Re: Upstream Tarball Signature Files

2017-08-14 Thread Paul Hardy 
Russ,

On Sat, Aug 12, 2017 at 7:59 PM, Russ Allbery  wrote:

>
> Hi Paul,
>
> This isn't a debian-policy matter...
>

My thinking was it would be beneficial for Debian Policy to suggest (but
not require) use of upstream OpenPGP signatures when available, because
such signature file use will help ensure the integrity of the Debian
archive.

However, I don't think it's a good idea to support multiple file names for
> the same thing...
>
> It's almost never a good idea to introduce synonyms into any sort of
> standard.  It adds a lot of complexity that has to be maintained forever,
> to very little benefit.


In this case, it is a trade-off between Debian packaging tools accepting
both ASCII and binary signature files forever, versus Debian maintainers
who repackage upstream sources with binary signatures having to convert
those signatures with each new upstream release forever.

The GNU FTP repository files are accompanied by binary ".sig" signatures
during upload to that site, and are listed with the accompanying files
(which is why I need to generate binary ".sig" files for upstream).  The
benefit at least would be for Debian maintainers who re-package those GNU
Project files.

However, I can propose additions for the Policy Manual in Chapter 4 and the
Files and Checksums sections that only describe the ".asc" format.  At
least that will document the current situation.

Thanks,


Paul Hardy

Processed: Re: lintian: [checks/cruft] use substr instead of substring in example

2017-08-14 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> tags 871767 + pending
Bug #871767 [lintian] lintian: [checks/cruft] use substr instead of substring 
in example
Added tag(s) pending.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
871767: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871767
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#871767: lintian: [checks/cruft] use substr instead of substring in example

2017-08-14 Thread Chris Lamb 
tags 871767 + pending
thanks

Fixed in Git:

  
https://anonscm.debian.org/git/lintian/lintian.git/commit/?id=e1bb087d6449e6fd3a973efbea6bfae9778dc74d


Regards,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org / chris-lamb.co.uk
   `-

[lintian] 01/01: Apply patch from Alex Muntada (alexm) to use "substr" instead of "substring" in mentions-deprecated-usr-lib-perl5-directory's description. (Closes: #871767)

2017-08-14 Thread Chris Lamb 
This is an automated email from the git hooks/post-receive script.

lamby pushed a commit to branch master
in repository lintian.

commit e1bb087d6449e6fd3a973efbea6bfae9778dc74d
Author: Chris Lamb 
Date:   Mon Aug 14 16:27:43 2017 -0700

Apply patch from Alex Muntada (alexm) to use "substr" instead of 
"substring" in mentions-deprecated-usr-lib-perl5-directory's description. 
(Closes: #871767)
---
 checks/cruft.desc | 2 +-
 debian/changelog  | 3 +++
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/checks/cruft.desc b/checks/cruft.desc
index 57ed5cc..e394856 100644
--- a/checks/cruft.desc
+++ b/checks/cruft.desc
@@ -857,7 +857,7 @@ Info: As of Perl 5.20, the vendorarch directory is 
/usr/lib//perl
  but this package still uses usr/lib/perl5 in some of the files under debian/.
  Please replace that with the value of $Config{vendorarch} configuration
  parameter, e.g.
-  $(shell perl -MConfig -wE'say substring($$Config{vendorarch},1)')
+  $(shell perl -MConfig -wE'say substr($$Config{vendorarch},1)')
 
 Tag: readme-source-is-dh_make-template
 Severity: important
diff --git a/debian/changelog b/debian/changelog
index a69d703..d24a122 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -24,6 +24,9 @@ lintian (2.5.53) UNRELEASED; urgency=medium
 + [CL] Downgrade severity of file-contains-fixme-placeholder
   tag from "important" (ie. "E:") to "wishlist" (ie. "I:").
   Thanks to Gregor Herrmann for the suggestion.
++ [CL] Apply patch from Alex Muntada (alexm) to use "substr" instead
+  of "substring" in mentions-deprecated-usr-lib-perl5-directory's
+  description.  (Closes: #871767)
   * checks/debhelper.pm:
 + [CL] Prevent a false positive of
   missing-build-dependency-for-dh_-command that can be exposed by

-- 
Alioth's /usr/local/bin/git-commit-notice on 
/srv/git.debian.org/git/lintian/lintian.git

[lintian] branch master updated (c17ffb8 -> e1bb087)

2017-08-14 Thread Chris Lamb 
This is an automated email from the git hooks/post-receive script.

lamby pushed a change to branch master
in repository lintian.

  from  c17ffb8   data/fields/obsolete-packages: Add dh-systemd. (Closes: 
#872076)
   new  e1bb087   Apply patch from Alex Muntada (alexm) to use "substr" 
instead of "substring" in mentions-deprecated-usr-lib-perl5-directory's 
description. (Closes: #871767)

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "adds" were already present in the repository and have only
been added to this reference.


Summary of changes:
 checks/cruft.desc | 2 +-
 debian/changelog  | 3 +++
 2 files changed, 4 insertions(+), 1 deletion(-)

-- 
Alioth's /usr/local/bin/git-commit-notice on 
/srv/git.debian.org/git/lintian/lintian.git

Participe da Interconf 2017!

2017-08-14 Thread Terraviva Eventos 
Participe!

Parque de Exposições Pedro Ludovico Teixeira.
Rua 250 - Setor Nova Vila | Goiânia - GO.

Inscrições abertas no site: www.interconf.org.br

Re: Upstream Tarball Signature Files

2017-08-14 Thread Russ Allbery 
Henrique de Moraes Holschuh  writes:

> We do when the binary sig is small enough to be stored along with the
> inode, instead of requiring an entire filesystem block (4KiB), and the
> armored signature is not small enough for that :-( Of course, this
> really depends a lot on the filesystem, etc.

I'm not sure what signatures you're looking at.  Maybe ones with lots of
separate signers?  A typical *.asc file with one signer is about 500
bytes.

> May I humbly suggest that, *if* a change is going to be made, we switch
> to ".sig" (binary) and ".sig.asc" (armored), or .sig.gpg / sig.gpg.asc?
> As in "let's not overload .asc to mean armored signature, when it only
> means ASCII text"...

Note that I'm arguing for no change, just documenting the existing support
for *.asc upstream signatures.  This will imply that anyone who wants to
include an upstream signature that's provided in *.sig format will need to
convert it to *.asc, but that's not a *change*.  That's the current state
of the archive.

-- 
Russ Allbery (r...@debian.org)

Re: Upstream Tarball Signature Files

2017-08-14 Thread Henrique de Moraes Holschuh 
On Mon, 14 Aug 2017, Russ Allbery wrote:
> Henrique de Moraes Holschuh  writes:
> > On Sun, 13 Aug 2017, Russ Allbery wrote:
> >> it can't just move the file -- it has to ASCII-armor it.  But still, I
> >> think that's the right thing for the tools to do, not add another file.
> >> (The ASCII format is completely equivalent to the binary format; the
> >> conversion shouldn't lose or change any data.)
> 
> > The armor just wastes space, and will do so for every signature in the
> > archive.
> 
> I very much doubt we will ever notice such a tiny amount of overhead.

We do when the binary sig is small enough to be stored along with the
inode, instead of requiring an entire filesystem block (4KiB), and the
armored signature is not small enough for that :-(   Of course, this
really depends a lot on the filesystem, etc.

It is not an extreme difference anyway even in the worst case, but it
might be a Good Idea to avoid technical debt on a feature we have not
even deployed to production (as in "started to use") yet, without at
least considering the alternatives.

> > Why are we not using binary signatures in the first place, if we're
> > going to mandate conversions?
> 
> We could go that route too, but I don't think the benefits are worth
> changing the existing code that supports *.asc files.  But I certainly
> wouldn't object if the folks doing the work wanted to change.  I just want
> to support only one or the other.

Then we should have gone with .sig :-(  At least it means "signature",
and not "ascii text".

May I humbly suggest that, *if* a change is going to be made, we switch
to ".sig" (binary) and ".sig.asc" (armored), or .sig.gpg / sig.gpg.asc?
As in "let's not overload .asc to mean armored signature, when it only
means ASCII text"...

-- 
  Henrique Holschuh

Re: Upstream Tarball Signature Files

2017-08-14 Thread Russ Allbery 
Henrique de Moraes Holschuh  writes:
> On Sun, 13 Aug 2017, Russ Allbery wrote:

>> it can't just move the file -- it has to ASCII-armor it.  But still, I
>> think that's the right thing for the tools to do, not add another file.
>> (The ASCII format is completely equivalent to the binary format; the
>> conversion shouldn't lose or change any data.)

> The armor just wastes space, and will do so for every signature in the
> archive.

I very much doubt we will ever notice such a tiny amount of overhead.

> Why are we not using binary signatures in the first place, if we're
> going to mandate conversions?

We could go that route too, but I don't think the benefits are worth
changing the existing code that supports *.asc files.  But I certainly
wouldn't object if the folks doing the work wanted to change.  I just want
to support only one or the other.

-- 
Russ Allbery (r...@debian.org)

Jenkins build is back to normal : lintian-tests_sid #1856

2017-08-14 Thread jenkins 
See

Processed: Re: lintian: please warn about build-dependency on dh-systemd

2017-08-14 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> tags 872076 + pending
Bug #872076 [lintian] lintian: please warn about build-dependency on dh-systemd
Added tag(s) pending.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
872076: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=872076
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#872076: lintian: please warn about build-dependency on dh-systemd

2017-08-14 Thread Chris Lamb 
tags 872076 + pending
thanks

Applied in Git:

  
https://anonscm.debian.org/git/lintian/lintian.git/commit/?id=c17ffb85d34635cd3cfc045437750eb1a83c3954


Regards,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org / chris-lamb.co.uk
   `-

Build failed in Jenkins: lintian-tests_sid #1855

2017-08-14 Thread jenkins 
See 

--
Started by an SCM change
[EnvInject] - Loading node environment variables.
Building on master in workspace 

Wiping out workspace first.
Cloning the remote Git repository
Cloning repository git://anonscm.debian.org/lintian/lintian.git
 > git init  # timeout=10
Fetching upstream changes from git://anonscm.debian.org/lintian/lintian.git
 > git --version # timeout=10
 > git fetch --tags --progress git://anonscm.debian.org/lintian/lintian.git 
 > +refs/heads/*:refs/remotes/origin/*
ERROR: Error cloning remote repo 'origin'
hudson.plugins.git.GitException: Command "git fetch --tags --progress 
git://anonscm.debian.org/lintian/lintian.git 
+refs/heads/*:refs/remotes/origin/*" returned status code 128:
stdout: 
stderr: fatal: unable to connect to anonscm.debian.org:
anonscm.debian.org[0: 5.153.231.21]: errno=Connection refused
anonscm.debian.org[1: 2001:41c8:1000:21::21:21]: errno=Network is unreachable


at 
org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandIn(CliGitAPIImpl.java:1924)
at 
org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandWithCredentials(CliGitAPIImpl.java:1643)
at 
org.jenkinsci.plugins.gitclient.CliGitAPIImpl.access$300(CliGitAPIImpl.java:71)
at 
org.jenkinsci.plugins.gitclient.CliGitAPIImpl$1.execute(CliGitAPIImpl.java:352)
at 
org.jenkinsci.plugins.gitclient.CliGitAPIImpl$2.execute(CliGitAPIImpl.java:559)
at hudson.plugins.git.GitSCM.retrieveChanges(GitSCM.java:1075)
at hudson.plugins.git.GitSCM.checkout(GitSCM.java:1115)
at hudson.scm.SCM.checkout(SCM.java:495)
at hudson.model.AbstractProject.checkout(AbstractProject.java:1276)
at 
hudson.model.AbstractBuild$AbstractBuildExecution.defaultCheckout(AbstractBuild.java:560)
at jenkins.scm.SCMCheckoutStrategy.checkout(SCMCheckoutStrategy.java:86)
at 
hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:485)
at hudson.model.Run.execute(Run.java:1735)
at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43)
at hudson.model.ResourceController.execute(ResourceController.java:97)
at hudson.model.Executor.run(Executor.java:405)
ERROR: Error cloning remote repo 'origin'

Build failed in Jenkins: lintian-tests_sid #1854

2017-08-14 Thread jenkins 
See 

--
Started by an SCM change
[EnvInject] - Loading node environment variables.
Building on master in workspace 

Wiping out workspace first.
Cloning the remote Git repository
Cloning repository git://anonscm.debian.org/lintian/lintian.git
 > git init  # timeout=10
Fetching upstream changes from git://anonscm.debian.org/lintian/lintian.git
 > git --version # timeout=10
 > git fetch --tags --progress git://anonscm.debian.org/lintian/lintian.git 
 > +refs/heads/*:refs/remotes/origin/*
 > git config remote.origin.url git://anonscm.debian.org/lintian/lintian.git # 
 > timeout=10
 > git config --add remote.origin.fetch +refs/heads/*:refs/remotes/origin/* # 
 > timeout=10
 > git config remote.origin.url git://anonscm.debian.org/lintian/lintian.git # 
 > timeout=10
Fetching upstream changes from git://anonscm.debian.org/lintian/lintian.git
 > git fetch --tags --progress git://anonscm.debian.org/lintian/lintian.git 
 > +refs/heads/*:refs/remotes/origin/*
ERROR: Error fetching remote repo 'origin'
hudson.plugins.git.GitException: Failed to fetch from 
git://anonscm.debian.org/lintian/lintian.git
at hudson.plugins.git.GitSCM.fetchFrom(GitSCM.java:817)
at hudson.plugins.git.GitSCM.retrieveChanges(GitSCM.java:1084)
at hudson.plugins.git.GitSCM.checkout(GitSCM.java:1115)
at hudson.scm.SCM.checkout(SCM.java:495)
at hudson.model.AbstractProject.checkout(AbstractProject.java:1276)
at 
hudson.model.AbstractBuild$AbstractBuildExecution.defaultCheckout(AbstractBuild.java:560)
at jenkins.scm.SCMCheckoutStrategy.checkout(SCMCheckoutStrategy.java:86)
at 
hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:485)
at hudson.model.Run.execute(Run.java:1735)
at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43)
at hudson.model.ResourceController.execute(ResourceController.java:97)
at hudson.model.Executor.run(Executor.java:405)
Caused by: hudson.plugins.git.GitException: Command "git fetch --tags 
--progress git://anonscm.debian.org/lintian/lintian.git 
+refs/heads/*:refs/remotes/origin/*" returned status code 128:
stdout: 
stderr: fatal: unable to connect to anonscm.debian.org:
anonscm.debian.org[0: 5.153.231.21]: errno=Connection refused
anonscm.debian.org[1: 2001:41c8:1000:21::21:21]: errno=Network is unreachable


at 
org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandIn(CliGitAPIImpl.java:1924)
at 
org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandWithCredentials(CliGitAPIImpl.java:1643)
at 
org.jenkinsci.plugins.gitclient.CliGitAPIImpl.access$300(CliGitAPIImpl.java:71)
at 
org.jenkinsci.plugins.gitclient.CliGitAPIImpl$1.execute(CliGitAPIImpl.java:352)
at hudson.plugins.git.GitSCM.fetchFrom(GitSCM.java:815)
... 11 more
ERROR: Error fetching remote repo 'origin'

[lintian] 01/01: data/fields/obsolete-packages: Add dh-systemd. (Closes: #872076)

2017-08-14 Thread Chris Lamb 
This is an automated email from the git hooks/post-receive script.

lamby pushed a commit to branch master
in repository lintian.

commit c17ffb85d34635cd3cfc045437750eb1a83c3954
Author: Mattia Rizzolo 
Date:   Mon Aug 14 09:43:43 2017 +0200

data/fields/obsolete-packages: Add dh-systemd. (Closes: #872076)

Signed-off-by: Chris Lamb 
---
 data/fields/obsolete-packages | 3 +++
 debian/changelog  | 2 ++
 2 files changed, 5 insertions(+)

diff --git a/data/fields/obsolete-packages b/data/fields/obsolete-packages
index 9a9b929..e9a7d4a 100644
--- a/data/fields/obsolete-packages
+++ b/data/fields/obsolete-packages
@@ -111,3 +111,6 @@ mysql-server-core => default-mysql-server-core
 mysql-client => default-mysql-client
 mysql-client-core => default-mysql-client-core
 libmysqlclient-dev => default-libmysqlclient-dev
+
+# Deprecated in Stretch (#872076)
+dh-systemd => use debhelper (>= 9.20160709)
diff --git a/debian/changelog b/debian/changelog
index 10c3a59..a69d703 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -74,6 +74,8 @@ lintian (2.5.53) UNRELEASED; urgency=medium
   libsass, libytnef, and taglib.
 + [RG] Use an additional string to detect embedded copies of
   openjpeg2.  (Closes: #762956)
+  * data/fields/obsolete-packages:
++ [MR] Add dh-systemd.  (Closes: #872076)
   * data/files/obsolete-paths:
 + [CL] Add note to /etc/bash_completion.d entry regarding stricter
   filename requirements.  (Closes: #814599)

-- 
Alioth's /usr/local/bin/git-commit-notice on 
/srv/git.debian.org/git/lintian/lintian.git

[lintian] branch master updated (6c8d3c9 -> c17ffb8)

2017-08-14 Thread Chris Lamb 
This is an automated email from the git hooks/post-receive script.

lamby pushed a change to branch master
in repository lintian.

  from  6c8d3c9   Add note to /etc/bash_completion.d entry regarding 
stricter filename requirements. (Closes: #814599)
   new  c17ffb8   data/fields/obsolete-packages: Add dh-systemd. (Closes: 
#872076)

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "adds" were already present in the repository and have only
been added to this reference.


Summary of changes:
 data/fields/obsolete-packages | 3 +++
 debian/changelog  | 2 ++
 2 files changed, 5 insertions(+)

-- 
Alioth's /usr/local/bin/git-commit-notice on 
/srv/git.debian.org/git/lintian/lintian.git

Re: Upstream Tarball Signature Files

2017-08-14 Thread Henrique de Moraes Holschuh 
On Sun, 13 Aug 2017, Russ Allbery wrote:
> it can't just move the file -- it has to ASCII-armor it.  But still, I
> think that's the right thing for the tools to do, not add another file.
> (The ASCII format is completely equivalent to the binary format; the
> conversion shouldn't lose or change any data.)

The armor just wastes space, and will do so for every signature in the
archive.

Why are we not using binary signatures in the first place, if we're
going to mandate conversions?

-- 
  Henrique Holschuh

Processed: Re: Bug#872076: lintian: please warn about build-dependency on dh-systemd

2017-08-14 Thread Debian Bug Tracking System 
Processing control commands:

> tag -1 + patch
Bug #872076 [lintian] lintian: please warn about build-dependency on dh-systemd
Added tag(s) patch.

-- 
872076: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=872076
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#872076: lintian: please warn about build-dependency on dh-systemd

2017-08-14 Thread Mattia Rizzolo 
Control: tag -1 + patch

On Mon, Aug 14, 2017 at 09:31:24AM +0200, Mattia Rizzolo wrote:
> dh-systemd is a transitional package in stretch, pointing to a new
> enough debhelper.  Please emit a warning about an explicit
> build-dependency on it.
> 
> See also https://bugs.debian.org/871312

Patch attached.

-- 
regards,
Mattia Rizzolo

GPG Key: 66AE 2B4A FCCF 3F52 DA18  4D18 4B04 3FCD B944 4540  .''`.
more about me:  https://mapreri.org : :'  :
Launchpad user: https://launchpad.net/~mapreri  `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia  `-
From ddc8d99c01c5716089732fe209e7dddef0566b61 Mon Sep 17 00:00:00 2001
From: Mattia Rizzolo 
Date: Mon, 14 Aug 2017 09:43:43 +0200
Subject: [PATCH] data/fields/obsolete-packages: add dh-systemd

Closes: #872076
Signed-off-by: Mattia Rizzolo 
---
 data/fields/obsolete-packages | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/data/fields/obsolete-packages b/data/fields/obsolete-packages
index 9a9b9296f..e9a7d4aea 100644
--- a/data/fields/obsolete-packages
+++ b/data/fields/obsolete-packages
@@ -111,3 +111,6 @@ mysql-server-core => default-mysql-server-core
 mysql-client => default-mysql-client
 mysql-client-core => default-mysql-client-core
 libmysqlclient-dev => default-libmysqlclient-dev
+
+# Deprecated in Stretch (#872076)
+dh-systemd => use debhelper (>= 9.20160709)
-- 
2.14.1



signature.asc
Description: PGP signature

Bug#872076: lintian: please warn about build-dependency on dh-systemd

2017-08-14 Thread Mattia Rizzolo 
Package: lintian
Version 2.5.52
Severity: wishlist

dh-systemd is a transitional package in stretch, pointing to a new
enough debhelper.  Please emit a warning about an explicit
build-dependency on it.

See also https://bugs.debian.org/871312

-- 
regards,
Mattia Rizzolo

GPG Key: 66AE 2B4A FCCF 3F52 DA18  4D18 4B04 3FCD B944 4540  .''`.
more about me:  https://mapreri.org : :'  :
Launchpad user: https://launchpad.net/~mapreri  `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia  `-


signature.asc
Description: PGP signature