date:20240331

Accepted traitlets 5.14.2-1 (source) into unstable

2024-03-31 Thread Debian FTP Masters

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Mon, 01 Apr 2024 06:15:59 +0100
Source: traitlets
Architecture: source
Version: 5.14.2-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Python Team 
Changed-By: Julian Gilbey 
Changes:
 traitlets (5.14.2-1) unstable; urgency=medium
 .
   * Team upload
   * New upstream version; refresh patches
   * Update d/copyright
   * Update build dependencies
   * Add autopkgtest, but skip tests/test_typing.py until
 python3-pytest-mypy-testing is in Debian
   * Move HTML documentation to /usr/share/python3-traitlets and slightly
 simplify build process
Checksums-Sha1:
 4ed89ae902cb51645a88335dbb0b1638339090c1 2588 traitlets_5.14.2-1.dsc
 a0ebd37e4640d2945a42ff413f301564f53f0785 162109 traitlets_5.14.2.orig.tar.gz
 cc10caab292a889be1e1329b7a28087a8e6d7f94 5320 traitlets_5.14.2-1.debian.tar.xz
 1c5391da68eaaa98c88fb97e66bc8e97ca21aae6 9285 
traitlets_5.14.2-1_amd64.buildinfo
Checksums-Sha256:
 b5c348b35d4ebded7c5d89babaf8da363c941c20171d3707cb6012db9175f39b 2588 
traitlets_5.14.2-1.dsc
 0883d55e14ded121e360e0a1ea2034946946a49ca8ce707f9f82b802e1b59368 162109 
traitlets_5.14.2.orig.tar.gz
 e019a00bfc08ef25c114f1a9ec776ab065768ca3c4d3647bc06d7ad34217f7f0 5320 
traitlets_5.14.2-1.debian.tar.xz
 263928ca75817f01c5f6ab344767002ff5dc4bf0abf208993c40934c5a4c545c 9285 
traitlets_5.14.2-1_amd64.buildinfo
Files:
 5a3e0c5cf3717a4c9a583607b40ee70c 2588 python optional traitlets_5.14.2-1.dsc
 b359664e5f0cdc8a6d0f2bc2a4997fe9 162109 python optional 
traitlets_5.14.2.orig.tar.gz
 3e04853912d0043e99fc2509581e7709 5320 python optional 
traitlets_5.14.2-1.debian.tar.xz
 d50fd0b2c75f49d3b55d4f3e564c46c8 9285 python optional 
traitlets_5.14.2-1_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQJDBAEBCAAtFiEEfhrD+iemSShMMj72aVxCkxbAe/4FAmYKQ7YPHGpkZ0BkZWJp
YW4ub3JnAAoJEGlcQpMWwHv+UBsP/ir5XuklB+aaKcvZgm+G5Erfl76F/5GrmZ20
7IlkQ3PbZ+XvUv/ClkybvuI0UyrlFFhMy93XL4Sulq2ZZgn3ImcgPnE+ysW4Af1P
s2xlgOoqbxH7kKDddjGx8lbEiEvPMeLNuwNWVxOaPNPPPjwSne1xU1jyFkxgGSTO
F6e+3fDccu01XCx0/6SaOmjXMqGRY3wXI/lBTluuP7F/hMKdNAruQZKk09867qzA
MwCBKhA7pDgS0lA4dvG3aIZmp3BlNyZXGiDsbgGfLDr7UC8XcRSpi5sMjpA9DgHd
iYNsdq2d096/VjJsnjwjuAniDEzOqEmbUdsg1E/o1RG5onC9dezDymEP1poks0nX
qoThByOQB6IqUowi5vvyYN+hhKydAMLCcjgs16MqFXs7+iE4tZXniePLKBieD0Kd
j8K1tYpFOvWzKENVibchGqSDSNtTtGhWMngHevXVINGwTel9clZVst6DPmqr56ZF
h5B04DcgBe4LGbhURWr/XqFP83uQAna/EzI69APoRVtns2IOrdw6CaW4Ud2eodeq
bxd6W5TZ2yQYZMtI/GRzP3Ox9pIsiscIpWmWQkhDQppC53Of6ttne0bP8W094nwE
CtUPfs+9fBbaUjDjxTC5/kHpPTzaPvDI42bKEVCoxt3ynd9Zd/ihb4GjQt+nzcmK
4pdu5nxf
=nXHn
-END PGP SIGNATURE-



pgpLc4wJwpdWD.pgp
Description: PGP signature

Accepted orderless 1.1-1 (source) into unstable

2024-03-31 Thread Debian FTP Masters

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Mon, 01 Apr 2024 07:04:44 +0200
Source: orderless
Architecture: source
Version: 1.1-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Emacsen team 
Changed-By: Aymeric Agon-Rambosson 
Changes:
 orderless (1.1-1) unstable; urgency=medium
 .
   * New upstream release.
   * Refresh patches.
   * Bump copyright years.
   * Bump Standards-Version to 4.6.2 (no changes required).
Checksums-Sha1:
 b363e2e9fef4dfb504cf0b37c4189f0eea5f8bb3 2101 orderless_1.1-1.dsc
 949725b69d3a6682db4dbe1e12fe004b668b356c 28920 orderless_1.1.orig.tar.xz
 fbff84c8f8637e228ba4afe0a10b9417e12c18b3 4384 orderless_1.1-1.debian.tar.xz
Checksums-Sha256:
 5df36d6503ccc1476cf4d5307a9ab653377e29ebb398fdbf8213817fa2a5b1a4 2101 
orderless_1.1-1.dsc
 89c864d2c692fac8a8bd733c92ee6e440ef763f85fd93785d43b48abd88d2a74 28920 
orderless_1.1.orig.tar.xz
 8a37b7c317f191a713a0e01175056fab9a079ebf67ca2c088069fc8a215184bc 4384 
orderless_1.1-1.debian.tar.xz
Files:
 3dca0d85e1f193e06f4ecf70220021e7 2101 editors optional orderless_1.1-1.dsc
 7c94c8de614ed2093cde9cb27430cb62 28920 editors optional 
orderless_1.1.orig.tar.xz
 bb5adc50fb481713000a193b97658354 4384 editors optional 
orderless_1.1-1.debian.tar.xz

-BEGIN PGP SIGNATURE-

iQJMBAEBCgA2FiEEn7AKhFUciKVyzk7dN19hUwLeWCgFAmYKQQgYHGF5bWVyaWMu
YWdvbkB5YW5kZXguY29tAAoJEDdfYVMC3lgoXTMP+wVMAYOvO3M9aJAZsRv6pHrj
d/rTWezSOdQFQr1aShYO46YA2bWki3TTv6d8uyZKk3jVFVu5TrZzR9oKcAQizNpd
ROWLOJ2y8Jw7qnOw8mh/vB17Mzcs8QBAPWAMXWifypI6Usq9rGd6tyqBX3J6TMR+
wzd7vDqtZaxwbgO/8TrYTj3xZknSatmqEQTZmU5VCr0l0nuvXu7XaKhx+/ckyNNN
UEzrZo/FerG0Ob8EYtlbUqv4gI6OqmyUFS12IFPxhDosab4NaZuRQgTEFIByFu0Q
7ELp5fO0ZgClTc0iBfc7zqTfytQ6io4ltlrkmRNDy6tp87cTREYM7FL++y34t3V5
puXen+7kJXQ7ReSXFp8XZX7llg4LKc9GifitrKkN0djJPHidQQksyU+Lvh0NNjEM
7hUEj8r0aTb2CsZXLoFRTrjySgueNBhQBHJ89CZB+jtzFF2gI/gH/BsFyYbyDLCz
uZ1WGfpQk38ZO6xB/47+d67kNOYU6hXjpdgXPFa69l1+FrJHYEbbNB0R7XwM/NvW
lxfkXGwDa1Tt7q5BQiBsJ+SO2aQTcrdShx+9F0EEVO2p+4j4gouvceeGuT+HjoLe
+x51EGoQyoJKJGgQ6g2EjQFmrEp6A/zm4JKhgUGe/XmZv6uAp1Wo81zB5haGYy68
HuOxtMPXQb/DqmwgXDBy
=sJ3k
-END PGP SIGNATURE-



pgpk7EHc7UQ4U.pgp
Description: PGP signature

Accepted marginalia 1.5-1 (source) into unstable

2024-03-31 Thread Debian FTP Masters

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Mon, 01 Apr 2024 06:53:23 +0200
Source: marginalia
Architecture: source
Version: 1.5-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Emacsen team 
Changed-By: Aymeric Agon-Rambosson 
Changes:
 marginalia (1.5-1) unstable; urgency=medium
 .
   * New upstream release.
Checksums-Sha1:
 94432e9f41ffceed3fbece8e703c95c10f44c0d5 2111 marginalia_1.5-1.dsc
 bb1a07f51c25d244a77259f20caadb446db8dc24 28468 marginalia_1.5.orig.tar.xz
 fa9407ce637bf272c5cbe7b0802ec529c377a4cc 3812 marginalia_1.5-1.debian.tar.xz
Checksums-Sha256:
 34ffbcf73dcedbb37102221e84c118800ce8c222eb8d88f54fa90ac1e229b01d 2111 
marginalia_1.5-1.dsc
 0ad873a9d2f9bfa27f1fc25753797f75bc765191c5ce02604b3322203f65338e 28468 
marginalia_1.5.orig.tar.xz
 784f8558a2b3f5743e7712fa4835fac5c918f8308dcd631dee7578fa59096810 3812 
marginalia_1.5-1.debian.tar.xz
Files:
 55e8a4a7165b97ed891c52f21d3a766e 2111 editors optional marginalia_1.5-1.dsc
 5e36471ad7eb28a4b6d177977b8598d9 28468 editors optional 
marginalia_1.5.orig.tar.xz
 2fbe99f68ca7ad82ee1c734916ddafdc 3812 editors optional 
marginalia_1.5-1.debian.tar.xz

-BEGIN PGP SIGNATURE-

iQJMBAEBCgA2FiEEn7AKhFUciKVyzk7dN19hUwLeWCgFAmYKPogYHGF5bWVyaWMu
YWdvbkB5YW5kZXguY29tAAoJEDdfYVMC3lgo3eMP/An1+OI/DFNn7VNL5M+enWK5
5co94vvr1UTUopTfwTIskyc2cPjaF7guqBVI27XS+94nqZ2ufTIxSR8WaeeqAxAA
DA7Kj2MT3gm+FtSGTsOCKdSwJu8stZ4V54+7FlIklPlRnZnSwHXTqsPgmMQa3Esb
9bE0aWVSVAlRH21t7wN5PLTbC4HTi1/o1Bp352pBYMjEBpbnez9eU5dMGO2wUxAL
JJVQZOYSwXN2u9tIYgDuIlROXumJtqW5E1wgb1fmuJec0AWEGD1VeKb+tC5JoFsV
dTqBRdd+DyjkA0rcRHhFUnrAePtXk4BWj2LT3cMRUg+xNr/ZGJis+2VH0Vmnpy2Y
xigD8LNxEd20XaNf14KVlWu2TCX/uPNboY9d9yyGMQTIaP9vSWF416l3mXz+a6bA
e4ITPIb9GNbGZM3yds52YN8iPqTH05l+tDZ1tUUDRlCytRN+MjgkL22nmR2SNgsj
BKi+DEapZyDv0dByL2o9nmgkFZunnjV6MoL7WgReIxwDa1043yTRd3Q0yBRskOiD
WkaIpl/8X8zh5qy78ErUrL4LC+/h91bCBaY2NilHillzCuikAgskKGMIR274tNuU
jxZuqEARfgT26mYDFYaknlZUEabVA8sUBsrM7SE8KwPIkVSidcERAXL/o4K52dcj
gWe8ur+fdPJ6xkINv9Oo
=NMFG
-END PGP SIGNATURE-



pgpHgO_ufkIA_.pgp
Description: PGP signature

Accepted embark 1.0-1 (source) into unstable

2024-03-31 Thread Debian FTP Masters

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Mon, 01 Apr 2024 06:46:49 +0200
Source: embark
Architecture: source
Version: 1.0-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Emacsen team 
Changed-By: Aymeric Agon-Rambosson 
Changes:
 embark (1.0-1) unstable; urgency=medium
 .
   * New upstream release.
Checksums-Sha1:
 19daf750c45054367715cf53ec9f229ea921b448 2062 embark_1.0-1.dsc
 13d1e86f426770795849b1380105997454e6f936 83448 embark_1.0.orig.tar.xz
 588947b8fa2fbc0d6c6973d1c0ab31a7a3af08d2 5576 embark_1.0-1.debian.tar.xz
Checksums-Sha256:
 a8227a987090cc41c5ca0d17ff703ccd7e7681fb2458cbfc79c34a4cfaa8ebfe 2062 
embark_1.0-1.dsc
 dc598caaa717d19d727678a3f6c97cb3a45dd2ac4711165b038e77be3e70ad23 83448 
embark_1.0.orig.tar.xz
 23a1c208c00d543609b2879428101a4c98c4ff8b27cd98e612f7247232d8128e 5576 
embark_1.0-1.debian.tar.xz
Files:
 79484b8836818f4b15202e6a3e8cf5b0 2062 editors optional embark_1.0-1.dsc
 184a9fa4d68791d930d666b71745eb55 83448 editors optional embark_1.0.orig.tar.xz
 14b03fa99c0e6aeb3f6420f436b38b8a 5576 editors optional 
embark_1.0-1.debian.tar.xz

-BEGIN PGP SIGNATURE-

iQJMBAEBCgA2FiEEn7AKhFUciKVyzk7dN19hUwLeWCgFAmYKPHUYHGF5bWVyaWMu
YWdvbkB5YW5kZXguY29tAAoJEDdfYVMC3lgoLJkP/iFHs5qOnZzgi6BqYZgdY/Ga
YsYDIPODdHErTDb+VsF3xE8KFpueO09tdtWAmsu4P97Pe4QzjtRbNuWlkMhJRoWe
SJaX10lsfVnDSRLoCnQ/8RRoMJapbIWjNwLnPITSNBWo12Fqr/IWfGgPFRm9dYCU
aCh6TbkcWsjPDSNWDTVQ0WANkC+Eh812KxcWqucIzcbyFjsa4WIjN29sRVkrRWHW
LH6h7JdgCiPbfWe49Swv8mmCPRHDbguNeZYTYlTeVb0MgW7EgUAyK97bFMof1YJC
AGdRD/rc+DYLZis/evG6ISF4ywlF8Phidv/pqO7SjPMwQ9lZq5yaJ+xVOQddpOVK
K2M8fGOx8cjhZXJUBnDsS2gUBbtp1UecJfq0wP1zMwnVi9VcnQZxTVyik2vEtjjg
5dvqwsY1hK1E2/lXjC3WckaEJ3D2CLjr4Revgs4g0HsDWdcl12d+msvfsXOl5SmK
H7hQA6OyaSv1C+lQbw2NHdW5tFATvKzajFc3TU9LNJ0O5R0kmidtiWUR6gbKGZzl
tY1IKiwqestMV1JRG31VxwfrSUcM0NIVSFt1viq9C40MdFDb3BFGD0LLfe+bv4FB
PYoW5FrvLs/g3kHeSKIMv2OSGYLGNgf9h90NH/PzY4+m3nFw5bWhMe+6JECROgt5
oLzjWYpB81tFqcDIddQd
=0WUo
-END PGP SIGNATURE-



pgp4hlzvT57FE.pgp
Description: PGP signature

Accepted libhinoko 1.0.1-3 (source) into unstable

2024-03-31 Thread Debian FTP Masters

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Mon, 01 Apr 2024 09:04:16 +0900
Source: libhinoko
Architecture: source
Version: 1.0.1-3
Distribution: unstable
Urgency: medium
Maintainer: Takashi Sakamoto 
Changed-By: Takashi Sakamoto 
Changes:
 libhinoko (1.0.1-3) unstable; urgency=medium
 .
   * Optimize to gobject-introspection 1.78.1-7 or later.
   * Apply changes for auto-glib2.0 and auto-libhinawa transitions, provided by
 Ubuntu distribution.
Checksums-Sha1:
 ce162adb4ffc5fa5c68b6f7cc664dbe35d88fe1c 2213 libhinoko_1.0.1-3.dsc
 7f0421358b15af885084b9c931bae0321498b1ab 7268 libhinoko_1.0.1-3.debian.tar.xz
 138019ddea4e521e5dbb62075e1c4ed1bb6bdb8f 9261 
libhinoko_1.0.1-3_source.buildinfo
Checksums-Sha256:
 9daa3a4049473521befc05b8d22b4e551f9766fda406a758f23ad47b1b0ea4c3 2213 
libhinoko_1.0.1-3.dsc
 7ec1401dae0d2ff1fe969d98ad2dc09168d9d73559c6cb0b1fedf98b5ccd2fd5 7268 
libhinoko_1.0.1-3.debian.tar.xz
 a3dff7594923877b4c21c3c4d3ac087ff371efdadcb5099bc5e3dfb327599fa7 9261 
libhinoko_1.0.1-3_source.buildinfo
Files:
 ef953730416d9d62cb7caf5fe47c6c59 2213 libs optional libhinoko_1.0.1-3.dsc
 26b48a88019c087d3f750d56a1c59cbd 7268 libs optional 
libhinoko_1.0.1-3.debian.tar.xz
 f84272af6122098036f78b6c1eb8c4d0 9261 libs optional 
libhinoko_1.0.1-3_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEEcZ6y2T2+nE0h+6Bk9/t1xWbtIOMFAmYKNjsACgkQ9/t1xWbt
IOMAwxAAuWPqgIgt8PvS7jaiiQ89SzqLc9pBUKQ7gc6vFEZH3CgDJMpoj2f3Yzz5
63nBP7bCxRhViEwjszSU3QWyk9YmKPvGcCLmbQtaRt7MxjD7W0xXV6Nif50zOmaf
Hz1xvtQV42eHpMJ/rgRfm7wrRufh4vxooGLMY/9Rbtikd6Uxzgso+ugrs37yuZju
/etpmHPB0KG4Gl1Y87TYb6GKpYX69miXwxaSzYGGG60gaxkAPJPhWqCbHodfvmxP
/l5tFRXNqEMRWnb45sT5qwJ/uz/0KFnDV+fBrNf1IaRj55IXStnRMvag7NMkASMO
jiFbgs8NwoA1vSGrzO6wCJasQOMl/dwpiDsRKch60GeT696ElYoyf5D1IUC0ihsK
xXf6RiDrcp4fJDaG96xRubNyNdCXNhoOvbMTP69/QEpR4BHSoWdQGFagg3mbDv40
WapTGr4XxeyUqGT7tkOI2JR9MzaSuBDqnFb7lJt63ik9tavKyAl/6yvuz4L4gKpW
fvf+Y3quS+krvCNgSZetnnCaU6NNsBWK+vsyv1yXSoQ7Lo8QIl79HplGVTJEFBHg
opER3ZCk2GlnGHcQkNikzmA/Bawq2RkbYT2hRFLRGOoMcI+wbLQHvoPD6LbRrnly
eK+WrhD/sKVH1aVIY5gWydWdNyJf38bb8uiOyPomxNGt51dAW0I=
=oxNY
-END PGP SIGNATURE-



pgpMmlENbNRBR.pgp
Description: PGP signature

Accepted keepassxc-browser 1.9.0.3+repack1-1 (source) into unstable

2024-03-31 Thread Debian FTP Masters

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Mon, 01 Apr 2024 06:03:18 +0200
Source: keepassxc-browser
Architecture: source
Version: 1.9.0.3+repack1-1
Distribution: unstable
Urgency: medium
Maintainer: Bruno Kleinert 
Changed-By: Bruno Kleinert 
Changes:
 keepassxc-browser (1.9.0.3+repack1-1) unstable; urgency=medium
 .
   * New upstream release
Checksums-Sha1:
 60e0c0d59bad699e5e38edec103842a9ca27b5e3 2075 
keepassxc-browser_1.9.0.3+repack1-1.dsc
 6c992bc686717723bf85a04e8d93e163d92dfb7c 497264 
keepassxc-browser_1.9.0.3+repack1.orig.tar.xz
 a85d6a3c5602c353efce3ce0fab0aa09b461d860 16352 
keepassxc-browser_1.9.0.3+repack1-1.debian.tar.xz
 510d159c48fd0c632b101f99b5c33904a54d 6246 
keepassxc-browser_1.9.0.3+repack1-1_source.buildinfo
Checksums-Sha256:
 3c7eb76ed62f5c032392cd844667536bfea9edf35cbe45cd49990e6d3441f011 2075 
keepassxc-browser_1.9.0.3+repack1-1.dsc
 61d662b0ca418d9034f9031d1bbefa8af58d52a4361f6e5ea7d6829a6e2ade93 497264 
keepassxc-browser_1.9.0.3+repack1.orig.tar.xz
 19e91d01dd35a3a64df29c63dd8c3cfb406128bc56a27ac06f4426a6f30a86c7 16352 
keepassxc-browser_1.9.0.3+repack1-1.debian.tar.xz
 ec1f7d0ad7de594cc9aef055f13f4292ee6e9bbbaa37fe3246e53c6c4932c9ed 6246 
keepassxc-browser_1.9.0.3+repack1-1_source.buildinfo
Files:
 9b578f19a5148ff0ada1471b62b1d7da 2075 web optional 
keepassxc-browser_1.9.0.3+repack1-1.dsc
 e58f68b59fc32bc7235f82c50dead0f3 497264 web optional 
keepassxc-browser_1.9.0.3+repack1.orig.tar.xz
 4fea3b8b622458be1594d9cbbf0f3634 16352 web optional 
keepassxc-browser_1.9.0.3+repack1-1.debian.tar.xz
 b06efbbfe929ea6ed854baad76a5f221 6246 web optional 
keepassxc-browser_1.9.0.3+repack1-1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEbNBoYg3hPRuThXIzSwBpzPZSeEcFAmYKMvwACgkQSwBpzPZS
eEd1BhAAuiN0s2oFTZazE0elnPHb4Q6GrtRP+NrHEHhnnLDAk5TIUaaTFixm7EQ6
BaW+6scGpkK3cDzKQYIWba2yldqvx9lEmHwmRz2XFxdEgQ2eQQQctxy9WwMoPufS
ArrFl14Myn2kNbbYYfHrHSg9If4q6gXFZhhKqCfxiHXHIFJMv8y+MMeQFYLQnUNQ
wFRPg0SLj0qbaAofBpLG1v1FWPCgmLtbTvjtgN0Z0e10p2W80UoZC9kte8SfVoCQ
tY94MGj7hIOI9e4nDXPTQgAlDmQv378fEuYw442D49RQtWlwrbDolsw9PMNOM5SX
QoGJzprgcAY/xCkmQ6MJzolVibqVf6DLTIfK+ew1pzGJMYYMG+T4X9tJ15BPSLDx
4mqbcsnmTzOdG3haQglVxHjPgys4EIp2Q89QbGkQ8901HMm8pZN+6AOm+pPYxoD3
NlzMqXsu4ZwVKCMqan/9KCzwHEYmarxSC48Uzg3bpuelM46qA6NpHuAunzQF7d+b
CdVfh9M2766ktTNCeMcD85YGXyHHro4wRAuqg0Jaw/Q5JcgRbMJblcugJSGSwsHz
AFzZxv+RoEDtik3lBZZxQBMm3vFvQa2ymRzC3yQamHvz2d27vD7F1nnrzLtvAx02
wgH35o1Kuij1VJQ2c1bbPA1JcOH8TiCLzvFz5/RieGZtddpMKYE=
=LlCm
-END PGP SIGNATURE-



pgpeqmDww3uPn.pgp
Description: PGP signature

Accepted mkgmap 0.0.0+svn4918-1 (source) into unstable

2024-03-31 Thread Debian FTP Masters

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Mon, 01 Apr 2024 06:06:23 +0200
Source: mkgmap
Architecture: source
Version: 0.0.0+svn4918-1
Distribution: unstable
Urgency: medium
Maintainer: Debian GIS Project 
Changed-By: Bas Couwenberg 
Changes:
 mkgmap (0.0.0+svn4918-1) unstable; urgency=medium
 .
   * New upstream SVN snapshot.
Checksums-Sha1:
 db56f8124e56c3feae3c86f78441ab8fdb56b163 2227 mkgmap_0.0.0+svn4918-1.dsc
 1aeb17e8fe02175cd4478285e3e905631c6b13dd 1857407 
mkgmap_0.0.0+svn4918.orig.tar.gz
 5bf220c7295079695d15ab5e779fd1d7fb99433f 8164 
mkgmap_0.0.0+svn4918-1.debian.tar.xz
 bd061c18f52e3dee902c1c31a7f8631bbd00b294 10802 
mkgmap_0.0.0+svn4918-1_amd64.buildinfo
Checksums-Sha256:
 198194ff50044cf387ad6f96b2464542f4a0148d38250cb82348a05f58478579 2227 
mkgmap_0.0.0+svn4918-1.dsc
 e9c4559d4d7827ed845c671563a50e79bb5bee60fe4bf1007e2aa51c3ee0f4f4 1857407 
mkgmap_0.0.0+svn4918.orig.tar.gz
 3479bf6be7cc578e310bb55d8c5759b26f6605ceb9c6b05da9cda3d3fe9d6417 8164 
mkgmap_0.0.0+svn4918-1.debian.tar.xz
 242f1618a53cb7199ba3f0823d6b12a0b87f0d564e5455d9e7eeebfd9c19e982 10802 
mkgmap_0.0.0+svn4918-1_amd64.buildinfo
Files:
 3d8736eac5cc6aa16a26011ffeabf805 2227 utils optional mkgmap_0.0.0+svn4918-1.dsc
 d157a2637da074d23903ca7588cf3097 1857407 utils optional 
mkgmap_0.0.0+svn4918.orig.tar.gz
 49f3a2c7258fe80e798cc0d78e1dbef9 8164 utils optional 
mkgmap_0.0.0+svn4918-1.debian.tar.xz
 7b3402d0ae13b52feaea8eda637f3e7f 10802 utils optional 
mkgmap_0.0.0+svn4918-1_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEgYLeQXBWQI1hRlDRZ1DxCuiNSvEFAmYKM84ACgkQZ1DxCuiN
SvHT0w//TYzr/hEyM1BhKSh5Tu8Dv92Xc1w04dVHXLJvA38Yq5zTg3xmmSyLbLOk
AQ1TRAGMi/hn15b7tI+P1h8KV2Dpp8/8tdx12fxLuYN/G1X5gSJ53ToUHVjOZI01
JJYpOKxMYWzQcomAHk9LrPNaw+dT3znnuDP/UOczXdWIVtCnVkHC7h9iTt6HEDFp
nX7S+O6Xcs/RMgoYdfaewecc4n1yFT/6maJjIv/IB3PQW5u2GRXI/7DPQpXiQYwM
W6JP7+b93Cy81FmcH4C0Fg7BAosdpBXn9e+iACrAwz4JGz3IN4/TKc428ALsBWjg
hYJUwsF8gsC3f8ek8jBRsdl6K4u4qL2inKV1rmlAZoEh0OgVKF+AoUx9VXxvfJsO
1utyGIUk6939xmGqQAh8uZ5HQhW/GAmMDho7mWboGuQVHGXB/O+WC7brGpW2NCie
gj5wEaZHjEYfWEM1s7dwmsJ4ZbaRPERl+A1Qb6Lu/n3shBx5vcMhLQu2lRFritWR
A02a/aQRSENE6QsewiJPmDILSo3LIrfMkEZbeE+FKLnLUVphwLA7cbt6g6TqgOlE
DMcjvmM/CoS+UBG02lrbE6itKMGXE3d2czc+9YE+8RD93h2VQxWFzQ1ODnYgveJA
nmKV7SRFcW0hwL/gRfHop8JsyF9ykM6fH9MBZQE+n9r6vkUjCUY=
=6scL
-END PGP SIGNATURE-



pgpZDdlUU3MtT.pgp
Description: PGP signature

Re: Command /usr/bin/mv wrong message in German

2024-03-31 Thread Russ Allbery

Russell Stuart  writes:

> The reason I'm replying is after one, probably two decades this still
> annoys me:

>$ dpkg -S /etc/profile
>dpkg-query: no path found matching pattern /etc/profile

> It was put their by the Debian install, and I'm unlikely to change it.
> Its fairly important security wise.  It would be nice if "dpkg -S" told
> me base-files.deb installed it.  It would be nice if debsums told me if
> it changed.  There are lots of files like this, such as /etc/environment
> and /etc/hosts.  There are some directories like /etc/apt/trusted.gpg.d/
> which should only have files claimed by some .deb.

Guillem has a plan for addressing this, I believe as part of metadata
tracking, that would allow such files can be registered by their packages
and then tracked by dpkg.

-- 
Russ Allbery (r...@debian.org)

Re: Command /usr/bin/mv wrong message in German

2024-03-31 Thread Russell Stuart


On 1/4/24 10:18, gregor herrmann wrote:

% dpkg -S $(which mv > coreutils: /usr/bin/mv


On bookworm:

$ dpkg -S $(which mv)
dpkg-query: no path found matching pattern /usr/bin/mv

This is caused by the /bin -> /usr/bin shift.

The reason I'm replying is after one, probably two decades this still
annoys me:

   $ dpkg -S /etc/profile
   dpkg-query: no path found matching pattern /etc/profile

It was put their by the Debian install, and I'm unlikely to change it.
Its fairly important security wise.  It would be nice if "dpkg -S" told
me base-files.deb installed it.  It would be nice if debsums told me if
it changed.  There are lots of files like this, such as /etc/environment
and /etc/hosts.  There are some directories like /etc/apt/trusted.gpg.d/
which should only have files claimed by some .deb.

To put it another way, Debian's audit trail of files managed / used by
the distro has never been great.  There was a modest proposal ages ago
(by aj I think) to improve this, but it was rejected.  To me it looks
more important now than it was then, and it was pretty important then.


OpenPGP_0xF5231C62E7843A8C.asc
Description: OpenPGP public key


OpenPGP_signature.asc
Description: OpenPGP digital signature

Accepted libcpan-audit-perl 20240329.002-1 (source) into unstable

2024-03-31 Thread Debian FTP Masters

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Mon, 01 Apr 2024 03:34:31 +0200
Source: libcpan-audit-perl
Architecture: source
Version: 20240329.002-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Perl Group 
Changed-By: gregor herrmann 
Changes:
 libcpan-audit-perl (20240329.002-1) unstable; urgency=medium
 .
   * Import upstream version 20240329.002.
Checksums-Sha1:
 48624b4d73a7042f1b7b8a3339a18d2164e9409c 2820 
libcpan-audit-perl_20240329.002-1.dsc
 3938b55e8a5cf860d8ec16e76d2e59b4417b5371 704634 
libcpan-audit-perl_20240329.002.orig.tar.gz
 15318d44bef7d3df882d0fc60a5e1a5fc3d4d976 6420 
libcpan-audit-perl_20240329.002-1.debian.tar.xz
Checksums-Sha256:
 aeb90694cfa342b0b5a6b3cb13d0840e827b711f6e6c37e88c22a626d577e48f 2820 
libcpan-audit-perl_20240329.002-1.dsc
 15976f9827203de67d76c3ffbecdaf88845317d9df56d04f84d105b4a2263b5b 704634 
libcpan-audit-perl_20240329.002.orig.tar.gz
 2c6ed541de89d3cebba63a1e770abbefae3a134d65b712295a368b5726a92a86 6420 
libcpan-audit-perl_20240329.002-1.debian.tar.xz
Files:
 abf923a44fd0b8dc6dc06701c4d919d3 2820 perl optional 
libcpan-audit-perl_20240329.002-1.dsc
 c43dbb2979d857d59b99c3bb6485b713 704634 perl optional 
libcpan-audit-perl_20240329.002.orig.tar.gz
 6cda5eaa5d228f61bdb3b2075e39ae68 6420 perl optional 
libcpan-audit-perl_20240329.002-1.debian.tar.xz

-BEGIN PGP SIGNATURE-

iQKTBAEBCgB9FiEE0eExbpOnYKgQTYX6uzpoAYZJqgYFAmYKEBZfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEQx
RTEzMTZFOTNBNzYwQTgxMDREODVGQUJCM0E2ODAxODY0OUFBMDYACgkQuzpoAYZJ
qgbiPg/+Pr8ITIEIBkqdWuuh2ABBwlRCONI8TfWUik2DLvLew2msUg8RWAGR8+ig
Z2HHZnZw7mtpCM/SnstX86THuzPKn+CuHI2xULNlfvu0iuiJdF4IwMmqq5ySjCCQ
Iq/siq4CcGehWxSmvehJPDUxJM1yE8FLpDEBScRiUUf+KKqsV+YI7Kmb2mY1EFQH
pgeuWzOe/EYqz9M2GwVJNaiDnh35IPbv1bRBpOQT33yfpzQg2KZ5O3/Is5HoO6hF
PwvPxrMfmObMNbwJp0bDiPXSU31jkEb9aJmYikPki1fB7ApuEFWjAsAQtdkN4prn
cBq/kTc4XJPOBLZNnVui6S0ZWJfTz3L1WhkNLneWGfU9OiwmqF5Tfy5XUpPiOoa0
TVRZWlxePa39REaNbst9quUCP88JqI0fSWh8IGiF9s5ChH5NQ7vZ2cbiRubnrYPP
6afiNrdhPrdKAWrcsn5AXk3bYhRwTQqzL1kB+ZcMjs5HaJWVbvP5bWA9FkyApFO9
1E0ZIiBKunYdUdYZ17NPT9AEo56139897y7DfcrZo99L5OFfsRVj7dNFWPlN0rNf
0+/rIW2dWNLXdPmhW54pPamisVAOb7fyRU1HwaEFWFQSu2JGNw/6puFjJZzEM+5/
VZz/8bveOcdF5RNbXto14NhhN2kj7kIAhs/cEf8kAQrn5tfbjDM=
=aMky
-END PGP SIGNATURE-



pgpVmZHqrL4PH.pgp
Description: PGP signature

Accepted abseil 20230802.1-3 (source) into unstable

2024-03-31 Thread Debian FTP Masters

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 31 Mar 2024 21:05:37 -0400
Source: abseil
Architecture: source
Version: 20230802.1-3
Distribution: unstable
Urgency: medium
Maintainer: Benjamin Barenblat 
Changed-By: Benjamin Barenblat 
Closes: 1059532
Changes:
 abseil (20230802.1-3) unstable; urgency=medium
 .
   * Apply an upstream patch to prevent SIGILLs on RISC-V. (Closes:
 #1059532)
Checksums-Sha1:
 22a5886daf9367c888c114cda18846481512dac5 2463 abseil_20230802.1-3.dsc
 793973c3d2ada7b735eb554642d86e2b0264355e 9708 abseil_20230802.1-3.debian.tar.xz
 417c1dc8210284d112f8f5b78a49629de5b162e6 7895 
abseil_20230802.1-3_amd64.buildinfo
Checksums-Sha256:
 3121ab82ad298362fc0a0a8f5e76eac982debc36992664cb750f7b098cf552f1 2463 
abseil_20230802.1-3.dsc
 547d26e83a5b1a62a65ca0f3a6ec018300aefe2aebc603d05920a0a500c7 9708 
abseil_20230802.1-3.debian.tar.xz
 3f6700708f3c092b3ff60677988097a1d7bad2a99d4ed22c26032efcc39885b9 7895 
abseil_20230802.1-3_amd64.buildinfo
Files:
 b6862eb7f8044e82bdc1659829008e54 2463 libs optional abseil_20230802.1-3.dsc
 1836c13c87b4adef1c48f92561950010 9708 libs optional 
abseil_20230802.1-3.debian.tar.xz
 25c11dd41ddd6537c2d75d140fc57b49 7895 libs optional 
abseil_20230802.1-3_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEQbf+q7LkywHKVTMA5ZUVm53A7cMFAmYKCfYACgkQ5ZUVm53A
7cOkwxAAksElaezK64CHrOezOh+6+hxYA5YAFuVQ2h1My8rWaMFcmJBfjOXzkAi+
mytAsskCaSkamJ/Rcxj6AsgNVlZIYPONuFrqHFMIajCBNg6lKinPa4v4Q23odOyf
I1931e6J+bYUTDawSXm2yYr/nAdrzztsoyqNtS1OPSCuO2k6Iugn6xUdBQzFNGiv
1q925JcYfarDQ6jg3Oil5jz1QWQxB488/boIheGO32AnqUVldF8Az+OUGs7x+4pR
0burNccH0bl/0aRizu1WJkYjxQQqvWWesKXMW1TNH7SO80FbEln1jW7+uZ61VpeH
MbgaH4hTzpaUtJvYAL5rDKbMbPR9xfmdHMmvqXIVjbDmWvJKlJwXPff7U5UYVA1o
OFsWqYLzrxI0LvDLGgwkAxjIaCqfR/KGeu6xk1wFSeL+BvolHE7CUIBCHw8L+M+g
7NOMqZQGEZCb4ADjMQqMRKbESxekpz4ObqlzZ57YCO/iNX3dEUo97JcBZA1bBCGk
D1WkEAcK0yNMv43bfBCZ3YvhR3N51HEN5TmFtY6Nb99kZLrY8mChaBz8lIx5fihg
Jdey8DE1jaO4a/v7yMAMN+aQTzYzfoH038N8t5WSoIN33sRAEKt1xyHnrEXVbGuY
bBhIqMlRW2uTTXphTu2k+dSrTf9eRw7+8MxhOiYxNcwFPtaPZTI=
=ClPq
-END PGP SIGNATURE-



pgpcYWl0AJsBj.pgp
Description: PGP signature

Accepted libipc-run-perl 20231003.0-2 (source) into unstable

2024-03-31 Thread Debian FTP Masters

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Mon, 01 Apr 2024 02:46:08 +0200
Source: libipc-run-perl
Architecture: source
Version: 20231003.0-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Perl Group 
Changed-By: gregor herrmann 
Closes: 1021794
Changes:
 libipc-run-perl (20231003.0-2) unstable; urgency=medium
 .
   * Add 1021794_child_exit.patch: Reduce delays in detecting child exit.
 Patch taken from upstream patch series (PR#172). (Closes: #1021794)
   * Update years of packaging copyright.
Checksums-Sha1:
 cbe9a1f99661c4ac3c279c4da8edfab9c9cfc8ee 2485 libipc-run-perl_20231003.0-2.dsc
 7f38bfca451715f5d4935bcb0e9766d6a8fe8bbd 8856 
libipc-run-perl_20231003.0-2.debian.tar.xz
Checksums-Sha256:
 780f5dca60dc6202894430c00f903c154e3570f94eafb2ad074e52c56eb30d54 2485 
libipc-run-perl_20231003.0-2.dsc
 e4cf0ff8b21733689dea06a195c9e26427c4878a7017285dbf9efcc01e47cb34 8856 
libipc-run-perl_20231003.0-2.debian.tar.xz
Files:
 c7063a2b0642be668c5cd3090fcb70a1 2485 perl optional 
libipc-run-perl_20231003.0-2.dsc
 a6a277f2086fbacfb4fda825c02229da 8856 perl optional 
libipc-run-perl_20231003.0-2.debian.tar.xz

-BEGIN PGP SIGNATURE-

iQKTBAEBCgB9FiEE0eExbpOnYKgQTYX6uzpoAYZJqgYFAmYKBL5fFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEQx
RTEzMTZFOTNBNzYwQTgxMDREODVGQUJCM0E2ODAxODY0OUFBMDYACgkQuzpoAYZJ
qgYZ3hAAp95aLOX6rLjZBuaNXJmHglYW5FdYKTCz3BlKkDkrwr02tBMA+BtOAoXy
JVCJ1FDcQVwspQHtanC8mvMAC4tpJln0SVY7oNKgt6wpxTbp52ws/lpdn8rLSnzu
GKtgAWjr3w2ysR2mTUcQD78qkl4IlGz2gcFOrjlp3UrdfW94NQJ3TcGE0VcOgVgf
kZeUw95pjLJTUreoWebbSMMBBiUfPTXlsepU+7y0wsvUSgbnI33AF7BDRKIYu71S
i12vcOmkhHlxT6VIvdlgvt+5jd4zRzd++M3N25Gd9qjXdLZfPBskBgjpsa1vqe3V
16QNuK3WgXTLzuIOPK8KjMO5z6q7eYyxiBvRCjMqJbVftRNfp/e42G1JAQnAJX7q
LPipecoCLBDoNVzdxOZaTlF67n5prurJ9idDEPmoTcMqy0TBbGRz/FKUfT72LlXC
E699u74Hq7BnSMhv+HVBtNYxtEHP1jf+N1aySzNCT+hdIiGQTABzkUIn5JJR+qyd
lWI2TLAvRES29Bcg8J/bsSLp5VnRBVNlAgz0SQh9tFU621XX1hu2vo4MdQI95BhK
Bs7YYRQd1WcDhw7tH6gCbjdfWHVJ5lapwaogZZAZkkPNgnXzSXrRPQk0h/A/rbLG
PR9aUhZ7H6DXKNSaY7p5PdYq/j7cIdzhaFE2YrkfGavOhHT9Igw=
=/0KK
-END PGP SIGNATURE-



pgp1LvFz2nP1t.pgp
Description: PGP signature

Re: Validating tarballs against git repositories

2024-03-31 Thread Marco d'Itri

On Apr 01, gregor herrmann  wrote:

> > I switched long ago all my packages from tar archives to the git 
> > upstream tree. Not only this makes much easier to understand the changes 
> > in a new release,
> That's not mutually exclusive. When adding an additional git remote
> and using gbp-import-orig's --upstream-vcs-tag you get the best of
> both worlds.
No: I get nothing of value by doing that and the repository will be 
cluttered by commits that I do not care about.
Also: upstream VCS snapshots.

-- 
ciao,
Marco


signature.asc
Description: PGP signature

Re: Validating tarballs against git repositories

2024-03-31 Thread gregor herrmann

On Sun, 31 Mar 2024 23:59:20 +0200, Marco d'Itri wrote:

> I switched long ago all my packages from tar archives to the git 
> upstream tree. Not only this makes much easier to understand the changes 
> in a new release,

That's not mutually exclusive. When adding an additional git remote
and using gbp-import-orig's --upstream-vcs-tag you get the best of
both worlds.


Cheers,
gregor

-- 
 .''`.  https://info.comodo.priv.at -- Debian Developer https://www.debian.org
 : :' : OpenPGP fingerprint D1E1 316E 93A7 60A8 104D  85FA BB3A 6801 8649 AA06
 `. `'  Member VIBE!AT & SPI Inc. -- Supporter Free Software Foundation Europe
   `-   


signature.asc
Description: Digital Signature

Re: Validating tarballs against git repositories

2024-03-31 Thread gregor herrmann

On Sun, 31 Mar 2024 10:12:35 -0700, Russ Allbery wrote:

> > My point is that, while there will be for sure exceptions here and
> > there, by and large the need for massaged tarballs comes from projects
> > using autoconf and wanting to ship source archives that do not require
> > to run the autoconf machinery.
> Just as a data point, literally every C project for which I am upstream
> ships additional files in the release tarballs that are not in Git for
> reasons unrelated to Autoconf and friends.

This is also true for every perl distribution on the CPAN made with
the standard build tools (and I write this as a response to a mail of
yours as I know that you know what I'm talking about :))
 
> Just to note, though, this means that we lose the upstream signature in
> the archive.  The only place the upstream signature would then live is in
> Salsa.

This also means that we are, at least in some ecosystems, diverging
from the preferred way of distribution, and maybe more important, that
we are adding a new step 0 to our build process, which is: making a
(fake) upstream release.


Cheers,
gregor 

-- 
 .''`.  https://info.comodo.priv.at -- Debian Developer https://www.debian.org
 : :' : OpenPGP fingerprint D1E1 316E 93A7 60A8 104D  85FA BB3A 6801 8649 AA06
 `. `'  Member VIBE!AT & SPI Inc. -- Supporter Free Software Foundation Europe
   `-   


signature.asc
Description: Digital Signature

Re: Command /usr/bin/mv wrong message in German

2024-03-31 Thread gregor herrmann

On Sun, 31 Mar 2024 19:44:24 +0200, Hans wrote:

> as I could not find, which package /usr/bin/mv is belonging to and 
> apt-file search /usr/bin/mv did not help either, I just in form you here.

% apt-file search -x "usr/bin/mv$"
coreutils: /usr/bin/mv

Faster:

% dpkg -S $(which mv) 
coreutils: /usr/bin/mv


Cheers,
gregor

-- 
 .''`.  https://info.comodo.priv.at -- Debian Developer https://www.debian.org
 : :' : OpenPGP fingerprint D1E1 316E 93A7 60A8 104D  85FA BB3A 6801 8649 AA06
 `. `'  Member VIBE!AT & SPI Inc. -- Supporter Free Software Foundation Europe
   `-   


signature.asc
Description: Digital Signature

Accepted kombu 5.3.6-1 (source) into unstable

2024-03-31 Thread Debian FTP Masters

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 31 Mar 2024 18:27:38 +
Source: kombu
Architecture: source
Version: 5.3.6-1
Distribution: unstable
Urgency: low
Maintainer: Debian Python Team 
Changed-By: Michael Fladischer 
Changes:
 kombu (5.3.6-1) unstable; urgency=low
 .
   * New upstream version 5.3.6
   * Drop patch for pytest-v8 compatibility, fixed in upstream.
Checksums-Sha1:
 bbe26a0275e3202120f4e84d4bd01997dacfdd67 2466 kombu_5.3.6-1.dsc
 35bcc701f272e49205d78c947a1b39cc69d16621 478361 kombu_5.3.6.orig.tar.gz
 a11d9f7bae05a9a736e7dc5b963fa95c19bb4bb4 11996 kombu_5.3.6-1.debian.tar.xz
 9593df886389dcc1548efc1721be014c48f044f0 10273 kombu_5.3.6-1_arm64.buildinfo
Checksums-Sha256:
 d020aa51bc8650c6c9e24b39a67bcaf8f53b2088279b26ff53e37ab354b67d16 2466 
kombu_5.3.6-1.dsc
 a2c54574dd9df52ab5ac2e06014bc6b85bc56670d432add62a6404da2a7a07cd 478361 
kombu_5.3.6.orig.tar.gz
 d6d444524de4c9fbc8020e2a2921e0a8602ed1fd8c30df0be8f6478fe5f2ca93 11996 
kombu_5.3.6-1.debian.tar.xz
 3e2718049e7726f3b6556a99ee85468447f1a77908716f798738c55c248fdda1 10273 
kombu_5.3.6-1_arm64.buildinfo
Files:
 9c822acd3baa553a5ad0961c9a1d0d11 2466 python optional kombu_5.3.6-1.dsc
 640cdb5a6550748099942b0f9e189b48 478361 python optional kombu_5.3.6.orig.tar.gz
 b7b5764762c0296c273c07a2eb82b9dc 11996 python optional 
kombu_5.3.6-1.debian.tar.xz
 c920bbfe849ea1547c4242996d67eff5 10273 python optional 
kombu_5.3.6-1_arm64.buildinfo

-BEGIN PGP SIGNATURE-

iQEzBAEBCgAdFiEEqVSlRXW87UkkCnJc/9PIi5l90WoFAmYJ2/cACgkQ/9PIi5l9
0WprRggAl/i1an3PdraxuRoM13ZnBr/AUbS/dcSCsuXDwmosqHXc7TJ7UydvWMzT
sMCxC5cbvIaiyiAdsH4c4faNzlkDliDDbb7egld+X/g0vriFpA1B2Rgdu8oPo25C
o9EO8S/PJ+yiZBxHXRBUnV4dKmCioeJjDjtxS6f/H7mqRMhdAa/HKA9MCisCEGgU
b5P+TdXZnPEEb1KSyFwHXJ7/RQqDAqk6DPND9tww1rPqwUKHizKP/Tz8RjCn/uZ8
EbWQ58TCCGK20h8gZpk3V2WJpYy022m2nvkyKfawCr2nihA/XR2pkDN0/SD5wr0v
tUTa8gVpYAgW8xTzs0uJW3jE1YrmvA==
=CycE
-END PGP SIGNATURE-



pgpXcnhzU_tEJ.pgp
Description: PGP signature

Nettoyage du spam : mars 2024

2024-03-31 Thread Jean-Pierre Giraud

Bonjour,
Comme nous sommes en avril, il est désormais possible de traiter les
archives du mois de mars 2024 des listes francophones.

Si vous disposez d'un peu de temps, vous pouvez aussi traiter les mois de
mai 2021 à décembre 2021 inclus où il manque un relecteur pour achever le
traitement des spams

N'oubliez bien sûr pas d'ajouter votre nom à la liste des relecteurs
pour que nous sachions où nous en sommes.

Détails du processus de nettoyage du spam sur :

https://wiki.debian.org/I18n/FrenchSpamClean

Jean-Pierre Giraud


signature.asc
Description: This is a digitally signed message part

Accepted defcon 0.10.3-2 (source) into unstable

2024-03-31 Thread Debian FTP Masters

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 31 Mar 2024 19:03:01 -0400
Source: defcon
Architecture: source
Version: 0.10.3-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Fonts Task Force 
Changed-By: Boyuan Yang 
Closes: 1067968
Changes:
 defcon (0.10.3-2) unstable; urgency=medium
 .
   * Team upload.
   * debian/control:
 + Drop useless build-dependency on python3-appdirs. (Closes: #1067968)
 + Move package description to the source package section.
Checksums-Sha1:
 1a9ee00a08829d347095c12345884291017f92e2 2606 defcon_0.10.3-2.dsc
 7ee77bd75b85b24c0a7cef18182d3b3aca76bf38 426262 defcon_0.10.3.orig.tar.gz
 76dab17013a6916fe5e776849d82d05b8bb22c32 3976 defcon_0.10.3-2.debian.tar.xz
 0e4c88150e42198de61aedae3bd758eacb9049a0 8351 defcon_0.10.3-2_amd64.buildinfo
Checksums-Sha256:
 32ba6ece9203d645da70890747f4ae9f0c0ba26254eac6ae1261aa65660cb4d1 2606 
defcon_0.10.3-2.dsc
 225b082e0d1458be5e91c302c8351d3bc1dcb4728b9f5c1241f1bf68f24b5fff 426262 
defcon_0.10.3.orig.tar.gz
 ba5b1a3c9e71e01f146ff1ce2514b2a470b2412ff9841308ab6a131c709e4147 3976 
defcon_0.10.3-2.debian.tar.xz
 4bfddaa7cdc08f03b0f80846f1f0521873ea51dec72106f7113b6ae36774ec7c 8351 
defcon_0.10.3-2_amd64.buildinfo
Files:
 7c94f6ba39ea01a57a30dff65291f0df 2606 devel optional defcon_0.10.3-2.dsc
 ab853ef6adf844dcbe3574a3c917811b 426262 devel optional 
defcon_0.10.3.orig.tar.gz
 740a5ca8dc167211ab73608e6f296a93 3976 devel optional 
defcon_0.10.3-2.debian.tar.xz
 8d5d1fd4200145f773ae8979221cfadb 8351 devel optional 
defcon_0.10.3-2_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEfncpR22H1vEdkazLwpPntGGCWs4FAmYJ75kACgkQwpPntGGC
Ws6W5A/8C21DMG5E/BqTMorV8ZwkeVGlpcO3MbZbqrXo0XkHvpGsu1AtVLLTCYZh
rmy/q3gBAh4N8lJginZBOW4VQVMs9cVl5dQfLPrntcZmsxAvY/F3mMhHpFc5yDs7
51i3EfnpHiQJDsHV5RUY/7mzQs2cLgVAlQg01+G7XBTUYFzjnJvjaUgbIOD98wNA
QkPChMBVC9IUqqgxYXy28eFDyfCmNlkLcJJY2oW6D2vKr+CffeBQVb/jLDHCR8Hf
oQQaU+Sn0OxgLWXLTrhoBkuwSKmfUKIwHEMfV2QoR8If8TEgCTr5LZvK+CEzyK6M
1fKDllK4h72aqpHaRrf5WlTDkcE5eY26dM+QXSOTo6JgCnf/5N/dlt1VppzAYbRt
SXZhK253TmrE6GSZ/5E58b4RiWpMQrO3113Y0YyQqEZLRXGWjdNZyEM2VV8K3lIh
osjjUWr0bsIi+3OpF6bT/AhxRgOOnIpvF5DbU8qbQC1g5TaKw8ZNK9Sv2pqNbp/p
/LEmd2m+SY1LKoJL0y2H8a58sgdGZSDmnFce0GJqftQf0JCMJLi7qA93TSpsYJHX
p6hFTga98twVs89rrx2iPINLu5VWrnj9IXo8CzhWfld53tw18eKWIJmJiNxlUSXO
NQYQMOmzoTCp+H3x9VzZ7Gb4brieOZMxmaUHusi0tzvD3OnnJJw=
=9XVV
-END PGP SIGNATURE-



pgpWNFSpSBXS3.pgp
Description: PGP signature

Re: Validating tarballs against git repositories

2024-03-31 Thread G. Branden Robinson

At 2024-03-31T22:32:49+, Stefano Rivera wrote:
> Upstreams would probably prefer that we used git repositories
> *directly* as source artifacts, but that comes with a whole other can
> of worms...

Speaking from my upstream groff perspective, I wouldn't _prefer_ that.

The distribution archives get build-testing on a much wider variety of
systems, thanks to people on the groff@ and platform-testers@gnu mailing
lists that help out when a release candidate is announced.  They have
access to platforms more exotic that I and a few other bleeding-edge
HEAD mavens do.  This practice tangibly improved the quality of the
groff 1.23.0 release, especially on surviving proprietary Unix systems.

Building from the repo, or using the bootstrap script--which Colin
Watson just today ensured will be in future distribution archives--is
fine.[1]  I'm glad some people build the project that way.  But I think
that procedure serves an audience that is distinguishable in some ways.

Regards,
Branden

[1] 
https://git.savannah.gnu.org/cgit/groff.git/commit/?id=822fef56e9ab7cbe69337b045f6f20e32e25f566

signature.asc
Description: PGP signature

Accepted workrave 1.10.52-2 (source) into unstable

2024-03-31 Thread Debian FTP Masters

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 31 Mar 2024 15:35:10 -0700
Source: workrave
Architecture: source
Version: 1.10.52-2
Distribution: unstable
Urgency: medium
Maintainer: Francois Marier 
Changed-By: Francois Marier 
Closes: 1052115 1068062
Changes:
 workrave (1.10.52-2) unstable; urgency=medium
 .
   * Update Build-Depends to libglib2.0-0t64 (closes: #1068062)
   * Add support for gnome-shell 46 (closes: #1052115)
Checksums-Sha1:
 fc46280f85a1c55d97272707e7afd9807eab00e8 2971 workrave_1.10.52-2.dsc
 268bd5b876ae42bcad5e977428098f09d5799567 20264 workrave_1.10.52-2.debian.tar.xz
 7bb69cf9acbbc9aa32775776a347438039bc3eb4 21060 
workrave_1.10.52-2_source.buildinfo
Checksums-Sha256:
 f52c252faa3423c1ee57362567ea022ece17de516726195da3e4b8b65ee8789a 2971 
workrave_1.10.52-2.dsc
 c4eb165941aa51877b2b72a5d98aa6ed63f60720cd8361d9f4dd26a599e63ac5 20264 
workrave_1.10.52-2.debian.tar.xz
 e29227e52e30ec9766397a5410aec4619c115ded5a30d663af669f2db6562ac9 21060 
workrave_1.10.52-2_source.buildinfo
Files:
 8d9dac28160451063e7c15b7737054b3 2971 gnome optional workrave_1.10.52-2.dsc
 9decc029bd49bdd08427afccd3f5 20264 gnome optional 
workrave_1.10.52-2.debian.tar.xz
 7729ed476222fc3ee8bebfb856599bdc 21060 gnome optional 
workrave_1.10.52-2_source.buildinfo

-BEGIN PGP SIGNATURE-

iQKTBAEBCgB9FiEEjEcLKgsxVo4RDUMlFigfLgB8mNEFAmYJ5yNfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDhD
NDcwQjJBMEIzMTU2OEUxMTBENDMyNTE2MjgxRjJFMDA3Qzk4RDEACgkQFigfLgB8
mNEa8xAAnLz7jkFQvV+nf2luZ/VfOMs19yYin3g3IULVTc0VJbHYLPO+r2XgiH8S
6fXzQEjY8HgyWMkTM9tOGDozi3P+gxO3jHxZch7xisrPVH0nmubluO/DSo0hohkk
05VQVXxh6CRCmbnW2lxE2rwVH2HRe9SeORzu0WbALVFSOG7fGeAH1/vlFeI9KA3T
w3xRGDxVxvByrmVjT1s7IpPrhUKVOJnirX2uYh+Qt6Q0GEOms10I0KYT6LGSg4co
V+pxpMA6r3s9kYCc69CIoRo7MBrbgOjWNDM7DzXHNxBMan6qoKaFV/C6urJRUTlL
/0wDcTPZL1t6XjqBhmCfH4V9U9kfNvyr1vYz51eGwSI2jVst7W0DKo6V+Wzh4I4U
x2NyIRBRF/brjl2EjCi/r/QsCUlSnYp7MuP2r1rcDYJ3OU+W79vqTJ2WJtT+0fXC
4U7yxvTk8NSTJZsN+82ytiiAqtPIW5OGHlejFLhSXQ9vLGBwPw0EJgjGoJmFXKTF
ybDKH4uZFlHZiwUR2QRxqKMRkhnKZ373tiHAPWiYhKw83uCQPYnWekesOZ8hjJYY
DQcmz6WEDOh9IE8DXpRA8Krx3+Amz4mIkEnZd3SDNGK7DdryL6gU5b20uKhU7Tta
Jz/WUuOEYzX59eamk4RF729hN1GKvL/7JNjQzB6+82XE2STXi9g=
=9wt4
-END PGP SIGNATURE-



pgpJLR70c_vXW.pgp
Description: PGP signature

Accepted regina-rexx 3.9.5+dfsg1-0.1 (source) into unstable

2024-03-31 Thread Debian FTP Masters

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Mon, 01 Apr 2024 00:06:09 +0200
Source: regina-rexx
Architecture: source
Version: 3.9.5+dfsg1-0.1
Distribution: unstable
Urgency: medium
Maintainer: Alen Zekulic 
Changed-By: Agustin Martin Domingo 
Closes: 1027405 1066314
Changes:
 regina-rexx (3.9.5+dfsg1-0.1) unstable; urgency=medium
 .
   * Non-maintainer upload with maintaner agreement.
 .
   [ Debian Janitor ]
   * Use secure URI in debian/watch.
   * Fix day-of-week for changelog entry 2.2-1.
   * Update standards version to 4.5.1, no changes needed.
   * Use secure URI in Homepage field.
   * Update standards version to 4.6.1, no changes needed.
 .
   [ Agustin Martin Domingo ]
   * New upstream version (Closes: #1066314).
 - Remove REGUTIL_TERM_LIB stuff (#930005). Fixed upstream in a
   simpler way.
 - _configures_fix-alpha-compilation.diff: renamed from
   _AZ_configures.diff for clarity.
 - 0001_configures_do-not-regenerate-debian-rules.diff: Do not
   regenerate debian/rules. We do not use upstream debian dir.
 - _AZ_regina.1.diff: Remove. Fixed upstream.
 - _Makefile.in_Debian-Installation.diff. Remove. Unneeded.
 - _AZ_Makefile.in.diff: Remove. Seems no longer needed.
 - 2000_regina-config_use-wrapper.diff: Upgrade.
 - 2000_Makefile.in_Do-not-hardcode-FLAGS.diff: Better use "?=".
 - libregina3.symbols: Upgrade for new symbols added in 3.7.
 - Upgrade install, links and manpages stuff for new upstream version.
   * Build for the host arch, thanks Helmut Grohne (Closes: #1027405).
   * debian/rules:
 - Read relevant version info from regina.ver file.
 - Revert file ordering in HISTORY FILE. Newer first.
 - Install HACKERS.txt.
 - Let configure deal with GCI on supported platforms.
   * debian/watch: fix to narrow allowed extensions.
   * debian/copyright: Make DEP5 format.
   * README.source,copyright,watch: Exclude files with unclear license.
   * debian/control:
 - Bump Standards-Version. No changes required.
 - Change BD libncurses5-dev => libncurses-dev.
 - Bump debhelper-compat to 13.
Checksums-Sha1:
 2f3d3864a49fc25d302798c35f2a4489eef5d9ee 2043 regina-rexx_3.9.5+dfsg1-0.1.dsc
 04163da224611702a83cd74f203a0e043d6e9860 2281208 
regina-rexx_3.9.5+dfsg1.orig.tar.xz
 3dcbf124e43492152bd54101322ff4784d3d95bb 14064 
regina-rexx_3.9.5+dfsg1-0.1.debian.tar.xz
 18cfdc48275cd0eab9eed1704c0fbc220e1e9829 7511 
regina-rexx_3.9.5+dfsg1-0.1_amd64.buildinfo
Checksums-Sha256:
 fbe5bfe058c0c83e7344eb04e606d534f66976c64dc878cdf9ccf38926200486 2043 
regina-rexx_3.9.5+dfsg1-0.1.dsc
 fa4b269aca72e959b2c991bbbccd516c76d7d2ed1db147707721d1808a045264 2281208 
regina-rexx_3.9.5+dfsg1.orig.tar.xz
 1062ff4bb6eea27d42341d1948dfe547b5f696878954bc892c5bdcf364781a2e 14064 
regina-rexx_3.9.5+dfsg1-0.1.debian.tar.xz
 1d95df28479d36317f16eddc8c9de9048e6f791ce56d7099bccfc8b83d719f2c 7511 
regina-rexx_3.9.5+dfsg1-0.1_amd64.buildinfo
Files:
 e8307ba54c79d0b80802f9c3daaeddc3 2043 libs optional 
regina-rexx_3.9.5+dfsg1-0.1.dsc
 f4da84b6ce439c900900994e0f6df5d6 2281208 libs optional 
regina-rexx_3.9.5+dfsg1.orig.tar.xz
 41bea8dbbfd3d3881e4259942d62191f 14064 libs optional 
regina-rexx_3.9.5+dfsg1-0.1.debian.tar.xz
 c52ea7215d768a23af746a708d48e252 7511 libs optional 
regina-rexx_3.9.5+dfsg1-0.1_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEEEehey7p+gYd346SEFJrCLeiggvwFAmYJ4pQACgkQFJrCLeig
gvywqg//cqsCdEyhwWGF9Q7SCsxoovpqMELWyMJGvFYCzhesStjyhMbtRMCrF/tA
OAV0da/bC9tRu2OG8LFkQPupyOlG1HF+A7uQe7McI974lJ1HVPs3iQzlCceWPRIm
+RU4Io+zqXOLskm83+0Nq/CsTfvOCg6wVvnScIGpj7OsHNmngM6zu7wM++GUpcx5
p6oHmAvNjzAZ3cexkPrewnfZCFkk8IsVdFFoTtqIQwv+mpZ3zdhtQj1od++yYBcy
CPOurJiMp99SUUT120hDJaQ3KiHTPy+sVfUB5EJx19dAbL4dxDHGMyiIwGWCQ9AJ
u5N/f36SMx1yjRcpA9P8vNO50vgIyNLiTYEA2Ml3OLW/OgFuJCjQRBTwDVfPqZr5
X7LYVvq0FWAoohS7/NauE4zkZKTJGNRsDfQpsMhLzONUNWrDVO/EDhd3SQqvipPa
WX4LHIaLfOIzZYjc+8o/PFIlioMnPuzhKQ5+5v73/1zeDr1GqXCGLfYVHFAH/GS9
OzfcBmERlBwIYauJgLiMGjPo/qmZwrTVsbyVrB5HgrDiTguRzpFoTEzlcf1NFeqf
/2dZk8owPomQZrCoSr0+Ob9dl5d8TTdK93oqOxd+m7Fz1zIfPhuzEiupURqahDtI
5AEuVLTfNuvId0pKUIoY6/U3GNcYvzZzwWDN4rkBp5S84jw+1c4=
=7p6k
-END PGP SIGNATURE-



pgpEZUoyVIRnp.pgp
Description: PGP signature

Accepted rust-sqlformat 0.2.1-2 (source) into experimental

2024-03-31 Thread Debian FTP Masters

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 31 Mar 2024 18:03:35 -0400
Source: rust-sqlformat
Architecture: source
Version: 0.2.1-2
Distribution: experimental
Urgency: medium
Maintainer: Debian Rust Maintainers 

Changed-By: Alexander Kjäll 
Changes:
 rust-sqlformat (0.2.1-2) experimental; urgency=medium
 .
   * Team upload.
   * Package sqlformat 0.2.1 from crates.io using debcargo 2.6.1
   * Upgrade itertools to 0.12.
Checksums-Sha1:
 32d10bf91a98b6c5e18e2f23e8aeddc8dd313aa6 2538 rust-sqlformat_0.2.1-2.dsc
 447b795b45441566425116c5cf0525ee05b1d8a6 2860 
rust-sqlformat_0.2.1-2.debian.tar.xz
 d2a4ac90d7275254d7f304331721951c10839dc0 7831 
rust-sqlformat_0.2.1-2_source.buildinfo
Checksums-Sha256:
 30af1fd5fec0ad7a19efd6387aea7429fbdeebbbfa383b87df11c07d9dcb1ad6 2538 
rust-sqlformat_0.2.1-2.dsc
 f231ee096fc2efb04306ff148512a181297e4ad832d39eb17742d4fceddd9094 2860 
rust-sqlformat_0.2.1-2.debian.tar.xz
 3d499ae153e9b9effbfa6d7460c4a2bab9cdf9905ac28325f797663ec468616c 7831 
rust-sqlformat_0.2.1-2_source.buildinfo
Files:
 615b618c436d1c81f4f06e7400b321e0 2538 rust optional rust-sqlformat_0.2.1-2.dsc
 a557e9f6f48c6e7b63e5cd4dd2acb57c 2860 rust optional 
rust-sqlformat_0.2.1-2.debian.tar.xz
 4f80a313c6e84f747257725a47c62d40 7831 rust optional 
rust-sqlformat_0.2.1-2_source.buildinfo

-BEGIN PGP SIGNATURE-

iQKTBAEBCgB9FiEEkb+/TWlWvV33ty0j3+aRrjMbo9sFAmYJ3btfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDkx
QkZCRjRENjk1NkJENURGN0I3MkQyM0RGRTY5MUFFMzMxQkEzREIACgkQ3+aRrjMb
o9saDg/+NCTiRDaAldTOJPHHwurEIBgJn877lw2vym/lJS94KnnvzrgwTT+VPr3h
qvbsCA9g0KSpUlbThSGGELtc2jY6SMkHfNm1Iwjyz8obYuISDQV409xQjTR0saq7
+krhMoYJx4vW8INYnFIOR5TdfIdYsizahqm0gyLdOME7MNL/6K1ieW18CrY17pZT
vfWsCTzVXTggq0wiph1GK1wH0fD0baU7eJfXfGcpIZ3wbH2X0up2Gi63lwsjbzAJ
0ncznmyp0E5v5C7j6nIkkbV6WsPMcS+H2Tk6zgRghZzu65YCRHIL05fGsu3dBF52
UL+U1Je0WTA/hyODbQX0hMgHKp4Sd15CeFNwbB+Z510z0t2oyOYcQ29l5Y6U1s+a
hZUMA8qY9UfZO38vT0X1d2+zL3G10TT5kQ2Qv0zKFhLwipUKBDp5AW4uooKp6yZU
mzMMYVW0CgHeYvEWbG7rkwvyOpy46rUWqwpxSg5EilsRVkeFlQ4rrcT/PpdQTGEZ
iqGKg8a/cJxRMfJndrXQ7c9EV7AXP7pPuMLHI1uQ85JCiFPSNKIN4tXRGOXSNglP
ikLcO1AgdkxbzZCJPMwSMSqXRxARTZNIzJ2w5AZsoQgNzJNFEsFY/G0ImK7TrT+N
gKDj00uY4NNosHUL0dGfLs+boDc9Pv+zbbyzkp0PUu7wFht92nA=
=Wb4a
-END PGP SIGNATURE-



pgpO58JyFvqdF.pgp
Description: PGP signature

Re: Validating tarballs against git repositories

2024-03-31 Thread Stefano Rivera

Hi Guillem (2024.03.30_04:41:37_+)
> > 1. Move towards allowing, and then favoring, git-tags over source tarballs
> 
> I assume you mean git archives out of git tags? Otherwise how do you
> go from git-tag to a source package in your mind?

There are some issues with transforming upstream's git-centric world
into tarballs for Debian source packages, that are worth bearing in mind.

The upstream git repository has some extra metadata available that
upstream build tools start depending on. Things like: versions, tracked
files, and ignored files.

This came up in the Python world, where setuptools-scm has become more
popular over the years. This is a plugin for setuptools that extracts
some metadata from the git repository:
1. Determine the current version. Historically, specified in setup.py.
2. Determine the data files that should be shipped in the installed
   package. Historically, these were specified in a MANIFEST.in file,
   but developers got lazy and delegated this problem to git.

Currently we set the version for packages that depend on 1 by an
environment variable that setuptools-scm will consume.

For packages that get file lists from git, it's a little more complex.
setuptools writes a foo.eggi-info/SOURCES.txt into source artifacts that
it produces (sdists). When this file is present, it's used as a list of
files.
https://setuptools.pypa.io/en/latest/deprecated/python_eggs.html#sources-txt-source-files-manifest

So... for Python packages using setuptools-scm, we're pushed towards
depending on upstream-created source tarballs (sdists), rather than
upstream git archives, because we don't have the ".git" directory in our
source packages.

I can imagine that other ecosystems would run into similar problems and
solve them by inventing similar protocols, if they solve them at all.
Upstreams would probably prefer that we used git repositories *directly*
as source artifacts, but that comes with a whole other can of worms...

Stefano
-- 
Stefano Rivera
  http://tumbleweed.org.za/
  +1 415 683 3272

Accepted zatacka 1.1.0-1 (source amd64) into unstable

2024-03-31 Thread Debian FTP Masters

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 31 Mar 2024 23:04:51 +0200
Source: zatacka
Binary: zatacka zatacka-dbgsym
Architecture: source amd64
Version: 1.1.0-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Games Team 
Changed-By: Alexandre Detiste 
Description:
 zatacka- arcade multiplayer game like nibbles
Closes: 626767 738090 904633 908387 908572 964789
Changes:
 zatacka (1.1.0-1) unstable; urgency=medium
 .
   * Adopt package (Closes: #964789)
   * Update watch file for new maintainer
 (Closes: #904633, #908387, #908572, #626767)
 (LP: #246734, #1565485)
   * Remove .desktop file, upstream provides one now
   * Install upstream icon (Closes: #738090) (LP: #/922847)
   * Replace fonts-dejavu-core by fonts-jura
   * Add dependency on libsdl-mixer1.2-dev
   * Provide virtual package zatackax
   * Copyright review
Checksums-Sha1:
 56430251dc13f2b4d47759f3d707bc39e383e719 2000 zatacka_1.1.0-1.dsc
 35d09252d4ffa7aab10c65b27e4d69c7f764d57c 3835877 zatacka_1.1.0.orig.tar.gz
 b927dbc34d2369151b4784c1d8b3ed7fb23826c5 14088 zatacka_1.1.0-1.debian.tar.xz
 1999b64c9d987a408c64d5c1d684cb193a5254da 65280 zatacka-dbgsym_1.1.0-1_amd64.deb
 ad1ae91b12ee6c81ada0fb9c752428bc73cbd16e 13257 zatacka_1.1.0-1_amd64.buildinfo
 aaefd945abebaf2ff9ffae1da39dab5e3f6463c8 3381060 zatacka_1.1.0-1_amd64.deb
Checksums-Sha256:
 e2f9acfa8619c6805dc46317b85ba68ba05f8ae5728fd71919675719bf77833c 2000 
zatacka_1.1.0-1.dsc
 9339b75a76c9a6cb97d80e79a7108989d504b0b43eecad3ba2362606d6e5e41d 3835877 
zatacka_1.1.0.orig.tar.gz
 d153e7dd78849e1ffd6895b2434cea7d0e5aab51d1e48898a84b29e8b20367ec 14088 
zatacka_1.1.0-1.debian.tar.xz
 caa100ba6fa13f47e774b16f32a8e158b51c22c6145d424de76e572c5f9a56b2 65280 
zatacka-dbgsym_1.1.0-1_amd64.deb
 3c8a4505150879a4cba3bb0e6ca07c59b781e8443297bb45d3b27576b165650b 13257 
zatacka_1.1.0-1_amd64.buildinfo
 447d502069ab296efe5ae3af7b31e3eb41967b09b41302199e30a19c113c737b 3381060 
zatacka_1.1.0-1_amd64.deb
Files:
 7752ec641a10a1f67efc416779d0e70d 2000 games optional zatacka_1.1.0-1.dsc
 578609b93d2158ac3ef40e8475149946 3835877 games optional 
zatacka_1.1.0.orig.tar.gz
 8b16978c46f98042e47bb60409991478 14088 games optional 
zatacka_1.1.0-1.debian.tar.xz
 b303cec41b136890f9ac16920c2abab5 65280 debug optional 
zatacka-dbgsym_1.1.0-1_amd64.deb
 be3ef1608a719305fbd5b494c841d92c 13257 games optional 
zatacka_1.1.0-1_amd64.buildinfo
 0464f5c21fcda728d13408b1ed402b69 3381060 games optional 
zatacka_1.1.0-1_amd64.deb

-BEGIN PGP SIGNATURE-

iQJFBAEBCgAvFiEEj23hBDd/OxHnQXSHMfMURUShdBoFAmYJ0woRHHRjaGV0QGRl
Ymlhbi5vcmcACgkQMfMURUShdBodihAAvedCqs+tjzE/TTbabm/4QFJtrfTbW3Fq
IO/6hR9kMg26a8any1CUOBTLwiUtUYsrIG36+xMXLtknvYFslztLzEpNyJ8qcTts
PLLGS6cDfIGUn/4QHTYYjUzr3b+/8zFNQcTqkOqJmRzFTn+qDbgxDl5Upbu3xabY
pFH/6fyVlvpeQyfaatqc00Tk6d8U+wY8JoUTRgDwMzMD1bdhsaqO0K581xM2A7Gw
AUT7+i8NJ1KpVx27KHVLSmWphcVOAwX9eij/ErzdeePL0QMKf5cIsVV8QglhILFa
Cq/XYd+lJPwLBddLQpFa18uDNADbWipgPtalbz+nM+FUB6mX+y7sl0Aw1BxPHV5K
7SS0ofzDEi6rjh9m5+6Rggwr+V2H9YIMZgFE6DgY+qiiBzNa9mZl3NVoqEkkivT7
tnaX6RNRdXGzN6/cWFBXtcXcfCn0yYG0wZ8ktxg0yH/2KY0U2x66rjRWiVbHXIXg
C0aCAT/5x1WPYMvsNae6JjpPR71WF22nP/tNd7E6h9kHFVayXY/WHwVU9edVZRG2
5xD3extUmpv0vD+sN2wIYrmd5RSWaxpnF79GzV3yUyMy7YqzLuTdjd1yaXPbn/pC
xbrhtDCyAC42YVu+Wu0Re+c+4mBXUttczqmmcxy7+T3BanEDeLmTG5VhlevdoEwP
hZjL+fMcmRU=
=YZ2A
-END PGP SIGNATURE-



pgpSmaUszkxxz.pgp
Description: PGP signature

Accepted rust-shrinkwraprs 0.3.0-2 (source) into experimental

2024-03-31 Thread Debian FTP Masters

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 31 Mar 2024 18:00:39 -0400
Source: rust-shrinkwraprs
Architecture: source
Version: 0.3.0-2
Distribution: experimental
Urgency: medium
Maintainer: Debian Rust Maintainers 

Changed-By: Alexander Kjäll 
Changes:
 rust-shrinkwraprs (0.3.0-2) experimental; urgency=medium
 .
   * Team upload.
   * Package shrinkwraprs 0.3.0 from crates.io using debcargo 2.6.1
   * Upgrade itertools to 0.12.
Checksums-Sha1:
 fa2495b98667c09192ce43e850d68a25657a15a6 2630 rust-shrinkwraprs_0.3.0-2.dsc
 d7fb9c1c1b9e86a4a9b2fa2076cb297c8ea8a63c 3084 
rust-shrinkwraprs_0.3.0-2.debian.tar.xz
 30f0e3b3bb132e0b803615c20a9a0183d93925b3 7843 
rust-shrinkwraprs_0.3.0-2_source.buildinfo
Checksums-Sha256:
 771c9bdd0eda5c831d5006ab32e90f1e4af835f23bb718087eb3fa6919390b23 2630 
rust-shrinkwraprs_0.3.0-2.dsc
 b1873ac6f0db520c3ba1c55d2a1ceb5d2c4c2e0734167de0ae731d4d39413a3a 3084 
rust-shrinkwraprs_0.3.0-2.debian.tar.xz
 b15b44353768ab8b5f1047ed189e263992ce01f16f5f7bb0b455612f50a364aa 7843 
rust-shrinkwraprs_0.3.0-2_source.buildinfo
Files:
 1b4ad86bfe43a6976c18eaf62e6e216b 2630 rust optional 
rust-shrinkwraprs_0.3.0-2.dsc
 9362d007760d06e6de8a3c6fd037e61f 3084 rust optional 
rust-shrinkwraprs_0.3.0-2.debian.tar.xz
 82e66b35c5341aabcccb22cafb144bf2 7843 rust optional 
rust-shrinkwraprs_0.3.0-2_source.buildinfo

-BEGIN PGP SIGNATURE-

iQKTBAEBCgB9FiEEkb+/TWlWvV33ty0j3+aRrjMbo9sFAmYJ3Q1fFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDkx
QkZCRjRENjk1NkJENURGN0I3MkQyM0RGRTY5MUFFMzMxQkEzREIACgkQ3+aRrjMb
o9tvXhAAg1oKRSpFEAE5DxHHUAuZyH0iNWleQaukoxe2aJc6lAPtkWW7WuX2u/Ov
QjjRgtqzgy8NhylY+IbKkmKnSxxvMVYkJFyEWWeD8bpzvt4LfUXMfLXDnOW77JhU
qwkUu2I4GPKIq1kclTJl4ie25bpRn5kvrhW0KyhOOV+9qYvaMjLUM/oG5uaS1bKm
jfnDlQ8Dyk6Tr7ICWy1JvJmOq6Rb21OQiJsCctY5oItL/0aiZDBBZVtdFuoyIYQK
mu5n7kNgWqQNMtLqpzFxgxqyRVTybfSVvKafHC6GAnk3n/YdWkirFwFChnx6bVBb
KSeTKjKxQlvfSTxExxEdMfeUa5mO5BUtT7BK/JjSrL8uwUCz4vz204y6kUkAL3+P
gui7bWTA6tVLypQdyXFKgmUkBN6lqNlErGqQHTpXDB1c3ohqJmtg7dZHjYIya5PS
0G7XZ68zIGwRma7iG0Rqbpy+iI92lY7g6rfiJaufVW6ku1kwC+yE5OKgKiJ9WSj0
DNs+6nXmbqkc2MxXiH0i1D74t9BTz9klSgce2NTIuzwwZAEDSjl814zCls4QQSTL
YM7lLRs6IrppvW9x4gqMp8hZB/7OTW5GX0X2agoMH0isJBm5XhbAGP6pc/m0MvmY
hST1lhm7wtLWE5cEi1cAN0yPFYfbDhdjGsghS5Evjy9xHmeQ44M=
=i63X
-END PGP SIGNATURE-



pgpzq7tT3mj65.pgp
Description: PGP signature

Accepted rust-serial-test 2.0.0-2 (source) into experimental

2024-03-31 Thread Debian FTP Masters

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 31 Mar 2024 17:52:05 -0400
Source: rust-serial-test
Architecture: source
Version: 2.0.0-2
Distribution: experimental
Urgency: medium
Maintainer: Debian Rust Maintainers 

Changed-By: Alexander Kjäll 
Changes:
 rust-serial-test (2.0.0-2) experimental; urgency=medium
 .
   * Team upload.
   * Package serial_test 2.0.0 from crates.io using debcargo 2.6.1
   * Upgrade itertools to 0.12.
Checksums-Sha1:
 825499540ae58a947e2f3618c9a396a8e3c487be 2737 rust-serial-test_2.0.0-2.dsc
 4c65df327315b5ed77aa3d3eea7a5013fc7d731a 3724 
rust-serial-test_2.0.0-2.debian.tar.xz
 4b2cba5dc3b08181d6e11cfaa0076806826f75ab 7839 
rust-serial-test_2.0.0-2_source.buildinfo
Checksums-Sha256:
 301ed9d4a53b59f423bdcc0533d8aafa93c8d626db3f598601d7c2833bc9ad5a 2737 
rust-serial-test_2.0.0-2.dsc
 c48d33e9a5c85955992d67ab5216075af051f1134cfa215920bf6f646961479a 3724 
rust-serial-test_2.0.0-2.debian.tar.xz
 c5cd0f140022e169c1db41fb98c9466a7571947111eedadbeaa32ac54a62a73a 7839 
rust-serial-test_2.0.0-2_source.buildinfo
Files:
 1b9ed2053d9c886a9c8188be365c7af9 2737 rust optional 
rust-serial-test_2.0.0-2.dsc
 50431380b308db31b447098e36545424 3724 rust optional 
rust-serial-test_2.0.0-2.debian.tar.xz
 649f68fea146e7c0f9d080d932147a19 7839 rust optional 
rust-serial-test_2.0.0-2_source.buildinfo

-BEGIN PGP SIGNATURE-

iQKTBAEBCgB9FiEEkb+/TWlWvV33ty0j3+aRrjMbo9sFAmYJ2xFfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDkx
QkZCRjRENjk1NkJENURGN0I3MkQyM0RGRTY5MUFFMzMxQkEzREIACgkQ3+aRrjMb
o9tNFhAAv07gYK6OMmc4Yrtozou9nHfCcsIdSmiOxGVtR0ABzY9Av2HVDki2IDeZ
yPjjSW+2UsgRbRkisydgyUMeMtPHHUoIN/Izo8DC9gzhDgKQcHclooPcFrGD5v93
rxWI4xOxbdz2ufn1idNm8OhblDGtpXyBiB8P6+4/5lppv7u/WafFa+VEbNeCsY3e
yfu3SkKKgCVB8qnEU2E4C27nz+j745dUEB5KR+jK58bdQe+wZP+frFlePOHQQJ/P
+sZSvD1Am3lnkh5YX2k9IHaX8nF2qSVB3/VUQN3au5eLApFQsUCJ3YvSWaa7BGgi
chMdWdTTPh7tylOZQuTIT5/1U3rl0LNpu9vBdoXz3mcD8O8BjvVHszYlOfOZISJR
gKzVnxjNYurauHvTAkqdlmD0NKMuosV2RJdzsMXFhpV8+GABeln3pN+VSTGEwOH9
/IwTKY9cKhXZkXIcypn69LiDdb7QaOWZFWOOIFqTXUIQ7bJyW9R7Efpn3V9VmbNm
pluEviUaCfkdWgyd33vp6VR/UMtqaglU9nIrIiP6e3ZUynWIkb0zeJG7w6elDMaA
De4jaHBVuQGEXFgseV5pyyH5+Mv4GpEHnXMWMEZQXXpqHQPBInwhDHgcUMwguPgN
QTo9zq92ZK81Uvl+JsHuWpA2UROVWlRjiASY6hgT7NuEeG0FNJ0=
=07EU
-END PGP SIGNATURE-



pgp2Tw5Dpi_Q1.pgp
Description: PGP signature

Accepted rust-rustpython-compiler-core 0.2.0-2 (source) into experimental

2024-03-31 Thread Debian FTP Masters

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 31 Mar 2024 17:28:28 -0400
Source: rust-rustpython-compiler-core
Architecture: source
Version: 0.2.0-2
Distribution: experimental
Urgency: medium
Maintainer: Debian Rust Maintainers 

Changed-By: Alexander Kjäll 
Changes:
 rust-rustpython-compiler-core (0.2.0-2) experimental; urgency=medium
 .
   * Team upload.
   * Package rustpython-compiler-core 0.2.0 from crates.io using debcargo 2.6.1
   * Upgrade itertools to 0.12.
Checksums-Sha1:
 758532ef95b2859b2e0a8af2fdbd7d4a48161288 3113 
rust-rustpython-compiler-core_0.2.0-2.dsc
 5914c58f336bb938f767e393fdaa3530e78f3351 3004 
rust-rustpython-compiler-core_0.2.0-2.debian.tar.xz
 caabecd83b669f98cab8951ab2c3f9e21d5b92d6 7891 
rust-rustpython-compiler-core_0.2.0-2_source.buildinfo
Checksums-Sha256:
 57b7028f68749eb9453adcb974789fdd73c19bb2d2b1bd342b3e0e0a94c8bdd9 3113 
rust-rustpython-compiler-core_0.2.0-2.dsc
 62804faafb203b6225149525e4fd5a0ca5d353d5ee58aa066a68a59396a4a227 3004 
rust-rustpython-compiler-core_0.2.0-2.debian.tar.xz
 0ea8c9be57ed42be870dcb0c860dd3179ce936a143ef6c79f0f844cb4985c088 7891 
rust-rustpython-compiler-core_0.2.0-2_source.buildinfo
Files:
 5d84d03dbb116fb09095bb1e2d8dcc9b 3113 rust optional 
rust-rustpython-compiler-core_0.2.0-2.dsc
 05f5af38ee57f75d66b84021f4bf5479 3004 rust optional 
rust-rustpython-compiler-core_0.2.0-2.debian.tar.xz
 f731bb59c0eb0fc11f74c2e8746f4214 7891 rust optional 
rust-rustpython-compiler-core_0.2.0-2_source.buildinfo

-BEGIN PGP SIGNATURE-

iQKTBAEBCgB9FiEEkb+/TWlWvV33ty0j3+aRrjMbo9sFAmYJ1YhfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDkx
QkZCRjRENjk1NkJENURGN0I3MkQyM0RGRTY5MUFFMzMxQkEzREIACgkQ3+aRrjMb
o9vkOw//b0CfVioVFiusFP78JBRwdTwaktZHsM1Xpx/aP7fGSOcRaPoIDUhEL/cf
5O9asN74eGd8sWCvdmk1flCrGwqgH/rqOiGolM33/JBe4O9sjHouYY8f9FGbVxsv
G5I++yjPz5S5ZQlTQCsLOT53rWpqHnOU2xAmK4GUeHi6SeKYUD1yZ1T7Ge+9ckjW
dP4q13qzSBxnPh45sShkWje0TZ9hmvfkjAd0h+vWWHOQ45AzXv9/TiCLrQBzdLLv
PPYZSiNmT9XFwDDLNAk3knu4frDWAYCQMwgni9duHOIF9Elu3A1oJ2WqDCzjhM00
OHSEETGEjYr9VaLcwFX0j5Ily/Y6E3zCSn6kpDdirwPVybHsBWkOmF+KJ5j4WuSl
gjgR3Q+C454A7YZXHYYcPSRVi4eGsRLpD5JNif5yklTcuOHxKU7+wD7rnFY/HlHj
h7lL42iJ1Zjx3GqmLmQuh4IxjVBvLXVQEbHCjC7hlQBk93sgw8gveTQLN0UNbwUX
WqVYWDV2gb8MWtsz1aBd7AL8VXTxuKNOUpTlgqogJb+0ZWN9lMZA3vojtRb+3l4r
Y+FMy2XsUT4KMl64sG1mWw4DQfUmqcTMqQx7FQmaTErkQw1RUTVfPjs3xi0UA+Y6
ufgVvHDOdcTpSWQCX3g1CNcza8eN0OaS/Ut5M511RHnpgQfb/II=
=rhNM
-END PGP SIGNATURE-



pgpnZ_UmZEa1e.pgp
Description: PGP signature

Accepted pacemaker 2.1.7-1 (source) into unstable

2024-03-31 Thread Debian FTP Masters

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 31 Mar 2024 22:36:16 +0200
Source: pacemaker
Architecture: source
Version: 2.1.7-1
Distribution: unstable
Urgency: medium
Maintainer: Debian HA Maintainers 

Changed-By: Ferenc Wágner 
Closes: 1067626
Changes:
 pacemaker (2.1.7-1) unstable; urgency=medium
 .
   * [09de5bf] New upstream release (2.1.7) (Closes: #1067626)
   * [ad97704] Refresh our patches
   * [e71f255] Update symbols files (all removed symbols were internal)
   * [13bce35] The cts Python directory is not installed anymore.
 Upstream migrated all of its contents into the _cts module of the
 pacemaker Python package (see commit 1fdea434).
Checksums-Sha1:
 6d54dbf79e559888cf3deeba7d7a41dc9f57c2ac 3646 pacemaker_2.1.7-1.dsc
 767c5c564a300ec096884ccc7dc469a0bab6e9d7 6056266 pacemaker_2.1.7.orig.tar.gz
 b3d0a89787d17d2e06ba1ea19cac5a2d4443c0d5 51612 pacemaker_2.1.7-1.debian.tar.xz
 0ac5e0c78ec1b3187a5c4dc11df9426921869bc1 25112 
pacemaker_2.1.7-1_amd64.buildinfo
Checksums-Sha256:
 29e7ca35ebe8a0b80c077a8ff0c7c764976a996e0ba3a07a1fe8dd4ba6373124 3646 
pacemaker_2.1.7-1.dsc
 17e18ec4d7ab138df641a22b812026c6f70cb7e2f7db6b3ded098de81b0b135a 6056266 
pacemaker_2.1.7.orig.tar.gz
 2adda8de501e043ea5c5ab75c5f2e0388cf5a0c019e804dc14faebc0b8c2b844 51612 
pacemaker_2.1.7-1.debian.tar.xz
 425ea8aac6cd55367c39038b0fc3277a2a15bde09c99f06855a831e4628c27bf 25112 
pacemaker_2.1.7-1_amd64.buildinfo
Files:
 33bb3d9bd3103a7c41988d960f061b22 3646 admin optional pacemaker_2.1.7-1.dsc
 f91bd46791c8b302e82e8eb608770238 6056266 admin optional 
pacemaker_2.1.7.orig.tar.gz
 2f24c3185cc8999458243d5ca3cf5b49 51612 admin optional 
pacemaker_2.1.7-1.debian.tar.xz
 8b0bb1b234ce7e8bb7441483b8538a45 25112 admin optional 
pacemaker_2.1.7-1_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEwddEx0RNIUL7eugtOsj3Fkd+2yMFAmYJ1KMACgkQOsj3Fkd+
2yOWoQ/+I5jCqxTKkDxGxY+mytpIZcKDMQiyGANzSe9JeKzgxC9DmmBcZCmkP0A3
uIWE0SaN1KXSR5MeG7NMhH4Qp7qIhSxo1iGjLHRzHhTowMxM6aryzPd/QXG3Sag9
Lj8Anmxecs6slv88XKAfmC4TupqpaGdnh1oCn4x09H607RWsZoxzo1oVmgCMkx8L
pBnrtuR0MOxFXsgM+GvX1NLDmigpyGmKfoDGgaXchDAT0La3w5Ogo74v5Gqy1L7I
2ufTCrLrjWwdu5YQ3KiWN1AER/HKiKCVxPCEKxj2zEW/FHxj6XoFM64Nd3Q13C8B
GPJsFq5brzmonXurIYRL7d+BitAELXHL3JMi/FZ6pgM3tcxMUkhUtryLX+RVoMX/
4e4AuCk0TX+F9s2MOzuwUFppJtA4KAIeeYMcs3/bnEwbnaiytnqzHvITUyXuN8CW
WrgD9SqLWQgucENtPpbS3PqwNq2H6PcvrFSJSMDJP3CFB404DeksI9pWDnS5fX6O
WtnflMek7qHFts5Tr9ab/EQ0P5nEBa1uE3/4XQk4MDF5lR1jMc2EwvYjqsIv8LL6
35aiUaDqV3V2lr1UvxrFmm6usZOMU1Rnm6L9HjRTpXwaZ5mO3QlObCW5IYc4xwo5
NVWUJO/gQzfjQhnwSrk4Ce3qc1A7YVsTbIgvzpoO3Cxse72cssE=
=XY7f
-END PGP SIGNATURE-



pgpXyLXWZZRHl.pgp
Description: PGP signature

Accepted libjpeg9 1:9f-1 (source) into unstable

2024-03-31 Thread Debian FTP Masters

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 31 Mar 2024 20:03:04 +0200
Source: libjpeg9
Architecture: source
Version: 1:9f-1
Distribution: unstable
Urgency: medium
Maintainer: Bill Allombert 
Changed-By: Bill Allombert 
Changes:
 libjpeg9 (1:9f-1) unstable; urgency=medium
 .
   * New upstream release.
   * debian/control:
 - Bump Standards-Version to 4.6.2.
Checksums-Sha1:
 a9d159006aed67e98699b2d67fd9d201e5fbeacf 1824 libjpeg9_9f-1.dsc
 bb1d5ad2b388e0db7dca62868ad01c5cbf774868 1081470 libjpeg9_9f.orig.tar.gz
 a294117658d49ddfd284b5418d8a17e6cea45929 13020 libjpeg9_9f-1.debian.tar.xz
 8389ddcbf1c8fa32d53943058413ea3955f42acc 5802 libjpeg9_9f-1_source.buildinfo
Checksums-Sha256:
 24ac4eafb2f27ee8c7f34d497f10c88e2ff55f8d12800769b499fa1f6aeab44d 1824 
libjpeg9_9f-1.dsc
 04705c110cb2469caa79fb71fba3d7bf834914706e9641a4589485c1f832565b 1081470 
libjpeg9_9f.orig.tar.gz
 1584f29e1e47ef94a715112916270a96ceb685ee5b2dc03a62159843b44fb01d 13020 
libjpeg9_9f-1.debian.tar.xz
 4ed04e35ea6401abdfa468c431bcc6139f69497bdcda586b59aa2e48f780ef15 5802 
libjpeg9_9f-1_source.buildinfo
Files:
 bc0202e5ccd4c5b1446f490cb993f322 1824 graphics optional libjpeg9_9f-1.dsc
 9ca58d68febb0fa9c1c087045b9a5483 1081470 graphics optional 
libjpeg9_9f.orig.tar.gz
 e951f64c125a00362ad9fcaa1bd8bdfb 13020 graphics optional 
libjpeg9_9f-1.debian.tar.xz
 91dbd10e93ac06fa0f29aa6431327b68 5802 graphics optional 
libjpeg9_9f-1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEQgKOpASi6dgKxFMUjw58K0Ui44cFAmYJ1tYACgkQjw58K0Ui
44dWTw/9F1khjqwRj980EazYhXizuZUq1KbYCqA/sgcmsSNu+ZfTD66Sn6wv6QpZ
OI23sd5Btop2s8KTZmAJ1rvcEF5lJRS0sSXSbFfU2B8mdBBu+hQtD1uiVP8nDikr
emSgtBu5ul18+SWAIfl1BT+uKWfowhKZqehB51pJe94Sx5VVYipEaWYzrp8cH6cT
rZRtG3QatjWZUKzyO+wgdtKXmspjq+XKMpfYebzLIEpxWp4YO3nxOdFyrpDOsHMr
BS296EPwf418cihT9C95vurAF1Hie4iSWOOoE0Kh5ZEIpPtwjYoan/u1CQxfpDFj
fb/uxWN7By4cNbSlCulx7YPMqZ1MU6Q+rptDS0RHH3L3btrVHdb6GISzxpGSK7ev
nlqzdjC98xPrJX+HRG7Jgbi0d/LZzWItfXLQ7rKSVH0zFMK3RD4DO6h8j2b5vt5u
k64GzqN0OdZvMpk165SvZ+5ve8it4kvGIi0vUsas0afRMgBuZ7FBa+vM0Y7dhZ4X
yDjV9WS+Bxni3yvkhg+r+1UihFiIp43uym3nfbrF5MtxjtjszfTJGwdm+9oI8EAD
x9y00TsMvx9ONhcE17b42T8WSurmRVuGefZeabXsQXIjxo41waTUOQ6L9wrNqav9
W9og48nS+U4dZeN8sUGvcvrIlC0jKCAzKXD6HrPT6O+9Tv4fmz0=
=3n30
-END PGP SIGNATURE-



pgpZTcaR48yre.pgp
Description: PGP signature

Re: Validating tarballs against git repositories

2024-03-31 Thread Marco d'Itri

On Mar 31, Russ Allbery  wrote:

> Most of this is pregenerated documentation (primarily man pages generated
> from POD), but it also includes generated test data and other things.  The
> reason is similar: regenerating those files requires tools that may not be
> present on an older system (like a mess of random Perl modules) or, in the
> case of the man pages, may be old and thus produce significantly inferior
> output.
But we do not use older systems to build our packages, so this does not 
matter.

Indeed, long ago I started building inn2 from the git tree, no more 
tarballs...
I switched long ago all my packages from tar archives to the git 
upstream tree. Not only this makes much easier to understand the changes 
in a new release, but it also makes possible packaging upstream 
snapshots.

> Just to note, though, this means that we lose the upstream signature in
> the archive.  The only place the upstream signature would then live is in
> Salsa.
Totally worth it!

-- 
ciao,
Marco

signature.asc
Description: PGP signature

Accepted xracer 0.96.9.1-12 (source) into unstable

2024-03-31 Thread Debian FTP Masters

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Mon, 01 Apr 2024 04:38:11 +0800
Source: xracer
Architecture: source
Version: 0.96.9.1-12
Distribution: unstable
Urgency: low
Maintainer: Ying-Chun Liu (PaulLiu) 
Changed-By: Ying-Chun Liu (PaulLiu) 
Closes: 1066722
Changes:
 xracer (0.96.9.1-12) unstable; urgency=low
 .
   * Fix FTBFS by -Werror=implicit-function-declaration (Closes: #1066722)
 - debian/quilt_patches/0180_fix_ftbfs_implicit-function-declaration.patch
 - Update debian/quilt_patches/0060_utils.c.patch
 - Update debian/quilt_patches/0140_secure_fprintf_format_string.patch
 - Update debian/quilt_patches/0150_gcc_5_ftbfs.patch
Checksums-Sha1:
 9887435b4c87a2798fd04c2837a0234dee92d3c8 1986 xracer_0.96.9.1-12.dsc
 b9cf1b52d124fd2dc256db029c94c551179a810b 30876 xracer_0.96.9.1-12.debian.tar.xz
 9a0062e6c90aeca5cc542e90a8e4a8123a48b76a 10339 
xracer_0.96.9.1-12_source.buildinfo
Checksums-Sha256:
 eaaa122bf9bd83c0ae386da382ee07687fa20e487507dd8c302f73786bc58096 1986 
xracer_0.96.9.1-12.dsc
 13774303ffceb0afa7a937579c5b12868251d3eb5fa146f4011c3bd26335aada 30876 
xracer_0.96.9.1-12.debian.tar.xz
 3f1c9dfdc95e6756cf962a7c8f6e90d9d19917ebc1cac51f65edc2b3037d9e8e 10339 
xracer_0.96.9.1-12_source.buildinfo
Files:
 7a377c663e7e874a9c8c2370eb8c763b 1986 games optional xracer_0.96.9.1-12.dsc
 9402490fe7ca64a92fac9ac49761d41d 30876 games optional 
xracer_0.96.9.1-12.debian.tar.xz
 dacab673b26ad5820a7457d3d59483bf 10339 games optional 
xracer_0.96.9.1-12_source.buildinfo

-BEGIN PGP SIGNATURE-

iQJHBAEBCgAxFiEEo2h49GQQhoFgDLZIRBc/oT0FiIgFAmYJ0v0THHBhdWxsaXVA
ZGViaWFuLm9yZwAKCRBEFz+hPQWIiPRZD/90Dd1PmQv+j2Rv9bG6qusDWFG0/heZ
LuDmonHlTgevj0l9GmmRF6PqRAmF+3DxvgpubXNCJ9PFzb8rSKGGRbm8NKrqzf0n
NprKztjRF/aVRz8LE4ySkN/2aKEt9hM9aWomDZaZcTMZcINlzwhMOsUlZAyk/oEu
feyZgeboBaOjcJ9oznavCtJfd+YRf3T29IIuZ3HzIAZWLuez6I2SbsAnywfYL2+v
OAElGlb1HyeWgHMVLD0LSUb1iejwqsC634Cuzxq6vkJxlFmW/ssQ6mmWSjpkn7Z3
nxnBS+QSy926VjpJW80ivDKnRNxiz3r0e1GMXHocT9+oSLIrJhMUALS23PLCgyhk
NrdfgJhN0eZLKF9HI2G3PG7hPE3csStlwU4Xmn53VQItLqRZjIifuqUXiNPDEEFc
F7dbLNVhVoPvkXc8xAoXHqGMeH4kKDF2Era/EWyLFQSCibXGnYinvDKVF6EGgHvI
gnxlJxWgCga9T+5QplDmXZUOuQM0u3V/hrtPcNF6vRq3vf4oEz/V7BTOxYu+FFkR
gBtaFiOt+9CZ8Pz/4rMIQmJc9HM3IDfK+Jr4S5TeRrfYScWfc8Io/tMIko7sFTai
mf7baD0u3DrHZbsX0KQowSnl4a2ryvHBFLjMX0i86wESmRLN47PqUhW+W93V+1rW
HcmKOESN6S1P1Q==
=PAUd
-END PGP SIGNATURE-



pgpAGNThE2t71.pgp
Description: PGP signature

Bug#1068154: ITP: poke-elf -- GNU Poke pickle for editing ELF object files

2024-03-31 Thread Sergio Durigan Junior

Package: wnpp
Severity: wishlist
Owner: Sergio Durigan Junior 
X-Debbugs-Cc: debian-devel@lists.debian.org

* Package name: poke-elf
  Version : 1.0
  Upstream Author : Jose E. Marchesi 
* URL : http://www.jemarch.net/poke-elf
* License : GPL-3+ and others
  Programming Lang: C
  Description : GNU Poke pickle for editing ELF object files

 poke-elf is a GNU poke pickle for editing ELF object files,
 executables, shared libraries and core dumps.  It supports many
 architectures and extensions.

-- 
Sergio
GPG key ID: 237A 54B1 0287 28BF 00EF  31F4 D0EB 7628 65FC 5E36
Please send encrypted e-mail if possible
https://sergiodj.net/


signature.asc
Description: PGP signature

Accepted manpages 6.7-1 (source) into unstable

2024-03-31 Thread Debian FTP Masters

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 31 Mar 2024 22:57:48 +0200
Source: manpages
Architecture: source
Version: 6.7-1
Distribution: unstable
Urgency: medium
Maintainer: Dr. Tobias Quathamer 
Changed-By: Marcos Fouces 
Changes:
 manpages (6.7-1) unstable; urgency=medium
 .
   * New upstream version 6.7
   * Remove exceptions in d/rules.
   * Refresh patches.
   * Add workaround for proc_config.gz.5 installation as
 dh_installman believes that is a compressed file.
   * Add to d/move_links_to_correct_package:
 ~ man7/sigevent.7
   * Fix links also in section 7 manpages.
   * Add missing GPL-3 license.
   * Update d/copyright.
   * Remove unused Lintian overrides.
   * Add cpplint,cppcheck and lzip to Build-Depends (needed for tests).
   * Export needed locale in d/rules (LC_ALL=C.UTF-8).
Checksums-Sha1:
 953c122c5598357ac3da51f0cf14e6652ebe5f2a 2098 manpages_6.7-1.dsc
 7c405506310028308a4f5bbd20efbedfb4ad9b05 2196000 manpages_6.7.orig.tar.xz
 db4adec762d9bec60d5661cc69d2e054872c12bd 60068 manpages_6.7-1.debian.tar.xz
 5f9657045d6f3b006e8c729c65e9c1c3f45d2d02 9448 manpages_6.7-1_source.buildinfo
Checksums-Sha256:
 66001f848601e8c1f15511508d52f03a885714782df4613b69295e6368ae00cb 2098 
manpages_6.7-1.dsc
 87cf827ad3e1c126867b737081466cc307f492a6a50b98edb1d39896a4021851 2196000 
manpages_6.7.orig.tar.xz
 5483757f48867d977a120c5179ebe69ebd8b20aff34b22929d0a8456afb66d9e 60068 
manpages_6.7-1.debian.tar.xz
 5a7bb43234d30bdd87438b280d6fd705406e639f146a876ea140f245c9c39a40 9448 
manpages_6.7-1_source.buildinfo
Files:
 2537ff1e92fba96cb9094a2c3838a531 2098 doc standard manpages_6.7-1.dsc
 4fe49b8b8ae981a1180d3164f6235a5d 2196000 doc standard manpages_6.7.orig.tar.xz
 2e13e5870b8fab33132de636a5ed5840 60068 doc standard 
manpages_6.7-1.debian.tar.xz
 ecd4d939b7e3662ab92c2686696321f7 9448 doc standard 
manpages_6.7-1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEfLiv/VYDL+NaNH0uasy9D6O3RHwFAmYJzxUACgkQasy9D6O3
RHzMAw//TQt1O6aMYNDS+qEgVYanoAy8s7qH7dgRr+41LJENAB3XgUJLAS8VmWD2
I6lNzBUDnmd3Ye0X0hRFri1OwlmkZYmd2rZJL4l7NTDadHAK5ZLVjyywVcAkh/c5
+PcTi5Ey64a28bsszduzev/HWmA/4emdL52X2RkZBje3YzA06MC7nCYmfj1qxzXf
MqNNyiFtAT+7zzLf2Zih0+hmJ9GtXGDThxpCnZo39cQhUtVqspMSd3AWmhnZK+5v
VJktLyIafYmfPR5b5fVAbDB5pSN344v7lMIjbBQgusGflzZznPOeZ0KSvb8+wm6/
EQNWC9BfuvV1t1I/3I9wWBzURKHorTrduth1K37JBb9p7KE0L4/qZwpWvhKy15f7
4FeTLDv+lC7zc+vjcoZegjqhtM/Re0jRaKLt8gywZ2kRAuAqRs7NjFuFUeniO8Sy
zoh/MtZoA5UMdqRE8ebpdi4Zt5MpKTBcShDNh7LSIcoAONlr+QrMw0wNJrcI/gt1
qSKYRGVmgUokwAtYpcevInHAX8NTmjGIseBkygXs0wnCc+QkUHDLnO7dwEqN+3d9
sbOdoNRR53mb6p2kXyu0ZXZKJrD7hSwk2U8RjhlFZCVCfb9zCDdcaQ8uaK9uwcuB
iuwK0n+0/zeE45Y3dSK22f4I60L1eoFLK1wiAzN/W46uben4fhc=
=0v5M
-END PGP SIGNATURE-



pgpig9f0ujwci.pgp
Description: PGP signature

Accepted codetools 0.2-20-1 (source) into unstable

2024-03-31 Thread Debian FTP Masters

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sun, 31 Mar 2024 16:10:26 -0500
Source: codetools
Architecture: source
Version: 0.2-20-1
Distribution: unstable
Urgency: medium
Maintainer: Dirk Eddelbuettel 
Changed-By: Dirk Eddelbuettel 
Changes:
 codetools (0.2-20-1) unstable; urgency=medium
 .
   * New upstream release
 .
   * debian/control: Set (Build-)Depends: to current R version
   * debian/control: Switch to virtual debhelper-compat (= 13)
Checksums-Sha1:
 3142bf4cbfc6b62e33eeb8d55827fcb83b17a270 1859 codetools_0.2-20-1.dsc
 a88c1e557d60c048dd42c3f4dca30f5c8d4bfe6f 38683 codetools_0.2-20.orig.tar.gz
 2d220f42fdbe02b38ca109acd063f317cabe8254 2916 codetools_0.2-20-1.debian.tar.xz
 fcede20916ccf6edee598cfafb7eb4390d9e76b8 11229 
codetools_0.2-20-1_amd64.buildinfo
Checksums-Sha256:
 298e275af68522d839af2738a384e20c7d6f094d30483c06ba089025c70dd76e 1859 
codetools_0.2-20-1.dsc
 3be6f375ec178723ddfd559d1e8e85bfeee04a5fbaf9f53f2f844e1669fea863 38683 
codetools_0.2-20.orig.tar.gz
 b244f4268d17492bde7834747e48f92657ad8adc5fc69aa12757d988744a4700 2916 
codetools_0.2-20-1.debian.tar.xz
 a1893d865124ee35a2a819a771be203309520e31fa6ba7e4bbf08437dc2ae12e 11229 
codetools_0.2-20-1_amd64.buildinfo
Files:
 44cf4e5350b650eee88e9141ab359f26 1859 gnu-r optional codetools_0.2-20-1.dsc
 b6d2fb49c00a528b04f574892359aa55 38683 gnu-r optional 
codetools_0.2-20.orig.tar.gz
 f4d896ba08b43175d868c33df0240378 2916 gnu-r optional 
codetools_0.2-20-1.debian.tar.xz
 d2537228f25bca99d64fda4a2158f437 11229 gnu-r optional 
codetools_0.2-20-1_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQIVAwUBZgnRlKFIn+KrmaIaAQiasA//WALqRtf9vR2LmSCgQNPCNdXSVB3Ll97z
o0+SWERZcP6F+HW4Mb31PvqMXC9aglGWpzcaCb11os1DL2Ym4KYW7FVcMZrBwTiV
j8Ukgq0ESDI1hniN1tyKJ470ZsH5OSHPnyWMpRcsYJp2zNp2WqAdsw037Uo9L0nk
U3Io+YlJkoQGqpZ504HOBFn/7iODR2ngswniq7oPpR3V4k9Ipaqlllq2VFuOJhEx
I0OznrpOdzVM0S8Ta4kmpDqFkR6JwK+S+NxUH85Blmzm0GSWnuorIphNa8yBCiMb
ekfnljg00krsVQ0xCNWztnpC4r2BFF2Gwor7grdPQ4oVgBmn4mYZtxVolerMoYrE
2h5iO2hN0tUUQkiCcHDlrTuPwvbv6erLph/f3vEbqKOeEa6JGRWBOXnj+OWJXSsL
28qbBkHEryzkR+h/Ww5QfrgYbIE+rt4FU6qeoW/VRcagHGv4SPQ7RA8NxHDIUY4S
SL1EAw276f1fNCqHFgTu/Ufad1F1y7EVYC6ohEzUU32GTL576aXGDmDHLF8rZdGD
7MqPGXXn88O6W+CBEo/5z3FQ9zFDJkNVXkiySRwSBj3Py3/x2H2+NCQ30ZlvRDV/
KC3DMvOd9hlXs99vLqgBxHm7aMf74J95oAV8XMujRFv07gZikg/I/iYnrLQ4xa8j
cwW6FlZK4oE=
=Zo1y
-END PGP SIGNATURE-



pgpywqgaTKUkU.pgp
Description: PGP signature

Accepted cinnamon 6.0.4-3 (source) into unstable

2024-03-31 Thread Debian FTP Masters

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 31 Mar 2024 20:32:20 +0200
Source: cinnamon
Architecture: source
Version: 6.0.4-3
Distribution: unstable
Urgency: medium
Maintainer: Debian Cinnamon Team 
Changed-By: Fabio Fantoni 
Changes:
 cinnamon (6.0.4-3) unstable; urgency=medium
 .
   * Release to unstable
   * d/control:
 - move cinnamon-l10n from recommends to depends in cinnamon
 - remove hardcoded libcinnamon-desktop4 and libmuffin0 dep in cinnamon
Checksums-Sha1:
 649e3a7d3c3939ff46256a8b1b3631ff7f764018 2843 cinnamon_6.0.4-3.dsc
 daded63804cef863ab575834355ef6b6f84ea0fb 2488199 cinnamon_6.0.4.orig.tar.gz
 31b4660903266d1384c67bd63a5ab0c965181351 100532 cinnamon_6.0.4-3.debian.tar.xz
 d62967cd87f604ce6149c178f938c9ad921adfa2 19753 
cinnamon_6.0.4-3_source.buildinfo
Checksums-Sha256:
 5793b9acbac18dc3532cdd83f07233c661dd08f4a6821efca412a5e19e855837 2843 
cinnamon_6.0.4-3.dsc
 9c2e626e9d7ad45bd3e40786b5a943112e4c7f7bc118ea7bebaf55205e9c0e5e 2488199 
cinnamon_6.0.4.orig.tar.gz
 c471e914b19abb5458a553eaa4913f8990e0d1b9ef0c9e35dfc03fdf77f2e75d 100532 
cinnamon_6.0.4-3.debian.tar.xz
 68bdf42072f919434166b03cd54589c2bdabc20e30f61448601eabd26417cdb5 19753 
cinnamon_6.0.4-3_source.buildinfo
Files:
 d6750bda9a8ddb76a360f7f424b5e728 2843 x11 optional cinnamon_6.0.4-3.dsc
 a3db24a41ce863caadb4aa764fa9fcb1 2488199 x11 optional 
cinnamon_6.0.4.orig.tar.gz
 b4f61fb3b65889ac7326038fbc19dace 100532 x11 optional 
cinnamon_6.0.4-3.debian.tar.xz
 3e534a89cc3cf954e03143e4a92aac5a 19753 x11 optional 
cinnamon_6.0.4-3_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEELEHRfLe4S9D5+1GzaAZorpB/EB0FAmYJrJUACgkQaAZorpB/
EB2jWQ//d5AY7ZEPJFNtLFB9uhCfa4xXjcs8H1zCPDRXS1yx4zJkSEqwd2RiVRLA
/q9zDSgrFpceK/Nv13NsCUdd7qKtKgngj6unKi1OuZC1fxoHU6LqQXyLrUBM6iUV
kttkkGIu5nCNj8Ddes8l8pcyGl2atCSEwMjhaAyXSCXJmlUtPj9o15emB+Wz+Zt+
xcFELF5+p02P7DXV37spg/b1khxawiUSpYMjilx8sqoHGRy2Y3/O3m21/3EIGpBJ
XySQlJJ/Ul1RgLVD+jy0B374F7SdttQiCl5fTEYuqD+hZTHU+D4m+EvP19DdYykI
+9HgmDQWt8pCP2F8o3D488a3Cfk/UknUVf/kD3+iumlSHwGp+sp6V8WE1gjYzgjH
aVRrxoJYZGvi39wDKNuNAudnGsokQA6KHdHD1uaOKBRnU4Xb01avVrG/roPAaTFg
Sxl6wtlnJByvIo+c5a8eNanos2T8RUqpLXxmmzEougOQ3SnkfZRISb3rp0cI+o6P
R+Y6qQYPU8o+3XexocFjyVcZcsip+7/MlxgYXrO7wSxlMdcu989Gvl8xrEIK3nIM
Qp85yDeWAfWG+JLnaUJmI96UQ9+RlIYtU6q8hh1qSg1HRS7dOn6kIHqOh6x95gjy
GFJaBuCIFVSAFvKSEW2NW6WmoCN6a8lgaX6hhrH/QME382T0r+E=
=HBch
-END PGP SIGNATURE-



pgpuTwHc4VEci.pgp
Description: PGP signature

Accepted apticron 1.2.9 (source) into unstable

2024-03-31 Thread Debian FTP Masters

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 31 Mar 2024 16:33:29 -0400
Source: apticron
Architecture: source
Version: 1.2.9
Distribution: unstable
Urgency: medium
Maintainer: Tiago Bortoletto Vaz 
Changed-By: Tiago Bortoletto Vaz 
Closes: 1057910
Changes:
 apticron (1.2.9) unstable; urgency=medium
 .
   * Use systemd.pc to place systemd system units (thanks to Chris
 Hofstaedtler). Closes: #1057910
Checksums-Sha1:
 aabc53ec0041ecef9b66917fee6ca38f56019b61 1646 apticron_1.2.9.dsc
 e681ffad6b9c6a88a83cd232dc52eff1c6f913bd 20776 apticron_1.2.9.tar.xz
 e7bb29b66679a1a353923b80bd54f8492b9a68fa 6729 apticron_1.2.9_amd64.buildinfo
Checksums-Sha256:
 14aff683a99267f430d5a7bb2274a964264556976c17ae1266c89e118d96c92f 1646 
apticron_1.2.9.dsc
 bccc3f24e491dc3ec35933a67fa235aae7825bf939a4dfa9833957373c82167c 20776 
apticron_1.2.9.tar.xz
 1782c4432b8beb008bc6604115e89201b4eab39a37e1cc52dd0fdf2b5632dd56 6729 
apticron_1.2.9_amd64.buildinfo
Files:
 9b7f8ba03a69f0d4d69bb2dcc0886050 1646 admin optional apticron_1.2.9.dsc
 0ab409536bf55f56aaed89fe1118ba16 20776 admin optional apticron_1.2.9.tar.xz
 d98bb7dea5005c1331d82eb6b8a32069 6729 admin optional 
apticron_1.2.9_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQJFBAEBCgAvFiEEOAYLMZqeqHbTW+jfgVxjVIQAXyEFAmYJzdMRHHRpYWdvQGRl
Ymlhbi5vcmcACgkQgVxjVIQAXyEJVA//XNaXKpmLqNLLdcrYArmZ0nTczJAP7f+8
Ur5f8OgKe1HZ5xRSDx21EnuOD3zQKFwEvSC88QLu3xZi3O6D5+J815jTmmT7K1Cg
X4NQaLSYv13t+Bckj4yvVq3YUgW5siy/VhorkK8warVRxhLRBkb37iuqT7DPDlsq
w3ppGI+v2b8AFygSI91XHSADNDVk99u1T2SSU+v7qcGfKprrBJA5IFll1Tlx5MfL
YwI1IEKRxRzx2Bn5ThTVKEHCUdfvVIPJvplxnj5kQE1Wrhl9AXo7OUciVPME5XSi
dWf+Cp3lcVjLhWnZ9ge7DFU28Q+a2yDy2R5bJRyv5HfbavYEjrVTReupvLdAqRxQ
bY3lOABxcHEyeudNFilXwufkLG3qdWV9q6TTN2miLnBvhUX5rGfl7ierJLyorhN0
s7Fq+caGP4I5OudzVDT9v0HE5nBU5WY/AbhtyQTV6JIbPWebnVUdYbQUU+ep8+Jo
sj0G7HFi6pal0stwjNUcHBnpcJXxf8CqpCGgQLgc8AmhJN0EYJsxk2aJOOkFVwxM
JHOr+8Pl/gg2kcCTjj6WpBnQM8EjCYrkN3dD6xX+9FscR5D+TyR27pJq2fU69g2Z
hYAV4Zb9E4o6Wz1KMjPhsZsztcj81Kdr2Ax0ODJ4Y2c9Af14LbSPykhOy2aFseHn
hI01xW+qufc=
=16yY
-END PGP SIGNATURE-



pgpWe_bcQ7QLQ.pgp
Description: PGP signature

Accepted xsystem35 1.7.3-pre5-11 (source) into unstable

2024-03-31 Thread Debian FTP Masters

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Mon, 01 Apr 2024 03:59:19 +0800
Source: xsystem35
Architecture: source
Version: 1.7.3-pre5-11
Distribution: unstable
Urgency: low
Maintainer: Ying-Chun Liu (PaulLiu) 
Changed-By: Ying-Chun Liu (PaulLiu) 
Closes: 1066527
Changes:
 xsystem35 (1.7.3-pre5-11) unstable; urgency=low
 .
   * Fix FTBFS by -Werror=implicit-function-declaration (Closes: #1066527)
 - Add debian/patches/05_fix_ftbfs_implicit-function-declaration.patch
   * debian/control: pkg-config -> pkgconf
Checksums-Sha1:
 750ab7eb86abaa767d7f70c19428f2e250104217 1964 xsystem35_1.7.3-pre5-11.dsc
 8b9a1562fb314833d4dd4f01e508d8b33c92f2c8 14288 
xsystem35_1.7.3-pre5-11.debian.tar.xz
 415fad12d642248f348c5573c105766f66a3120e 13798 
xsystem35_1.7.3-pre5-11_source.buildinfo
Checksums-Sha256:
 64625da7eaf421e035ed1b27eea84b60d7c1a5ece50850b0841aa28585d9571d 1964 
xsystem35_1.7.3-pre5-11.dsc
 a5e2059653bd1a5ce2a96d46e09e2552929d330283b4e8ebdab581983319ab05 14288 
xsystem35_1.7.3-pre5-11.debian.tar.xz
 520a6578df156b611495d347b69c916cd95b579ad8b1cb2951e24b75c622caa7 13798 
xsystem35_1.7.3-pre5-11_source.buildinfo
Files:
 96afbdc188f1c7c3cc3a53cb7f6a55a3 1964 games optional 
xsystem35_1.7.3-pre5-11.dsc
 4d6dbb5b1bba8e03202fcd149568c2c6 14288 games optional 
xsystem35_1.7.3-pre5-11.debian.tar.xz
 e420ff95d235738796c154255ac69526 13798 games optional 
xsystem35_1.7.3-pre5-11_source.buildinfo

-BEGIN PGP SIGNATURE-

iQJHBAEBCgAxFiEEo2h49GQQhoFgDLZIRBc/oT0FiIgFAmYJwLETHHBhdWxsaXVA
ZGViaWFuLm9yZwAKCRBEFz+hPQWIiDlQEACOMaPh44AKDzejpOX1WDgeD50L0U87
UaN81ZeLK2KOQkhX5N2JyGB6ybmiF92uRgkUNgWVpnhPPIueI7t8Jl6BZut6wurz
poHomlTo6CBLbvkAKDXyCm2YiWvcB3JKY1zSKS42POIlKpkM3V+WihIjVpFFEK5r
X01eSpwgf1jMiGSWBDPd+8/7UklNVGR7G4cPVrEiwd2yIar2aTbJaZQ+AMIKo9mp
nugU66eYU0KHoUGolyJjMi1S/cwiEcxp6XzzSMn9FHqjDAnsPUY4ICL2r90afulB
s2DOR6TFqe1LpzAsDUrK1cBnL8DidxzBymezLJU8Rih8x8xOWlL8VwuVOyVdpGa/
yZH617HVOaCqa0usuP9qiCMx9SGfXAJlYpQ6A2LOfn2Fl/rO+279InegY5b+ZY0I
I8lzTj3XiVyLto9azCPTN3mlt0UrtlIKG/wSWhcJ6g4XgiTLv72F65qa7lB3UA2c
eZSq1YDHhRX5cWphtwIH/8x5JRHj+PcHB5mHyvWC7XqND3w1CKu1u+2PkCB+DWHd
k4AXuAsh9QXiyyHBbT3eiSlUXs6aV2GBXLXqUaFLBo82XiSLxxwGQD7kHIH8LlEM
IQ6pN+sVrwAtht8NEkPBVlfSCvv32HLTSWSD+dWkl9ZWBLjrbdTAOi1vSffNXZU0
8fJZz8Dky55maw==
=Ixab
-END PGP SIGNATURE-



pgpDo8oNa84cB.pgp
Description: PGP signature

Accepted qpdfview 0.5.0+ds-5 (source) into unstable

2024-03-31 Thread Debian FTP Masters

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 31 Mar 2024 16:10:56 -0400
Source: qpdfview
Architecture: source
Version: 0.5.0+ds-5
Distribution: unstable
Urgency: medium
Maintainer: Louis-Philippe Véronneau 
Changed-By: Louis-Philippe Véronneau 
Closes: 1065514
Changes:
 qpdfview (0.5.0+ds-5) unstable; urgency=medium
 .
   [ Helmut Grohne ]
   * Improve cross building: Depend on qmake6:native and use qmake6
 buildsystem. (Closes: #1065514)
 .
   [ Louis-Philippe Véronneau ]
   * d/control: replace obsolete pkg-config package by new pkgconf.
Checksums-Sha1:
 d5f2d2b23403f9bee53725101457456edfd40671 1802 qpdfview_0.5.0+ds-5.dsc
 6d99413219275a23daa1a5d0247bc099f929b7ac 9268 qpdfview_0.5.0+ds-5.debian.tar.xz
 353494f1214711c10e84761bd1e34ddc0a097e45 15385 
qpdfview_0.5.0+ds-5_amd64.buildinfo
Checksums-Sha256:
 2e11f4bdc05d2c63f9dca5c04c1bffaeb5d58b51bb110c99fb5d6d541fa5b2d4 1802 
qpdfview_0.5.0+ds-5.dsc
 f0c5a35510853bcd71e41913a1e89a92260bc9c8aba56872d31ed2ff49d80cf1 9268 
qpdfview_0.5.0+ds-5.debian.tar.xz
 13ba1a6e93eafd5484ade14d56e2dda23173a5c1343e24abf6c17b6c4064573b 15385 
qpdfview_0.5.0+ds-5_amd64.buildinfo
Files:
 359d4c97d7b24b6d860b02b16eebc128 1802 graphics optional qpdfview_0.5.0+ds-5.dsc
 248c8571e1821f2a2f947659f85e7ed5 9268 graphics optional 
qpdfview_0.5.0+ds-5.debian.tar.xz
 cbe5765526593e8412f5feda5fb76bf8 15385 graphics optional 
qpdfview_0.5.0+ds-5_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iHUEARYKAB0WIQTKp0AHB6gWsCAvw830JXpQshz6hQUCZgnHZwAKCRD0JXpQshz6
hWuuAP9GzvghRIYZYOhbAbXcls81+jMFnsx6m4Xjv5B8NGM/2gEAnAr2rlxxiuu9
jE9p/FZIVTBXc4D1Wnz4iZoqC/4oEwA=
=4GLQ
-END PGP SIGNATURE-



pgpGBatgUdY1v.pgp
Description: PGP signature

Accepted puppetdb 8.4.1-1 (source) into unstable

2024-03-31 Thread Debian FTP Masters

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sun, 31 Mar 2024 15:00:20 -0400
Source: puppetdb
Architecture: source
Version: 8.4.1-1
Distribution: unstable
Urgency: medium
Maintainer: Puppet Package Maintainers 

Changed-By: Jérôme Charaoui 
Closes: 1057678 1062330 1064677
Changes:
 puppetdb (8.4.1-1) unstable; urgency=medium
 .
   * New upstream version 8.4.1 (Closes: #1062330, #1064677)
   * d/control:
 + add lower/upper bounds to puppet dependency
 + update build dependencies
 + add new test dependencies
 + mark test.chuck build-dep as test-only
 + terminus add-on Enhances: puppetserver
   * d/patches:
 + refresh patches for new upstream version
 + add patch to downgrade to jetty9
 + skip new failing testcase
 + add patch to resolve ftbfs with java 21 (Closes: #1057678)
 + mark nrepl removal as not-needed upstream
   * d/tests:
 + adjust dependencies
 + switch to structured facts
 - drop host-core module from autopkgtest deps
Checksums-Sha1:
 237af9f44f76c94684eb440b78dfc1233045e8cf 3564 puppetdb_8.4.1-1.dsc
 08d2948af114047c9f59b4aff0dedeb06603044d 4058520 puppetdb_8.4.1.orig.tar.xz
 facd91215cfcf0e69f20939e9db9b5a4c744bace 23764 puppetdb_8.4.1-1.debian.tar.xz
 a877644dfba9a05d6468720d3179e4b71da5ead5 15862 puppetdb_8.4.1-1_amd64.buildinfo
Checksums-Sha256:
 fbd16a56369901514e1bfcefc73d6e605db9b8b3557cfb0ee70a3d1d45514de6 3564 
puppetdb_8.4.1-1.dsc
 49e01b7062f20689c1d98efdaf1aa0cf78508bc17e932126f2b2b3d3426fc572 4058520 
puppetdb_8.4.1.orig.tar.xz
 82c78061d0adba7cbfe1de0bc3b13242c99d5dd78f2ae5b62d3fd47b8ff0bca7 23764 
puppetdb_8.4.1-1.debian.tar.xz
 4a35f921501b2f7b5704b8ee5da3ba94cf21930437ff9020efdf08a95643400f 15862 
puppetdb_8.4.1-1_amd64.buildinfo
Files:
 ece28b7722fbfc289b6c60234c567b8c 3564 admin optional puppetdb_8.4.1-1.dsc
 06fffa742f21eb5573fd0f14fff2d47f 4058520 admin optional 
puppetdb_8.4.1.orig.tar.xz
 a5b426b6d8be7253ac34405267491b24 23764 admin optional 
puppetdb_8.4.1-1.debian.tar.xz
 4615c14432854487ff6ea552297176df 15862 admin optional 
puppetdb_8.4.1-1_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iHUEARYIAB0WIQTAq04Rv2xblqv/eu5pxS9ljpiFQgUCZgm9iQAKCRBpxS9ljpiF
Qh18AQD6c7VO5gddqvRzaiCFhHpuH5kfB7S5ifi1V7gtSwn+VwD+JpO86K2FjI+o
Hd0/AwthjhqLTZsv9WCjszwRqcesFw8=
=LQDx
-END PGP SIGNATURE-



pgpddJWxGXxbg.pgp
Description: PGP signature

Accepted muffin 6.0.1-3 (source) into unstable

2024-03-31 Thread Debian FTP Masters

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 31 Mar 2024 19:13:16 +0200
Source: muffin
Architecture: source
Version: 6.0.1-3
Distribution: unstable
Urgency: medium
Maintainer: Debian Cinnamon Team 
Changed-By: Fabio Fantoni 
Changes:
 muffin (6.0.1-3) unstable; urgency=medium
 .
   * Release to unstable
Checksums-Sha1:
 1b9f37b28cac8603407a39df932e24cd4d9f0842 3857 muffin_6.0.1-3.dsc
 6694a95c8f46c15f60a229c7382c4dc900f0e9d7 4571013 muffin_6.0.1.orig.tar.gz
 2cabbc5273ad5d3064e28450955328390d0884d6 25736 muffin_6.0.1-3.debian.tar.xz
 933d3c61dfc36f4cb0a7f1bb46ef4b94afec3477 21428 muffin_6.0.1-3_source.buildinfo
Checksums-Sha256:
 fe1bd0adfa4ad973dedd9017ee4c5dd3ce5b1d1b29b33fec353f2c520eefba4e 3857 
muffin_6.0.1-3.dsc
 870b1ecf68ea91942efb631b2507b918c50df8da1691e1e69cba49ff3861 4571013 
muffin_6.0.1.orig.tar.gz
 e5c833f247a00ad4271ef1282c3fa608b32692eebbb9f2f9e525ff8b98d43999 25736 
muffin_6.0.1-3.debian.tar.xz
 170e3e29bae1836d64ed0fc8188722bda338a570b8ee90e045168d1e0fd1aaf8 21428 
muffin_6.0.1-3_source.buildinfo
Files:
 3672b58f8505711d00811b7f708c92b7 3857 x11 optional muffin_6.0.1-3.dsc
 ae934136502b25fb1c44e3d25a11d449 4571013 x11 optional muffin_6.0.1.orig.tar.gz
 dcd143b44e33456556aa62be272432c5 25736 x11 optional 
muffin_6.0.1-3.debian.tar.xz
 fa471fa2eb6af8aa10cc0e804d657e62 21428 x11 optional 
muffin_6.0.1-3_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEELEHRfLe4S9D5+1GzaAZorpB/EB0FAmYJvr8ACgkQaAZorpB/
EB1wfA/7BBVMisv0GAuyX1q7l4Xham9CFMGKrLIkcLOrY2RYx5H+NjnsNtrWz/4u
raxKqjt80swZzOkEkRrmC9V9DA45Ww3Za6qtDG8SFnNajeKsNuqShmwQfQewPmdF
nsHPLecSk4ZUgYX3tSQMQ4JwgHpcqe20/Oj8PthwvLP5Yix6OyJ2LVpP6o8uBIT2
orBAH7Kaysu101MPGUb7PBXB5byXuX6uujzPHqOnCMkqHF/oIhbXBPUbH2Mc8Ys8
fA1/o867LJI+SwNSCje9L5FY1RNijJmkNH8z4lmINrKA6+s++MCWMWsG9z4b+HB7
L3uZU1uK5nl0+ayGGyg6uetB4AVhai0TII2i6ZmoUIl+nMaRrosTy1GhjRQCRAtR
9dnvHAu5LlYV6sWZ2Q1Ef1DOfy+WOyiUfk5ys2JhzytxEbDmeCQHrTjYCHtDgQAz
GE+wSyx2PYzuX8vj+VsMUMsEc4WvRPyRJKmFUWHVJeecrmO+8AEBURLwpq1K2glR
x8FAayRWmWvaIpSMP/t6AbTJrr/lyHU6svHOPEH+fzlBiaBf4LhznKACkzWcNQFo
Z9/qXIlynMrfnwGVm2Op/kFjjfB6hFpfY9WPUkNNBbAb9v4FywfRJ5qEMZnxgCgV
8OTljzyJHrqxyJm3bOyTtTJtt85RGS0ogljN9EmWEMcmmsVZbIo=
=jo65
-END PGP SIGNATURE-



pgpSWU1xm0eul.pgp
Description: PGP signature

Re: Archive back on

2024-03-31 Thread Andrew M.A. Cater

On Sun, Mar 31, 2024 at 02:45:29PM -0300, Maycon Antônio wrote:
> PLEASE unscrisbe from this list
> 

Antonio,

You need to send a mail to 

debian-devel-request

with the subject of 

unsubscribe

The robot should send back a confirmation request that you can 
accept to confirm that you want to be unsubscribed.

Hope this helps,

Andy


> On Sun, Mar 31, 2024, 7:30 AM Joerg Jaspert  wrote:
> 
> > Hi
> >
> > > currently the archive processing is turned OFF.
> >
> > > It will be turned back on - when we figured out, how to best go about
> > > dealing with the XZ compromise, and what it will all mean for the
> > > archive and processes.
> >
> > Based on updated knowledge we decided to turn archive processing
> > back on.
> >
> > There are still enough things to deal with (buildds, decision on how
> > exactly to go with the downgrade of xz and stuff), and the involved
> > teams will inform on their own on what/how it goes on. But none of it
> > needs the archive on hold.
> >
> > Thanks to everyone involved dealing with this issue.
> >
> > --
> > bye, Joerg
> >

Accepted cpuid 20240330-1 (source) into unstable

2024-03-31 Thread Debian FTP Masters

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Mon, 01 Apr 2024 00:49:00 +0500
Source: cpuid
Architecture: source
Version: 20240330-1
Distribution: unstable
Urgency: medium
Maintainer: Andrey Rakhmatullin 
Changed-By: Andrey Rakhmatullin 
Changes:
 cpuid (20240330-1) unstable; urgency=medium
 .
   * New upstream version.
Checksums-Sha1:
 ed8f841d9d358e0cf157dee2eb6444367729a7a4 1871 cpuid_20240330-1.dsc
 7e16b8516bf5c3191c6ec946dea9b56dd37c6700 154968 cpuid_20240330.orig.tar.gz
 df46e8dd627b935c9f1c2072f2b2bd5bf01efd98 3924 cpuid_20240330-1.debian.tar.xz
 3c7eeaa536812edb3e5e0a137b36205d5911fd87 6326 cpuid_20240330-1_amd64.buildinfo
Checksums-Sha256:
 f70c51fcf3b425db938f382ee76bcc088c012ff2c7591510a3dea87653dfa6f8 1871 
cpuid_20240330-1.dsc
 1bb1d580982fe6d35bcbc1f374d5d8b90b29fa285863bd8786efd6a3d9262a00 154968 
cpuid_20240330.orig.tar.gz
 5b71a45bfb1478936becdada66158d5fb24247f2e16b9ea22f1944193270e58d 3924 
cpuid_20240330-1.debian.tar.xz
 553fbc97148b7ef47a80d1b081b08aa1f09f97f21789eeaeacfb81804e48a5cd 6326 
cpuid_20240330-1_amd64.buildinfo
Files:
 a5a3357f9b161ba2cda6abd01bc03888 1871 admin optional cpuid_20240330-1.dsc
 2e6f71abc847aee6ddd6a593756b1385 154968 admin optional 
cpuid_20240330.orig.tar.gz
 ee61c2b3405246d4ad55413a456cec49 3924 admin optional 
cpuid_20240330-1.debian.tar.xz
 8313188360798f7a97e1447439e11692 6326 admin optional 
cpuid_20240330-1_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEolIP6gqGcKZh3YxVM2L3AxpJkuEFAmYJvoYACgkQM2L3AxpJ
kuFiDw//fs5H5QGHBKBX2bd3ECAtHm1ZVsqqZ3oLHRekkIW1/xVODaRodH2weBZh
+3kYhms4pUfGT4fEf846fhYBN1Qf6/q+oEjac3HpdPoHloGK0Ab0U2wmmq6iYkp2
pgMxzfMlCKdPOhyd+wKXtmObBtFCHXMSTfWQkxF7gmxr/NzIymN/aJn41Gpih9Mc
pvhs/9bv5wEHCdt5phke7VCIqyERcyE73bPJoqKCuKGyGXQ5Pthz+zUfvzE0YHlZ
IGmL/Or6XM5Ic1sk+9KI1aIgW8Gyvg/lFRtkS9xgZWg9CXunN4pg1v0xy0SNwQy3
zdKY3EnfvZJ4OMfb+v4xWAedMtTs0SIXXGbCYzUsJglQlAU9fQvthIEMpYtmwXY4
CsBowC5hN1TJEeVBLPxFG5DKbiic3a/+5JnE44/5qbTHHHIZFsTt3wN9z4TDxNjs
pWJXYx3Y3V51sy6Tztl8WizEm/vHp6hmLKWiKgM+/kPcTN1cdpOmwDSe7ZVnOp4v
B9UH78TzRnfq3+XoCvpRknpXzJlGyUfN4Qr83poOF6gq3ZcTrSDj1QJG0gXHiawP
ZQSUDZ1a6AZvYtdOHt6nC+32PAajnLcXCbyuBM9vjCIfn/hbal6qb1jS5VAebCxk
bt94XALvOF4IAFQoK5rQLjLseb3zbEtJtq6uWM659ldKk8+DKDk=
=cW+N
-END PGP SIGNATURE-



pgpQV8pkZSvrX.pgp
Description: PGP signature

Accepted cinnamon-screensaver 6.0.3-2 (source) into unstable

2024-03-31 Thread Debian FTP Masters

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 31 Mar 2024 19:03:14 +0200
Source: cinnamon-screensaver
Architecture: source
Version: 6.0.3-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Cinnamon Team 
Changed-By: Fabio Fantoni 
Changes:
 cinnamon-screensaver (6.0.3-2) unstable; urgency=medium
 .
   * Release to unstable
Checksums-Sha1:
 5614878c1453a086d4f95113ef94134a87c6de2f 2601 cinnamon-screensaver_6.0.3-2.dsc
 9ec6e49a9560e6894bf17e0bf4220b90ac3153d6 152384 
cinnamon-screensaver_6.0.3.orig.tar.gz
 09bd69517a9be202ac7cc7000b2ff3a03b0324e2 9180 
cinnamon-screensaver_6.0.3-2.debian.tar.xz
 87ec550cd40b79104f86f47aaa7500f9de0dfe99 17983 
cinnamon-screensaver_6.0.3-2_source.buildinfo
Checksums-Sha256:
 0eb952f19db7d99711a9e9a286e2d34eefcae4fcfea9ff5ece0df16e70785258 2601 
cinnamon-screensaver_6.0.3-2.dsc
 7945aa3858b9c8d8e3455b616bd7ce4b786b775fa1bc9ec706dcb8d65581f291 152384 
cinnamon-screensaver_6.0.3.orig.tar.gz
 3ad040708745688d3ffed72e8dd9e30cbe85b0e0c48f96098b06f42cea544018 9180 
cinnamon-screensaver_6.0.3-2.debian.tar.xz
 f1e32e0fee086d4ee1c168f6f0f4899a4292d8a055481ab44d2dbd03a41c6977 17983 
cinnamon-screensaver_6.0.3-2_source.buildinfo
Files:
 43558049168d289c6a1e6bc2f1be584d 2601 x11 optional 
cinnamon-screensaver_6.0.3-2.dsc
 6f1eb19a8b0e20701336e761e49bc938 152384 x11 optional 
cinnamon-screensaver_6.0.3.orig.tar.gz
 76f75b223873c910a35c6f50e8a86d3c 9180 x11 optional 
cinnamon-screensaver_6.0.3-2.debian.tar.xz
 87b65ad7b4111ac8c21b2124de04e34b 17983 x11 optional 
cinnamon-screensaver_6.0.3-2_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEELEHRfLe4S9D5+1GzaAZorpB/EB0FAmYJl5QACgkQaAZorpB/
EB160xAAoOSe5LnYdn+lruR356f8Z652fm8C24S5p9HeFdCldsYsBDojL74qGxsD
OSjjrRP60ZxIzhSSnOKI1+K1qX1aBgdIlrpAes9I1Q93wxWCDwGUNGWumkVc9Bzr
bB1c6OGkGtTjPXPF1lkJxrZWJoBy0XickKlotMzuj1vDkf6B/IaaMNP2XkGNPjE7
JvddBRMKyHWG2i9Zyt+bDFoqB2vjFyu/3pAMNL1JyQ1sNOKE99v11qrASeVfWzWd
gkt9V1s/gMzPbfTC6dFLGWAp0NjMq84vyJoAN9pW/54CrgD6X9+Q56pjoAsOEDdg
jbxPFofrssjhQyohu5yFGvs4d8NyheUZ+QzWQK7mlD9F9l/6fQiFe3aCokn/HzY/
rNJf7YZ2mbxa5TPKR43Prq0r5CAv6f9pEvbFJq6XqtfFmztIa9bGe6UPkhMB0v/m
vAaUzHQ6sRmG0t5X4QAxszg1vNFbiTEK6g1ktKIZkWnoWv+QBSXEZVlBvN3kjZAE
3kEk4YRvSRMGdEThnwvwvS2Lvdk1BUNiX62UbXtQ3oQj6LnzOcl8N+zTe0Z8KMxQ
A27JyJ5XnDbxu9Uvv1JqH1Z7rS9rMHfqlH6ly/i/J+0Am18Mt+XImwNb6QkDyS+v
FzFc8UsLgBpeSlay2qY7HCSLHcrhKVgVGTJOMso9/uMInYLNs98=
=dq8x
-END PGP SIGNATURE-



pgpsmvLCpZAJx.pgp
Description: PGP signature

Accepted cinnamon-control-center 6.0.1-3 (source) into unstable

2024-03-31 Thread Debian FTP Masters

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 31 Mar 2024 15:02:02 +0200
Source: cinnamon-control-center
Architecture: source
Version: 6.0.1-3
Distribution: unstable
Urgency: medium
Maintainer: Debian Cinnamon Team 
Changed-By: Fabio Fantoni 
Changes:
 cinnamon-control-center (6.0.1-3) unstable; urgency=medium
 .
   * Release to unstable
Checksums-Sha1:
 20277e6a7afde642eed3dddf5c453891aedd77e7 3099 
cinnamon-control-center_6.0.1-3.dsc
 9b0e3a31443afb3b2480932d345f179f5c33c15a 3836954 
cinnamon-control-center_6.0.1.orig.tar.gz
 b6c223824d0344742af3bf859a1d1cad44e0a302 8964 
cinnamon-control-center_6.0.1-3.debian.tar.xz
 542a3fa0d37933ac2b8d502708306ef20e9bd64e 18590 
cinnamon-control-center_6.0.1-3_source.buildinfo
Checksums-Sha256:
 35c5c89d5e96c669ad662c0125f7258a990cae1b2a24ddbb4a6b8b48eb0d878f 3099 
cinnamon-control-center_6.0.1-3.dsc
 0ff9456b1e171d18a335c043f5ebe312f779a19839cb246397ed40852c26c018 3836954 
cinnamon-control-center_6.0.1.orig.tar.gz
 cd76c9a884e838ee27c2bfc9c1661f377414cda770be410b0c7e7b67bf64f39d 8964 
cinnamon-control-center_6.0.1-3.debian.tar.xz
 e56098e4c38d143d25d093a40c211d4b989283b79a3fe4af5cfb68438b732dc3 18590 
cinnamon-control-center_6.0.1-3_source.buildinfo
Files:
 3edf88e2b24bd2f440fea009eb51a54c 3099 x11 optional 
cinnamon-control-center_6.0.1-3.dsc
 0822dbfb498c496d3cb6972daf308cb9 3836954 x11 optional 
cinnamon-control-center_6.0.1.orig.tar.gz
 1b0d13781050e62345c0decbfc2cc863 8964 x11 optional 
cinnamon-control-center_6.0.1-3.debian.tar.xz
 95800cc9b7f502f9f1408fe100fbeb15 18590 x11 optional 
cinnamon-control-center_6.0.1-3_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEELEHRfLe4S9D5+1GzaAZorpB/EB0FAmYJXygACgkQaAZorpB/
EB0JTRAAjtvOx3J/1+fEjI3t5hyEGfEipcjcAxysrlKSwL8bDUpRCPkxG687cScM
ZYZ7AhzUTYJg7W7FCFyfgR5nvTqQRLt7QyvU+S5Mws/I/U2u3rCAYegTO/ZV+hg8
lKM1oKEThNm7VURt8ETiNZkApWE9JuX0KEsTGFLCY5H6SYfo4opEL9iZbqnTiaDZ
Y5b9C2Rhs/CtkySOm4NNy1XBDIWlS2L2z6mQYFUO1RM0NRH9bjL7ayK86VKFiC9t
VhM5IzPQH92LjFI4jDlw3PM7XaampdF8146CAEwmWM43eUjD21qe7pBynXMUiD6x
OtKFmeaP/41+I0egkCzUsjOcd1inkquRme3WdTLgyJ3nexZPNQUTUkE/PbGvjikp
FWCGhSRVo6MWri64H7lv4t11sUmFOYrdOX4dIWs7D0p+idGNgdfTJ0zwZgi7U7H2
TzDEKKqmw4qnjdJ+GuziOd/9oOxONcsNjPlHsqUimvL87F29qRR3RWO6caJjTnJK
nX9eq/kIppPTOhllJpcTJ6lwnlEiHIaRFGO4AKJ0F9xmEtenYgSWgUOjgNAIiEta
k74h33kwPdq5w3Ls8eX//bWI1F+gEErpLjs+IPJT83m9yEEQLidA9A/4rdLwTWyH
KKegVBDoJtOCCe4NHp8exqIaYMEGswq1Rp4nHATLDPVAx+bX0/o=
=xD7B
-END PGP SIGNATURE-



pgp10N6WF4faY.pgp
Description: PGP signature

Re: xz backdoor

2024-03-31 Thread Joerg Jaspert


On 17185 March 1977, Andrey Rakhmatullin wrote:

Didn't DKG start something like this some time ago? Or am I
mis-remembering?
I also thought I remember some Debian-specific PGP-related document 
but I

couldn't find it.


You may remember https://keyring.debian.org/ which has a bunch of links 
to other places too, and from there maybe 
https://keyring.debian.org/creating-key.html - but its all not exactly 
what people ask for. Its more a "go this way and get those results", 
which is fine, but different thing.


--
bye, Joerg

Accepted supysonic 0.7.6+ds-4 (source) into unstable

2024-03-31 Thread Debian FTP Masters

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 31 Mar 2024 15:30:11 -0400
Source: supysonic
Architecture: source
Version: 0.7.6+ds-4
Distribution: unstable
Urgency: medium
Maintainer: Debian Python Team 
Changed-By: Louis-Philippe Véronneau 
Closes: 1067121
Changes:
 supysonic (0.7.6+ds-4) unstable; urgency=medium
 .
   * d/patches: rename 0004_-test_user to 0010 to fix 'number' collision with
 the other 0004 patch.
   * d/patches: add 0011 to skip test_move_out, as it's flaky. (Closes:
 #1067121)
Checksums-Sha1:
 dd40d7c52198d458c77209e35c1d5011ca047d18 1826 supysonic_0.7.6+ds-4.dsc
 b8cd525a00b5ec1c6ea58a48225e4e47f1eeded7 19888 
supysonic_0.7.6+ds-4.debian.tar.xz
 76b581a45ed8d67145835ea0fa42aec1a93bf653 8617 
supysonic_0.7.6+ds-4_amd64.buildinfo
Checksums-Sha256:
 9500e1354f80993df8754dc329400d44d50b7d79e6b237be4a2d12c3831fe6ea 1826 
supysonic_0.7.6+ds-4.dsc
 32f8fab3dc982ee4683b6c9e32deb07d6de924114a5a29ab2a2204b0f6185b33 19888 
supysonic_0.7.6+ds-4.debian.tar.xz
 19ba963f2c11dcfe429de2b2b76b7fc6df61b70e3079438642af7045bc6e03f2 8617 
supysonic_0.7.6+ds-4_amd64.buildinfo
Files:
 bef865a69b25e0d23cf80d6a7b8f0799 1826 sound optional supysonic_0.7.6+ds-4.dsc
 761fbdb3d62cba3e5043fff4f58b1c4b 19888 sound optional 
supysonic_0.7.6+ds-4.debian.tar.xz
 db96503e705634afb619daffe41cc571 8617 sound optional 
supysonic_0.7.6+ds-4_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iHUEARYKAB0WIQTKp0AHB6gWsCAvw830JXpQshz6hQUCZgm7wAAKCRD0JXpQshz6
hYQPAPsEd4HE7rP766mb7IrL2ZasiKnJz+ZCenIMflU2VL3hlAD/R3eceMTUhn8w
IuAk7lY+O1aH287qhDkEyUWNNoP06gY=
=MAhV
-END PGP SIGNATURE-



pgprrH_4mWn3r.pgp
Description: PGP signature

Accepted pypng 0.20231004.0-3 (source) into unstable

2024-03-31 Thread Debian FTP Masters

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sun, 31 Mar 2024 21:29:52 +0200
Source: pypng
Architecture: source
Version: 0.20231004.0-3
Distribution: unstable
Urgency: medium
Maintainer: Sascha Steinbiss 
Changed-By: Sascha Steinbiss 
Changes:
 pypng (0.20231004.0-3) unstable; urgency=medium
 .
   * Update watchfile.
   * Bump copyright date for debian/ directory.
   * Bump Standards-Version.
   * Add missing short license names in d/copyright.
Checksums-Sha1:
 73ae05b3992179e52bd6df157242418bc71f3a38 1942 pypng_0.20231004.0-3.dsc
 fcc7123d37781914e8c690819a041a73c32ecc29 3756 
pypng_0.20231004.0-3.debian.tar.xz
 b6b64195bb3908f939d2e479d92e6d5a26ef0cca 6937 
pypng_0.20231004.0-3_amd64.buildinfo
Checksums-Sha256:
 92ed9b6f689ea352b627c6a8e0e3ed6d0ee124cdd87a86167b187342c4465b76 1942 
pypng_0.20231004.0-3.dsc
 7ccf127e7900bf7dd06240cffdd3d6ddfcf275a691d0624d3f3bbd3bbb0dcecc 3756 
pypng_0.20231004.0-3.debian.tar.xz
 57318313234153f6df27b88fb2cd10cce79352940cb7f38bf102d5f6a0d1175f 6937 
pypng_0.20231004.0-3_amd64.buildinfo
Files:
 8bccb67730bd42af3385957cd0200942 1942 python optional pypng_0.20231004.0-3.dsc
 4aed8d8fa3d37a680ef4ff4c7fb099f8 3756 python optional 
pypng_0.20231004.0-3.debian.tar.xz
 8bc5594727f52e11ce81c4d07ed751aa 6937 python optional 
pypng_0.20231004.0-3_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEEWzS6WqtVB+kDQm6F6NN64vCfSHIFAmYJvIcACgkQ6NN64vCf
SHI5PxAAk1CmTFAsmREO+xR/htMHBA51ij1E5CuFL8z51jsxM+f6PMciwjOyBsNl
aEEq3lfWfDj2OYodc5msEjNp/aUYpjdFM6kMmbPdsUhlJ7mJysAwxqRdRkEROfIB
kzo4T4CbgTUzKo1Hv+mOFdSYzRd7xA398z3j3He8CgcsOpTTgRv9cAQS5Fhk3R+p
bdHhceZpd0F+51ETwGpbhXZ99BvJRszIUoGIBO/9Y00UyqMDmHFV/JCaRe7DgxBq
Rl+I9kUrqFsXkTZXZe+8AsMHvKHU2sp51pzo9ieNA+oYJ890hD6a5NyyHhB5k37o
U9IZygfViC09xvcpYYU5hEsJl2smzOAuIJHStOzSlcN3RFDwmwXb86QBhroKqxzy
aTn+PQaiZQPeq+dNwRVy/d1mylQ2e+JPwGuMvKX8lTrjwPy8Y/+BpleCFHXQE5SS
u5MpVRPkA/8xO41zg6eYjayfsWoXHtqigIneiZT4q0ExT6VsIgdCW8D9Ts0qjXwf
4Bh52M6Mc9OEcJTFOeWCRReuSviw8V0BeB8HBeiTjq4FFUpZyvgpPmy0L8UsDc8l
uSBZ/iAjvjzNgwxj0jBctJaeyUTO769/EIcsEHiyDTQhmNXIc8WBuFKm9lAa/jcM
tjeVwBmleSmSCJseiYi0gR2S1YTACSzQD0U5MqYj0fS0Dsx2P6A=
=YCAN
-END PGP SIGNATURE-



pgpS2niHUTm4e.pgp
Description: PGP signature

Accepted nemo 6.0.2-2 (source) into unstable

2024-03-31 Thread Debian FTP Masters

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 31 Mar 2024 20:19:55 +0200
Source: nemo
Architecture: source
Version: 6.0.2-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Cinnamon Team 
Changed-By: Fabio Fantoni 
Changes:
 nemo (6.0.2-2) unstable; urgency=medium
 .
   * Release to unstable
   * d/control: remove hardcoded libcinnamon-desktop4 dep in nemo
Checksums-Sha1:
 5687f1af60d631d9418cecd474d4502ce9831072 2864 nemo_6.0.2-2.dsc
 dc448c11f1a25b4dce0725df28aa5bfd7934a715 1461273 nemo_6.0.2.orig.tar.gz
 67c98d9c32cc4811b96b6ddf58f321cf0157b7d1 10444 nemo_6.0.2-2.debian.tar.xz
 d5be9c6ef6b2ab7465675b1012bd77703f20aa67 18673 nemo_6.0.2-2_source.buildinfo
Checksums-Sha256:
 2b81e441da8422a422cf97b595bbe268407333deaaa4d7531212fddd84edebf2 2864 
nemo_6.0.2-2.dsc
 2eb65e124ea3047528019ed7153b05fb27a1aa830efef8c245b204d08ae0515d 1461273 
nemo_6.0.2.orig.tar.gz
 adbea7589e7f270ff49422f1a3fc366cb7e826807807e3d13d31e6b2903069d6 10444 
nemo_6.0.2-2.debian.tar.xz
 08ead9e332ce73a41eb0a825cf77fa28f2882129c7592cf76671e247e7d1ca52 18673 
nemo_6.0.2-2_source.buildinfo
Files:
 dbdb73999c392272a03e4154b956d183 2864 misc optional nemo_6.0.2-2.dsc
 d517bf646815bd9107e3f6c8acdeb8d2 1461273 misc optional nemo_6.0.2.orig.tar.gz
 65e0b5d4a6c113ab73061b45073aaa1e 10444 misc optional nemo_6.0.2-2.debian.tar.xz
 9b343e84c22832afc60183745a05342e 18673 misc optional 
nemo_6.0.2-2_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEELEHRfLe4S9D5+1GzaAZorpB/EB0FAmYJqqgACgkQaAZorpB/
EB23cBAAks7Hrp9GQhCneom67HcIQhxagdI78wqsfjs10Z6uvA2Vw/9uA+kO3dqo
D2QSJbRy3OU7gztNCFR4V9I5tEnj1+TdvTlyrI0vdvsYRlwJVgRutqyJCMHWH9Mc
2eFV0pcJDWAlmE0+iRTsg1oxYjxnMm0cKM85kc11Qje8lFn3uk+zVsnIVLLN8fLQ
cnT/TKFgWqRmPXKj3+tBoQUVM7P8cgJVtHZeg4tLRZ1om4Xu8g2Vk6LoxE216z4A
MYXPFkkI3uDBT94gbT7ciWE38SBfcVOx/qJEF7mXi1n4OLUJKVlOjVp3V7ZYWUKB
N2D84SXRRLwRKbwgtz3BIl2L5kgEaN2gGpREIdaIscoWWrOBkTxelDybLKnIeLOA
j1rxQLhz2nvV4bj8fT5vTnMG+iGfEeN7Kdjp8GwPGiVJRtMw/Bq5BxxtMx7g9FO+
Jvgd3QbakptlALBHG18mPcTD2QLzJXI18T+BRJayQfUFab11DIFxBwpOzYpWgft6
v7ZxiPy7H6xqD0IVHmnNRcaFf6ZYu4E0b5pbZaP/y2HbEOM/79BNWdSYfpgIIwMo
Dfr25JwAofX+vG9mHA0yBX0rBVkZLzLe+lGFBlcxfIBiCNjIgWKmDC+iCDaHtGC9
tW0B8nkBFIsfc+mhRTHkMW8CwEl3v5VDbzuCHJ34GVgRhukozx8=
=uhK7
-END PGP SIGNATURE-



pgp8WjtRSQQ3F.pgp
Description: PGP signature

Accepted cinnamon-settings-daemon 6.0.0-2 (source) into unstable

2024-03-31 Thread Debian FTP Masters

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 31 Mar 2024 14:42:35 +0200
Source: cinnamon-settings-daemon
Architecture: source
Version: 6.0.0-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Cinnamon Team 
Changed-By: Fabio Fantoni 
Changes:
 cinnamon-settings-daemon (6.0.0-2) unstable; urgency=medium
 .
   * Release to unstable
Checksums-Sha1:
 6c1e9b08f85c1beb0031dc7c144cb1fa0d062830 2958 
cinnamon-settings-daemon_6.0.0-2.dsc
 33d691c9e5ec6157ab21890de0f9e0bae3b5ca8a 567437 
cinnamon-settings-daemon_6.0.0.orig.tar.gz
 86d9074bfcba50602b56c6e83b3e55bae91fa2fe 10280 
cinnamon-settings-daemon_6.0.0-2.debian.tar.xz
 06c0728776844f71a5d360f5996e9234ca29d514 18317 
cinnamon-settings-daemon_6.0.0-2_source.buildinfo
Checksums-Sha256:
 3d78a703c4c465dad8d943a25f866c059da1ead8789e64390146015b7597ac0a 2958 
cinnamon-settings-daemon_6.0.0-2.dsc
 fba3bd610b002477c67703c5d1910d55abc476a68d9f5be1d4fe291e39c92eca 567437 
cinnamon-settings-daemon_6.0.0.orig.tar.gz
 849ed1ec7f46ed97300e35b58e87c546ecfee2a07e3fc4854339f8f02d326ac0 10280 
cinnamon-settings-daemon_6.0.0-2.debian.tar.xz
 0e4e07bc3ea20fc58ee07711799e5ab43fe5f221e85726c4cdbaf5d65ccd10a9 18317 
cinnamon-settings-daemon_6.0.0-2_source.buildinfo
Files:
 cb8c5c66b31e89b7a8b788e3699a0d9b 2958 x11 optional 
cinnamon-settings-daemon_6.0.0-2.dsc
 e21fde01d99c432680eaf3e0e7f87aca 567437 x11 optional 
cinnamon-settings-daemon_6.0.0.orig.tar.gz
 b379d81a257d320bbedc6699ace591f6 10280 x11 optional 
cinnamon-settings-daemon_6.0.0-2.debian.tar.xz
 65fe9b79144c672aac428d62111ba1de 18317 x11 optional 
cinnamon-settings-daemon_6.0.0-2_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEELEHRfLe4S9D5+1GzaAZorpB/EB0FAmYJXVgACgkQaAZorpB/
EB0b4Q/+JqsM8yvu4Y2k60/7Z+TVYzrI+9TAfP6bDreN1ffGwP4rt6G80G1qw1sO
FGP4PunUvpsWPlKcOWo5/4Sg+DaMLuAOyS7xZsQ+o0pZuwj7+YP9lIkNqCKVcBmJ
curLsbetAqM7wphNwCs8v1jS7vHmLWy/N0Xqp29nl3gZ78XcNGZS9qcCAll2pIhM
AvUb/3zWbVKsn8zESphnup7U3nrSPht5HRY130ZBPC8sjBxY87O1kQLDJ1yLh7QI
ahAGIZBWDjWpk66zRZp/eEw9fT7e1a4fPJDznYIWCELvZTKacLKPdKNocRNwfErw
qWG0C82MWdmllQgsL1/RxISm0gblQ/cRN9Yp9k3aEIZTKQqx9MKT//v83wQ1YIIH
Rd3rsXmreW8AYd5V1qNEXWBxk0fwO8Du9hHP8WfD9TpBPera4mcCb87npRby4FVK
hQYpp2gpBudwbJaSi6Nt9R4gMiBj2CMLwNJIWk38s85DT3DRKGmixJPATXys7xps
DVOibelbAGakEptVJvevjTjaoNbeyaP95crs43jq9CocwcnufZ6dc3OTNzu8PD8b
CpexjG2nwIPU6v/kkugEO/y8flP+iggXZ5uFQggyPbT/MzkgxX4IEkq+QtueWLSm
U+HVUZ80AyrwR4Xwa0MRQ6ddHaT6PBy6Bt3GKCtFehi95hQUjTU=
=rdCx
-END PGP SIGNATURE-



pgpV49jBU7xK0.pgp
Description: PGP signature

Accepted cinnamon-session 6.0.4-2 (source) into unstable

2024-03-31 Thread Debian FTP Masters

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 31 Mar 2024 14:24:48 +0200
Source: cinnamon-session
Architecture: source
Version: 6.0.4-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Cinnamon Team 
Changed-By: Fabio Fantoni 
Changes:
 cinnamon-session (6.0.4-2) unstable; urgency=medium
 .
   * Release to unstable
Checksums-Sha1:
 63016a5ae080a6518e52bbff270d051efe343fa3 2631 cinnamon-session_6.0.4-2.dsc
 70c64750ac225cf3331eacbb2f12d3b1682312a6 161711 
cinnamon-session_6.0.4.orig.tar.gz
 01dd158ffa41a40944286ec3662d0566c9a85ae1 6912 
cinnamon-session_6.0.4-2.debian.tar.xz
 2755cd55670235c69fa9def1a7e9c925e3ecc700 18375 
cinnamon-session_6.0.4-2_source.buildinfo
Checksums-Sha256:
 2c22f776d256ac337f3fdf7ea49ec2a918ec29cc072206dbeadec2209cc48e70 2631 
cinnamon-session_6.0.4-2.dsc
 a56fbd784839681d798d73f76443f7179e9262e44d7e7f6f7d2a07fc20e72d85 161711 
cinnamon-session_6.0.4.orig.tar.gz
 7d40902e474f75355ef8ab03fd079049f91bcf9d73fc217352d58655588231d3 6912 
cinnamon-session_6.0.4-2.debian.tar.xz
 a39731b2a0dfc7d362f57bc6b083f19af6dd89eebd542f7f23cf379448feb0bf 18375 
cinnamon-session_6.0.4-2_source.buildinfo
Files:
 f361dc04fa73dc4fa7a2e50597b0bc8a 2631 x11 optional cinnamon-session_6.0.4-2.dsc
 654216721e1f4a4f659c41d4804b21dc 161711 x11 optional 
cinnamon-session_6.0.4.orig.tar.gz
 7edb43e00329ff28d16c6721dd18e8b1 6912 x11 optional 
cinnamon-session_6.0.4-2.debian.tar.xz
 bf57ad5d86f3c3cd8634918018ddbb4c 18375 x11 optional 
cinnamon-session_6.0.4-2_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEELEHRfLe4S9D5+1GzaAZorpB/EB0FAmYJVnQACgkQaAZorpB/
EB2htg/9HepcrovQVT1n2WqFR9IhYbMyrEFaQenlvlEiZdMirAJFweI+lb5pvEph
YzzgPjfrtqmJkub7C0dqyQRVVQQPo2VvmC62KzGsc8Fwj6BrlBHZoPqmXjSXQue/
7yHEuYxPv/h3e+h2hI68gw/4fW/Td1/Ea5Cha7wt5dvADooByMj+r7yWNFMCRbSU
C0VgJUCLzJpY2O6DUVTMppZ/HtAWN2xD7OegHzbh1l5Rfp9MwrS0pTyIsT0Xz/Ba
f4Pe0ePo21+exTf4+t5zQUIkq/oqxxoSpAxvyi5MfPrsyJfLY2h+4hZ6KXjcwEAu
O6fsYG94vcDhZx0Lv1y1nDX2HfjENifsYizo05TC+pufevb7UdfCgo7h/pETns2l
IXsq/jBOgtYyjzEvQwDvocYcvdE51hc9JVZk2zTUgPd/DqC4lgBY1Fbo/RMe7h41
+vSZwKpiw8JinwVm165ORHnnnwI3/+Quqgmsc+foVk3KGdGdePmJ9gVEHeTDXr1t
k3VxcXgQkXuY5qOsihPSy5bd0fYUj0y5fVbzK3re3ImHz+ffsfsSREd5lrQq0Hzz
OWQNwUbnELcVrme0cF5VYyLqroU++0wmXeqBGyd8xXYX2rOxlixsDOEAAoGVEpCZ
T8ctJ1NRO07nXClvAkDrgvKWZYCh766z8O9Q6x30aKJL/dN8WJk=
=W4xL
-END PGP SIGNATURE-



pgpf0OfxuZ4Me.pgp
Description: PGP signature

Re: xz backdoor

2024-03-31 Thread Arto Jantunen

Didier 'OdyX' Raboud  writes:

> Le dimanche, 31 mars 2024, 14.37:08 h CEST Pierre-Elliott Bécue a écrit :
>> I would object against creating a PGP key on the HSM itself. Not having
>> the proper control on the key is room for disaster as soon as you lose
>> it or it dies.
>
> For subkeys, isn't that a benefit rather than a disadvantage?
>
> You lose the key, or it gets destroyed / unusable; good, you get a new subkey 
> instead of reusing the existing one on a different HSM.

For the authentication and signing subkeys this is indeed true. For the
encryption subkey significantly less so (as things encrypted against
that key then become impossible to decrypt).

Personally I have generated the signing and authentication subkeys on
the HSM itself (and thus at least in theory they cannot leave the HSM),
and the encryption subkey I have generated on an airgapped system and
stored on the HSM after making a couple of backups.

-- 
Arto Jantunen

Accepted python-filelock 3.13.3-1 (source) into unstable

2024-03-31 Thread Debian FTP Masters

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sun, 31 Mar 2024 20:40:09 +0200
Source: python-filelock
Architecture: source
Version: 3.13.3-1
Distribution: unstable
Urgency: medium
Maintainer: Sascha Steinbiss 
Changed-By: Sascha Steinbiss 
Changes:
 python-filelock (3.13.3-1) unstable; urgency=medium
 .
   * New upstream release.
   * Bump versioned dependency declarations in d/control.
   * Bump Standards-Version.
   * Bump copyright date for debian/ directory.
Checksums-Sha1:
 1499b6800b3dc52ef9d3d0aee3c6f832318c37ce 2143 python-filelock_3.13.3-1.dsc
 2976643248868710d1188b30124169d2fa428000 14938 
python-filelock_3.13.3.orig.tar.gz
 7903e6f8cfcf6212dbe231d2bc43bfd9c5f2fcb8 2992 
python-filelock_3.13.3-1.debian.tar.xz
 e9e9eb1d7790b117b475e072973e4f49f590fb9c 7342 
python-filelock_3.13.3-1_amd64.buildinfo
Checksums-Sha256:
 2d13d67261180ffae57c3a606c327a88072390ceddfc1a4fcb2fa23936576252 2143 
python-filelock_3.13.3-1.dsc
 a79895a25bbefdf55d1a2a0a80968f7dbb28edcd6d4234a0afb3f37ecde4b546 14938 
python-filelock_3.13.3.orig.tar.gz
 00164790e0446bba2ef64754a9c47ec5713fd78c982d0d9675bf00335286a87f 2992 
python-filelock_3.13.3-1.debian.tar.xz
 c3d27be9503fbbf2441f0efa9dbce3b4e8dc73850e3350289f9560c338ac681c 7342 
python-filelock_3.13.3-1_amd64.buildinfo
Files:
 62b8b082e222c40bf82328ae4aeb49a4 2143 python optional 
python-filelock_3.13.3-1.dsc
 215719e424538a92801c8fe21be5c09e 14938 python optional 
python-filelock_3.13.3.orig.tar.gz
 16461c6986dd2ed05e5473722eef245a 2992 python optional 
python-filelock_3.13.3-1.debian.tar.xz
 c6de04cdc0f054b629e969a1b646655a 7342 python optional 
python-filelock_3.13.3-1_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEEWzS6WqtVB+kDQm6F6NN64vCfSHIFAmYJsr8ACgkQ6NN64vCf
SHLrVA/+ITA4OU5tKmuaCCt91h5NN8q9SBRLJiKcJsbKR4ZaqnlZGffKCUXEVtx4
KU7lOzg0YVusqKvdnx467xjE1COApeE/ZtghwSs3j+yeMeM/TGnhTk8ReAlDdAcN
nXBt3T9z328j+67BpnGE4abUvnfNBOobLD04LcvJvVu1Nhv5XlaghmnxGjfZ0kSi
DTnGGQGcYWtZYxxBiGxjjOjSsSLVKXTuW5RytLYSr5NfKzH36BfDtm74YWcgoDsb
FDb0c1tIJuzu3uyZ8Wx2jdnjckvJleqm4HqVACUxNbneQOg1fUHKsB3n0xZrbTco
TWY7usV7Lf47SWX/QUPRe4Ksqi973zrQKmtJBiMIbNEdBQc1907hbkEbqokYq2WZ
txuRnTy8c068yyXp6DooVmT7XXFO3Tu9upMba02LeSxAS4EuZCJYzT21ncfyUwFm
qKAZYA6Zl9eKxhkwXypT2sD0QzZaG1ruNX6Lh5C/cVpnlcWa16z2IHNJnNgPlEQ0
wTsZbVKoVk0bUJx3nmNKdcGQsfi15SDH6cSkQ+HakrPSe5ZWM+xxYMsDa9VWI+qb
8wlRnkYCsZg7jOaaUUhVwGDOWPhl9RL/5rcUS3uaws/Cx72gL0wqrUNY7iMTcyOR
yAdwKDmNVqfKXD6T26XhmXv6fjkQU4UIz41V9MqrOCREG8g4Z+w=
=KW2l
-END PGP SIGNATURE-



pgplfxxhiMlAw.pgp
Description: PGP signature

Accepted golang-github-stvp-tempredis 0.0~git20231107.8a695b6-2 (source) into unstable

2024-03-31 Thread Debian FTP Masters

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sun, 31 Mar 2024 21:05:43 +0200
Source: golang-github-stvp-tempredis
Architecture: source
Version: 0.0~git20231107.8a695b6-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Go Packaging Team 

Changed-By: Sascha Steinbiss 
Closes: 1067947
Changes:
 golang-github-stvp-tempredis (0.0~git20231107.8a695b6-2) unstable; 
urgency=medium
 .
   * Stop shipping nondeterministic Redis database file generated during
 build. Thanks to Chris Lamb for the patch.
 Closes: #1067947
   * Bump Standards-Version.
   * Switch section to golang.
   * Bump copyright date for debian/ directory.
Checksums-Sha1:
 52c3368d2fb78ac1029446e2d4aff61fbffaebcd 2417 
golang-github-stvp-tempredis_0.0~git20231107.8a695b6-2.dsc
 d88a82945dc908933f6dd6cc0003ee85d06e8d17 2572 
golang-github-stvp-tempredis_0.0~git20231107.8a695b6-2.debian.tar.xz
 bcd287da20f9e0be51aca8500c7c6a6e35d41202 6646 
golang-github-stvp-tempredis_0.0~git20231107.8a695b6-2_amd64.buildinfo
Checksums-Sha256:
 6c0a411b1be50ac8e115ff27941f3eed4082724c9808664a211f56187e54dfee 2417 
golang-github-stvp-tempredis_0.0~git20231107.8a695b6-2.dsc
 7bcc3d6cea3d719e162c02a429f6a2f9c924b27fc5fc8361cbf7ab5f20f4cafe 2572 
golang-github-stvp-tempredis_0.0~git20231107.8a695b6-2.debian.tar.xz
 6f22798b70129926955d430ef8063463387c88a6f982339fd1f12ded79d58562 6646 
golang-github-stvp-tempredis_0.0~git20231107.8a695b6-2_amd64.buildinfo
Files:
 c6cfa5e03528135e2b9d4e7aeafe0b49 2417 golang optional 
golang-github-stvp-tempredis_0.0~git20231107.8a695b6-2.dsc
 c6a60e11e8981819faa47aaeedf70a91 2572 golang optional 
golang-github-stvp-tempredis_0.0~git20231107.8a695b6-2.debian.tar.xz
 08f28848fa988ba7ccb52161ad8cbf66 6646 golang optional 
golang-github-stvp-tempredis_0.0~git20231107.8a695b6-2_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEEWzS6WqtVB+kDQm6F6NN64vCfSHIFAmYJtdsACgkQ6NN64vCf
SHLATA/7BvmyImUVuxPaow/6a3A8tmM8zNnW+2jrmWTHdUb8lK8naA+46ask+ggg
pBKfZWzXVq20WLXxgYkiep8LbEpcL6CzELTQugZdyZefOByEBEJkdFAXfkM13BDJ
Ja0LU4HufC6dgVBhWFL7YpIAdpb261+Ict4/e6PT0PkRox9qWbowPwEbQq3JEydO
zhgBdutnspJE7jjvO/JZkPOgh/kUZYBSzIBHVaduPy1kLdzJBHCv7IxPYJOUGQea
HoubRfQo9rDnvOZ6SdUUw/UYUHwZc36PU8tOlPUZitF5lYNZFKWT1w9CHxB/9aM4
BzF6BHH+p9YvExAk83u/GglJzgk87cKhL/2JU/edui5U7WubvmGFV0Ad2Zolx4hy
2qli128nFgT8EZLFJapA73m/JfLp+++9g/FOayr3pylDdz6d1YvzpouJORLE318j
ILYwC/A0HBStWGi/c/x8bwn998r44DjhbVLdRXLaEoOSwZn01MUT+1E6sPCwGUBk
VVAyb+vewN9pkGd6ExVp3TEX/d2ujPL3JTi1al7H0oIEpFHw+cAm6YrY4LhHoIb0
7GXjUKzMMVAECefPpdVvnxRtRJrowuON80AsAWn90g2YLEUoqxPQ3saUsAcPavTb
yrg0RwBNmeILOV8r6+Z/xFOLFXZRYI4UTCWHN2AveftEECUmPl4=
=U++1
-END PGP SIGNATURE-



pgpu3ahIvgQKj.pgp
Description: PGP signature

Re: xz backdoor

2024-03-31 Thread Didier 'OdyX' Raboud

Le dimanche, 31 mars 2024, 14.37:08 h CEST Pierre-Elliott Bécue a écrit :
> Hello,
> 
> Iustin Pop  wrote on 31/03/2024 at 13:13:27+0200:
> > Option 2: Generate keys on the yubikey and have them never leave the
> > secure enclave. That means having 2 yubikeys per developer, and ensuring
> > you keep track of _two_ keys, but it does ensure there's a physical
> > binding to the key.
> > 
> > Are there other options? And which option is proposed?
> 
> I would object against creating a PGP key on the HSM itself. Not having
> the proper control on the key is room for disaster as soon as you lose
> it or it dies.

For subkeys, isn't that a benefit rather than a disadvantage?

You lose the key, or it gets destroyed / unusable; good, you get a new subkey 
instead of reusing the existing one on a different HSM.

-- 
OdyX

Re: Command /usr/bin/mv wrong message in German

2024-03-31 Thread Hans

Hi Sven,

just did as you suggested.

Thanks for the hint

Best regards

Hans
> Problems with German translations are best reported to
> debian-l10n-ger...@lists.debian.org.

Bug#1068141: ITP: python-pyzipper -- AES encryption for zipfile

2024-03-31 Thread Josenilson Ferreira da Silva

Package: wnpp
Severity: wishlist
Owner: Josenilson Ferreira da Silva 
X-Debbugs-Cc: debian-devel@lists.debian.org, nilsonfsi...@hotmail.com

* Package name: python-pyzipper
  Version : 0.3.6
  Upstream Contact: Daniel Hillier  
* URL : https://github.com/danifus/pyzipper
* License : MIT/X
  Programming Lang: Python
  Description : AES encryption for zipfile
 PyZipper is a Python library for working with ZIP files in an efficient
 and user-friendly way. It provides a high-level interface for creating,
 reading, writing and extracting ZIP files. Additionally, it supports
 advanced functionalities such as AES encryption and LZMA updates.
 .
 Key Features:
  - Allows you to add, remove, rename and list entries in ZIP files
efficiently.
  - Provides an intuitive Python API, making ZIP archive manipulation
simple and straightforward.
  - AES (Advanced Encryption Standard) encryption support to protect ZIP
files with passwords.
  - Allows you to compress ZIP files using the LZMA compression algorithm,
which offers high compression rates.

  Note: This package is a required dependency for the TeraBoxUtility
 ITP package: #1067395

Accepted phosh 0.37.0-2 (source) into unstable

2024-03-31 Thread Debian FTP Masters

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sun, 31 Mar 2024 11:34:35 +0200
Source: phosh
Architecture: source
Version: 0.37.0-2
Distribution: unstable
Urgency: medium
Maintainer: DebianOnMobile Maintainers 

Changed-By: Guido Günther 
Changes:
 phosh (0.37.0-2) unstable; urgency=medium
 .
   * Switch to using systemd user units
 gnome-session 46 dropped non systemd support.
 Thanks djhg2000 for tracking this down.
Checksums-Sha1:
 fb1e60db5435b57d12b2ce9d6226e72719a3a202 2995 phosh_0.37.0-2.dsc
 d6b61a0ce0f8b19c0b60812d7d5854a60db67617 16724 phosh_0.37.0-2.debian.tar.xz
 79055a3b24dedf98586f443b7d6d54deeb6adbd3 25471 phosh_0.37.0-2_amd64.buildinfo
Checksums-Sha256:
 0304cd01245adc4dc8eab4b757331942288bc3d861fdde1de58c4364d68e0bf3 2995 
phosh_0.37.0-2.dsc
 253d5376dea2e96ff68432a8e8d2edc8947acfe52329b5ae2813a9464b463f3f 16724 
phosh_0.37.0-2.debian.tar.xz
 0e91853f7fcd092fbda439d1c608d0306f75e470b38d72a8ff3857199e003b3b 25471 
phosh_0.37.0-2_amd64.buildinfo
Files:
 73628814f5225f9b73eebc8508b85cef 2995 x11 optional phosh_0.37.0-2.dsc
 d11b63496a07ac5aeb8f170dafecbfbf 16724 x11 optional 
phosh_0.37.0-2.debian.tar.xz
 e9860263b8ea90e5bb5b3da7ec6d2e1c 25471 x11 optional 
phosh_0.37.0-2_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEEY/bM35YinQkoayrDJb+GUkr8weMFAmYJqcwACgkQJb+GUkr8
weN/Ww/+McK7vw+e5DSLUjtmqkxITKNTGygdJRonqgPH/dVYcbA1D0ZNPeaMt+hg
zFEmpq5nnN50o038148DMjXEWhq1oEwEOWBmCxmt0fcPHOPJ3XX+FmutPhWsfPyb
ihR4SLV61Wkp4cvbJImzhsMkuRHlVr/TyUrymhhNdN01uVxaOs6HvLDeqTKNi4c3
BRJO/LHj4nfRuZ7R8gnun5XQ0Ed5h/YSON+cwy0rHowQgRG6H+tT5ejQDOmjBRDo
YVw5+ZMPE9c8A2pFqZhEvtEo/BgoJjFVEjlFY1vanncQKGNPQJxtk8XJhmmmc4do
s7BIClWrJ+RHApyG5TTCDliaBIwIxJMfVCBIq0UYKE7+29AMXgzYHqnReBSxBY/T
Q9qkWmkaqG9OzAObb2Yc54cAN1NNphsmiGYMqgFtHP4oIKW39I5X+RRWzaoIKCST
mRW/sHNptllqm5Dlx96vKcJgistXre/0Hkh8631Avq59tA+2P+Oas9QLaJNa7Suh
l3Sgo3g+DUrLXelC0AzQrimX7GLKG5ZT+cprkTTfUvPHbGZ1upEzmjhD9fmrGxcz
uDS4s7NUaDV9AA6cDwmOkdVKnMxwgu9rpgSQqQMBddkQC4n2kYwPN1DQZx093juq
ChCHdUV2DUGxondAJCoKoBUPjtjbaYY3X0COs7aqa927LQV78EE=
=iXqa
-END PGP SIGNATURE-



pgp36jnohwHJH.pgp
Description: PGP signature

Accepted cinnamon-translations 6.0.2-2 (source) into unstable

2024-03-31 Thread Debian FTP Masters

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sat, 30 Mar 2024 11:14:57 +0100
Source: cinnamon-translations
Architecture: source
Version: 6.0.2-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Cinnamon Team 
Changed-By: Fabio Fantoni 
Changes:
 cinnamon-translations (6.0.2-2) unstable; urgency=medium
 .
   * Release to unstable
Checksums-Sha1:
 491143b9608993b1e35844b4b308eaf8d734031e 2265 cinnamon-translations_6.0.2-2.dsc
 466925c72f44f8a0c5c29bcb3d08e4c5976cc823 13452641 
cinnamon-translations_6.0.2.orig.tar.gz
 073c704205a865e4a07161b43c1fbb1320f8bb07 3804 
cinnamon-translations_6.0.2-2.debian.tar.xz
 b82cc1cd0bf7f0df3bd7f6acbeafcc635460534e 6397 
cinnamon-translations_6.0.2-2_source.buildinfo
Checksums-Sha256:
 0853d502bad831577b30a7fe383eeaa67dd961ebd87aed2fb9ffb2d14c5e4a4d 2265 
cinnamon-translations_6.0.2-2.dsc
 ee0cbdf07f14c5280dce46160f503ebe694e3ef37403bd25025c2d25d1c8b26a 13452641 
cinnamon-translations_6.0.2.orig.tar.gz
 3d1fc124348c529cf231599c60f7434b4ffa16359131134453cd10737caeeaef 3804 
cinnamon-translations_6.0.2-2.debian.tar.xz
 09a6dc6fbf05ac6a8d785c2d15caefbf1b753f96d59c10323c3fc1f102e1b326 6397 
cinnamon-translations_6.0.2-2_source.buildinfo
Files:
 3fc129eaec560b4d6b155996f44adab3 2265 localization optional 
cinnamon-translations_6.0.2-2.dsc
 79ac496959a54328a63b9489adb55b67 13452641 localization optional 
cinnamon-translations_6.0.2.orig.tar.gz
 9668be9a30956edd820e696e24f4e778 3804 localization optional 
cinnamon-translations_6.0.2-2.debian.tar.xz
 7ac35970d332e4310114d22a4de37037 6397 localization optional 
cinnamon-translations_6.0.2-2_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEELEHRfLe4S9D5+1GzaAZorpB/EB0FAmYH6T0ACgkQaAZorpB/
EB3ezxAAnpZXcLsG7G+Sz97SQfdfAUIOSKXtulZ2Zusw1Zvm7h650Bw4wZSBqfmq
zkrI3avouFg52rwb+vd0ReVP59LlwqtwFhaUW/2wxiXJg9kkHgv1JDP7NwsWqZTp
FaaJEkuuQuiRQKVvu2u3esWy6J9EjsFGfhx0f22sY1W+n2yJvvc3DRqW1L3W1tpG
i08EUXXpnvNWu1czDILEpxtHGv969HtNz6WT8QOXb9z4vW9gRXA0Fgsc+TSUKKaA
hq1448r60gDtr9k9emGW6hbzqwbpfoUEO956jSwSDP34SsMqCBnM76OvRbfqTi2f
10Aj8M5SZ/MqoireerXGw2GQpCCf9OL7Lfp6aPI3z6OdxhEStJIbrOWU1CrTCgaS
0T8onBD3CK4vmEaIWO1yqMtIRzKhN8B9yZ+SQVOSI2bFPLpQ2zcBKnOVDYHveOhc
xwWqJGbOu79ilja7SoBhAAFUvYVfgF+z32Q4aZfugDh2fP98f559sT1SPTKNIEIi
HBbGQx5yXW3uIrDYkETq0TME5gL3tp3Ey7MidD0PbOmwfCfO4CJpMzJz4A6vZzZE
9onSdnpmm1f9lxrjo3gFmc69Z3jVop5+ao/OGz5lopQ9lMi4qdDhtCcsjAqc+DCF
KuMEZ1xh0ukCF4oHbgmIe2a9iuviDnSQQpHwn7VwgQ/bjf6m8IU=
=Jy7e
-END PGP SIGNATURE-



pgpmRHK19SxdT.pgp
Description: PGP signature

Accepted cinnamon-desktop 6.0.0-2 (source) into unstable

2024-03-31 Thread Debian FTP Masters

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sat, 30 Mar 2024 13:14:48 +0100
Source: cinnamon-desktop
Architecture: source
Version: 6.0.0-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Cinnamon Team 
Changed-By: Fabio Fantoni 
Changes:
 cinnamon-desktop (6.0.0-2) unstable; urgency=medium
 .
   * Release to unstable
   * fix gsettings-override file name, was broken from 5.8.0-2.1~exp1
   * d/control: add dpkg-dev >= 1.22.5 to build-deps
Checksums-Sha1:
 c571ffb5cd00645f38bba2f26689e5440d4533de 2924 cinnamon-desktop_6.0.0-2.dsc
 2a96343f1f08cf12578fd0d94a165a8771f0 512769 
cinnamon-desktop_6.0.0.orig.tar.gz
 af3192027acfe3544a99490c7d10934b2789bf22 12152 
cinnamon-desktop_6.0.0-2.debian.tar.xz
 d716a2388a9d5bf2a48d95c0c3d26909e398f91f 18483 
cinnamon-desktop_6.0.0-2_source.buildinfo
Checksums-Sha256:
 5d175941e5f38a67f585ba0e7ca281fc96eb3c62da84af2e2ad2fc0d7196c063 2924 
cinnamon-desktop_6.0.0-2.dsc
 d962d1566f04bcd9a58216fcf616b5dc8991171c9cccac6e409c60b88e389fef 512769 
cinnamon-desktop_6.0.0.orig.tar.gz
 bed852f329a39d62fd7905273325bf53dec86a412d02588db9e93d7c0ff81495 12152 
cinnamon-desktop_6.0.0-2.debian.tar.xz
 ee7acb84ebaea35a9a6931d136681c77e33f4af0180883947c2f65cca5e088be 18483 
cinnamon-desktop_6.0.0-2_source.buildinfo
Files:
 1abd4e25eec7e3cb3fa0c738541c57b0 2924 x11 optional cinnamon-desktop_6.0.0-2.dsc
 6049a33015a096ae55fda0a6cd480907 512769 x11 optional 
cinnamon-desktop_6.0.0.orig.tar.gz
 81e3ab75d5417019c17112974e27a7a2 12152 x11 optional 
cinnamon-desktop_6.0.0-2.debian.tar.xz
 668566302b24870356497e0d93fde1ef 18483 x11 optional 
cinnamon-desktop_6.0.0-2_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEELEHRfLe4S9D5+1GzaAZorpB/EB0FAmYIBFQACgkQaAZorpB/
EB2wbQ//VVtstiNapfJ1phC0S7bDwYUAG6E131pRjJ3Lug3++MXf+sYJzwJEHg8X
PQJSQtOMUmF8nroFG/Bc39kVx3idpmJFOp9vFyV2hStSffzhEERipedmUSB2ecX/
RhkrJb/hLiBg87V5HWilTRJ9kr1/5n1XgCK4wKf7YNmEl5RTknYQHDHOPVN/2aTv
dSKGzCSP2Wxx+133kbo/cK0kWUYI5ZD11uIYEHIjclJ3GG4i+YnuCNfms/V9Wjdi
X+8R4d8NotLyz3fyz71kDKQFOx156jUIm5IG2PoZGcue+0BagvQxuIiKBhxDObXM
R1g40S1eXcTzA3PmxZfafRESSEHhic3MxDjDrl/Tpvxf+4cWShlegf6Sj7Xb9o8e
4mk0R0vfseqVpXP+0v3zxGEv6lnrvJQDRpzKXg0ZextUdnr/VFnZiV4ZUNNfhN3S
Y8GEGTq59OoqoSEJiVWDxXHS1oh4qgde9NErYHpGUUFqLlA+je4MwvBnkKGFhJMR
OPLSWaGiwwRzYvsAeCBweqSbNVqy83jjkhkAsFwNKVF7yGSkxnlGm9soR7thmHBL
q/r5UlOJ7zc0k6ywTEysEpNOkqKch/EEdMFXqbT95z/qUN9HONbufBKPzzL3+3dR
lNhDwVJxvk/qaaHIQoJRf4up8s8wGgzgMEXY8hhBolOdik+fowA=
=Iby+
-END PGP SIGNATURE-



pgpBX1yNENObT.pgp
Description: PGP signature

Accepted mbedtls 2.28.8-1 (source) into unstable

2024-03-31 Thread Debian FTP Masters

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sun, 31 Mar 2024 20:02:32 +0200
Source: mbedtls
Architecture: source
Version: 2.28.8-1
Distribution: unstable
Urgency: medium
Maintainer: Debian IoT Maintainers 

Changed-By: Andrea Pappacoda 
Closes: 900015
Changes:
 mbedtls (2.28.8-1) unstable; urgency=medium
 .
   * New upstream version 2.28.8
   * d/libmbedtls-dev.install: install new pkg-config files (Closes: #900015)
   * d/.symbols: add new PSA symbols
Checksums-Sha1:
 acea8bfedcecf2db4320775f8fd35701853021dc 1825 mbedtls_2.28.8-1.dsc
 2d10159272723fc3adaddb64346fcc1b68967776 4041565 mbedtls_2.28.8.orig.tar.gz
 7091f7b27d3c0b0083d8efa9978b801f2082b3e6 16000 mbedtls_2.28.8-1.debian.tar.xz
 c769fe993d35c9a88b3263fdc66d1aa92f340758 10867 mbedtls_2.28.8-1_amd64.buildinfo
Checksums-Sha256:
 40dc28f22291e73ecf5bc72c713fece29243ab23ac429103d851b55d1c33497d 1825 
mbedtls_2.28.8-1.dsc
 edfe26dbc923a1d94aa53153d25b74f5dd51e89bfd222a6945eadec031fc9eb2 4041565 
mbedtls_2.28.8.orig.tar.gz
 4c4cb0d60049b5848b1332afa3567ef75c3f015db5d56eeca9a68d6cb7c54833 16000 
mbedtls_2.28.8-1.debian.tar.xz
 d3e68212747c85217a21ff44607123b061809beb94012a34ac04021baf5a51de 10867 
mbedtls_2.28.8-1_amd64.buildinfo
Files:
 128c87ad22301dfab86b87499d4eac56 1825 libs optional mbedtls_2.28.8-1.dsc
 9fbf05d89942d7a25fce5c1127d56bfc 4041565 libs optional 
mbedtls_2.28.8.orig.tar.gz
 a362aaf0fa8d8f1515bd5f8f5eb3a794 16000 libs optional 
mbedtls_2.28.8-1.debian.tar.xz
 1c3e9e4b48a21e4878a226fb4482ecfe 10867 libs optional 
mbedtls_2.28.8-1_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iHUEARYIAB0WIQS6VuNIvZRFHt7JcAdKkgiiRVB3pwUCZgmougAKCRBKkgiiRVB3
pyvkAP42mJCAMaEp/fVf5PgOnBEzmkHus6+rpk1e0fo3hfo6DQEA7R42TeU+Ax3f
YcYrBbkMFP57Ll64n8flE3Nq6O+7Sww=
=MkIn
-END PGP SIGNATURE-



pgp3invdcE4_3.pgp
Description: PGP signature

Re: Command /usr/bin/mv wrong message in German

2024-03-31 Thread Sven Joachim

Am 31.03.2024 um 19:44 schrieb Hans:

> Hi folks,
>
> as I could not find, which package /usr/bin/mv is belonging to and
> apt-file search /usr/bin/mv did not help either, I just in form you here.

Problems with German translations are best reported to
debian-l10n-ger...@lists.debian.org.

> There is a little translation problem with this command. In German moving a 
> file to anbother
> place is telling this:
>
>  mv -v test2/bla.txt test1/
> Datei umbenannt 'test2/bla.txt' -> 'test1/bla.txt'
> The term "umbenannt" is not correct, as it woul be in English "renamed".

That is exactly what is used in the original:

$ LANG=C mv -v test2/bla.txt test1/
renamed 'test2/bla.txt' -> 'test1/bla.txt'

Cheers,
   Sven

Accepted nestopia 1.52.1+dfsg-1 (source) into unstable

2024-03-31 Thread Debian FTP Masters

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 31 Mar 2024 19:44:05 +0200
Source: nestopia
Architecture: source
Version: 1.52.1+dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Games Team 
Changed-By: Stephen Kitt 
Changes:
 nestopia (1.52.1+dfsg-1) unstable; urgency=medium
 .
   * New upstream release.
Checksums-Sha1:
 d9d7c38cc3771e44e13eb53bef002d994c55c9d4 2013 nestopia_1.52.1+dfsg-1.dsc
 8d6797c60aaf7fc64ab95f6ce056956b3e20419f 1140888 
nestopia_1.52.1+dfsg.orig.tar.xz
 6395502ba5ad0091b9027e5d100a23bbddaf5470 9284 
nestopia_1.52.1+dfsg-1.debian.tar.xz
 68cb1afe86f976891a9877cbe4d0fb5c2ef13816 12339 
nestopia_1.52.1+dfsg-1_source.buildinfo
Checksums-Sha256:
 fe1960f8555121b642b02609d70d2637228924c1206af45abd3eba09a28bb139 2013 
nestopia_1.52.1+dfsg-1.dsc
 b0fd68f0de43a9ef8ffbadc4b1996d67c5d34c92c43dd59a4bc4a5434f31dac8 1140888 
nestopia_1.52.1+dfsg.orig.tar.xz
 618c649d6016db75e90c59baa9d3d1a08531acd78600a8b681f5ab2108efa61e 9284 
nestopia_1.52.1+dfsg-1.debian.tar.xz
 d2e3b73135d069230909ba4d2d406b5f38eb0654dd69f3565dbd93c66cfddf5a 12339 
nestopia_1.52.1+dfsg-1_source.buildinfo
Files:
 99443dd5583b3f3494245754878530db 2013 games optional nestopia_1.52.1+dfsg-1.dsc
 a66fcbf90d72bc1cfe3e7445945d50be 1140888 games optional 
nestopia_1.52.1+dfsg.orig.tar.xz
 66d12a0c889882b3027bbb36c813b96a 9284 games optional 
nestopia_1.52.1+dfsg-1.debian.tar.xz
 ee5ab89fc7da0d719b19b5d63d3ac0ad 12339 games optional 
nestopia_1.52.1+dfsg-1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEnPVX/hPLkMoq7x0ggNMC9Yhtg5wFAmYJoP8ACgkQgNMC9Yht
g5yZkQ//ZpGqVNvMkmKU+9ljA0tkWcKmQMqHbIloZzY+BocES6s6onV8wvxSLiVu
UPo4jU9bdgxLn+OCcx5CagGcapGgiLGc0MCICTAYXxSkUw+0AtaURIvxOdrpUtYs
Au26K98vEMDMb8AMbUyfW/FT3cRUloBr6frijjSzhNt+RBfBRq/jk9UvexOg9Ol9
Ibbj6w72wPwEFy7qSdRWa1PAtLZXCL9IC6RSxzl8UDm3Zhv1cnx586A1MofNCJxg
RsVcIBMO7oSw0z9ZiihoobfUtWf4rfs5XkaPlaDx59GBXmXa6eggy0il4EfjJFMn
jIVCwpUAfLKT/EHIkaO0Y3BlmoTB/adUYM560SY3Ro8g+CMan4ebineO++wGirtE
KSRqRtqGsw7yOdZI69R87OgATc7etAJg5Bn+sSB3JED+Uo+uabT1hD1AaAsKI5cq
ufKOWuw3JU6vw7j522XIGZ9dHDyZUvarTBjLxd4URzkHgRol0JgrBoD/RLu1WZ+/
i9/SwHdTwDRz3eLg+kCy9HHFjbjh2lzvGQ8lNexhN4SRMqTPtY9DOODN4cTzgB6a
hMoXaVfY8UaMjqRfZldqcwRxnT7OpIFBimeIjGtB/NCkancTAHkKRIoE3A2o/mAb
IQB1hZD9uR2w9nHv79kry67TLlY42075dwI7fI7WZyJ2QS7nA28=
=ywNs
-END PGP SIGNATURE-



pgp3BqRNejVXs.pgp
Description: PGP signature

Accepted gweled 1.0~beta1-1 (source) into unstable

2024-03-31 Thread Debian FTP Masters

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 31 Mar 2024 19:12:20 +0200
Source: gweled
Architecture: source
Version: 1.0~beta1-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Games Team 
Changed-By: Stephen Kitt 
Changes:
 gweled (1.0~beta1-1) unstable; urgency=medium
 .
   * New upstream beta release.
Checksums-Sha1:
 4c5ed2ca9578d51993931e9ec6bd98d59697bd35 2005 gweled_1.0~beta1-1.dsc
 7c867b25da0da8107c74d85f8d2c0fd01d74519c 153756 gweled_1.0~beta1.orig.tar.xz
 373d4ebc8f2cc05c31d1d79772360dda31caeedb 5780 gweled_1.0~beta1-1.debian.tar.xz
 8ef0f4ca257aae5af7fc199c71e8da0aaac44dc5 16618 
gweled_1.0~beta1-1_source.buildinfo
Checksums-Sha256:
 db835e25acb7546113432466e13326551a019b340c48c30f2735a0d5b7c6afd6 2005 
gweled_1.0~beta1-1.dsc
 f4930b1ebb4ecc8f7a021a3b185a668e9ec26a0dcdb9b361a00edbad557e9f62 153756 
gweled_1.0~beta1.orig.tar.xz
 b48b6ffb652659e78a9fff97888b52bdc17f44e2958244eac4ca7bb6889f2134 5780 
gweled_1.0~beta1-1.debian.tar.xz
 6dbf7796ddf7051e1ec6ec42c249e7bfaeaf256b10fd34e877e1768bb58f6aea 16618 
gweled_1.0~beta1-1_source.buildinfo
Files:
 abaf81105c207759fbdeada0eaaf288c 2005 games optional gweled_1.0~beta1-1.dsc
 219be5d3a790dfaf9cc4c48c810d6b99 153756 games optional 
gweled_1.0~beta1.orig.tar.xz
 3b8897901e785d9254232132578ac03a 5780 games optional 
gweled_1.0~beta1-1.debian.tar.xz
 b3363aa13d3beeba23bf3d80c52e8d82 16618 games optional 
gweled_1.0~beta1-1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEnPVX/hPLkMoq7x0ggNMC9Yhtg5wFAmYJnl8ACgkQgNMC9Yht
g5yVMQ//TLfqlf0co4Ncr3/l/ytsCaYK918F64T8jDRy4AoBMim8I/S2jG95fyLm
OceWV1ac3wFx9X0qeM8TRdNSAPwQeTS2hF9sIO9MCZliwmXhTVIpFH1T2CWcQefD
EMGWEKHlwiRDtl28z02AIp8sKXbX/F6BNWY9SyLUkLhVdVaeOeA4K/o7JwHdxZlh
xif1+XuCgUzXH+AaLJykEdu7N+rSGe/57A50DKR4yCda4qgTuYJ7nhpnlw41wCsl
pZkwbD1etSyWCyUxAiWJfi6IqIoiR7VFQG2PD1hWJB6GSdSnvNZe8kAzDJH1Se4o
fAYiZ2EYV40zE9/Yl+G2kizGiEYXaQIrMrj4pKhZkqC1afu2NYE71BcURm61oYd9
j3V1h0wXmLYQ8WYRAGYooj2d2L27qxlORqT0BdrY+g23MBt4gG1rkJXYCg5mvoNc
y2ws3QUDEcI0aExiPyS886zHiXf4jp4K/ON/jyT3kxHwigmj/0JtElQgZqDd1fla
48s/vj0XaZzw82H6JuTcPTUEeFKdMI2+gWk/5gdRM7qFHUWfVwgvF+3AbtoEiF2D
oJMNpGfdVjfpSMI4fhQHHChxycnbJGP2ugB2P21kwYvtryXjc7BFjTti4wvxQwQv
pfPb47cc1pO4e28fz5LSi8ujTJuUnmk04S+6zdbqDhdas9ELGoQ=
=Ohb6
-END PGP SIGNATURE-



pgpfbRArGHjy9.pgp
Description: PGP signature

Re: Archive back on

2024-03-31 Thread Maycon Antônio

PLEASE unscrisbe from this list

On Sun, Mar 31, 2024, 7:30 AM Joerg Jaspert  wrote:

> Hi
>
> > currently the archive processing is turned OFF.
>
> > It will be turned back on - when we figured out, how to best go about
> > dealing with the XZ compromise, and what it will all mean for the
> > archive and processes.
>
> Based on updated knowledge we decided to turn archive processing
> back on.
>
> There are still enough things to deal with (buildds, decision on how
> exactly to go with the downgrade of xz and stuff), and the involved
> teams will inform on their own on what/how it goes on. But none of it
> needs the archive on hold.
>
> Thanks to everyone involved dealing with this issue.
>
> --
> bye, Joerg
>

Command /usr/bin/mv wrong message in German

2024-03-31 Thread Hans

Hi folks,

as I could not find, which package /usr/bin/mv is belonging to and 
apt-file search /usr/bin/mv did not help either, I just in form you here.

There is a little translation problem with this command. In German moving a 
file to anbother 
place is telling this:

 mv -v test2/bla.txt test1/ 
Datei umbenannt 'test2/bla.txt' -> 'test1/bla.txt'
The term "umbenannt" is not correct, as it woul be in English "renamed". The 
corret term for 
moving a file to another place is called "bewegen" (which means in English "to 
move"). Thus 
you should say in German 

Datei bewegt 'test2/bla.txt' -> 'test1/bla.txt'

or more elegant

Datei verschoben 'test2/bla.txt' -> 'test1/bla.txt'

("verschoben" is past tense of the German word "verschieben", in English "to 
move" or "to shift 
soemthing")

It is not an important or great matter, but maybe you might want to fix it some 
day.

I mnoticed it just, because I am German. Sorry for that.

Best regards and please don't mind.

Hans

Re: xz backdoor

2024-03-31 Thread Andrey Rakhmatullin

On Sun, Mar 31, 2024 at 12:28:35PM -0400, Roberto C. Sánchez wrote:
> On Sun, Mar 31, 2024 at 09:53:06AM -0300, Carlos Henrique Lima Melara wrote:
> > Hi,
> > 
> > On Sun, Mar 31, 2024 at 02:31:37PM +0200, Pierre-Elliott Bécue wrote:
> > 
> > > I would also be happy if it helps my fellow DDs to try making an article
> > > about some basic crypto concepts regarding PGP, RSA et al. But not in
> > > the same piece I guess.
> > 
> > My suggestion is to create a wiki page with these concepts plus a guide
> > on best practices dor the gpg key (subkeys + hsm - yubikey and others).
> > 
> Didn't DKG start something like this some time ago? Or am I
> mis-remembering?
I also thought I remember some Debian-specific PGP-related document but I
couldn't find it.

-- 
WBR, wRAR


signature.asc
Description: PGP signature

Accepted racket 8.12+dfsg1-9 (source) into experimental

2024-03-31 Thread Debian FTP Masters

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sun, 31 Mar 2024 13:55:19 -0300
Source: racket
Architecture: source
Version: 8.12+dfsg1-9
Distribution: experimental
Urgency: medium
Maintainer: David Bremner 
Changed-By: David Bremner 
Changes:
 racket (8.12+dfsg1-9) experimental; urgency=medium
 .
   * Correct types in PB configure parameters
   * Fix bit size for hppa
Checksums-Sha1:
 c65309b4195b4b7d4e8fd75d242babeac7efcc0d 2341 racket_8.12+dfsg1-9.dsc
 6174f59eaa6ed9e34f423915e11905c2851f304c 27900 
racket_8.12+dfsg1-9.debian.tar.xz
Checksums-Sha256:
 d4fde72a1a47cc73a8de0285cad9948e2f4a2a662b6ade0352962b206a8f753a 2341 
racket_8.12+dfsg1-9.dsc
 4dbb270e1103f241f85c65ad44cc694f657c97d5b0c2ee9e5b50d83cb423b5eb 27900 
racket_8.12+dfsg1-9.debian.tar.xz
Files:
 1af5b252565ef7515aa2d9708b9f54cf 2341 lisp optional racket_8.12+dfsg1-9.dsc
 dec62a6f96a08acbac9ef8234683bcd7 27900 lisp optional 
racket_8.12+dfsg1-9.debian.tar.xz

-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEEkiyHYXwaY0SiY6fqA0U5G1WqFSEFAmYJmo4ACgkQA0U5G1Wq
FSGbYxAAp2CtKD4qkFaDqENwEmYhj8fDsqu+013ITuSghu05eZFas3lX6hx2lBWu
3xKBZbSxYRdBpH2/jye0PM2k8o0aEf0bHKRkWMTbZsHXMt9nIYts/QXuw+PBXTAI
aEl7EdtviUb8H7ZTeAZ34FUN00NcoThVAJJVzG2odtFWYOILDGAD9iyz/f7+15+T
nl5zepc4363HjzTWJB3U8L9Tgbb0zY8lVeieiu8wc4KLCh6c9Q5gatx9urKWjzuO
HuG3rvFdoMSfTCJZE+h76cHNRwfn+D0ryFDt/DCif/sDSPAxUucuAb2C6/6KsMVK
vXvJjgdsM1/4+fIV7qzDc24G77gRllK5zaHzFsBuzihGreaQyr02Z0HpiFV8+Ov2
Q/1vWjqQz2gycWQB63yGukMlN1WeTXfJJOnyuztb9hEXijI5Y/jun7XAUokkg7vy
28tkPqhVUyrqMVBunMSQd8FjdENKG3ktIQcpXIro7HDReAjVuBSNhgfrcZWCbjHu
24yVvRocuu/D4aGCsgxyaqZsCwJ7kdDY6tm+WJ0jH4hitzFSELeGRuh4M4Lpkxpa
78wyLLbIgzOWln9rJlmbIH7ba47YnVN2aWojNhTF3Ly/xC9N8RxhPLDVl30QQsyq
fldSwTnuhXSqSbhy0nsPcYYNW7pEPuiX1yNY/OEIdaj5uqZ0DXc=
=m29L
-END PGP SIGNATURE-



pgpbIpVJI9XxF.pgp
Description: PGP signature

Accepted octave-iso2mesh 1.9.6+ds-10 (source) into unstable

2024-03-31 Thread Debian FTP Masters

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sat, 30 Mar 2024 06:02:28 -0300
Source: octave-iso2mesh
Architecture: source
Version: 1.9.6+ds-10
Distribution: unstable
Urgency: medium
Maintainer: Debian Octave Group 
Changed-By: Rafael Laboissière 
Closes: 1066594
Changes:
 octave-iso2mesh (1.9.6+ds-10) unstable; urgency=medium
 .
   * Team upload
 .
   * d/p/implicit-function-declaration.patch: New patch (Closes: #1066594)
Checksums-Sha1:
 4e15575a0ede61ba41bdee47a6e8da73440cdb3c 2426 octave-iso2mesh_1.9.6+ds-10.dsc
 03ead15e7aa1db255f2fa53f3a6081beded8030d 9064 
octave-iso2mesh_1.9.6+ds-10.debian.tar.xz
Checksums-Sha256:
 159f9e86cb1346bc9e273bccab14a8eac2b1fd09672e3fc5144ef3ee451df8c8 2426 
octave-iso2mesh_1.9.6+ds-10.dsc
 d6108b5915d348860fbdf6edfe1339e3a77b8373045b2eac7c67c19ceb5bd93b 9064 
octave-iso2mesh_1.9.6+ds-10.debian.tar.xz
Files:
 92d641968e7a1a737218b319bf8418ef 2426 science optional 
octave-iso2mesh_1.9.6+ds-10.dsc
 a4503db97fda2cdb451add8a198f6c4d 9064 science optional 
octave-iso2mesh_1.9.6+ds-10.debian.tar.xz

-BEGIN PGP SIGNATURE-

iQJGBAEBCAAwFiEEP0ZDkUmP6HS9tdmPISSqGYN4XJAFAmYJm8YSHHJhZmFlbEBk
ZWJpYW4ub3JnAAoJECEkqhmDeFyQF+oP/2xRvIbafxBhotvx0jaGjXI+BwxknyYd
eXGm7DHm7euiQvLg/hzQ4r1dIrq6dquwSw5acZHmehgdJYQAigr8sP8vA/g0uaT2
rrHwr/Y0d3iquNIdUsKKmJiOW2Rf+amUc9hx5za6lXqDmED8NYn/NcSEjuhKfBIi
Yy1ng/wneRnNMs4Et21qIzV8be+1KJuT3flhHwA3zykGMYgC7Xm1rlq5ARoFeXLZ
SCHixiFEZcPJaOQK4Op1wqpRArB4ZO7BHuXceKjXQ0VaRtf6ncvswnLxwQ8KLpo1
lPb/UgHSm88/RapJrKjVO4QLR74fFlvnoK/baNRrzGijaBzAT+1eQYHjryWJLAA2
0/Vuvjva50ojdGSu/BcOCXLCmQpPX+gtCTDg/RFs5xhxmz8B/ZJO7EsWC0bXtCWn
hkrzNlJlC0IrWeixOhefTWVDbt9yf4jVNmRPwfNFUUl5n//3xLbv3Fplz+3xRf+w
zYnqEannBJRmy5kfo+Dbk7dye/zX6PAgXnie9I42hyIAeETJSkr9efA54jVxL59H
AIqDRsL4+EXSHqgynC55RVurXzwdlRstOgeGl/AD9VGokrZJUIbxTnJocFyFZlDt
GpvDGuJvx6AkRX0Z08FkIobZGLFElsxm4a2nNpPyiPZOhuSJn0hZzd3deF88uA5J
dR39zde+mR1M
=rTi7
-END PGP SIGNATURE-



pgpW4fbRZzt_q.pgp
Description: PGP signature

Re: Validating tarballs against git repositories

2024-03-31 Thread Adrian Bunk

On Sat, Mar 30, 2024 at 11:55:04AM +, Luca Boccassi wrote:
>...
> In the end, massaged tarballs were needed to avoid rerunning
> autoconfery on twelve thousands different proprietary and
> non-proprietary Unix variants, back in the day. In 2024, we do
> dh_autoreconf by default so it's all moot anyway.
>...

The first step of the xz exploit was in a vendored gnulib m4 file that
is not (and should not be) in git and that does not get updated by 
dh_autoreconf.

cu
Adrian

Accepted grandorgue 3.14.0-1 (source) into experimental

2024-03-31 Thread Debian FTP Masters

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 31 Mar 2024 19:00:46 +0200
Source: grandorgue
Architecture: source
Version: 3.14.0-1
Distribution: experimental
Urgency: medium
Maintainer: Sébastien Villemot 
Changed-By: Sébastien Villemot 
Changes:
 grandorgue (3.14.0-1) experimental; urgency=medium
 .
   * New upstream version 3.14.0
Checksums-Sha1:
 6d7ab312d8ddd597f6356e26a6a3ac4ec2826ade 2188 grandorgue_3.14.0-1.dsc
 8577e7639cbcd867d16c6ebeaf5ee056c3a93af2 28278774 grandorgue_3.14.0.orig.tar.gz
 6dbd2de4f691b3e5497014eae82d57bd48697498 9556 grandorgue_3.14.0-1.debian.tar.xz
 1eb67383d35cb21e0208bb4fc5939b892ff5de28 15689 
grandorgue_3.14.0-1_source.buildinfo
Checksums-Sha256:
 b27545e173ceecf6d18d01e2b0a4553665f0b21d7b2965c374ec927cb5bece66 2188 
grandorgue_3.14.0-1.dsc
 273c3c0e03885836ff6898a06a1b1a5bb2e57a705515bb5b24a9572f78b08272 28278774 
grandorgue_3.14.0.orig.tar.gz
 66b0299b9fc1655f9bf04c329909865282b367394cb5aec6edc6fc6daf89b788 9556 
grandorgue_3.14.0-1.debian.tar.xz
 e62b1435a1dd48ee5a4b7953c554d2721f919026c7444f151821762f9dbe0f95 15689 
grandorgue_3.14.0-1_source.buildinfo
Files:
 1973a50147d51a0b9a345fdcb6d97f7b 2188 sound optional grandorgue_3.14.0-1.dsc
 c16a236a570813b62f536caf970fce6c 28278774 sound optional 
grandorgue_3.14.0.orig.tar.gz
 50be30f13c863f86198f6cdb665f5c7c 9556 sound optional 
grandorgue_3.14.0-1.debian.tar.xz
 655665e89b4d4202cad842db4a173c18 15689 sound optional 
grandorgue_3.14.0-1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEU5UdlScuDFuCvoxKLOzpNQ7OvkoFAmYJl7UACgkQLOzpNQ7O
vkptFw//UZU8yXlbzSLrT1kY9m/+MBjCgsDfc1pi/gF6+TpiKYsdkkUyjRkTZMD0
sJPLgKRmHae4OSOsgh7CRdHW3puTPWl5BPlVNoKsrNU3M5gR/KSZFTVOdncBYh/R
QF5FgwyuQDO5JzfTWWDuzhBy7HFkc/bX1Man0ZDXpbk0SFPNDp68tAT2zmKjbDXP
G/EsvhTSVEKb0yQu6INOFgfVADPvT29z1A+ckx/6h3ITzmHPCrN+XAQaHUL2QAu6
cou54B9fiQiaflUzqWIndi33uDtC+r6Z4FQz4Ur9q1Qcw9QmoVcihEW6KNprz0sp
514i7b/1WUYZNbUpBlyt7xY31KAi5IUhiCOlxY155c3QdNJVufgVQyitQL4VVm7a
r4SQ9342D2RR0iYnoq5xcx1hmLcRrUIrhg7KPWGUxT8pYHurpwjlXAoWmt8qhMnb
V5vzv5y8JJwdorFHrAWCZK6dNENqkXRoJbkz/MKa3DMdvd68HeKZb6r7kv1S4oxW
94D3TpGBjQ1ppztXo+u0vwGL14tMlTfmZvZDlWlEfTiPl3wtGo4e6VadoHcEHH+T
iEysphLgq1a5ZOCDIZw+Df4Hc8yrUJ4pNMc1S+mPaKIXWOrwJ8t7jSCpXVhl3w9n
+kcgW0EuiqZ0mbkDchH6v/o60hjcTry6MZmkHBZkOPYBsnqBZs0=
=nAyS
-END PGP SIGNATURE-



pgpEoX3PQW6a4.pgp
Description: PGP signature

Re: Validating tarballs against git repositories

2024-03-31 Thread Russ Allbery

Luca Boccassi  writes:
> On Sat, 30 Mar 2024 at 15:44, Russ Allbery  wrote:
>> Luca Boccassi  writes:

>>> In the end, massaged tarballs were needed to avoid rerunning
>>> autoconfery on twelve thousands different proprietary and
>>> non-proprietary Unix variants, back in the day. In 2024, we do
>>> dh_autoreconf by default so it's all moot anyway.

>> This is true from Debian's perspective.  This is much less obviously
>> true from upstream's perspective, and there are some advantages to
>> aligning with upstream about what constitutes the release artifact.

> My point is that, while there will be for sure exceptions here and
> there, by and large the need for massaged tarballs comes from projects
> using autoconf and wanting to ship source archives that do not require
> to run the autoconf machinery.

Just as a data point, literally every C project for which I am upstream
ships additional files in the release tarballs that are not in Git for
reasons unrelated to Autoconf and friends.

Most of this is pregenerated documentation (primarily man pages generated
from POD), but it also includes generated test data and other things.  The
reason is similar: regenerating those files requires tools that may not be
present on an older system (like a mess of random Perl modules) or, in the
case of the man pages, may be old and thus produce significantly inferior
output.

> However, we as in Debian do not have this problem. We can and do re-run
> the autoconf machinery on every build. And at least on the main forges,
> the autogenerated (and thus out of reach from this kind of attacks)
> tarball is always present too - the massaged tarball is an _addition_,
> not a _substitution_. Hence: we should really really think about forcing
> all packages, by policy, to use the autogenerated tarball by default
> instead of the autoconf one, when both are present, unless extenuating
> circumstances (that have to be documented) are present.

I think this is probably right as long as by "autogenerated" you mean
basing the Debian package on a signed upstream Git tag and *locally*
generating a tarball to satisfy Debian's .orig.tar.gz requirement, not
using GitHub's autogenerated tarball that has all sorts of other potential
issues.

Just to note, though, this means that we lose the upstream signature in
the archive.  The only place the upstream signature would then live is in
Salsa.

-- 
Russ Allbery (r...@debian.org)

Accepted python-pipx 1.5.0-1 (source) into unstable

2024-03-31 Thread Debian FTP Masters

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 31 Mar 2024 12:45:12 -0400
Source: python-pipx
Architecture: source
Version: 1.5.0-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Python Team 
Changed-By: Stefano Rivera 
Closes: 1055321
Changes:
 python-pipx (1.5.0-1) unstable; urgency=medium
 .
   * New upstream release.
   * Ship a fish command completion. (Closes: #1055321)
   * Patch: Avoid needing markdown-gfm-admonition.
Checksums-Sha1:
 ce69f6c6c8706e10086feb90412a7ba3f86afdf6 1791 python-pipx_1.5.0-1.dsc
 c8de74da07729043e6ccc2050be79b2e31abd3b5 374890 python-pipx_1.5.0.orig.tar.gz
 69f45a5bbb39fdf2f0024bd79c23fa448400dfab 9280 python-pipx_1.5.0-1.debian.tar.xz
 19565a7880d43a5aef1d9350e0f6f2d7d97ae242 8280 
python-pipx_1.5.0-1_source.buildinfo
Checksums-Sha256:
 b553482933b9d3751feab1171736bfee0f6eb9808714b373ab039ed1a1c8f4e4 1791 
python-pipx_1.5.0-1.dsc
 fffc8c7419d35830bb68515dd285105c1cd7af14d69f813bc166e81b7e2d9df4 374890 
python-pipx_1.5.0.orig.tar.gz
 298a2e66f4c2e930aef756fa3968fe5392a130421ded543dd1b7198a7cbb4cf1 9280 
python-pipx_1.5.0-1.debian.tar.xz
 d0a9225f9452872de2e8a80a67be1d37dff0aac821f1aa0f850607016ca6920c 8280 
python-pipx_1.5.0-1_source.buildinfo
Files:
 b647e3d5798b71413093866079268232 1791 python optional python-pipx_1.5.0-1.dsc
 0661f830a1eec2989ab684b6d64f4f80 374890 python optional 
python-pipx_1.5.0.orig.tar.gz
 bb2fd72484d811a992054d86f656ad39 9280 python optional 
python-pipx_1.5.0-1.debian.tar.xz
 73f64256bf234b1e349f450c8e8e9679 8280 python optional 
python-pipx_1.5.0-1_source.buildinfo

-BEGIN PGP SIGNATURE-

iIoEARYKADIWIQTumtb5BSD6EfafSCRHew2wJjpU2AUCZgmTdhQcc3RlZmFub3JA
ZGViaWFuLm9yZwAKCRBHew2wJjpU2DD5AQC0vmcoqP9Dq3t1jzTZsn++wOFPCFkd
BIKs9uNlIRII4QEA+dJV5rexGB3JNK8PopvklJC1yWAevPWnc0nclI2HKQs=
=dz2e
-END PGP SIGNATURE-



pgpCHW0t1vDsR.pgp
Description: PGP signature

Accepted normalize-audio 0.7.7-18 (source) into unstable

2024-03-31 Thread Debian FTP Masters

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sun, 31 Mar 2024 18:33:17 +0200
Source: normalize-audio
Architecture: source
Version: 0.7.7-18
Distribution: unstable
Urgency: medium
Maintainer: Joachim Reichel 
Changed-By: Joachim Reichel 
Closes: 1067880
Changes:
 normalize-audio (0.7.7-18) unstable; urgency=medium
 .
   * Replace mpg321 by mpg123 in Build-Depends: and Suggests:
 (Closes: #1067880).
   * Replace pkg-config by pkgconf in Build-Depends:.
   * Update Standards-Version to 4.6.2 (no changes needed).
Checksums-Sha1:
 4408042a1770b56242c68b52a8f26e65035f4854 1980 normalize-audio_0.7.7-18.dsc
 20d84d5d9f0bf6cc58368f451d367cb488616bf9 11972 
normalize-audio_0.7.7-18.debian.tar.xz
 a45e3540208ec74128a670e404a3417e9a56578a 8424 
normalize-audio_0.7.7-18_amd64.buildinfo
Checksums-Sha256:
 c6e01f1617017bb9f20934400235ddb824e8a9a5d6d3b524e027d06f7ef59015 1980 
normalize-audio_0.7.7-18.dsc
 170e69b1bb663b4eee583c0e0ee08495ad768f074d78e45b94316c13e84e2e0d 11972 
normalize-audio_0.7.7-18.debian.tar.xz
 624389b62a5079a1325f031e6768f6356b28f2bf34a15c3cd46f4fbe1ff6aaf5 8424 
normalize-audio_0.7.7-18_amd64.buildinfo
Files:
 4252c661cca5f94b1a3a5f1e1398f761 1980 sound optional 
normalize-audio_0.7.7-18.dsc
 f65dd41773c33bff9c46ef365c71f8f3 11972 sound optional 
normalize-audio_0.7.7-18.debian.tar.xz
 868655606907833cda61fcac7be782e4 8424 sound optional 
normalize-audio_0.7.7-18_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEErX6NzLwwsr4xjsEVuPr/HEOIZ3EFAmYJk3QACgkQuPr/HEOI
Z3EISRAAoN6yzC4ux+dSeQmr+g/HRhImJcO54H76sJPe1F2MbJo4NzceuGt5tfRz
vEP7Sx+DJdr8HU7GtB0BypE+Ck18WB/8gY6F2lXuGE5xkYPNdZl6f9ly13cSUK/t
fgxMuHtjUfJs6PHY2DXb9nOsgMarFIbu5DoMocTjFNQlNYOuDg7X9L9u0MO/qWsN
CVzFyYDyYWdjtixE7rCMEw/OEWcxB5BergZSfN5z2/TwZynt1mt0Ph8OTTIgZTg2
lVBU5wCzbsTJcJyhrweENv0LLDqDuTg/TE1rN0p5UUDtMCelAEoSwLsJ3qIDsbnd
cENwkjbPbhjoYpgaRoEdjJTLKDtQod2FtG41QAavKr2D4tdgrwdOThuM5mPz5lIN
H568PXsSlsEvJh5g0jN7AVNxeSRCbcR4hOhapAhDvxsaGDoiLpYMXWEWF3lShKIt
U2ULEVcgmBB2EZgjJqbkgDUpa53Z16bTuKLp3nKDbajiBqWaPrBDciXIMmvwK0Ef
YXL8rUsy2/iEhQToaRGx1jAJ5PoPeHNK5YNyV7qbSUyjye/68MlGJxmx+j/5YQAi
a6++lfFsd0M0VatVNz9a+xCqiD09Pfq5zsouqYrq0pKgsUn2J9FgIcUWb7glXuJH
2MH66VQFOgAHFYEKiMzORMCqNDTl3i2VisyF0ony2CoFH47bZKQ=
=R0Yp
-END PGP SIGNATURE-



pgpuZwrPrcLKZ.pgp
Description: PGP signature

Accepted mp3check 0.8.7-5 (source) into unstable

2024-03-31 Thread Debian FTP Masters

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sun, 31 Mar 2024 15:23:44 +0200
Source: mp3check
Architecture: source
Version: 0.8.7-5
Distribution: unstable
Urgency: medium
Maintainer: Joachim Reichel 
Changed-By: Joachim Reichel 
Closes: 1067879
Changes:
 mp3check (0.8.7-5) unstable; urgency=medium
 .
   * Add comment in debian/watch to explain why the watch file no longer
 works.
   * Add new Vcs-* fields in debian/control.
   * Remove Suggests: mpg321 (instead of replacing it with mpg123) since it
 seems to be completely unused (Closes: #1067879).
   * Update Standards-Version to 4.6.2 (no changes needed).
Checksums-Sha1:
 d42978c84ffc53b456d33fe7773c323202fe1bee 1825 mp3check_0.8.7-5.dsc
 73a9b15b85eca614d838856ef6333ea0a654caf3 7988 mp3check_0.8.7-5.debian.tar.xz
 e8e861194e8300fb270ff88dc8b3fd0dedd524a3 6315 mp3check_0.8.7-5_amd64.buildinfo
Checksums-Sha256:
 58883464a22ebfdaebe95995b4c3e7a8cf7ff3f4bee0db64882911d3f12448d6 1825 
mp3check_0.8.7-5.dsc
 0ab2bc65c7a5136805c9d8f748d11549d60f582d0ed388c71ae34d41f63f4a9f 7988 
mp3check_0.8.7-5.debian.tar.xz
 a996fe7782f7647ba9e70a951ad861563878e42c234bdf5e96848442e7c2c44f 6315 
mp3check_0.8.7-5_amd64.buildinfo
Files:
 cfe897fbeedbef9c081bcc042162cd7c 1825 sound optional mp3check_0.8.7-5.dsc
 655ca67902c09de386309df9ae43341b 7988 sound optional 
mp3check_0.8.7-5.debian.tar.xz
 55b93a911f444d2107b6c09b6aa5106c 6315 sound optional 
mp3check_0.8.7-5_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEErX6NzLwwsr4xjsEVuPr/HEOIZ3EFAmYJkmQACgkQuPr/HEOI
Z3H8zA//VTHEwIjOnmFP3AVoNa4LZnb/NO8d3HMtwWKjxdxolF530pHQkpm8z14D
xSePCJspkA2oaIHK15WJONSB9JRo6VbfSRGo1MHoBAc2a9omitzRmbFJifWPrr9P
xjSByw5J+iiHcroKR0L2EP75XsBxGvjehwJro4AszRv95RYM6QIrtvP/ZGJpkgm4
isU8+zhCDPRY4D+NFAKVS6pTZchvvhi8tAlcsuh6OgvCa8sWNAEveNFq9k1Z5cAF
uymlchO3H+/GmgQBroodZYFsBoke6CH3ps/JddRIETI4BTjSWoVRKxG8+jiREaPO
pTqCvT4510KyqmjuLo9UcWd+c6g4Link7ZINW+doWApCR+Wnli/UdYaCYtK69Mqv
TXsHyLK9LOO/9sRxDlTKC7NOvt03zmreWVz+3PN1OeByodyie4jAIw7tIPregFX5
oj3VUMKDw5Q2utTICIsMTT/rm1LsQ9r24FDSDnCc0jIjLmBwAkPd+qTB/S69jjAK
5ZdxKSH+ZWUXQ9NKvSaobD2nGh+4Mb8kCbXaYhgTcN+7E6Svigrq5F56z0lAnIDm
UYDWn1RFL8rL6CO8vsC78yOeT1V7FS788peb5cxbUazjkceNRorVPVuRQaGli4rX
bvpzNRKR/T3M87ycG1WxY7+08KPDBjxdYSO8fPg313t2/CoFjBk=
=6Cjj
-END PGP SIGNATURE-



pgp51O2N3sTMN.pgp
Description: PGP signature

Accepted hickle 5.0.3-1 (source) into unstable

2024-03-31 Thread Debian FTP Masters

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 31 Mar 2024 17:41:38 +0100
Source: hickle
Architecture: source
Version: 5.0.3-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Python Team 
Changed-By: Edward Betts 
Changes:
 hickle (5.0.3-1) unstable; urgency=medium
 .
   * New upstream release.
   * Drop all Debian patches. Fixes have been merged or implemented upstream.
Checksums-Sha1:
 c22fccd87d4c4de3ec962ce2920c6ab2486c0c46 2276 hickle_5.0.3-1.dsc
 ba9a1d01f1ec59c1880386d24d5722b762b497a4 120225 hickle_5.0.3.orig.tar.gz
 9a04d8b6ebbe0f27fc2c743d06b275eafbaef20e 3116 hickle_5.0.3-1.debian.tar.xz
 cb3d22d58903151453708b7ef1bf536c0386fc6b 10544 hickle_5.0.3-1_source.buildinfo
Checksums-Sha256:
 15c719e07d7faf7197491413f9cb80f7f91be6c5763b44410d5f14676f1b3cb9 2276 
hickle_5.0.3-1.dsc
 698d0dc6644d38a38eb723eeafb06688e0adffa52f73624c48cfe22f2c49f2a3 120225 
hickle_5.0.3.orig.tar.gz
 f8f39a2c278fa7be9f328c9d2b999e9038a9dcd8569a18e1388c965306ec54f2 3116 
hickle_5.0.3-1.debian.tar.xz
 004c4fe9cd44987816742a1e213b9b76d27b13ecafb0b45e9124dec11437fdde 10544 
hickle_5.0.3-1_source.buildinfo
Files:
 640b1658da14bf2c43ae8ac9aeec9371 2276 python optional hickle_5.0.3-1.dsc
 cfca10ffca32308d5dbecd5a553b096a 120225 python optional 
hickle_5.0.3.orig.tar.gz
 dce8ba1b74f1e5047dfd8700320919a3 3116 python optional 
hickle_5.0.3-1.debian.tar.xz
 9d3aab47427f27dd9894e59d6a7c9f84 10544 python optional 
hickle_5.0.3-1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEE+4rPp4xyYInDitAmlgWhCYxjuSoFAmYJkukACgkQlgWhCYxj
uSpEHA//QIc5MBcEoUN2zxPtd/VYK0N1/pE3P7r7CDo535Bww1iq1LOQ8tBZQClm
v4T9TL5XTJvT8tXScYSix7HOz+ICv7NkUZRTro69quCOzjHxNPN2RAAoBHPnrbci
H/ziHuzXgAKrjg6eNWcqX6c5cjnJG8TK2KUxoq06MlC6qKYu+zMsmYsersfloS4W
tjH7CdKk5rwz7y5H7Tk/OsMja0/x5nyBFreV+7n4j5NVO6I3nP69VK0MdqcMvdLD
ENVO0Yt3uMiXpKI5nRLZ1QpPzvDzMvkMqm879n/P666PTc8wleSpCZGBkvmykHes
jetJgAh8/bmtlrxhHnj1n1o3JpdFEbHe6LNNIKNOkUUDOvFzxpvUiB3CRBDvkHMR
3mEYyLGJmamCA5rccWtjDGA/HWIZ0+5wfiK8fUWcv9Pe/hm0TS1B/1jVSLqud/ei
wLMDO/BPzhduBFSbWLvhR8R7uuTXCvhMzmuKkt9Fi62MdpGKItCCgXuQg6s/gGHL
Mx6QPp/TExfKhjj77ZwInsrnwPYsBF+tikL8JJ2RII7JTo2wIiUTzPeXB43k3r8j
jnxF0u3IyTecetnj8jL1wFGwmh7xCufu4aJTx491u7F8rZfHSfVt1ktIUM21udi8
NqZRv5zl8RZoH44rfgJVdACU5y8r0KQPcepFrlTDG39dZ4hs3yA=
=jeL+
-END PGP SIGNATURE-



pgpPh7EXuiE36.pgp
Description: PGP signature

Re: xz backdoor

2024-03-31 Thread Adrian Bunk

On Sun, Mar 31, 2024 at 09:35:09AM +0200, Bastian Blank wrote:
> On Sat, Mar 30, 2024 at 08:15:10PM +, Colin Watson wrote:
> > On Sat, Mar 30, 2024 at 05:12:17PM +0100, Sirius wrote:
> > > I have seen discussion about shifting away from the whole auto(re)conf
> > > tooling to CMake or Meson with there being a reasonable drawback to CMake.
> > > Is that something being discussed within Debian as well?
> > It's not in general something that Debian can unilaterally change.  And
> > in a number of cases switching build system would be pretty non-trivial.
> 
> What we can do unilaterally is to disallow vendoring those files.

These files are supposed to be vendored in release tarballs,
the sane approach for getting rid of such vendored files would
be to discourage tarball uploads to the archive and encourage
git uploads instead.

> Does it help?  At least in the case of autoconf it removes one common
> source of hard to read files.
>...

But I doubt every DD would be able to review the 2k LOC non-vendored 
autoconf code in xz.

The experimental cmake build of xz also has 2700 LOC.

> Bastian

cu
Adrian

Re: xz backdoor

2024-03-31 Thread Russ Allbery

Sirius  writes:

> Would throwing away these unmodified (?) macros packaged projects may be
> carrying for hysterical raisins in favour of just using the autoconf
> native macros reduce the attack-surface a potential malicious actor
> would have at their disposal, or would it simply be a "putting all eggs
> in one basket" and just make things worse? And by how much vis-a-vis the
> effort to do it?

Most of the macros of this type are not from Autoconf.  They're from
either gnulib or the Autoconf Archive.  In both cases, blindly upgrading
to a newer upstream version may break things, I believe.  I'm not as sure
with gnulib, but the Autoconf Archive is a huge collection of things with
varying quality and does not necessarily have any guarantees about APIs.

> I think that what I am trying to get at is this: is there low-hanging
> fruit that for minimal effort would disproportionately improve things
> from a security perspective. (I have an inkling that this is a question
> that every distribution is wrestling with today.)

I think the right way to think about this is to say that the Autoconf
ecosystem is rife with embedded code copies and, because the normal way of
using this code is to make a copy, is also somewhat lax about making
breaking changes since the expectation is that you only update during your
release process when you can fix up any changes.

(That code is also notoriously hard to read, both because M4 is a language
with fairly noisy syntax and because the only tools assumed to be
available in the output scripts is a very minimal Bourne shell and
standard POSIX shell utilities, so there's a lot of the type of
programming that only shell aficionados can love.  That was the problem
with detecting this backdoor: the sort of chain of tr and eval and
whatnot that injected the backdoor is what, e.g., all of Libtool looks
like, at least on a first superficial glance.)

I know all this adds up to "why are we using this stuff anyway," but the
amount of hard-won portability knowledge that's baked into these tools is
IMMENSE, and while probably 75% of it is now irrelevant because the
systems that needed it are long-dead, no one can agree on what 75% that is
or figure out which useful 25% to extract.  And rewriting it in some other
programming language is daunting and feels like churn rather than
progress.

-- 
Russ Allbery (r...@debian.org)

Accepted xonsh 0.15.1+dfsg-1 (source) into unstable

2024-03-31 Thread Debian FTP Masters

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 31 Mar 2024 12:30:13 -0400
Source: xonsh
Architecture: source
Version: 0.15.1+dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Python Team 
Changed-By: Stefano Rivera 
Closes: 1063989
Changes:
 xonsh (0.15.1+dfsg-1) unstable; urgency=medium
 .
   * Team upload.
   * New upstream release.
 - Supports pytest 8. (Closes: #1063989)
   * Refresh patches.
   * Drop revert-pytest-8.patch, no longer needed.
   * Bump copyright years.
Checksums-Sha1:
 d72b9253bf1f1e3190d2cd498049f9b584cb4fdf 1877 xonsh_0.15.1+dfsg-1.dsc
 0d3a7f04f5eebcb01c649e782b0dfb18861f1571 545260 xonsh_0.15.1+dfsg.orig.tar.xz
 d4e2a085746ef82008720d593a04689a7baeb2b9 12936 
xonsh_0.15.1+dfsg-1.debian.tar.xz
 d6a94e1287f13ec176ea407f7b55fe0363702f59 8358 
xonsh_0.15.1+dfsg-1_source.buildinfo
Checksums-Sha256:
 f71791252941baf169784961dfaab9a2646b831b00ec57211fbc1131351ef2e8 1877 
xonsh_0.15.1+dfsg-1.dsc
 86a7e3dbe3cba04754dcb75aca522afbb32c4d2e269c565f6fe2320fe110e7f2 545260 
xonsh_0.15.1+dfsg.orig.tar.xz
 5c86b3c30e5206f97fe3ef0baa3b3221636d55354f560a79752158f176947517 12936 
xonsh_0.15.1+dfsg-1.debian.tar.xz
 88e7040854471e2cd5c0b3b0b82f9b6167957c9d7bd2980733b5b98142270901 8358 
xonsh_0.15.1+dfsg-1_source.buildinfo
Files:
 369edb1251a5152fd39d0721994bc5f8 1877 shells optional xonsh_0.15.1+dfsg-1.dsc
 ac656524c4ec6259f3ee01c215ffae74 545260 shells optional 
xonsh_0.15.1+dfsg.orig.tar.xz
 f36135afc37b3e0564d40dcee9a1fc5b 12936 shells optional 
xonsh_0.15.1+dfsg-1.debian.tar.xz
 adc1c58e19e11368ca1f4b5106711e17 8358 shells optional 
xonsh_0.15.1+dfsg-1_source.buildinfo

-BEGIN PGP SIGNATURE-

iIoEARYKADIWIQTumtb5BSD6EfafSCRHew2wJjpU2AUCZgmP3hQcc3RlZmFub3JA
ZGViaWFuLm9yZwAKCRBHew2wJjpU2B8IAQDsRQs6qdSNXXBENXJIpGnGkGZr0wDP
hrefCQD56Z89xQEAnYbea+3xu00laNARESccFI3/k6BKdZOnISz0WMHbSQs=
=FHTK
-END PGP SIGNATURE-



pgpIvLDT5VhZZ.pgp
Description: PGP signature

Accepted prometheus 2.45.4+ds-2 (source) into unstable

2024-03-31 Thread Debian FTP Masters

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 31 Mar 2024 15:56:05 +
Source: prometheus
Architecture: source
Version: 2.45.4+ds-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Go Packaging Team 
Changed-By: Daniel Swarbrick 
Changes:
 prometheus (2.45.4+ds-2) unstable; urgency=medium
 .
   * Add new 0024-Fix-deadlock-in-TestQuerierIndexQueriesRace.patch
Checksums-Sha1:
 5cd713128dc2e2e5554079bc2337183945147986 4191 prometheus_2.45.4+ds-2.dsc
 8e3a17b2d434a205d3f921df3b9a650c345f42a9 78120 
prometheus_2.45.4+ds-2.debian.tar.xz
 fdd9800bc33369ac557eeed0cbcf1db0b92e20fb 23786 
prometheus_2.45.4+ds-2_amd64.buildinfo
Checksums-Sha256:
 983292e1a29d8e7a10f88af38923cfa41e6f30132bf14a38badb9b0a56a7f498 4191 
prometheus_2.45.4+ds-2.dsc
 99713b44ce065f38dd46931cd0348d880be22673ced57e6cf8cf7f3bf4c749a5 78120 
prometheus_2.45.4+ds-2.debian.tar.xz
 7909ee9f8f6bbff818d7d79a38b0bf01531ab3f03fea5b22607700641338f227 23786 
prometheus_2.45.4+ds-2_amd64.buildinfo
Files:
 569e7ce5b4f9013b175bd2f134718418 4191 net optional prometheus_2.45.4+ds-2.dsc
 3abe021c2cc12047838184ec179b4792 78120 net optional 
prometheus_2.45.4+ds-2.debian.tar.xz
 a6580977b83dcb961a04a29928a40198 23786 net optional 
prometheus_2.45.4+ds-2_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQJKBAEBCgA0FiEEMD9oek78sa58GjWjtwAXP7uAWikFAmYJiS4WHGRzd2FyYnJp
Y2tAZGViaWFuLm9yZwAKCRC3ABc/u4BaKQTDD/9zG29tFortcMNR6X9ZHkGg7a1M
pH2kc6dKnZFe4wCUVbk1X435dYUSTQuxatY1ihEXTlCIhh0KI6xqSf+yG/TIK5ws
jPFS7nFC33jUPsScz57znvp/bJi+PAiMyj5QeMdeiBfLiz2f9LnDHOjlrtuN/VBN
jizPBKvMtvImtptykskVn15I3fmV7XoY4/QExkzF2PdUyDh2I8M2Uio7m5ULPu5s
Us0BFvo/5acRxQ81EVCs89faDH2JMNCjLU+ckgmPA/Fzp9sv5+mrzNhvjF8AmMz8
683OGQSZRS/mFe6RD7vlizKu0YIDks4GYswP8VuvTt4R8hMt32aBjidWxYh/s+um
HVImzdnjFIMmFoy3key9qcQaJD/OdiMnVtYTpgsU22ncIDNwbPNdXuBgIUcdqs9H
fic9lXLl0GAdHQpzaVG22tCPp0y7zR85C+qAWDjWSKTd+O4xLVgrYUyYpGz47IR/
Cc3UCLHsQZzM5XTETfh2/tFPw1Kmp/ZzLGZW3MEL1E+GJuuGEZlC//3ZWMquMCtE
Z3M9yBv5BhdxvZwMoCLHU7u6vlsGo7T38ZLok6SBZDhbZg/ZjgCLCCb9ynKgauKa
MzPFfz1+xchdT8deObll+q8nlWJUyqroi2sA0KT/nrQSCL6bgXGRwtI+8P0SWy1a
fwK9G8j6ZWuHTGa4Tw==
=t4QM
-END PGP SIGNATURE-



pgplz24brKxuC.pgp
Description: PGP signature

Re: xz backdoor

2024-03-31 Thread Roberto C . Sánchez

On Sun, Mar 31, 2024 at 09:53:06AM -0300, Carlos Henrique Lima Melara wrote:
> Hi,
> 
> On Sun, Mar 31, 2024 at 02:31:37PM +0200, Pierre-Elliott Bécue wrote:
> 
> > I would also be happy if it helps my fellow DDs to try making an article
> > about some basic crypto concepts regarding PGP, RSA et al. But not in
> > the same piece I guess.
> 
> My suggestion is to create a wiki page with these concepts plus a guide
> on best practices dor the gpg key (subkeys + hsm - yubikey and others).
> 
Didn't DKG start something like this some time ago? Or am I
mis-remembering?

Regards,

-Roberto

-- 
Roberto C. Sánchez

Re: xz backdoor

2024-03-31 Thread Lisandro Damián Nicanor Pérez Meyer

On Sun, 31 Mar 2024 at 07:40, Johannes Schauer Marin Rodrigues
 wrote:
 [snip]
> In summary: would running unstable instead of bookworm let me find more bugs
> than running bookworm with unstable chroots? For my specific work: yes,
> absolutely.  Am I upgrading from bookworm to unstable or at least testing?
> Absolutely not. I just don't have the amount of free-time this would require 
> of
> me.  Just performing the 12-13 bisection steps to find the offending kernel
> commit which makes my system lock up would easily require a day of free time
> from me.  I'm afraid I do not have this luxury. Not even remotely close!
>
> So I'll continue to not dogfood as hard as I could and run as much from
> bookworm as I can. Would it make me a better contributor if I ran unstable?
> Certainly! But this thing is just a hobby of mine and I can only allot that
> much time to do risky experiments with my only computer. I guess others are in
> the same boat?

As long as we are all contributing our free time we just need to go
the way it fits us better. I am an unstable user but I definitely
respect and support your position. And I would hate losing
contributors for things like this.

-- 
Lisandro Damián Nicanor Pérez Meyer
https://perezmeyer.com.ar/

Accepted debputy 0.1.24 (source) into unstable

2024-03-31 Thread Debian FTP Masters

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 31 Mar 2024 17:31:02 +0200
Source: debputy
Architecture: source
Version: 0.1.24
Distribution: unstable
Urgency: medium
Maintainer: Debputy Maintainers 
Changed-By: Niels Thykier 
Closes: 1068102
Changes:
 debputy (0.1.24) unstable; urgency=medium
 .
   * Manifest:
 - Add new keyword `services` under `packages.foo`, where the
   packager can specify whether a given service or (systemd) unit
   should be enabled/started on installation and how upgrades
   should be managed. With this, more packages using
   `dh_installsystemd` and `dh_installinit` can hopefully now use
   `debputy`. Note user services is mentioned in the manifest
   feature, but `debputy` does not actually detect any user
   services.
 .
   * Plugin API:
 - Detect duplicate service registrations and error out when
   detected. The API is private, so it will not affect any
   plugins outside `debputy`.
 .
   * debputy: Service maintscript snippets are now run in "service" order
   * autopkgtests: Run `debputy lint` with the linter exit code
   * debputy: Fix crash on re-encoding compressed manpages.
 Thanks to Andrey Rakhmatullin  (Closes: #1068102)
   * debputy: Fix bug in -dbgsym generation that triggered lintian warnings.
 Thanks to Chris Hofstaedtler  (Closes: debputy#80)
   * debputy: Fix crash bug on showing a pluggable-manifest-rule with
 certain mutual exclusive attributes
   * debputy: Fix `plugin show p-m-r` to show mutual exclusive optional 
attributes
   * debputy: Avoid using `try-restart` as `deb-systemd-invoke` does not
 support it. Replace it with regular `restart`.
   * The getting started guide now features a section on migrating
 `dh_installsystemd` and `dh_installinit` overrides.
Checksums-Sha1:
 44dbaa5442475643db776889c33376afbd4f732a 1696 debputy_0.1.24.dsc
 5b78c58d2c2a75a7a5c62ef3490e88be0e2cac78 377236 debputy_0.1.24.tar.xz
 2f844ae1620a60c45e17e629f40f94a49445c2bc 6839 debputy_0.1.24_source.buildinfo
Checksums-Sha256:
 0c84ac3b14ab20accb3a4ef9120e3558979daedbc7de9ad7b05feacdb79f2b4a 1696 
debputy_0.1.24.dsc
 9f946c678a4be939c3355cafb4e660d98b93c322da624a617bb495ab9503f2f1 377236 
debputy_0.1.24.tar.xz
 d692f521c336cf36384a7db680c75ea76a79f631304b8b63971bfba1de3d9fb8 6839 
debputy_0.1.24_source.buildinfo
Files:
 b76eadfd5d6143958e9cf1a3eae8bc11 1696 devel optional debputy_0.1.24.dsc
 88c2201af19f454287ee670caebb4ede 377236 devel optional debputy_0.1.24.tar.xz
 822a084e304802bda3691ef6af09ac62 6839 devel optional 
debputy_0.1.24_source.buildinfo

-BEGIN PGP SIGNATURE-

iQEzBAEBCgAdFiEE9ecZmu9eXGflVYc/dA1oiINl0okFAmYJhIQACgkQdA1oiINl
0onMGwgAgrOamZCMohiqXUqHKei0qAqkUKp6ITf+rZ0lIVoV27EhD7vuZS6sWvJq
k1YtzBM/l7jMH8BZIHJWpr10QNaH1W9HyaGwg/QpFbSy3n3pVSh5eX7NZQGlrzkJ
tHGuGktqt0LwLNAXNiarZAp0Lyypj3JIg2Dz4KMvzRpjBANUAQb2pHDJyF7fuzps
/PiH3KK2C4MkHHnwKLDWR4999boMveTBr2PgR7XOUSMLGqV3jfNxqTHvD313zA+Q
4rqFrTuJSHVptgByC6I9lGM6D178QFKcfqiq/GXsOzswb1GqmZdQ5cWOmN5qmWIZ
GWVBY15V8swhJG0Ew+5Bc1a4/2zdNw==
=kESi
-END PGP SIGNATURE-



pgpJrFPJj0mm3.pgp
Description: PGP signature

Accepted cciss-vol-status 1.12a-3 (source) into unstable

2024-03-31 Thread Debian FTP Masters

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 31 Mar 2024 17:19:31 +0200
Source: cciss-vol-status
Architecture: source
Version: 1.12a-3
Distribution: unstable
Urgency: medium
Maintainer: Debian QA Group 
Changed-By: Chris Hofstaedtler 
Changes:
 cciss-vol-status (1.12a-3) unstable; urgency=medium
 .
   [ Debian Janitor ]
   * Use secure URI in Homepage field.
   * Update standards version to 4.6.1, no changes needed.
 .
   [ Chris Hofstaedtler ]
   * Orphan package
Checksums-Sha1:
 43518526de7da911a60f13775630a98118425644 1990 cciss-vol-status_1.12a-3.dsc
 0ad3a82aea73dc0a1098ec836f16ca8154452543 4652 
cciss-vol-status_1.12a-3.debian.tar.xz
 07120e4abdaaae498fe2d59719e8eb136fcbc0f6 4776 
cciss-vol-status_1.12a-3_source.buildinfo
Checksums-Sha256:
 248ed4e014ed81c8fd90ae28dd6bc0567eb2d68060529fd54b3a2b43bb10d02f 1990 
cciss-vol-status_1.12a-3.dsc
 4a89fa7b4883ec0c8cbc13c494f7325bfa4e1a43b76c70b67db2281dc5a5c9a3 4652 
cciss-vol-status_1.12a-3.debian.tar.xz
 7266accd1f4e798aa64ac1098aa6388abfcbfb75e2634c70267bac9922cfaa1e 4776 
cciss-vol-status_1.12a-3_source.buildinfo
Files:
 e9fd83cc56a47e41658c58dffe01619a 1990 admin optional 
cciss-vol-status_1.12a-3.dsc
 3e6c328bc2b9a08819941eb4d56a17ab 4652 admin optional 
cciss-vol-status_1.12a-3.debian.tar.xz
 6913a75048e30ccb2b8eb399d8da3052 4776 admin optional 
cciss-vol-status_1.12a-3_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEfRrP+tnggGycTNOSXBPW25MFLgMFAmYJf7oACgkQXBPW25MF
LgNg7Q//eZY8hJYMtEJ8aAfO2A/Rb5k/jcB01oIzFlY3E3d1VwzL7VLLxatTAKj8
1104JiG4XnWTk8yiJhw22lSsii5I92MNmXGzM5oRtjQdNqcNLjQnKof4RYzkDmiJ
n8vZXbPpSvgjckDxQIvFzGU0spBAmo4IscYRfv08fD1SBG7tc5YN9ke773WPRFfk
VuuQMveld50NlJm38j2NPDEaVUbxHmOcaruXRJh5GTp3aILQlQbIKo1+DUunY8iJ
QldUiDhyFVcDC6B6JXFaoUuuQb9JI9fK/hLSVVWNYn+b3FckTjpp3NAmqhvwGqND
MTUE1WYZK/hDmC8xflqK75qetuUhLnTxUNwibDMzxXLwaRTxkaU2t8IBQdFshiPI
rN4Vvst41Yxuq127Rw7RNywlvamOHLqxiqToldQfDpTpnOLheb/wXMwJ2eYQJwkk
irH1ZTytXfluJvyNPAomDKBI2yGxoees+/brEnurzhUCYkAr6jaYTkQn3j7IXUUD
8FcYFvqHeI/STUAhlS2x2tJ/hUu64XbsjUB6jclMNxRXBk2qGp/rzSNFCvUSG8DY
FmE3klBRfdgimG36cAQcsiGCD0hXKt7Ui/NdgT8tIJlXCI2yWgaqorh0eN8ekkZF
aldytBx5CCdWz55ksyUr/NGNgXilcSF/oDsABWgz9kqcLvzU/N0=
=AGQ0
-END PGP SIGNATURE-



pgp13PLt2g1hK.pgp
Description: PGP signature

Bug#1068131: ITP: bootterm -- simple terminal to ease connections with SBCs

2024-03-31 Thread Faidon Liambotis

Package: wnpp
Severity: wishlist
Owner: Faidon Liambotis 
X-Debbugs-Cc: debian-devel@lists.debian.org

* Package name: bootterm
  Version : 0.4+git2023013
  Upstream Contact: Willy Tarreau 
* URL : https://github.com/wtarreau/bootterm
* License : Expat
  Programming Lang: C
  Description : simple terminal to ease connections with SBCs

Bootterm is a simple, reliable and powerful terminal designed to ease
connection to ephemeral serial ports as found on various SBCs, and typically
USB-based ones.
.
Main features:
 * automatic port detection (uses the most recently registered one by default)
 * enumeration of available ports with detected drivers and descriptions
 * wait for a specific, a new, or any port to appear (convenient with USB
   ports)
 * support for non-standard baud rates (e.g. 74880 bauds for ESP8266)
 * can send a Break sequence and toggling RTS/DTR for various reset sequences,
   even on startup
 * fixed/timed captures to files (may be enabled at run time)
 * optionally time-stamped captures (relative/absolute dates)
 * reliable with proper error handling
 * single binary without annoying dependencies, builds out of the box
 * supports stdin/stdout to inject/download data
 * configurable escape character and visible character ranges

Note that upstream has chosen /usr/bin/bt for the binary's name, but I'm
trying to persuade them to use /usr/bin/bootterm instead, in order to
avoid taking up a two-letter name in Debian's shared $PATH namespace,
for what is intended to be a binary for a niche audience. At minimum I'd
expect us to carry a Debian-specific patch.

Accepted mercurial 6.7.2-1 (source) into unstable

2024-03-31 Thread Debian FTP Masters

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 31 Mar 2024 15:25:51 +0200
Source: mercurial
Architecture: source
Version: 6.7.2-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Python Team 
Changed-By: Julien Cristau 
Changes:
 mercurial (6.7.2-1) unstable; urgency=medium
 .
   * New upstream bugfix release.
Checksums-Sha1:
 8c11ef51a85ec7d69bff4e5e59f50b938a4aac45 2806 mercurial_6.7.2-1.dsc
 6686f0a52f93ceb23dd854a76cf54499dedbba6e 8302143 mercurial_6.7.2.orig.tar.gz
 56102ad8c911967487683b9df9f4a8c54ebee1e6 659 mercurial_6.7.2.orig.tar.gz.asc
 716c3dae1f37d36896348ec8c9d9c91a19841e95 69476 mercurial_6.7.2-1.debian.tar.xz
Checksums-Sha256:
 903c49bf8937e4d5de9c354363f28419ebaaa1b8328c09728785faf0fd4d208a 2806 
mercurial_6.7.2-1.dsc
 1c22070c05dfaac41ff88a39ce2508dde480f0dd05d45d7efab4c5cdc6ddd806 8302143 
mercurial_6.7.2.orig.tar.gz
 954a0ee6421c46ab815956465c821336e96d7af32c69d138b0f2b9ad6bdaf431 659 
mercurial_6.7.2.orig.tar.gz.asc
 033fd110d988e8cc32d43310706bdbd387f00f1a939fcdb2727e3aac5effcd7a 69476 
mercurial_6.7.2-1.debian.tar.xz
Files:
 eba029d8894f92a51d016bc30f53 2806 vcs optional mercurial_6.7.2-1.dsc
 55a079ac42931797d87fabe45018f758 8302143 vcs optional 
mercurial_6.7.2.orig.tar.gz
 405f5457bf79136e27bb89eea737fee4 659 vcs optional 
mercurial_6.7.2.orig.tar.gz.asc
 65b09cdecfed0404749859efbb30a02e 69476 vcs optional 
mercurial_6.7.2-1.debian.tar.xz

-BEGIN PGP SIGNATURE-

iQJIBAEBCgAyFiEEVXgdqzTmGgnvuIvhnbAjVVb4z60FAmYJbzAUHGpjcmlzdGF1
QGRlYmlhbi5vcmcACgkQnbAjVVb4z61dcw//et4uPhxCV6SKIJBwgRXJl9Y4iLfv
fUTXZGgwotgRLSQz49KlqsOH4AH8MOTatUjoegVDepKokiS1fHxu/dofHyVXNm7a
/exAYyBlGf54ut8jixZPYk+1vk3diMpjktmYyNwc0/oOCbCQpGODu7J0dJibrqai
OdSsICQkJVx8VP5Cz943it6uUoHDSMTu+CbS8/cfY+9tLZsiWR8fE7nS3E6ZTZ6n
kZ9KukHbTDBbXMERgoHHbhm+13L+styuxnJXALmdhljN7lN+Oo7GIxm9GzzEaoz1
8bPGnVyZbEJS5dT80xVSgWEKPTqtB8hvlCtLqV0325vfj1VHjttUU2ybYnXnmbDC
05FkzievHozmHFv3ZeNpcVIfQNj+qlCM0kovL1tE+v3QOqzUaZdEWbpBb4hBmPAm
+/I/oQxDzTWRGln1XS35nIf5nzGJMwN7932eKEtUTGq9iIH303Jivas3m2DOb60E
mkzVeg5VFp6iXq8Jr8KJTbN30FadOJQ+nN5FyzhyLZdNOOtnKqFg/3BRj+aNW5bR
qcLk69unWulvM4coa2Dt5ixCjJq327pLvO2laaNFVfAzJV8BkB5eEpOkez9Urp6A
ik5rqMpJrCGWRXUi0QQNwkg/LRRZV/N/Jp2kqE+Dtl7U/P8SftSfyVdjKzJiIXd+
WD2gULWAN1oEcZ8=
=XWGd
-END PGP SIGNATURE-



pgpcgdhliVkZp.pgp
Description: PGP signature

Re: xz backdoor

2024-03-31 Thread Gard Spreemann

On 31 March 2024 12:39:55 CEST, Johannes Schauer Marin Rodrigues 
 wrote:
>
>Another example is when I wanted to run a GUI program inside an unshared chroot
>environment.  Wayland does not seem to be happy about that  and I didn't find a
>way to test my GUI application successfully. But maybe my container environment
>just fails to set up some things? Does there exist a way to test GUI
>applications inside a container without requiring superuser privileges to run
>the container?



Hi,

At least with (unprivileged) Podman containers, I have success with just 
passing the host's Wayland socket as a volume with the -v switch.

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.

Accepted obs-studio 30.0.2+dfsg-3 (source) into unstable

2024-03-31 Thread Debian FTP Masters

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 31 Mar 2024 15:13:19 +0200
Source: obs-studio
Built-For-Profiles: noudeb
Architecture: source
Version: 30.0.2+dfsg-3
Distribution: unstable
Urgency: medium
Maintainer: Debian Multimedia Maintainers 
Changed-By: Benjamin Drung 
Closes: 1067494
Changes:
 obs-studio (30.0.2+dfsg-3) unstable; urgency=medium
 .
   * Team upload.
   * Fix build on 32bit time64_t archs. Thanks to Gianfranco Costamagna.
 (Closes: #1067494)
   * linux-v4l2: Save device by ID or path to make webcam ordering persistent
 (to support having multiple in the system). Fixes upstream bug 3003.
   * Add simple autopkgtest that just calls obs --help and --version
Checksums-Sha1:
 a9d9a499674345958553821ef608d401098133a9 3656 obs-studio_30.0.2+dfsg-3.dsc
 1636832a55ffd380bae6bb32c48ba06980d05341 61056 
obs-studio_30.0.2+dfsg-3.debian.tar.xz
 d135c707c93ff486009efe04b52068daf249c451 11355 
obs-studio_30.0.2+dfsg-3_source.buildinfo
Checksums-Sha256:
 760220b0e9790adc5511cdf3dfc68908e92b4f30e67a910d4a5967cfb8a48549 3656 
obs-studio_30.0.2+dfsg-3.dsc
 6760ee7f1849dd20c8b45397ec8f08ff1882ebab0af4e20b5dc62ae3c0587500 61056 
obs-studio_30.0.2+dfsg-3.debian.tar.xz
 23c64adfd5c3b27f7c2716089dbe3e5f94527a66a22ddd76822abac68244c59f 11355 
obs-studio_30.0.2+dfsg-3_source.buildinfo
Files:
 6307e3a0a62ef9e99618ba853228a34e 3656 video optional 
obs-studio_30.0.2+dfsg-3.dsc
 330c3fa912a50ba2d20edfeb11d4f30c 61056 video optional 
obs-studio_30.0.2+dfsg-3.debian.tar.xz
 86bd2002190c53ffc8ff0ae5dd06c1d9 11355 video optional 
obs-studio_30.0.2+dfsg-3_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEpi0s+9ULm1vzYNVLFZ61xO/Id0wFAmYJYxIACgkQFZ61xO/I
d0xkZA/+MVN0k3A/u3pIhUK4GqMbEUgqRpfYKaCIucLRcRoFWwbQNK8q68iebh/T
2RFdbeq/Z5CS8vJVEQBUzgl4y7h9pYKGEB7T7nNMiNj8uDFD2wrSkc1aQ9t7mVZF
KDjYYIernbZbPeSkDKchtgos7qs2fc+hE2biCSByM/QtKg3QBV1bdObIGr35ktRJ
FdmCDl8G1qjLAzq/H6TgeKwKtJGIkXIq/dHd5tkhCkk5BRNfhGrVdt/SbLHWSOVd
XD5JzMzeKMmlOgahQrig+BSg9wLptN/KCnyc2fKAiLCahYTROgyvqstvXkkBn7DC
KhjhQTHnbXat+m3GXo+FFJo88W8RppCGM9bG2EY9Gq/MBV7HZNIPaUGSERjrZBh3
1heIT1OLktI1DTJ6Vo+bJ0O+Kn4TvDYW1wSvR+9B5rT0Bmu/T1ykFCSbT8agyZYH
01VRXElSAngIZaR+dtqt+5agoOsUjUYXPY9OZ1YkoLL1zfSWVg1rxXzi55tVcqGV
rmvWfIYRN83A3Fh5OrP/cOZgK0Qwj2kNFr1rwNnR/xrc7jhhsKOUtKEXVOQ0Lgr+
svTsxZn7MR8GqMaaznOVZ8IbX/f/DNFLWWVaq54vAldabpAJaovET8mRyrBhwxCk
fMwLVv5faOL/GH6xYbQ+D93i4s73/TuQEkOcnx0X+P6274rnEYc=
=0+MA
-END PGP SIGNATURE-



pgpSwFfyM9Epu.pgp
Description: PGP signature

Accepted asahi-audio 1.7-2 (source) into unstable

2024-03-31 Thread Debian FTP Masters

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Wed, 27 Mar 2024 17:54:45 +0100
Source: asahi-audio
Architecture: source
Version: 1.7-2
Distribution: unstable
Urgency: medium
Maintainer: Tobias Heider 
Changed-By: Tobias Heider 
Changes:
 asahi-audio (1.7-2) unstable; urgency=medium
 .
   * Restrict to wireplumber < 0.5.0 because of API incompatibility
Checksums-Sha1:
 88a0f43fc03cf5a799199856a0bb75a3a2da94a2 1857 asahi-audio_1.7-2.dsc
 77c0a328d84b4b4cf7b407906dba357b11494f1f 2180 asahi-audio_1.7-2.debian.tar.xz
 4e4a7ceb66a113ee2ef922c6b9b4d1197fdc4203 5839 asahi-audio_1.7-2_arm64.buildinfo
Checksums-Sha256:
 0a28fc5233e6f7bd5465c7fce05481c36790cde14a40233aa53fced329e0cf19 1857 
asahi-audio_1.7-2.dsc
 d88a9fc217351628ecddd6ba18d0e56bddb2b5f7c1ea14ae62da693738951dce 2180 
asahi-audio_1.7-2.debian.tar.xz
 0849e3b99413d542d2a9fe80171be52950a5a92425815e47840b6cc7712db049 5839 
asahi-audio_1.7-2_arm64.buildinfo
Files:
 c8f880c93345f985b1b42f13b4587452 1857 sound optional asahi-audio_1.7-2.dsc
 dcd347f057b5925d9e83609b8c25b48d 2180 sound optional 
asahi-audio_1.7-2.debian.tar.xz
 a8cb14946baab0f98c2d51fea64f 5839 sound optional 
asahi-audio_1.7-2_arm64.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEE+uHltkZSvnmOJ4zCC8R9xk0TUwYFAmYJYicACgkQC8R9xk0T
UwbCIg/+N2O2jJKXm0ySSKfj2cMB4S4f+S02gnXKDqLQzx5xM+0e3e4QirAx/n+x
eKoRMvLBu+/Xgr7kq42T9Mgp9MIw51cFKDd9InGCs5CW+l4EH6EkAK/n4i52kpHt
WowOW/0ANEKPEX2da+fQRQMwhgA+KhwIM74qeDsQ2cLTIFm4nenelYjl4h6XFuQp
XA6knaXY6AuTYp3x2BXY68qwnZcuC9nXIsqjS894O+k5T2ym9tLGlzfA4eJVSrr1
Sda/ZVErTzvOO238v6QEU8DfuN28g2o5w++msfj6FezKIBUQ7plCcmncV6pIFWJd
rU29XdaG7lraNZGOakQG9FPSK511z8/6P+ze4OeEUXWPgA1oporNKvFtJu6KD7kO
N9SaHY17MpTlcyooAVhIhbzKN66bnpRvd1Renjs+l2ewCi4ydWy+FP6aVcd5mLpG
+uZ9RiN++15M5pTOd1lTO6GRkWSCoy285u9yqk3oRtJfi7KP/LnBp5Vc2oKeknUk
iMSqtYMvegS3IuvWRc4hMAA0U/hBe8AmgvjJxoGj7fppZEO0wPuG+yF8x5+3ewAR
3aDE5icwBk9Sp0cO0yBvBsvgpj1KStGS7Z52j/JwLJIrucgatUe8YfEvvUnjePcA
E7H8pa9g5CEb7NTK3HiOBeGng4zFMp4RRkdXRun8V7/BszCYtn4=
=rIK+
-END PGP SIGNATURE-



pgpY_2BWFY7Zb.pgp
Description: PGP signature

Re: xz backdoor

2024-03-31 Thread Sirius

In days of yore (Sun, 31 Mar 2024), Colin Watson thus quoth: 
> On Sun, Mar 31, 2024 at 10:10:42AM +0200, Sirius wrote:
> > Not worth boiling the ocean over, but is there an estimate of how many
> > packaged projects have customisations to their autoconf that is not found
> > in the upstream autoconf project? If that number is low single digit
> > percent, it may motivate those projects to upstream their modifications.
> > If it is double digits percent, it might not be possible to disallow
> > vendoring the files.
> 
> This is difficult to answer because it's comparing apples and oranges to
> some extent: not all autoconf customizations are vendored or would make
> any kind of sense to upstream.  For example,
> https://gitlab.com/man-db/man-db/-/blob/main/m4/man-arg-config-file.m4
> is obviously specific to that project; it's just in a separate file for
> the same reasons that projects past a certain size don't typically put
> all their code in a single file.
> 
> I suspect the question you're aiming for is something like "how many
> packaged projects have copied autoconf macros from elsewhere and
> modified them but kept the same file names, so that a naïve attempt to
> update them would drop those modifications".  My guess is that the
> number here is very low - IME it's much more common in such cases to
> either rename the macro file to be obviously project-specific or to find
> some workaround that doesn't require changing the upstream macro - but
> I've never seen anything resembling a robust analysis of this and I may
> well have a skewed view.

I find this interesting, even if it is a question that simply does not
have a reasonable answer unless one goes and does the audit. Your
rephrasing is actually closer to what I was aiming at - but that opens
another question that may not have a reasonable answer:

Would throwing away these unmodified (?) macros packaged projects may be
carrying for hysterical raisins in favour of just using the autoconf
native macros reduce the attack-surface a potential malicious actor would
have at their disposal, or would it simply be a "putting all eggs in one
basket" and just make things worse? And by how much vis-a-vis the effort
to do it?

I think that what I am trying to get at is this: is there low-hanging
fruit that for minimal effort would disproportionately improve things from
a security perspective. (I have an inkling that this is a question that
every distribution is wrestling with today.)

My apologies if I am asking too many questions. It has been a long time
since I was using Debian (2004), but I am standing up environments and
looking at how I may be able to put some of my sparse spare time to good
use. So I am looking to learn (by doing) how to package things. I am
building my own .deb of mutt (because I want a few things that the
official package does not have) but am looking for "the right way" to do
it. Just because I built it and it is running does not mean I have done it
right. :-)

-- 
Kind regards,

/S

Accepted pgrouting 3.6.2-1 (source) into unstable

2024-03-31 Thread Debian FTP Masters

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 31 Mar 2024 14:42:43 +0200
Source: pgrouting
Architecture: source
Version: 3.6.2-1
Distribution: unstable
Urgency: medium
Maintainer: Debian GIS Project 
Changed-By: Bas Couwenberg 
Changes:
 pgrouting (3.6.2-1) unstable; urgency=medium
 .
   * Team upload.
   * New upstream release.
   * Refresh patches.
Checksums-Sha1:
 3929be9380ebc5b436bfd9e5b04a34095feed6bc 2528 pgrouting_3.6.2-1.dsc
 128c4974d0573c8ea09f8b086dcafd237dd01ae7 3873384 pgrouting_3.6.2.orig.tar.gz
 c5fd90172df2203023ebc2efcda25af2d3bce3d4 16468 pgrouting_3.6.2-1.debian.tar.xz
 ede37a7c912e35317b33a460d1b82c157e731c82 16538 
pgrouting_3.6.2-1_amd64.buildinfo
Checksums-Sha256:
 6a51ff583371782ea60f332085eb00aa30c0630565adc210974cab6e36520c15 2528 
pgrouting_3.6.2-1.dsc
 f4a1ed79d6f714e52548eca3bb8e5593c6745f1bde92eb5fb858efd8984dffa2 3873384 
pgrouting_3.6.2.orig.tar.gz
 45afb6d50cecf025ce44da499a9ee1fb1e52e9da93147d7e9fd6d6821a2b096b 16468 
pgrouting_3.6.2-1.debian.tar.xz
 94ea8612b17537a68797e1f846cebabeb5ecda8eff90ff76e762e00f0f61be03 16538 
pgrouting_3.6.2-1_amd64.buildinfo
Files:
 ba3fc2c53f9e2145b292f5390563618f 2528 misc optional pgrouting_3.6.2-1.dsc
 96336316353a7244976a97d59f4c9061 3873384 misc optional 
pgrouting_3.6.2.orig.tar.gz
 65bcb2e8b1fee2539aa6278066bc2911 16468 misc optional 
pgrouting_3.6.2-1.debian.tar.xz
 87232b0aaff8b92e496a95c91b485c94 16538 misc optional 
pgrouting_3.6.2-1_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEgYLeQXBWQI1hRlDRZ1DxCuiNSvEFAmYJYA8ACgkQZ1DxCuiN
SvG1rg/+Ju1iCBgwUq9Cwq8pDzvcJqx5vScaCq4K3/98jVQWdHmZTZGVpGx3C6Jp
9HLMNZi9jEbYUXfYLt4DwMmamy2zAhg145LA8qU9g3rp51coTtA6E3uBGbg/WINL
KXsxafJcgcbKonC0cWXuLhkR0/sEUQuDmOdtD+C9/CDDJ8eeIoOd2d5jlZsLXMIl
cX0G9P4btPceEWIKIG1E9DaA5mLSu/A+wMQUuCEMH1MzxvvsJ07aNwY2NLxjkhyt
uXJPdIQEq4CyBOSFHO3IMZa5JlWNKczH8LIe7kLg2LAQrJPCRuc7DGaRXJlAd2x8
74dL2Vgop3j/Y2RzFALCsH+1sW7VgWt7slSqlYbVtL8o4I5dASVgctSr3IRkbdMR
L0NRnqNxnxFhSw9hOuiNC8aqukFexqk4Xm9yoqTE1CMTQbcAm10i+nkiYt16h1Ji
7drj7guXRFUyyU8TgNQryKWENL7qVTx55S+aPUh7S7zkEydjssE0bkkbYGx6L4Kl
7i0quhazIH9ebBzkOO/TfE63kKUlYjUJpQPYB6u0Jd3KROT9TNluCgB10Vc5y01g
A851ADX3M267qKZe2IVlKVSxA1BLb0MXzRG3aDzw3NqxupZIbLF6111vLvd8512v
b9f3YwYJ7Di69AsQfeJuA67/EkvdxPiEarBmUr3UOQFSWLT5LNU=
=L++R
-END PGP SIGNATURE-



pgp0fAIq_zbW4.pgp
Description: PGP signature

Accepted libhitaki 0.2.1-2 (source) into unstable

2024-03-31 Thread Debian FTP Masters

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sun, 31 Mar 2024 16:45:24 +0900
Source: libhitaki
Architecture: source
Version: 0.2.1-2
Distribution: unstable
Urgency: medium
Maintainer: Takashi Sakamoto 
Changed-By: Takashi Sakamoto 
Changes:
 libhitaki (0.2.1-2) unstable; urgency=medium
 .
   * Apply changes for auto-glib2.0 transitions, provided by Ubuntu 
distribution.
Checksums-Sha1:
 f1e179e56547c0cd6743365d17ec98a79083f041 2419 libhitaki_0.2.1-2.dsc
 7aac7df3b521d8bba3ab572d8c2a88256fff2f8c 7204 libhitaki_0.2.1-2.debian.tar.xz
 8cb2bb513e5013a71026244d350f22c50c5387d1 9261 
libhitaki_0.2.1-2_source.buildinfo
Checksums-Sha256:
 1bb365502757f9d01aa663be9229c06bed3970e608eaf5b89605d1db61b33fd0 2419 
libhitaki_0.2.1-2.dsc
 c4ae645a94f24d73454b4f19f67967b556f19a19ef8f5145743d3abd5e46f201 7204 
libhitaki_0.2.1-2.debian.tar.xz
 59ed2621a1e2cb55a2630c7f87d65e0f964674ff8d1a7e7b5db097fe8b71da87 9261 
libhitaki_0.2.1-2_source.buildinfo
Files:
 a44872696998cbe955c025c5dc31f1c6 2419 libs optional libhitaki_0.2.1-2.dsc
 2fdf8535b3a505264ad310ffc9b9a593 7204 libs optional 
libhitaki_0.2.1-2.debian.tar.xz
 3bc3358ba7483d7059eaeff009581947 9261 libs optional 
libhitaki_0.2.1-2_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEEcZ6y2T2+nE0h+6Bk9/t1xWbtIOMFAmYJWvsACgkQ9/t1xWbt
IOMYBQ/9FUW2G93jY+mECOGAaLdF6MICFcwRyGl2TDfVCFptDD6/Ud+aVs/MEhga
ZQFMdDcH4THl1schj0g1Smxqkt5JZQquW9My+csNFkrh78ZyuHZ2y65LcJU6/YKD
HAJB7Ht79c16vLGBCFLR+ggHZ5sh5mrw1c22GvdFXyPQYWhPQRnDJaegHij3XwWd
hG0ys2R7Xk+hB+pP0JtEh6WdKlW2es3NU4QNriV0BRexER4er6fbDTBV4cq940XL
ffrt9rftzXuuQW1SXorZa6nPAQWAkaDZxoLSPWl4aSijzboifN2TkUWgPOJDavEB
RdFNYJYe/6FG9Z2POjm2bTq62B+yKyEqALQ7Psu8zLbice1ZCu4AYt0e0Gs/RJMw
YKe76BtGmCxxK3caHVOXs8+ROccM9j0YCBn1Z8cL6ZWKM9yws5LuBFy/VerONa6A
UHQAn0SW+SrnLUL7fBRj/xUav2z+TENAaWJ0Nz1abw4FZh5AklhWHS/N3hSacAtP
JsQ40UO0ZSmJ100rM2ymHRbfnSN64V2/GLmFqS871bEyAx08KBbwcVuLpBi9TDMP
q7r83onG/UnJZcbieGhB7+6D4KTEdHXMpUh7uUDP57kAJeNSFZTyo6wrfCd/umOL
ZRirmvD21lIG7wJ8kCpLzQncJZHTd44WWEN5wCz6O6cHgF40Pjk=
=ibdj
-END PGP SIGNATURE-



pgpWqnZjbrRUz.pgp
Description: PGP signature

Re: xz backdoor

2024-03-31 Thread Carlos Henrique Lima Melara

Hi,

On Sun, Mar 31, 2024 at 02:31:37PM +0200, Pierre-Elliott Bécue wrote:
> Wookey  wrote on 31/03/2024 at 04:34:00+0200:
> 
> > On 2024-03-30 20:52 +0100, Ansgar  wrote:
> >> Yubikeys, Nitrokeys, GNUK, OpenPGP smartcards and similar devices.
> >> Possibly also TPM modules in computers.
> >> 
> >> These can usually be used for both OpenPGP and SSH keys.
> >
> > Slightly off-topic, but a couple of recent posts have given me the
> > same thought:
> >
> > Can someone point to good docs on this?  I've had a yubikey for 3/4 of
> > a year now but have not yet worked out how I put my GPG key in it. (or
> > if it should be another key, or a subkey, or whatever). So I'm not
> > actually using it yet.
> >
> > PEB also described what sounded like a very sensible way to manage
> > keys (using subkeys) in one of these threads but I don't know how to
> > do that myself.
> 
> I have started (and never finished) a blog article on how I use my
> YubiKey and what config I put in it. I'll definitely try to get it out
> before the end of next week. I'll probably extend it to mention the
> creation of GPG subkeys etc.

That would be really helpful! It's not that easy to find this kind of
information as Wookey said.

> I would also be happy if it helps my fellow DDs to try making an article
> about some basic crypto concepts regarding PGP, RSA et al. But not in
> the same piece I guess.

My suggestion is to create a wiki page with these concepts plus a guide
on best practices dor the gpg key (subkeys + hsm - yubikey and others).

Cheers,
Charles


signature.asc
Description: PGP signature

Accepted meta-phosh 37 (source) into unstable

2024-03-31 Thread Debian FTP Masters

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Mon, 25 Mar 2024 08:17:27 +0100
Source: meta-phosh
Architecture: source
Version: 37
Distribution: unstable
Urgency: medium
Maintainer: DebianOnMobile Maintainers 

Changed-By: Guido Günther 
Changes:
 meta-phosh (37) unstable; urgency=medium
 .
   * Sync versions with current phosh release
   * phosh-phone: Recommend location services.
 Location information is relevant for mapping, etc. While individual apps
 should have a dependency we can well expect it to be present by default
 on a phone.
   * phosh-core: Recommend phog.
 Most people want a DisplayManager instead of the systemd unit.
Checksums-Sha1:
 4acd953d98efefb8b78cbfa344fc82b837060d73 2046 meta-phosh_37.dsc
 f1fc4690c0ff4b34a3ee4728a7214256216da394 6004 meta-phosh_37.tar.xz
 301de79ab34cf795e63dde769166dd567f38f74d 7316 meta-phosh_37_amd64.buildinfo
Checksums-Sha256:
 459eaf2f68fa2cf99b2efe7f470108615bff628b80f4f97417c9570a8c44ae93 2046 
meta-phosh_37.dsc
 25b468903dbc6bc7aa1d2f1bbd541c1394c99149a5b3e8a23bb0f4a975c8ece2 6004 
meta-phosh_37.tar.xz
 ff8901d0ffc8a68dcdc31ee1a35163592ae2b30d35ac602c27f9aecf34ca4c01 7316 
meta-phosh_37_amd64.buildinfo
Files:
 01feebfdf96cec153b00b6566d16df8d 2046 metapackages optional meta-phosh_37.dsc
 c397830c37db923c1cc4246b0378282b 6004 metapackages optional 
meta-phosh_37.tar.xz
 9f628875a10ce4c871b7a1273eb5a83f 7316 metapackages optional 
meta-phosh_37_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEEY/bM35YinQkoayrDJb+GUkr8weMFAmYJUzUACgkQJb+GUkr8
weNF6A/9HZ1+j4AWMUPB40GPjELB5XmszS+4WD2OSfR4YTKCAheMrPnmtKpBUsxO
p4w+jG0W0tNnvphYgeyYXzDIsSb/ecqvx4wDyX4yClhwSpYfreWN82rHHC77FHm5
QwakugXt4zDbtn1mX+Dl8M39vAP4N3fZFi0lfomjXXhLE5GR003hRf3o6/WcKRej
VDazCo/Vok1pKMFIB83sq06z5rmFJoddvy8CejDIUKe8nnVrRaFIMZFy6RrAswoq
joL3wiol8GwUxs5NOOCjWuBLoVQo5n6R8otjaRqyFyH41TSqz/hdSgnSJsGDKfGk
7kI8IEQW5hpbrPdatQl+KydUEXo73v7lGjjgcu9YETpSuTMXy9hB8ALNelAHqh1a
GfIy72BkOB8GAiW0+whKndxbbd01LKAV8CuHRAZlyPT3UQm3PS3phCutkkUcmbkF
5X28G1zs0EA7EpnR+PA58lY6XwPZw0oMP0gj+rdJQsmyF6hlOzNOGJt9CKRGKrDZ
l+J/rKAPMYcpgoRa2OIV+vnXnSpE44aaUiOhEV62V1ZBc8CXZJrI36LMbKLtFNbM
rcmz2Pht6+Izh1Ecn3hlu5XgqCf8ZrW/DKYeNE/iFNDdOofpEk/8wVOt5xLa6rlC
5Irlb3QoeYVy2Tbhun1wY4l/hEo/T+TGDDEWgcYKWYJd8IVFaVo=
=956b
-END PGP SIGNATURE-



pgpQd_EKa_Kph.pgp
Description: PGP signature

Accepted libfirefox-marionette-perl 1.54-1 (source) into unstable

2024-03-31 Thread Debian FTP Masters

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 31 Mar 2024 14:02:18 +0200
Source: libfirefox-marionette-perl
Architecture: source
Version: 1.54-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Perl Group 
Changed-By: gregor herrmann 
Changes:
 libfirefox-marionette-perl (1.54-1) unstable; urgency=medium
 .
   * Import upstream version 1.54.
   * Refresh no-network.patch (offset).
   * Refresh lintian overrides (line numbers).
Checksums-Sha1:
 0456ec184e377d84c2d7b36b78ac9e2454a2ee4f 3234 
libfirefox-marionette-perl_1.54-1.dsc
 d57bbceb761ac81ae7449140853afc922cc561fa 399222 
libfirefox-marionette-perl_1.54.orig.tar.gz
 41aa4a265544a5c346312caf1d691999cd8d3347 28468 
libfirefox-marionette-perl_1.54-1.debian.tar.xz
Checksums-Sha256:
 d7f367ae8daa747f267b01acbe646893457d3ea28280e5cedada0660aa5140ba 3234 
libfirefox-marionette-perl_1.54-1.dsc
 3a4f67422f1908dbddb3bfacc9131c4b0fb54a5e0b3c4e366da5bc0dbab8f21c 399222 
libfirefox-marionette-perl_1.54.orig.tar.gz
 20f005c1beb6e33e3380f204291a8e43c95ac86a2a6c03578113c6eabf970207 28468 
libfirefox-marionette-perl_1.54-1.debian.tar.xz
Files:
 572fe8f36b976af9823d70612cfce1c3 3234 perl optional 
libfirefox-marionette-perl_1.54-1.dsc
 450c06ecb87770a42fc2fc6dd5110769 399222 perl optional 
libfirefox-marionette-perl_1.54.orig.tar.gz
 ed145ba19f8c9bbcffadd42e08a848f5 28468 perl optional 
libfirefox-marionette-perl_1.54-1.debian.tar.xz

-BEGIN PGP SIGNATURE-

iQKTBAEBCgB9FiEE0eExbpOnYKgQTYX6uzpoAYZJqgYFAmYJUoBfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEQx
RTEzMTZFOTNBNzYwQTgxMDREODVGQUJCM0E2ODAxODY0OUFBMDYACgkQuzpoAYZJ
qgZuFg/+LDY8bqfHLAob4g8K4CC9sUXOA4zCN/x9tSXuig44/AtH+w5DRQq1VFKM
fgCkFwX8AcKqrYhyKpKZpV4dVEwwQ/0jCZa7tTn0N9iwoSAp61uA+q61MNPWsr3T
lbeI87BJreKcZjrO1CXQW2p9qPVjq7BPbkdkTo7q4hFMFQxin9NyzVfgb94rlAyx
b1aU2nuLC6pHaau3MUyBzsKql4loF3tjAPxgHYhIV+H9zHvnQGSOm0fdW3Io3x1T
oACd2eEkK+UluK1+ZK1ijf3tjiQWWkBKLlSsam82LgpCkkL4AGMy+qO8BHe6/Cu2
t5/Z1kSDKDSGMKXBalK0DMjNQgCvFDcZJRsD1ze30HHzHPtu/aNXf8llHZcQEaLZ
oG9qoGfvQHKIMtLgwprs8/DP4TPdpAe0Z7SuweSwwswd1b6I938D7Vvm3zh2cR89
hKwi/+xv+F0sVeSzh6ux+KBXL94AEKD3PiRFR4qOI7iPkhTcwraYRDaW/0KXGFQq
OIbb9X5ojevgmHnzRFLSYoi+67mnT3/g7t14Ax1RwgT69+QHN9vzwrIJTK2iSNir
xy9mtt6PiNpJelDdYQuxlhfCVnYXRXQWKZSjw8DuMspJfAXtlvx7StKEC0k4mATg
ZC+pcE6ZwPW6aSiyxjJmiWW47BgazkQ1Cyg+HO1acRvfOfe6d3I=
=oVc7
-END PGP SIGNATURE-



pgp1QF2JHjaUa.pgp
Description: PGP signature

Accepted ibus 1.5.29-2 (source) into unstable

2024-03-31 Thread Debian FTP Masters

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 31 Mar 2024 08:04:22 -0400
Source: ibus
Architecture: source
Version: 1.5.29-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Input Method Team 
Changed-By: Boyuan Yang 
Closes: 1067942
Changes:
 ibus (1.5.29-2) unstable; urgency=medium
 .
   * Team upload.
 .
   [ Jeremy Bícha ]
   * Bump Build-Depends for unicode-cldr-core & unicode-data.
 This forces ibus to support Unicode 15.1.
 .
   [ Boyuan Yang ]
   * debian/control: Remove retired package uploader.
   * debian/control: Add a basic package description to the source package.
 Also use ${source:Synopsis} and ${source:Extended-Description} to
 avoid duplication of the same texts in the file.
   * debian/control: Place libglib2.0 version requirement to
 build-dependencies. (Closes: #1067942)
Checksums-Sha1:
 93583bb56bd341ecc4b1a5a5e7a827b28d51cdb8 3505 ibus_1.5.29-2.dsc
 1ca1a458d411fb3cc7f55c0f1cb6630e57c8f9e0 3991416 ibus_1.5.29.orig.tar.gz
 a3516da3cf4327c593a9d86ebf18ad78b44d1c83 30044 ibus_1.5.29-2.debian.tar.xz
 7ef0dec92198d9a94f6df34542a03ad890b34736 21714 ibus_1.5.29-2_amd64.buildinfo
Checksums-Sha256:
 6c25cd73f9de93aa58f43b075ee81804abf469120c765d6515a2f418f9fa925f 3505 
ibus_1.5.29-2.dsc
 3a27ed120485b2077c62e36e788c302f34544ceac3b3b9cda28b7418e8051415 3991416 
ibus_1.5.29.orig.tar.gz
 4f6b5a7d82ebb5f8e90a90c22cc2db8688612ea13423ba3e3c65f297ac9a832a 30044 
ibus_1.5.29-2.debian.tar.xz
 cbc424462530bb5f50b257bdb907c200abc370b9574a9e75a22f03e278c50f1b 21714 
ibus_1.5.29-2_amd64.buildinfo
Files:
 f3c4a7faf153dd424a495f44a56da872 3505 utils optional ibus_1.5.29-2.dsc
 ab197ecafd3f0ef9b25bedb021431380 3991416 utils optional ibus_1.5.29.orig.tar.gz
 1cfb1a137e1a66f995d286096cbf2318 30044 utils optional 
ibus_1.5.29-2.debian.tar.xz
 8f140b08c5d8182d204376e5c35e0446 21714 utils optional 
ibus_1.5.29-2_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEfncpR22H1vEdkazLwpPntGGCWs4FAmYJUvQACgkQwpPntGGC
Ws7QCw//WbZ1YuljhLlrjVq0T4XAbSk/Ln5DR97ciPHxQnuMdd/7iq9VQQf6kaQA
5Qjld9xG0Ko/rvAfAKhIMwZSlHpvUu6ZYIE7AkehWxu2aNLsioTIUeV5HLspzrGy
v4bG0dPBe3iaUdp3qmQrDAZ7z6dvzdJMikbQysu/cYRKEQEt687pSsOPHaH1xW49
F0xyb7A8a2sLIJUFieG/I7hzpQtFZny/RK2enXknNHMUz1EBvNhaDIyfCWiPc0Pm
TlEazlyooFZMGHBN5+RuFpmUrW48e8RBjnX4ykQ7GmMkHjfkBl07oKFZjg8OXXPf
Q8xYyx4P+Xpv5mZ+jZH5iqTqUZA5+PKHInwqABdEAa2LWn2RfM8809mg65lvxtfa
V3lyMq1gMzVHbufGS9jOFFhFbqruFCdnjdG8gCoyUAENEKxoFbjZI26Dwys8vnXU
HMSDBmxcGkf67BNmRQ4gFIYO5IfmiD2yL8qAjbq2STbWmw9W2BND/1hOPMIyt8gl
wxYlcz+UvEXUfW6OGPS/lJebL3oEpE2RXpSWxBW/B9T35VnZ3lRN7JwrcH+kzg8Q
/5DTni2OHrDsAhm3ZAsmhVvjm0mNF3JS5nMVAQjGnCH5GUWKD9ik73C4r4HECsPM
B3vU8pk+DivYsIf5nxjMFwolz0KLOPL1nPOk49rgT7GEtAcu+YQ=
=pPFa
-END PGP SIGNATURE-



pgpACMy7HYLJf.pgp
Description: PGP signature

Accepted gcc-bpf 14 (source) into unstable

2024-03-31 Thread Debian FTP Masters

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 31 Mar 2024 14:03:40 +0200
Source: gcc-bpf
Built-For-Profiles: noudeb
Architecture: source
Version: 14
Distribution: unstable
Urgency: medium
Maintainer: Debian GCC Maintainers 
Changed-By: Matthias Klose 
Changes:
 gcc-bpf (14) unstable; urgency=medium
 .
   * Build using GCC 14-20240330-1.
   * Build using binutils 2.42-4.
Checksums-Sha1:
 d688beb2f06fd2845062dfe252858008b083d583 1861 gcc-bpf_14.dsc
 1a8c1bfc854d65b38cadfd2ff5964f8ac03ccd18 3408 gcc-bpf_14.tar.xz
 df5fa4f2df1cfc07420a7a51240b4303c44c2c46 8161 gcc-bpf_14_source.buildinfo
Checksums-Sha256:
 79477807e94e6aee17b3186e8a7816dc90f2cb61553f458eade407723b724064 1861 
gcc-bpf_14.dsc
 d647a06d3c8f8e7468cf1703f961b6cbef57ddf79f74299fbe66d2c7d3ffa227 3408 
gcc-bpf_14.tar.xz
 0f2ddd8ebb827f34f110e0a66aa9eb4009de4ee7570236cda57c70f054b3dde0 8161 
gcc-bpf_14_source.buildinfo
Files:
 8585e4174d4c0142649781750dad515b 1861 devel optional gcc-bpf_14.dsc
 6096c39ec2df3b21b2e05e3c722c3661 3408 devel optional gcc-bpf_14.tar.xz
 0c86f39a0ef47e626ccca0e23656755d 8161 devel optional 
gcc-bpf_14_source.buildinfo

-BEGIN PGP SIGNATURE-

iQJEBAEBCgAuFiEE1WVxuIqLuvFAv2PWvX6qYHePpvUFAmYJVNAQHGRva29AZGVi
aWFuLm9yZwAKCRC9fqpgd4+m9X+WD/9I5NPh9dNp81aU20rp9S/Y+MQYOSgd7JPS
ibWlxR8Ap8f5eGEmsO57ocDT4cEGfdWv/eUzTI7Nz2yBBL7xwJkOrCKECqVl5B35
MtthlamKXnQpz2qic1q3kAeX1aA28Skq7vx+H55RgY8cgy3rNfqQOWH8ak7qi7jM
xc2Ki6oSsS1oQNt18rn/OZJtIi14GlgpSU9X5Ev/pSs78rX4EA5lilhqsw6VskGV
EXQNjcvQIlaVvB/K+WRJdfN+JYMa4P3M1n8Mj50LG/pYavWLGksBwPlHLocOHCpL
yY7YTRt8qXuN43DlR+/WwZx8xYAU2SMGDfUQcqZkaJvlGpRWQGAi4APlNAt3yqb0
eOGrMwWDFMul11R63Owxj+vnu46XMJsYGOdSP7whJMnHKBh5nc/moca2QioCex9p
NO0maaO9tyYsqUa89VAiH852cObc7Wto8l5LweU3kwoPV1hvZT4lXVWCfUiO52Mm
nLwiMM7ywZlLWIwtCaGAmtYEK4NoepPgsMcwz41au6Ul2CCHSmQ5RnE42CY7Ju4l
wdf5C2pqJ/Ct4N+tbvjR8eaSo8BUK9tWA8CIX6KW3MIMCka1xU8MRkEIqoGgnyFL
Z6RQlagr4mw/PMXajnvsvS9/WG3HbNR7enjdosN6Sq1sWCD7+83VFr2tu9IkojHA
hbcS2HcKlw==
=aPYq
-END PGP SIGNATURE-



pgpZd9RHitsUI.pgp
Description: PGP signature

Accepted binutils-bpf 17 (source) into unstable

2024-03-31 Thread Debian FTP Masters

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 31 Mar 2024 14:07:36 +0200
Source: binutils-bpf
Architecture: source
Version: 17
Distribution: unstable
Urgency: medium
Maintainer: Debian GCC Maintainers 
Changed-By: Matthias Klose 
Changes:
 binutils-bpf (17) unstable; urgency=medium
 .
   * Build using binutils 2.42-4.
Checksums-Sha1:
 780a0835f5edb915af1a9f52390fd2be2fb52180 1786 binutils-bpf_17.dsc
 ca64934f38fd7a108a58fc25d8451cef26038ea2 3076 binutils-bpf_17.tar.xz
 ac1537c6cf5dfc463bd71ea6ec5e8e7528928414 7110 binutils-bpf_17_source.buildinfo
Checksums-Sha256:
 5e850c0cb506eaa5b2996f17bb6d28f936ffb4d3ff5b916b846d7b84b247342a 1786 
binutils-bpf_17.dsc
 00f80cc666fba99cbba0392817e776d58790d7d6b132c39e6b59f8c048f2e4c0 3076 
binutils-bpf_17.tar.xz
 a74ed856d82130c7520adbd5063f2818a9ca01e706ab2349523268436d784b2c 7110 
binutils-bpf_17_source.buildinfo
Files:
 d81fd311a2f29f01904a11bff6e0607b 1786 devel optional binutils-bpf_17.dsc
 a6ea99defc152e57afd303b90cdb9f1f 3076 devel optional binutils-bpf_17.tar.xz
 4da86ac146bc66374b7ac195e686e054 7110 devel optional 
binutils-bpf_17_source.buildinfo

-BEGIN PGP SIGNATURE-

iQJEBAEBCgAuFiEE1WVxuIqLuvFAv2PWvX6qYHePpvUFAmYJUlcQHGRva29AZGVi
aWFuLm9yZwAKCRC9fqpgd4+m9XFBD/9/RUy2CZjNUzdAKG/CxTlFtsE150RA3qoE
7WSg3x3WCwLXc2U3saKrrAtlLvlTwTS9lgFdjX2f2PAKSfDwUcdiYcq+1HFYQXk4
WRDZEU6jpzvLbqyAy6biom9KH/aDEmGSnCRkL4kO7I8TvJX10YxN040ABSqpqKLS
Bq2M/IlxkjG1MNWdNXsQp76fVY8x2IScAZJXrFjq2ZO9uhyJGqoqn9bFdcPh5RvW
MSBnWv4DJC+tNUIHB+b3Sd+oRTwAUkP+t/lI66MzzxYstCp/UCaUPHIT/q46zZz6
yJrKufTe/2cjApvzA8nVcx/ojz8RCJqUA7T2pwWwUYZf8NNXwL8iN8PVYKE8pBTG
dPvWwcpHZURIK5+H9pSZ02jelkblKovh3ho2P3qkka/ij+CbYARWr6edLfgDyeks
INjsVaac6g6dRLlPgOzdKE2pYoIclIpPDo+jQZJodERvDrfgHHhOUXlY1/247Ov5
G+YyPuw2cRJHucJ6/clM3H5th0y3F2/7x8Y6AFSy8385wXeogdGgVLrNCxWJ7bap
9HCfebYOfnFlFShCgRhwAaCe+2JC1sEKxsn86Hrhv01hhYpk8TJV4/n6e2mvbMY7
bzoYBjoYed6CMPSf3rUI6kYG7nebh6g6iVjvQufQsgFnXftsVPAhzvvmSKBXpL+D
gxr8XqEs0A==
=GstX
-END PGP SIGNATURE-



pgp5Ig8R4_gd5.pgp
Description: PGP signature

Re: xz backdoor

2024-03-31 Thread Pierre-Elliott Bécue

Bastian Blank  wrote on 31/03/2024 at 09:11:59+0200:

> On Sat, Mar 30, 2024 at 07:15:28PM -0700, Otto Kekäläinen wrote:
>> I am doing all my builds inside a (Podman) container with the sources
>> loop-mounted.
>
> You do, but Debian itself (aka DSA) does not.  They still prefer to
> trust all 100k packages and run them as root in the init namespace over
> the five people who can login as buildd and potentially trigger
> capability reachable problems in the kernel.  This is what got as in
> part of the situation, as we don't even know if the buildd hosts are
> untampered.

Ok, maybe the current situation is not that good and maybe we (DSA) need
to change our priority focuses.

But FWIW, being passive-agressive in order to question something and
doing finger pointing is just the best way to get a constructive idea
ignored.

So, IDK, pour some water in your wine and try a nicer way of stating
what you find problematic?

We'll try to jump the unshare schroot train.

-- 
PEB

signature.asc
Description: PGP signature

Re: xz backdoor

2024-03-31 Thread Pierre-Elliott Bécue

Hello,

Iustin Pop  wrote on 31/03/2024 at 13:13:27+0200:

> On 2024-03-31 10:47:57, Luca Boccassi wrote:
>> On Sun, 31 Mar 2024 at 08:39, Bastian Blank  wrote:
>> >
>> > On Sun, Mar 31, 2024 at 12:05:54PM +0500, Andrey Rakhmatullin wrote:
>> > > On Sat, Mar 30, 2024 at 11:22:33PM -0300, Santiago Ruano Rincón wrote:
>> > > > As others have said, the best solution is to relay on HSW for handling
>> > > > the cryptographic material.
>> > > Aren't these answers to different questions?
>> > > Not all attacks are about stealing the key or using it to sign unintended
>> > > things.
>> >
>> > Also a HSM does only allow to control access to the cryptographic
>> > material.  But it asserts no control over what is actually signed.
>> >
>> > So an attacker needs to wait until you ask the HSM it is okay to sign
>> > something.
>> >
>> > Bastian
>> 
>> This is true as in the default configuration you get asked for the
>> yubikey pin only once per "session", and then it's cached
>> transparently and there's no GUI feedback when the token is used (the
>> light on it blinks, but noticing that requires having it in line of
>> sight at all times). However, it's already better than nothing as it
>> means such an attack must be "online", and run in the same "session"
>> as the active user, so perfect should definitely not be the enemy of
>> good here IMHO. Also, iirc this can be configured to always ask for
>> the pin on each signature, although this could get burdensome. But
>> given the very low price of yubikeys (or similar tokens), and how well
>> and seamless they work these days, I think the offer of buying any DD
>> that doesn't have one such a token is one that we should take up and
>> make it happen.
>
> Jumping in late in the HSM thread, but I'm not sure I understand the
> exact setup people propose.
>
> Option 1: Moving keys to one yubikey, while keeping the original key
> material "safe" offline. How do you know the "safe offline" material is
> safe and hasn't been copied?

If your threat model includes NSA, you can't.

I have two backups of my main PGP key on two encrypted devices. One is
always with me, the other is stored "safely" at home. (I put quotes
because while I'm convinced it'd be from hard to impossible to find it,
theoretically when I leave home, a sufficiently motivated agent could
try and find it)

I consider this model safe enough, especially since the key also is
encrypted with a passphrase, meaning one would need to:

 1. Find the backup device
 2. Copy it (I've put some measures that would normally make me
aware that someone touched the device)
 3. Break the cryptographic protection on it
 4. Break the passphrase protection on the private key.

I consider that doing more would be too expensive for a little to no
gain.

> Option 2: Generate keys on the yubikey and have them never leave the
> secure enclave. That means having 2 yubikeys per developer, and ensuring
> you keep track of _two_ keys, but it does ensure there's a physical
> binding to the key.
>
> Are there other options? And which option is proposed?

I would object against creating a PGP key on the HSM itself. Not having
the proper control on the key is room for disaster as soon as you lose
it or it dies.

> I have quite a few yubikeys, but I haven't migrated to use them since
> it's not clear to me what is a good, and recommended, workflow. I'm
> relatively against option 1, since the "safe offline" key material
> somehow doesn't appeal to me.

Any workflow that makes a non-governmental attacker's life a PITA
without forcing you to share their pain is a good workflow.

Security habits are incremental learning and trials, don't expect to
reach top levels in one day.

As stated elsewhere, I started to work on a blog post regarding my
Yubikey configs/habits. I'll try to get it out at some point. I consider
the opportunity to extend further upon the topic and try to write about
some of my security habits, it that can help.

Cheers,

-- 
PEB

signature.asc
Description: PGP signature

1 2 >

1 - 100 of 187 matches

Mail list logo