Re: freeplane auto removal
Markus Koschanywrites: > Am 17.08.2017 um 21:01 schrieb Felix Natter: > [...] >> --> So what do I do with #870103, which is grave, but is not >> reproducible and it seems it does not affect all users? > > Hi, hi Bas, hi Markus, > I suggest to lower the severity to important and tag the bug as > "moreinfo". Apparently it is not a general issue and maybe more subtle. > Usually you will see that more people complain about an unusable package > especially when we talk about packages with a significant popcon value. > If the bug reporter does not reply to your questions, the only thing you > can do is wait for more information from other users. done, thank you both (at least I triggered it, should be updated soon). Cheers and Best Regards, -- Felix Natter
Re: freeplane auto removal
Am 17.08.2017 um 21:01 schrieb Felix Natter: [...] > --> So what do I do with #870103, which is grave, but is not > reproducible and it seems it does not affect all users? Hi, I suggest to lower the severity to important and tag the bug as "moreinfo". Apparently it is not a general issue and maybe more subtle. Usually you will see that more people complain about an unusable package especially when we talk about packages with a significant popcon value. If the bug reporter does not reply to your questions, the only thing you can do is wait for more information from other users. Regards, Markus signature.asc Description: OpenPGP digital signature
Re: freeplane auto removal
On 08/17/2017 09:01 PM, Felix Natter wrote: > --> So what do I do with #870103, which is grave, but is not > reproducible and it seems it does not affect all users? Downgrade the severity to important. Kind Regards, Bas -- GPG Key ID: 4096R/6750F10AE88D4AF1 Fingerprint: 8182 DE41 7056 408D 6146 50D1 6750 F10A E88D 4AF1
freeplane auto removal
hi, I wonder whether the auto-removal of freeplane due to a issue [1] that I can't reproduce does make sense (14 days left)? I have a guess at a workaround, but the reporter does not react. Also, my QA page [2] reads like it would be removed from stretch as well? I guess this is just a display problem since the "1.5.18-1" box exists only once.. --> So what do I do with #870103, which is grave, but is not reproducible and it seems it does not affect all users? [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870103 [2] https://qa.debian.org/developer.php?login=fnat...@gmx.net Thanks and Best Regards, -- Felix Natter
Security issue in groovy<2.5.0
hello debian-java, freeplane 1.5/1.6 added a library [1] which uses byte-buddy to fix a security problem in groovy < 2.5.0 [2]. The fix will be included in groovy 2.5, which should be released soon (currently at 2.5.0-beta-2). So the question is: Can I package freeplane without the 'securegroovy' library, expecting that groovy 2.5 will be released soon, and will shortly after be packaged for Debian? [1] https://github.com/dpolivaev/securegroovy/ [2] https://issues.apache.org/jira/browse/GROOVY-8163 (freeplane maps include groovy scripts which can escape the sandbox) Thanks and Best Regards, -- Felix Natter
Re: freeplane deb - was: freeplane SNAP / gradle-debian-helper: option for turning off --offline
Oliver Koppwrites: > Hi, hi Oliver, > 2017-08-12 10:57 GMT+02:00 Emmanuel Bourg : > >> I think it would be easier to simply run gradle directly and build the >> .deb with jdeb. > > Thank you for the pointer. jdeb cannot do gradle (see > https://github.com/tcurdt/jdeb/issues/132). But there is > gradle-ospackage-plugin from Netflix: > https://github.com/nebula-plugins/gradle-ospackage-plugin. Felix, > maybe this could worth a try? This looks really good, I'll try it :-) Cheers and Best Regards, -- Felix Natter
Re: Notes from the DebConf 17 Java BOF
Hi Tony, On Wed, 16 Aug 2017 14:41:44 -0700, tony mancillwrote: > Hi Frederic, > > On Wed, Aug 16, 2017 at 10:01:26AM +0200, Frederic Bonnard wrote: > > Hi Emmanuel/all, > > > What are the issues blocking SBT currently? > > > > I've sent a list of sbt related packages (for experimental) on mentors > > some time ago that Andreas kindly sponsored them. All but one were accepted > > by ftpmasters ; there's only scala-tools-sbinary remaining : I guess > > it's being examined :) > > https://mentors.debian.net/package/scala-tools-sbinary > > > > So at the moment, we have in experimental : > > https://tracker.debian.org/pkg/jawn > > https://tracker.debian.org/pkg/json4s > > https://tracker.debian.org/pkg/sbt > > https://tracker.debian.org/pkg/sbt-ivy > > https://tracker.debian.org/pkg/sbt-launcher-interface > > https://tracker.debian.org/pkg/sbt-serialization > > https://tracker.debian.org/pkg/sbt-template-resolver > > https://tracker.debian.org/pkg/sbt-test-interface > > https://tracker.debian.org/pkg/scala-pickling > > https://tracker.debian.org/pkg/scopt > > > > and waiting for scala-tools-sbinary. > > I can have a look at scala-tools-sbinary. I have gone ahead and > uploaded sbt to unstable [1] because I wanted to incorporate Chris > Lamb's reproducible builds patch. wow, thanks a lot Tony for both actions (I think I missed that reproducibility bug notification at some point :-° ) Well, I actually didn't know if somebody was having a look at scala-tools-sbinary at the moment or not, given that d/copyright may be huge and can take some time. If you have spare time for this, I'd be glad you help, but nothing urgent on my side. F. > Thank you, > tony > > [1] https://tracker.debian.org/news/862551 pgpTTRjHSg5sD.pgp Description: PGP signature
Re: Notes from the DebConf 17 Java BOF
> > I've sent a list of sbt related packages (for experimental) on mentors > > some time ago that Andreas kindly sponsored them. All but one were accepted > > by ftpmasters ; there's only scala-tools-sbinary remaining : I guess > > it's being examined :) > > https://mentors.debian.net/package/scala-tools-sbinary > > Thank you for the update! If you need to upload more packages in the > future I suggest cross-posting your RFS on this list, your packages are > more likely to be picked up by the developers here. eh, that's a good idea, all the more that some packages may follow as the above is almost "preliminary" work to have a sbt core which is insufficient in most real life use, because many other sbt plugins/scala libraries are needed. As far as I remember, once we have the above packages in experimental, I'll help Andreas packaging some project, he's interested in, that uses sbt. This way we (all people willing to help) should be able to see what's next (failing/missing...). F. pgpRAkc0YWqtf.pgp Description: PGP signature