Bug#947270: RFS: libfilezilla/0.19.3-1 -- build high-performing platform-independent programs (development
On Thu, 2019-12-26 at 04:53 +0100, Adam Borowski wrote: > On Mon, Dec 23, 2019 at 09:19:20PM +, Phil Wyett wrote: > > Package: sponsorship-requests > > Dear mentors, > > > > I am looking for a sponsor for my package "libfilezilla" > > * Package name: libfilezilla > >Version : 0.19.3-1 > > * Vcs : https://salsa.debian.org/debian/libfilezilla > > Changes since the last upload: > > > >* Team upload > >* New upstream version 0.19.3 > > Hi! > You've marked the package as "team upload", yet: > * it's not currently marked as team maintained >+ although Gianfranco does some "team uploads" > * you're not in its "Uploaders" field > * you have no prior history with this package > * the package is actively maintained > > Thus: have you talked to Adrien or Gianfranco? Sorry for the doubt, > but > quite a few well-meaning contributors try such uncoordinated uploads > -- > in Debian parlance, "hijacks". Thus, I'm asking to verify. > > The upload itself appears to be fine from the technical point of view, > at least at a glance. > > > Meow! Hi, * Marking as 'Team uplaod' is an error and can be corrected if wished. * I am not in uploaders field and should have marked as NMU. * I have no prior history with the package in Debian, but do in Fedora. * The package is not actively maintained. Upates are spotty and basic package work not done; and even CVE's. Please do not claim that I am hijacking a package, it is bad for community and encouraging people to contribute. Regards Phil -- *** Playing the game for the games sake. *** Twitter: @kathenasorg IRC: kathenas signature.asc Description: This is a digitally signed message part
Bug#947270: RFS: libfilezilla/0.19.3-1 -- build high-performing platform-independent programs (development
On Thu, 2019-12-26 at 09:45 +, Phil Wyett wrote: > On Thu, 2019-12-26 at 04:53 +0100, Adam Borowski wrote: > > On Mon, Dec 23, 2019 at 09:19:20PM +, Phil Wyett wrote: > > > Package: sponsorship-requests > > > Dear mentors, > > > > > > I am looking for a sponsor for my package "libfilezilla" > > > * Package name: libfilezilla > > >Version : 0.19.3-1 > > > * Vcs : https://salsa.debian.org/debian/libfilezilla > > > Changes since the last upload: > > > > > >* Team upload > > >* New upstream version 0.19.3 > > > > Hi! > > You've marked the package as "team upload", yet: > > * it's not currently marked as team maintained > >+ although Gianfranco does some "team uploads" > > * you're not in its "Uploaders" field > > * you have no prior history with this package > > * the package is actively maintained > > > > Thus: have you talked to Adrien or Gianfranco? Sorry for the doubt, > > but > > quite a few well-meaning contributors try such uncoordinated uploads > > -- > > in Debian parlance, "hijacks". Thus, I'm asking to verify. > > > > The upload itself appears to be fine from the technical point of > > view, > > at least at a glance. > > > > > > Meow! > > Hi, > > * Marking as 'Team uplaod' is an error and can be corrected if wished. > * I am not in uploaders field and should have marked as NMU. > * I have no prior history with the package in Debian, but do in > Fedora. > * The package is not actively maintained. Upates are spotty and basic > package work not done; and even CVE's. > > Please do not claim that I am hijacking a package, it is bad for > community and encouraging people to contribute. > > Regards > > Phil > Hi, FYI, both: * libfilezilla * filezilla packages for RFS on mentors have been deleted. Regards Phil -- *** Playing the game for the games sake. *** Twitter: @kathenasorg IRC: kathenas signature.asc Description: This is a digitally signed message part
Bug#947143: RFS: wordpress/5.3.2+dfsg1-0.1 [NMU] [RC] -- weblog manager
Hi Markus, Thank you for clarifying the situation. On 2019-12-23 18:24:08, Markus Koschany wrote: Hello Niels, Am 23.12.19 um 15:04 schrieb DebBug: Anyone to chime in? Craig? Markus? There is a bit of confusion here, so I try to explain the situation and how we should proceed. Thank you for filing bug report #947212 to track the security issues in Wordpress. This will help to answer those questions raised by Adam. However there was already #946905 that you could have been used as well. Must have missed that one. You have only recently added me to CC, presumably because I have done IIRC, Craig added you initially, FWIW. some security uploads in the past for Wordpress. I don't know what you have discussed with Craig and if he wants to review your work and sponsor it later. Then you actually don't need to open a sponsorship request on debian-mentors. I yet ignore how the process continues, whether Craig will upload the updated package or someone else. And when. Sponsorship requests are either of severity normal or important. Here it would be ok to use important but the severity is merely an indicator and it doesn't automatically guarantee that a bug is prioritized. Security related bugs like #947212/#946905 are either of severity important or grave. OK. From my perspective, regarding the wordpress issue and being responsible for maintenance of a number of exposed instances, it is *critical* security releases get integrated on short terms' notice. As explained, system and data is at elevated risk in the particular case of wordpress having a considerable share of worldwide CMS instances. This also entails liability in case of data loss and/or successful exploitation of local and/or remote resources. In terms of legal obligation of care of user data, customer data and systems as well as in terms of GDPR. This direct consequence is driving a severity "critical". It is also the reason for my providing an updated debian wordpress package for NMU. I prefer debian packages over upstream packaging and if I'm packaging deb package updates locally I might as well let others profit from it. Version 5.3.2 seems to fix a couple of security vulnerabilities. No CVE has been assigned yet. This version should be uploaded to unstable. My intention. If you want to fix Wordpress in Buster and Stretch as well, then you have to go a different route. The security team is responsible for that. As previously discussed I recommend to base security updates on upstream releases for specific Wordpress branches. https://wordpress.org/download/releases/ Buster should be updated to version 5.0.8 and Stretch to 4.7.16. In both cases you would base your work on the Wordpress packages in Buster and Stretch. The changes to the debian files should be minimal, you would merely rebase existing patches and repack the tarball to make it compliant with the DFSG. Not so much my intention. Basically, not at all, for now. I'm depending on the latest upstream releases so I'm sticking with unstable wordpress packages. In short: Version 5.3.2 -> unstable Did Craig agree with the upload? If there is simply no response because of the holiday season we could do a NMU with a delay of 5 to 10 days. I assume you haven't made any major changes to the package. Well, as detailed above, those delays -- for this particular package -- are inacceptable, at least for me. At that, it's on top of the delay from the point in time upstream released to bug reported. Is there a way to speed up this whole process for future releases? Sure, I locally feed the updated packages to archive mirrors, although I'd prefer not preempting debian package releases. After that: Version 5.0.8 -> buster-security Version 4.7.16 -> stretch-security You can already prepare the packages, then we contact the security team and ask for approval. For the time being, I am time-constraint on provision for unstable. Regards, Markus Thanks again for your explanation and efforts. Have a nice holiday. Cheers Nils signature.asc Description: PGP signature
Bug#947409: RFS: clp/1.17.3+repack1-2 -- Coin-or linear programming solver
Package: sponsorship-requests Severity: normal Dear mentors, I am looking for a sponsor for my package "clp" * Package name: clp Version : 1.17.3+repack1-2 Upstream Author : * URL : https://projects.coin-or.org/Clp * License : EPL-1 * Vcs : https://salsa.debian.org/science-team/clp Section : science It builds those binary packages: coinor-clp - Coin-or linear programming solver coinor-libclp1 - Coin-or linear programming solver (shared libraries) coinor-libclp-dev - Coin-or linear programming solver (developer files) coinor-libclp-doc - Coin-or linear programming solver (documentation) To access further information about this package, please visit the following URL: https://mentors.debian.net/package/clp Alternatively, one can download the package with dget using this command: dget -x https://mentors.debian.net/debian/pool/main/c/clp/clp_1.17.3+repack1-2.dsc Changes since the last upload: * QA upload * Add coinor-libclp-doc.links to remove duplicated files * Set minimum version on runtime-dependencies * Add patch to check for correct architecture New release to fix certain issue with the old one, built and tested on six different architectures this time. Please take a look at the patch to see if it is acceptable. Regards, Håvard
Bug#947427: RFS: ipmitool/1.8.18-9 -- utility for IPMI control with kernel driver or LAN interface (daemon)
Package: sponsorship-requests Severity: normal Dear mentors, I am looking for a sponsor for my package "ipmitool" Package name: ipmitool Version : 1.8.18-9 Upstream Author : Vernon Mauery URL : https://github.com/ipmitool/ipmitool License : BSD-3-clause Vcs : https://jff.email/cgit/ipmitool.git Section : utils It builds those binary packages: ipmitool - utility for IPMI control with kernel driver or LAN interface (daemon) To access further information about this package, please visit the following URL: https://mentors.debian.net/package/ipmitool Alternatively, one can download the package with dget using this command: dget -x https://mentors.debian.net/debian/pool/main/i/ipmitool/ipmitool_1.8.18-9.dsc or from git https://jff.email/cgit/ipmitool.git/?h=release%2Fdebian%2F1.8.18-9 Changes since the last upload: * debian/ipmitool.maintscript: - Fix syntax (Closes: #947384). * Remove System V init scripts: - Remove debian/ipmitool.ipmievd.init. - Remove debian/ipmitool.lintian-overrides. - Remove debian/ipmitool.postinst. - Rewrite debian/ipmitool.postrm. - Remove debian/ipmitool.prerm. - Remove override_dh_installinit from debian/rules. - Remove init-system-helpers (>> 1.50) from debian/control. - Add rm_conffile /etc/init.d/ipmievd 1.8.18-9~ ipmitool to debian/ipmitool.maintscript. The build with sbuild and pdebuild and the tests with Lintain and Piuparts are ok: +--+ | Summary | +--+ Build Architecture: amd64 Build Type: full Build-Space: 131952 Build-Time: 45 Distribution: sid Host Architecture: amd64 Install-Time: 44 Job: /data/entwicklung/linux/debian/ipmitool/ipmitool_1.8.18-9.dsc Lintian: info Machine Architecture: amd64 Package: ipmitool Package-Time: 102 Piuparts: pass Source-Version: 1.8.18-9 Space: 131952 Status: successful Version: 1.8.18-9 Finished at 2019-12-26T19:30:34Z Build needed 00:01:42, 131952k disk space CU Jörg -- New: GPG Fingerprint: 63E0 075F C8D4 3ABB 35AB 30EE 09F8 9F3C 8CA1 D25D GPG key (long) : 09F89F3C8CA1D25D GPG Key: 8CA1D25D CAcert Key S/N : 0E:D4:56 Old pgp Key: BE581B6E (revoked since 2014-12-31). Jörg Frings-Fürst D-54470 Lieser git: https://jff.email/cgit/ Threema: SYR8SJXB Wire: @joergfringsfuerst Skype:joergpenguin Ring: jff Telegram: @joergfringsfuerst My wish list: - Please send me a picture from the nature at your home. signature.asc Description: This is a digitally signed message part
Re: The pristine-tar and upstream tarball
All fixed. thx. On Fri, Dec 20, 2019 at 11:26 AM Tong Sun wrote: > Hi, > > After many readings, I'm still a bit confused about the pristine-tar > and upstream tarball. > > So I've just prepared my salsa repo > > https://salsa.debian.org/debian/dbab/ > > and hope everything is good. > > My understanding is that with gbp & pristine-tar branch, we can > produce the orig.tar.gz when building a source package from the > repository alone, right? Then How to do it? I tried: > > $ gbp import-orig --pristine-tar --uscan > gbp:info: Launching uscan... > gbp:info: package is up to date, nothing to do. > > $ uscan --download | wc > 0 0 0 > > $ uscan --verbose --download > . . . > uscan info: Filename (filenamemangled) for downloaded file: > dbab-1.3.3.tar.gz > uscan info: Newest version of dbab on remote site is 1.3.3, local > version is 1.3.3 > uscan info:=> Package is up to date for from > https://github.com/suntong/dbab/archive/1.3.3.tar.gz > uscan info: Scan finished > > but still, no upstream tarball downloaded. > > > My other question is, there does seems to be some problem with my > pristine-tar branch: > > $ gbp buildpackage > dh clean >dh_auto_clean > make -j1 clean > make[1]: Entering directory '/export/build/pkg/dbab/dbab' > rm -f assets/dbab-svr.8 > make[1]: Leaving directory '/export/build/pkg/dbab/dbab' >dh_clean > gbp:warning: Unknown compression type of - [*] give pristine-tar files > proper names, assuming gzip > gbp:info: Creating /export/build/pkg/dbab/build-area/dbab_1.3.3.orig.tar.gz > gbp:error: Error creating dbab_1.3.3.orig.tar.gz: Pristine-tar > couldn't checkout "dbab_1.3.3.orig.tar.gz": fatal: Path > 'dbab_1.3.3.orig.tar.gz.delta' does not exist in > 'refs/heads/pristine-tar' > pristine-tar: git show > refs/heads/pristine-tar:dbab_1.3.3.orig.tar.gz.delta failed > > Apparently my understanding of preparing the pristine-tar branch was > wrong (as well). So the second question is, how should I preparing the > pristine-tar branch? > I know it must be a FAQ but it appears that I just haven't found the > *correct* one. > > Finally, the third question, is there anything else that is not > correct with my repo, > https://salsa.debian.org/debian/dbab/? > > Thanks a lot for helping. >
Bug#947452: RFS: kworkflow/20191112-1 [ITP] -- Inglorious kernel developer workflow scripts
Package: sponsorship-requests Severity: wishlist Dear mentors, I am looking for a sponsor for my package "kworkflow" * Package name: kworkflow Version : 20191112-1 Upstream Author : Rodrigo Siqueira * URL : https://github.com/kworkflow/kworkflow * License : GPL-2+ * Vcs : https://github.com/kworkflow/kworkflow Section : misc It builds those binary packages: kworkflow - Inglorious kernel developer workflow scripts To access further information about this package, please visit the following URL: https://mentors.debian.net/package/kworkflow Alternatively, one can download the package with dget using this command: dget -x https://mentors.debian.net/debian/pool/main/k/kworkflow/kworkflow_20191112-1.dsc Changes since the last upload: * Initial release. Closes: #946781 Regards, -- Rodrigo Carvalho
