Re: Packaging of stunnel / MIA for Luis Rodrigo Gallardo Cruz
Hi Rodrigo, On Fri, Feb 07, 2014 at 10:21:12AM -0800, Rodrigo Gallardo wrote: > I do! ah, nice to hear from you. > I have been extremely remiss in my duties, and I have let ego keep > me from accepting it. > > I have orphaned stunnel and all of my other packages. Feel free to > NMU/take over as needs be. I will submit my formal resignation as > soon as I get the machine with my private key out of from under all > those half-read books. > > Meanwhile, please accept my apologies for not doing this earlier. No harm done. Thanks for the work you did for the Debian project :) It's really appreciated. -- Sebastian signature.asc Description: Digital signature
Re: Packaging of stunnel / MIA for Luis Rodrigo Gallardo Cruz
On Friday, February 07, 2014 17:09:27 Ian Jackson wrote:
> Chris Knadle writes ("Re: Packaging of stunnel / MIA for Luis Rodrigo
> Gallardo Cruz"): ...
>
> > Well, here's the typical scenario:
> >- maintainer stops maintaining a package, for whatever reason,
> > and doesn't respond to communication... for a long time.
> >
> >- things change, the package you use that the maintainer had previously
> > maintains breaks, or gets very old compared to upstream that
> > compatibility issues arise.
> >
> > What are your options? [...]
>
> My approach, if I wanted the package, would be to send an Intent to
> Adopt email. If the maintainer does not object then I would make an
> upload making myself the maintainer (or co-maintainer).
>
> If the maintainer does object then presumably you can have a
> conversation with them. If all they do is say "no" to ITA but don't
> actually do anything else, then I think you should ask the TC.
Yes this sounds very reasonable as well.
Thanks -- this helps!
-- Chris
--
Chris Knadle
chris.kna...@coredump.us
signature.asc
Description: This is a digitally signed message part.
Re: Packaging of stunnel / MIA for Luis Rodrigo Gallardo Cruz
Chris Knadle writes ("Re: Packaging of stunnel / MIA for Luis Rodrigo Gallardo
Cruz"):
...
> Well, here's the typical scenario:
>
>- maintainer stops maintaining a package, for whatever reason,
> and doesn't respond to communication... for a long time.
>
>- things change, the package you use that the maintainer had previously
> maintains breaks, or gets very old compared to upstream that
> compatibility issues arise.
>
> What are your options? [...]
My approach, if I wanted the package, would be to send an Intent to
Adopt email. If the maintainer does not object then I would make an
upload making myself the maintainer (or co-maintainer).
If the maintainer does object then presumably you can have a
conversation with them. If all they do is say "no" to ITA but don't
actually do anything else, then I think you should ask the TC.
Ian.
--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/21237.4935.218758.343...@chiark.greenend.org.uk
Re: Packaging of stunnel / MIA for Luis Rodrigo Gallardo Cruz
On Thu, Feb 06, 2014 at 06:56:04PM -0500, Chris Knadle wrote: > I know; I agree with you and I think the text is a bit misleading -- by > stating that you shouldn't change the packaging style it seems to indicate > that NMUs are supposed to be minimalistic, but a situation in which the > maintainer of a package disappears for an extended period is exactly a > situation in which a minimalistic change approach won't work. Right. So just take over the package and do normal uploads? By uploading normal changes as NMU this is what you effectively do anyways. > > > For cases where the maintainer is unresponsive for an extended period, I'd > > > recommend requesting a new version via a 'wishlist' bug, then releasing a > > > new version as a -0.1 NMU. Others (myself included) have done this > > > successfully. > > > > I opened the wishlist bug entry for that (#723781) in September and > > agree, that uploading a -0.1 NMU would solve the issue of the new > > upstream version. > > When I last did this in #728545 for mumble, the situation was rather serious > because it had been removed from jessie due to package dependency issues and > needed to get fixed ASAP. So I opened a wishlist bug, then waited about a > week, then uploaded a package for review to mentors.debian.net and started > hunting for a DD sponsor. > > I contacted the prior maintainer, who examined the package and decided it was > good enough and uploaded it to the DELAYED/5 queue. Then I wrote to the bug > to notify the maintainer in case he needed more time to respond and review > the > package if needed. > >http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=728545 > > I didn't change the packaging style in doing this, but just about everything > else did. ;-) Obviously I was willing to support the package if there were > problems brought by my sponsored upload, and as long as you keep this in mind > as well then I think this practice should work. I think its okay for stunnel to simply follow the steps described in the MIA section of the developers reference [0]. > > OTOH having an active maintainer is more helpful than lots of NMUs > > IMHO. Thus it makes more sense to take over packages or add at least > > add a Co-Maintianer for this. > > Right, exactly. But to start with you may not want to do that; the > maintainer > normally gives approval for adding a co-maintainer. After you've done > several > NMU uploads and tried to contact the maintainer via the MIA team, then after > that I think the next logical step I think is to add one's self onto the list > of Uploaders... basically only because I know of no better option rather than > that being "the right thing to do". Because it's not reasonable to be > expected to do minimalistic changes for long periods of time. The MIA team can orphan packages if the maintainer is MIA, see [0]. Having a ghost-maintainer doing NMUs while the maintainer is MIA feels wrong to me. > So NMUs can solve things in the short-term, but between NMUs and "where to go > from there" is still a limbo I haven't yet gotten good answers for. There's > been a lot of debate on [debian-devel] about this and NMUs are generally one > of the answers, but there are situations that don't quite fit any standard > situation. Like for instance a maintainer might be MIA but ignoring one > particular package for a long period of time, thus the MIA team can't say > that > the maintainer is really MIA, yet the package isn't getting maintenance, and > thus no next logical step to take. That's why I'm suggesting that adding > one's self to Uploaders after some number of NMUs seems to make sense. :-/ > Again not necessarily right, just "the least worst" next step I can think of. If the maintainer is still working on some packages he should be contactable. Thus one can simply ask the maintainer if he/she wants to give the package to another maintainer or get a co-maintainer. [0] https://www.debian.org/doc/manuals/developers-reference/beyond-pkging.html#mia-qa -- Sebastian signature.asc Description: Digital signature
Re: Packaging of stunnel / MIA for Luis Rodrigo Gallardo Cruz
Leaving off the MIA team on this reply, mainly because I don't think this is "news" to them per se and I'd rather not "spam" them. On Friday, February 07, 2014 02:54:09 Sebastian Reichel wrote: > On Thu, Feb 06, 2014 at 06:56:04PM -0500, Chris Knadle wrote: > > I know; I agree with you and I think the text is a bit misleading -- by > > stating that you shouldn't change the packaging style it seems to indicate > > that NMUs are supposed to be minimalistic, but a situation in which the > > maintainer of a package disappears for an extended period is exactly a > > situation in which a minimalistic change approach won't work. > > Right. So just take over the package and do normal uploads? By > uploading normal changes as NMU this is what you effectively do > anyways. Well, here's the typical scenario: - maintainer stops maintaining a package, for whatever reason, and doesn't respond to communication... for a long time. - things change, the package you use that the maintainer had previously maintains breaks, or gets very old compared to upstream that compatibility issues arise. What are your options? Without doing some kind of new upload, the package is in trouble. By doing a new upload, like the maintainer would normally have done, you're /helping the maintainer/ as much as you're helping yourself. To do anything else would mean everyone using the package living with some kind of brokenness in it, because you're perpetually "on hold" hoping the maintainer returns, and he/she might not. That, unfortunately, happens. Waiting, say, six months for the MIA process to complete so that you can take over a package really doesn't make sense if the next Stable release is going to be frozen within that timeframe and the package may get dropped for being ancient, if the package has fallen out of Testing because of dependency issues, if there are security or other RC bugs... and so on. Whether or not you can wait depends on the situation. [...] > I think its okay for stunnel to simply follow the steps described in > the MIA section of the developers reference [0]. Sure -- there's nothing wrong with trying that. The idea is simply to find some avenue that works, whatever it is, and for that avenue to be as reasonable as possible for all parties. > > > OTOH having an active maintainer is more helpful than lots of NMUs > > > IMHO. Thus it makes more sense to take over packages or add at least > > > add a Co-Maintianer for this. > > > > Right, exactly. But to start with you may not want to do that; the > > maintainer normally gives approval for adding a co-maintainer. After > > you've done several NMU uploads and tried to contact the maintainer via > > the MIA team, then after that I think the next logical step I think is to > > add one's self onto the list of Uploaders... basically only because I > > know of no better option rather than that being "the right thing to do". > > Because it's not reasonable to be expected to do minimalistic changes for > > long periods of time. > > The MIA team can orphan packages if the maintainer is MIA, see [0]. > Having a ghost-maintainer doing NMUs while the maintainer is MIA > feels wrong to me. There are situations in which the maintainer is /not/ MIA overall, but seems to be ignoring a particular package. Let me know what you think is reasonable to do in that case. The philosophy I've heard and am going by is the "Debian do-ocracy" -- (quoting one of Stefano Zacchiroli's talks [0]): "An individual Developer may make any technical or nontechnical decision with regard to their own work; [ Debian Constitution, ยง3.3.1.1 ]" The extension of this is that in lieu of the maintainer doing the work he/she would normally do but now isn't, your work should not be impeded perpetually as a result. It therefore seems reasonable to do the necessary work yourself, trying to take the maintainer's wishes into account at the same time. In these situations it is obviously best if the maintainer knew ahead of time that they'd not be maintaining the package anymore and orphan it such that another maintainer can do so, but that doesn't always happen. [0] http://upsilon.cc/~zack/talks/2011/20110321-taipei.pdf Also -- disclaimer -- this view I have is not without controversy, and I am not a DD, nor a DM. I got into packaging work out of necessity because of package breakage, and so NMUs are a central part of what I currently do. With them I have a path to fix issues with Debian package via sponsored uploads, without them I'm simply on hold waiting until the maintainer decides to show up with a new package -- and I thin
Re: Packaging of stunnel / MIA for Luis Rodrigo Gallardo Cruz
Adding Gregor Herrmann to this because he and I were looking to work on #672198 but we both were swamped with other work. On Friday, February 07, 2014 00:02:16 Sebastian Reichel wrote: > On Thu, Feb 06, 2014 at 03:27:51PM -0500, Chris Knadle wrote: > > On Thursday, February 06, 2014 13:59:59 Sebastian Reichel wrote: > > [...] > > > > NMUs don't necessarily need to be minimalistic -- for instance packaging > > new versions is something that can be done with NMUs. This is admittedly > > not terribly clear and I raised this question in #672198 which hasn't had > > any activity for almost two years. > > Yes, but its advised to change as little as possible. I think > changing the packaging style from cdbs to debhelper and similar > changes are not ok (note: this is just an example). I know; I agree with you and I think the text is a bit misleading -- by stating that you shouldn't change the packaging style it seems to indicate that NMUs are supposed to be minimalistic, but a situation in which the maintainer of a package disappears for an extended period is exactly a situation in which a minimalistic change approach won't work. > > For cases where the maintainer is unresponsive for an extended period, I'd > > recommend requesting a new version via a 'wishlist' bug, then releasing a > > new version as a -0.1 NMU. Others (myself included) have done this > > successfully. > > I opened the wishlist bug entry for that (#723781) in September and > agree, that uploading a -0.1 NMU would solve the issue of the new > upstream version. When I last did this in #728545 for mumble, the situation was rather serious because it had been removed from jessie due to package dependency issues and needed to get fixed ASAP. So I opened a wishlist bug, then waited about a week, then uploaded a package for review to mentors.debian.net and started hunting for a DD sponsor. I contacted the prior maintainer, who examined the package and decided it was good enough and uploaded it to the DELAYED/5 queue. Then I wrote to the bug to notify the maintainer in case he needed more time to respond and review the package if needed. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=728545 I didn't change the packaging style in doing this, but just about everything else did. ;-) Obviously I was willing to support the package if there were problems brought by my sponsored upload, and as long as you keep this in mind as well then I think this practice should work. > OTOH having an active maintainer is more helpful than lots of NMUs > IMHO. Thus it makes more sense to take over packages or add at least > add a Co-Maintianer for this. Right, exactly. But to start with you may not want to do that; the maintainer normally gives approval for adding a co-maintainer. After you've done several NMU uploads and tried to contact the maintainer via the MIA team, then after that I think the next logical step I think is to add one's self onto the list of Uploaders... basically only because I know of no better option rather than that being "the right thing to do". Because it's not reasonable to be expected to do minimalistic changes for long periods of time. So NMUs can solve things in the short-term, but between NMUs and "where to go from there" is still a limbo I haven't yet gotten good answers for. There's been a lot of debate on [debian-devel] about this and NMUs are generally one of the answers, but there are situations that don't quite fit any standard situation. Like for instance a maintainer might be MIA but ignoring one particular package for a long period of time, thus the MIA team can't say that the maintainer is really MIA, yet the package isn't getting maintenance, and thus no next logical step to take. That's why I'm suggesting that adding one's self to Uploaders after some number of NMUs seems to make sense. :-/ Again not necessarily right, just "the least worst" next step I can think of. > > As always, thanks for your continued work in Debian. ;-) > > You are welcome. Cheers. If you take the suggestion to do a new version NMU, keep in touch with me and let me know how it works out. [Likewise if you're able figure out "the right path forward", let me know, because I'm likewise in a situation with a package where I need to know what the right solution for this is. ;-)] -- Chris -- Chris Knadle chris.kna...@coredump.us signature.asc Description: This is a digitally signed message part.
Re: Packaging of stunnel / MIA for Luis Rodrigo Gallardo Cruz
On Thu, Feb 06, 2014 at 03:27:51PM -0500, Chris Knadle wrote: > On Thursday, February 06, 2014 13:59:59 Sebastian Reichel wrote: > [...] > > NMUs don't necessarily need to be minimalistic -- for instance packaging new > versions is something that can be done with NMUs. This is admittedly not > terribly clear and I raised this question in #672198 which hasn't had any > activity for almost two years. Yes, but its advised to change as little as possible. I think changing the packaging style from cdbs to debhelper and similar changes are not ok (note: this is just an example). > For cases where the maintainer is unresponsive for an extended period, I'd > recommend requesting a new version via a 'wishlist' bug, then releasing a new > version as a -0.1 NMU. Others (myself included) have done this successfully. I opened the wishlist bug entry for that (#723781) in September and agree, that uploading a -0.1 NMU would solve the issue of the new upstream version. OTOH having an active maintainer is more helpful than lots of NMUs IMHO. Thus it makes more sense to take over packages or add at least add a Co-Maintianer for this. > As always, thanks for your continued work in Debian. ;-) You are welcome. -- Sebastian signature.asc Description: Digital signature
Re: Packaging of stunnel / MIA for Luis Rodrigo Gallardo Cruz
On Thursday, February 06, 2014 13:59:59 Sebastian Reichel wrote: > Hi, > > There have been multiple new upstream releases for stunnel4 and the > package has gathered quite some bugs without any feedback from its > maintainer. Looking at Rodrigo's QA page [0] his last actions were > quite some time ago (2012) and most packages would have gathered RC > bugs without the help of some fellow Debian Developers doing NMUs. > > Lennart Weller has prepared an updated package for stunnel4, which > does not fit the default NMU criteria (e.g. being minimal) and is > also willing to take over the package. I would sponsor the package > for him once Rodrigo's status is clear. > > So here are my questions: > * Does anyone know Rodrigo's whereabouts/status? > * Can the MIA team take this over? > > [0] http://qa.debian.org/developer.php?login=rodrigo&comaint=yes > > -- Sebastian NMUs don't necessarily need to be minimalistic -- for instance packaging new versions is something that can be done with NMUs. This is admittedly not terribly clear and I raised this question in #672198 which hasn't had any activity for almost two years. For cases where the maintainer is unresponsive for an extended period, I'd recommend requesting a new version via a 'wishlist' bug, then releasing a new version as a -0.1 NMU. Others (myself included) have done this successfully. As always, thanks for your continued work in Debian. ;-) -- Chris -- Chris Knadle chris.kna...@coredump.us signature.asc Description: This is a digitally signed message part.
Packaging of stunnel / MIA for Luis Rodrigo Gallardo Cruz
Hi, There have been multiple new upstream releases for stunnel4 and the package has gathered quite some bugs without any feedback from its maintainer. Looking at Rodrigo's QA page [0] his last actions were quite some time ago (2012) and most packages would have gathered RC bugs without the help of some fellow Debian Developers doing NMUs. Lennart Weller has prepared an updated package for stunnel4, which does not fit the default NMU criteria (e.g. being minimal) and is also willing to take over the package. I would sponsor the package for him once Rodrigo's status is clear. So here are my questions: * Does anyone know Rodrigo's whereabouts/status? * Can the MIA team take this over? [0] http://qa.debian.org/developer.php?login=rodrigo&comaint=yes -- Sebastian signature.asc Description: Digital signature
Re: Debian offering stunnel/OpenVPN capabilities? [Was: Re: Restrictive SMTP server]
On Tue, Mar 15, 2005 at 01:04:53PM +0100, Jesus Climent wrote: > > > > > > I'm willing to provide an OpenVPN tunnel to an SMTP server for any DD who > > > is > > > unable to find alternate lodgings, and I'm pretty sure I'm not the only > > > one. > > > > I can offer something as well - I would probably lean towards just > > auth+ssl instead of over VPN, but it's up to you. I just don't happen > > to have a VPN set up yet, so it's less ovrhead for me :) > > Could we think on some stunnel or OpenVPN feature under > people.debian.org/other machine to get mail from debian.org routed to the > outside world? > > With stunnel, a level3 of authentication would be needed, so that the server > gets a client certificate and the client gets a server one. With the > combination of both, one can connect to, say, port 25025 and get a proper > postfix/exim SMTP server on the remote machine. > > I have been dealing with a similar configuration and seems to be working fine > so far. Forgot to mention that the way to get those certs in the server machine would be using your gpg-signed certificate in combination with whichever way of sending an email you have. -- Jesus Climent info:www.pumuki.org Unix SysAdm|Linux User #66350|Debian Developer|2.6.10|Helsinki Finland GPG: 1024D/86946D69 BB64 2339 1CAA 7064 E429 7E18 66FC 1D7F 8694 6D69 When you dance with the devil, you wait for the song to stop. --Barry the Baptist (Lock, Stock and Two Smoking Barrels) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Debian offering stunnel/OpenVPN capabilities? [Was: Re: Restrictive SMTP server]
> > > > I'm willing to provide an OpenVPN tunnel to an SMTP server for any DD who is > > unable to find alternate lodgings, and I'm pretty sure I'm not the only one. > > I can offer something as well - I would probably lean towards just > auth+ssl instead of over VPN, but it's up to you. I just don't happen > to have a VPN set up yet, so it's less ovrhead for me :) Could we think on some stunnel or OpenVPN feature under people.debian.org/other machine to get mail from debian.org routed to the outside world? With stunnel, a level3 of authentication would be needed, so that the server gets a client certificate and the client gets a server one. With the combination of both, one can connect to, say, port 25025 and get a proper postfix/exim SMTP server on the remote machine. I have been dealing with a similar configuration and seems to be working fine so far. -- Jesus Climent info:www.pumuki.org Unix SysAdm|Linux User #66350|Debian Developer|2.6.10|Helsinki Finland GPG: 1024D/86946D69 BB64 2339 1CAA 7064 E429 7E18 66FC 1D7F 8694 6D69 And then he ran into my knife... he ran into my knife ten times. --June (Chicago) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: stunnel
Hello, I created a new package for stunnel 4, it is available at : http://people.debian.org/~speedblue/stunnel/ I will wait a little before take over the package. Best Regards. -- Julien LEMOINE / SpeedBlue pgpNIXSuf9fJZ.pgp Description: PGP signature
stunnel
Hello, I saw stunnel has not been uploaded since december 2001, so unstable version of stunnel is very old. I use stunnel on all my computers, and I would like to take over the package. Is there any objection ? ( I sent a mail to current maintainer Paolo Molaro <[EMAIL PROTECTED]> three weeks ago without answer). Best Regards. -- Julien LEMOINE / SpeedBlue
