Re: RFS: php-geoip (updated package)
Hi, On Sat, 20 Dec 2008, Patrick Matthäi wrote: I had a look in your package and this makes me a headache: php-geoip (1.0.5-1) unstable; urgency=low * New upstream release. Fix security issue: + formatting bug in phpinfo() From the upstream changelog: * Small bug in phpinfo() when printing version number could crash PHP. So on a local/remote attacker could crash PHP (also the webserver?) by just using phpinfo()? I CCed the security team and this fix should also go in to Lenny and your urgency should be bumped to something higher than low. This is more a normal bug than a security issue. But looking at the diff between 1.0.3 and 1.0.5 and at http://cvs.php.net/viewvc.cgi/pecl/geoip/geoip.c?r1=1.21&r2=1.22 , it seems the crash bug was only introduced in 1.0.4, which was never released. So there is nothing to fix in lenny. But thanks for the notice, anyway. Cheers, Stefan
Re: Factorised code for adding a file in /etc/apache2/conf.d/ and restarting apache ?
On Sunday 06 July 2008, Charles Plessy wrote: > if [ -x /etc/init.d/apache2 ]; then > if which invoke-rc.d >/dev/null 2>&1; then > invoke-rc.d apache2 reload > else > /etc/init.d/apache2 reload > fi > fi IMO, you should use invoke-rc.d apache2 reload || true Reloading the apache config can fail for various reasons that have nothing to do with your package. You should probably not make package installation fail because of this. Cheers, Stefan -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Factorised code for adding a file in /etc/apache2/conf.d/ and restarting apache ?
On Sunday 06 July 2008, Russ Allbery wrote: > Stefan Fritsch <[EMAIL PROTECTED]> writes: > > On Saturday 05 July 2008, Charles Plessy wrote: > >> - if yes add a link to a configuration file in > >> /etc/apache2/conf.d > > > > You can add that file or the link unconditionally. > > That would really upset me if I were a systems administrator. Most > of my Apache configurations have multiple virtual hosts, and having > some package randomly add itself to the namespace of every virtual > host I run, possibly taking over pages that were currently serving > some other purpose, would be extremely annoying. I don't think it is ideal, but it seems to be quite common. At least 17 packages do it this way. Therefore an administrator cannot assume that packages won't add apache config files anyway. More experienced administrators will have no problems changing the include directive to something like "include /etc/apache2/conf.d-enabled" and create symlinks to the files in conf.d that they want enabled globally. And people with many virtual hosts are more likely to be experienced administrators than those with only one. Of course it would be a good idea to discuss this and create a standard policy, but this will not happen for lenny, obviously. Cheers, Stefan -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Factorised code for adding a file in /etc/apache2/conf.d/ and restarting apache ?
Hi, there is no recommended policy or factorised code for this kind of packages. It would be nice to get consistent behaviour for lenny+1, though. On Saturday 05 July 2008, Charles Plessy wrote: > After insallation, the package must: > > - Check if apache2 is there, This is not necessary. > - if yes add a link to a configuration file in /etc/apache2/conf.d You can add that file or the link unconditionally. > - restart apache. A reload should be enough. Don't restart apache if it is not necessary (as it aborts active connections and may require the admin to enter ssl key passphrases, etc.). > (I am also wondering if I have to ask the user wether he agrees to > restart apache...) For a restart that would probably be a good idea. It would be nice though, if the restart was only done when necessary (on new installs and on upgrades if the config file changed). For a reload, I don't think you need to ask the user. > PS: would the DPKG triggers be a good mechanism to deal with this > apache restarting tasks? Different packages have different needs WRT to reload/restart. I don't think a trigger would be appropriate here. Cheers, Stefan -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Apache umask
Hi, On Friday 22 February 2008, Martin Fuzzey wrote: > To avoid permission problems it would seem I need to create a new > group, add the www-data to it and set the apache umask to 002. > I am thinking about doing this by modifying /etc/default/apache2 > from my posinst script. > Is this allowed ? (this file is _not_ a conffile for apache) No. You may not change other packages' config files without user interaction, even if they are not conffiles. Besides, /etc/default/apache2 is a conffile in newer versions of apache. And changing apache's umask to make everything group writable is not something that should be done automatically. > If not are there any better ways to do it? Change the umask in your application. In most (all?) scripting languages it is possible to do that for one request. Or use suexec or ACLs. Cheers, Stefan -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Sponsor for multipipe
Hi, On Sunday 16 September 2007, Christopher Zimmermann wrote: > I just packaged the small multipipe tool from > http://sourceforge.net/projects/multipipe. > > It can send its stdin to several other commands like this: > > cat blub |multipipe 'cat >/dev/null' 'less' 'wc' > > I find this little tool very handy in many cases. Something like > this should be available in Debian. it already is. The program "pee" from the moreutils package seems to do the same. Please look whether multipipe can do anything pee can't. If no, then there is no need for multipipe in Debian (though it might be a good idea to add "like multipipe" or something similar to pee's description). Cheers, Stefan -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: RFS: steam-powered
Hi, On Wednesday 29 August 2007, Michael Gilbert wrote: > number for counter-strike. if the user doesn't own the game when > it is launched like this, steam will bring up the page for the user > to purchase it. Are there "free" games available on the steam plattform? I ask because the vast majority (if not all) of the software we have in contrib and non-free (or we have installers for in contrib/non-free) is at least free as in beer, i.e. it does not cost anything at least for some usage (e.g. non-commercial). I don't think we want a package that has the sole purpose of making it easier for some company to earn money. BTW, I belive the privacy policy of steam is not what would appeal to the average user of free software. I own Half Life 2 (came with my graphics card) but decided not to install it because of their privacy policy (though that was 2 years ago and might have changed). Cheers, Stefan signature.asc Description: This is a digitally signed message part.
Re: ITS: teamspeak-server (updated package) [SECURITY]
On Friday 03 August 2007, Adam Cécile (Le_Vert) wrote: > I am looking for a sponsor for the new version 2.0.23.19-1 > of my package "teamspeak-server". I will sponsor this. Cheers, Stefan
Re: RFS: throttle
Kartik Mistry wrote: > I am looking for a sponsor for my package "throttle". ... > throttle - A bandwidth limiting pipe The cstream package (already in Debian) seems to provide the same feature. Can you please look at it and check whether throttle has some unique features so that it makes sense to have both throttle and cstream in Debian? Cheers, Stefan -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Converting a config file into a conffile
Hi, I have a package with a config file that is created by postinst, and I would like to convert this file into a conffile that is handled by dpkg. Is there a way to achieve this in a way so that dpkg will silently replace the postinst-created default version with the new conffile? I expect that normally it will ask the user what to do if I just start shipping a conffile. TIA. Cheers, Stefan -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Copyright issues GPL-PHP license
Hi, On Sonntag, 6. Mai 2007, Alex Queiroz wrote: > On 5/6/07, Neil Williams <[EMAIL PROTECTED]> wrote: > > I also share Vorlon's opinion about the package as a whole: > > > In addition, the concept of a webserver written entirely in PHP > > > is utterly abominable, an example of total programming > > > putrifaction. I expect this code to be so inherently > > > unmaintainable that its very presence would warrant an RC bug. > > > As a DD and as a user of PHP, I would ask that this package not > > > be uploaded to Debian. > > This is a very sad opinion. Is Debian censoring programming > languages now? No, but it is already a lot of work to provide security support for the php apps in Debian. Ubuntu's popcon shows an installed user base for nanoweb of only 23, compared to e.g. 441 for lighttpd. I don't think it makes sense to spend time for security support (and php apps tend to have many issues) for so few users. I think the situation in Ubuntu is different because there is no real security support for universe (please correct me if I am wrong). Cheers, Stefan -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Bad practice to make a package depend on a specific kernel image
On Tuesday 02 January 2007 03:33, Robert Collins wrote: > I think its a fair and proper assumption that the stack of software > is all packaged: its very easy to build a packaged, vanilla kernel > - and doing so can generate appropriate information for dpkg. But on vserver and xen machines, the kernel is installed only in the host system, not in the virtual machines. Therefore you cannot assume that any kernel-image (packaged or self-compiled) is installed at all. Cheers, Stefan -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: binary files in diff
>> Note perl has the ability to uudecode and encode builtin (perldoc -f >> pack or unpack and look at the u option.) As perl is an essential >> package, by using it you can save yourself a needless dependency. > > Ah, that's great. Can you give a short usage example - I would then > prepare a patch for the developer's reference. Maybe something like (in one line) perl -0777 -e '<> =~ m{^begin[^\n]*\n(.*?\n)`\nend\n}sm or exit(1); print unpack("u", $1)' < infile.uu > outfile To feed some prejudices about perl ;-) Cheers, Stefan -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: RFS: multixterm -- drive multiple xterms separately or together
Hi Gregor, On Monday 20 February 2006 22:03, gregor herrmann wrote: > Title: multixterm -- drive multiple xterms separately or together > ITP: #353777 Standard question: Do you know clusterssh, which does pretty much the same thing and is already in Debian? If no, I suggest you take look. If yes, and multixterm is sufficiently different/better/... to be included in Debian as well, go ahead. BTW, the KDE konsole can also feed keypresses into multiple terminals. This is what I use. Cheers, Stefan -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Processed: Re: RFS: tvbrowser -- TV-Browser is a java-based TV guide
Ups. That was the wrong Reply-To... Sorry. Stefan -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: RFS: tvbrowser -- TV-Browser is a java-based TV guide
merge 321230 265711 retitle 265711 ITP: tvbrowser -- TV-Browser is a java-based TV guide thanks Hi, > I've packaged[1] tvbrowser[2], which cloeses #321230[3] and am now > seeking for a sponsor. Hint: Look for an existing "Request for package" bug and retitle it instead of filing a new ITP bug. Cheers, Stefan PS: I am not a DD and can't sponsor you. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: debian directory included in upstream
Hi! On Tuesday 12 April 2005 20:44, Miriam Ruiz wrote: > "The > reason I added debian subdirectory is to distribute it > with the source files." > > Any suggestions on how to deal with that? For sam2p I created my own orig.tar.gz with the debian subdirectory renamed to debian.dist. I don't delete it because the upstream changelog is in there (installed with "dh_installchangelogs debian.dist/changelog"). Cheers, Stefan -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
RFS: sam2p: convert raster images to EPS, PDF
Hi, I am looking for comments and a sponsor for sam2p, a program to convert bitmap files (GIF,JPG,PNG,...) to Postscript or PDF. What makes sam2p interesting is that the resulting Postscript files are not much larger than the source files. This means they are much smaller than the files produced by gimp, xv, etc. It can even achieve good compression in PS level 1 by including its own decompression filter (or so it claims; anybody has a PS level 1 printer to test it?). Package name: sam2p Version: 0.44-7 Upstream Author:Szabó Péter <[EMAIL PROTECTED]> URL: http://www.inf.bme.hu/~pts/sam2p/ License: GPL RFP/ITP bug: #276489 Description: convert raster images to EPS, PDF, and other formats sam2p is a command line utility that converts many raster (bitmap) image formats like GIF, JPG/JPEG, and PNG into PostScript or PDF files. PS or EPS files created by sam2p are usually not much larger than the source file. The package I have build can be found at http://home.mnet-online.de/stf/sam2p/ Thanks in advance. Cheers, Stefan
Re: CERN root
Hi! On Friday 17 December 2004 07:30, Ricardo Yanez wrote: > I have packaged CERN's root (an object oriented data > analysis framework) for our internal distribution. ROOT is widely > used in nuclear and particle physics labs, groups, etc. Since root > is becoming the standard, substituting PAW which is distributed by > Debian, I thought to seek a sponsor for this software, learn more > about packaging, and help my fellow physicist around the world. Are you sure that the ROOT license permits binary redistribution? I read something different [1] but I have not looked at the license myself. Cheers, Stefan [1] http://borex.princeton.edu/~kmccarty/ --
Re: RFS: zsync -- A client-side implementation of the rsync algorithm
On Monday 15 November 2004 14:18, martin f krafft wrote: > What is a 'client-side' implementation of the rsync algorithm? > Please provide more information! Read http://zsync.moria.org.uk/paper/ This sounds very interesting. Maybe this could be used for sid's Package files? Cheers, Stefan --
Re: RFS: zsync -- A client-side implementation of the rsync algorithm
On Monday 15 November 2004 14:18, martin f krafft wrote: > What is a 'client-side' implementation of the rsync algorithm? > Please provide more information! Read http://zsync.moria.org.uk/paper/ This sounds very interesting. Maybe this could be used for sid's Package files? Cheers, Stefan -- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: RFS: viewglob -- A graphical display of directories referenced at the shell prompt
Hi Kevin, > Have you tested it? I don't use KDE so > can't do so myself. Yes, it works for me. I have also briefly looked through the source package and found nothing to criticize. Unfortunately, I am not a DD either and can't sponsor it. Cheers, Stefan --
Re: RFS: viewglob -- A graphical display of directories referenced at the shell prompt
Hi Kevin, > Have you tested it? I don't use KDE so > can't do so myself. Yes, it works for me. I have also briefly looked through the source package and found nothing to criticize. Unfortunately, I am not a DD either and can't sponsor it. Cheers, Stefan --
Re: RFS: viewglob -- A graphical display of directories referenced at the shell prompt
Hi Kevin, that's a nice little program. Just one suggestion: Add a viewglob session type to the KDE konsole by including the file /usr/share/apps/konsole/viewglob.desktop Cheers, Stefan -- viewglob.desktop Description: application/desktop
Re: RFS: viewglob -- A graphical display of directories referenced at the shell prompt
Hi Kevin, that's a nice little program. Just one suggestion: Add a viewglob session type to the KDE konsole by including the file /usr/share/apps/konsole/viewglob.desktop Cheers, Stefan -- viewglob.desktop Description: application/desktop
RFS: mp3gain -- Lossless mp3 normalizer with statistical analysis
Hi! I am still looking for a sponsor for mp3gain, a program to automatically adjust the volume of MP3s without reencoding. AFAIK there is no such program in Debian (please correct me if I am wrong) and it is great if you have a portable MP3 player that doesn't support normalizing by itself. It is a very simple one binary package and has been uploaded to mentors.debian.net [0]. Package name: mp3gain Version : 1.4.3 Upstream Author : "Glen Sawyer" <[EMAIL PROTECTED]> URL : http://mp3gain.sourceforge.net/ License : LGPL Description : Lossless mp3 normalizer with statistical analysis MP3Gain analyzes and adjusts mp3 files so that they have the same volume. MP3Gain does not just do peak normalization, as many normalizers do. Instead, it does some statistical analysis to determine how loud the file actually sounds to the human ear. Also, the changes MP3Gain makes are completely lossless. There is no quality lost in the change because the program adjusts the mp3 file directly, without decoding and re-encoding. Also, this works with all mp3 players, i.e. no support for a special tag is required. The ITP bugreport is in #241748. Thanks, Stefan [0] http://mentors.debian.net/debian/pool/main/m/mp3gain/ --
RFS: mp3gain -- Lossless mp3 normalizer with statistical analysis
Hi! I am still looking for a sponsor for mp3gain, a program to automatically adjust the volume of MP3s without reencoding. AFAIK there is no such program in Debian (please correct me if I am wrong) and it is great if you have a portable MP3 player that doesn't support normalizing by itself. It is a very simple one binary package and has been uploaded to mentors.debian.net [0]. Package name: mp3gain Version : 1.4.3 Upstream Author : "Glen Sawyer" <[EMAIL PROTECTED]> URL : http://mp3gain.sourceforge.net/ License : LGPL Description : Lossless mp3 normalizer with statistical analysis MP3Gain analyzes and adjusts mp3 files so that they have the same volume. MP3Gain does not just do peak normalization, as many normalizers do. Instead, it does some statistical analysis to determine how loud the file actually sounds to the human ear. Also, the changes MP3Gain makes are completely lossless. There is no quality lost in the change because the program adjusts the mp3 file directly, without decoding and re-encoding. Also, this works with all mp3 players, i.e. no support for a special tag is required. The ITP bugreport is in #241748. Thanks, Stefan [0] http://mentors.debian.net/debian/pool/main/m/mp3gain/ -- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: RFS: mp3gain -- Lossless mp3 normalizer with statistical analysis
Hi, > Update: I've just tested the build on merulo.d.o (ia64), no problem > there. This is good news. Thanks to you and Aaron for trying this out. > OTOH, you should really fix those warnings (the same ones > you see when compiling on i386). I fixed the compile warnings. But during debuild, dpkg-source still gives some warnings about files without final newline in the original source. Is this a problem? I also set architecture to any, updated the standards version and cleaned up debian/rules. Anybody got more comments? The current version is again at http://www.ph.tum.de/~sfritsch/apt/unstable Cheers, Stefan --
Re: RFS: mp3gain -- Lossless mp3 normalizer with statistical analysis
Hi, > Update: I've just tested the build on merulo.d.o (ia64), no problem > there. This is good news. Thanks to you and Aaron for trying this out. > OTOH, you should really fix those warnings (the same ones > you see when compiling on i386). I fixed the compile warnings. But during debuild, dpkg-source still gives some warnings about files without final newline in the original source. Is this a problem? I also set architecture to any, updated the standards version and cleaned up debian/rules. Anybody got more comments? The current version is again at http://www.ph.tum.de/~sfritsch/apt/unstable Cheers, Stefan -- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: RFS: mp3gain -- Lossless mp3 normalizer with statistical analysis
Hi Bruno, thanks for your comments. I have some questions though. On Sun, 4 Apr 2004, Bruno Barrera C. wrote: > - I Think you must read [0](Looking at the Architecture field) Upstream supports only i386 and I somehow doubt that the source is 64bit clean (I currently have no way to test this, though). What is the preferred method of handling this? Just set architecture to any and see what happens on other archs. Or first try to determine which architectures work? > - Are you aware about the lintian warning? The CVS directories are in the upstream source. The lintian warning does not go away even if I delete them. Or should I delete them in the ...orig.tar.gz file? Cheers, Stefan --
Re: RFS: mp3gain -- Lossless mp3 normalizer with statistical analysis
Hi Bruno, thanks for your comments. I have some questions though. On Sun, 4 Apr 2004, Bruno Barrera C. wrote: > - I Think you must read [0](Looking at the Architecture field) Upstream supports only i386 and I somehow doubt that the source is 64bit clean (I currently have no way to test this, though). What is the preferred method of handling this? Just set architecture to any and see what happens on other archs. Or first try to determine which architectures work? > - Are you aware about the lintian warning? The CVS directories are in the upstream source. The lintian warning does not go away even if I delete them. Or should I delete them in the ...orig.tar.gz file? Cheers, Stefan -- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
RFS: mp3gain -- Lossless mp3 normalizer with statistical analysis
Hi, I am looking for a sponsor for mp3gain, a program to automatically adjust the volume of MP3s without reencoding. AFAIK there is no such program in Debian (please correct me if I am wrong). It is a very simple one binary package. * Package name: mp3gain Version : 1.4.3 Upstream Author : "Glen Sawyer" <[EMAIL PROTECTED]> * URL : http://mp3gain.sourceforge.net/ * License : LGPL Description : Lossless mp3 normalizer with statistical analysis MP3Gain analyzes and adjusts mp3 files so that they have the same volume. MP3Gain does not just do peak normalization, as many normalizers do. Instead, it does some statistical analysis to determine how loud the file actually sounds to the human ear. Also, the changes MP3Gain makes are completely lossless. There is no quality lost in the change because the program adjusts the mp3 file directly, without decoding and re-encoding. Also, this works with all mp3 players, i.e. no support for a special tag is required. The package I have built can be found at http://www1.physik.tu-muenchen.de/~sfritsch/apt/unstable/ Thanks, Stefan --
RFS: mp3gain -- Lossless mp3 normalizer with statistical analysis
Hi, I am looking for a sponsor for mp3gain, a program to automatically adjust the volume of MP3s without reencoding. AFAIK there is no such program in Debian (please correct me if I am wrong). It is a very simple one binary package. * Package name: mp3gain Version : 1.4.3 Upstream Author : "Glen Sawyer" <[EMAIL PROTECTED]> * URL : http://mp3gain.sourceforge.net/ * License : LGPL Description : Lossless mp3 normalizer with statistical analysis MP3Gain analyzes and adjusts mp3 files so that they have the same volume. MP3Gain does not just do peak normalization, as many normalizers do. Instead, it does some statistical analysis to determine how loud the file actually sounds to the human ear. Also, the changes MP3Gain makes are completely lossless. There is no quality lost in the change because the program adjusts the mp3 file directly, without decoding and re-encoding. Also, this works with all mp3 players, i.e. no support for a special tag is required. The package I have built can be found at http://www1.physik.tu-muenchen.de/~sfritsch/apt/unstable/ Thanks, Stefan -- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]