Re: RFS: arno-iptables-firewall/2.0.3-1 [ITA]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Thanks a lot for uploading, Samuel! On Sunday, 13.01.2019, 23:36 + Samuel Henrique wrote: > Hello Everyone, > > Finally got some free time to review the package, I think everything > is ok, > I just did some little changes on d/copyright. > > Thank you everybody who helped review and test the package, and Sven > for > the packaging :) > > Uploaded. > -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEPfXoqkP8n9/QhvGVrfUO2vit1YUFAlw89+MACgkQrfUO2vit 1YVO5RAAhAD7xu6TXINfQvl4U/+sOgnd3Guvno6euWiJKX/Bu8ZKVG93MT0UefPY nCCPb2Cnvk++h1LxdjnU2stEjKKLE5R2voR9Jpx83k1Uqdhy7s0dQloKPtTfTwUL 2sAopNeeZkqgwfpoFIW5Pxl+16Aqgp36vSQAVH6iF6kxGoN/8eO5Sl8ZSUbWsly7 o84QM2GUzJIGSF+GZtgXG29adqmo4kJJ7YrYcke44VNRnTusLbtBDh97E5noJKQa lT+vkBEOB8SkKfHQGoRFu/XV4MguHVCD0aDeqL62/4EDFVLS8JxTWMkv0hn1Ezmb f8a8SiXeOtP+RSLwh1yCYSqG4w7t1zbP6DG8O6+MKYhbfkeIepViV9rqwYNUmxkV 0WDNEz1kF9C1cw0Hw2ZIXIh0juFQ9MuVGA1qTVwbVZGhENdI5+5OkyJAYODMrfXK tR2HpbNGhXg5F7rZmHozqiaLjN0sFMXtE+t5/VqGRMMdIAI66pFhRA/NLozNWI3Q vp75+A/5Aui6mJ6k9pMBN2zwCd3PEwvJTNCmElyc1mbOXiPYdp6o79qAD+CbxEgz OuJIgeO8xiDIXl6/RZe87rrr3rqXJsOwCL7N7jm13ZFoO4k/Y0mn0fKk9JNbHgF0 4CiJdpABCfah31xXr1nAmHNPu9fo8uqJ0eecmdW66uBtt2RAhcI= =+7L7 -END PGP SIGNATURE-
Re: RFS: arno-iptables-firewall/2.0.3-1 [ITA]
Hello Everyone, Finally got some free time to review the package, I think everything is ok, I just did some little changes on d/copyright. Thank you everybody who helped review and test the package, and Sven for the packaging :) Uploaded. -- Samuel Henrique
Re: RFS: arno-iptables-firewall/2.0.3-1 [ITA]
Hello Team, a small fix to my previous post: > I managed to run autopkgtest through ssh to a Virtualbox VM. > > Steps: > > Set up an minimal VM by selecting ssh server from debian installer > with > user testbed and password xx where testbed is capable to sudo. > > Copy your local ~/.ssh/id_rsa.pub to > /home/testbed/.ssh/authorizes_keys > on the VM. > > You should now be able to ssh into the VM, details depend on your > virtual network configuration. In my enviroment a simple 'ssh sid' > does > the job. By testing this your local enviroment learns the VM's host > key. > > A this point you may want to take a snapshot of the VM to rollback > to > after a test. > > You then can run autopkgtest by: autopkgtest arno-iptables-firewall_2.0.3-1_amd64.changes -- ssh --capability=isolation-machine --capability=root-on-testbed -l testbed -P xx -H sid > As Aleksey mentioned in his latest post running the test blocks the > VM's ssh port in the end. Fortunately the firewall does not block > already established connections, so the test performs flawlessy. > > After each autopkgtest the testbed needs to be restored, by rolling > back the VM to the snapshot you took before, or by executing 'sudo > dpkg > --purge arno-iptables-firewall' on the VM's console. > > Best, > Sven
Re: RFS: arno-iptables-firewall/2.0.3-1 [ITA]
Hello Team, I managed to run autopkgtest through ssh to a Virtualbox VM. Steps: Set up an minimal VM by selecting ssh server from debian installer with user testbed and password xx where testbed is capable to sudo. Copy your local ~/.ssh/id_rsa.pub to /home/testbed/.ssh/authorizes_keys on the VM. You should now be able to ssh into the VM, details depend on your virtual network configuration. In my enviroment a simple 'ssh sid' does the job. By testing this your local enviroment learns the VM's host key. A this point you may want to take a snapshot of the VM to rollback to after a test. You then can run autopkgtest by: autopkgtest arno-iptables-firewall_2.0.3-1_amd64.changes -- ssh --capability=isolation-machine --capability=root-on-testbed -P xx -H sid As Aleksey mentioned in his latest post running the test blocks the VM's ssh port in the end. Fortunately the firewall does not block already established connections, so the test performs flawlessy. After each autopkgtest the testbed needs to be restored, by rolling back the VM to the snapshot you took before, or by executing 'sudo dpkg --purge arno-iptables-firewall' on the VM's console. Best, Sven
Re: RFS: arno-iptables-firewall/2.0.3-1 [ITA]
Hello,
1. I've found that version 2.0.1.f was released at rocky.eld.leidenuniv.nl
[1], and later was imported into github.
Although GitHub has autogenerated a tarball for the tag 2.0.1f, its release
notes has the url [1] of the correct tarball.
The pristine-tar tarball checksum match the checksum of this official
release:
af32d7757a3e85a7b92b88c8e4dfdfd86bb32b16
arno-iptables-firewall_2.0.1.f.orig.tar.gz
af32d7757a3e85a7b92b88c8e4dfdfd86bb32b16
arno-iptables-firewall_2.0.1f.tar.gz
2. I've succeeded to run autopkgtest with 'null' virtual-server inside a
VirtualBox VM (not a minimal installation):
$ sudo autopkgtest arno-iptables-firewall_2.0.3-1_amd64.changes -- null
All tests pass. The service installed by the package blocks incoming ssh
connection, so testing via 'ssh' testbed isn't possible leaving us with
choice only of 'qemu' and 'null' virtual servers.
So the list of the reviewed items now is:
[x] checksums of all two pristine-tar tarballs match checksums the related
upstream releases
[x] autopkgtest: all tests pass (with a virt-server=null)
[x] arno-iptables-firewall_2.0.3-1.dsc builds cleanly with pbuilder
[x] the package correctly builds twice by debuild within the source tree
and
> [x] checked d/watch with uscan - works as expected, although it's unusual
to see uupdate running from d/watch.
> [x] fr.po and sv.po are correctly converted to uft8
> [x] d/control looks sane
> [x] new d/arno-iptables-firewall.logrotate looks good
[1]
http://rocky.eld.leidenuniv.nl/arno-iptables-firewall/arno-iptables-firewall_2.0.1f.tar.gz
Best wishes,
Aleksey
On Wed, Jan 9, 2019 at 6:17 PM Aleksey Kravchenko
wrote:
> Hello team,
>
> I've reviewed a bit more:
> [x] arno-iptables-firewall_2.0.3-1.dsc builds cleanly with pbuilder
> [x] the package correctly builds twice by debuild within the source tree
>
> I found strange thing. The content match, but checksum doesn't match for
> the previous release tarball:
> $ pristine-tar checkout arno-iptables-firewall_2.0.1.f.orig.tar.gz
> $ sha1sum arno-iptables-firewall_2.0.1.f.orig.tar.gz aif-2.0.1f.tar.gz
> af32d7757a3e85a7b92b88c8e4dfdfd86bb32b16
> arno-iptables-firewall_2.0.1.f.orig.tar.gz
> a18f94fb9324df8e8e4a28805b92269ff8bd1bc6 aif-2.0.1f.tar.gz
> , where aif-2.0.1f.tar.gz is taken from upstream github tag [1]
>
> I'm experiencing some problems running autopkgtest:
>
> 1) failed to correctly setup serial console ttyS0/ttyS1 for qemu
> debian-sid image (autopkgtest fails to connect)
>
> 2) autopkgtest fails with ssh to a VirtualBox VM, using command:
> autopkgtest arno-iptables-firewall_2.0.3-1_amd64.changes -- ssh
> --capability=isolation-machine -l root -p 2022 -H 127.0.0.1
>
> See the log [2]. It looks like autopkgtest doesn't not install
> arno-iptables-firewall_2.0.3-1_all.deb
> To run the test I've also removed the 'needs-root' restriction, since the
> option '--capability=root-on-testbed' is not enough.
>
>
> [1] https://github.com/arno-iptables-firewall/aif/archive/2.0.1f.tar.gz
> [2] https://paste.debian.net/1059405/
>
> On Wed, Jan 9, 2019 at 1:02 AM Sven Geuer wrote:
>
>> Hi Samuel,
>>
>> I removed pre-squeeze upgrade code
>>
>> Regarding your change 'Bump DH level to 12' I believe debian/control
>> needs further changes.
>>
>> The debhelper manpage says:
>>
>> Changes from v11 are:
>> [...]
>> This change makes dh_installinit inject a misc:Pre-Depends
>> for init-system-helpers (>= 1.54~). Please ensure that the
>> package lists ${misc:Pre-Depends} in its Pre-Depends field
>> before upgrading to compat 12.
>> [...]
>>
>> Please double-check.
>>
>> Best,
>> Sven
>>
>>
Re: RFS: arno-iptables-firewall/2.0.3-1 [ITA]
Hello Aleksey, Hello team, > I've reviewed a bit more: > [x] arno-iptables-firewall_2.0.3-1.dsc builds cleanly with pbuilder > [x] the package correctly builds twice by debuild within the source > tree > > I found strange thing. The content match, but checksum doesn't match > for > the previous release tarball: > $ pristine-tar checkout arno-iptables-firewall_2.0.1.f.orig.tar.gz > $ sha1sum arno-iptables-firewall_2.0.1.f.orig.tar.gz aif- > 2.0.1f.tar.gz > af32d7757a3e85a7b92b88c8e4dfdfd86bb32b16 > arno-iptables-firewall_2.0.1.f.orig.tar.gz > a18f94fb9324df8e8e4a28805b92269ff8bd1bc6 aif-2.0.1f.tar.gz > , where aif-2.0.1f.tar.gz is taken from upstream github tag [1] I used the previous release tarball from packages.debian.org [3]+[4]: $ sha1sum arno-iptables-firewall_2.0.1.f.orig.tar.gz af32d7757a3e85a7b92b88c8e4dfdfd86bb32b16 arno-iptables- firewall_2.0.1.f.orig.tar.gz This matches what is on salsa now. If I remember correctly upstream previously used to host its release tarballs on the homepage [5]. The Github repository was even unknown to me before I started to upgrade the package. So, maybe this glitch results from Github repacking the release. > > I'm experiencing some problems running autopkgtest: > > 1) failed to correctly setup serial console ttyS0/ttyS1 for qemu > debian-sid > image (autopkgtest fails to connect) I wasn't able to test this either as autopkgtest-build-qemu currently seems to be broken [6]. I could afford to ruin my usual netfilter rules and ran the test successfully on my local machine by: $ sudo autopkgtest arno-iptables-firewall_2.0.3-1_amd64.changes -- null > > 2) autopkgtest fails with ssh to a VirtualBox VM, using command: > autopkgtest arno-iptables-firewall_2.0.3-1_amd64.changes -- ssh > --capability=isolation-machine -l root -p 2022 -H 127.0.0.1 > > See the log [2]. It looks like autopkgtest doesn't not install > arno-iptables-firewall_2.0.3-1_all.deb > To run the test I've also removed the 'needs-root' restriction, since > the > option '--capability=root-on-testbed' is not enough. In my understanding it's up to autopkgtest to install a package, the test scripts itself should just test the installed package. I will try this on Virtualbox. Cheers, Sven > > > [1] > https://github.com/arno-iptables-firewall/aif/archive/2.0.1f.tar.gz > [2] https://paste.debian.net/1059405/ > > [3] https://packages.debian.org/buster/arno-iptables-firewall [4] http://deb.debian.org/debian/pool/main/a/arno-iptables-firewall/arno-iptables-firewall_2.0.1.f.orig.tar.gz [5] http://rocky.eld.leidenuniv.nl/ [6] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916493
Re: RFS: arno-iptables-firewall/2.0.3-1 [ITA]
Hello team,
I've reviewed a bit more:
[x] arno-iptables-firewall_2.0.3-1.dsc builds cleanly with pbuilder
[x] the package correctly builds twice by debuild within the source tree
I found strange thing. The content match, but checksum doesn't match for
the previous release tarball:
$ pristine-tar checkout arno-iptables-firewall_2.0.1.f.orig.tar.gz
$ sha1sum arno-iptables-firewall_2.0.1.f.orig.tar.gz aif-2.0.1f.tar.gz
af32d7757a3e85a7b92b88c8e4dfdfd86bb32b16
arno-iptables-firewall_2.0.1.f.orig.tar.gz
a18f94fb9324df8e8e4a28805b92269ff8bd1bc6 aif-2.0.1f.tar.gz
, where aif-2.0.1f.tar.gz is taken from upstream github tag [1]
I'm experiencing some problems running autopkgtest:
1) failed to correctly setup serial console ttyS0/ttyS1 for qemu debian-sid
image (autopkgtest fails to connect)
2) autopkgtest fails with ssh to a VirtualBox VM, using command:
autopkgtest arno-iptables-firewall_2.0.3-1_amd64.changes -- ssh
--capability=isolation-machine -l root -p 2022 -H 127.0.0.1
See the log [2]. It looks like autopkgtest doesn't not install
arno-iptables-firewall_2.0.3-1_all.deb
To run the test I've also removed the 'needs-root' restriction, since the
option '--capability=root-on-testbed' is not enough.
[1] https://github.com/arno-iptables-firewall/aif/archive/2.0.1f.tar.gz
[2] https://paste.debian.net/1059405/
On Wed, Jan 9, 2019 at 1:02 AM Sven Geuer wrote:
> Hi Samuel,
>
> I removed pre-squeeze upgrade code
>
> Regarding your change 'Bump DH level to 12' I believe debian/control
> needs further changes.
>
> The debhelper manpage says:
>
> Changes from v11 are:
> [...]
> This change makes dh_installinit inject a misc:Pre-Depends
> for init-system-helpers (>= 1.54~). Please ensure that the
> package lists ${misc:Pre-Depends} in its Pre-Depends field
> before upgrading to compat 12.
> [...]
>
> Please double-check.
>
> Best,
> Sven
>
>
Re: RFS: arno-iptables-firewall/2.0.3-1 [ITA]
Hi Samuel,
I removed pre-squeeze upgrade code
Regarding your change 'Bump DH level to 12' I believe debian/control
needs further changes.
The debhelper manpage says:
Changes from v11 are:
[...]
This change makes dh_installinit inject a misc:Pre-Depends
for init-system-helpers (>= 1.54~). Please ensure that the
package lists ${misc:Pre-Depends} in its Pre-Depends field
before upgrading to compat 12.
[...]
Please double-check.
Best,
Sven
Re: RFS: arno-iptables-firewall/2.0.3-1 [ITA]
Hi Samuel,
> Do you think these people could test the version in experimental? As
> far as
> I currently reviewed it looks like the only problem which may hit us
> is on
> upgrades of the package, I mean, I want to make sure that an upgrade
> of the
> package will not break any configuration file (which does not look
> like
> will happen but it's better if people actually tested on their
> systems).
I asked them (again) to do so.
>
> I've seen some {pre/post}{rmínstall} parts to deal with very old
> versions
> of configs from arno, and also a comment asking if that was needed, I
> didn't properly read the scripts yet but agree with you, we can
> remove that
> parts because they are for versions prior to old-old-stable. Feel
> free to
> remove them.
Will do.
Thank you for your time,
Sven
Re: RFS: arno-iptables-firewall/2.0.3-1 [ITA]
Hello Sven,
are there still chances to get this into buster?
>
Yes, we still have plenty of time, the full freeze is only on 2019-03-12,
as you can see here[0]. It is better if we manage to upload to unstable
before the soft freeze though, which I think will definitely happen. So we
regarding Buster we're good.
> Is there anybody who can help reviewing this package?
>
I already started reviewing, but I want to make sure I review everything
thoroughly and I'm not having that much free time lately, but I will end it
eventually, and soon.
Also thanks a lot to Aleksey for helping with reviewing.
> I know there are people waiting for an updated/upgraded version in
> buster.
>
Do you think these people could test the version in experimental? As far as
I currently reviewed it looks like the only problem which may hit us is on
upgrades of the package, I mean, I want to make sure that an upgrade of the
package will not break any configuration file (which does not look like
will happen but it's better if people actually tested on their systems).
I've seen some {pre/post}{rmínstall} parts to deal with very old versions
of configs from arno, and also a comment asking if that was needed, I
didn't properly read the scripts yet but agree with you, we can remove that
parts because they are for versions prior to old-old-stable. Feel free to
remove them.
Regards,
[0]https://release.debian.org/buster/freeze_policy.html
--
Samuel Henrique
Re: RFS: arno-iptables-firewall/2.0.3-1 [ITA]
Hello everybody, are there still chances to get this into buster? Is there anybody who can help reviewing this package? I know there are people waiting for an updated/upgraded version in buster. Sven Am Mittwoch, den 02.01.2019, 01:01 + schrieb Samuel Henrique: > Hello Sven, > > I started looking at the package, but as there are a lot of changes > in > there, it will take some time until I can review and confirm that all > of > them are ok and we are close to the freeze. That's why I decided to > upload > the package to experimental for now, so it's also easier for other > people > to test the package. > > If anybody else from the team is also available, it would be great if > we > had more people reviewing it*, so we can make sure it will be > available on > Buster. I will try my best to review all of it and sponsor the > package > before 6th January nonetheless. > > Thanks for your work Sven. > > * Note that you don't have to be a DD or DM to review the package, > everyone > is welcomed and that's a good way of learning packaging, you also > don't > have to check everything, feel free to send checklists of the parts > you > checked and confirmed that are ok. >
Re: RFS: arno-iptables-firewall/2.0.3-1 [ITA]
Hello, quote on RFS bugs from [1]: After you uploaded a package, please close the bug report by sending a mail > to nnn-d...@bugs.debian.org. *Do not close RFS bugs in debian/changelog.* [1] https://mentors.debian.net/sponsor/rfs-howto Best wishes, Aleksey
Re: RFS: arno-iptables-firewall/2.0.3-1 [ITA]
Hi Team, one question, is it appropriate to close the RFS-Bug [1] by means of debian/changelog via * New maintainer. (Closes: #886951, #915718) ? [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=915718 Sven
Re: RFS: arno-iptables-firewall/2.0.3-1 [ITA]
Thank you so much, Raphael. Am Mittwoch, den 02.01.2019, 15:44 +0100 schrieb Raphael Hertzog: > Hi, > > On Mon, 31 Dec 2018, Sven Geuer wrote: > > Regarding joining the group I seem to miss the obvious. I didn't > > see > > how to do so on [2]. Please advice. > > I have added you to the team (there's no button to request to join, > you > have to ask here, I just clarified this on the wiki page). > > Cheers,
Re: RFS: arno-iptables-firewall/2.0.3-1 [ITA]
Hello Samuel,
thanks a lot for uploading!
Hello Aleksey,
find my replies inline below.
Am Mittwoch, den 02.01.2019, 17:01 +0300 schrieb Aleksey Kravchenko:
> Hello Sven,
>
> You should now switch the Vcs-* fields to the new repository
> https://salsa.debian.org/pkg-security-team/arno-iptables-firewall
>
> I beleave you should drop ~rc4 suffix after the package version
> (2.0.3-1).
> Now, for reviewing you use git commits, instead of uploading ~rc*
> packages
> to mentors.
Done. Also corrected Maintainer and moved myself to Uploaders.
>
> Samuel,
>
> > you also don't have to check everything, feel free to send
> > checklists of
> the parts you checked and confirmed that are ok.
> I've reviewed a bit.
>
> [x] upstream tarball is imported correctly (checksum match).
> [x] checked d/watch with uscan - works as expected, although it's
> unusual
> to see uupdate running from d/watch.
I followed
https://www.debian.org/doc/manuals/maint-guide/dother.en.html#watch
doing it this way.
> [x] fr.po and sv.po are correctly converted to uft8
> [x] d/control looks sane
> [x] new d/arno-iptables-firewall.logrotate looks good
>
> autopkgtest and d/templates look dependent on existence of ppp
> interface,
> so it should be verified.
ppp+ is the standard placeholder for a ppp interface that may become
available later. It's one of the features of arno-iptables-firewall
that it can deal with this.
Therefore autopkgtest does not need a real ppp either. It checks
whether the generated configuration file and the installed iptables
rules are as expected. No real network traffic is produced or consumed.
>
> The diff is big (>2200 lines) mostly because of two converted .po
> files
Contentwise nothing has changed there, it's only the conversion from
latin1 to utf8.
> and modified debian/{post,pre}* scripts.
> I think these scripts should be reviewed after all other changes.
These are constructed starting from fresh dh_make templates. Then I
imported logic from the previous scripts where appropriate or
rewrote/extended it. For easier review, may be it helps to diff with
option --ignore-space-change.
Best,
Sven
Re: RFS: arno-iptables-firewall/2.0.3-1 [ITA]
Hi, On Mon, 31 Dec 2018, Sven Geuer wrote: > Regarding joining the group I seem to miss the obvious. I didn't see > how to do so on [2]. Please advice. I have added you to the team (there's no button to request to join, you have to ask here, I just clarified this on the wiki page). Cheers, -- Raphaël Hertzog ◈ Debian Developer Support Debian LTS: https://www.freexian.com/services/debian-lts.html Learn to master Debian: https://debian-handbook.info/get/
Re: RFS: arno-iptables-firewall/2.0.3-1 [ITA]
Hello Sven,
You should now switch the Vcs-* fields to the new repository
https://salsa.debian.org/pkg-security-team/arno-iptables-firewall
I beleave you should drop ~rc4 suffix after the package version (2.0.3-1).
Now, for reviewing you use git commits, instead of uploading ~rc* packages
to mentors.
Samuel,
> you also don't have to check everything, feel free to send checklists of
the parts you checked and confirmed that are ok.
I've reviewed a bit.
[x] upstream tarball is imported correctly (checksum match).
[x] checked d/watch with uscan - works as expected, although it's unusual
to see uupdate running from d/watch.
[x] fr.po and sv.po are correctly converted to uft8
[x] d/control looks sane
[x] new d/arno-iptables-firewall.logrotate looks good
autopkgtest and d/templates look dependent on existence of ppp interface,
so it should be verified.
The diff is big (>2200 lines) mostly because of two converted .po files
and modified debian/{post,pre}* scripts.
I think these scripts should be reviewed after all other changes.
Best regards,
Aleksey
On Wed, Jan 2, 2019 at 4:02 AM Samuel Henrique wrote:
> Hello Sven,
>
> I started looking at the package, but as there are a lot of changes in
> there, it will take some time until I can review and confirm that all of
> them are ok and we are close to the freeze. That's why I decided to upload
> the package to experimental for now, so it's also easier for other people
> to test the package.
>
> If anybody else from the team is also available, it would be great if we
> had more people reviewing it*, so we can make sure it will be available on
> Buster. I will try my best to review all of it and sponsor the package
> before 6th January nonetheless.
>
> Thanks for your work Sven.
>
> * Note that you don't have to be a DD or DM to review the package,
> everyone is welcomed and that's a good way of learning packaging, you also
> don't have to check everything, feel free to send checklists of the parts
> you checked and confirmed that are ok.
>
> --
> Samuel Henrique
>
Re: RFS: arno-iptables-firewall/2.0.3-1 [ITA]
Hello Sven, I started looking at the package, but as there are a lot of changes in there, it will take some time until I can review and confirm that all of them are ok and we are close to the freeze. That's why I decided to upload the package to experimental for now, so it's also easier for other people to test the package. If anybody else from the team is also available, it would be great if we had more people reviewing it*, so we can make sure it will be available on Buster. I will try my best to review all of it and sponsor the package before 6th January nonetheless. Thanks for your work Sven. * Note that you don't have to be a DD or DM to review the package, everyone is welcomed and that's a good way of learning packaging, you also don't have to check everything, feel free to send checklists of the parts you checked and confirmed that are ok. -- Samuel Henrique
Re: RFS: arno-iptables-firewall/2.0.3-1 [ITA]
Hello Sven, I created the repo on https://salsa.debian.org/pkg-security-team/arno-iptables-firewall and gave temporary permission for your account so you can work there until you are on the salsa team. I don't think I can add you on the salsa team, Raphaël or Gianfranco can confirm that, also, there should be a button to join the team on the wgui but I'm not familiar on where should it be, this can be solved later as you have access on the one I created now. I will probably be able to review the package tomorrow after reviewing Aleksey's libpff. Thanks for your work -- Samuel Henrique
Re: RFS: arno-iptables-firewall/2.0.3-1 [ITA]
Hello Aleksey, Hello Team, I logged in to salsa.debian.org, created a repo for the package and pushed everything I have, including latest updates [1]. Please review and upload so that this package can go into buster. Regarding joining the group I seem to miss the obvious. I didn't see how to do so on [2]. Please advice. [1] https://salsa.debian.org/sven-geuer-guest/arno-iptables-firewall [2] https://salsa.debian.org/pkg-security-team Happy New Year to all of you! Sven Am Montag, den 31.12.2018, 04:59 +0300 schrieb Aleksey Kravchenko: > Hello Sven. > > On 29.12.2018 22:14, Sven Geuer wrote: > > I'd like to ask for a repository for arno-iptables-firewall under > > https://salsa.debian.org/pkg-security-team. I would then upload the > > version 2.0.1.f-1.1 currently in unstable and buster followed by my > > packaged 2.0.3-1 so that changes are easy to spot. > > First you should login to salsa.debian.org [1], then join the > pkg-security-team group [2]. > > Only Michael Prokop, Raphaël Hertzog and Gianfranco Costamagna have > the > rights to create repository. They seems to be busy at this time of > the > year, you should understand them ;) > > I see from description of arno-iptables-firewall [3] that it's indeed > security related: > > arno-iptables-firewall will setup and load a secure, restrictive > > firewall > > by just asking a few question. > > The package has very good popcon vote-rank 7931 [4] and has in the > debian bugtracker a demand [5] for new version. > > If you are in hurry (because of the buster freeze), you should setup > a > repository on your personal salsa page, then you can add it as > Vcs-Git/Vcs-Browser to your debian/control file, and then ask for > review/upload on this list. > > [1] https://salsa.debian.org/users/sign_in > [2] https://salsa.debian.org/pkg-security-team > [3] > https://tracker.debian.org/media/packages/a/arno-iptables-firewall/control-2.0.1.f-1.1 > [4] https://qa.debian.org/popcon.php?package=arno-iptables-firewall > [5] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=886991 > > Best wishes, > Aleksey > >
Re: RFS: arno-iptables-firewall/2.0.3-1 [ITA]
Hello Sven. On 29.12.2018 22:14, Sven Geuer wrote: > I'd like to ask for a repository for arno-iptables-firewall under > https://salsa.debian.org/pkg-security-team. I would then upload the > version 2.0.1.f-1.1 currently in unstable and buster followed by my > packaged 2.0.3-1 so that changes are easy to spot. First you should login to salsa.debian.org [1], then join the pkg-security-team group [2]. Only Michael Prokop, Raphaël Hertzog and Gianfranco Costamagna have the rights to create repository. They seems to be busy at this time of the year, you should understand them ;) I see from description of arno-iptables-firewall [3] that it's indeed security related: > arno-iptables-firewall will setup and load a secure, restrictive firewall > by just asking a few question. The package has very good popcon vote-rank 7931 [4] and has in the debian bugtracker a demand [5] for new version. If you are in hurry (because of the buster freeze), you should setup a repository on your personal salsa page, then you can add it as Vcs-Git/Vcs-Browser to your debian/control file, and then ask for review/upload on this list. [1] https://salsa.debian.org/users/sign_in [2] https://salsa.debian.org/pkg-security-team [3] https://tracker.debian.org/media/packages/a/arno-iptables-firewall/control-2.0.1.f-1.1 [4] https://qa.debian.org/popcon.php?package=arno-iptables-firewall [5] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=886991 Best wishes, Aleksey
Re: RFS: arno-iptables-firewall/2.0.3-1 [ITA]
Hello team, I'd like to ask for a repository for arno-iptables-firewall under https://salsa.debian.org/pkg-security-team. I would then upload the version 2.0.1.f-1.1 currently in unstable and buster followed by my packaged 2.0.3-1 so that changes are easy to spot. Looking forward to reveiving your feedback. Sven Am Samstag, den 22.12.2018, 18:03 +0100 schrieb Sven Geuer: > Hello team, > > I intent to adopt the orphaned package arno-iptables-firewall ( > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=915718). > > Marcos proposed to maintain this package from within the pkg-security > team and I would love to follow his suggestion. > > Having read https://wiki.debian.org/Teams/pkg-security its still > unclear to me what the next steps shall be, starting with how to join > the team. > > Please give some pointers or hints how to proceed. > > Sven > >
