Re: freeplane auto removal

2017-08-17 Thread Felix Natter 
Markus Koschany  writes:

> Am 17.08.2017 um 21:01 schrieb Felix Natter:
> [...]
>> --> So what do I do with #870103, which is grave, but is not
>> reproducible and it seems it does not affect all users?
>
> Hi,

hi Bas, hi Markus,

> I suggest to lower the severity to important and tag the bug as
> "moreinfo". Apparently it is not a general issue and maybe more subtle.
> Usually you will see that more people complain about an unusable package
> especially when we talk about packages with a significant popcon value.
> If the bug reporter does not reply to your questions, the only thing you
> can do is wait for more information from other users.

done, thank you both (at least I triggered it, should be updated soon).

Cheers and Best Regards,
-- 
Felix Natter

Re: freeplane auto removal

2017-08-17 Thread Markus Koschany 
Am 17.08.2017 um 21:01 schrieb Felix Natter:
[...]
> --> So what do I do with #870103, which is grave, but is not
> reproducible and it seems it does not affect all users?

Hi,

I suggest to lower the severity to important and tag the bug as
"moreinfo". Apparently it is not a general issue and maybe more subtle.
Usually you will see that more people complain about an unusable package
especially when we talk about packages with a significant popcon value.
If the bug reporter does not reply to your questions, the only thing you
can do is wait for more information from other users.

Regards,

Markus



signature.asc
Description: OpenPGP digital signature

Re: freeplane auto removal

2017-08-17 Thread Sebastiaan Couwenberg 
On 08/17/2017 09:01 PM, Felix Natter wrote:
> --> So what do I do with #870103, which is grave, but is not
> reproducible and it seems it does not affect all users?

Downgrade the severity to important.

Kind Regards,

Bas

-- 
 GPG Key ID: 4096R/6750F10AE88D4AF1
Fingerprint: 8182 DE41 7056 408D 6146  50D1 6750 F10A E88D 4AF1

freeplane auto removal

2017-08-17 Thread Felix Natter 
hi,

I wonder whether the auto-removal of freeplane due to a issue [1] that I
can't reproduce does make sense (14 days left)?
I have a guess at a workaround, but the reporter does not react.

Also, my QA page [2] reads like it would be removed from stretch as
well? I guess this is just a display problem since the "1.5.18-1" box
exists only once..

--> So what do I do with #870103, which is grave, but is not
reproducible and it seems it does not affect all users?

[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870103
[2] https://qa.debian.org/developer.php?login=fnat...@gmx.net

Thanks and Best Regards,
-- 
Felix Natter

Security issue in groovy<2.5.0

2017-08-17 Thread Felix Natter 
hello debian-java,

freeplane 1.5/1.6 added a library [1] which uses byte-buddy to fix a
security problem in groovy < 2.5.0 [2]. The fix will be included in
groovy 2.5, which should be released soon (currently at 2.5.0-beta-2).

So the question is: Can I package freeplane without the 'securegroovy'
library, expecting that groovy 2.5 will be released soon, and will
shortly after be packaged for Debian?

[1] https://github.com/dpolivaev/securegroovy/

[2] https://issues.apache.org/jira/browse/GROOVY-8163
(freeplane maps include groovy scripts which can escape the sandbox)

Thanks and Best Regards,
-- 
Felix Natter

Re: freeplane deb - was: freeplane SNAP / gradle-debian-helper: option for turning off --offline

2017-08-17 Thread Felix Natter 
Oliver Kopp  writes:

> Hi,

hi Oliver,

> 2017-08-12 10:57 GMT+02:00 Emmanuel Bourg :
>
>> I think it would be easier to simply run gradle directly and build the
>> .deb with jdeb.
>
> Thank you for the pointer. jdeb cannot do gradle (see
> https://github.com/tcurdt/jdeb/issues/132). But there is
> gradle-ospackage-plugin from Netflix:
> https://github.com/nebula-plugins/gradle-ospackage-plugin. Felix,
> maybe this could worth a try?

This looks really good, I'll try it :-)

Cheers and Best Regards,
-- 
Felix Natter

Re: Notes from the DebConf 17 Java BOF

2017-08-17 Thread Frederic Bonnard 
Hi Tony,

On Wed, 16 Aug 2017 14:41:44 -0700, tony mancill  wrote:
> Hi Frederic,
> 
> On Wed, Aug 16, 2017 at 10:01:26AM +0200, Frederic Bonnard wrote:
> > Hi Emmanuel/all,
> > > What are the issues blocking SBT currently?
> > 
> > I've sent a list of sbt related packages (for experimental) on mentors
> > some time ago that Andreas kindly sponsored them. All but one were accepted
> > by ftpmasters ; there's only scala-tools-sbinary remaining : I guess
> > it's being examined :)
> > https://mentors.debian.net/package/scala-tools-sbinary
> > 
> > So at the moment, we have in experimental :
> > https://tracker.debian.org/pkg/jawn
> > https://tracker.debian.org/pkg/json4s
> > https://tracker.debian.org/pkg/sbt
> > https://tracker.debian.org/pkg/sbt-ivy
> > https://tracker.debian.org/pkg/sbt-launcher-interface
> > https://tracker.debian.org/pkg/sbt-serialization
> > https://tracker.debian.org/pkg/sbt-template-resolver
> > https://tracker.debian.org/pkg/sbt-test-interface
> > https://tracker.debian.org/pkg/scala-pickling
> > https://tracker.debian.org/pkg/scopt
> > 
> > and waiting for scala-tools-sbinary.
> 
> I can have a look at scala-tools-sbinary.  I have gone ahead and
> uploaded sbt to unstable [1] because I wanted to incorporate Chris
> Lamb's reproducible builds patch.

wow, thanks a lot Tony for both actions (I think I missed that
reproducibility bug notification at some point :-° )

Well, I actually didn't know if somebody was having a look at
scala-tools-sbinary at the moment or not, given that d/copyright may be
huge and can take some time.

If you have spare time for this, I'd be glad you help, but nothing
urgent on my side.

F.

> Thank you,
> tony
> 
> [1] https://tracker.debian.org/news/862551


pgpTTRjHSg5sD.pgp
Description: PGP signature

Re: Notes from the DebConf 17 Java BOF

2017-08-17 Thread Frederic Bonnard 
> > I've sent a list of sbt related packages (for experimental) on mentors
> > some time ago that Andreas kindly sponsored them. All but one were accepted
> > by ftpmasters ; there's only scala-tools-sbinary remaining : I guess
> > it's being examined :)
> > https://mentors.debian.net/package/scala-tools-sbinary
> 
> Thank you for the update! If you need to upload more packages in the
> future I suggest cross-posting your RFS on this list, your packages are
> more likely to be picked up by the developers here.

eh, that's a good idea, all the more that some packages may follow as
the above is almost "preliminary" work to have a sbt core which is
insufficient in most real life use, because many other sbt plugins/scala
libraries are needed.
As far as I remember, once we have the above packages in experimental,
I'll help Andreas packaging some project, he's interested in, that uses sbt.
This way we (all people willing to help) should be able to see what's
next (failing/missing...).

F.


pgpRAkc0YWqtf.pgp
Description: PGP signature