Re: Legal possibility of more open package reviews.

[Wouter Verhelst]

Hi Charles,

On 10-04-13 00:56, Charles Plessy wrote:
> Le Tue, Apr 09, 2013 at 05:54:14PM +0200, Bernd Zeimetz a écrit :
>>
>>> Suggestion #3: have a system where any other DD can review
>>> a package in the NEW queue, not only the FTP masters or the
>>> FTP assistants.
>>
>> That would include publishing the contents of the NEW queue,
>> at least to all Debian Developers - so we might violate
>> licenses already.
> 
> I have not read any convincing argument in favor of our current practice, not
> to mention that most arguments are guesses on the reasons of the persons in
> charge rather than a clear statement from the persons in charge themselves.
> 
> We do not have much measures in place to ensure that our archive does not
> contain packages that start to violate licenses after their first upload.  In
> parallel, we have a lot of download points that are not subjected to copyright
> and license review.  I do not see a reason why the NEW queue must be more
> perfect than both our archive and the rest of the non-aptable files we
> distribute.

It is a mistake to believe that NEW queue handling only exists for the
benefit of license compliance checking. Yes, that is a big part of it,
but AIUI, the ftp-masters need to do a lot more than that for packages
in NEW.

-- 
Copyshops should do vouchers. So that next time some bureaucracy
requires you to mail a form in triplicate, you can mail it just once,
add a voucher, and save on postage.


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/51650ec7.5050...@debian.org

Re: NEW processing during freezes (Was: R 3.0.0 and required rebuilds of all reverse Depends: of R)

[Luca Falavigna]

2013/4/9 Thomas Goirand :
> If I upload new packages A and B, that A depends and B, and
> that A gets approved, but B doesn't, then we end up with
> package A being in Debian, but never installable.

That is unlikely to happen: dak has a colour scheme to identify
missing packages. It's also nice to identify packages who belong in
main, contrib, and non-free, just to avoid component mismatches.

> Now, if what you are suggesting that I should wait for B
> to be approved before uploading A, I think you aren't
> being realistic when the NEW queue has a 3 months
> waiting time. This might work with small projects, but
> if you have to maintain a complex set of packages, with
> lots of dependencies, it just doesn't work. Been there,
> tried that ...

Uploading packages in NEW which depend on other packages in NEW is
fine, as explained above. Dependencies will be reviewed first, and
when accepted, the other packages will be processed as well. The major
difficulty happens when the dependency chain is very complex (e.g. A
-> B -> C -> D -> E -> A), in that case it would help if maintainers
suggested the order in which to review packages.


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/cadk7b0of088feo66cypo-8crkrrsyd5bma49oe-twf8tx71...@mail.gmail.com

Re: Legal possibility of more open package reviews.

[Joachim Breitner]

Hi,

Am Dienstag, den 09.04.2013, 17:54 +0200 schrieb Bernd Zeimetz:
> > Suggestion #3: have a system where any other DD can review
> > a package in the NEW queue, not only the FTP masters or the
> > FTP assistants.
> 
> That would include publishing the contents of the NEW queue,
> at least to all Debian Developers - so we might violate
> licenses already.

I have long stopped buying this argument, with things like
alioth.debian.org, people.debian.org and mentors.debian.net¹ full of
software without license review.

Greetings,
Joachim

¹ ok, it’s .net... but still.


-- 
Joachim "nomeata" Breitner
Debian Developer
  nome...@debian.org | ICQ# 74513189 | GPG-Keyid: 4743206C
  JID: nome...@joachim-breitner.de | http://people.debian.org/~nomeata



signature.asc
Description: This is a digitally signed message part

Re: NEW processing during freezes (Was: R 3.0.0 and required rebuilds of all reverse Depends: of R)

[Jonathan Dowland]

On Wed, Apr 10, 2013 at 02:52:20AM +0800, Thomas Goirand wrote:
> If I upload new packages A and B, that A depends and B, and
> that A gets approved, but B doesn't, then we end up with
> package A being in Debian, but never installable.

Has this ever happened? I believe the FTP masters do look at dependencies
of packages in NEW to prevent this situation.


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20130410084319.GA3103@debian

Re: Git packaging workflow discussion on planet.d.o

[Jonathan Dowland]

On Wed, Apr 10, 2013 at 09:11:05AM +1000, Craig Small wrote:
> That was the part I didn't understand.  What are people doing to solve
> this generated files at release problem?   I've solved this as upstream
> and a Debian developer by having tarballs.

Run the 'dist' stages as part of the 'build' target in debian/rules.


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20130410084446.GB3103@debian

Re: Git packaging workflow discussion on planet.d.o

[Roger Leigh]

On Wed, Apr 10, 2013 at 09:11:05AM +1000, Craig Small wrote:
> On Thu, Apr 04, 2013 at 02:25:30PM +, Jeremy Stanley wrote:
> > makes a lot of sense. If your packaging workflow does not rely on
> > importing the contents of release tarballs, then for projects like
> > this you miss some content unless you re-run the same release
> > scripts post-facto.
> That was the part I didn't understand.  What are people doing to solve
> this generated files at release problem?   I've solved this as upstream
> and a Debian developer by having tarballs.

Run the dist target and inject the distdir back into git onto a
distribution branch instead of packing it up into a tarball.

http://anonscm.debian.org/gitweb/?p=buildd-tools/schroot.git;a=blob;f=scripts/git-dist.mk

http://anonscm.debian.org/gitweb/?p=buildd-tools/schroot-dist.git;a=summary

Now your entire release and distribution process is entirely
contained within git, with zero intermediary tarballs.  If you
want a tarball, you can just "git archive" a signed distribution
tag (or release tag if you don't want the extra generated bits).
The best bit is that the distributed releases are fully connected
to the git history in the main git repo.  So a downstream user/
distributor can easily backport stuff and push changes upstream
etc.

You could run the "dist" target as part of the package build, but
that's not always possible or desirable.  This makes sure that
every bit of "extra" generated code is part of the git history.


Regards,
Roger

-- 
  .''`.  Roger Leigh
 : :' :  Debian GNU/Linuxhttp://people.debian.org/~rleigh/
 `. `'   schroot and sbuild  http://alioth.debian.org/projects/buildd-tools
   `-GPG Public Key  F33D 281D 470A B443 6756 147C 07B3 C8BC 4083 E800


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20130410090014.gy23...@codelibre.net

Re: Legal possibility of more open package reviews.

[Nicolas Dandrimont]

* Joachim Breitner  [2013-04-10 10:13:25 +0200]:

> Hi,
> 
> Am Dienstag, den 09.04.2013, 17:54 +0200 schrieb Bernd Zeimetz:
> > > Suggestion #3: have a system where any other DD can review
> > > a package in the NEW queue, not only the FTP masters or the
> > > FTP assistants.
> > 
> > That would include publishing the contents of the NEW queue,
> > at least to all Debian Developers - so we might violate
> > licenses already.
> 
> I have long stopped buying this argument, with things like
> alioth.debian.org, people.debian.org and mentors.debian.net¹ full of
> software without license review.
> 
> ¹ ok, it’s .net... but still.



For mentors.debian.net, there are two main blockers for a .org transition:
 - Seeking an answer to this redistribution without verification problem
 - Making the codebase acceptable for DSA administration

The first point has been handled by zack, and we have on hand a legal document,
vetted by SFLC lawyers, that makes the mentors platform a "DMCA safe harbor".

Basically, everyone is still allowed to upload packages, and those packages are
distributed directly, the admins need to leave the copyright owners a way to
claim that a package infringes on their copyright and act swiftly to hide such
packages, pending a possible counterclaim from the uploader.

We need to publish that policy, and then we should be compliant with DMCA safe
harbor policies.

For the second point... well... we're working on it, albeit slowly. People are
welcome to join :)


Cheers,
-- 
Nicolas Dandrimont

"I once witnessed a long-winded, month-long flamewar over the use of
mice vs. trackballs...It was very silly."
(By Matt Welsh)


signature.asc
Description: Digital signature

Re: Legal possibility of more open package reviews.

[Thomas Goirand]

On 04/10/2013 05:36 PM, Nicolas Dandrimont wrote:
> The first point has been handled by zack, and we have on hand a legal 
> document,
> vetted by SFLC lawyers, that makes the mentors platform a "DMCA safe harbor".
Does it mean that it is mandatory that mentors is hosted in USA?

Thomas


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/516548d1.2030...@goirand.fr

Re: Legal possibility of more open package reviews.

[Jonathan Dowland]

On Wed, Apr 10, 2013 at 07:11:13PM +0800, Thomas Goirand wrote:
> On 04/10/2013 05:36 PM, Nicolas Dandrimont wrote:
> > The first point has been handled by zack, and we have on hand a legal 
> > document,
> > vetted by SFLC lawyers, that makes the mentors platform a "DMCA safe 
> > harbor".
> 
> Does it mean that it is mandatory that mentors is hosted in USA?

I thought to ask the opposite: could this work be avoided simply by hosting 
m.d.o
in a country which does not honour the DMCA? Assuming we have some DSA assets in
such countries. But I presume the mentors admins and/or DSA have thought of 
that…


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20130410125235.GA31605@debian

Re: Bug#704686: ITP: ruby-arr-pm -- RPM reader and writer Ruby library

[Jonathan Dowland]

On Tue, Apr 09, 2013 at 05:33:20PM +0200, Laurent Bigonville wrote:
> This ruby gem is needed by FPM (see my ITP[0]).

Hi Laurent, thanks for the clarification — to ask a related question.
What's the worth of FPM on Debian? Especially given the issues that
Wouter has raised in the bug¹


¹ http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=22;bug=688896


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20130410130403.GA4158@debian

Re: Legal possibility of more open package reviews.

[Tollef Fog Heen]

]] Jonathan Dowland 

> On Wed, Apr 10, 2013 at 07:11:13PM +0800, Thomas Goirand wrote:
> > On 04/10/2013 05:36 PM, Nicolas Dandrimont wrote:
> > > The first point has been handled by zack, and we have on hand a legal 
> > > document,
> > > vetted by SFLC lawyers, that makes the mentors platform a "DMCA safe 
> > > harbor".
> > 
> > Does it mean that it is mandatory that mentors is hosted in USA?
> 
> I thought to ask the opposite: could this work be avoided simply by hosting 
> m.d.o
> in a country which does not honour the DMCA?

It would mean possible interesting legal challenges for people uploading
crypto software from the US, since there would have been an export with
no corresponding BXA declaration.  IANAL, but my understanding is that
it could land the person doing the export in quite a bit of trouble.

> Assuming we have some DSA assets in such countries. But I presume the
> mentors admins and/or DSA have thought of that…

We have machines outside the US, yes, the biggest ones are/will be in
.ca, .de, .uk and .gr.

-- 
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are


--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/m2vc7u34qp@rahvafeir.err.no

Bug#705128: ITP: libcofoja-java -- Java framework with annotation processing to provide runtime checkings

[Olivier Sallou]

Package: wnpp
Severity: wishlist
Owner: Olivier Sallou 

* Package name: libcofoja-java
  Version : 1.0~r139
  Upstream Author : Google Inc
* URL : https://code.google.com/p/cofoja/
* License : LGPL
  Programming Lang: Java
  Description : Java framework with annotation processing to provide 
runtime checkings

Contracts for Java is a contract programming framework for Java, which
uses annotation processing and bytecode instrumentation to provide
run-time checking.

Developments are stalled for a while (2011) but cofoja is used by several other 
tools needing it to be packaged.


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/20130410132517.15351.46599.report...@debiansid.irisa.fr

Re: Legal possibility of more open package reviews.

[Stefano Zacchiroli]

On Wed, Apr 10, 2013 at 07:11:13PM +0800, Thomas Goirand wrote:
> On 04/10/2013 05:36 PM, Nicolas Dandrimont wrote:
> > The first point has been handled by zack, and we have on hand a legal 
> > document,
> > vetted by SFLC lawyers, that makes the mentors platform a "DMCA safe 
> > harbor".
>
> Does it mean that it is mandatory that mentors is hosted in USA?

Of course not. It means that if we decide to host in the US, where DMCA
is in effect, then we have the needed legal advice to go forward there.
Hosting it elsewhere means learning about similar legal challenges that
exist in the country of choice [1] and possibly seeking similar advice
*if* there are DMCA-like worries.

FWIW, as a project we have very good access to high quality, pro bono,
US lawyers at SFLC, but nothing equivalent (all factors considered) for
other countries.

Cheers.

[1] unfortunately, DMCA is not the only "bad" draconian law that exists
around the world, many other countries have similar laws
-- 
Stefano Zacchiroli  . . . . . . .  z...@upsilon.cc . . . . o . . . o . o
Maître de conférences . . . . . http://upsilon.cc/zack . . . o . . . o o
Debian Project Leader . . . . . . @zack on identi.ca . . o o o . . . o .
« the first rule of tautology club is the first rule of tautology club »


signature.asc
Description: Digital signature

Re: Legal possibility of more open package reviews.

[Charles Plessy]

Le Wed, Apr 10, 2013 at 11:36:03AM +0200, Nicolas Dandrimont a écrit :
> 
> For mentors.debian.net, there are two main blockers for a .org transition:
>  - Seeking an answer to this redistribution without verification problem
>  - Making the codebase acceptable for DSA administration
> 
> The first point has been handled by zack, and we have on hand a legal 
> document,
> vetted by SFLC lawyers, that makes the mentors platform a "DMCA safe harbor".
> 
> Basically, everyone is still allowed to upload packages, and those packages 
> are
> distributed directly, the admins need to leave the copyright owners a way to
> claim that a package infringes on their copyright and act swiftly to hide such
> packages, pending a possible counterclaim from the uploader.
> 
> We need to publish that policy, and then we should be compliant with DMCA safe
> harbor policies.

Hi,

I do not understand the following:

  - If mentors.debian.org needs to follow the DMCA, why would
mentors.debian.net be exempt of it ?  Also, how do the safer harbor
procedures differ from your current practices ?  Surely, if a copyright 
holder
reports an infringement to supp...@mentors.debian.net, you will remove the
package, isn't it ?

  - If mentors.debian.org can distribute unreviewed packages by becomming a
DMCA safe harbor, wouldn't it be possible for 
ftp-master.debian.org/NEW.html ?

  - Bonus question: since mentors.debian.net seems to be hosted in Germany,
does it mean that developers living in the US should refrain from uploading
crypto to it ?  How do other distributions solve that problem ?

Cheers,

-- 
Charles Plessy
Tsurumi, Kanagawa, Japan


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20130410135139.gh19...@falafel.plessy.net

Re: Bug#704686: ITP: ruby-arr-pm -- RPM reader and writer Ruby library

[Steve McIntyre]

Jon Dowland wrote:
>On Tue, Apr 09, 2013 at 05:33:20PM +0200, Laurent Bigonville wrote:
>> This ruby gem is needed by FPM (see my ITP[0]).
>
>Hi Laurent, thanks for the clarification — to ask a related question.
>What's the worth of FPM on Debian? Especially given the issues that
>Wouter has raised in the bug¹
>
>¹ http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=22;bug=688896

Quite, I'm concerned on that front too. Do we want to encourage or
make it easier for people to use tools that don't care about our
packaging policies?

-- 
Steve McIntyre, Cambridge, UK.st...@einval.com
"It's actually quite entertaining to watch ag129 prop his foot up on
 the desk so he can get a better aim."  [ seen in ucam.chat ]


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/e1upvly-00014z...@mail.einval.com

Re: Legal possibility of more open package reviews.

[Jonathan Dowland]

On Wed, Apr 10, 2013 at 10:51:39PM +0900, Charles Plessy wrote:
>   - If mentors.debian.org needs to follow the DMCA, why would
> mentors.debian.net be exempt of it ?

It's not, but Debian is not hosting mentors, the .net domain is a forwarding 
service
of sorts, so to take on the responsibility for hosting, Debian also needs to 
address
the DMCA issue.


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20130410143907.GA4314@debian

Re: Legal possibility of more open package reviews.

[Ben Hutchings]

On Wed, Apr 10, 2013 at 03:37:39PM +0200, Stefano Zacchiroli wrote:
> On Wed, Apr 10, 2013 at 07:11:13PM +0800, Thomas Goirand wrote:
> > On 04/10/2013 05:36 PM, Nicolas Dandrimont wrote:
> > > The first point has been handled by zack, and we have on hand a legal 
> > > document,
> > > vetted by SFLC lawyers, that makes the mentors platform a "DMCA safe 
> > > harbor".
> >
> > Does it mean that it is mandatory that mentors is hosted in USA?
> 
> Of course not. It means that if we decide to host in the US, where DMCA
> is in effect, then we have the needed legal advice to go forward there.
> Hosting it elsewhere means learning about similar legal challenges that
> exist in the country of choice [1] and possibly seeking similar advice
> *if* there are DMCA-like worries.
> 
> FWIW, as a project we have very good access to high quality, pro bono,
> US lawyers at SFLC, but nothing equivalent (all factors considered) for
> other countries.
> 
> Cheers.
> 
> [1] unfortunately, DMCA is not the only "bad" draconian law that exists
> around the world, many other countries have similar laws

The DMCA 'safe harbor' rules are comparatively *good* for service
providers, though not so much for service users that have enemies.

Ben.

-- 
Ben Hutchings
We get into the habit of living before acquiring the habit of thinking.
  - Albert Camus


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20130410152602.gk2...@decadent.org.uk

Bug#705144: ITP: libcommons-jexl2-java -- Java Expression Language (JEXL) 2.x

[Emmanuel Bourg]

Package: wnpp
Severity: wishlist
Owner: Emmanuel Bourg 

* Package name: libcommons-jexl2-java
  Version : 2.1.1
  Upstream Author : Java Expression Language (JEXL) 2.x
* URL : http://commons.apache.org/jexl
* License : Apache License 2.0
  Programming Lang: Java
  Description : Java Expression Language (JEXL) 2.x

Apache Commons JEXL 2.x is binary incompatible with JEXL 1.x (already packaged 
as libcommons-jexl-java) and needs it's own package.


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20130410154350.4328.97463.reportbug@debiandev

Re: Legal possibility of more open package reviews.

[Peter Samuelson]

[Charles Plessy]
>   - If mentors.debian.org needs to follow the DMCA, why would
> mentors.debian.net be exempt of it ?

It's not exempt, but it's also not Debian's problem.

>   - If mentors.debian.org can distribute unreviewed packages by becomming a
> DMCA safe harbor, wouldn't it be possible for 
> ftp-master.debian.org/NEW.html ?

The difference is that one is open to the public and the other is not.
If a service is open to the public without any control over who can
post content, then basically you have grounds to claim you do not and
cannot reasonably police the content.

>   - Bonus question: since mentors.debian.net seems to be hosted in
> Germany, does it mean that developers living in the US should
> refrain from uploading crypto to it ?  How do other distributions
> solve that problem ?

Correct, it means developers living in the US need to follow US laws.

I suspect other distributions solve the problem by ignoring it, thus
leaving individuals responsible for obeying their local laws.  Which is
a fine principle, but in practice it probably means some individuals
violate US law without really noticing.  (The US government harrassment
of Phil Zimmermann was a long time ago, so I suspect that object lesson
has been mostly lost.)

Peter


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20130410170916.gx4...@p12n.org

Bug#705161: ITP: ruby-rpatricia -- radix tree implementation for IPv4 and IPv6 prefix storage for Ruby

[Apollon Oikonomopoulos]

Package: wnpp
Severity: wishlist
Owner: Apollon Oikonomopoulos 

* Package name: ruby-rpatricia
  Version : 1.0
  Upstream Author : Tatsuya Mori
* URL : http://www.goto.info.waseda.ac.jp/~tatsuya/rpatricia/
* License : BSD
  Programming Lang: Ruby
  Description : radix tree implementation for IPv4 and IPv6 prefix storage 
for Ruby

ruby-rpatricia borrows from Perl's Net::Patricia module, a module for efficient
IPv6 address/prefix lookups. ruby-rpatricia uses radix trees (a.k.a. Patricia
trees), a data structure most commonly used for routing table lookups. It
efficiently stores network prefixes of varying lengths and allows fast lookups
of containing networks.


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20130410180823.ga10...@crowley.csl.mech.ntua.gr

Bug#705169: RFH: iproute2 -- networking and traffic control tools

[Andreas Henriksson]

Package: wnpp
Severity: normal

I request assistance with maintaining the iproute2 package.

Help is welcome in all areas, but following ones would be
extra appreciated:

"Please perform a full source scan and document all licensing information."
As requested by ftp-masters.

Triaging bugs listed at http://bugs.debian.org to find out if
they are still valid, a fix can be found (and submitted upstream!),
or confirmed to be in the kernel (and reassigned).

Following up on new bug reports. Potentially review and forward
patches upstream.


The package description is:
 The iproute2 suite is a collection of utilities for networking and
 traffic control.
 .
 These tools communicate with the Linux kernel via the (rt)netlink
 interface, providing advanced features not available through the
 legacy net-tools commands 'ifconfig' and 'route'.


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/20130410193332.20605.8061.report...@amd64.fatal.se

Re: Bug#705169: RFH: iproute2 -- networking and traffic control tools

[Thomas Preud'homme]

Le mercredi 10 avril 2013 21:33:32, Andreas Henriksson a écrit :
> Package: wnpp
> Severity: normal
> 
> I request assistance with maintaining the iproute2 package.
> 
> Help is welcome in all areas, but following ones would be
> extra appreciated:
> 
> "Please perform a full source scan and document all licensing information."
> As requested by ftp-masters.
> 

I didn't find a bug report mentionning this request. Is there a place
mentionning it where progress to review the licensing could be posted?

I'm willing to help on this point. I might have some time this WE to start
looking at it.

Best regards,

Thomas


signature.asc
Description: This is a digitally signed message part.

Debootstrap progress does not look monotonic

[Игорь Пашев]

Progress, reported by debootstrap does not look monotonic.

Do I miss something?

 .
 254
 255 P: 2243294 76407470
 256
 257 P: 2289076 76407470<< - HERE
 258
 259 I: VALIDATING
 260
 261 IA: aptitude
 262
 263 IF: Validating %s
 264
 265 I: RETRIEVING
 266
 267 IA: aptitude-common
 268
 269 IF: Retrieving %s
 270
 271 P: 113904 76407470<< AND HERE



-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/call-q8wywekx4npfgenfawc0i7ncqy4y9neyq1rcbh-vd+b...@mail.gmail.com

Re: Legal possibility of more open package reviews.

[Charles Plessy]

Le Wed, Apr 10, 2013 at 12:09:16PM -0500, Peter Samuelson a écrit :
> 
> >   - If mentors.debian.org can distribute unreviewed packages by becomming a
> > DMCA safe harbor, wouldn't it be possible for 
> > ftp-master.debian.org/NEW.html ?
> 
> The difference is that one is open to the public and the other is not.
> If a service is open to the public without any control over who can
> post content, then basically you have grounds to claim you do not and
> cannot reasonably police the content.

Is there a legal ground that disqualifies Debian as service provider is the
sense of the DMCA ?  I can not upload to Youtube without authentifcating
myself, how different is it from the impossibility to upload to Debian
without signing my packages ?

Alternatively, if there is no safe harbor for the NEW queue because it is
private to Debian, why its contents can not be open privately to the Debian
developers ? 

> >   - Bonus question: since mentors.debian.net seems to be hosted in
> > Germany, does it mean that developers living in the US should
> > refrain from uploading crypto to it ?  How do other distributions
> > solve that problem ?
> 
> Correct, it means developers living in the US need to follow US laws.
> 
> I suspect other distributions solve the problem by ignoring it, thus
> leaving individuals responsible for obeying their local laws.  Which is
> a fine principle, but in practice it probably means some individuals
> violate US law without really noticing.  (The US government harrassment
> of Phil Zimmermann was a long time ago, so I suspect that object lesson
> has been mostly lost.)

I am still puzzled: if we host a service in the US, this helps the US
developers, but this still leaves the other developers living in other
countries under the threat of export restrictions from their local law.  Does
that mean that we chose US because it minimises the total number of developers
who have to care about export restrictions, or does that mean that in the end,
if only considering cryptograhpy, the servers could be hosted in other
countries, because anyway there will always be a majority of developers
who need to cross a border ?

Alternatively, doesn't the fact that we seem to be the only ones to
self-inflict so many procedures suggest that we are the ones overinterpreting
or misinterpreting the laws ?

Cheers

-- 
Charles Plessy
Tsurumi, Kanagawa, Japan


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20130410230500.ga7...@falafel.plessy.net

Re: Debootstrap progress does not look monotonic

[Paul Wise]

On Thu, Apr 11, 2013 at 6:17 AM, Игорь Пашев wrote:

> Progress, reported by debootstrap does not look monotonic.
>
> Do I miss something?

The debian-boot list might be a better place to discuss this.

-- 
bye,
pabs

http://wiki.debian.org/PaulWise


--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/CAKTje6Fg2-hTWtAy+MSwFiDNX10QO8XqCVtL84BXJdU=w_6...@mail.gmail.com

Crypto export (was: Legal possibility of more open package reviews.)

[Nikolaus Rath]

Charles Plessy  writes:
> Le Wed, Apr 10, 2013 at 11:36:03AM +0200, Nicolas Dandrimont a écrit :
>   - Bonus question: since mentors.debian.net seems to be hosted in Germany,
> does it mean that developers living in the US should refrain from 
> uploading
> crypto to it ?  How do other distributions solve that problem ?

More interesting (in my opinion): if US developers can safely upload
crypto packages to US hosted debian servers, but Debian then makes these
packages available to everyone in the world for download, why isn't this
export of cryptographic packages a problem for Debian?

Best,

   -Nikolaus

-- 
 »Time flies like an arrow, fruit flies like a Banana.«

  PGP fingerprint: 5B93 61F8 4EA2 E279 ABF6  02CF A9AD B7F8 AE4E 425C


--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/87a9p51xw9.fsf...@vostro.rath.org

Re: Crypto export

[Russ Allbery]

Nikolaus Rath  writes:

> More interesting (in my opinion): if US developers can safely upload
> crypto packages to US hosted debian servers, but Debian then makes these
> packages available to everyone in the world for download, why isn't this
> export of cryptographic packages a problem for Debian?

Because Debian registers that export with the US government and used to
inform the government of every package until the government asked us to
stop.

US developers would otherwise have to do the same thing to export
software with cryptographic code, at least in theory, to satisfy the law.

-- 
Russ Allbery (r...@debian.org)   


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/87a9p54plj@windlord.stanford.edu

Bug#705193: ITP: fatrace -- report system wide file access events

[Martin Pitt]

Package: wnpp
Severity: wishlist
Owner: Martin Pitt 

* Package name: fatrace
  Version : 0.4
  Upstream Author : Martin Pitt 
* URL : https://launchpad.net/fatrace
* License : GPL 3+
  Programming Lang: C
  Description : report system wide file access events

fatrace (File Access Trace) reports file access events from all
running processes. Its main  purpose  is to find processes which keep
waking up the disk unnecessarily and thus prevent some power saving.

Please see this blog post for the justification and how to use it:
http://www.piware.de/2012/02/fatrace-report-system-wide-file-access-events/

It has been in Ubuntu for a while, but I got a request to put it into
Debian as well. It's a tiny little tool which doesn't require much
maintenance, it's by and large done for its main purpose.

Martin
-- 
Martin Pitt| http://www.piware.de
Ubuntu Developer (www.ubuntu.com)  | Debian Developer  (www.debian.org)


signature.asc
Description: Digital signature

Re: Crypto export

[Joerg Jaspert]

On 13178 March 1977, Nikolaus Rath wrote:
> Charles Plessy  writes:
>> Le Wed, Apr 10, 2013 at 11:36:03AM +0200, Nicolas Dandrimont a écrit :
>>   - Bonus question: since mentors.debian.net seems to be hosted in Germany,
>> does it mean that developers living in the US should refrain from 
>> uploading
>> crypto to it ?  How do other distributions solve that problem ?
> More interesting (in my opinion): if US developers can safely upload
> crypto packages to US hosted debian servers, but Debian then makes these
> packages available to everyone in the world for download, why isn't this
> export of cryptographic packages a problem for Debian?

https://ftp-master.debian.org/crypto-in-main/

Plus one mail for *every* NEW accepted package. Each and every time.
Send to them.[1] See the dak git repo for the bxa stuff.


[1] Nowadays only stored in a mailbox from us, at request from them, but
available if requested.

-- 
bye, Joerg
Mr. Scorpio says productivity is up 2%, and it's all because of
my motivational techniques -- like donuts and the possibility of more
donuts to come.


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/8738uxmvjv@gkar.ganneff.de