 GIT d-- s+: a- C+++ UL P+ L+++ E- W+++ N+++ o++ K++ w--- O M V- PS PE Y++ PGP++ t-- 5 X R tv- b+ DI- D++ G++ e++ h-- r+++ y+++ --END GEEK CODE BLOCK-- -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
