Re: Testing transition for console-setup 1.24

[Pierre Habouzit]

On Sun, Jun 15, 2008 at 06:02:16PM +, Christian Perrier wrote:
> console-setup is currently frozen because it provides a udeb.
Done



-- 
·O·  Pierre Habouzit
··O[EMAIL PROTECTED]
OOOhttp://www.madism.org


pgpZkviyTZSkJ.pgp
Description: PGP signature

Re: klibc 1.5.10

[Pierre Habouzit]

On Mon, Jun 16, 2008 at 12:42:36AM +, maximilian attems wrote:
> hello,
> 
> please unblock klibc 1.5.10-1

done

-- 
·O·  Pierre Habouzit
··O[EMAIL PROTECTED]
OOOhttp://www.madism.org


pgplovrDuwcew.pgp
Description: PGP signature

Re: hppa release status

[Frans Pop]

Kyle McMartin wrote:
> Anyway, I don't particularly much care for stable releases. I have no
> problems with HPPA being punted from lenny and existing only as sid, as
> long as people still take patches to fix the issues without the
> "release-critical bug" burden over their heads.
> 
> Holding up Debian because of a minority of people with a small amount
> of time to work on things doesn't seem entirely fair.

This could mean losing D-I support for hppa.

The whole D-I infrastructure is built around having a usable testing. If 
hppa abandons stable releases and thus is no longer included in testing, 
I personally will immediately stop investing any energy in hppa D-I and 
may argue for dropping it, especially if nobody else takes any interest.

I also doubt that Debian in general will allow architectures to only have 
a presence in unstable. It's much more likely that hppa would at some 
point be relegated to http://www.debian-ports.org/.

Cheers,
FJP


signature.asc
Description: This is a digitally signed message part.

Re: hppa release status

[Kyle McMartin]

On Sun, Jun 08, 2008 at 09:46:17PM +0200, Andreas Barth wrote:
> Hi,
> 

I've waited a while to weigh in on this.

Anyway, I don't particularly much care for stable releases. I have no
problems with HPPA being punted from lenny and existing only as sid, as
long as people still take patches to fix the issues without the
"release-critical bug" burden over their heads.

Holding up Debian because of a minority of people with a small amount
of time to work on things doesn't seem entirely fair.

I would encourage anyone who disagrees to step up and put actions before
mails.

regards, Kyle


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: d-i uses bootloaders

[Joey Hess]

Frans Pop wrote:
> Jérémy posted a full list that included all these in the thread about 
> #484129 and d-release was CCed in that mail: 
> <[EMAIL PROTECTED]>

And luk added the removal hint for lilo on 20080614 or 20080610 -- after
Jérémy sent that list.

BTW, I've double-checked (ie, generated my own since I didn't know about
his) the list. I'd add linux-2.6 and linux-modules-extra-2.6 to it,
otherwise we made identical lists..

-- 
see shy jo


signature.asc
Description: Digital signature

Re: d-i uses bootloaders

[Frans Pop]

Joey Hess wrote:
> As a followup to #484129, I'd like to remind the release team that d-i
> uses and installs bootloaders. These include, but are not limited to
> grub, syslinux, ***LILO***, elilo, vmelilo, silo, aboot, palo, amiboot,
> arcboot, emile, apex-nslu2, sibyl, colo, delo, quik, and yaboot. This is
> the thick end of the wedge of packages that d-i installs, frankly it's
> the ones I'd have thought obvious. (Sorry, still no complete list.)

Jérémy posted a full list that included all these in the thread about 
#484129 and d-release was CCed in that mail: 
<[EMAIL PROTECTED]>

I totally agree with Joey (as was probably already clear from my earlier 
mail). The release team really needs to review the way it selects, plans, 
announces and executes these removals from testing.

Cheers,
FJP


signature.asc
Description: This is a digitally signed message part.

planning a perl upload

[Niko Tyni]

Hi release team,

I have a perl bugfix upload ready and I figured I'd check with you first
just in case it's a bad time for it for some reason.

The biggest change bloats perl-base quite a bit due to UTF-8 issues
in D-I (#480533), but there seems to be no better way around that. The
rest is small packaging tweaks, straightforward bug fixes from upstream,
and one new feature (pod2man --utf8, #480997).

The full changelog can be seen at

 http://git.debian.org/?p=perl/perl.git;a=blob_plain;f=debian/changelog

Please let me know if a sid upload is OK by you. I'll ask for the freeze
unblock separately when we're that far.
-- 
Niko Tyni   [EMAIL PROTECTED]


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

d-i uses bootloaders

[Joey Hess]

As a followup to #484129, I'd like to remind the release team that d-i
uses and installs bootloaders. These include, but are not limited to
grub, syslinux, ***LILO***, elilo, vmelilo, silo, aboot, palo, amiboot,
arcboot, emile, apex-nslu2, sibyl, colo, delo, quik, and yaboot. This is
the thick end of the wedge of packages that d-i installs, frankly it's
the ones I'd have thought obvious. (Sorry, still no complete list.)

Removing these bootloaders from testing w/o communicating with the d-i
team sucks, because you break d-i in horrible, terrible ways[1] without
letting the team know.

-- 
see shy jo

[1] That tend to boil down to "debian erased my operating system,
and then failed to boot!"


signature.asc
Description: Digital signature

[stable] wireless-tools compat update for etchnhalf

[dann frazier]

I'd like to upload a wireless-tools update for etchnhalf as described
in this thread:
  http://teams.debian.net/lurker/message/20080522.204322.0c4a390b.en.html

If no other SRMs object, I'll proceed with the upload tomorrow.
-- 
dann frazier


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

ignore bug 395252 'mplayer embeds ffmpeg' for lenny

[A Mennucc]

hi everybody

I am requesting to the d-release team a lenny-ignore tag for bug 395252.

There are multiple reasons for this request, please take some time to 
read ahead.

--- Reason 1 : policy

Recently, after a long discussion in bug 392362, a paragraph [4.13]
was added to d-policy 3.8.0 stating (briefly) that:

> Some software packages include in their distribution convenience
>  copies of code from other software packages [...]
> Debian packages should not make use of these convenience copies unless 
> the included package is explicitly intended to be used in this way.

This change was advertised in the email of early June by Russ Allbery
to d-devel-announce,
http://lists.debian.org/debian-devel-announce/2008/06/msg1.html

The message starts by saying: 
> Please note that the Policy release cycle is not currently 
> well-synchronized with the release cycle, and adjusting to this version of 
> Policy is *not* a priority for the upcoming lenny release unless the 
> relevant provision has already separately been accepted as a release goal.

I do not find [4.13] in http://release.debian.org/lenny/goals.txt , so
I assume that "unless" part does not apply.

So, the matter of bug 395252 (that was vehemently discussed there) is
now settled once and for all in the debian policy. But there is an
exception for lenny, and for this reason I am asking for a tag for
this bug.

[This also addresses a complaint of me and of Joey Hess, that is,
 why was mplayer singled out on this issue? Now no package
 is singled out, the bug is not RC for lenny, it will be RC for 
 all packages after Lenny. I find this fair.]

 Reason 2: it does not work

The other reason is that I did not find a way to comply to the request.

There are two problems.

---2.1 missing headers and code in -dev files

When 'mplayer' is compiled, it uses a lot of *.h files from its
embedded ffmpeg; moreover, its 'configure' file scans some *.c files
to get the up-to-date listing of supported codecs etc etc.

Unfortunately, the -dev binary packages generated by "ffmpeg-free"
contain only a small part of all the needed stuff.

This said, I manually copied all needed stuff so as to compile all code, but...

2.2 the mplayer binary does not link with the "ffmpeg-free" libs.

By reading and diffing, it would seem that the newer ffmpeg-free
 0.svn20080206 source code seems compatible to the ffmpeg code shipped
 in mplayer... but unfortunately when I try to link, it fails. The
 error is in
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=395252#226

I think that the problem is that the 'ffmpeg-free' code in Debian does
not contain all the upstream code; and then, to be able to compile,
there are many quilt patches that affect the shipped code, and a
restrictive 'configure' call. All this kills some symbols that
'mplayer' needs.

Unfortunately I could not properly identify where and why this linking
failure originates. This is why I add a 'help' tag to the bug. If
there is some simple way out of this that I am overseeing, please
tell.

-- reason 3: ffmpeg is in transition

One insight that I got from all the above is that , to link mplayer to
ffmpeg-free generated libraries, there are possibly many changes to be
made in ffmpeg-free. But this is not a good time to change those
libraries, that are in a transition.

a.

-- 
Andrea Mennucc

"The EULA sounds like it was written by a team of lawyers who want to tell 
me what I can't do, and the GPL sounds like it was written by a human 
being who wants me to know what I can do."
Anonymous,http://www.securityfocus.com/columnists/420


signature.asc
Description: Digital signature

Re: bump for wordpress

[Neil McGovern]

On Mon, Jun 16, 2008 at 03:48:21PM +0200, Steffen Joeris wrote:
> Hi
> 
> Could the release team please bump the urgency of wordpress and let it 
> migrate 
> to testing after 2 days?
> The package fixes this bug[0] and the changes only include the fix for that.
> 

Done.

Neil
-- 
A. Because it breaks the logical sequence of discussion
Q. Why is top posting bad?
gpg key - http://www.halon.org.uk/pubkey.txt ; the.earth.li B345BDD3


signature.asc
Description: Digital signature

bump for wordpress

[Steffen Joeris]

Hi

Could the release team please bump the urgency of wordpress and let it migrate 
to testing after 2 days?
The package fixes this bug[0] and the changes only include the fix for that.

Cheers
Steffen

[0]: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=485807
(CVE-2008-2392)


signature.asc
Description: This is a digitally signed message part.

Re: klibc 1.5.10

[Otavio Salvador]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

maximilian attems <[EMAIL PROTECTED]> writes:

> hello,
>
> please unblock klibc 1.5.10-1
>
> was 10 days in unstable without trouble and fixes some utils.
> no lib changes itself.
>
> hpa just pushed out 1.5.11, i'd like to upload that tomorrow
> as several more nice to have fixes in nfsmount + sh4 support
> + ext4dev fstype.

No objection

- -- 
O T A V I OS A L V A D O R
- -
 E-mail: [EMAIL PROTECTED]  UIN: 5906116
 GNU/Linux User: 239058 GPG ID: 49A5F855
 Home Page: http://otavio.ossystems.com.br
- -
"Microsoft sells you Windows ... Linux gives
 you the whole house."
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.8+ 

iEYEARECAAYFAkhWag0ACgkQLqiZQEml+FWDmgCgrOgskGL8ndsfnxCNFGreZm/3
Me8AoKx9fkaJyLN8YneMTi1z6OznH4jD
=dQNM
-END PGP SIGNATURE-


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Testing transition for console-setup 1.24

[Otavio Salvador]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Christian Perrier <[EMAIL PROTECTED]> writes:

> console-setup is currently frozen because it provides a udeb.
>
> As the D-I beta2 is out and, anyway, console-setup's udeb is not used
> in D-I as of now, I think it's OK for it to enter testing.

No objection

- -- 
O T A V I OS A L V A D O R
- -
 E-mail: [EMAIL PROTECTED]  UIN: 5906116
 GNU/Linux User: 239058 GPG ID: 49A5F855
 Home Page: http://otavio.ossystems.com.br
- -
"Microsoft sells you Windows ... Linux gives
 you the whole house."
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.8+ 

iEYEARECAAYFAkhWabQACgkQLqiZQEml+FU9XACgiaWGzkBL/jY3IkH6q+x+8Y9y
HSsAoK2GNOX5GfsjvCBPpZH59TU3So3d
=jgkA
-END PGP SIGNATURE-


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: xmms2 0.5DrLecter

[Adeodato Simó]

> please go ahead and upload (directly to unstable)

However, xmms2 uploads are blocked at the moment (as announced on
d-d-a), so you may want to upload to experimental instead for the time
being.

-- 
Adeodato Simó dato at net.com.org.es
Debian Developer  adeodato at debian.org
 
- Are you sure we're good?
- Always.
-- Rory and Lorelai


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Bug#486328: libexiv2: Bug#486328: CVE-2008-2696: DoS via metadata in images

[Steffen Joeris]

On Mon, 16 Jun 2008 02:06:40 pm Mark Purcell wrote:
> found 486328 0.16-1
> fixed 486328 0.17-1
> forwarded 486328 http://dev.robotbattle.com/bugs/view.php?id=546
> thanks
>
> On Sun, 15 Jun 2008, Steffen Joeris wrote:
> > Hi,
> > the following CVE (Common Vulnerabilities & Exposures) id was
> > published for exiv2.
>
> Thanks Steffen,
>
> I have already uploaded the fixed upstream to experimental, and awaiting
> clearance from debian-release to upload to unstable, which will fix this
> issue for lenny and sid. I do not propose to upload a fixed package to
> testing-updates.
>
> http://lists.debian.org/debian-release/2008/06/msg00231.html
In this case, testing-security (which gets copied to testing-proposed 
automagically) would be the right way, but the issue is not severe enough, so 
I agree with your opinion.

Thanks for your work.
Cheers
Steffen


signature.asc
Description: This is a digitally signed message part.

Re: libexiv2: Bug#486328: CVE-2008-2696: DoS via metadata in images

[Mark Purcell]

found 486328 0.16-1
fixed 486328 0.17-1
forwarded 486328 http://dev.robotbattle.com/bugs/view.php?id=546
thanks

On Sun, 15 Jun 2008, Steffen Joeris wrote:
> Hi,
> the following CVE (Common Vulnerabilities & Exposures) id was
> published for exiv2.

Thanks Steffen,

I have already uploaded the fixed upstream to experimental, and awaiting 
clearance from debian-release to upload to unstable, which will fix this 
issue for lenny and sid. I do not propose to upload a fixed package to 
testing-updates.

http://lists.debian.org/debian-release/2008/06/msg00231.html

Mark


signature.asc
Description: This is a digitally signed message part.

Re: xmms2 0.5DrLecter

[Adeodato Simó]

* Florian Ragwitz [Sun, 15 Jun 2008 20:38:19 +0200]:

> Hi,

> I am wondering if I should upload a new upstream release for xmms2 to
> unstable. The SONAME of two shlibs has been changed. A few packages
> would need to be binNMUed:

>   gxmms2
>   esperanza
>   abraca
>   wmxmms2

Since only leaf packages build-depend on xmms stuff, please go ahead and
upload (directly to unstable), and mail us when the new xmms2 is built
in all arches.

Thanks for contacting us,

-- 
Adeodato Simó dato at net.com.org.es
Debian Developer  adeodato at debian.org
 
Hay quien sueña con la alquimia
que haga del vicio virtud
-- Luis Eduardo Aute, Giraluna


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Please give back a couple of packages.

[Adeodato Simó]

* Francesco P. Lovergine [Mon, 16 Jun 2008 11:28:05 +0200]:

> === osm2pgsql:
> = Missing build(s) on sparc
>   This might need manual action from your side.
>   See http://buildd.debian.org/pkg.cgi?pkg=osm2pgsql
> = Not in testing for 65 days.
>   If things don't change, it won't be part of lenny!
>   See 

> Why this packaged failed? Maybe a transiente failure at the time?

If you check:

  http://buildd.debian.org/~jeroen/status/package.php?p=osm2pgsql

You see it clearly marked as failed because of #474846. Since that bug
is now fixed, I've marked the package for a retry.

> === postgis:
> = Missing build(s) on alpha,sparc,armel,arm,hppa
>   This might need manual action from your side.
>   See http://buildd.debian.org/pkg.cgi?pkg=postgis
> = Not in testing for 10 days.
>   If things don't change, it won't be part of lenny!
>   See 

> Here jikes-classpath was missing, now it should be available but postgis
> is not yet built.

jikes-classpath is uninstallable at the moment in arm/alpha/hppa,
because libgcj-common is not available. I'm told this is going to get
fixed, so I've set a dep-wait (and given it back in armel and sparc).

Cheers,

-- 
Adeodato Simó dato at net.com.org.es
Debian Developer  adeodato at debian.org
 
  Listening to: Chavela Vargas - No te importe saber


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Upcoming libgpm transition

[Adeodato Simó]

* Guillem Jover [Mon, 16 Jun 2008 09:21:00 +0300]:

> > This will only require binNMUs. So please tell us when it'd be fine to
> > upload to unstable, although it will have to leave from NEW first.

> gpm has just been accepted into experimental.

Ok, great. Let us mail you when the current migration mess has cleared
up a bit.

Cheers,

-- 
Adeodato Simó dato at net.com.org.es
Debian Developer  adeodato at debian.org
 
  Listening to: Chavela Vargas - Mi segundo amor


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Considerations for lilo removal

[Ron Johnson]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 06/16/08 04:19, Mike Hommey wrote:
> On Mon, Jun 16, 2008 at 10:57:32AM +0200, Frans Pop wrote:
>> We still very regularly get installation reports where people use lilo 
>> rather than grub, so it must still have a fairly significant user base. I 
>> would say that the activity on the bug report shows the same.
> 
> OTOH, aren't most of these choosing lilo over grub only doing so by
> habit ?

Does it matter?

Debian doesn't just have one web broswer, one MUA, one IM app, one
scripting language, one word processor, one movie player, etc, etc,
etc.  So why should it only have one boot loader?

- --
Ron Johnson, Jr.
Jefferson LA  USA

"Kittens give Morbo gas.  In lighter news, the city of New New
York is doomed."
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkhWNnIACgkQS9HxQb37XmdjQACghOfpn0VHd4bTToJmCM2XCaBx
Sv8AoLQ+vE3tpCOKd0DkG6k5yFNLruXN
=fOMf
-END PGP SIGNATURE-


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Please give back a couple of packages.

[Francesco P. Lovergine]

=== osm2pgsql:
= Missing build(s) on sparc
  This might need manual action from your side.
  See http://buildd.debian.org/pkg.cgi?pkg=osm2pgsql
= Not in testing for 65 days.
  If things don't change, it won't be part of lenny!
  See 

Why this packaged failed? Maybe a transiente failure at the time?

=== postgis:
= Missing build(s) on alpha,sparc,armel,arm,hppa
  This might need manual action from your side.
  See http://buildd.debian.org/pkg.cgi?pkg=postgis
= Not in testing for 10 days.
  If things don't change, it won't be part of lenny!
  See 

Here jikes-classpath was missing, now it should be available but postgis
is not yet built.

Thanks

-- 
Francesco P. Lovergine


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Considerations for lilo removal

[peter green]

I am wondering if it is a good idea to remove lilo entirely. At the
moment, lilo has been pulled from testing, and the code is in a shape

Can either version of grub handle all the cases that lilo can? for 
example can either of them handle the situation where root is on lvm and 
there is not a seperate /boot partition? last I checked d-i defaulted to 
lilo in that situation.


If not then removing lilo will leave d-i with no ability to install a 
bootloader in those situations and worse leave some users with no 
upgrade path.



--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Considerations for lilo removal

[Mike Hommey]

On Mon, Jun 16, 2008 at 10:57:32AM +0200, Frans Pop wrote:
> We still very regularly get installation reports where people use lilo 
> rather than grub, so it must still have a fairly significant user base. I 
> would say that the activity on the bug report shows the same.

OTOH, aren't most of these choosing lilo over grub only doing so by
habit ?

Mike


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Considerations for lilo removal

[Frans Pop]

William Pitcock wrote:
> I am wondering if it is a good idea to remove lilo entirely. At the
> moment, lilo has been pulled from testing, and the code is in a shape

That's just great. That means that whoever did this just broke an option 
that's been available in Debian Installer since forever: to choose lilo 
as bootloader rather than grub. And it seems for no other reason than 
cosmetically bring the RC count down as the BR shows that testing 
currently is not affected (still has 2.6.24).

It really would be nice if the RT would would contact us (D-I team) before 
taking such actions, especially as we just had a fairly big discussion 
about a similar case. It can't be too hard to make the mental jump from
"$bootloader package" to "installation system".

> where a grave bug (bug #479607) is unlikely fixable without severe
> refactoring of the codebase.
 
> With grub being stable and grub2 approaching stability itself, do we
> really need lilo anymore? It's not even installed by default anymore,
> and the only systems I have that are still on lilo are installations of
> Debian I have had since Woody.

We still very regularly get installation reports where people use lilo 
rather than grub, so it must still have a fairly significant user base. I 
would say that the activity on the bug report shows the same.

Please keep the D-I team informed of where this is going.

TIA,
FJP


signature.asc
Description: This is a digitally signed message part.

Re: BinNMU for ocsigen

[Stefano Zacchiroli]

On Sun, Jun 15, 2008 at 02:04:05PM -0700, Steve Langasek wrote:
> Stefano Zacchiroli was working on the design for an shlibs-style mechanism
> for ocaml.  Has this not made it to the implementation stages yet?

No it has not, the last ocaml step we did for lenny was the recent
3.10.2 transition and we won't be going to push for the mechanism you
mention now for lenny, since it is too near to the release. It is an
objective for lenny+1 though.

-- 
Stefano Zacchiroli -*- PhD in Computer Science \ PostDoc @ Univ. Paris 7
[EMAIL PROTECTED],pps.jussieu.fr,debian.org} -<>- http://upsilon.cc/zack/
I'm still an SGML person,this newfangled /\ All one has to do is hit the
XML stuff is so ... simplistic  -- Manoj \/ right keys at the right time


signature.asc
Description: Digital signature