Uploaded kdebindings 2.2.2-4 (m68k) to ftp-master

[buildd m68k user account]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.7
Date: Sat, 31 Aug 2002 19:21:09 +
Source: kdebindings
Binary: libkdexparts-dev dcoppython libdcopc-dev libkdexparts1 dcopperl 
libdcopc1
Architecture: m68k
Version: 2.2.2-4
Distribution: unstable
Urgency: low
Maintainer: buildd m68k user account [EMAIL PROTECTED]
Changed-By: Bas Zoetekouw [EMAIL PROTECTED]
Description: 
 dcopperl   - Perl bindings for DCOP
 dcoppython - Python bindings for DCOP
 libdcopc-dev - C bindings for DCOP (Development files)
 libdcopc1  - C bindings for DCOP
 libkdexparts-dev - Python bindings for DCOP
 libkdexparts1 - Python bindings for DCOP
Closes: 158161
Changes: 
 kdebindings (2.2.2-4) unstable; urgency=low
 .
   * Rebuilt for perl 5.8 (closes: #158161)
Files: 
 b64417bfdfab307c6a8733aab76e31ce 42922 libs optional 
dcoppython_2.2.2-4_m68k.deb
 4a44e76401e36827194acc9e04ecc824 56464 libs optional dcopperl_2.2.2-4_m68k.deb
 e3e8f9a83e727e84b08191e660a91695 17724 libs optional libdcopc1_2.2.2-4_m68k.deb
 58bbcb835c2c8852eae59cda31644e14 4902 devel optional 
libdcopc-dev_2.2.2-4_m68k.deb
 8bd740a35b71ba47d0d978bbffe8d163 57978 libs optional 
libkdexparts1_2.2.2-4_m68k.deb
 e1120bc7647c80009aa55c157f200c7f 2852 devel optional 
libkdexparts-dev_2.2.2-4_m68k.deb

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE9csPxEycGpQPNsdIRAlVbAJ9+8VYQ5u+xLBlH78ZYtNJThOEtGACeLmdU
Mg39Uosdbs6q0mw7CE/DB+4=
=3bhx
-END PGP SIGNATURE-

Uploaded libcurses-perl 1.06-2.1 (m68k) to ftp-master

[buildd m68k user account]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.7
Date: Tue, 27 Aug 2002 22:09:54 +1000
Source: libcurses-perl
Binary: libcurses-perl
Architecture: m68k
Version: 1.06-2.1
Distribution: unstable
Urgency: low
Maintainer: buildd m68k user account [EMAIL PROTECTED]
Changed-By: Brendan O'Dea [EMAIL PROTECTED]
Description: 
 libcurses-perl - Curses interface for Perl
Changes: 
 libcurses-perl (1.06-2.1) unstable; urgency=low
 .
   * NMU
   * Use PerlIO_FindFILE to fetch FILE* from PerlIO objects.
   * Build against perl 5.8.0.
Files: 
 40c24baade29c28fcf63275595abc0ad 117414 libs extra 
libcurses-perl_1.06-2.1_m68k.deb

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE9csP9EycGpQPNsdIRAhRgAJ0Zm00Y1nzkVEsjQAAkRWMDL7zErACfebN3
Pt7FspICdzwzDDXb80MIBLQ=
=TQhF
-END PGP SIGNATURE-

Uploaded ksymoops 2.4.6-2 (m68k) to ftp-master

[buildd m68k user account]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.7
Date: Sun, 18 Aug 2002 21:30:24 -0400
Source: ksymoops
Binary: ksymoops
Architecture: m68k
Version: 2.4.6-2
Distribution: unstable
Urgency: low
Maintainer: buildd m68k user account [EMAIL PROTECTED]
Changed-By: Stephen Frost [EMAIL PROTECTED]
Description: 
 ksymoops   - Linux kernel oops and error message decoder
Closes: 75481 81093 98469 111214 156802
Changes: 
 ksymoops (2.4.6-2) unstable; urgency=low
 .
   * New Maintainer.  Closes: Bug#156802, #98469
   * Recompiled, tested and not crashing.  Closes: Bug#75481
   * Now depends on binutils.  Closes: Bug#81093
   * Manpage changed to refer to /usr/share/doc.  Closes: Bug#111214
Files: 
 e59383d6e65e2ab4aea2b06230a626ba 162742 utils optional 
ksymoops_2.4.6-2_m68k.deb

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE9cwFEEycGpQPNsdIRAoLvAJoD3SWEal6fyA03q7n+0G8bLgRDCQCeLHWH
iYW7K6YZqzkpZiKP5hxPbX0=
=IvNQ
-END PGP SIGNATURE-

Uploaded tardy 1.8-4 (m68k) to ftp-master

[buildd m68k user account]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.7
Date: Sat, 31 Aug 2002 19:44:29 -0700
Source: tardy
Binary: tardy
Architecture: m68k
Version: 1.8-4
Distribution: unstable
Urgency: low
Maintainer: buildd m68k user account [EMAIL PROTECTED]
Changed-By: Matt Kraai [EMAIL PROTECTED]
Description: 
 tardy  - A tar(5) post-processor.
Changes: 
 tardy (1.8-4) unstable; urgency=low
 .
   * Install this file as changelog.Debian.gz.
Files: 
 5f68858955e3fed2a9f84f919dccc75d 51932 utils optional tardy_1.8-4_m68k.deb

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE9cwFYEycGpQPNsdIRAjj3AKCK70VnfIZDFwwgTm17nkLQ7RNfCACgl08I
wSOanslu5t63PUlMDdUxLTg=
=cXOk
-END PGP SIGNATURE-

Uploaded tuxpaint 2002.08.23-2 (m68k) to ftp-master

[buildd m68k user account]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.7
Date: Sun,  1 Sep 2002 11:22:38 -0300
Source: tuxpaint
Binary: tuxpaint tuxpaint-data
Architecture: m68k
Version: 2002.08.23-2
Distribution: unstable
Urgency: low
Maintainer: buildd m68k user account [EMAIL PROTECTED]
Changed-By: Ben Armstrong [EMAIL PROTECTED]
Description: 
 tuxpaint   - A paint program for young children
Closes: 159017 159096
Changes: 
 tuxpaint (2002.08.23-2) unstable; urgency=low
 .
   * Fix dependency on libsdl-image1.2. (Closes: #159096)
   * Add dependencies on libvorbis0, libvorbisfile3 and
 build-dep on libvorbis-dev (Closes: #159017)
Files: 
 1c835af070a1333bd647df748a9727d2 68018 graphics optional 
tuxpaint_2002.08.23-2_m68k.deb

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE9cwCqEycGpQPNsdIRAjbLAJ9YSmxA5r9xw7iu/jTDs7C7uN2H5wCfRl5F
lCYrmQ75M6jbXD810Puhp4I=
=uFz2
-END PGP SIGNATURE-

Uploaded imagemagick 5.4.8.2-1.3 (m68k) to ftp-master

[buildd m68k user account]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.7
Date: Sat, 24 Aug 2002 01:32:24 +0200
Source: imagemagick
Binary: perlmagick libmagick++5 libmagick5-dev libmagick5 libmagick++5-dev 
imagemagick
Architecture: m68k
Version: 4:5.4.8.2-1.3
Distribution: unstable
Urgency: low
Maintainer: buildd m68k user account [EMAIL PROTECTED]
Changed-By: Josselin Mouette [EMAIL PROTECTED]
Description: 
 imagemagick - Image manipulation programs.
 libmagick++5 - The object-oriented C++ API to the ImageMagick library
 libmagick++5-dev - The object-oriented C++ API to the ImageMagick 
library.--developm
 libmagick5 - Image manipulation library (free version).
 libmagick5-dev - Image manipulation library (free version) -- development
 perlmagick - A perl interface to the libMagick graphics routines.
Changes: 
 imagemagick (4:5.4.8.2-1.3) unstable; urgency=low
 .
   * NMU for perl 5.8. Set perl build dependency to version 5.8. Use of a
 higher NMU version number, just in case.
Files: 
 a4b061200f590cca166a1fa1dfc8372b 1364692 graphics optional 
imagemagick_5.4.8.2-1.3_m68k.deb
 18a47cbe8bf4a4da50aa65ed18c1b917 752260 libs optional 
libmagick5_5.4.8.2-1.3_m68k.deb
 25870346a14d6097ecfbe3927596a52f 69372 devel optional 
libmagick5-dev_5.4.8.2-1.3_m68k.deb
 466bf9854b8af9e884dd106d846d7ee7 146012 libs optional 
libmagick++5_5.4.8.2-1.3_m68k.deb
 dd6fc4e1515992de2ef84c83dcbf8f09 56568 devel optional 
libmagick++5-dev_5.4.8.2-1.3_m68k.deb
 699209ef84932924e5f70319445c2d69 115526 interpreters optional 
perlmagick_5.4.8.2-1.3_m68k.deb

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE9cwCdEycGpQPNsdIRAsALAKCq12BZ+yEmUBQekyNk+bSw6fObKwCeOt7T
ZPII90qbDsslhhmhDPKH2ts=
=x8uP
-END PGP SIGNATURE-

Uploaded libgnomeui 2.0.4-1 (all m68k) to erlangen

[Debian/m68k Build Daemon]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.7
Date: Thu, 29 Aug 2002 19:40:24 +0200
Source: libgnomeui
Binary: libgnomeui-0 libgnomeui-dev libgnomeui-doc libgnomeui-common
Architecture: all m68k
Version: 2.0.4-1
Distribution: unstable
Urgency: low
Maintainer: Debian/m68k Build Daemon [EMAIL PROTECTED]
Changed-By: Christian Marillat [EMAIL PROTECTED]
Description: 
 libgnomeui-0 - The GNOME 2 libraries (User Interface) - runtime files
 libgnomeui-common - The GNOME 2 libraries (User Interface) - common files
 libgnomeui-dev - The GNOME 2 libraries (User Interface) - development files
 libgnomeui-doc - The GNOME 2 libraries (User Interface) - documentation files
Changes: 
 libgnomeui (2.0.4-1) unstable; urgency=low
 .
   * New upstream release.
Files: 
 aed8af60f03593885dc21167e8f0b995 266548 libs optional 
libgnomeui-0_2.0.4-1_m68k.deb
 c3c8223b9a37556676f852e1f4ea 312806 devel optional 
libgnomeui-dev_2.0.4-1_m68k.deb
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.6 http://mailcrypt.sourceforge.net/

iD8DBQE9cyKUcS3JWD3FdvcRAh3ZAJ40F6qQT6++UUdUz5F4AF+aNQog2ACbBaud
nzwWDIaujemOGE5hCXCf5BI=
=aYsi
-END PGP SIGNATURE-

Uploaded fidelio 0.9.6-6 (m68k) to erlangen

[Debian/m68k Build Daemon]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.7
Date: Sun,  1 Sep 2002 22:39:12 +0200
Source: fidelio
Binary: fidelio
Architecture: m68k
Version: 0.9.6-6
Distribution: unstable
Urgency: low
Maintainer: Debian/m68k Build Daemon [EMAIL PROTECTED]
Changed-By: Samuele Giovanni Tonon [EMAIL PROTECTED]
Description: 
 fidelio- Gnome Hotline client.
Changes: 
 fidelio (0.9.6-6) unstable; urgency=low
 .
   * The lipng affair release; changed build-dep from
 gdk-imlib-dev to gdk-imlib1-dev
Files: 
 aac6ed680e0001db75190dc399584677 132374 net optional fidelio_0.9.6-6_m68k.deb
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.6 http://mailcrypt.sourceforge.net/

iD8DBQE9cyKWcS3JWD3FdvcRAoITAJ9H2SD+U5eqrdlHyfkog0CqXCGuIgCcDjdT
mCgXlCI3On0tCpr1uA2Q/Zw=
=ZepN
-END PGP SIGNATURE-

Uploaded libgnomecanvas 2.0.3-1 (m68k all) to erlangen

[Debian/m68k Build Daemon]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.7
Date: Thu, 29 Aug 2002 15:13:09 +0200
Source: libgnomecanvas
Binary: libgnomecanvas2-dev libgnomecanvas2-common libgnomecanvas2-0
Architecture: m68k all
Version: 2.0.3-1
Distribution: unstable
Urgency: low
Maintainer: Debian/m68k Build Daemon [EMAIL PROTECTED]
Changed-By: Christian Marillat [EMAIL PROTECTED]
Description: 
 libgnomecanvas2-0 - A powerful object-oriented display - runtime files.
 libgnomecanvas2-common - A powerful object-oriented display - common files.
 libgnomecanvas2-dev - A powerful object-oriented display - development files.
Changes: 
 libgnomecanvas (2.0.3-1) unstable; urgency=low
 .
   * New upstream release.
Files: 
 db4c76cb5945d0606c168a23347dc671 88866 libs optional 
libgnomecanvas2-0_2.0.3-1_m68k.deb
 7d3e60473c311e466b9e33733875dbb3 694344 devel optional 
libgnomecanvas2-dev_2.0.3-1_m68k.deb
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.6 http://mailcrypt.sourceforge.net/

iD8DBQE9cyKScS3JWD3FdvcRAu6tAJ9FxMU/FyuF8OXvLdzLVYFSfHJr3gCfYXsT
1eFhWb5sGKF1at90qzHvxG8=
=kar/
-END PGP SIGNATURE-

Uploaded freetype 2.1.2-3 (m68k) to erlangen

[Debian/m68k Build Daemon]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.7
Date: Mon,  2 Sep 2002 05:53:48 +0800
Source: freetype
Binary: freetype2-demos libfreetype6 libfreetype6-dev
Architecture: m68k
Version: 2.1.2-3
Distribution: unstable
Urgency: low
Maintainer: Debian/m68k Build Daemon [EMAIL PROTECTED]
Changed-By: Anthony Fok [EMAIL PROTECTED]
Description: 
 freetype2-demos - FreeType 2 demonstration programs.
 libfreetype6 - FreeType 2 font engine, shared library files.
 libfreetype6-dev - FreeType 2 font engine, development files
Changes: 
 freetype (2.1.2-3) unstable; urgency=low
 .
   * CVS updates as of 2002-08-29 (around VER-2-1-3-RC1)
   * Make FreeType less strict when some slightly buggy fonts set
 the CMap format 4 last segment idRangeOffset to 0x.
 (Fixes: Bug#150678, #155864)
Files: 
 9ef50dd2793f039832d3897b74a09888 252372 libs optional 
libfreetype6_2.1.2-3_m68k.deb
 401be58fce32fb42716ddde21d33a8ad 594994 devel optional 
libfreetype6-dev_2.1.2-3_m68k.deb
 ec454cf1d98e761b44928d61c673bde2 39112 utils optional 
freetype2-demos_2.1.2-3_m68k.deb
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.6 http://mailcrypt.sourceforge.net/

iD8DBQE9cyKAcS3JWD3FdvcRAjlQAJwLb9wLWQZF2OcIGg4fyQI0RTW4AACfSA+a
0m/bJa2FOJpe6NXxikMBCJU=
=xo+c
-END PGP SIGNATURE-

Uploaded libticalcs4 4.1.5-1 (m68k) to erlangen

[Debian/m68k Build Daemon]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.7
Date: Fri, 23 Aug 2002 11:57:48 +0200
Source: libticalcs4
Binary: libticalcs4-dev libticalcs4
Architecture: m68k
Version: 4.1.5-1
Distribution: unstable
Urgency: low
Maintainer: Debian/m68k Build Daemon [EMAIL PROTECTED]
Changed-By: Julien BLACHE [EMAIL PROTECTED]
Description: 
 libticalcs4 - Provides functions to communicate with TI calculators
 libticalcs4-dev - Provides functions to communicate with TI calculators 
[developmen
Changes: 
 libticalcs4 (4.1.5-1) unstable; urgency=low
 .
   * New upstream release.
   * Bumped shlib to 4.1.5-1.
Files: 
 46ae4b990ca1b997d830da832e8cdab2 99256 devel optional 
libticalcs4-dev_4.1.5-1_m68k.deb
 76db354c7b654a17d0b70060b7ab06e4 77862 libs optional 
libticalcs4_4.1.5-1_m68k.deb
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.6 http://mailcrypt.sourceforge.net/

iD8DBQE9cyKPcS3JWD3FdvcRAr+UAJoCnInPhPEp4ayvCev4msxwtunE2gCfQ++F
CFCcu4li+0OYPooKFbvxwEE=
=pn8L
-END PGP SIGNATURE-

Uploaded gmessage 1.0.7-1 (m68k) to ftp-master

[buildd m68k user account]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.7
Date: Sun, 16 Jun 2002 01:06:25 +0200
Source: gmessage
Binary: gmessage
Architecture: m68k
Version: 1.0.7-1
Distribution: unstable
Urgency: low
Maintainer: buildd m68k user account [EMAIL PROTECTED]
Changed-By: Søren Boll Overgaard [EMAIL PROTECTED]
Description: 
 gmessage   - A Gnome based xmessage replacement.
Closes: 79553
Changes: 
 gmessage (1.0.7-1) unstable; urgency=low
 .
   * Initial Release (closes: Bug#79553).
   * michael d. ivey [EMAIL PROTECTED] announced his intention to package
 this program some 1 and a half years ago. I have attempted to contact him,
 to determine if intends to follow through with the upload, but have
 received no reply. This package closes his original ITP.
Files: 
 6f1eac2b5fce83e6446a2ff5d9572656 23956 x11 optional gmessage_1.0.7-1_m68k.deb

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE9c4lnEycGpQPNsdIRAmJFAJ9SGrZ9PDtZ8TFJuu7u7h/vRKVo0ACeOlIj
rdCYtmRrHkSu/JviDd8quUA=
=Oz3S
-END PGP SIGNATURE-

Uploaded wmmemmon 0.7.0-1 (m68k) to ftp-master

[buildd m68k user account]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.7
Date: Mon, 24 Jun 2002 23:31:41 +0200
Source: wmmemmon
Binary: wmmemmon
Architecture: m68k
Version: 0.7.0-1
Distribution: unstable
Urgency: low
Maintainer: buildd m68k user account [EMAIL PROTECTED]
Changed-By: Søren Boll Overgaard [EMAIL PROTECTED]
Description: 
 wmmemmon   - A dockapp to monitor memory/swap usages.
Closes: 150893
Changes: 
 wmmemmon (0.7.0-1) unstable; urgency=low
 .
   * Initial Release (closes: Bug#150893).
Files: 
 d24a48b7d8ecc29756be5c46a0f79dd5 37580 x11 optional wmmemmon_0.7.0-1_m68k.deb

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE9c4mQEycGpQPNsdIRAmV6AJ4xfzNK5pibyF4/hdrX5Lq8twgZTgCffW28
qy1yTDttHoitEQRwtiNogI8=
=ZoFi
-END PGP SIGNATURE-

Uploaded bogl 0.1.10-2 (m68k) to ftp-master

[buildd m68k user account]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.7
Date: Sun,  1 Sep 2002 21:35:16 -0400
Source: bogl
Binary: libbogl0 libbogl-dev bogl-bterm
Architecture: m68k
Version: 0.1.10-2
Distribution: unstable
Urgency: low
Maintainer: buildd m68k user account [EMAIL PROTECTED]
Changed-By: Daniel Jacobowitz [EMAIL PROTECTED]
Description: 
 bogl-bterm - Ben's Own Graphics Library - graphical terminal
 libbogl-dev - Ben's Own Graphics Library - development files
 libbogl0   - Ben's Own Graphics Library - shared library
Closes: 159045
Changes: 
 bogl (0.1.10-2) unstable; urgency=low
 .
   * Build depend on libpng3-dev instead of libpng2-dev (Closes: #159045).
Files: 
 e369fce9ac2b29a8ed714bace6a6ea99 61830 devel optional 
libbogl-dev_0.1.10-2_m68k.deb
 69e04c7132ef3850a446371f0cf7533a 37930 libs optional libbogl0_0.1.10-2_m68k.deb
 5916da027c508a08f644a5030dab5ec7 16438 utils optional 
bogl-bterm_0.1.10-2_m68k.deb

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE9c4lTEycGpQPNsdIRAl8ZAJ9da66TKV63ZVL07BNPJXLy5HSoGgCgjLiy
Sv6JKuP2Y02ao7yqJFivAew=
=WaJe
-END PGP SIGNATURE-

Uploaded wmweather 2.2.10-2 (m68k) to ftp-master

[buildd m68k user account]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.7
Date: Fri, 30 Aug 2002 18:47:50 +0200
Source: wmweather
Binary: wmweather
Architecture: m68k
Version: 2.2.10-2
Distribution: unstable
Urgency: low
Maintainer: buildd m68k user account [EMAIL PROTECTED]
Changed-By: Martin A. Godisch [EMAIL PROTECTED]
Description: 
 wmweather  - WindowMaker dock app that shows your current weather
Changes: 
 wmweather (2.2.10-2) unstable; urgency=low
 .
   * Added Spanish debconf translation.
 Thanks to Ricardo Javier Cardenes [EMAIL PROTECTED].
Files: 
 260231a798cab7f8928605fd45977913 28914 x11 optional wmweather_2.2.10-2_m68k.deb

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE9c4nBEycGpQPNsdIRAjN/AJ9jnVcKTk6YWkr3/JEXgkin0GEDzQCgnqHJ
kV2nALw0c3VWpXvr6WNPk6o=
=ckNz
-END PGP SIGNATURE-

Uploaded qe 0.2.0-3 (m68k) to ftp-master

[buildd m68k user account]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.7
Date: Mon,  2 Sep 2002 03:36:11 +0800
Source: qe
Binary: qe
Architecture: m68k
Version: 0.2.0-3
Distribution: unstable
Urgency: low
Maintainer: buildd m68k user account [EMAIL PROTECTED]
Changed-By: Anthony Fok [EMAIL PROTECTED]
Description: 
 qe - A PE2-like text full-screen color text editor
Closes: 159144
Changes: 
 qe (0.2.0-3) unstable; urgency=low
 .
   * zh_TW.Big5.po did not conform to modern gettext format.  Fixed, and
 renamed to zh_TW.po.  Thanks to Gerhard Tonn for the FTBFS report.
 (No, this has nothing to do with gcc-3.2.  :-)  (Closes: Bug#159144)
Files: 
 72c7449a1dabc77b6ba21fd8c63f2c2f 77740 editors optional qe_0.2.0-3_m68k.deb

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE9c4m2EycGpQPNsdIRArO+AJ9NZ5lBtnfCn/ZrktGRnUXlaLjI9ACgsOvL
56Aa8czpVCNSwjU6u48c0GA=
=qOBG
-END PGP SIGNATURE-

Uploaded scli 0.2.12-1 (m68k) to ftp-master

[buildd m68k user account]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.7
Date: Mon,  2 Sep 2002 09:53:26 +
Source: scli
Binary: scli
Architecture: m68k
Version: 0.2.12-1
Distribution: unstable
Urgency: low
Maintainer: buildd m68k user account [EMAIL PROTECTED]
Changed-By: Remco van de Meent [EMAIL PROTECTED]
Description: 
 scli   - a collection of SNMP command line management tools
Changes: 
 scli (0.2.12-1) unstable; urgency=low
 .
   * New upstream release
Files: 
 05a6c51e01787b114d27810181af416a 219866 net optional scli_0.2.12-1_m68k.deb

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE9c4nWEycGpQPNsdIRAp7rAKCg8iT+Ffz/PtClIVkC4R362RvEbwCgrD1G
pCCQNNpOtoZhjCEU9ypEg3Y=
=pXTv
-END PGP SIGNATURE-

Uploaded gnome-system-monitor 2.0.2-1 (m68k) to ftp-master

[buildd m68k user account]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.7
Date: Thu, 29 Aug 2002 14:45:46 -0400
Source: gnome-system-monitor
Binary: gnome-system-monitor
Architecture: m68k
Version: 2.0.2-1
Distribution: unstable
Urgency: low
Maintainer: buildd m68k user account [EMAIL PROTECTED]
Changed-By: Colin Walters [EMAIL PROTECTED]
Description: 
 gnome-system-monitor - Process viewer and system resource monitor for GNOME 2
Changes: 
 gnome-system-monitor (2.0.2-1) unstable; urgency=low
 .
   * New upstream release.
Files: 
 3a587402b624a82d8cea232e32c09e0f 182876 admin optional 
gnome-system-monitor_2.0.2-1_m68k.deb

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE9c4lJEycGpQPNsdIRAplWAJ9lHTu6/42EgYo50hLFpzSoyegMuwCfY3Z8
AEF4VCkrg8UqvsHQwajp8Y4=
=1/yf
-END PGP SIGNATURE-

Uploaded usenet-indexer 20010922-8 (m68k) to ftp-master

[buildd m68k user account]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.7
Date: Thu, 11 Jul 2002 10:44:58 +0200
Source: usenet-indexer
Binary: usenet-indexer
Architecture: m68k
Version: 20010922-8
Distribution: unstable
Urgency: low
Maintainer: buildd m68k user account [EMAIL PROTECTED]
Changed-By: Søren Boll Overgaard [EMAIL PROTECTED]
Description: 
 usenet-indexer - A Usenet indexer and web based frontend for searching
Changes: 
 usenet-indexer (20010922-8) unstable; urgency=low
 .
   * Fix error in README.Debian (Thanks Lazarus Long).
   * Fix error in httpd.conf.dist.Debian
   * Fix path to seach executable.
   * Merge patches into source.
Files: 
 dbedd5dcff824eff5ba73fb79d60bc9a 45774 news optional 
usenet-indexer_20010922-8_m68k.deb

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE9c4oAEycGpQPNsdIRAn4JAJ43yNjzIlHa6AN8ew+xXEOozUYEVwCdE3BR
li21ag6mcfyVOusH82L87GA=
=KvM4
-END PGP SIGNATURE-

Uploaded melon 1.6-1 (m68k) to ftp-master

[buildd m68k user account]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.7
Date: Mon,  2 Sep 2002 09:03:16 +0200
Source: melon
Binary: melon
Architecture: m68k
Version: 1.6-1
Distribution: unstable
Urgency: low
Maintainer: buildd m68k user account [EMAIL PROTECTED]
Changed-By: Philipp Frauenfelder [EMAIL PROTECTED]
Description: 
 melon  - Mail notifier with configurable icons, xbiff replacement
Closes: 152301
Changes: 
 melon (1.6-1) unstable; urgency=low
 .
   * New upstream release. Closes: #152301
Files: 
 eb0dfc58f489259507aaf74086ba729b 304008 mail optional melon_1.6-1_m68k.deb

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE9c4n2EycGpQPNsdIRApA+AJ4+ZnZ2ZvC7prd4etqCYKQUIUXjoACePMsl
txzTDyEJm7rRdBZAbYOvKY0=
=Tprs
-END PGP SIGNATURE-

Uploaded xchat 1.8.9-4 (m68k) to ftp-master

[buildd m68k user account]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.7
Date: Mon,  2 Sep 2002 11:18:11 +0200
Source: xchat
Binary: xchat-gnome xchat xchat-common xchat-text
Architecture: m68k
Version: 1.8.9-4
Distribution: unstable
Urgency: low
Maintainer: buildd m68k user account [EMAIL PROTECTED]
Changed-By: Davide Puricelli (evo) [EMAIL PROTECTED]
Description: 
 xchat  - IRC client for X similar to AmIRC
 xchat-gnome - IRC client for GNOME similar to AmIRC
 xchat-text - IRC client for console similar to AmIRC
Closes: 159051 159255
Changes: 
 xchat (1.8.9-4) unstable; urgency=low
 .
   * The Trnasition in progress release.
   * debian/control: Build-Depends on gdk-imlib1-dev; closes: #159051.
   * Built against python2.2; closes: #159255.
Files: 
 cf0ec2b3a498f00fc34ae3de68dc4865 185676 net extra xchat-gnome_1.8.9-4_m68k.deb
 738c8966f7a34bcede9617fd56b20f79 97602 net optional xchat-text_1.8.9-4_m68k.deb
 6e0cca006b96219d4b36c65d62859fda 179884 net optional xchat_1.8.9-4_m68k.deb

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE9c4nsEycGpQPNsdIRAr67AKCA3koBUNd9IZGquv7Q17s4OEcfSgCgjChj
MLdBSsX0Pbe6RZe60vPy24c=
=AAQm
-END PGP SIGNATURE-

Uploaded glade-2 1.1.1-8 (m68k) to erlangen

[Debian/m68k Build Daemon]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.7
Date: Fri, 30 Aug 2002 01:44:42 -0400
Source: glade-2
Binary: glade-2 glade-common-2 glade-gnome-2 glade-doc-2
Architecture: m68k
Version: 1.1.1-8
Distribution: unstable
Urgency: low
Maintainer: Debian/m68k Build Daemon [EMAIL PROTECTED]
Changed-By: Eric Dorland [EMAIL PROTECTED]
Description: 
 glade-2- GTK+ 2 User Interface Builder
 glade-gnome-2 - GTK+ 2 User Interface Builder (with GNOME 2 support)
Closes: 156775
Changes: 
 glade-2 (1.1.1-8) unstable; urgency=low
 .
   * debian/control: Build-Dep on libgnutls5-dev (= 0.5.3-1) to fix
 segfault issue. (Closes: #156775).
Files: 
 9e4b4c47e9b2713af7778f965db4e0c6 889240 devel extra glade-2_1.1.1-8_m68k.deb
 16eb22fdc33107c267f9923f7a74d12c 932298 devel optional 
glade-gnome-2_1.1.1-8_m68k.deb
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.6 http://mailcrypt.sourceforge.net/

iD8DBQE9c5k4cS3JWD3FdvcRAghSAJwP98JH6iTrcs9grIQhv+IXNNAmtwCfU0mk
JBQ8jEHjsjK1vjxig+KyOSc=
=67lb
-END PGP SIGNATURE-

Uploaded net-snmp 5.0.3-2 (m68k) to erlangen

[Debian/m68k Build Daemon]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.7
Date: Sun,  1 Sep 2002 21:35:12 -0500
Source: net-snmp
Binary: libsnmp5 tkmib libsnmp5-dev snmp libsnmp-perl libsnmp-base snmpd
Architecture: m68k
Version: 5.0.3-2
Distribution: unstable
Urgency: low
Maintainer: Debian/m68k Build Daemon [EMAIL PROTECTED]
Changed-By: David Engel [EMAIL PROTECTED]
Description: 
 libsnmp-perl - NET SNMP (Simple Network Management Protocol) Perl5 Support.
 libsnmp5   - NET SNMP (Simple Network Management Protocol) Library.
 libsnmp5-dev - NET SNMP (Simple Network Management Protocol) Development Files.
 snmp   - NET SNMP (Simple Network Management Protocol) Apps.
 snmpd  - NET SNMP (Simple Network Management Protocol) Agents.
Closes: 156166
Changes: 
 net-snmp (5.0.3-2) unstable; urgency=low
 .
   * Rebuild with perl 5.8.
   * Install additional UCD compatibility headers (closes: #156166).
Files: 
 9dbc0751db7d1c5df7c3bb0f390072ed 58018 net optional snmpd_5.0.3-2_m68k.deb
 d6b696ed4bb143e00a1bcfbdacae0d2a 105508 net optional snmp_5.0.3-2_m68k.deb
 0db8f0334643d7304c9edacb023a9ba0 923830 libs optional libsnmp5_5.0.3-2_m68k.deb
 47899144f2f738058d0954411205d561 818582 devel optional 
libsnmp5-dev_5.0.3-2_m68k.deb
 a0e0361bf7f330d82eeed444c2482183 402602 interpreters optional 
libsnmp-perl_5.0.3-2_m68k.deb
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.6 http://mailcrypt.sourceforge.net/

iD8DBQE9c5k3cS3JWD3FdvcRAp0yAJ9N2SLEZjBh3L892EwKXhIFze8qrgCdENbb
c5kCun/aup9UfOBZ4lTypJI=
=aycY
-END PGP SIGNATURE-

Uploaded unac 1.7.0-1 (m68k) to erlangen

[Debian/m68k Build Daemon]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.7
Date: Mon,  2 Sep 2002 12:59:11 +0200
Source: unac
Binary: libunac1 libunac1-dev unaccent
Architecture: m68k
Version: 1.7.0-1
Distribution: unstable
Urgency: low
Maintainer: Debian/m68k Build Daemon [EMAIL PROTECTED]
Changed-By: Loic Dachary (OuoU) [EMAIL PROTECTED]
Description: 
 libunac1   - The unac programming library - runtime version.
 libunac1-dev - A C programmer's library that removes accents from a string.
 unaccent   - Replace accented letters by their unaccented equivalent
Changes: 
 unac (1.7.0-1) unstable; urgency=low
 .
   * rules bugous install using prefix= instead of DESTDIR
 .
   * upgrade rules to DH_COMPAT=3
 .
   * New upstream version
Files: 
 205b5b6587c4e01a3d73f1baefa183f8 22122 libs optional libunac1_1.7.0-1_m68k.deb
 fd5e46c1b1c093015e64d396dae6594b 26368 devel optional 
libunac1-dev_1.7.0-1_m68k.deb
 d2e4e42c5a3a1ae791d0a7cd119fb99d 9372 utils optional unaccent_1.7.0-1_m68k.deb
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.6 http://mailcrypt.sourceforge.net/

iD8DBQE9c5lDcS3JWD3FdvcRAokrAJ9QGC50UGYRYH2KexO5YTH3LXvezQCfW1ea
TKdeUnn7yJGUwaoRbpWlbIA=
=mw7I
-END PGP SIGNATURE-

Uploaded gpgme 0.3.10-1 (m68k) to erlangen

[Debian/m68k Build Daemon]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.7
Date: Mon,  2 Sep 2002 21:17:54 +0200
Source: gpgme
Binary: libgpgme6 libgpgme-dev
Architecture: m68k
Version: 0.3.10-1
Distribution: unstable
Urgency: low
Maintainer: Debian/m68k Build Daemon [EMAIL PROTECTED]
Changed-By: Jose Carlos Garcia Sogo [EMAIL PROTECTED]
Description: 
 libgpgme-dev - GPGME - GnuPG Made Easy
 libgpgme6  - GPGME - GnuPG Made Easy
Changes: 
 gpgme (0.3.10-1) unstable; urgency=low
 .
   * New upstream version.
Files: 
 55ac0b8b517ba22f33cf92c8736f 128648 devel optional 
libgpgme-dev_0.3.10-1_m68k.deb
 a21c1a50deb2577618321d129781127b 64738 libs optional 
libgpgme6_0.3.10-1_m68k.deb
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.6 http://mailcrypt.sourceforge.net/

iD8DBQE9c+z2cS3JWD3FdvcRAj1JAKCAJzi2nIjOGwzTj/1WMxiPmK+r3QCfXa7X
C6nwn3lucjF/32ND3Ig2rqY=
=/KV+
-END PGP SIGNATURE-

Uploaded sawfish 1.1a-4 (m68k) to erlangen

[Debian/m68k Build Daemon]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.7
Date: Tue, 27 Aug 2002 18:29:14 +0200
Source: sawfish
Binary: sawfish-gnome sawfish sawfish-lisp-source
Architecture: m68k
Version: 1:1.1a-4
Distribution: unstable
Urgency: low
Maintainer: Debian/m68k Build Daemon [EMAIL PROTECTED]
Changed-By: Christian Marillat [EMAIL PROTECTED]
Description: 
 sawfish- A window manager for X11.
Closes: 150443 158488
Changes: 
 sawfish (1:1.1a-4) unstable; urgency=low
 .
   * Add patch from Chris Boyle to support skip taskbar for G1 applications.
 (Closes: #150443)
   * Should depends on emacsen-common (Closes: #158488)
Files: 
 4980272abde4d81a2ffb312f042b 1562404 x11 optional sawfish_1.1a-4_m68k.deb
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.6 http://mailcrypt.sourceforge.net/

iD8DBQE9c+zpcS3JWD3FdvcRAogEAJ94VuwmFUJZID/g0U1rAPdzaA0k5wCbBUny
3VV64G4ubtgOCRtoe30jEnU=
=4EUU
-END PGP SIGNATURE-

Uploaded gtk-engines 0.12-8 (m68k) to erlangen

[Debian/m68k Build Daemon]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.7
Date: Mon, 2 Sep 2002 11:28:43 -0600
Source: gtk-engines
Binary: gtk-engines-metal gtk-engines-notif gtk-engines-raleigh 
gtk-engines-redmond95 gtk-engines-pixmap
Architecture: m68k
Version: 0.12-8
Distribution: unstable
Urgency: low
Maintainer: Debian/m68k Build Daemon [EMAIL PROTECTED]
Changed-By: Ed Boraas [EMAIL PROTECTED]
Description: 
 gtk-engines-metal - Metallic theme for GTK+ 1.2
 gtk-engines-notif - Motif-like theme for GTK+ 1.2
 gtk-engines-pixmap - Pixmap-based theme for GTK+ 1.2
 gtk-engines-raleigh - GTK+ 2.0-like theme for GTK+ 1.2
 gtk-engines-redmond95 - Windows-like theme for GTK+ 1.2
Changes: 
 gtk-engines (0.12-8) unstable; urgency=low
 .
   * Rebuild against gdk-imlib1-dev (and, thus, libpng2)
   * Change Recommends: to Suggests:
Files: 
 94fe9f4c055446b43bbdaea6556c012d 14584 graphics optional 
gtk-engines-notif_0.12-8_m68k.deb
 47a8658de2d332e635c6ff857f94140f 15244 graphics optional 
gtk-engines-redmond95_0.12-8_m68k.deb
 0bbff9620b2908e52ff74d9fb142b6ba 21508 graphics optional 
gtk-engines-metal_0.12-8_m68k.deb
 f4c0d7ea0c921df8e57f825ba15978e1 12978 graphics optional 
gtk-engines-raleigh_0.12-8_m68k.deb
 147da41c3c6fe2fc6b810ec54d2924d1 477182 graphics optional 
gtk-engines-pixmap_0.12-8_m68k.deb
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.6 http://mailcrypt.sourceforge.net/

iD8DBQE9c+zocS3JWD3FdvcRAjMRAJ4sOdHGT6Uqp58hyRnOABgsSI9bbgCaAkcC
vjLCL67CtBawWV/MFy3i3hA=
=OIlI
-END PGP SIGNATURE-

Uploaded xmlto 0.0.10-3 (m68k) to erlangen

[Debian/m68k Build Daemon]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.7
Date: Mon,  2 Sep 2002 10:13:07 -0400
Source: xmlto
Binary: xmlto
Architecture: m68k
Version: 0.0.10-3
Distribution: unstable
Urgency: low
Maintainer: Debian/m68k Build Daemon [EMAIL PROTECTED]
Changed-By: christophe barbe [EMAIL PROTECTED]
Description: 
 xmlto  - XML-to-any converter
Closes: 150067
Changes: 
 xmlto (0.0.10-3) unstable; urgency=low
 .
   * Suggest passivetex which is now available in debian (closes: #150067).
Files: 
 0d5b95dc29bd7c8290430756eac1c3d5 17570 text optional xmlto_0.0.10-3_m68k.deb
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.6 http://mailcrypt.sourceforge.net/

iD8DBQE9c+zacS3JWD3FdvcRAv8lAJ9StxXAtEwyBAIvaVeMaWAYYuBLNQCfRm/S
q8VMDsY6rXXD7H2nvYpnF5w=
=62R1
-END PGP SIGNATURE-

Uploaded libsdl-sge 020104-3 (m68k) to erlangen

[Debian/m68k Build Daemon]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.7
Date: Mon,  2 Sep 2002 19:30:50 +0200
Source: libsdl-sge
Binary: libsdl-sge libsdl-sge-dev
Architecture: m68k
Version: 020104-3
Distribution: unstable
Urgency: low
Maintainer: Debian/m68k Build Daemon [EMAIL PROTECTED]
Changed-By: Julien Danjou [EMAIL PROTECTED]
Description: 
 libsdl-sge - Set of graphic functions that use SDL
 libsdl-sge-dev - Set of graphic functions that use SDL - development files
Changes: 
 libsdl-sge (020104-3) unstable; urgency=low
 .
   * Add -fPIC for compilation on hppa/ia64
Files: 
 ddd42620a0d6aaffd5649a6ca01c12ba 57780 devel optional 
libsdl-sge-dev_020104-3_m68k.deb
 352212d7bbd689fae88c7127fb89da94 45730 libs optional 
libsdl-sge_020104-3_m68k.deb
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.6 http://mailcrypt.sourceforge.net/

iD8DBQE9c+z1cS3JWD3FdvcRAh9jAJ4rs02iEzo9qaT/wiba64UkrVPoYwCeIZTp
MVAHwdggd0Swi8uufYmp0Fw=
=E9Z2
-END PGP SIGNATURE-

Uploaded i2e 0.5-4 (m68k) to ftp-master

[buildd m68k user account]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.7
Date: Mon,  2 Sep 2002 19:59:09 +0200
Source: i2e
Binary: i2e
Architecture: m68k
Version: 0.5-4
Distribution: unstable
Urgency: low
Maintainer: buildd m68k user account [EMAIL PROTECTED]
Changed-By: Javier Fernandez-Sanguino Pen~a [EMAIL PROTECTED]
Description: 
 i2e- English-Spanish translation dictionary.
Closes: 126990 141949 141953 141954
Changes: 
 i2e (0.5-4) unstable; urgency=low
 .
   * Fixed /usr/man to /usr/share/man (Closes: #126990)
   * Local manpage fixed (Closes: #141953)
   * No lintian errors (Closes: #141949, #141954)
Files: 
 1e2f3ce52fffe69e722e1038569ee35d 211380 text optional i2e_0.5-4_m68k.deb

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE9c/nfEycGpQPNsdIRAsv+AJ9nuqHBV7cZ7DB7xsjJs6Jf3ZbRdACdHbhD
jmE4CRO2QbeciPADUD13+Nc=
=or95
-END PGP SIGNATURE-

Uploaded nkf 1.92-8 (m68k) to ftp-master

[buildd m68k user account]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.7
Date: Thu, 29 Aug 2002 17:44:06 +0900
Source: nkf
Binary: nkf libnkf-perl
Architecture: m68k
Version: 1.92-8
Distribution: unstable
Urgency: low
Maintainer: buildd m68k user account [EMAIL PROTECTED]
Changed-By: NOKUBI Takatsugu [EMAIL PROTECTED]
Description: 
 libnkf-perl - Network Kanji code conversion Filter for Perl
 nkf- Network Kanji code conversion Filter
Changes: 
 nkf (1.92-8) unstable; urgency=low
 .
   * Rebuild with perl 5.8.0.
Files: 
 9965043405f6da244f29f34be296353b 32496 text optional nkf_1.92-8_m68k.deb
 ee965c4405aa84ae93f07aa5a7fef8c8 15416 text optional 
libnkf-perl_1.92-8_m68k.deb

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE9c/m1EycGpQPNsdIRAhoxAJwPGOyvrghb4+GyHT8by+5sCOmJKgCgiE5J
eJTVfHJSH6/eI7bKpdk5ywo=
=Zb1z
-END PGP SIGNATURE-

Uploaded gs 7.05-1 (m68k) to ftp-master

[buildd m68k user account]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.7
Date: Sun,  1 Sep 2002 01:10:37 +0200
Source: gs
Binary: gs
Architecture: m68k
Version: 7.05-1
Distribution: unstable
Urgency: low
Maintainer: buildd m68k user account [EMAIL PROTECTED]
Changed-By: Torsten Landschoff [EMAIL PROTECTED]
Description: 
 gs - The Ghostscript Postscript interpreter
Changes: 
 gs (7.05-1) unstable; urgency=low
 .
   * New upstream release.
   * debian/control: Use libpng3-dev instead libpng2-dev.
Files: 
 cb01b83d3b5e3517798e5dd01cb5f446 2844356 text optional gs_7.05-1_m68k.deb

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE9c/moEycGpQPNsdIRAq8tAKCMuyjQIiflweSFQaYZEuYxJ98TUgCfaxP7
LDMjOgBkGZfkpIKI+QeyEMo=
=el3q
-END PGP SIGNATURE-

Uploaded deskmenu 1.4.0-2 (m68k) to erlangen

[Debian/m68k Build Daemon]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.7
Date: Mon,  2 Sep 2002 19:15:53 +0200
Source: deskmenu
Binary: deskmenu
Architecture: m68k
Version: 1.4.0-2
Distribution: unstable
Urgency: high
Maintainer: Debian/m68k Build Daemon [EMAIL PROTECTED]
Changed-By: Stefan Pfetzing [EMAIL PROTECTED]
Description: 
 deskmenu   - A root menu for X11 window managers
Closes: 159230
Changes: 
 deskmenu (1.4.0-2) unstable; urgency=high
 .
   * Updated the rc-example.
   * Updated the Build-depends.
 Closes: #159230
Files: 
 e2936c3284d50428798c29dc88ee006a 15318 x11 optional deskmenu_1.4.0-2_m68k.deb
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.6 http://mailcrypt.sourceforge.net/

iD8DBQE9dAQxcS3JWD3FdvcRAm4EAJ41GKOM+Rj6/yn2jimNma6+fIYSFQCggOlz
Tnx+R4v2BP+SsEaeFdV6EnM=
=zqvh
-END PGP SIGNATURE-

Uploaded nessus-libraries 1.2.5-2 (m68k) to erlangen

[Debian/m68k Build Daemon]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.7
Date: Mon,  2 Sep 2002 21:57:16 +0200
Source: nessus-libraries
Binary: libnessus-dev libnessus1
Architecture: m68k
Version: 1.2.5-2
Distribution: unstable
Urgency: low
Maintainer: Debian/m68k Build Daemon [EMAIL PROTECTED]
Changed-By: Josip Rodin [EMAIL PROTECTED]
Description: 
 libnessus-dev - Nessus static libraries and headers
 libnessus1 - Nessus shared libraries
Closes: 159326
Changes: 
 nessus-libraries (1.2.5-2) unstable; urgency=low
 .
   * libnessus-dev's includes.h includes openssl headers, so it has to
 depend on libssl-dev, thanks to James Troup for noticing, closes: #159326.
 Perhaps the OpenSSL dependency should be removed from the header file
 instead, but the upstream likes it better this way.
   * Reworked the remaining libpcap-nessus exclusion patches.
Files: 
 baa25263a368ecf6ae9ef83db9555399 44120 libs optional 
libnessus1_1.2.5-2_m68k.deb
 0e1f95683b1346fb1c098bc95ef6f8db 60906 devel optional 
libnessus-dev_1.2.5-2_m68k.deb
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.6 http://mailcrypt.sourceforge.net/

iD8DBQE9dAQZcS3JWD3FdvcRAnHfAJ9dkjkOscjMblKkwjtBnv79K0KACwCggKp0
D6fyZnojDMsMQFbyKsHpiQE=
=4XZ3
-END PGP SIGNATURE-

Uploaded airsnort 0.2.1b-2 (m68k) to erlangen

[Debian/m68k Build Daemon]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.7
Date: Mon,  2 Sep 2002 19:38:00 +0200
Source: airsnort
Binary: airsnort
Architecture: m68k
Version: 0.2.1b-2
Distribution: unstable
Urgency: low
Maintainer: Debian/m68k Build Daemon [EMAIL PROTECTED]
Changed-By: Noel Koethe [EMAIL PROTECTED]
Description: 
 airsnort   - WLAN sniffer
Closes: 157216
Changes: 
 airsnort (0.2.1b-2) unstable; urgency=low
 .
   * added patch from Lukas Geyer [EMAIL PROTECTED]
 from BTS (thanks for your help!)
   * Added build-dependence on libpcap-dev
   * src/decrypt.c: Added definition of DLT_PRISM_HEADER
   * Made configure executable
 (closes: Bug#157216)
Files: 
 5bb010fb925b43d3cb2c11a86f8ea53a 38456 net optional airsnort_0.2.1b-2_m68k.deb
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.6 http://mailcrypt.sourceforge.net/

iD8DBQE9dAQncS3JWD3FdvcRAiXnAJ4hMvoOAWfjI4oMBsxShTgz5OUvSACffrmc
m9D2jSWTBYOQYgKnvHP4D90=
=0ktF
-END PGP SIGNATURE-

Uploaded libberkeleydb-perl 0.19-2.1 (m68k) to erlangen

[Debian/m68k Build Daemon]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.7
Date: Sat, 31 Aug 2002 20:54:28 +
Source: libberkeleydb-perl
Binary: libberkeleydb-perl
Architecture: m68k
Version: 0.19-2.1
Distribution: unstable
Urgency: low
Maintainer: Debian/m68k Build Daemon [EMAIL PROTECTED]
Changed-By: Bas Zoetekouw [EMAIL PROTECTED]
Description: 
 libberkeleydb-perl - Use Berkeley DB 3 databases from Perl
Changes: 
 libberkeleydb-perl (0.19-2.1) unstable; urgency=low
 .
   * Non-maintainer upload (BSP)
   * Rebuilt against perl 5.8
Files: 
 e0557610b72c09d8bb75479cc80a30e3 107722 text optional 
libberkeleydb-perl_0.19-2.1_m68k.deb
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.6 http://mailcrypt.sourceforge.net/

iD8DBQE9dAQecS3JWD3FdvcRAlt8AJ4tGBZOAs5if3A9C+I1mWNScCEamQCfbCEJ
9M3XCYx1XDZwcbPs05LZ9K4=
=+Ye0
-END PGP SIGNATURE-

Uploaded ethereal 0.9.6-1 (m68k) to ftp-master

[buildd m68k user account]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.7
Date: Mon,  2 Sep 2002 10:13:06 +0200
Source: ethereal
Binary: ethereal ethereal-dev tethereal ethereal-common
Architecture: m68k
Version: 0.9.6-1
Distribution: unstable
Urgency: low
Maintainer: buildd m68k user account [EMAIL PROTECTED]
Changed-By: Frederic Peters [EMAIL PROTECTED]
Description: 
 ethereal   - Network traffic analyzer
 ethereal-common - Network traffic analyser (common files)
 ethereal-dev - Network traffic analyser (development tools)
 tethereal  - Network traffic analyzer (console)
Closes: 158808 158909
Changes: 
 ethereal (0.9.6-1) unstable; urgency=low
 .
   * New upstream release.
   * Fixes security issue in the ISIS protocol dissector (susceptible to
 buffer overflow).
  (see http://www.ethereal.com/appnotes/enpa-sa-6.html)
   * Add missing header files (packet-tcp.h and packet-tpkt.h) to ethereal-dev
 (closes: #158808)
   * Add default PYTHONPATH to idl2eth (closes: #158909)
Files: 
 6aca7603009b9ea801f6975b33501c66 277328 net optional 
ethereal-common_0.9.6-1_m68k.deb
 59a3098d9c5633af98ffac1057cba74b 1493352 net optional ethereal_0.9.6-1_m68k.deb
 f8032682dc30bc27eca84b60ad786463 1317004 net optional 
tethereal_0.9.6-1_m68k.deb
 09aff44a8e92fbc3b6abee146d00fcfa 147300 devel optional 
ethereal-dev_0.9.6-1_m68k.deb

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE9c/m8EycGpQPNsdIRAkQzAKCFSZgE4XqPsxSaCMXH3eiGmh3yHgCeIECN
Obl3cNu0xhk0SzLVZKUCNm4=
=l1SB
-END PGP SIGNATURE-

Packages affected by removal of free mp3 players

[Joe Drew]

If the worst does happen, and we need to remove all mp3 players from
Debian, many packages will be affected. Most of these are because of
their dependency on libsmpeg, which is the SDL MPEG audio and video
decoder. Others depend on other MP3-playing libraries, such as libmad,
mpeglib (which is named oddly), etc. (Please let me know if I've
forgotten some.) A few packages depend on mpg321 as well - mostly
front-ends.

Some notable packages affected are pygame (affects pyddr, for those
unfortunate few who cannot attend the 12-step meetings), alsaplayer,
GAnSO, ogle, and many others.

One of the main culprits is libsdl-mixer1.2, I think: this causes many
(most?) SDL games, including frozen-bubble, to be affected by the
removal of libsmpeg0. I don't know if libsdl-mixer can be compiled
without smpeg support, though, or what this would mean for users of
libsdl-mixer1.2. In the very worst case, we may be able to get a new
upstream version of libsdl-mixer released which supports only Vorbis.

For those which depend on pure mp3 playing libraries such as libmad, we
may be SOL - especially in the case of programs which require the
ability to decode MPEG 1 layer 3, like ogle. Suggestions are welcome.

Attached are the lists of reverse dependencies for the packages I could
think of.

-- 
Joe Drew [EMAIL PROTECTED] [EMAIL PROTECTED]

This particular group of cats is mostly self-herding. -- Bdale Garbee
alsaplayer
alsaplayer-alsa
alsaplayer-common
alsaplayer-esd
alsaplayer-gtk
alsaplayer-jack
alsaplayer-nas
alsaplayer-oss
alsaplayer-text
audacity
avifile-mad-plugin
dvb-zapping
gqmpeg
gstreamer-mad
gstreamer-plugins
irmp3
kreatecd
libmad0
libmad0-dev
madplay
mp3burn
mpg123-el
mpg321
mq3
mserv
nautilus1.1-suggested
ogle
ogle-gui
ogle-mmx
playmp3list
simplecdrx
vlc-mad
artsbuilder
brahms
kdemultimedia-dev
libarts-mpeglib
mpeglib
noatun
noatun-plugins
rosegarden4
black-box
bugsquish
bumprace
castle-combat
chromium
circuslinux
crimson
criticalmass
csmash
csmash-demosong
defendguin
enigma
frozen-bubble
ganso
gemdropx
gl-117
gltron
gnome-office
heroes-common
heroes-ggi
heroes-sdl
icebreaker
jumpnbump
jumpnbump-levels
junior-arcade
junior-art
junior-games-gl
junior-puzzle
junior-typing
ksmp3play
lbreakout2
lgeneral
libopenal0
libopenal-dev
libsdl-mixer1.2
libsdl-mixer1.2-dev
libsdl-ocaml
libsdl-ocaml-dev
libsdl-perl
libsdl-ruby
libsmpeg0
libsmpeg-dev
ltris
madbomber
mangoquest
mirrormagic
moon-lander
penguin-command
prboom
pygame
pysol-sound-server
python2.1-pygame
python2.2-pygame
python-pygame
rockdodger
rocks-n-diamonds
smpeg-gtv
smpeg-plaympeg
smpeg-xmms
solarwolf
toppler
tuxpaint
tuxracer
tuxtype
vectoroids
vegastrike

Re: Improper NMU (Re: NMU for libquota-perl)

[Elie Rosenblum]

On Mon, Sep 02, 2002 at 02:25:30AM +0100, Colin Watson wrote:
 On Sun, Sep 01, 2002 at 09:19:17PM -0400, Elie Rosenblum wrote:
  On Mon, Sep 02, 2002 at 02:16:11AM +0100, Colin Watson wrote:
   Technically it wasn't. The upload is still in the DELAYED queue, which
   is really just a convenient automated way of saying I'll NMU this
   package in n days if I don't hear anything, with the added bonus of
   allowing the maintainer to poke at it and see exactly what would go in
   in the absence of a maintainer upload. I usually explain this when using
   the delayed queue.
  
  I assume you also submit a bug.
 
 Quite.

Would you agree that performing an NMU without a BTS entry is wrong?

  Do you generally do this without leaving a bug for a few days first?
 
 In the case of the perl transition I've been given to understand by the
 actions of other developers that the -devel-announce post on 31st July
 was enough. Otherwise no.

I see.

Well, I disagree with this (as do I believe some others), but only
in that no NMU should be done until the bug has existed for a few
days (if nothing else, this addresses the distinct possibility of
NMUs actually breaking stuff, which has already been brought up in
this thread). I'm probably not going to convince you of this, any
more than you will convince me that I'm wrong here. I have not,
however, been hit with this general case...I've been hit with an
irresponsible maintainer performing an NMU without submitting a
bug at all, even if it was 5 minutes before he uploaded. This is
just plain wrong, and something that can cause us really serious
problems if people start to imagine that it's acceptable - 
especially since we have little control over which keys can
successfully upload any given package.

-- 
Elie Rosenblum That is not dead which can eternal lie,
http://www.cosanostra.net   And with strange aeons even death may die.
Admin / Mercenary / System Programmer - _The Necronomicon_

Application for Employment / Contract Work

[Anthony Heller]

*** Please Note:  Do Not Use your Reply button if you wish to respond to
this email *** 
*** Please reply to [EMAIL PROTECTED]  ***


Hello,

I came across your website, and thought I would send you a copy of  my CV
/ Resume (please scroll down the page) to see if you are in need of any
help in promoting your site with regards to Search Engines or if your
company requires any Accounting help.  I am currently living in Thailand
and would like to assist you in any way I can.  Please contact me
015151302 or on [EMAIL PROTECTED] and we can discuss your immediate
needs.   Thank you and have a nice day.

Tony Heller


--

Finance Manager / Accounting Consultant / LAN Administrator

 My name is Tony Heller and I am a 33-year-old Canadian male,
presently living in Jomtien, Thailand.  I am seeking employment as a
Finance Manager or for contract work as an Independent Consultant for a
company based in South East Asia.  I am willing to re-locate anywhere in
Thailand and would also consider a position in another South East Asian
country.

 I recently moved to Thailand, largely as a result of September 11th,
after eight years of living and working in Indonesia. (I worked for four
years in Jakarta and another four in Bali.)  I can speak Bahasa Indonesia
(Indonesian language) fluently.  

 I am a Certified General Accountant and have a Finance Degree from
the British Columbia Institute of Technology located in Vancouver, B.C.
Canada.  I have held positions as both Finance Manager and Computer
Consultant for several large companies in Asia. My primary roles have been
consolidating accounting data and organizing that data into clear and
precise Financial Statements that Managers, Directors and Owners can
clearly understand. 

 My past 3 years were spent building Bali System Development, a
computer software company that focuses on writing software databases,
multi media presentations and general LAN support issues.  As an owner of
that company with 30 programming staff, I have a great deal of experience
with regard to most computerized accounting methods and solutions.  I have
especially worked extensively with ACCPAC, MYOB and Peachtree.  

  

Personal Information
   
  My Background
 I lived with my family in West Vancouver, B.C. Canada until I
attended University.  I was actively involved in many sports and excelled
at soccer and gymnastics during my younger years.  After high school, I
worked on a kibbutz in Israel for 6 months and then backpacked through
most of Asia, the Middle East and Europe.  
 Upon my return to Vancouver in 1987, I enrolled, and completed my
degree in the Finance Management program at The British Columbia Institute
of Technology (B.C.I.T).  After graduating, I enrolled in the final
two-year program of the Certified General Accountants of Canada at night,
and worked for Azcom Information Systems in Vancouver as a Network
Engineer during the day.  After passing the Certified Network Engineer
Program, also at B.C.I.T., I was promoted to the role as LAN Administrator
of  the British Columbia Medical Association and was in charge of more
than 400 personal computers running on a Novell network. 
 In 1994, I decided to take my skills and expertise to Asia, and seek
employment. I moved to Jakarta, Indonesia and started consulting for
companies, generally helping them computerize their accounting systems,
troubleshooting various LAN problems, and assisting in any Internet
(Website) assistance required. 
 In 1997 I left Jakarta to take on the position of Finance Manager for
the Bali Golf and Country Club.  I worked there for 1 1/2 years and
decided to leave the position and open my own company.  Bali didn't have
any professional computer companies, at that time, so I opened Bali System
Development. (BSD)
 BSD grew from 4 programmers to 30 in two years. (Our clientele
included more than 75 companies and individuals.  Business was very good
until September 11th.  
In November 2001, I moved my family to Pattaya, Thailand.  BSD is still a
functional company with 15 programmers and is currently being run by my
partner.  I, however, am now a silent partner and am seeking employment as
either a Finance Manager or Accounting Consultant in South East Asia. I
would also consider the position as a LAN Administrator or any position
that utilizes my skills and expertise.
I am willing to re-locate if necessary, on either a salaried or hourly
contract work basis. I can utilize the programmers at Bali System
Development to help with any necessary programming that may be required.
If you have any further questions regarding my background, please email
me.  
  
Education

I spent my teenage years studying at Hillside Secondary School in West
Vancouver, B.C. Canada.  Shortly after graduation, in 1986, I attended The
British Columbia Institute of Technology in Burnaby, 

Re: Please compile treetool on alpha, arm, hppa, ia64, powerpc and s390

[Andreas Tille]

On Fri, 30 Aug 2002, Branden Robinson wrote:

 Okay.  What you have is a license, then; it's just a very informal one.

 Email from a person granting you permission to do things not ordinarily
 permitted by copyright law is a license, when that person has
 appropriate legal standing to grant such permission.  Such
 communications are just as valid as the GNU GPL or BSD licenses, if less
 formal.
Well but it avoids §8 of DFSG and what I intended to say was there is
no license for upstream source - and that's really a pitty in this case
because this program which is obviousely used by a lot of biologists
needs some work and nobody can do it because of the missinging
upstream license.

Kind regards

 Andreas.

Re: woody CD not bootable with adaptec + scsi-cdrom

[Goswin Brederlow]

Richard Atterer [EMAIL PROTECTED] writes:

 So the final solution was to use multiboot only on the first CD, the
 other CDs use the same method as potato. The few machines on which it
 fails are either old or have a SCSI CD-ROM, booting from one of the
 later CDs should work for them. AFAIK if the woody release multiboot
 CD fails, it even prints a message which tells you to do that.

Haven't seen that. But maybe that wasn't ready or not included on the
Linuxtag CDs. They are pre stable.

MfG
Goswin

PS: I will see if I can get a real woody to test this. Don't want to
waste the traffic though.

Re: woody CD not bootable with adaptec + scsi-cdrom

[Goswin Brederlow]

Andreas Metzler [EMAIL PROTECTED] writes:

 Disclaimer: Because I do not work on the debian-cd, bf or installer
 and do not follow the mailing lists regularily, I do not know much
 about this issue and there are probably lots of errors in this mail.
 
 Goswin Brederlow [EMAIL PROTECTED] wrote:
  I just crasht my system working on libsafe and hat to boot from CD.
 
  I the discovered that the woody CD (linuxtag prerelease) doesn't
  boot. I heard of similar for the real woody release CDs on irc.
 
  Can anyone boot the CDs, which one of the set and what hardware?
  Same if you can't boot.
 
 Hello,
 Lots of people can, the official CD-image _were_ tested. - I think the
 linuxtag prerelease CD is similar to the official CD1.
 
 I can boot from CD1, on a PentiumMMX-class machine (SiS 5591/5), an
 iirc 1 year old Athlon 800 (VIA 133) and a 2 month old Duron1200
 (VIA 266A).

Who cares about your cpu?
What cdrom? ide or scsi? What controler?


  Also whats different between potato and woody?
 
 potato used floppy-emulation, woody _CD1_ uses isolinux(??).

That explains the difference in output. The floppy emulation shows up
when the adaptec detects the bootable cdrom. Or is that unrelated?


  potato has this multiboot thing and woody not anymore, right? What
  was wrong with it?  Seems to be more compatible the old way.
 
 It is not, search the Debian-CD mailing-list.
 
 IIRC: Basically Microsoft switched the CD-boot method they used for
 their OS CDs, the BIOS manufacturers followed suit and dropped support
 for or did not fix bugs in the old method and added support for the
 new method. For maximum compatibility with old computers you need
 floppy-emulation, for new computers you need the new method. BTW
 RedHat et al. don't use floppy-emulation, too.
 
 If your computer cannot boot woody CD1 try CD2-CD7 - they use
 floppy-emulation and should work on old computers.

Good to know. Is that in the install docs somewhere?

MfG
Goswin

Re: Improper NMU (Re: NMU for libquota-perl)

[Bas Zoetekouw]

Hi Elie!

You wrote:

 The NMU was made before I was in any way contacted.

That's exactly why it was uploaded to DELAYED instead of incoming.

 I don't think anyone is arguing that the fix isn't needed; I don't,
 however, appreciate being treated like an MIA maintainer and having

If so, why didn't you upgrade the package before? There has been ample
warning about the perl 5.8 transition and the BSP.

 my responsibilities coopted. There is no urgency that requires an
 NMU if it's not important enough to file a bug.

Oh, I could very well have filed a grave bug along with the NMU. I just
found it more convenient to mail the maintainer directly. I agree with
you that the guidelines state that this communication should be done via
the BTS (I wasn't aware of that, and I will do that in the future), but
I find this a minor issue, because it wouldn't have changed anything. 

-- 
Kind regards,
+---+
| Bas Zoetekouw  | Si l'on sait exactement ce   |
|| que l'on va faire, a quoi|
| [EMAIL PROTECTED] | bon le faire?|
| [EMAIL PROTECTED] |   Pablo Picasso  |
+---+ 

Re: The harden-*flaws packages.

[Ola Lundqvist]

Hi

Thanks for the arguing.

On Sun, Sep 01, 2002 at 09:22:56PM -0400, Daniel Martin wrote:
 Martin Schulze [EMAIL PROTECTED] writes:
 
  Please see the thread summarized in 
  http://www.debian.org/News/weekly/2002/29/:
  
  Policy for Woody Point-Releases. [4]Several [5]developers [6]would
  [7]like to add new packages and updates to their packages to the
  recently released stable distribution of Debian. Adding new packages
  and random updates to the stable distribution, however, would nullify
  the entire idea of having a stable release, Joey [8]explained. Hence,
  the same policy as before will be used for point-releases of woody.
 
 Yes, but how does this apply to a package that does nothing but
 conflict with existing packages?  (As is the case with most of the
 harden-* packages)
 
 Agreed, _random_ updates would be a bad thing.  However, what the
 maintainer is proposing here is updates that are driven by DSAs.
 Although I find it a slight stretch, one could easily argue that the
 updates to the harden-*flaws packages are security updates.
 
 These updates share another feature with security updates.  Imagine
 the package netostrich, which helps you bury your head in the sand
 remotely.  Now, suppose the upstream authors discover a flaw in the
 2.0 series of netostrich prior to version 2.33 which allows random
 network users to bury other people's heads in the sand.  Sarge soon
 contains 2.34 with the security fix, yet woody contains 2.29.1 with a
 backported fix.  Then there would similarly need to be two
 harden-remoteflaws; one for woody, which conflicts with netostrich
 prior to 2.29.1, and one for sarge, which conflicts with netostrich
 prior to 2.34.  The harden-*flaws update has to be backported along
 with the backported fix to netostrich.
 
 Now, if we want the harden-remoteflaws package to be at all useful, it
 needs to be updated along with DSAs...

Yes. Luckily I just saw someone that have written a script that checks
the DSA:s and tell the maintainer that he/she has a vulnerable package.
That is a good solution (best?). The problem is that the DSA is 
not able to distinguish between local/remote/3rdparty flaws but
that is not always interesting.

 Hrm.  The more I think about this the more I wonder if maybe the
 harden-*flaws packages make much sense in stable at all.  If someone
 is apt-get'ing from security.debian.org, they're already replacing
 vulnerable versions with fixed ones.  If someone is updating from a
 point release CD, the same thing applies.  The only case where I can
 see it making sense is with someone following testing with most of
 their packages on hold (they really want a stable system, and only
 upgrade a package when they need to).  Am I missing a scenario?

Yes. When you have a lot of own-compiled debs in an other archive
which can be more or less stable.

So my suggestion (which it probably will be) is that the harden-*flaws
package either contain that (or such a) script or depend on it.

Maybe I will merge the *flaws into a flaws package.

Regards,

// Ola

 
 -- 
 To UNSUBSCRIBE, email to [EMAIL PROTECTED]
 with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
 

-- 
 - Ola Lundqvist ---
/  [EMAIL PROTECTED] Björnkärrsgatan 5 A.11   \
|  [EMAIL PROTECTED] 584 36 LINKÖPING |
|  +46 (0)13-17 69 83  +46 (0)70-332 1551   |
|  http://www.opal.dhs.org UIN/icq: 4912500 |
\  gpg/f.p.: 7090 A92B 18FE 7994 0C36  4FE4 18A1 B1CF 0FE5 3DD9 /
 ---

Re: Security notification script

[Ola Lundqvist]

Hi again,

I'm I right when I say that this script only can follow the
DSA:s that cover woody? It is nice but I would really like a
version that can handle sid too. :) It would be some
more text processing but I think it is doable.

Do you want me to make a dependency/recommend from
harden-*flaws to this package?

Regards,

// Ola

On Fri, Aug 30, 2002 at 01:13:18PM +0200, Ola Lundqvist wrote:
 On Mon, Aug 26, 2002 at 09:31:34PM +0100, Rob Bradford wrote:
  I have written a python script that allows you to compares locally
  installed  packages with those on security.debian.org. Furthermore it
  provides a description of the problem/DSA name if the package is
  mentioned in the DSA RDF.
 
 That looks really interesting for the harden packages. Especially for
 the harden-*flaws packages. It is probably a better approach than 
 uploading new harden-fooflaws everytime. Is it possible for your script
 to differentiate between local and remote flaws?
 
  The script is intended to be run as a normal user in a crontab, and thus
  produces no output if the system is completely upto date.
  
  You will need to install python2.2 and python2.2-xml prior to using the
  script which can be found at
  http://www.robster.org.uk/files/security-update-check.py
  
  Any feedbacl/ideas would be much appreciated. I plan to make some minor
  changes and package this up later this week :)
 
 Maybe you want to have it in the harden-*flaws package or simply make
 these depend on your package. The later is maybe better.
 
 Regards,
 
 // Ola
 
  Cheers
  
  Rob
  -- 
  Rob 'robster' Bradford
  Founder: http://www.debianplanet.org/
  Developer: http://www.debian.org/
  Monkey with keyboard: http://www.robster.org.uk/
 
 
 
 -- 
  - Ola Lundqvist ---
 /  [EMAIL PROTECTED] Björnkärrsgatan 5 A.11   \
 |  [EMAIL PROTECTED] 584 36 LINKÖPING |
 |  +46 (0)13-17 69 83  +46 (0)70-332 1551   |
 |  http://www.opal.dhs.org UIN/icq: 4912500 |
 \  gpg/f.p.: 7090 A92B 18FE 7994 0C36  4FE4 18A1 B1CF 0FE5 3DD9 /
  ---
 
 
 -- 
 To UNSUBSCRIBE, email to [EMAIL PROTECTED]
 with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
 

-- 
 - Ola Lundqvist ---
/  [EMAIL PROTECTED] Björnkärrsgatan 5 A.11   \
|  [EMAIL PROTECTED] 584 36 LINKÖPING |
|  +46 (0)13-17 69 83  +46 (0)70-332 1551   |
|  http://www.opal.dhs.org UIN/icq: 4912500 |
\  gpg/f.p.: 7090 A92B 18FE 7994 0C36  4FE4 18A1 B1CF 0FE5 3DD9 /
 ---

Re: Improper NMU (Re: NMU for libquota-perl)

[Goswin Brederlow]

Elie Rosenblum [EMAIL PROTECTED] writes:

 On Mon, Sep 02, 2002 at 02:25:30AM +0100, Colin Watson wrote:
  On Sun, Sep 01, 2002 at 09:19:17PM -0400, Elie Rosenblum wrote:
   On Mon, Sep 02, 2002 at 02:16:11AM +0100, Colin Watson wrote:
Technically it wasn't. The upload is still in the DELAYED queue, which
is really just a convenient automated way of saying I'll NMU this
package in n days if I don't hear anything, with the added bonus of
allowing the maintainer to poke at it and see exactly what would go in
in the absence of a maintainer upload. I usually explain this when using
the delayed queue.
   
   I assume you also submit a bug.
  
  Quite.
 
 Would you agree that performing an NMU without a BTS entry is wrong?
 
   Do you generally do this without leaving a bug for a few days first?
  
  In the case of the perl transition I've been given to understand by the
  actions of other developers that the -devel-announce post on 31st July
  was enough. Otherwise no.
 
 I see.
 
 Well, I disagree with this (as do I believe some others), but only
 in that no NMU should be done until the bug has existed for a few
 days (if nothing else, this addresses the distinct possibility of
 NMUs actually breaking stuff, which has already been brought up in
 this thread). I'm probably not going to convince you of this, any

The Bug existet since 31st July even if it wasn't formaly in the BTS
against your package.

 more than you will convince me that I'm wrong here. I have not,
 however, been hit with this general case...I've been hit with an
 irresponsible maintainer performing an NMU without submitting a
 bug at all, even if it was 5 minutes before he uploaded. This is
 just plain wrong, and something that can cause us really serious
 problems if people start to imagine that it's acceptable - 
 especially since we have little control over which keys can
 successfully upload any given package.

In the case of something so trivial as causing a recompile for a
problem that has been known for some time the warning given by the
delayed upload should be enough.

Do we realy need to mass-file bugreports for this? Thats the
alternative to mentioning something like the perl transition on -devel
and then fix it in a group effort some time afterwards.


You might have a point in general but not in this case.

Just my 2c of though, don't blame anyone else.
Goswin

Re: The harden-*flaws packages.

[Goswin Brederlow]

Daniel Martin [EMAIL PROTECTED] writes:

 Martin Schulze [EMAIL PROTECTED] writes:
 
 Hrm.  The more I think about this the more I wonder if maybe the
 harden-*flaws packages make much sense in stable at all.  If someone
 is apt-get'ing from security.debian.org, they're already replacing
 vulnerable versions with fixed ones.  If someone is updating from a
 point release CD, the same thing applies.  The only case where I can
 see it making sense is with someone following testing with most of
 their packages on hold (they really want a stable system, and only
 upgrade a package when they need to).  Am I missing a scenario?

They should have stable as their distribution with highest priority
for apt. That includes security for stable.

On top of that the few packages they want more current can be
installed from woody or sid. No need to keep everything else on hold,
making stable first priority for apt should be enough.

And then they would get security updates.

MfG
Goswin

Re: Packages affected by removal of free mp3 players

[Goswin Brederlow]

Joe Drew [EMAIL PROTECTED] writes:

 If the worst does happen, and we need to remove all mp3 players from
 Debian, many packages will be affected. Most of these are because of

Why no non-free versions?

 their dependency on libsmpeg, which is the SDL MPEG audio and video
 decoder. Others depend on other MP3-playing libraries, such as libmad,
 mpeglib (which is named oddly), etc. (Please let me know if I've
 forgotten some.) A few packages depend on mpg321 as well - mostly
 front-ends.

un versions or dummy versions could be provided to make the
software work but not the mp3 features. Would be quite stupid for
mpg321 but for ogg it would make sense. People could then get a real
mp3lib from non-free or somewhere else and replace the un version
with that without recompile of the debs.

MfG
Goswin

Bug#159271: ITP: ogmtools -- Tools for handling Ogg media streams

[Marc Leeman]

Package: wnpp
Version: N/A; reported 2002-09-02
Severity: wishlist

* Package name: ogmtools
  Version : 0.901
  Upstream Author : Moritz Bunkus [EMAIL PROTECTED]
* URL : http://www.bunkus.org/videotools/ogmtools/
* License : GPL, LGPL, BSD, MIT/X, etc.
  Description : Tools for handling Ogg media streams


These tools allow information about (ogminfo) or extraction from
(ogmdemux) or creation of (ogmmerge) OGG media streams. 

-- System Information
Debian Release: testing/unstable
Architecture: i386
Kernel: Linux mykene 2.4.19-xfs #1 Mon Aug 26 14:55:46 CEST 2002 i686
Locale: LANG=C, LC_CTYPE=C

Re: Java policy

[Ola Lundqvist]

Hi again.

I have not seen very much complains on the policy. Actually none
on fact.

So what further steps should I take in order to make this an
official policy?

On Sat, Aug 31, 2002 at 01:56:15PM +0200, Robert Bihlmeyer wrote:
 Ola Lundqvist [EMAIL PROTECTED] writes:
 
  There are some things that might want to be added before it
  becomes truly official.
  
  See the policy at:
  http://www.debian.org/doc/packaging-manuals/java-policy/
  
  * gcj and how to handle that (should it be mentioned at all?).
 
 I don't have the specifics to that handy. URL?

Somewhere in the [EMAIL PROTECTED] archives, do not remember.

  * should all virtual machines that provides a java2 virtual machine
also provide a 'java2' command (not 'java').
 
 As the originator of this request, I'd be happy to have an official
 version without this and punt this to the next version.

Ok.

  * How to handle jar dependencies? Should there be some kind of
mechanism for that?
 
 Since nobody is currently on top of that, I'd suggest leaving it out,
 too.

Agreed.

Regards,

// Ola

-- 
 - Ola Lundqvist ---
/  [EMAIL PROTECTED] Björnkärrsgatan 5 A.11   \
|  [EMAIL PROTECTED] 584 36 LINKÖPING |
|  +46 (0)13-17 69 83  +46 (0)70-332 1551   |
|  http://www.opal.dhs.org UIN/icq: 4912500 |
\  gpg/f.p.: 7090 A92B 18FE 7994 0C36  4FE4 18A1 B1CF 0FE5 3DD9 /
 ---

Re: woody CD not bootable with adaptec + scsi-cdrom

[Andreas Metzler]

Goswin Brederlow [EMAIL PROTECTED] wrote:
 Andreas Metzler [EMAIL PROTECTED] writes:
[...]
 Goswin Brederlow [EMAIL PROTECTED] wrote:
[...] 
 I the discovered that the woody CD (linuxtag prerelease) doesn't
 boot. I heard of similar for the real woody release CDs on irc.
 
 Can anyone boot the CDs, which one of the set and what hardware?
[...]
 I can boot from CD1, on a PentiumMMX-class machine (SiS 5591/5), an
 iirc 1 year old Athlon 800 (VIA 133) and a 2 month old Duron1200
 (VIA 266A).

 Who cares about your cpu?

Hello,
Nobody does, but mentioning CPU and mainboard chipset should give a
good idea how old the system was. (I do not know the exact dates, else
I would have mentioned them.)

 What cdrom? ide or scsi? What controler?

Sorry, all machines were IDE only.

 Also whats different between potato and woody?
 
 potato used floppy-emulation, woody _CD1_ uses isolinux(??).

 That explains the difference in output. The floppy emulation shows up
 when the adaptec detects the bootable cdrom. Or is that unrelated?

Afaik no, my old computer's BIOS showed too whether it was using floppy
emulation.

[...]
 If your computer cannot boot woody CD1 try CD2-CD7 - they use
 floppy-emulation and should work on old computers.

 Good to know. Is that in the install docs somewhere?

Of course.

| 5.2 Booting from a CD-ROM
[...]
| CD #1
[...]
| If your hardware doesn't support booting of multiple images, put
| one of the other CDs in the drive. It appears that most SCSI CD-ROM
| drives do not support isolinux multiple image booting, so users
| with SCSI CD-ROMs should try either CD2 (vanilla) or CD3 (compact),
| or CD5 (bf2.4).

BTW it'd be nice if could respect Mail-Followup-To and did not cc me,
I would be very surprised if your MUA Gnus did not support this.
TIA, cu andreas
-- 
Unofficial _Debian-packages_ of latest _tin_
http://www.logic.univie.ac.at/~ametzler/debian/tin-snapshot/

[PHP] Standard placement of PHP libraries?

[Matthew Palmer]

I guess this is probably going to turn into a mini-policy discussion, and I
hope so, because I think we need some level of standardisation.

There are several PHP extension libraries packaged for Debian; I guess the
most famous is probably pear, but I maintain one (phtml, used by some other
packages I maintain) and I know there are a couple of others out there, too.
By these libraries I'm not talking about binary modules, I'm talking about
extension libraries written in PHP and available by include('whatever'). 
It's the 'whatever' that I'm mostly interested in discussing for now.

PEAR uses /usr/share/pear, and has an entry in include_path for it.  Hence,
to use any PEAR-shipped function, simply refer to the file by name, relative
to that directory.  Nice, very simple, I highly approve.  Since PEAR holds a
special status, perhaps that should change.

But what about every other PHP extension library out there?  libphp-adodb,
for instance, uses /usr/lib/adodb - in violation of the FHS, I believe,
since PHP scripts shouldn't be architecture specific.  But that's not really
the issue here - the point is, where *should* PHP includes go?

I would like to propose /usr/share/php4 as the place for all scripts
intended to run under php4 (whatever subversion) and intended for inclusion
in other PHP scripts.  All packages would install their inclusion hierarchy
under /usr/share/php4/package name, and scripts which wanted to use their
functionality would include('package name/include.php').  Naming of
include files, including their extension, would be left to the discretion of
individual maintainers.

The bonus would be that the php4 maintainer would only have to add one
(fairly self-explanatory) directory entry to php4.ini for all time, no other
package would have to worry about modifying php4.ini or getting the user to
do so (BTDT, not much fun).

I can't see any real downsides, as long as everybody plays along.  I'd like
to know of any that anyone can think of.  If there are no objections, and
anyone else thinks it's a worthwhile idea, I'll put my thoughts into a
formal proposal to Policy, for official comment.  I'd rather get shot down
in flames now than get my hopes up.


-- 
Matthew Palmer, Debian Developer
[EMAIL PROTECTED] http://www.debian.org

Re: Improper NMU (Re: NMU for libquota-perl)

[Sebastian Rittau]

On Sun, Sep 01, 2002 at 09:06:20PM -0400, Elie Rosenblum wrote:

 The NMU was made before I was in any way contacted.

Would you please stop bitching, you're getting on my nerves. Except you
nearly nobody sees this as a problem. If you're not able to maintain
your packages properly and in a timely manner, and your holding up a
major part of the distribution, it's your fault. The was no harm done,
it was pointed out several times how you can prevent the NMU'ed package
from entering unstable, so you have absolutely no point.

Remember: You're just the package maintainer. The package does not belong
to you and it's not yours by any means.

 - Sebastian

[PHP] Placement of PHP programs?

[Matthew Palmer]

As a kind of an adjunct to the other discussion on PHP libraries, what about
PHP programs?  Not quite so touchy, as I can't see a single way forward here
(and there's no blazingly obvious reason to do so).  So what are people's
best thoughts on the matter?  Most packages I've seen put their
web-accessible content in /usr/share/package, then either set up a
separate apache config and include it from the main apache config
(phpgroupware does it this way, for one example) while other packages modify
apache.conf more intrusively.  I'm a fan of the phpgroupware method, which
at least minimises pain.

So where to put the program itself?  /usr/share is the common place, I guess
that's the place to go.  Does anyone think there's another good place, and
has a reason for it?  Config should, of course, go in /etc/packagename,
including (if appropriate) the apache config to allow apache to find it.

But what if people are using a different Web server?  It's possible, so why
are we blindly assuming apache?  Should we cater for the default, and anyone
doing differently should know enough to fix the problem themselves?  That's
a possibility.

And what about where in the docroot we put our program for accessability? 
Right in the docroot might squash something already there.  How about
letting the user choose?  Ooh, there's something that could start a hornet's
nest.  Check if something's already there - but how do we do that?  ls
/var/www/packagename *might* work, grep '/packagename'
/etc/apache/*.conf would help too.  We'd probably find most cases between
those two checks.

Anyway, I want to know your thoughts.  Please share.

-- 
Matthew Palmer, Debian Developer
[EMAIL PROTECTED] http://www.debian.org

RFC: A regression test framework for Debian packages?

[Jérôme Marant]

One year ago, Martin Michlmayr made a speach at the Debian
Conference 1 about Quality Assurance within Debian and the
progress that have been made so far.
He mentioned that we lack regression tests for packages,
but as far as I know, no solution has been found.

What are regression tests?
--

  Regression tests are tests that are made to ensure that 
  the behaviour of a given program has not changed across
  releases.

Why?


  Currently, we have some way to check a package before it
  gets installed. That is what Lintian (and Linda as well ;-)
  is here for: checks are performed on the content of the
  binary and source package.

  However, we have no way to check a package after its
  installation. And in most of the cases, Lintian checks
  cannot prevent software breakages.

  Until now, developers need to test packages manually:
  installation, upgrade, removal, purge, failures and so on.
  This can be very painful and boring when you have different
  ways to configure your packages, especially when they
  have to be configured through debconf.
  Furthermore, some packages may perform some complex
  tasks like database creation/upgrades, web server configuration,
  mail aliases management, etc and user configuration and
  environment may vary, making the success of such tasks
  unpredictable.

What?
-

  The main idea is to make tests on package installation
  and after their installation is completed.

  Here is a list of possible tests that come to my mind
  (in no special order):

  - tests on maintainer scripts: maintainer scripts perform
  some very simple tasks like: changing ownerships and
  permissions, starting daemons, creating users/groups, etc.
  They are likely to change across releases, and as they
  are mostly written in shell, they are error prone.

  This could be as complex as checking that a database has
  been properly configured, that a LDAP directory has been
  properly populated, that a web server has been correctly
  modified.

  - debconf tests: there are usually many possible answer
  to debconf question and different paths within. Some
  tests can be written to simulate user interaction, providing
  a broader set of configuration answer. Checks would be
  made with respect to some given answers.

  - configuration files tests: some behaviours may vary with
  respect to configuration options. Tests would provide
  a set of configuration files and their matching expected
  behaviour.

  - application-specific tests: sometimes Debian customize
  applications and we may want to see if nothing has been
  broken.

  - ...

How?


  In a chrooted environment, we can install deboostrap and
  package dependencies through APT.

  Then, we need some program that would execute some simple
  scripts in a pseudo language (for safety purpose, tests must
  be error prone as much as possible) describing what tests have
  to be performed, and how they would be performed.

  This is only a short summary :-)

Do we need this?
-

  Although this may look boring for small packages, I have
  many reasons to think that this can be usefull for complex
  packages. We can imagine running such test overnight for
  packages maintained via CVS.


Comments are welcome.

Thanks.

Cheers,

PS: Please, no CC on reply, I'm subscribed to the list.

-- 
Jérôme Marant

Re: Improper NMU (Re: NMU for libquota-perl)

[Tomas Pospisek's Mailing Lists]

On Mon, 2 Sep 2002, Sebastian Rittau wrote:

 Remember: You're just the package maintainer. The package does not belong
 to you and it's not yours by any means.

Oh, I think you are very mistaken. It is not his in the sense that it's
under GPL. But it's his in the sense that since he is its official
maintainer others should respect that.

And as is the case in the GPL world - everybody is free to fork his
package and maintain his own, if he thinks some maintainer is not doing
his work or refusing to let someone else do it in a better way.

This being said I'm not refering here to the quality of anybody's work nor
to what has been discussed in this thread here - just to the basic
principle.
*t

--
---
 Tomas Pospisek
 SourcePole   -  Linux  Open Source Solutions
 http://sourcepole.ch
 Elestastrasse 18, 7310 Bad Ragaz, Switzerland
 Tel: +41 (81) 330 77 11
---

Re: Improper NMU (Re: NMU for libquota-perl)

[Raphael Hertzog]

Le Mon, Sep 02, 2002 at 12:20:22AM -0400, Elie Rosenblum écrivait:
 Would you agree that performing an NMU without a BTS entry is wrong?

Nope.

The strict minimum is :
- create a patch for the NMU
- make the patch available to the maintainer (via direct mail or bts)

If you upload the package to DELAYED, it is enough to respect the spirit
of the NMUs guidelines (which are in developers-reference).

BTW, the developers-reference evolved quite a bit since the good old
days, and the DELAYED stuff is mentionned in the NMU guidelines...
please read it again.

http://www.debian.org/doc/manuals/developers-reference/index.en.html

 I've been hit with an
 irresponsible maintainer performing an NMU without submitting a
 bug at all, even if it was 5 minutes before he uploaded.

This is ridiculous. An NMU is not a punishment for bad maintainers,
it's an offer of help to help you catch up in your Debian work.

No one should be offended by an NMU.

 especially since we have little control over which keys can
 successfully upload any given package.

You want respect for yourself, you don't want to be treated like
an irresponsible maintainer, but you show absolutely no respect to
people who are doing NMUs to help you.

Think about it, people doing NMUs are other Debian developers like you 
who take their free time to help you, and look how you thank them.

Even if he made a mistake, it's not a big one, the upload was to
DELAYED, the package has not yet been installed, you have a chance
to dump the NMU by uploading your own fix.

Cheers,
-- 
Raphaël Hertzog -+- http://www.ouaza.com
Formation Linux et logiciel libre : http://www.logidee.com

Re: Improper NMU (Re: NMU for libquota-perl)

[Martin Wheeler]

On Mon, 2 Sep 2002, Sebastian Rittau wrote:

  If you're not able to maintain
 your packages properly and in a timely manner, and your holding up a
 major part of the distribution, it's your fault.

I'm interested in this.
Individuals differ greatly in their working methods.
So what is considered: in a timely manner?  (Seriously.)

I have dropped out of several co-operative projects in the past simply
because I'm a relatively slow worker -- i.e. I don't tend to give three
or four fast responses to collective development _in the same day_.
I find that sort of speed of progression highly de-motivating.
Am I alone in this?  (I might take up to a week to respond to any
particular event -- this is normal for _me_.)

I'm curious as to what the expectations of other debian-developers are --
for example, does not being online 24/7 -- or even once a day --
effectively create a barrier to participation in collective development
projects in debian?  (Theory would say: No.  But what does _practical_
experience dictate?)

So I guess my question really is: what is timely; and what is
untimely?
Where is it defined?  By whom?  Does it make sense?

Just curious.

msw
-- 
Martin Wheeler   -StarTEXT - Glastonbury - BA6 9PH - England
[EMAIL PROTECTED]http://startext.demon.co.uk/
GPG pub key:8D6B948B  ECC6 D98E 4CC8 60E3 7E32  D594 BB27 3368 8D6B 948B
 - Share your knowledge. It's a way of achieving immortality. -

Re: Improper NMU (Re: NMU for libquota-perl)

[Martin Wheeler]

On Mon, 2 Sep 2002, Raphael Hertzog wrote:

 This is ridiculous. An NMU is not a punishment for bad maintainers,
 it's an offer of help to help you catch up in your Debian work.

 No one should be offended by an NMU.

 ... and might I add, that in the case of documentation, it should be
actively sought after?   (From each and every reader?)

That is, insofar as text presentation (grammar; syntax; orthography;
punctuation; etc.) is concerned; factual content of the text should be
subject to discussion with the author[s] of the documentation.  Although
when information given is plain wrong, or out of date, I'm all in favour
of instantaneous amendment by the reader without reference to the author.
(I speak in knowledge of cause; I'm guilty of not updating out-of-date
information myself in most documents I maintain.)

In this respect, maintainership of documentation is vastly different to
maintainership of code; but the basic principle of intervention to
*help* (and not obliquely castigate), holds true.

msw
-- 
Martin Wheeler   -StarTEXT - Glastonbury - BA6 9PH - England
[EMAIL PROTECTED]http://startext.demon.co.uk/
GPG pub key:8D6B948B  ECC6 D98E 4CC8 60E3 7E32  D594 BB27 3368 8D6B 948B
 - Share your knowledge. It's a way of achieving immortality. -

Re: RFC: A regression test framework for Debian packages?

[Jamie Wilkinson]

This one time, at band camp, Jérôme Marant wrote:
  In a chrooted environment, we can install deboostrap and
  package dependencies through APT.

About 6 months ago I started writing some code in expect to do just this, to
test my quake2-data installer package.  I was able to install the package
into an UML machine, answer the debconf questions, and check the location of
the installed files (being an installer package, not all files installed by
the package are in the deb).

I haven't touched this code for a long time, but I've been meaning to clean
it up and start doing regression testing on parts of the archive.  I envisage
being able to run it once a week on the entire archive, testing the
ability of every pacakge to cleanly upgrade from woody to sarge, and back
again.

-- 
[EMAIL PROTECTED]   http://spacepants.org/jaq.gpg

Re: Improper NMU (Re: NMU for libquota-perl)

[Glenn Maynard]

On Mon, Sep 02, 2002 at 09:32:42AM +, Martin Wheeler wrote:
 I have dropped out of several co-operative projects in the past simply
 because I'm a relatively slow worker -- i.e. I don't tend to give three
 or four fast responses to collective development _in the same day_.
 I find that sort of speed of progression highly de-motivating.
 Am I alone in this?  (I might take up to a week to respond to any
 particular event -- this is normal for _me_.)

I treat mailing list discussions as a lagged IRC conversation--when I
see a message, time permitting, I reply to it.  If I'm actively working
on a project, I'm generally monitoring related lists, so I don't have a
problem with any number of replies a day.

I don't expect the same from all developers (especially when time zones,
sleeping habits and employment cause us to be active on lists at different
times of day), but when I'm being forced-delayed pending a discussion,
having less than an interaction a day is frustrating.  A week would
probably drive me away from a project completely, at least for active
development.

If, by the time I get a reply, I've forgotton that I was waiting for
one--a couple days--it's no longer a cohesive discussion, in my mind, but
a series of related but disconnected emails.

-- 
Glenn Maynard

Re: Improper NMU (Re: NMU for libquota-perl)

[Mark Brown]

On Mon, Sep 02, 2002 at 09:16:24AM +0200, Goswin Brederlow wrote:

 In the case of something so trivial as causing a recompile for a
 problem that has been known for some time the warning given by the
 delayed upload should be enough.

While a recompile *should* be trivial they still have the potential to
break things.

For example, I'm currently in the middle of preparing a NMU for a
package.  As in this case the NMU involves no code changes (a tweak to
the control file is all) but unfortunately a simple recompile of the
package produces binaries that fail to work.  This is unquestionably a
bug in the package but it's not something that would have been shown up
if someone simply rebuilt without properly testing.

-- 
You grabbed my hand and we fell into it, like a daydream - or a fever.

Re: Improper NMU (Re: NMU for libquota-perl)

[Raphael Hertzog]

Le Mon, Sep 02, 2002 at 09:32:42AM +, Martin Wheeler écrivait:
 Individuals differ greatly in their working methods.
 So what is considered: in a timely manner?  (Seriously.)

In this case, it is several weeks since the first announce of the perl
5.8 update.

And we don't have a generic response, it depends on the package you
maintain and so on. If you just uploaded dpkg with a very annoying bug,
it would be almost unacceptable to disappear for a full week. For a
secondary package it doesn't matter...

Cheers,
-- 
Raphaël Hertzog -+- http://www.ouaza.com
Formation Linux et logiciel libre : http://www.logidee.com

Re: [PHP] Placement of PHP programs?

[Fabien Penso]

Matthew a écrit : 

  As a kind of an adjunct to the other discussion on PHP libraries, what about
  PHP programs?  Not quite so touchy, as I can't see a single way forward here
  (and there's no blazingly obvious reason to do so).  So what are people's
  best thoughts on the matter?  Most packages I've seen put their
  web-accessible content in /usr/share/package, then either set up a
  separate apache config and include it from the main apache config
  (phpgroupware does it this way, for one example) while other packages modify
  apache.conf more intrusively.  I'm a fan of the phpgroupware method, which
  at least minimises pain.

Shouldn't webpage go to /var/www or at least /var/, and _not_ /usr/share
? We are talking about PHP, but it's still webpages after all.

The apache configuration should go into a separate file in /etc/apache/
which would be included in httpd.conf later; easier to modify I guess.

The software configuration should stay into the its location, the
software directory.

-- 
Fabien Penso [EMAIL PROTECTED] | LinuxFr a toujours besoin de :
http://perso.LinuxFr.org/penso/  | http://linuxFr.org/dons/
A PHP Template Engine ? Take the best ! http://templeet.org/


pgpmL8cOmeRRY.pgp
Description: PGP signature

Re: RFC: A regression test framework for Debian packages?

[Junichi Uekawa]

On Mon, 2 Sep 2030 11:20:05 +0200

 How?
 
 
   In a chrooted environment, we can install deboostrap and
   package dependencies through APT.
 
   Then, we need some program that would execute some simple
   scripts in a pseudo language (for safety purpose, tests must
   be error prone as much as possible) describing what tests have
   to be performed, and how they would be performed.
 
   This is only a short summary :-)

pbuilder has hooks to provide such checkings.


regads,
junichi

-- 
[EMAIL PROTECTED]  http://www.netfort.gr.jp/~dancer

Re: Bug#158683: ITP: oggasm -- MP3 to Ogg converter

[Dmitry Borodaenko]

On Fri, Aug 30, 2002 at 01:42:26PM +0200, Richard Atterer wrote:
 RA As usual Heise got it right:
 RA http://www.heise.de/newsticker/data/vza-28.08.02-000/ (German).

c't is a good info source, but this time they seem biased. First of all,
they completely miss the point that you made below:

 RA Thomson tolerate violations against their license are far as
 RA *de*coders are concerned. ... However, such a statement is not
 RA enough for us to keep MP3 decoders in the distribution, I'm afraid.

Next, their take on Ogg smells FUD:

   It is not a good idea as yet to rely exclusively on Ogg Vorbis,
   however: Even if Ogg Vorbis manages to close the quality gap between
   it and MP3 or even manages to get ahead of the latter, it will still
   take some time before Ogg-capable portable players make their
   appearance as hardware.

IFAIK (IANA Musician) Ogg Vorbis outmatches quality of MP3 for quite
some time. The hardware issue is indeed present, there is no free
fixed-point Vorbis decoder yet, but there is proprietary one, which
matches situation with hardware MP3 players that require loyalty fee.

If I'm not missing something and there is no other obstacles to adoption
of Ogg Vorbis save for inertia, the above sentence is just that, FUD.

-- 
Dmitry Borodaenko

Re: Bug#158683: ITP: oggasm -- MP3 to Ogg converter

[Dmitry Borodaenko]

On Fri, Aug 30, 2002 at 04:55:24PM +0200, Robert Millan wrote:
 RM we definitely need an mp3 decoder in debian if we want to fight the
 RM patent oppression at all. i think we need another branch for that
 RM kind of problems.

Debian/liberty in APT over FreeNet, anyone?

-- 
Dmitry Borodaenko

Re: RFC: A regression test framework for Debian packages?

[Jérôme Marant]

On Mon, Sep 02, 2002 at 08:19:19PM +0900, Junichi Uekawa wrote:
 On Mon, 2 Sep 2030 11:20:05 +0200
 
  How?
  
  
In a chrooted environment, we can install deboostrap and
package dependencies through APT.
  
Then, we need some program that would execute some simple
scripts in a pseudo language (for safety purpose, tests must
be error prone as much as possible) describing what tests have
to be performed, and how they would be performed.
  
This is only a short summary :-)
 
 pbuilder has hooks to provide such checkings.

Good, this is a good place to do such test IMO, I'll have a deeper
look at it.

Thanks. 

-- 
Jérôme Marant

Re: Some proposals about the Email-subsystem, was Re: RFC: OpenLDAP and TLS/SSL

[Javier Fernández-Sanguino Peña]

On Sun, Aug 25, 2002 at 02:56:46PM +1000, Martijn van Oosterhout wrote:
 On Sat, Aug 24, 2002 at 10:10:24PM -0600, Georg Lehner wrote:
  Hello!
  
  El sáb, 24-08-2002 a las 17:28, Martijn van Oosterhout escribió:
  ...
Proposal: By default no MTA will be installed.
   
   Umm, this may sound silly, but how will you do local delivery if there is 
   no
   MTA installed?
  ...
  
  Not silly.  MDA's like procmail can do local delivery standalone.
  Obviously no queue needed.
 
(..)
 What I'm saying is that to must have a mail-server install, even if it is
 just ssmtp or something like that.

Yes, however the mail server should not be running as a daemon nor
listening for incoming port 25 connections.

 
 I hope this is clearer.

Yes.

Javi

Re: shouldn't root.adm , -rw-r----- , be policy for all non-public log files?

[Javier Fernández-Sanguino Peña]

On Mon, Aug 26, 2002 at 06:13:30PM +0200, Joost van Baal wrote:
 Hi,
 
 I maintain the Lire package, which processes log files from e.g.
 sendmail, bind, apache, boa and lots of other services.  I don't want to
 run any Lire processes as root.  However, of course, the processes need

Which is quit sensible on your behalf.

 read access to log files.  Unfortunately, there seems to be no rule or
 policy on how access permissions for log files should be.  Wouldn't it
 be nice if all non-public log files were owned by group `adm', and
 groupreadable?  (World readability for public log files is fine too, of
 course.)  Currently, this is the case for quite a lot of commonly found
 log files.


I recently added a FAQ item in the Securing Debian Manual 
(http://www.debian.org/doc/manuals/securing-debian-howto/ch11.en.html#s11.1)

AFAIK there is no policy regarding log files, however, there *should* be one.

 
(...)
 , although similar issues were raised, no conclusion seems to have been
 reached on this specific subject (other than adm is to read logs.)
 
If so then policy should tell package maintainers to create logs
as root.adm or package_user.adm. IMHO the problem should be fixed by clarifying 
the
policy and having it written down. How about submitting a policy proposal?

Regards

Javi

Re: Security notification script

[Javier Fernández-Sanguino Peña]

On Mon, Sep 02, 2002 at 08:58:43AM +0200, Ola Lundqvist wrote:
 Hi again,
 
 I'm I right when I say that this script only can follow the
 DSA:s that cover woody? It is nice but I would really like a
 version that can handle sid too. :) It would be some
 more text processing but I think it is doable.
 

There are no DSAs for sids.. 

Javi

Re: Security notification script

[Javier Fernández-Sanguino Peña]

On Mon, Aug 26, 2002 at 09:31:34PM +0100, Rob Bradford wrote:
 I have written a python script that allows you to compares locally
 installed  packages with those on security.debian.org. Furthermore it
 provides a description of the problem/DSA name if the package is
 mentioned in the DSA RDF.
 
Notice that the RDF does not include *all* the DSAs, just the latest
(10?). Thus, if there is a week with *many* security updates your script might
miss vulnerable packages if not run daily.

 The script is intended to be run as a normal user in a crontab, and thus
 produces no output if the system is completely upto date.
 
 You will need to install python2.2 and python2.2-xml prior to using the
 script which can be found at
 http://www.robster.org.uk/files/security-update-check.py
 

Why Python? If you plan this script to be included in Debian-standard (such
as the cron task in checksecurity) python is out of the question. 
Could you write it in Perl? 

 Any feedbacl/ideas would be much appreciated. I plan to make some minor
 changes and package this up later this week :)
 

Well, it's already done. Check out Tiger: 
http://www.debian.org/doc/manuals/securing-debian-howto/ch9.en.html#s-keep-up-to-date
The problem with Tiger is that it has to be updated (both by the maintainer and 
the
administrator) to work effectively until a create a 'tiger-signatures' package 
that
can be updated regularly. 

But probably a stand-alone script is a good idea, it would appreciate it better
in another language. You cannot consider installing python in a production
environment where it's not really need it. Tiger, for example, is completely
shell-based (does not even need Perl).

Regards

Javi


pgpjgOEwiMxk7.pgp
Description: PGP signature

Re: Security notification script

[Ola Lundqvist]

On Mon, Sep 02, 2002 at 02:00:21PM +0200, Javier Fernández-Sanguino Peña wrote:
 On Mon, Sep 02, 2002 at 08:58:43AM +0200, Ola Lundqvist wrote:
  Hi again,
  
  I'm I right when I say that this script only can follow the
  DSA:s that cover woody? It is nice but I would really like a
  version that can handle sid too. :) It would be some
  more text processing but I think it is doable.
  
 
 There are no DSAs for sids.. 

Well there are no DSA for sid but in the DSA released for potato,
woody (and sarge?) unstable packages is mentioned. That is at least
true for the latest DSA:s.

See for example: http://www.debian.org/security/2002/dsa-159

... For the unstable distribution (sid) this has been fixed in version
1.5.2-24 of Python 1.5, in version 2.1.3-6a of Python 2.1 and in version
2.2.1-8 of Python 2.2. Python 2.3 is not affected by this problem...

Yes it is in the text but it would be really nice to parse this kind
of stuff.

Regards,

// Ola

   Javi
 
 
 -- 
 To UNSUBSCRIBE, email to [EMAIL PROTECTED]
 with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
 

-- 
 - Ola Lundqvist ---
/  [EMAIL PROTECTED] Björnkärrsgatan 5 A.11   \
|  [EMAIL PROTECTED] 584 36 LINKÖPING |
|  +46 (0)13-17 69 83  +46 (0)70-332 1551   |
|  http://www.opal.dhs.org UIN/icq: 4912500 |
\  gpg/f.p.: 7090 A92B 18FE 7994 0C36  4FE4 18A1 B1CF 0FE5 3DD9 /
 ---

Re: RFC: A regression test framework for Debian packages?

[Jérôme Marant]

On Mon, Sep 02, 2002 at 08:19:23PM +1000, Jamie Wilkinson wrote:
 This one time, at band camp, Jérôme Marant wrote:
   In a chrooted environment, we can install deboostrap and
   package dependencies through APT.
 
 About 6 months ago I started writing some code in expect to do just this, to
 test my quake2-data installer package.  I was able to install the package
 into an UML machine, answer the debconf questions, and check the location of
 the installed files (being an installer package, not all files installed by
 the package are in the deb).
 
 I haven't touched this code for a long time, but I've been meaning to clean
 it up and start doing regression testing on parts of the archive.  I envisage
 being able to run it once a week on the entire archive, testing the
 ability of every pacakge to cleanly upgrade from woody to sarge, and back
 again.

Nice! How does it work exactly? How do you write tests? Do you have scenarii
or something?

-- 
Jérôme Marant

Re: RFC: A regression test framework for Debian packages?

[Junichi Uekawa]

On Mon, 2 Sep 2030 13:51:42 +0200
(B
(B
(B This is only a short summary :-)
(B  
(B  pbuilder has hooks to provide such checkings.
(B 
(B Good, this is a good place to do such test IMO, I'll have a deeper
(B look at it.
(B
(B
(BCurrently I only have: 
(B$ ls -l pbuilder-script/
(B-rwxr-xr-x1 dancer   dancer 96  6$B7n(B 20 13:44 B90linda
(B
(B
(Bwhich runs B90linda script when build succeeds, which does:
(B
(B#!/bin/bash
(B# run linda on generated deb files
(Bapt-get install -y linda
(Blinda /tmp/buildd/*.deb
(B
(B
(B
(Band I've been running this through all of archive for a while now.
(B
(B
(Bregards,
(Bjunichi
(B
(B
(B-- 
(B[EMAIL PROTECTED]  http://www.netfort.gr.jp/~dancer

Re: Improper NMU (Re: NMU for libquota-perl)

[Andrew Suffield]

On Mon, Sep 02, 2002 at 09:32:42AM +, Martin Wheeler wrote:
 On Mon, 2 Sep 2002, Sebastian Rittau wrote:
 
   If you're not able to maintain
  your packages properly and in a timely manner, and your holding up a
  major part of the distribution, it's your fault.
 
 I'm interested in this.
 Individuals differ greatly in their working methods.
 So what is considered: in a timely manner?  (Seriously.)

Before somebody else is sufficiently motivated to do it.

I see no point in holding it against somebody if they don't fix it
first - as long as either somebody fixes it, or nobody cares, why does
it matter?

-- 
  .''`.  ** Debian GNU/Linux ** | Andrew Suffield
 : :' :  http://www.debian.org/ | Dept. of Computing,
 `. `'  | Imperial College,
   `- --  | London, UK


pgpbmRjrFdgxe.pgp
Description: PGP signature

Re: Security notification script

[Ola Lundqvist]

On Mon, Sep 02, 2002 at 02:07:34PM +0200, Javier Fernández-Sanguino Peña wrote:
 On Mon, Aug 26, 2002 at 09:31:34PM +0100, Rob Bradford wrote:
  I have written a python script that allows you to compares locally
  installed  packages with those on security.debian.org. Furthermore it
  provides a description of the problem/DSA name if the package is
  mentioned in the DSA RDF.
  
   Notice that the RDF does not include *all* the DSAs, just the latest
 (10?). Thus, if there is a week with *many* security updates your script might
 miss vulnerable packages if not run daily.

That is a good point. Is it possible to get this kind of information from
elsewhere (yes it is possible to dig it out of the html-pages) in a
similar (easy) manner?

  The script is intended to be run as a normal user in a crontab, and thus
  produces no output if the system is completely upto date.
  
  You will need to install python2.2 and python2.2-xml prior to using the
  script which can be found at
  http://www.robster.org.uk/files/security-update-check.py
  
 
 Why Python? If you plan this script to be included in Debian-standard (such
 as the cron task in checksecurity) python is out of the question. 
 Could you write it in Perl? 

Well I do not think it is suitable for standard (yet). It is a little bit
too non-mature for that. But I could rewrite his (I'm not the author) code
into perl if that is really needed.

But of course it should be better to write it in shell-code but that is
not that easy as to use xml interfaces within perl or python.

  Any feedbacl/ideas would be much appreciated. I plan to make some minor
  changes and package this up later this week :)
  
 
 Well, it's already done. Check out Tiger: 
 http://www.debian.org/doc/manuals/securing-debian-howto/ch9.en.html#s-keep-up-to-date
 The problem with Tiger is that it has to be updated (both by the maintainer 
 and the
 administrator) to work effectively until a create a 'tiger-signatures' 
 package that
 can be updated regularly. 

It is about the same problem as harden-*flaws.

 But probably a stand-alone script is a good idea, it would appreciate it 
 better
 in another language. You cannot consider installing python in a production
 environment where it's not really need it. Tiger, for example, is completely
 shell-based (does not even need Perl).

Good point.

Regards,

// Ola

   Regards
 
   Javi



-- 
 - Ola Lundqvist ---
/  [EMAIL PROTECTED] Björnkärrsgatan 5 A.11   \
|  [EMAIL PROTECTED] 584 36 LINKÖPING |
|  +46 (0)13-17 69 83  +46 (0)70-332 1551   |
|  http://www.opal.dhs.org UIN/icq: 4912500 |
\  gpg/f.p.: 7090 A92B 18FE 7994 0C36  4FE4 18A1 B1CF 0FE5 3DD9 /
 ---

Re: Improper NMU (Re: NMU for libquota-perl)

[Andrew Suffield]

On Sun, Sep 01, 2002 at 12:42:20PM -0400, Elie Rosenblum wrote:
 On Sun, Sep 01, 2002 at 06:37:52PM +0200, Bas Zoetekouw wrote:
  Hi Elie!
  
  You wrote:
  
   Why did you NMU this instead of submitting a bug?
   This is inappropriate.
  
  Well, it's the intent of a bug squashing party to _decrease_ the number
  of RC bugs, not to increase it. Also, we're trying to get the perl
  transition done this weekend. 
  Of course, I could've mailed you beforehand, but the fix is trivial, so
  I didn't really see the need for that.
  
   I maintain several perl libraries, and it would be easier if I just did
   them all at once.
  
  Which you can still do. I uploaded to DELAYED, so sooner uploads will
  be prefered by the installer.
 
 I also don't see a bug submitted with this. If you're submitting
 NMU's, you sure as hell better be submitting bugs with patches (or
 the fact that no patch is required other than rebuilding with an
 updated system).

The latter is the case here - the only changes are those clearly
documented in the mails to debian-perl and debian-devel-announce,
specifically:
 - The usual changelog entry
 - Increase of the version for perl in Build-Depends to = 5.8.0

All maintainers are supposed to be subscribed to -devel-announce, so
you must have received the mail warning you this would happen quite
some time ago.

 Please delete your uploads.

There's no need. DELAYED exists for precisely this purpose. An upload
to DELAYED says this:

I have built this fix, and it will be NMUed in X days unless you
upload something first.

If you upload a fixed package before the time runs out, then the
version of the package in DELAYED will be lower than the one in the
pool, so the upload will be rejected.

If you don't, the package is fixed anyway by the NMU.

Either way, everybody wins. The whole point of DELAYED is (AIUI) to
allow this kind of upload, where the maintainer has advance
notification and a chance of override it, but if they don't then the
new package will go into the pool.

-- 
  .''`.  ** Debian GNU/Linux ** | Andrew Suffield
 : :' :  http://www.debian.org/ | Dept. of Computing,
 `. `'  | Imperial College,
   `- --  | London, UK


pgpZRaydU8uZy.pgp
Description: PGP signature

Re: RFC: A regression test framework for Debian packages?

[Jamie Wilkinson]

This one time, at band camp, Jérôme Marant wrote:
On Mon, Sep 02, 2002 at 08:19:23PM +1000, Jamie Wilkinson wrote:
 This one time, at band camp, Jérôme Marant wrote:
   In a chrooted environment, we can install deboostrap and
   package dependencies through APT.
 
 About 6 months ago I started writing some code in expect to do just this, to
 test my quake2-data installer package.  I was able to install the package
 into an UML machine, answer the debconf questions, and check the location of
 the installed files (being an installer package, not all files installed by
 the package are in the deb).
 
 I haven't touched this code for a long time, but I've been meaning to clean
 it up and start doing regression testing on parts of the archive.  I envisage
 being able to run it once a week on the entire archive, testing the
 ability of every pacakge to cleanly upgrade from woody to sarge, and back
 again.

Nice! How does it work exactly? How do you write tests? Do you have scenarii
or something?

The expect script starts up a user-mode-linux on a pre-built chroot, and
then attempts to install the package in it.  If that succeeds, it tries to
purge it.  Testing an upgrade/downgrade requires a trivial bit of hacking in
the script.  Debconf questions/answers are read from a file, the questions
are watched for in the console output.

It's horridly inefficient, though---I chose uml over chroot because I wanted
ordinary users to be able to run it.

-- 
[EMAIL PROTECTED]   http://spacepants.org/jaq.gpg

Re: Improper NMU (Re: NMU for libquota-perl)

[Junichi Uekawa]

On Sun, 1 Sep 2002 19:14:37 +0200
Raphael Hertzog [EMAIL PROTECTED] wrote:

  I also don't see a bug submitted with this. If you're submitting
  NMU's, you sure as hell better be submitting bugs with patches (or
  the fact that no patch is required other than rebuilding with an
  updated system).
 
 The NMUer has to send the patch of the NMU to the maintainer, either
 through the BTS or directly, yes.

Please use the BTS for tracking patches.
It's often very hard to track, and NMUs do get lost.


regards,
junichi

-- 
[EMAIL PROTECTED]  http://www.netfort.gr.jp/~dancer

Re: The harden-*flaws packages.

[Javier Fernández-Sanguino Peña]

On Mon, Sep 02, 2002 at 08:47:53AM +0200, Ola Lundqvist wrote:
 
 Yes. Luckily I just saw someone that have written a script that checks
 the DSA:s and tell the maintainer that he/she has a vulnerable package.
 That is a good solution (best?). The problem is that the DSA is 
 not able to distinguish between local/remote/3rdparty flaws but
 that is not always interesting.

Why duplicate the work the Tiger package is already doing? I do not see the 
merit
of checking *only* for DSAs published in the RDF file (since that RDF file is
limited to a few DSAs only).

If you want a program to check for security flaws please use one designed for 
that
precisely. Tiger is such a program. Just have the *flaws package recommend: or
depend: on tiger.

Of course, there is room for improvement, the DSAs could be parsed from the WML
source to retrieve both the description *and* wether it's a local or remote 
issue
and populate the report accordingly (it currently just checks against version
packages) *also* we could provide MD5sums of know vulnerable packages (in the
stable distribution and proposed-updates).

Also, this information needs to be splitted off the package so it can work like
antivirus updates. Thus, signature updates could go to proposed-updates without
needing to update the program itself.

Regards

Javi

Re: RFC: A regression test framework for Debian packages?

[Jérôme Marant]

On Mon, Sep 02, 2002 at 10:42:32PM +1000, Jamie Wilkinson wrote:
 Nice! How does it work exactly? How do you write tests? Do you have scenarii
 or something?
 
 The expect script starts up a user-mode-linux on a pre-built chroot, and
 then attempts to install the package in it.  If that succeeds, it tries to
 purge it.  Testing an upgrade/downgrade requires a trivial bit of hacking in
 the script.  Debconf questions/answers are read from a file, the questions
 are watched for in the console output.
 
 It's horridly inefficient, though---I chose uml over chroot because I wanted
 ordinary users to be able to run it.

Thanks.

-- 
Jérôme Marant

Re: RFC: A regression test framework for Debian packages?

[Jérôme Marant]

On Mon, Sep 02, 2002 at 09:27:27PM +0900, Junichi Uekawa wrote:
 On Mon, 2 Sep 2030 13:51:42 +0200
 
 
  This is only a short summary :-)
   
   pbuilder has hooks to provide such checkings.
  
  Good, this is a good place to do such test IMO, I'll have a deeper
  look at it.
 
 
 Currently I only have: 
 $ ls -l pbuilder-script/
 -rwxr-xr-x1 dancer   dancer 96  6$B7n(B 20 13:44 B90linda
 
 
 which runs B90linda script when build succeeds, which does:
 
 #!/bin/bash
 # run linda on generated deb files
 apt-get install -y linda
 linda /tmp/buildd/*.deb
 
 
 
 and I've been running this through all of archive for a while now.

Thanks.

-- 
Jérôme Marant

Re: Packages affected by removal of free mp3 players

[Joe Drew]

On Mon, 2002-09-02 at 03:23, Goswin Brederlow wrote:
 Joe Drew [EMAIL PROTECTED] writes:
 
  If the worst does happen, and we need to remove all mp3 players from
  Debian, many packages will be affected. Most of these are because of
 
 Why no non-free versions?

Non-free versions aren't in Debian, and so removal doesn't really
affect them. However, for free packages, Removal could be moving them
to non-free or contrib, which notwithstanding Branden's thoughts is
still a possibility.

-- 
Joe Drew [EMAIL PROTECTED] [EMAIL PROTECTED]

This particular group of cats is mostly self-herding. -- Bdale Garbee

Re: [PHP] Placement of PHP programs?

[Henrique de Moraes Holschuh]

On Mon, 02 Sep 2002, Fabien Penso wrote:
   As a kind of an adjunct to the other discussion on PHP libraries, what 
 about
   PHP programs?  Not quite so touchy, as I can't see a single way forward 
 here
   (and there's no blazingly obvious reason to do so).  So what are people's
   best thoughts on the matter?  Most packages I've seen put their
   web-accessible content in /usr/share/package, then either set up a
   separate apache config and include it from the main apache config
   (phpgroupware does it this way, for one example) while other packages 
 modify
   apache.conf more intrusively.  I'm a fan of the phpgroupware method, which
   at least minimises pain.

This is probably the best way to do it.

 Shouldn't webpage go to /var/www or at least /var/, and _not_ /usr/share
 ? We are talking about PHP, but it's still webpages after all.

Don't you dare stuff my /var up with constant, non-arch-specific, program
text that should be in /usr in the first place :)

Hint: the fact it is in php4 makes it no more special than anything else.

 The software configuration should stay into the its location, the
 software directory.

As long as this is outside the exported url-space of the program.  The
braindamage has to be stopped somewhere...

-- 
  One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie. -- The Silicon Valley Tarot
  Henrique Holschuh

Re: The harden-*flaws packages.

[Ola Lundqvist]

Hi

On Mon, Sep 02, 2002 at 03:09:28PM +0200, Javier Fernández-Sanguino Peña wrote:
 On Mon, Sep 02, 2002 at 08:47:53AM +0200, Ola Lundqvist wrote:
  
  Yes. Luckily I just saw someone that have written a script that checks
  the DSA:s and tell the maintainer that he/she has a vulnerable package.
  That is a good solution (best?). The problem is that the DSA is 
  not able to distinguish between local/remote/3rdparty flaws but
  that is not always interesting.
 
 Why duplicate the work the Tiger package is already doing? I do not see the 
 merit
 of checking *only* for DSAs published in the RDF file (since that RDF file is
 limited to a few DSAs only).

Well my thought was to check for all DSA:s which apparently this script do not.

 If you want a program to check for security flaws please use one designed for 
 that
 precisely. Tiger is such a program. Just have the *flaws package recommend: or
 depend: on tiger.

On the other hand tigher does a lot of other things too. But the link
you gave me was very interesting.

 Of course, there is room for improvement, the DSAs could be parsed from the 
 WML
 source to retrieve both the description *and* wether it's a local or remote 
 issue
 and populate the report accordingly (it currently just checks against version
 packages) *also* we could provide MD5sums of know vulnerable packages (in the
 stable distribution and proposed-updates).
 
 Also, this information needs to be splitted off the package so it can work 
 like
 antivirus updates. Thus, signature updates could go to proposed-updates 
 without
 needing to update the program itself.

Agreed. Without having too much digging in tiger it might be a good
idea. The contact I have had with tiger is not very pleasant because it
bugged me with a lot of non-issues. That is maybe the reason why I
deinstalled it. :)

Regards,

// Ola

   Regards
 
   Javi
 
 
 -- 
 To UNSUBSCRIBE, email to [EMAIL PROTECTED]
 with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
 

-- 
 - Ola Lundqvist ---
/  [EMAIL PROTECTED] Björnkärrsgatan 5 A.11   \
|  [EMAIL PROTECTED] 584 36 LINKÖPING |
|  +46 (0)13-17 69 83  +46 (0)70-332 1551   |
|  http://www.opal.dhs.org UIN/icq: 4912500 |
\  gpg/f.p.: 7090 A92B 18FE 7994 0C36  4FE4 18A1 B1CF 0FE5 3DD9 /
 ---

Bug#159302: ITP: mcvs -- a version control system that is layered on top of CVS.

[Jesus Climent]

Package: wnpp
Version: N/A; reported 2002-09-02
Severity: wishlist

* Package name: mcvs
  Version : 0.22-1
  Upstream Author : Kaz Kylheku [EMAIL PROTECTED]
* URL : http://users.footprints.net/~kaz/mcvs.html
* License : GPL
  Description : a version control system that is layered on top of CVS.

 It is more capable than CVS, and is easier to use. Its main features are:
 .
  * Directory structure versioning.
  * Sane corner cases.
  * Simple branching and merging.
  * Support for symbolic links.
  * Tracking of third party code containing moves and renames.
  * Ease of deployment.

testing versions will be available from

http://pumuki.hispalinux.es/debian/packages/

-- System Information
Debian Release: 3.0
Architecture: i386
Kernel: Linux reypastor 2.2.20HL1 #4 mar may 21 15:35:56 CEST 2002 i686
Locale: [EMAIL PROTECTED], [EMAIL PROTECTED]

Re: The harden-*flaws packages.

[Javier Fernández-Sanguino Peña]

On Mon, Sep 02, 2002 at 04:09:21PM +0200, Ola Lundqvist wrote:
 Hi
 
  If you want a program to check for security flaws please use one designed 
  for that
  precisely. Tiger is such a program. Just have the *flaws package recommend: 
  or
  depend: on tiger.
 
 On the other hand tigher does a lot of other things too. But the link
 you gave me was very interesting.

Tiger can be configured easily to just check *one* thing. Just customize the 
cron
job at will.

(..)
 
 Agreed. Without having too much digging in tiger it might be a good
 idea. The contact I have had with tiger is not very pleasant because it
 bugged me with a lot of non-issues. That is maybe the reason why I
 deinstalled it. :)

There are still false positives in tiger, the template mechanism, however, takes
care so that an admin just sees a security warning *once* and not in every run 
of
the security test script (It's a simple diff, mind you, but it works)

Regards

Javi

Orphaning websec...

[Joop Stakenborg]

I am orphaning websec, here is the description:

Web Secretary is a web page monitoring software. However, it goes beyond
the normal functionalities offered by such software. Not only does it detect
changes based on content analysis (instead of date/time stamp or simple
textual comparison), it will email the changed page to you WITH THE NEW
CONTENT HIGHLIGHTED! 

It is a small but very useful package, which is unmaintained upstream.
I have kept it inside debian, because users still request for small changes
now and then. 

You will need a bit of perl knowledge to maintain it.

Joop

Re: The harden-*flaws packages.

[Ola Lundqvist]

On Mon, Sep 02, 2002 at 05:01:14PM +0200, Javier Fernández-Sanguino Peña wrote:
 On Mon, Sep 02, 2002 at 04:09:21PM +0200, Ola Lundqvist wrote:
  Hi
  
   If you want a program to check for security flaws please use one designed 
   for that
   precisely. Tiger is such a program. Just have the *flaws package 
   recommend: or
   depend: on tiger.
  
  On the other hand tigher does a lot of other things too. But the link
  you gave me was very interesting.
 
 Tiger can be configured easily to just check *one* thing. Just customize the 
 cron
 job at will.

That can be interesting for the harden-*flaws pacakges (or similar).

 (..)
  
  Agreed. Without having too much digging in tiger it might be a good
  idea. The contact I have had with tiger is not very pleasant because it
  bugged me with a lot of non-issues. That is maybe the reason why I
  deinstalled it. :)
 
 There are still false positives in tiger, the template mechanism, however, 
 takes
 care so that an admin just sees a security warning *once* and not in every 
 run of
 the security test script (It's a simple diff, mind you, but it works)

Ahh that looks great. Last time I checked it did not. Now I might be
able to use it again. :)

Now we just have to solve the upload-to-security problem, or simply
write some other check that scans the security.d.o web pages and
make clever things of it. Maybe using tiger, maybe some other things. But
because tiger can do similar things that might be useful.

Regards,

// Ola

   Regards
 
   Javi
 
 
 -- 
 To UNSUBSCRIBE, email to [EMAIL PROTECTED]
 with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
 

-- 
 - Ola Lundqvist ---
/  [EMAIL PROTECTED] Björnkärrsgatan 5 A.11   \
|  [EMAIL PROTECTED] 584 36 LINKÖPING |
|  +46 (0)13-17 69 83  +46 (0)70-332 1551   |
|  http://www.opal.dhs.org UIN/icq: 4912500 |
\  gpg/f.p.: 7090 A92B 18FE 7994 0C36  4FE4 18A1 B1CF 0FE5 3DD9 /
 ---

Re: Bug#158683: ITP: oggasm -- MP3 to Ogg converter

[Dmitry Borodaenko]

On Sun, Sep 01, 2002 at 03:28:23AM +0300, Richard Braakman wrote:
 RB I do think that discouraging the use of patent-encumbered
 RB standards is a useful way to fight patent oppression.  It sends
 RB the message that a patented standard is a dead standard.  Maybe
 RB companies will review their habits in that light.

As a one who lives in a post-communist dictatorship, I have a different
moral position on this issue.

Discouraging use of patent-encumbered technologies is the same as
political emigration: it is the easy way out of the oppression, but it
is nothing else but a defeat, and when you are fleeing to another
country, this defeat will follow you there. If you want to fight
oppression, you should fight where you stand, and not run away until
you're locked in a corner.

When you are retreating in such a way, you agree to abandon things that
are important to you: useful technologies become casaulty to patents and
your home and friends become casaulty to politics. Thus, you suffer
major immediate damage, while damage you deliver to oppressor is minor
and, honestly speaking, merely potential. Even worse, the fact that you
retreat without a fight actually encourages further oppression, both on
the territory you left and on territory you enter.

Instead, I would try to do some actual damage to the oppressors, in this
case by finding or creating such a way to ignore their limitations that
will not put the whole Debian project in a danger. I think making
patents practically unenforceable over free software would deliver much
stronger message.

Quoting Declan McCullagh: Put another way, who made a bigger
difference: Yet another letter-scribbling activist or Phil Zimmermann?
If you want to make a difference, don't just take your ball and walk
away: they don't need your ball.

-- 
Dmitry Borodaenko

Re: Bug#158683: ITP: oggasm -- MP3 to Ogg converter

[Russell Coker]

On Mon, 2 Sep 2002 17:22, Dmitry Borodaenko wrote:
 Discouraging use of patent-encumbered technologies is the same as
 political emigration: it is the easy way out of the oppression, but it
 is nothing else but a defeat, and when you are fleeing to another
 country, this defeat will follow you there. If you want to fight
 oppression, you should fight where you stand, and not run away until
 you're locked in a corner.

That moral stance makes sense.

However it can be applied in a different way to this situation.  Resolving to 
not use your PC for audio or video applications because of patents would be 
fleeing from opression.  Writing and supporting new programs to perform the 
same tasks without the patents is actively fighting back.

If the MP3 patents become worthless because everyone wants to use Vorbis 
technologies instead then the Frauhofer Institute will lose significant 
amounts of money!

-- 
I do not get viruses because I do not use MS software.
If you use Outlook then please do not put my email address in your
address-book so that WHEN you get a virus it won't use my address in the
From field.

Re: Improper NMU (Re: NMU for libquota-perl)

[Joey Hess]

John Goerzen wrote:
 I'm concerned that a single person has the power to dictate such dramatic
 changes in our procedures.  Why is the NMU procedure not codified in Debian
 Policy?  There, at least, we have a better mechanism of updating it.

Debian policy does not dictate how developers do stuff, it describes the
proper content of debian packages.

Aj's pronouncement that we should loosen NMU procedures was accepted
because it made it clear that this was a good idea and people agreed
with it, and because we generally respect Aj to make decisions that are
good for the release, not because it was a pronouncement from on high.

-- 
see shy jo


pgpumu6609ey5.pgp
Description: PGP signature

Re: Bug#158683: ITP: oggasm -- MP3 to Ogg converter

[Dmitry Borodaenko]

On Mon, Sep 02, 2002 at 05:56:08PM +0200, Russell Coker wrote:
 DB Discouraging use of patent-encumbered technologies is the same as
 DB political emigration: it is the easy way out of the oppression,
 DB but it is nothing else but a defeat, and when you are fleeing to
 DB another country, this defeat will follow you there. If you want to
 DB fight oppression, you should fight where you stand, and not run
 DB away until you're locked in a corner.
 RC That moral stance makes sense.
 RC 
 RC However it can be applied in a different way to this situation.
 RC Resolving to not use your PC for audio or video applications
 RC because of patents would be fleeing from opression.  Writing and
 RC supporting new programs to perform the same tasks without the
 RC patents is actively fighting back.

Agreed. But, encouraging development of patent-free and better
alternative is not exactly the same as discouraging the use of
patent-encumbered _free_ software. I'm all for the former, but I
disagree with the latter.

-- 
Dmitry Borodaenko

Re: The harden-*flaws packages.

[Javier Fernández-Sanguino Peña]

On Mon, Sep 02, 2002 at 05:13:51PM +0200, Ola Lundqvist wrote:
 
 Now we just have to solve the upload-to-security problem, or simply
 write some other check that scans the security.d.o web pages and
 make clever things of it. Maybe using tiger, maybe some other things. But
 because tiger can do similar things that might be useful.
 
It's in my todo list. Now DSAs are much more easy to parse. Some older DSAs
(pre-1999) might need special parsing however. Also, DSAs could be improved to 
add
an 'affected versions' tag (currently only the package name is provider, you can
infer the affected versions by looking the versions which *fix* the 
vulnerability).

Javi

Re: Improper NMU (Re: NMU for libquota-perl)

[Elie Rosenblum]

On Mon, Sep 02, 2002 at 10:41:48AM +0200, Raphael Hertzog wrote:
 Le Mon, Sep 02, 2002 at 12:20:22AM -0400, Elie Rosenblum ?crivait:
  Would you agree that performing an NMU without a BTS entry is wrong?
 
 Nope.
 
 The strict minimum is :
 - create a patch for the NMU
 - make the patch available to the maintainer (via direct mail or bts)
 
 If you upload the package to DELAYED, it is enough to respect the spirit
 of the NMUs guidelines (which are in developers-reference).
 
 BTW, the developers-reference evolved quite a bit since the good old
 days, and the DELAYED stuff is mentionned in the NMU guidelines...
 please read it again.
 
 http://www.debian.org/doc/manuals/developers-reference/index.en.html

Please also read section 5.2.3. The exceptions everyone is talking
about are documented there as well, and that's during the release
cycle. As for _unstable_:
 Bug fixes to unstable by non-maintainers are also acceptable, but only
 as a last resort or with permission.  The following protocol should be
 respected to do an NMU:

And the rules following it make sense, and should really be
followed.

DELAYED is fine. Not submitting a bug is not fine.

  I've been hit with an
  irresponsible maintainer performing an NMU without submitting a
  bug at all, even if it was 5 minutes before he uploaded.
 
 This is ridiculous. An NMU is not a punishment for bad maintainers,
 it's an offer of help to help you catch up in your Debian work.
 
 No one should be offended by an NMU.

I am offended with how the NMU was done. I've had one other NMU done
before and it was done right; however, it also broke the package in
question. I don't think I bitched that it was done though.

  especially since we have little control over which keys can
  successfully upload any given package.
 
 You want respect for yourself, you don't want to be treated like
 an irresponsible maintainer, but you show absolutely no respect to
 people who are doing NMUs to help you.
 
 Think about it, people doing NMUs are other Debian developers like you 
 who take their free time to help you, and look how you thank them.
 
 Even if he made a mistake, it's not a big one, the upload was to
 DELAYED, the package has not yet been installed, you have a chance
 to dump the NMU by uploading your own fix.

I just want him to follow the guidelines.

I think he would have been within the guidelines by something as
incredibly simple as a BTS entry. How fucking hard is that?

-- 
Elie Rosenblum That is not dead which can eternal lie,
http://www.cosanostra.net   And with strange aeons even death may die.
Admin / Mercenary / System Programmer - _The Necronomicon_

Re: [PHP] Standard placement of PHP libraries?

[Ian Zimmerman]

Matthew I would like to propose /usr/share/php4 as the place for all
Matthew scripts intended to run under php4 (whatever subversion) and
Matthew intended for inclusion in other PHP scripts.  

I agree, but let's not forget about php3.

-- 
Ian Zimmerman, Oakland, California, U.S.A.
GPG: 433BA087  9C0F 194F 203A 63F7 B1B8  6E5A 8CA3 27DB 433B A087
EngSoc adopts market economy: cheap is wasteful, efficient is expensive.

Re: [PHP] Standard placement of PHP libraries?

[Steve Langasek]

On Mon, Sep 02, 2002 at 07:05:40PM +1000, Matthew Palmer wrote:
 I guess this is probably going to turn into a mini-policy discussion, and I
 hope so, because I think we need some level of standardisation.

 There are several PHP extension libraries packaged for Debian; I guess the
 most famous is probably pear, but I maintain one (phtml, used by some other
 packages I maintain) and I know there are a couple of others out there, too.
 By these libraries I'm not talking about binary modules, I'm talking about
 extension libraries written in PHP and available by include('whatever'). 
 It's the 'whatever' that I'm mostly interested in discussing for now.

 PEAR uses /usr/share/pear, and has an entry in include_path for it.  Hence,
 to use any PEAR-shipped function, simply refer to the file by name, relative
 to that directory.  Nice, very simple, I highly approve.  Since PEAR holds a
 special status, perhaps that should change.

 But what about every other PHP extension library out there?  libphp-adodb,
 for instance, uses /usr/lib/adodb - in violation of the FHS, I believe,
 since PHP scripts shouldn't be architecture specific.  But that's not really
 the issue here - the point is, where *should* PHP includes go?

Adam Conrad and I have begun hammering out a PHP mini-policy (not yet
ready for public consumption) that calls for all PHP classes to be
shipped in /usr/share/php.  Yes, PEAR obviously violates this at present
-- so transitioning to the new scheme will require shipping a default
include path that looks in both /usr/share/php and /usr/share/pear.

In discussing this, we concluded that most PHP classes currently use
their own directories as a means of eliminating namespace collisions;
however, this is clearly inappropriate, as it pushes the burden of
resolving collisions on the user, rather than on the maintainer.  PHP's
handling of classes should be the same as that of other scripting
languages, such as perl and python.

 I would like to propose /usr/share/php4 as the place for all scripts
 intended to run under php4 (whatever subversion) and intended for inclusion
 in other PHP scripts.  All packages would install their inclusion hierarchy
 under /usr/share/php4/package name, and scripts which wanted to use their
 functionality would include('package name/include.php').  Naming of
 include files, including their extension, would be left to the discretion of
 individual maintainers.

We had ruled out /usr/share/php4, on the grounds that many, if not most,
PHP classes are not specific to php4; some will work with php3, and many
should be forward-compatible with php5.

As far as using /usr/share/php4/package name, I'm not aware of any such
requirement for other scripting languages.  I think it's reasonable to
allow PHP packages to install their classes in the manner which is most
convenient, and let package conflict resolution take care of the rest. 
PEAR already provides us a structure for the namespace, which we ought to
take advantage of.

Steve Langasek
postmodern programmer


pgpO8d4Z534BQ.pgp
Description: PGP signature

Re: RFC: Handling of certificates in Debian

[Stephen Frost]

* Henrique de Moraes Holschuh ([EMAIL PROTECTED]) wrote:
 On Sat, 31 Aug 2002, Brian May wrote:
  (note that I really like this realiance on checking the hostname, for
  instance it doesn't work properly with virtual name domains under https,
  but it somehow seems to have become the defacto default, and we seem to
  be stuck with it for now).
 
 It can, if the [EMAIL PROTECTED]@#$ browsers implement the altName extension.

Uh, except that on the server side if you're going to have different
certs for different virtual servers then unless they each have their own
IP there's no way for apache to know which cert to use because the SSL
connection and whatnot is set up prior to the HTTP headers being sent.
That's my understanding anyway.

Stephen


pgpKRbTKYiJPJ.pgp
Description: PGP signature