Re: Bug#1021364: RFS: ghostwriter/2.2.0-1 [RC] -- Distraction-free, themeable Markdown editor
Hi Sebastian, Le mardi 20 décembre 2022, 18:04:50 CET Sebastien Chavaux a écrit : > Hello Aurelien :-) > > For the integration of Ghostwriter in the scope of the Qt/KDE packaging > team, I agree, no worries, I also had the case at openSUSE and I'm looking > how I could in the following days, pass all that on to Debian as well. thanks, I’ve moved the Salsa repo after you granted me the necessary rights. Feel free to check that you still have access to the repo, or complain to me directly if not. > I'll try to free up time to make the changes but it's not said. I don't > have any Debian around right now. That needs fixing. Installing Debian is relatively straightforward these days, you know. ^^ Joke aside I’ve made the changes I proposed below and uploaded the package. Thank you for working on it until now, I hope I’ll see you contributing to Debian again ! Happy hacking, -- Aurélien > Le mar. 20 déc. 2022 à 13:30, Aurélien COUDERC a écrit : > > > To follow up on the RFS discussion: > > - MathJax3 is currently not packaged so it’s fine to keep it vendored > > (3rdparty) for now. We can migrate to the Debian package once it’s > > available. > > - The source-is-missing lintian tags are false positives to me (if lintian > > still really emits them, I haven’t checked). The folders > > 3rdparty/{MathJax,react} contain valid, human modifiable source files. > > Please add a comment in the lintian-overrides file to explain so. > > - You should use the Files-Excluded directive in debian/copyright [1] to > > describe which files should be removed from the upstream source. That > > should be the debian/ folder + 3rd party libraries already available in > > Debian. > > - I would prefer the +ds suffix instead of +dfsg, +dfsg is more > > appropriate for cases where we remove upstream sources due to licensing > > concerns which is not the case here IIUC. > > - uscan --download-current-version fails, it should work from a clean > > clone of the repo (the uupdate is not required unless I’m missing > > something), and… > > - it would be preferable for debian/watch to target the invent.kde.org > > repo which is now the reference repo, you have examples for GitLab tags > > here [2]. > > - In the git packaging repo you have the « source » folder next to the > > « debian » folder, it should be *inside* it. > > - source/options can be removed. > > - Remove debian/compat and replace the debhelper (>= 11) build dependency > > by a debhelper-compat (= 13) build dep. > > - Remove debian/git-build-recipe.manifest ? I don’t know what it’s for so > > it’s probably not useful. :) > > > > > > Feel free to ping me or the team on IRC about any of the above. > > > > > > [0] https://salsa.debian.org/qt-kde-team/extras > > [1] https://wiki.debian.org/UscanEnhancements > > [2] https://wiki.debian.org/debian/watch#Gitlab
Re: Bug#1021364: RFS: ghostwriter/2.2.0-1 [RC] -- Distraction-free, themeable Markdown editor
Hello Aurelien :-) For the integration of Ghostwriter in the scope of the Qt/KDE packaging team, I agree, no worries, I also had the case at openSUSE and I'm looking how I could in the following days, pass all that on to Debian as well. As for gitlab, I have trouble communicating with it, I can't even do that from my terminal anymore, I have a legal problem, so I do everything from the risky web interface. I more or less gave up on the git business. But I will give you the rights. I haven't worked with the repository long enough, I work directly from home and a folder. I would like to help in other packages but again I stumble on the use of gitlab. I'll try to free up time to make the changes but it's not said. I don't have any Debian around right now. Best regards. Le mar. 20 déc. 2022 à 13:30, Aurélien COUDERC a écrit : > Le mercredi 12 octobre 2022, 11:41:50 CET Sebastien Chavaux a écrit : > > Absolutely, I'm so in my head that I don't see what is the simplest... > > Dear Sebastien, > > as Ghostwriter has been onboarded as a KDE Project, I’d like to offer to > integrate the package into the perimeter of the Qt/KDE Packaging Team. > > We have an « extras » group [0] for packages that are related to KDE but > not part of the main KDE Frameworks / Plasma / Gear releases that I think > would be suitable. > > How we would do this is : > - give me (couc...@debian.org) or one of the team members owner access to > your packaging repo so we can move it to the qt-kde-team/extras group > - change the Maintainer field to : Debian KDE Extras Team < > pkg-kde-ext...@alioth-lists.debian.net> > - put yourself in the Uploaders field > > What you would get : > - you keep your usual access to the repo and can work on the package as > you used to > - team members and myself would be considered welcome to contribute to > that repository too > - it would gives additional scrutiny to the package that would show on our > DDPO dashboard > - you’re welcome to help on other packages of the team :) > > Whether you’re interested or not, you’re welcome to hang out on the > #debian-qt-kde on Debian’s IRC for help and feedback or upload sponsorship. > > > To follow up on the RFS discussion: > - MathJax3 is currently not packaged so it’s fine to keep it vendored > (3rdparty) for now. We can migrate to the Debian package once it’s > available. > - The source-is-missing lintian tags are false positives to me (if lintian > still really emits them, I haven’t checked). The folders > 3rdparty/{MathJax,react} contain valid, human modifiable source files. > Please add a comment in the lintian-overrides file to explain so. > - You should use the Files-Excluded directive in debian/copyright [1] to > describe which files should be removed from the upstream source. That > should be the debian/ folder + 3rd party libraries already available in > Debian. > - I would prefer the +ds suffix instead of +dfsg, +dfsg is more > appropriate for cases where we remove upstream sources due to licensing > concerns which is not the case here IIUC. > - uscan --download-current-version fails, it should work from a clean > clone of the repo (the uupdate is not required unless I’m missing > something), and… > - it would be preferable for debian/watch to target the invent.kde.org > repo which is now the reference repo, you have examples for GitLab tags > here [2]. > - In the git packaging repo you have the « source » folder next to the > « debian » folder, it should be *inside* it. > - source/options can be removed. > - Remove debian/compat and replace the debhelper (>= 11) build dependency > by a debhelper-compat (= 13) build dep. > - Remove debian/git-build-recipe.manifest ? I don’t know what it’s for so > it’s probably not useful. :) > > > Feel free to ping me or the team on IRC about any of the above. > > > [0] https://salsa.debian.org/qt-kde-team/extras > [1] https://wiki.debian.org/UscanEnhancements > [2] https://wiki.debian.org/debian/watch#Gitlab > > > Thanks for your response & cheers, > -- > Aurélien, on behalf of the Qt/KDE Packaging Team > > >
Bug#1021364: RFS: ghostwriter/2.2.0-1 [RC] -- Distraction-free, themeable Markdown editor
Le mercredi 12 octobre 2022, 11:41:50 CET Sebastien Chavaux a écrit : > Absolutely, I'm so in my head that I don't see what is the simplest... Dear Sebastien, as Ghostwriter has been onboarded as a KDE Project, I’d like to offer to integrate the package into the perimeter of the Qt/KDE Packaging Team. We have an « extras » group [0] for packages that are related to KDE but not part of the main KDE Frameworks / Plasma / Gear releases that I think would be suitable. How we would do this is : - give me (couc...@debian.org) or one of the team members owner access to your packaging repo so we can move it to the qt-kde-team/extras group - change the Maintainer field to : Debian KDE Extras Team - put yourself in the Uploaders field What you would get : - you keep your usual access to the repo and can work on the package as you used to - team members and myself would be considered welcome to contribute to that repository too - it would gives additional scrutiny to the package that would show on our DDPO dashboard - you’re welcome to help on other packages of the team :) Whether you’re interested or not, you’re welcome to hang out on the #debian-qt-kde on Debian’s IRC for help and feedback or upload sponsorship. To follow up on the RFS discussion: - MathJax3 is currently not packaged so it’s fine to keep it vendored (3rdparty) for now. We can migrate to the Debian package once it’s available. - The source-is-missing lintian tags are false positives to me (if lintian still really emits them, I haven’t checked). The folders 3rdparty/{MathJax,react} contain valid, human modifiable source files. Please add a comment in the lintian-overrides file to explain so. - You should use the Files-Excluded directive in debian/copyright [1] to describe which files should be removed from the upstream source. That should be the debian/ folder + 3rd party libraries already available in Debian. - I would prefer the +ds suffix instead of +dfsg, +dfsg is more appropriate for cases where we remove upstream sources due to licensing concerns which is not the case here IIUC. - uscan --download-current-version fails, it should work from a clean clone of the repo (the uupdate is not required unless I’m missing something), and… - it would be preferable for debian/watch to target the invent.kde.org repo which is now the reference repo, you have examples for GitLab tags here [2]. - In the git packaging repo you have the « source » folder next to the « debian » folder, it should be *inside* it. - source/options can be removed. - Remove debian/compat and replace the debhelper (>= 11) build dependency by a debhelper-compat (= 13) build dep. - Remove debian/git-build-recipe.manifest ? I don’t know what it’s for so it’s probably not useful. :) Feel free to ping me or the team on IRC about any of the above. [0] https://salsa.debian.org/qt-kde-team/extras [1] https://wiki.debian.org/UscanEnhancements [2] https://wiki.debian.org/debian/watch#Gitlab Thanks for your response & cheers, -- Aurélien, on behalf of the Qt/KDE Packaging Team
Bug#1021364: RFS: ghostwriter/2.2.0-1 [RC] -- Distraction-free, themeable Markdown editor
Control: tags -1 moreinfo Please untag moreinfo when you are done with the requested changes.
Bug#1021364: RFS: ghostwriter/2.2.0-1 [RC] -- Distraction-free, themeable Markdown editor
With the new upload's changelog you claim: "vulnerability patched in 3rdparty/cmark-gfm CVE-2022-24724, CVE-2022-39209" 1) I do not see the +dfsg version indication represented - no repack is done. If you do not repack please remove the +dfsg and tell if you have verified the uglified JS to be represented in the included MathJax src. 2) I would have expected this to contain a patch that fixes CVE-2022-39209. There is no patch. If you cannot afford to fix this, remove the identifier from the changelog. But I will only sponsor this package when this is fixed.
Bug#1021364: RFS: ghostwriter/2.2.0-1 [RC] -- Distraction-free, themeable Markdown editor
Absolutely, I'm so in my head that I don't see what is the simplest... Le mar. 11 oct. 2022 à 21:50, Nicholas D Steeves a écrit : > Sebastien Chavaux writes: > > > it's a bit of a mess, I made changes, in debian/copyright, unfortunately > it > > makes build errors: > > *** No rule to make target '3rdparty/MathJax/bin/startup.js', needed by > > 'build/release/qrc_resources.cpp'. > > Stop. > > make[1]: *** Waiting for unfinished jobs > > make[1]: Leaving directory '/build/ghostwriter-2.1.6+dfsg' > > dh_auto_build: error: make -j6 returned exit code 2 > > make: *** [debian/rules:6: build] Error 2 > > dpkg-buildpackage: error: debian/rules build subprocess returned exit > > status 2 > > I: copying local configuration > > E: Failed autobuilding of package > > > > > > Isn't libjs-mathjax MathJax2, and doesn't Ghostwriter needs MathJax3, > which is incompatible with MathJax2? > > > https://github.com/KDE/ghostwriter/blob/master/3rdparty/MathJax/src/package.json > > Here is the RFP bug for MathJax3 for anyone who is interested in > packaging this important javascript library: > https://bugs.debian.org/950424 > > Regards, > Nicholas >
Bug#1021364: RFS: ghostwriter/2.2.0-1 [RC] -- Distraction-free, themeable Markdown editor
Sebastien Chavaux writes: > it's a bit of a mess, I made changes, in debian/copyright, unfortunately it > makes build errors: > *** No rule to make target '3rdparty/MathJax/bin/startup.js', needed by > 'build/release/qrc_resources.cpp'. > Stop. > make[1]: *** Waiting for unfinished jobs > make[1]: Leaving directory '/build/ghostwriter-2.1.6+dfsg' > dh_auto_build: error: make -j6 returned exit code 2 > make: *** [debian/rules:6: build] Error 2 > dpkg-buildpackage: error: debian/rules build subprocess returned exit > status 2 > I: copying local configuration > E: Failed autobuilding of package > > Isn't libjs-mathjax MathJax2, and doesn't Ghostwriter needs MathJax3, which is incompatible with MathJax2? https://github.com/KDE/ghostwriter/blob/master/3rdparty/MathJax/src/package.json Here is the RFP bug for MathJax3 for anyone who is interested in packaging this important javascript library: https://bugs.debian.org/950424 Regards, Nicholas signature.asc Description: PGP signature
Bug#1021364: RFS: ghostwriter/2.2.0-1 [RC] -- Distraction-free, themeable Markdown editor
> > For the 3rdparty/MathJax/bin/* files, there seem to be source files in > 3rdparty/MathJax/src/*. Have you tried to build that > 3rdparty/MathJax/bin/* directory yourself and have you checked out if > you can replace the whole whing with libjs-mathjax? it's a bit of a mess, I made changes, in debian/copyright, unfortunately it makes build errors: *** No rule to make target '3rdparty/MathJax/bin/startup.js', needed by 'build/release/qrc_resources.cpp'. Stop. make[1]: *** Waiting for unfinished jobs make[1]: Leaving directory '/build/ghostwriter-2.1.6+dfsg' dh_auto_build: error: make -j6 returned exit code 2 make: *** [debian/rules:6: build] Error 2 dpkg-buildpackage: error: debian/rules build subprocess returned exit status 2 I: copying local configuration E: Failed autobuilding of package Le mar. 11 oct. 2022 à 02:44, Wookey a écrit : > On 2022-10-10 23:56 +0200, Sebastien Chavaux wrote: > >Good evening; > >I set build dependency in debian/control file "node-react" and > >"libs-mathjax". For now and to test if the package builds well, I > removed > >the 3rdparty/MathJax/ and 3rdparty/react/ sources. It builds and > works > >well that way. What would be best next, remove those two folders from > >sources, leave them but ignore them, or whatever? How should I do the > >thing? > > Either complies with policy. > > There is nothing wrong with the 3rdparty stuff from a copyright > POV. However, I prefer to remove it as it often makes a dramatically > smaller source package, and avoids accidental regressions (to using > the embedded copy) in later updates. It's good practice to adjust the > version number to show that the tarball has been repacked from what > upstream released. > > Just put 3rdparty into files-excluded: in the debian/copyright file, and > setup up the watch file to repack/rename. > https://wiki.debian.org/Javascript/Repacking > https://wiki.debian.org/UscanEnhancements > > Wookey > -- > Principal hats: Debian, Wookware, ARM > http://wookware.org/ > changelog Description: Binary data watch Description: Binary data copyright Description: Binary data control Description: Binary data
Bug#1021364: RFS: ghostwriter/2.2.0-1 [RC] -- Distraction-free, themeable Markdown editor
Many thanks Wookey. However, I searched, moreover with an example (Pelican since a theme is removed from it in this way) but my search never gave me this page. I will have to look carefully at all the pages of the documentation. You are goldmines of knowledge! Le mar. 11 oct. 2022 à 02:44, Wookey a écrit : > On 2022-10-10 23:56 +0200, Sebastien Chavaux wrote: > >Good evening; > >I set build dependency in debian/control file "node-react" and > >"libs-mathjax". For now and to test if the package builds well, I > removed > >the 3rdparty/MathJax/ and 3rdparty/react/ sources. It builds and > works > >well that way. What would be best next, remove those two folders from > >sources, leave them but ignore them, or whatever? How should I do the > >thing? > > Either complies with policy. > > There is nothing wrong with the 3rdparty stuff from a copyright > POV. However, I prefer to remove it as it often makes a dramatically > smaller source package, and avoids accidental regressions (to using > the embedded copy) in later updates. It's good practice to adjust the > version number to show that the tarball has been repacked from what > upstream released. > > Just put 3rdparty into files-excluded: in the debian/copyright file, and > setup up the watch file to repack/rename. > https://wiki.debian.org/Javascript/Repacking > https://wiki.debian.org/UscanEnhancements > > Wookey > -- > Principal hats: Debian, Wookware, ARM > http://wookware.org/ >
Bug#1021364: RFS: ghostwriter/2.2.0-1 [RC] -- Distraction-free, themeable Markdown editor
On 2022-10-10 23:56 +0200, Sebastien Chavaux wrote: >Good evening; >I set build dependency in debian/control file "node-react" and >"libs-mathjax". For now and to test if the package builds well, I removed >the 3rdparty/MathJax/ and 3rdparty/react/ sources. It builds and works >well that way. What would be best next, remove those two folders from >sources, leave them but ignore them, or whatever? How should I do the >thing? Either complies with policy. There is nothing wrong with the 3rdparty stuff from a copyright POV. However, I prefer to remove it as it often makes a dramatically smaller source package, and avoids accidental regressions (to using the embedded copy) in later updates. It's good practice to adjust the version number to show that the tarball has been repacked from what upstream released. Just put 3rdparty into files-excluded: in the debian/copyright file, and setup up the watch file to repack/rename. https://wiki.debian.org/Javascript/Repacking https://wiki.debian.org/UscanEnhancements Wookey -- Principal hats: Debian, Wookware, ARM http://wookware.org/ signature.asc Description: PGP signature
Bug#1021364: RFS: ghostwriter/2.2.0-1 [RC] -- Distraction-free, themeable Markdown editor
Good evening; I set build dependency in debian/control file "node-react" and "libs-mathjax". For now and to test if the package builds well, I removed the 3rdparty/MathJax/ and 3rdparty/react/ sources. It builds and works well that way. What would be best next, remove those two folders from sources, leave them but ignore them, or whatever? How should I do the thing? Thanks. Le lun. 10 oct. 2022 à 17:30, Sebastien CHAVAUX a écrit : > Hello, Thank you for the advice, precisely I'm curious, I would be > interested in replacing all his "needs" of the "3rdparty" file by what is > available in the Debian repositories, is this possible? How should I go > about it? I just have to name them in the debian/control file as > "Build-Depends"? > Le 08/10/2022 à 20:47, Bastian Germann a écrit : > > Yes, everything is from the upstream tarball. > The files that lintian complains about are "uglified" JavaScript files > which we do not accept as source in Debian. > > For the 3rdparty/MathJax/bin/* files, there seem to be source files in > 3rdparty/MathJax/src/*. Have you tried to build that 3rdparty/MathJax/bin/* > directory yourself and have you checked out if you can replace the whole > whing with libjs-mathjax? > >
Re: Bug#1021364: RFS: ghostwriter/2.2.0-1 [RC] -- Distraction-free, themeable Markdown editor
On 2022-10-10 17:30 +0200, Sebastien CHAVAUX wrote: >Hello, Thank you for the advice, precisely I'm curious, I would be >interested in replacing all his "needs" of the "3rdparty" file by what is >available in the Debian repositories, is this possible? It is recommended where possible. > How should I go >about it? I just have to name them in the debian/control file as >"Build-Depends"? Ideally, that is all that is required. You may have to adjust internal paths to make sure that the system version (in /usr/share/javascript) is used (referred-to as http://localhost/javascript/) If that version is too old then investigate if it can be updated (without breaking other depending packages) If the package is not yet present then ideally package that too. Info here: https://wiki.debian.org/Javascript Wookey -- Principal hats: Debian, Wookware, ARM http://wookware.org/ signature.asc Description: PGP signature
Bug#1021364: RFS: ghostwriter/2.2.0-1 [RC] -- Distraction-free, themeable Markdown editor
Hello,Thank you for the advice, precisely I'm curious, I would be interested in replacing all his "needs" of the "3rdparty" file by what is available in the Debian repositories, is this possible? How should I go about it? I just have to name them in the debian/control file as "Build-Depends"? Le 08/10/2022 à 20:47, Bastian Germann a écrit : Yes, everything is from the upstream tarball. The files that lintian complains about are "uglified" JavaScript files which we do not accept as source in Debian. For the 3rdparty/MathJax/bin/* files, there seem to be source files in 3rdparty/MathJax/src/*. Have you tried to build that 3rdparty/MathJax/bin/* directory yourself and have you checked out if you can replace the whole whing with libjs-mathjax?
Bug#1021364: RFS: ghostwriter/2.2.0-1 [RC] -- Distraction-free, themeable Markdown editor
Am 08.10.22 um 19:01 schrieb Sebastien CHAVAUX: "I do not know what that means. I do not care about the lintian override but the non-source files." I didn't add anything, everything there is from the project sources. Yes, everything is from the upstream tarball. The files that lintian complains about are "uglified" JavaScript files which we do not accept as source in Debian. For the 3rdparty/MathJax/bin/* files, there seem to be source files in 3rdparty/MathJax/src/*. Have you tried to build that 3rdparty/MathJax/bin/* directory yourself and have you checked out if you can replace the whole whing with libjs-mathjax?
Bug#1021364: RFS: ghostwriter/2.2.0-1 [RC] -- Distraction-free, themeable Markdown editor
"That is right for CVE-2022-24724 but CVE-2022-39209 != CVE-2022-24724." I hadn't seen this one. "I do not know what that means. I do not care about the lintian override but the non-source files." I didn't add anything, everything there is from the project sources. Le 08/10/2022 à 13:28, Bastian Germann a écrit : Am 08.10.22 um 12:33 schrieb Sebastien CHAVAUX: To my knowledge, CVE-2022-39209 concerns versions of cmark-gfm before 0.29.0.gfm.3 and 0.28.3.gfm.21: This vulnerability has been patched in the following cmark- | gfm versions 0.29.0.gfm.3 and 0.28.3.gfm.21. https://security-tracker.debian.org/tracker/CVE-2022-24724 That is right for CVE-2022-24724 but CVE-2022-39209 != CVE-2022-24724. I replaced the lintian message in debian/source/lintian-overrides precisely to avoid an overflow error, in short, it's been done since a yawn without ever causing any problems, for proof it's already the case in the ghostwriter version in backport (2.0.2-2~bpo11+1), that's what I was advised to do at the time. I do not know what that means. I do not care about the lintian override but the non-source files.
Bug#1021364: RFS: ghostwriter/2.2.0-1 [RC] -- Distraction-free, themeable Markdown editor
Am 08.10.22 um 12:33 schrieb Sebastien CHAVAUX: To my knowledge, CVE-2022-39209 concerns versions of cmark-gfm before 0.29.0.gfm.3 and 0.28.3.gfm.21: This vulnerability has been patched in the following cmark- | gfm versions 0.29.0.gfm.3 and 0.28.3.gfm.21. https://security-tracker.debian.org/tracker/CVE-2022-24724 That is right for CVE-2022-24724 but CVE-2022-39209 != CVE-2022-24724. I replaced the lintian message in debian/source/lintian-overrides precisely to avoid an overflow error, in short, it's been done since a yawn without ever causing any problems, for proof it's already the case in the ghostwriter version in backport (2.0.2-2~bpo11+1), that's what I was advised to do at the time. I do not know what that means. I do not care about the lintian override but the non-source files.
Bug#1021364: RFS: ghostwriter/2.2.0-1 [RC] -- Distraction-free, themeable Markdown editor
Hello, To my knowledge, CVE-2022-39209 concerns versions of cmark-gfm before 0.29.0.gfm.3 and 0.28.3.gfm.21: This vulnerability has been patched in the following cmark- | gfm versions 0.29.0.gfm.3 and 0.28.3.gfm.21. https://security-tracker.debian.org/tracker/CVE-2022-24724 However, the version given is indeed 0.29.0.gfm.3 (Fixes #741: Update to cmark-gfm 0.29.0.gfm.3 to patch vulnerability) https://github.com/KDE/ghostwriter/tree/release /3rdparty/cmark-gfm. I will replace the home page, as well as the github tag, weird that it no longer works since I repatriated the sources via `uscan` but it will be done. Actually no, not that weird since the upstream author released this 2.2.0 version first on his github and then made the switch to kde's. I replaced the lintian message in debian/source/lintian-overrides precisely to avoid an overflow error, in short, it's been done since a yawn without ever causing any problems, for proof it's already the case in the ghostwriter version in backport (2.0.2-2~bpo11+1), that's what I was advised to do at the time. Cordialy. Le 07/10/2022 à 11:19, Bastian Germann a écrit : Also, the homepage should be relaced with https://kde.github.io/ghostwriter and the watch file should scan GitHub's tags page instead of releases (does not work anymore). I do not see the corresponding source for a lot of minified JavaScript files in 3rdparty/MathJax/bin. You try to override the lintian msg in debian/source/lintian-overrides but do not give a reason for it.
Bug#1021364: RFS: ghostwriter/2.2.0-1 [RC] -- Distraction-free, themeable Markdown editor
CVE-2022-39209 is not fixed. Please replace the vendored cmark-gfm library with the Debian package and help its maintainer to import the new upstream version. Also, the homepage should be relaced with https://kde.github.io/ghostwriter and the watch file should scan GitHub's tags page instead of releases (does not work anymore). I do not see the corresponding source for a lot of minified JavaScript files in 3rdparty/MathJax/bin. You try to override the lintian msg in debian/source/lintian-overrides but do not give a reason for it.
Bug#1021364: RFS: ghostwriter/2.2.0-1 [RC] -- Distraction-free, themeable Markdown editor
Package: sponsorship-requests Severity: important Dear mentors, I am looking for a sponsor for my package "ghostwriter": * Package name : ghostwriter Version : 2.2.0-1 Upstream contact : wereturtle * URL : https://wereturtle.github.io/ghostwriter/ * License : Expat, GPL-3.0+, CC-BY-SA-4.0, GPL-3.0, ISC * Vcs : https://salsa.debian.org/seb95-guest/ghostwriter Section : editors The source builds the following binary packages: ghostwriter - Distraction-free, themeable Markdown editor To access further information about this package, please visit the following URL: https://mentors.debian.net/package/ghostwriter/ Alternatively, you can download the package with 'dget' using this command: dget -x https://mentors.debian.net/debian/pool/main/g/ghostwriter/ghostwriter_2.2.0-1.dsc Changes since the last upload: ghostwriter (2.2.0-1) unstable; urgency=medium . * New upstream release. * debian/control: set Standards-Version: to 4.6.1 * debian/control: address correction * debian/watch: address correction * CVE-2022-24724 (Closes: #1006757) Regards,