Re: Debian 11 isolinux AMD64 USB 32GB source

[Thomas Schmitt]

Hi,

i wrote:
>   https://cdimage.debian.org/mirror/cdimage/archive/11.10.0/amd64/jigdo-16G/
> Whatever, there is no counterpart for this image in
>   https://cdimage.debian.org/mirror/cdimage/archive/11.10.0/source/
> This shortcomming might be worth complaining at the debian-cd mailing
> list

It comes to me that there is probably no 1:1 relation between the
volumes of a binary ISO set and the volumes of the volumes of the
source set for the same medium type. That would be because the different
size of source and binary packages and because the source sets cover
all architectures together.

  https://cdimage.debian.org/mirror/cdimage/archive/11.10.0/amd64/jigdo-dvd/
offers 19 binary ISOs.
  https://cdimage.debian.org/mirror/cdimage/archive/11.10.0/source/jigdo-dvd/
offers only 18 source ISOs.

So the lack of a "16 GB" source ISO can be justified by the fact, that
"16 GB" does not constitute a full binary set and thus is not a candidate
for a source set, which has to be a full set in any case.


> I guess that the source ISO for the next larger binary ISO contains all
> the source packages of the 16 GB ISO:

Although this guess might still be correct, above considerations open
enough room for the contrary to let me state that only a complete
source set guarantees that you got all source packages from which a
particular binary ISO was made.

The most compact source set is
  https://cdimage.debian.org/mirror/cdimage/archive/11.10.0/source/jigdo-dlbd/
which offers two volumes.
But due to the latency bottleneck of Jigdo download maybe you get served
faster if you download simultaneously a set with smaller volumes, so
that your jigdo-lite processes form a larger crowd at the Debian mirror
server.


Have a nice day :)

Thomas

Re: Debian 11 isolinux AMD64 USB 32GB source

[Thomas Schmitt]

Hi,

John Conover wrote:
> Is Debian 11 isolinux AMD64 USB 32GB source available?

I am not aware that there was a 32 GB ISO of Debian 11 for amd64.
Maybe you mean the 16 GB ISO ?
  https://cdimage.debian.org/mirror/cdimage/archive/11.10.0/amd64/jigdo-16G/

Whatever, there is no counterpart for this image in
  https://cdimage.debian.org/mirror/cdimage/archive/11.10.0/source/
This shortcomming might be worth complaining at the debian-cd mailing
list:
  https://lists.debian.org/debian-cd/

I guess that the source ISO for the next larger binary ISO contains all
the source packages of the 16 GB ISO:
  
https://cdimage.debian.org/mirror/cdimage/archive/11.10.0/source/jigdo-bd/debian-11.10.0-source-BD-1.jigdo


Have a nice day :)

Thomas

Re: Debian 11 isolinux AMD64 USB 32GB source

[Andrew M.A. Cater]

On Wed, Aug 28, 2024 at 05:55:52PM -0700, John Conover wrote:
> 
> Is Debian 11 isolinux AMD64 USB 32GB source available?
> 

Hi John,

32GB source? All of the source for Debian 11 is available:
http://cdimage.debian.org/cdimage/archive/latest-oldstable/source/iso-dvd/
lists 18 DVDs.

I'm not sure what you mean by 32GB here though: there is a 16GB medium image
which is made by using jigdo to build the image from a mirror, a BluRay
disk and a double-layer BluRay disk size both also made using jigdo.

It's possible that you have purchased media where someone has simply written
a smaller image to a 32GB stick.

Be aware that the final point release of Debian 11 should take place this
coming weekend on/around 31st August 2024. CD, DVD and other size images will
be produced at that time. This will be the last major point release as
Debian 11 moved to LTS support from 14th August.

All the very best, as ever,

Andy Cater
(amaca...@debian.org)


> Help would appreciated,
> 
> John
> 
> -- 
> 
> John Conover, cono...@panix.com, http://www.johncon.com/
> 

Debian 11 isolinux AMD64 USB 32GB source

[John Conover]

Is Debian 11 isolinux AMD64 USB 32GB source available?

Help would appreciated,

John

-- 

John Conover, cono...@panix.com, http://www.johncon.com/

Laptop randomly powering off when unplugged from power source

[Joe B]

Hello,

 i've been having an issue where my laptop powers off randomly when
not connected to power. This has been happening since stable and
currently i'm on unstable. I would like to use my laptop without
power.

Please advise on what logs you might need

System Information
   Manufacturer: Acer
   Product Name: Aspire E5-575



uname -a
Linux debian 6.10.6-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.10.6-1
(2024-08-19) x86_64 GNU/Linux

lsmod
Module  Size  Used by
ccm20480  6
xt_CHECKSUM12288  1
xt_MASQUERADE  16384  3
xt_conntrack   12288  1
ipt_REJECT 12288  2
nf_reject_ipv4 16384  1 ipt_REJECT
xt_tcpudp  16384  0
nft_compat 20480  7
nft_chain_nat  12288  2
nf_nat 65536  2 nft_chain_nat,xt_MASQUERADE
nf_conntrack  204800  3 xt_conntrack,nf_nat,xt_MASQUERADE
nf_defrag_ipv6 24576  1 nf_conntrack
nf_defrag_ipv4 12288  1 nf_conntrack
nf_tables 372736  156 nft_compat,nft_chain_nat
bridge389120  0
stp12288  1 bridge
llc16384  2 bridge,stp
qrtr   53248  2
snd_sof_pci_intel_skl24576  0
snd_sof_intel_hda_generic36864  1 snd_sof_pci_intel_skl
soundwire_intel73728  1 snd_sof_intel_hda_generic
soundwire_generic_allocation12288  1 soundwire_intel
soundwire_cadence  45056  1 soundwire_intel
snd_sof_intel_hda_common   184320  2
snd_sof_intel_hda_generic,snd_sof_pci_intel_skl
snd_sof_intel_hda_mlink36864  3
soundwire_intel,snd_sof_intel_hda_common,snd_sof_intel_hda_generic
intel_rapl_msr 20480  0
snd_sof_intel_hda  20480  2
snd_sof_intel_hda_common,snd_sof_intel_hda_generic
intel_rapl_common  49152  1 intel_rapl_msr
snd_sof_pci24576  2 snd_sof_intel_hda_generic,snd_sof_pci_intel_skl
intel_uncore_frequency12288  0
snd_sof_xtensa_dsp 16384  1 snd_sof_intel_hda_generic
intel_uncore_frequency_common16384  1 intel_uncore_frequency
rfcomm102400  6
snd_sof   372736  5
snd_sof_pci,snd_sof_intel_hda_common,snd_sof_intel_hda_generic,snd_sof_i
ntel_hda,snd_sof_pci_intel_skl
cmac   12288  3
algif_hash 12288  1
algif_skcipher 12288  1
x86_pkg_temp_thermal16384  0
af_alg 32768  6 algif_hash,algif_skcipher
intel_powerclamp   16384  0
bnep   36864  2
kvm_intel 413696  0
snd_sof_utils  16384  1 snd_sof
soundwire_bus 114688  3
soundwire_intel,soundwire_generic_allocation,soundwire_cadence
snd_soc_avs   208896  0
snd_soc_hda_codec  24576  1 snd_soc_avs
snd_hda_codec_hdmi 90112  1
kvm  1343488  1 kvm_intel
snd_soc_skl   204800  0
snd_soc_hdac_hda   28672  2 snd_sof_intel_hda_common,snd_soc_skl
snd_hda_ext_core   36864  7
snd_soc_avs,snd_soc_hda_codec,snd_sof_intel_hda_common,snd_soc_hdac_hda,
snd_sof_intel_hda_mlink,snd_soc_skl,snd_sof_intel_hda
ath10k_pci 53248  0
snd_soc_sst_ipc20480  1 snd_soc_skl
snd_ctl_led24576  0
snd_soc_sst_dsp45056  1 snd_soc_skl
ath10k_core   532480  1 ath10k_pci
snd_soc_acpi_intel_match   106496  3
snd_sof_intel_hda_generic,snd_soc_skl,snd_sof_pci_intel_skl
snd_soc_acpi   16384  3
snd_soc_acpi_intel_match,snd_sof_intel_hda_generic,snd_soc_skl
snd_hda_codec_realtek   208896  1
snd_soc_core  413696  7
snd_soc_avs,snd_soc_hda_codec,soundwire_intel,snd_sof,snd_sof_intel_hda_
common,snd_soc_hdac_hda,snd_soc_skl
snd_hda_codec_generic   114688  1 snd_hda_codec_realtek
snd_hda_scodec_component20480  1 snd_hda_codec_realtek
ghash_clmulni_intel16384  0
sha512_ssse3   53248  0
ath36864  1 ath10k_core
sha256_ssse3   32768  0
snd_compress   28672  2 snd_soc_avs,snd_soc_core
sha1_ssse3 32768  0
uvcvideo  147456  0
snd_pcm_dmaengine  16384  1 snd_soc_core
videobuf2_vmalloc  20480  1 uvcvideo
snd_hda_intel  61440  5
mac80211 1396736  1 ath10k_core
btusb  86016  0
uvc12288  1 uvcvideo
videobuf2_memops   16384  1 videobuf2_vmalloc
aesni_intel   364544  8
snd_intel_dspcfg   36864  6
snd_soc_avs,snd_hda_intel,snd_sof,snd_sof_intel_hda_common,snd_sof_intel
_hda_generic,snd_soc_skl
snd_intel_sdw_acpi 16384  2 snd_intel_dspcfg,snd_sof_intel_hda_generic
videobuf2_v4l2 36864  1 uvcvideo
btrtl  32768  1 btusb
binfmt_misc28672  1
snd_hda_codec 212992  9
snd_hda_codec_generic,snd_soc_avs,snd_hda_codec_hdmi,snd_soc_hda_codec,s
nd_hda_intel,snd_hda_codec_realtek,snd_soc_hdac_hda,snd_soc_skl,snd_sof_intel_hda
btintel69632  1 btusb
mei_hdcp   28672  0
mei_pxp16384  0
crypto_simd16384  1 aesni_intel
btbcm  24576  1 btusb
libarc4

Re: [SOLVED] Re: Creating PDF/A from LaTeX source and from existing PDF

[Max Nikulin]

On 10/07/2024 15:37, Ceppo wrote:

but I couldn't build a working gs command.

[...]

[1]: https://github.com/qpdf/qpdf/issues/85


There is a link to gs arguments

[SOLVED] Re: Creating PDF/A from LaTeX source and from existing PDF

[Ceppo]

On Mon, Jul 08, 2024 at 05:20:57PM GMT, Jeffrey Walton wrote:
> The pdf-linter I use to verify a pdf document is qpdf,
> . It is available on most distributions,
> including Debian, Fedora and Red Hat.
>
> The command to check the document is `qpdf --check `.

This command doesn't show me any info abouy PDF/A compliance. man says it
"merely checks that the PDF file is syntactically valid".

> > I will also probably have to upload under the same requirement some
> > third-party PDF, which is not PDF/A, without access to an editable version.
> > Is there a way to convert them to PDF/A? I know that converting from an
> > editable version would be the correct way for this, but I have no real way
> > to get it.
>
> qpdf may provide this functionality, but I have never used it.

[1] says PDF/A conversion is out of scope for the library. However, [2] pointed
me to ocrmypdf and this command produces a valid PDF/A-1b file:

ocrmypdf --output-type pdfa-1 --tesseract-timeout=0 --skip-text \
input.pdf output.pdf

Another comment pointed out this relies on ghostscript, but I couldn't build a
working gs command. I will try harder as soon as I have some free time. Anyway
I have my conversion tool now, and I'm happy with it.

As a short summary of this thread outcome, I can:

- compile with `pdflatex` as usual
- convert to PDF/A with the `ocrmypdf` command above (probably not the most
  clean way, but it works)
- validate with veraPDF

Thanks everyone for your help, it was higly appreciated even when it didn't
work as expected!


[1]: https://github.com/qpdf/qpdf/issues/85
[2]: https://github.com/qpdf/qpdf/issues/85#issuecomment-1278055568


--
Ceppo


signature.asc
Description: PGP signature

Re: Creating PDF/A from LaTeX source and from existing PDF

[Jeffrey Walton]

On Mon, Jul 8, 2024 at 5:56 PM Ceppo  wrote:
>
> On Wed, Jul 03, 2024 at 06:38:51PM GMT, Richard wrote:
> > From LaTeX, this is quite simple, there's a package for that - as for pretty
> > much everything in the LaTeX world. Googling for just like 10 sec could have
> > given you this great guide: https://webpages.tuni.fi/latex/pdfa-guide.pdf
>
> I did my research and found the document you linked. In fact it's what pointed
> me to the pdfx LaTeX package, but I couldn't make it work. I acknowledge I
> missed its reference to veraPDF, though.
>
> > gs -dQUIET -dUseCIEColor -sProcessColorModel=DeviceCMYK -sDEVICE=pdfwrite
> > -dPDFACompatibilityPolicy=1 -dCompressFonts=true -dSubsetFonts=true
> > -sFONTPATH=/usr/share/fonts/ -o  
>
> The output isn't accepted by veraPDF, either. I will try to understand
> something more about ghostscript.

Have a look at . It discusses
some of the finer points of PDF/A conversion in the comments, like
color spaces.

Jeff

Re: Creating PDF/A from LaTeX source and from existing PDF

[Jeffrey Walton]

On Wed, Jul 3, 2024 at 12:13 PM Ceppo  wrote:
>
> I wrote a report with LaTeX, and afterwards discovered it must be
> PDF/A-compliant - which wasn't. I found the pdfx LaTeX package and followed 
> its
> instructions, thus obtaining a file that should be PDF/A and pdfinfo 
> identifies
> as such, but my employer's upload form thinks isn't. Is pdfinfo reliable 
> enough
> that I can tell my employer his form is broken? If not, how can I make sure
> that pdflatex's output is actually PDF/A-compliant?

The pdf-linter I use to verify a pdf document is qpdf,
. It is available on most distributions,
including Debian, Fedora and Red Hat.

The command to check the document is `qpdf --check `.

> I will also probably have to upload under the same requirement some 
> third-party
> PDF, which is not PDF/A, without access to an editable version. Is there a way
> to convert them to PDF/A? I know that converting from an editable version 
> would
> be the correct way for this, but I have no real way to get it.

qpdf may provide this functionality, but I have never used it. From
the project's description: "qpdf is a command-line tool and C++
library that performs content-preserving transformations on PDF files.
It supports linearization, encryption, and numerous other features. It
can also be used for splitting and merging files, creating PDF files
(but you have to supply all the content yourself), and inspecting
files for study or analysis."

Another tool I would look at is GhostScript. It looks like it can
convert to PDF/A: .

> A requirement of any solution is that it doesn't rely on non-DFSG-compliant
> software, including online conversion tools.

Jeff

Re: Creating PDF/A from LaTeX source and from existing PDF

[Ceppo]

On Wed, Jul 03, 2024 at 11:15:51AM GMT, Henning Follmann wrote:
> On Wed, Jul 03, 2024 at 01:06:56PM +, Ceppo wrote:
> > A requirement of any solution is that it doesn't rely on non-DFSG-compliant
> > software, including online conversion tools.
>
> Please looks at this thread at StackExchange. I found that to be very
> helpful.
> https://tex.stackexchange.com/questions/130201/pdf-a-with-hyperref-on-tex-live-2013/136653#136653
>
> Please let me know how it works out for you.

Hello.
Thanks for pointing to the thread, but the solution isn't suitable for me. I
need a solution that does not rely on non-DFSG-compliant software, but the
first step requires to use a file from a zip archive [1] with a license that
explicitly forbids to modify and sell it.


[1]: http://www.eci.org/_media/downloads/icc_profiles_from_eci/ecirgbv20.zip


--
Ceppo


signature.asc
Description: PGP signature

Re: Creating PDF/A from LaTeX source and from existing PDF

[Ceppo]

On Wed, Jul 03, 2024 at 03:36:17PM GMT, to...@tuxteam.de wrote:
> On Wed, Jul 03, 2024 at 01:06:56PM +, Ceppo wrote:
> > I wrote a report with LaTeX, and afterwards discovered it must be
> > PDF/A-compliant - which wasn't. I found the pdfx LaTeX package and followed
> > its instructions, thus obtaining a file that should be PDF/A and pdfinfo
> > identifies as such, but my employer's upload form thinks isn't [...]
>
> Uh-oh. We set the standards, but won't tell you what they are.

Well, in fact they did tell - they just did *after* I produced my report. But
yes, the workflow is very broken...

> Not concrete help, but the Wikipedia [1] makes for an interesting
> read (including refs to bunches of test suites you can throw at your
> publisher's site to find out where their validator is failing).

I read about Isartor Test Suite, but [1] says it checks if the validator
accepts non-compliant files, not if it rejects compliant files.

> And there seems to be a kind of semi-official validaror, according
> to the above ref.

I guess you mean veraPDF?


[1]: https://pdfa.org/resource/isartor-test-suite/


--
Ceppo


signature.asc
Description: PGP signature

Re: Creating PDF/A from LaTeX source and from existing PDF

[Ceppo]

On Wed, Jul 03, 2024 at 06:38:51PM GMT, Richard wrote:
> From LaTeX, this is quite simple, there's a package for that - as for pretty
> much everything in the LaTeX world. Googling for just like 10 sec could have
> given you this great guide: https://webpages.tuni.fi/latex/pdfa-guide.pdf

I did my research and found the document you linked. In fact it's what pointed
me to the pdfx LaTeX package, but I couldn't make it work. I acknowledge I
missed its reference to veraPDF, though.

> gs -dQUIET -dUseCIEColor -sProcessColorModel=DeviceCMYK -sDEVICE=pdfwrite
> -dPDFACompatibilityPolicy=1 -dCompressFonts=true -dSubsetFonts=true
> -sFONTPATH=/usr/share/fonts/ -o  

The output isn't accepted by veraPDF, either. I will try to understand
something more about ghostscript.


--
Ceppo


signature.asc
Description: PGP signature

Re: Creating PDF/A from LaTeX source and from existing PDF

[Ceppo]

On Wed, Jul 03, 2024 at 10:52:06PM GMT, y...@vienna.at wrote:
> Well, that is my way:

Thanks for providing your script. I tried it with one tweak:

> latex  .../Nix.tex  .../Nix.dvi
> dvips -o Nix.ps  Nix.pdf
   ^^^
I guess here you meant Nix.dvi...

> ps2pdf ... Nix.ps ... Nix.pdf
> chmod 755 script
> All works since many many years absolutly perfect, nothing else ever was is
> needed

However, the resulting PDF is not recognized as PDF/A by veraPDF. Have you
tested it with something else?


--
Ceppo


signature.asc
Description: PGP signature

Re: Creating PDF/A from LaTeX source and from existing PDF

[Ceppo]

On Wed, Jul 03, 2024 at 10:18:01AM GMT, Sarunas Burdulis wrote:
> pdfinfo probably only reads metadata, but does not do any PDF/A compliance
> validation.
>
> VeraPDF seems to work for validation (https://verapdf.org/software/).

I don't know about pdfinfo, but it looks like veraPDF at least agrees with my
contractor's form. Thanks for pointing me to it, it looks like now I have a
tool to check if my document is compliant.


--
Ceppo


signature.asc
Description: PGP signature

Re: Creating PDF/A from LaTeX source and from existing PDF

[Richard]

The first bit is just a warning, not an error. Of course, you could check
what has changed in v9.11 that makes this not recommended anymore. Maybe
they already handle it internally when you set -dPDFACompatibilityPolicy=1
and the old setting can interfere. But when the output of the validator
doesn't change, it's probably just meant as you don't need to specify this
anymore, we activate it ourselves.

Speaking of the validator, those look more like warnings too and not like
deal breakers. In the end, only you know what your contractor expects of
you. And if they don't even bother inspecting the result, this will be
irrelevant. After all, the only reason PDF/A exists is for archiving
reasons. It pretty much just throws out all the proprietary clutter from
the PDF standard. The important thing is that fonts are embedded to always
be able to display them correctly, and that it's specified how images and
other media are embedded. If your contractor expects more of you, they
should pay for the appropriate software.

Richard

PS: this isn't really meant for this, but you could install Scribus and try
to import the PDF there. It also has a validator similar to Adobes
Preflight. Maybe it can give you a more precise result. I'm not sure if it
even can output PDF/A, I only know that it does PDF/X, but maybe it can
even be used for better conversion to PDF/A. The last time I tried to
import a large PDF into Scribus it got kinda stuck, but it has evolved
since then and maybe it was a hardware limitation.

On Thu, Jul 4, 2024 at 4:38 AM Greg Marks  wrote:

> $gs -dQUIET -dUseCIEColor -sProcessColorModel=DeviceCMYK -sDEVICE=pdfwrite 
> -dPDFACompatibilityPolicy=1
> -dCompressFonts=true -dSubsetFonts=true -sFONTPATH=/usr/share/fonts/ -o
> new.pdf old.pdf
>
> [Gives warnings:
>
>GPL Ghostscript 10.00.0:
>
>Use of -dUseCIEColor detected!
>Since the release of version 9.11 of Ghostscript we recommend you do
> not set
>-dUseCIEColor with the pdfwrite/ps2write device family.]
>
> Uploading new.pdf to https://www.pdfforge.org/online/en/validate-pdfa
> produces report "The file is not a valid PDF/A document" with these
> details:
>
>ISO 19005-1:2005
>6.1.8
>The object number and generation number shall be separated
>by a single white-space character. The generation number
>and obj keyword shall be separated by a single white-space
>character. The object number and endobj keyword shall each be
>preceded by an EOL marker. The obj and endobj keywords shall
>each be followed by an EOL marker.
>
>ISO 19005-1:2005
>6.1.7
>The stream keyword shall be followed either by a CARRIAGE RETURN
>(0Dh) and LINE FEED (0Ah) character sequence or by a single
>LINE FEED character. The endstream keyword shall be preceded
>by an EOL marker
>
> Repeating with the flag -dUseCIEColor removed prevents the Ghostscript
> warnings but doesn't change the PDF/A validation result.
>
> Best regards,
> Greg Marks
>

Re: Creating PDF/A from LaTeX source and from existing PDF

[jeremy ardley]

On 4/7/24 11:10, Stefan Monnier wrote:

This might qualify as a bug in your MUA (it can make sense to require
a small font for some parts of the message, but it seems this style
applies to the whole message, which makes no sense), tho maybe it's due
to some particularity of your configuration, or of the way you use your
MUA's editor.



I use thunderbird and I usually remember to select Sending Format as 
text only when sending to lists. This should  always render correctly on 
any mua

Re: Creating PDF/A from LaTeX source and from existing PDF

[Stefan Monnier]

Hi Richard,

I don't see any problem because I'm reading this mailing-list from a MUA
that's mostly text-only and doesn't try to use variable-size fonts, but
looking at the HTML you send I see:

>  style="font-family:arial,helvetica,sans-serif;font-size:small">

repeated several times.  I have no idea why your MUA puts it there, but
I suspect that's the reason some of the readers here find your email's
messages to be hard to read: your mail specifically asks for
`font-size:small`.

This might qualify as a bug in your MUA (it can make sense to require
a small font for some parts of the message, but it seems this style
applies to the whole message, which makes no sense), tho maybe it's due
to some particularity of your configuration, or of the way you use your
MUA's editor.


Stefan

small font (was: Re: Creating PDF/A from LaTeX source and from existing PDF)

[Max Nikulin]

I am in doubts what is more rude:

On 04/07/2024 04:02, Richard wrote:

Please stop using such a dinky font. There are plenty of old farts
trying to read this list.


- writing this before an attempt to hijack the thread using an already 
discussed question,


Tell that to your mail program. If it chooses to show you the mail that 
way, don't blame me.


- insisting on an "industry standard" mail style


Tell that to your mail progra=


---^^^

Re: Creating PDF/A from LaTeX source and from existing PDF

[Max Nikulin]

On 04/07/2024 04:49, Greg Marks wrote:


$gs -dQUIET -dUseCIEColor -sProcessColorModel=DeviceCMYK -sDEVICE=pdfwrite 
-dPDFACompatibilityPolicy=1 -dCompressFonts=true -dSubsetFonts=true 
-sFONTPATH=/usr/share/fonts/ -o new.pdf old.pdf

[...]

The object number and generation number shall be separated
by a single white-space character. The generation number

[...]

The stream keyword shall be followed either by a CARRIAGE RETURN


I expect that pdftk and qpdf have their own serializers. I have no idea 
if they can transform a file to a PDF/A compliant document, but they 
might use proper separators.


Perhaps LaTeX documents require some tuning (metadata blocks, etc.). If 
you use pdflatex then I would try lualatex.

Re: Creating PDF/A from LaTeX source and from existing PDF

[Greg Marks]

> Now, for just random PDFs, this is a bit more tricky, but you can do so
> with ghostscript. Now, this sadly doesn't have such a great guide, but
> something like this should do the trick, though that's only PDF/A-1 for all
> I can tell. If your contractor needs a different version, you'll have to
> adapt it:
> 
> gs -dQUIET -dUseCIEColor -sProcessColorModel=DeviceCMYK -sDEVICE=pdfwrite
> -dPDFACompatibilityPolicy=1 -dCompressFonts=true -dSubsetFonts=true
> -sFONTPATH=/usr/share/fonts/ -o  

This does not seem to work.  For example:

$cd /tmp

$wget -O old.pdf https://arxiv.org/pdf/2406.18499

$gs -dQUIET -dUseCIEColor -sProcessColorModel=DeviceCMYK -sDEVICE=pdfwrite 
-dPDFACompatibilityPolicy=1 -dCompressFonts=true -dSubsetFonts=true 
-sFONTPATH=/usr/share/fonts/ -o new.pdf old.pdf

[Gives warnings: 

   GPL Ghostscript 10.00.0:

   Use of -dUseCIEColor detected!
   Since the release of version 9.11 of Ghostscript we recommend you do not set
   -dUseCIEColor with the pdfwrite/ps2write device family.]

Uploading new.pdf to https://www.pdfforge.org/online/en/validate-pdfa
produces report "The file is not a valid PDF/A document" with these
details:

   ISO 19005-1:2005
   6.1.8
   The object number and generation number shall be separated
   by a single white-space character. The generation number
   and obj keyword shall be separated by a single white-space
   character. The object number and endobj keyword shall each be
   preceded by an EOL marker. The obj and endobj keywords shall
   each be followed by an EOL marker.

   ISO 19005-1:2005
   6.1.7
   The stream keyword shall be followed either by a CARRIAGE RETURN
   (0Dh) and LINE FEED (0Ah) character sequence or by a single
   LINE FEED character. The endstream keyword shall be preceded
   by an EOL marker

Repeating with the flag -dUseCIEColor removed prevents the Ghostscript
warnings but doesn't change the PDF/A validation result.

Best regards,
Greg Marks


signature.asc
Description: PGP signature

Re: Creating PDF/A from LaTeX source and from existing PDF

[Richard]

Well, guess what, I haven't done anything to change the way messages look.
The only settings I ever change is how they are displayed to me. And never
has anyone ever had an issue with that, in many years. Probably because
other people are just not using unusable software. And quite frankly,
punishing the ignorant for their ignorance is the best policy there is. If
you go out of your way to make life as difficult as possible for yourself,
that's your issue. Don't make it everybody else's issue. Quit whining and
learn how to search the internet for solutions first. The chance that
you're the first to ask such basic questions is pretty much not existent.
And if you refuse to learn, that's up to you. But then you didn't learn
live's biggest lesson, you never stop learning.

And with that I'm ending this ridiculous discussions, this has gone far
enough off-topic.

Best

On Wed, Jul 3, 2024 at 11:12 PM Greg Wooledge  wrote:

> That said, I wonder *why* you would go out of your way to make your
> messages harder to read for people who don't know how to activate every
> single feature of their MUA.
>

Re: Creating PDF/A from LaTeX source and from existing PDF

[Greg Wooledge]

On Wed, Jul 03, 2024 at 23:02:16 +0200, Richard wrote:
> >
> > Please stop using such a dinky font. There are plenty of old farts trying
> > to read this list.
> 
> Tell that to your mail program. If it chooses to show you the mail that
> way, don't blame me. Everything needed to display it any way you want is
> there, it just needs to be used. Thunderbird can define a minimum text size
> and refuse messages to use their own font. If your archaic software doesn't
> do basics, blame the dev - or better yet yourself, as the choice is yours.

I never saw any problem, as my terminal-based MUA renders your text/plain
part just fine.  I didn't even know you were posting multi-part messages
until someone complained about the font size.

That said, I wonder *why* you would go out of your way to make your
messages harder to read for people who don't know how to activate every
single feature of their MUA.  It would be a good policy to make your
messages as easy to read as possible, for as many people as possible,
by default.

If you're simply punishing the ignorant for their ignorance, well, that
seems a bit spiteful.

Re: Creating PDF/A from LaTeX source and from existing PDF

[Richard]

>
> Please stop using such a dinky font. There are plenty of old farts trying
> to read this list.

Tell that to your mail program. If it chooses to show you the mail that
way, don't blame me. Everything needed to display it any way you want is
there, it just needs to be used. Thunderbird can define a minimum text size
and refuse messages to use their own font. If your archaic software doesn't
do basics, blame the dev - or better yet yourself, as the choice is yours.

And the other part is its own thread. I've commented everything I know.
Just redo your book as native ePub, there's no way around it. If you want
to find shortcuts, you'll have to do your own research, even beyond Linux
there probably is no piece of software that can do what you are looking
for. But on the other hand, I'd never have expected ghostscript - or to be
more precise GhostPDL, if I'm not mistaken - to be able to handle
Microsoft's rubbish XPS format and convert that to a proper PDF. So who
knows? Instead of going on other people's nerves with an unsolvable issue,
put those questions into the search machine of your choice. Maybe it will
be more competent than your mail program.

Richard

Am Mi., 3. Juli 2024 um 21:20 Uhr schrieb Van Snyder <
van.sny...@sbcglobal.net>:

> On Wed, 2024-07-03 at 18:38 +0200, Richard wrote:
>
> For anything further, you'll have to research yourself as ghostscript is
> very complex but used by many people.
>
>
> Please stop using such a dinky font. There are plenty of old farts trying
> to read this list.
>
>
> Can ghostscript convert a PDF generated by pdflatex to ePub or mobi?
>
> Calibre made a mess, especially of tables. E-mailing it to my Kindle
> account with "convert" in the subject line made a mess. Tools to convert
> LaTeX to html in the hope of ultimately getting to ePub or mobi utterly
> failed, so I don't know whether they in the end would have made a mess.
>
>

Re: Creating PDF/A from LaTeX source and from existing PDF

[Van Snyder]

On Wed, 2024-07-03 at 15:31 -0400, e...@gmx.us wrote:
> On 7/3/24 15:20, Van Snyder wrote:
> > On Wed, 2024-07-03 at 18:38 +0200, Richard wrote:
> > > For anything further, you'll have to research yourself as
> > > ghostscript
> > > is very complex but used by many people.
> > 
> > Please stop using such a dinky font.
> 
> That's what ctrl-shift-+ is for.

Yeah, those of us who have been at this for a decade or two know that.
But it makes everything else so large that it doesn't fit anymore, even
at full screen, on my laptop.

Re: Creating PDF/A from LaTeX source and from existing PDF

[eben]

On 7/3/24 15:20, Van Snyder wrote:

On Wed, 2024-07-03 at 18:38 +0200, Richard wrote:

For anything further, you'll have to research yourself as ghostscript
is very complex but used by many people.


Please stop using such a dinky font.


That's what ctrl-shift-+ is for.

Re: Creating PDF/A from LaTeX source and from existing PDF

[Van Snyder]

On Wed, 2024-07-03 at 18:38 +0200, Richard wrote:
> For anything further, you'll have to research yourself as ghostscript
> is very complex but used by many people.

Please stop using such a dinky font. There are plenty of old farts
trying to read this list.


Can ghostscript convert a PDF generated by pdflatex to ePub or mobi?

Calibre made a mess, especially of tables. E-mailing it to my Kindle
account with "convert" in the subject line made a mess. Tools to
convert LaTeX to html in the hope of ultimately getting to ePub or mobi
utterly failed, so I don't know whether they in the end would have made
a mess.

Re: Creating PDF/A from LaTeX source and from existing PDF

[Richard]

>From LaTeX, this is quite simple, there's a package for that - as for
pretty much everything in the LaTeX world. Googling for just like 10 sec
could have given you this great guide:
https://webpages.tuni.fi/latex/pdfa-guide.pdf

Now, for just random PDFs, this is a bit more tricky, but you can do so
with ghostscript. Now, this sadly doesn't have such a great guide, but
something like this should do the trick, though that's only PDF/A-1 for all
I can tell. If your contractor needs a different version, you'll have to
adapt it:

gs -dQUIET -dUseCIEColor -sProcessColorModel=DeviceCMYK -sDEVICE=pdfwrite
-dPDFACompatibilityPolicy=1 -dCompressFonts=true -dSubsetFonts=true
-sFONTPATH=/usr/share/fonts/ -o  

Now, one common thing that can happen is that you don't have the necessary
fonts installed (I'm using the system-wide fonts path here, but you can
also set any other path) so the result would look off. In that case, you
could just convert the fonts into outlines, which will make text
machine-unreadable and the file much bigger. For that,
replavce "-dCompressFonts=true -dSubsetFonts=true
-sFONTPATH=/usr/share/fonts/" with "-dNoOutputFonts". Since I'm not
completely certain about ghostscripts defaults, you can also add
"-dDownsampleMonoImages=false -dDownsampleGrayImages=false
-dDownsampleColorImages=false" to make sure the images stay otherwise
unchanged.

For anything further, you'll have to research yourself as ghostscript is
very complex but used by many people.

Best
Richard

Re: Creating PDF/A from LaTeX source and from existing PDF

[tomas]

On Wed, Jul 03, 2024 at 11:05:59AM -0400, Henning Follmann wrote:
> On Wed, Jul 03, 2024 at 03:36:17PM +0200, to...@tuxteam.de wrote:

[...]

> > Uh-oh. We set the standards, but won't tell you what they are.
> 
> But they did! They say PDF/A. But you have a point that this maybe is
> not enough. Which version of PDF/A are we talking about?

Don't get me wrong. The idea of PDF/A is great, the idea of using it
is too... but judging by the Wikipedia entry, the actual implementation
seems to be a mess, with several "levels", one semi-official validator
and a whole bunch of pairwise incompatible validators.

So just specifying PDF/A sounds like a sadistic torture coming out of
Catbert's Evil Human Resources Department :-)

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: Creating PDF/A from LaTeX source and from existing PDF

[Henning Follmann]

On Wed, Jul 03, 2024 at 01:06:56PM +, Ceppo wrote:
> I wrote a report with LaTeX, and afterwards discovered it must be
> PDF/A-compliant - which wasn't. I found the pdfx LaTeX package and followed 
> its
> instructions, thus obtaining a file that should be PDF/A and pdfinfo 
> identifies
> as such, but my employer's upload form thinks isn't. Is pdfinfo reliable 
> enough
> that I can tell my employer his form is broken? If not, how can I make sure
> that pdflatex's output is actually PDF/A-compliant?
> 
> I will also probably have to upload under the same requirement some 
> third-party
> PDF, which is not PDF/A, without access to an editable version. Is there a way
> to convert them to PDF/A? I know that converting from an editable version 
> would
> be the correct way for this, but I have no real way to get it.
> 
> A requirement of any solution is that it doesn't rely on non-DFSG-compliant
> software, including online conversion tools.
> 
> Thanks for any help.
> 

I did research a bit. It is possible to create a PDF/A compliant
document from LaTeX. It looks like you have to do some work though.

Please looks at this thread at StackExchange. I found that to be very
helpful.
https://tex.stackexchange.com/questions/130201/pdf-a-with-hyperref-on-tex-live-2013/136653#136653

Please let me know how it works out for you.

-H


-- 
Henning Follmann   | hfollm...@itcfollmann.com

Re: Creating PDF/A from LaTeX source and from existing PDF

[Henning Follmann]

On Wed, Jul 03, 2024 at 03:36:17PM +0200, to...@tuxteam.de wrote:
> On Wed, Jul 03, 2024 at 01:06:56PM +, Ceppo wrote:
> > I wrote a report with LaTeX, and afterwards discovered it must be
> > PDF/A-compliant - which wasn't. I found the pdfx LaTeX package and followed 
> > its
> > instructions, thus obtaining a file that should be PDF/A and pdfinfo 
> > identifies
> > as such, but my employer's upload form thinks isn't [...]
> 
> Uh-oh. We set the standards, but won't tell you what they are.

But they did! They say PDF/A. But you have a point that this maybe is
not enough. Which version of PDF/A are we talking about?

In general the policy is most likely a good one, because PDF/A gives you
certain guarantees (e.g. That the document renders consistently to the
same printed output, even years after archiving).

> 
> > Thanks for any help.
> 
> Not concrete help, but the Wikipedia [1] makes for an interesting
> read (including refs to bunches of test suites you can throw at your
> publisher's site to find out where their validator is failing).
> 
> And there seems to be a kind of semi-official validaror, according
> to the above ref.

I never tried to generate PDF/A from LaTeX but I am sure it is possible.
By default it would not include any javascript and IIRC it embeds the
font.

> 
> Cheers
> 
> [1] https://en.wikipedia.org/wiki/PDF/A
> -- 
> t



-- 
Henning Follmann   | hfollm...@itcfollmann.com

Re: Creating PDF/A from LaTeX source and from existing PDF

[Sarunas Burdulis]

On 7/3/24 09:06, Ceppo wrote:

I wrote a report with LaTeX, and afterwards discovered it must be
PDF/A-compliant - which wasn't. I found the pdfx LaTeX package and followed its
instructions, thus obtaining a file that should be PDF/A and pdfinfo identifies
as such, but my employer's upload form thinks isn't. Is pdfinfo reliable enough
that I can tell my employer his form is broken? If not, how can I make sure
that pdflatex's output is actually PDF/A-compliant?


pdfinfo probably only reads metadata, but does not do any PDF/A 
compliance validation.


VeraPDF seems to work for validation (https://verapdf.org/software/).

--
Sarunas Burdulis
Dartmouth Mathematics
math.dartmouth.edu/~sarunas

· https://useplaintext.email ·



OpenPGP_signature.asc
Description: OpenPGP digital signature

Re: Creating PDF/A from LaTeX source and from existing PDF

[tomas]

On Wed, Jul 03, 2024 at 01:06:56PM +, Ceppo wrote:
> I wrote a report with LaTeX, and afterwards discovered it must be
> PDF/A-compliant - which wasn't. I found the pdfx LaTeX package and followed 
> its
> instructions, thus obtaining a file that should be PDF/A and pdfinfo 
> identifies
> as such, but my employer's upload form thinks isn't [...]

Uh-oh. We set the standards, but won't tell you what they are.

> Thanks for any help.

Not concrete help, but the Wikipedia [1] makes for an interesting
read (including refs to bunches of test suites you can throw at your
publisher's site to find out where their validator is failing).

And there seems to be a kind of semi-official validaror, according
to the above ref.

Cheers

[1] https://en.wikipedia.org/wiki/PDF/A
-- 
t


signature.asc
Description: PGP signature

Creating PDF/A from LaTeX source and from existing PDF

[Ceppo]

I wrote a report with LaTeX, and afterwards discovered it must be
PDF/A-compliant - which wasn't. I found the pdfx LaTeX package and followed its
instructions, thus obtaining a file that should be PDF/A and pdfinfo identifies
as such, but my employer's upload form thinks isn't. Is pdfinfo reliable enough
that I can tell my employer his form is broken? If not, how can I make sure
that pdflatex's output is actually PDF/A-compliant?

I will also probably have to upload under the same requirement some third-party
PDF, which is not PDF/A, without access to an editable version. Is there a way
to convert them to PDF/A? I know that converting from an editable version would
be the correct way for this, but I have no real way to get it.

A requirement of any solution is that it doesn't rely on non-DFSG-compliant
software, including online conversion tools.

Thanks for any help.


--
Ceppo


signature.asc
Description: PGP signature

Re: Debian/Xen on ARM: How to identify source of an unhandled SMC call during boot?

[Paul Leiber]

Am 31.01.2024 um 23:12 schrieb Tixy:

On Wed, 2024-01-31 at 21:59 +0100, hw wrote:

On Wed, 2024-01-31 at 08:02 +0100, Paul Leiber wrote:

Am 25.01.2024 um 22:28 schrieb Paul Leiber:
[...]

Some people on xen-devel pointed out to me two unhandled SMC calls in
the boot logs which could be the root of the problem. I am now trying to
find out where these calls come from to get closer to the root cause.
The suspected calls are the following ones:

(XEN) d0v0 Unhandled SMC/HVC: 0x8450
(XEN) d0v0 Unhandled SMC/HVC: 0x8600ff01

These calls happen during the Dom0 boot process, so it's something from
inside Linux and nothing Xen related, I've been told. The current
working hypothesis is that the calls are trying to find some module not
emulated by Xen and are therefore failing, leading to Linux waiting for
the reply, and subsequently to the Xen watchdog triggering and rebooting.

  From what I could find out in ARM documentation, the unhandled SMC
calls probably have the following purpose:

0x8450 = TRNG_VERSION, returns the implemented TRNG (True Random
Number Generator) ABI version [2]
0x8600ff01 = Call UID Query for Vendor Specific Hypervisor Service,
Returns a unique identifier of the service provider [3]

The more likely cause is the second call to the address 0x8600ff01.

Now I simply have no idea how to find out where in the Linux boot
process these calls are made. I tried poking into the Linux sources a
bit, and I couldn't find an exact match for these call addresses, so I
assume these addresses are assembled from different parts. There are
some matches for "0x8600" and for "ff01", but I couldn't identify if
these matches are relevant.

I tried to find out if strace could help, but from what I understand,
this is related to commands coming from userspace, so I am not sure that
strace helps during the boot process.

I'd appreciate it if somebody more knowledgeable would point me in the
right direction. If more information is needed, I can provide it.


I would search for the message 'Unhandled SMC/HVC' itself, or even for
'Unhandled', not for the address.  The address is probably determined
at runtime and not hardcoded.


I sure those hex values aren't 'addresses' but the ID's for the secure
monitor calls Paul already identified.

Looking at the Linux sources I found the header for constructing these
monitor calls: include/linux/arm-smccc.h

So it might be worth looking at the files that include that. There are
various drivers for firmware, and a watchdog driver amongst other
things... drivers/watchdog/arm_smc_wdt.c



That was spot on, I think. In include/linux/arm-smccc.h, the SMC calls 
are constructed, therefore it is not possible to find the IDs with a 
simple search in the sourcecode.


(For completeness' sake: I also found out that Tianocore code is using 
the TRNG SMC call, but although Tianocore is being used for the boot 
process, I think that the linux code is more likely to be the cause of 
the above errors. [1])


The first ID 0x8450 is used for defining the constant 
ARM_SMCCC_TRNG_VERSION, the second ID 0x8600ff01 is used for the 
constant ARM_SMCCC_VENDOR_HYP_CALL_UID_FUNC_ID.


As suggested, I'll try to find relevant sourcecode that includes 
linux/arm-smccc.h.


What's irritating me is that the whole problem only appears when having 
two VLANs and traffic on a VLAN. I assume this means that some code 
related to VLANs is relying on information from one of those calls and 
therefore fails when the call is not answered. Could that be plausible?


Anyway, thank you for this information!


[1] 
https://github.com/tianocore/edk2/blob/master/ArmPkg/Include/IndustryStandard/ArmStdSmc.h#L165

Re: Debian/Xen on ARM: How to identify source of an unhandled SMC call during boot?

[Tixy]

On Wed, 2024-01-31 at 21:59 +0100, hw wrote:
> On Wed, 2024-01-31 at 08:02 +0100, Paul Leiber wrote:
> > Am 25.01.2024 um 22:28 schrieb Paul Leiber:
> > [...]
> > > Some people on xen-devel pointed out to me two unhandled SMC calls in 
> > > the boot logs which could be the root of the problem. I am now trying to 
> > > find out where these calls come from to get closer to the root cause. 
> > > The suspected calls are the following ones:
> > > 
> > > (XEN) d0v0 Unhandled SMC/HVC: 0x8450
> > > (XEN) d0v0 Unhandled SMC/HVC: 0x8600ff01
> > > 
> > > These calls happen during the Dom0 boot process, so it's something from 
> > > inside Linux and nothing Xen related, I've been told. The current 
> > > working hypothesis is that the calls are trying to find some module not 
> > > emulated by Xen and are therefore failing, leading to Linux waiting for 
> > > the reply, and subsequently to the Xen watchdog triggering and rebooting.
> > > 
> > >  From what I could find out in ARM documentation, the unhandled SMC 
> > > calls probably have the following purpose:
> > > 
> > > 0x8450 = TRNG_VERSION, returns the implemented TRNG (True Random 
> > > Number Generator) ABI version [2]
> > > 0x8600ff01 = Call UID Query for Vendor Specific Hypervisor Service, 
> > > Returns a unique identifier of the service provider [3]
> > > 
> > > The more likely cause is the second call to the address 0x8600ff01.
> > > 
> > > Now I simply have no idea how to find out where in the Linux boot 
> > > process these calls are made. I tried poking into the Linux sources a 
> > > bit, and I couldn't find an exact match for these call addresses, so I 
> > > assume these addresses are assembled from different parts. There are 
> > > some matches for "0x8600" and for "ff01", but I couldn't identify if 
> > > these matches are relevant.
> > > 
> > > I tried to find out if strace could help, but from what I understand, 
> > > this is related to commands coming from userspace, so I am not sure that 
> > > strace helps during the boot process.
> > > 
> > > I'd appreciate it if somebody more knowledgeable would point me in the 
> > > right direction. If more information is needed, I can provide it.
> 
> I would search for the message 'Unhandled SMC/HVC' itself, or even for
> 'Unhandled', not for the address.  The address is probably determined
> at runtime and not hardcoded.

I sure those hex values aren't 'addresses' but the ID's for the secure
monitor calls Paul already identified.

Looking at the Linux sources I found the header for constructing these
monitor calls: include/linux/arm-smccc.h

So it might be worth looking at the files that include that. There are
various drivers for firmware, and a watchdog driver amongst other
things... drivers/watchdog/arm_smc_wdt.c

-- 
Tixy

Re: Debian/Xen on ARM: How to identify source of an unhandled SMC call during boot?

[Paul Leiber]

Am 31.01.2024 um 19:07 schrieb Andrew M.A. Cater:

On Wed, Jan 31, 2024 at 08:02:47AM +0100, Paul Leiber wrote:

Am 25.01.2024 um 22:28 schrieb Paul Leiber:


Paul

[1]
https://lists.xenproject.org/archives/html/xen-devel/2023-10/msg00796.html
[2] https://developer.arm.com/documentation/den0098/latest/
[3] https://documentation-service.arm.com/static/628b755ce3c4322a76af56de?token=



Hm, no reply so far. Is this maybe the wrong list? Should I post this rather
somewhere else?

Paul



debian-arm / OFTC IRC #debian-arm or #debian-raspberrypi

Xen in Debian is team maintained, I think, but many people have moved
away from Xen in favour of other virtualisation/paravirtualisation
solutions and containers.

All the very best, as ever,

Andy
(amaca...@debian.org)


Thank you for the reply, Andy. I'll try my luck there.

Paul

Re: Debian/Xen on ARM: How to identify source of an unhandled SMC call during boot?

[hw]

On Wed, 2024-01-31 at 08:02 +0100, Paul Leiber wrote:
> Am 25.01.2024 um 22:28 schrieb Paul Leiber:
> > Dear Debian user list members,
> > 
> > I am trying to run network related stuff (Samba, Zabbix) on a Raspberry 
> > Pi 4B in a virtualized environment using Debian Bookworm and Xen. I am 
> > running into reproducible complete system crashes/reboots due to a Xen 
> > watchdog triggering under certain, seemingly strange conditions (the 

Raspberry Pis have a watchdog?

Maybe disable the watchdog and see what happens?

> > number of VLANs involved seems to play a role, running tcpdump on 
> > certain interfaces prevents this issue, ...). If you are interested in 
> > the long version, you can find it here [1].
> > 
> > Some people on xen-devel pointed out to me two unhandled SMC calls in 
> > the boot logs which could be the root of the problem. I am now trying to 
> > find out where these calls come from to get closer to the root cause. 
> > The suspected calls are the following ones:
> > 
> > (XEN) d0v0 Unhandled SMC/HVC: 0x8450
> > (XEN) d0v0 Unhandled SMC/HVC: 0x8600ff01
> > 
> > These calls happen during the Dom0 boot process, so it's something from 
> > inside Linux and nothing Xen related, I've been told. The current 
> > working hypothesis is that the calls are trying to find some module not 
> > emulated by Xen and are therefore failing, leading to Linux waiting for 
> > the reply, and subsequently to the Xen watchdog triggering and rebooting.
> > 
> >  From what I could find out in ARM documentation, the unhandled SMC 
> > calls probably have the following purpose:
> > 
> > 0x8450 = TRNG_VERSION, returns the implemented TRNG (True Random 
> > Number Generator) ABI version [2]
> > 0x8600ff01 = Call UID Query for Vendor Specific Hypervisor Service, 
> > Returns a unique identifier of the service provider [3]
> > 
> > The more likely cause is the second call to the address 0x8600ff01.
> > 
> > Now I simply have no idea how to find out where in the Linux boot 
> > process these calls are made. I tried poking into the Linux sources a 
> > bit, and I couldn't find an exact match for these call addresses, so I 
> > assume these addresses are assembled from different parts. There are 
> > some matches for "0x8600" and for "ff01", but I couldn't identify if 
> > these matches are relevant.
> > 
> > I tried to find out if strace could help, but from what I understand, 
> > this is related to commands coming from userspace, so I am not sure that 
> > strace helps during the boot process.
> > 
> > I'd appreciate it if somebody more knowledgeable would point me in the 
> > right direction. If more information is needed, I can provide it.

I would search for the message 'Unhandled SMC/HVC' itself, or even for
'Unhandled', not for the address.  The address is probably determined
at runtime and not hardcoded.

Do you get better results with qemu/kvm?  Xen is more like 'hmm' than
anything else.

Re: Debian/Xen on ARM: How to identify source of an unhandled SMC call during boot?

[Andrew M.A. Cater]

On Wed, Jan 31, 2024 at 08:02:47AM +0100, Paul Leiber wrote:
> Am 25.01.2024 um 22:28 schrieb Paul Leiber:
> > 
> > Paul
> > 
> > [1]
> > https://lists.xenproject.org/archives/html/xen-devel/2023-10/msg00796.html
> > [2] https://developer.arm.com/documentation/den0098/latest/
> > [3] 
> > https://documentation-service.arm.com/static/628b755ce3c4322a76af56de?token=
> > 
> 
> Hm, no reply so far. Is this maybe the wrong list? Should I post this rather
> somewhere else?
> 
> Paul
>

debian-arm / OFTC IRC #debian-arm or #debian-raspberrypi

Xen in Debian is team maintained, I think, but many people have moved
away from Xen in favour of other virtualisation/paravirtualisation
solutions and containers.

All the very best, as ever,

Andy
(amaca...@debian.org) 

Re: Debian/Xen on ARM: How to identify source of an unhandled SMC call during boot?

[Paul Leiber]

Am 25.01.2024 um 22:28 schrieb Paul Leiber:

Dear Debian user list members,

I am trying to run network related stuff (Samba, Zabbix) on a Raspberry 
Pi 4B in a virtualized environment using Debian Bookworm and Xen. I am 
running into reproducible complete system crashes/reboots due to a Xen 
watchdog triggering under certain, seemingly strange conditions (the 
number of VLANs involved seems to play a role, running tcpdump on 
certain interfaces prevents this issue, ...). If you are interested in 
the long version, you can find it here [1].


Some people on xen-devel pointed out to me two unhandled SMC calls in 
the boot logs which could be the root of the problem. I am now trying to 
find out where these calls come from to get closer to the root cause. 
The suspected calls are the following ones:


(XEN) d0v0 Unhandled SMC/HVC: 0x8450
(XEN) d0v0 Unhandled SMC/HVC: 0x8600ff01

These calls happen during the Dom0 boot process, so it's something from 
inside Linux and nothing Xen related, I've been told. The current 
working hypothesis is that the calls are trying to find some module not 
emulated by Xen and are therefore failing, leading to Linux waiting for 
the reply, and subsequently to the Xen watchdog triggering and rebooting.


 From what I could find out in ARM documentation, the unhandled SMC 
calls probably have the following purpose:


0x8450 = TRNG_VERSION, returns the implemented TRNG (True Random 
Number Generator) ABI version [2]
0x8600ff01 = Call UID Query for Vendor Specific Hypervisor Service, 
Returns a unique identifier of the service provider [3]


The more likely cause is the second call to the address 0x8600ff01.

Now I simply have no idea how to find out where in the Linux boot 
process these calls are made. I tried poking into the Linux sources a 
bit, and I couldn't find an exact match for these call addresses, so I 
assume these addresses are assembled from different parts. There are 
some matches for "0x8600" and for "ff01", but I couldn't identify if 
these matches are relevant.


I tried to find out if strace could help, but from what I understand, 
this is related to commands coming from userspace, so I am not sure that 
strace helps during the boot process.


I'd appreciate it if somebody more knowledgeable would point me in the 
right direction. If more information is needed, I can provide it.


Thanks,

Paul

[1] 
https://lists.xenproject.org/archives/html/xen-devel/2023-10/msg00796.html

[2] https://developer.arm.com/documentation/den0098/latest/
[3] 
https://documentation-service.arm.com/static/628b755ce3c4322a76af56de?token=




Hm, no reply so far. Is this maybe the wrong list? Should I post this 
rather somewhere else?


Paul

Debian/Xen on ARM: How to identify source of an unhandled SMC call during boot?

[Paul Leiber]

Dear Debian user list members,

I am trying to run network related stuff (Samba, Zabbix) on a Raspberry 
Pi 4B in a virtualized environment using Debian Bookworm and Xen. I am 
running into reproducible complete system crashes/reboots due to a Xen 
watchdog triggering under certain, seemingly strange conditions (the 
number of VLANs involved seems to play a role, running tcpdump on 
certain interfaces prevents this issue, ...). If you are interested in 
the long version, you can find it here [1].


Some people on xen-devel pointed out to me two unhandled SMC calls in 
the boot logs which could be the root of the problem. I am now trying to 
find out where these calls come from to get closer to the root cause. 
The suspected calls are the following ones:


(XEN) d0v0 Unhandled SMC/HVC: 0x8450
(XEN) d0v0 Unhandled SMC/HVC: 0x8600ff01

These calls happen during the Dom0 boot process, so it's something from 
inside Linux and nothing Xen related, I've been told. The current 
working hypothesis is that the calls are trying to find some module not 
emulated by Xen and are therefore failing, leading to Linux waiting for 
the reply, and subsequently to the Xen watchdog triggering and rebooting.


From what I could find out in ARM documentation, the unhandled SMC 
calls probably have the following purpose:


0x8450 = TRNG_VERSION, returns the implemented TRNG (True Random 
Number Generator) ABI version [2]
0x8600ff01 = Call UID Query for Vendor Specific Hypervisor Service, 
Returns a unique identifier of the service provider [3]


The more likely cause is the second call to the address 0x8600ff01.

Now I simply have no idea how to find out where in the Linux boot 
process these calls are made. I tried poking into the Linux sources a 
bit, and I couldn't find an exact match for these call addresses, so I 
assume these addresses are assembled from different parts. There are 
some matches for "0x8600" and for "ff01", but I couldn't identify if 
these matches are relevant.


I tried to find out if strace could help, but from what I understand, 
this is related to commands coming from userspace, so I am not sure that 
strace helps during the boot process.


I'd appreciate it if somebody more knowledgeable would point me in the 
right direction. If more information is needed, I can provide it.


Thanks,

Paul

[1] 
https://lists.xenproject.org/archives/html/xen-devel/2023-10/msg00796.html

[2] https://developer.arm.com/documentation/den0098/latest/
[3] 
https://documentation-service.arm.com/static/628b755ce3c4322a76af56de?token=

Version matching in kernel source and patch source?

[Scott Denlinger]

I'd like to try to compile my own kernel, using the realtime patch set. At
kernel.org, I see that the 6.6 kernel source is 6.6, but the 6.6 realtime
patch set is 6.6-rt12. Does that matter, or is it enough that both are
given as 6.6? Similarly, if I see that the 6.5 series is at 6.5.10 for the
kernel source at kernel.org, and the patch set is 6.5.2-rt8, is that an
issue, or do I always need to use patches which match the version numbering
completely? Thanks!

Scott Denlinger

Re: Linux source 6.1.38 with Debian patches

[Franco Martelli]

On 12/10/23 at 17:47, Michael Kjörling wrote:

On 12 Oct 2023 17:13 +0200, from martelli...@gmail.com (Franco Martelli):

The system seems rock solid with 6.1.38 so I'm looking for the Linux source
packages of the kernel 6.1.38 that is a previous kernel release of the
current stable distribution (maybe 12.1) does anybody know where can I find
it?


I think you want https://snapshot.debian.org/package/linux-signed-amd64/

More generally, start at https://tracker.debian.org/pkg/linux-signed-amd64
which is linked from https://packages.debian.org/bookworm/linux-image-amd64
as "developer information" in the right-hand side bar.



Thanks for your answer Michael,

No, I didn't find the whole kernel source code under 
"linux-signed-amd64". I don't know for what that files are useful for, 
however what I did was to search "linux-source-6.1" in the binary 
packages section of the [1] Debian snapshot homepage, the resulting page 
lists all 6.1 kernel sources packages.


[1] https://snapshot.debian.org/

--
Franco Martelli

Re: Linux source 6.1.38 with Debian patches

[Michael Kjörling]

On 12 Oct 2023 17:13 +0200, from martelli...@gmail.com (Franco Martelli):
> The system seems rock solid with 6.1.38 so I'm looking for the Linux source
> packages of the kernel 6.1.38 that is a previous kernel release of the
> current stable distribution (maybe 12.1) does anybody know where can I find
> it?

I think you want https://snapshot.debian.org/package/linux-signed-amd64/

More generally, start at https://tracker.debian.org/pkg/linux-signed-amd64
which is linked from https://packages.debian.org/bookworm/linux-image-amd64
as "developer information" in the right-hand side bar.

-- 
Michael Kjörling 🔗 https://michael.kjorling.se
“Remember when, on the Internet, nobody cared that you were a dog?”

Linux source 6.1.38 with Debian patches

[Franco Martelli]

Hi,

I've trouble with the 6.1.55 kernel version, my system had become 
unstable, I suspect that firefox-esr doesn't work properly with nouveau 
driver or vice-versa.
I've compiled the kernel of the 6.1.38 time ago and I've installed the 
resulting package so now I have the kernel installed but no longer the 
package (I deleted it after installation... big mistake).


The system seems rock solid with 6.1.38 so I'm looking for the Linux 
source packages of the kernel 6.1.38 that is a previous kernel release 
of the current stable distribution (maybe 12.1) does anybody know where 
can I find it?


Thanks in advance, kind regards
--
Franco Martelli

Re: How to install the kernel 5.4.14 (source and headers) packages on Debian buster.

[Dominique Dumont]

On Friday, 1 September 2023 13:16:31 CEST Mario Marietto wrote:
> Hello to everyone.
> 
> I've just installed Debian Buster on my ARM Chromebook,using this image :
> 
> https://github.com/hexdump0815/imagebuilder/releases?page=12
> 
> He says that the image is based on the kernel 5.4 and it is. Infact the
> default running kernel is 5.4.14. But for the project that I'm working on,I
> also need to install the linux source and the headers packages for the same
> kernel (5.4.14),but unfortunately,between the packages I only see versions
> 4.19 and 5.10. Is there a method to install the sources and headers
> packages also for the kernel 5.4.14 ?

You can try to find the relevant package in snapshot.debian.org.

According to linux-image changelog:

linux (5.4.19-1) unstable; urgency=medium

  * New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.14
- [arm64,armhf] soc: amlogic: meson-ee-pwrc: propagate PD provider
  registration errors

You're looking for linux-headers-5.4.19

Note that hexdump0815/imagebuilder mentions ubuntu in its image version:  
odroid_xu4-armv7l-ubuntu.img.gz 

so I wonder if the Debian package will actually help there.

HTH

Re: How to install the kernel 5.4.14 (source and headers) packages on Debian buster.

[Mario Marietto]

Hello to everyone.

I'm trying to configure qemu 5.1 on Debian Buster on top of my ARM
chromebook,like this :

/configure --disable-werror --target-list=arm-softmmu --enable-opengl
--enable-gtk --enable-kvm --enable-guest-agent --enable-spice
--audio-drv-list="oss pa" --enable-libusb --enable-trace-backend=simple
--enable-debug --prefix=/usr/local

but I get the following error :

ERROR: User requested feature gtk ;
  configure was not able to find it.
  Install gtk3-devel

I tried to install the package libgtk-3-dev :

root@chromarietto:/home/marietto/Dati/virt/qemu-v5.1.0# apt-get install
libgtk-3-dev

but it won't be installed :

Reading package lists... Done
Building dependency tree
Reading state information... Done

Some packages could not be installed. This may mean that you have requested
an impossible situation or if you are using the unstable distribution that
some required packages have not yet been created or been moved out of
Incoming. The following information may help to resolve the situation:

The following packages have unmet dependencies :

libgtk-3-dev : Depends: libatk-bridge2.0-dev but it is not going to be
installed
   Depends: libatk1.0-dev (>= 2.15.1) but it is not going to be
installed
   Depends: libegl1-mesa-dev but it is not going to be
installed
   Depends: libepoxy-dev (>= 1.0) but it is not going to be
installed
E: Unable to correct problems, you have held broken packages.


Any suggestions to fix it ? thanks.

On Sat, Sep 2, 2023 at 5:10 AM Max Nikulin  wrote:

> On 02/09/2023 04:15, Mario Marietto wrote:
> > I've got a crazy idea : I see that Ubuntu has a 5.4 kernel source and
> > header package. Is there a method or tool to convert these packages to
> > debian packages so that I can use them on Debian ?
>
> Kernel image from one project and headers+sources from another one may
> be a call to trouble due to different config and set of patches.
>
> I suspect that kernel image+modules packages from Ubuntu would not work
> for you.
>
> Having config for your current kernel in /boot you may try to rebuild
> the whole suite from sources (if you can get applied patches).
>
>

-- 
Mario.

Re: How to install the kernel 5.4.14 (source and headers) packages on Debian buster.

[Max Nikulin]

On 02/09/2023 04:15, Mario Marietto wrote:
I've got a crazy idea : I see that Ubuntu has a 5.4 kernel source and 
header package. Is there a method or tool to convert these packages to 
debian packages so that I can use them on Debian ?


Kernel image from one project and headers+sources from another one may 
be a call to trouble due to different config and set of patches.


I suspect that kernel image+modules packages from Ubuntu would not work 
for you.


Having config for your current kernel in /boot you may try to rebuild 
the whole suite from sources (if you can get applied patches).

Re: How to install the kernel 5.4.14 (source and headers) packages on Debian buster.

[Andrew M.A. Cater]

On Fri, Sep 01, 2023 at 11:15:38PM +0200, Mario Marietto wrote:
> Hello.
> 
> I've got a crazy idea : I see that Ubuntu has a 5.4 kernel source and
> header package. Is there a method or tool to convert these packages to
> debian packages so that I can use them on Debian ? That's because I prefer
> Debian over Ubuntu. Thanks.
> 
> 

It looks as if the image you installed was using the Ubuntu kernel and
header - maybe look to see if there's a pure Debian image somewhere.

I've never owned a Chromebook of any kind and can't remember what
the solution allowing you to run a Debian VM under ChromeOS is.

> On Fri, Sep 1, 2023 at 10:25 PM Andrew M.A. Cater 
> wrote:
> 
> > On Fri, Sep 01, 2023 at 01:16:31PM +0200, Mario Marietto wrote:
> > > Hello to everyone.
> > >
> > > I've just installed Debian Buster on my ARM Chromebook,using this image :
> > >
> > > https://github.com/hexdump0815/imagebuilder/releases?page=12
> > >
> > > He says that the image is based on the kernel 5.4 and it is. Infact the
> > > default running kernel is 5.4.14. But for the project that I'm working
> > on,I
> > > also need to install the linux source and the headers packages for the
> > same
> > > kernel (5.4.14),but unfortunately,between the packages I only see
> > versions
> > > 4.19 and 5.10. Is there a method to install the sources and headers
> > > packages also for the kernel 5.4.14 ?
> > >
> >
> > You're out of luck - Debian doesn't offer 5.4 but does offer 5.10 - and
> > what you've got is not from Debian.
> >
> > You might be able to install debootstrap and current kernel sources
> > and build your own. I'd suggest starting from Debian 12 to build a
> > current image.
> >
> > In the interim, you need to ask the person who provided that image
> > where the source and headers are.
> >
> > > The point is that for the project that I'm working on (using qemu 5.1 +
> > > enabling kvm + kernel 5.4 + libvirt on my ARM chromebook) I need the
> > kvm.h
> > > header,that's provided by the linux-headers (5.4.14) package. I can't
> > use a
> > > version of qemu greater than 5.1 and a version of the kernel greater than
> > > 5.4. That's the reason why I'm asking this question.
> > >
> >
> > Go and ask, maybe - we can't really help.
> >
> > PS: Thanks very much for clear formatting of this message which is much
> > easier to read than some of your prior messages.
> >
> > > Thanks very much.
> > >
> > > --
> > > Mario.
> >
> > With every good wish, as ever,
> >
> > Andy Cater
> >
> >
> 
> -- 
> Mario.
as above :) Andy

Re: How to install the kernel 5.4.14 (source and headers) packages on Debian buster.

[Greg Wooledge]

On Fri, Sep 01, 2023 at 11:15:38PM +0200, Mario Marietto wrote:
> I've got a crazy idea : I see that Ubuntu has a 5.4 kernel source and
> header package. Is there a method or tool to convert these packages to
> debian packages so that I can use them on Debian ? That's because I prefer
> Debian over Ubuntu. Thanks.

Kernel packages tend to be very self-contained.  It's likely that an
Ubuntu kernel package would work on Debian without any changes.

Try It And See.  Make sure you have another kernel installed that you
know can boot, and that you have the ability to boot into it, should
the Ubuntu kernel fail.

Re: How to install the kernel 5.4.14 (source and headers) packages on Debian buster.

[Mario Marietto]

Hello.

I've got a crazy idea : I see that Ubuntu has a 5.4 kernel source and
header package. Is there a method or tool to convert these packages to
debian packages so that I can use them on Debian ? That's because I prefer
Debian over Ubuntu. Thanks.


On Fri, Sep 1, 2023 at 10:25 PM Andrew M.A. Cater 
wrote:

> On Fri, Sep 01, 2023 at 01:16:31PM +0200, Mario Marietto wrote:
> > Hello to everyone.
> >
> > I've just installed Debian Buster on my ARM Chromebook,using this image :
> >
> > https://github.com/hexdump0815/imagebuilder/releases?page=12
> >
> > He says that the image is based on the kernel 5.4 and it is. Infact the
> > default running kernel is 5.4.14. But for the project that I'm working
> on,I
> > also need to install the linux source and the headers packages for the
> same
> > kernel (5.4.14),but unfortunately,between the packages I only see
> versions
> > 4.19 and 5.10. Is there a method to install the sources and headers
> > packages also for the kernel 5.4.14 ?
> >
>
> You're out of luck - Debian doesn't offer 5.4 but does offer 5.10 - and
> what you've got is not from Debian.
>
> You might be able to install debootstrap and current kernel sources
> and build your own. I'd suggest starting from Debian 12 to build a
> current image.
>
> In the interim, you need to ask the person who provided that image
> where the source and headers are.
>
> > The point is that for the project that I'm working on (using qemu 5.1 +
> > enabling kvm + kernel 5.4 + libvirt on my ARM chromebook) I need the
> kvm.h
> > header,that's provided by the linux-headers (5.4.14) package. I can't
> use a
> > version of qemu greater than 5.1 and a version of the kernel greater than
> > 5.4. That's the reason why I'm asking this question.
> >
>
> Go and ask, maybe - we can't really help.
>
> PS: Thanks very much for clear formatting of this message which is much
> easier to read than some of your prior messages.
>
> > Thanks very much.
> >
> > --
> > Mario.
>
> With every good wish, as ever,
>
> Andy Cater
>
>

-- 
Mario.

Re: How to install the kernel 5.4.14 (source and headers) packages on Debian buster.

[Andrew M.A. Cater]

On Fri, Sep 01, 2023 at 01:16:31PM +0200, Mario Marietto wrote:
> Hello to everyone.
> 
> I've just installed Debian Buster on my ARM Chromebook,using this image :
> 
> https://github.com/hexdump0815/imagebuilder/releases?page=12
> 
> He says that the image is based on the kernel 5.4 and it is. Infact the
> default running kernel is 5.4.14. But for the project that I'm working on,I
> also need to install the linux source and the headers packages for the same
> kernel (5.4.14),but unfortunately,between the packages I only see versions
> 4.19 and 5.10. Is there a method to install the sources and headers
> packages also for the kernel 5.4.14 ?
> 

You're out of luck - Debian doesn't offer 5.4 but does offer 5.10 - and
what you've got is not from Debian.

You might be able to install debootstrap and current kernel sources
and build your own. I'd suggest starting from Debian 12 to build a
current image. 

In the interim, you need to ask the person who provided that image
where the source and headers are.

> The point is that for the project that I'm working on (using qemu 5.1 +
> enabling kvm + kernel 5.4 + libvirt on my ARM chromebook) I need the kvm.h
> header,that's provided by the linux-headers (5.4.14) package. I can't use a
> version of qemu greater than 5.1 and a version of the kernel greater than
> 5.4. That's the reason why I'm asking this question.
> 

Go and ask, maybe - we can't really help.

PS: Thanks very much for clear formatting of this message which is much
easier to read than some of your prior messages.

> Thanks very much.
> 
> -- 
> Mario.

With every good wish, as ever,

Andy Cater

How to install the kernel 5.4.14 (source and headers) packages on Debian buster.

[Mario Marietto]

Hello to everyone.

I've just installed Debian Buster on my ARM Chromebook,using this image :

https://github.com/hexdump0815/imagebuilder/releases?page=12

He says that the image is based on the kernel 5.4 and it is. Infact the
default running kernel is 5.4.14. But for the project that I'm working on,I
also need to install the linux source and the headers packages for the same
kernel (5.4.14),but unfortunately,between the packages I only see versions
4.19 and 5.10. Is there a method to install the sources and headers
packages also for the kernel 5.4.14 ?

The point is that for the project that I'm working on (using qemu 5.1 +
enabling kvm + kernel 5.4 + libvirt on my ARM chromebook) I need the kvm.h
header,that's provided by the linux-headers (5.4.14) package. I can't use a
version of qemu greater than 5.1 and a version of the kernel greater than
5.4. That's the reason why I'm asking this question.

Thanks very much.

-- 
Mario.

Re: New open source project

[Gregory Seidman]

On Mon, Jun 12, 2023 at 12:26:35PM +0200, the2nd wrote:
> i am developing an open source OTP authentication server and currently
> searching for someone to test it. I hope its okay to ask for this on this
> list.
> 
> There is no documentation yet but i can write a step by step guide if
> someone is interested in testing my project.
[...]

No documentation is one thing, but no justification for why this is useful
or better than existing OTP options like otpw-bin and libpam-otpw means
that you aren't likely to find a lot of interest.

You did a thing, and you've announced it, but why should anyone care
(beyond the intellectual exercise) that you did it? This isn't to say it's
a waste or not worth doing, just that you haven't explained why it isn't.

> Regards
> the2nd
--Gregory

New open source project

[the2nd]

Hi,

i am developing an open source OTP authentication server and currently 
searching for someone to test it. I hope its okay to ask for this on 
this list.


There is no documentation yet but i can write a step by step guide if 
someone is interested in testing my project.


Installation instructions for debian bullseye can be found here: 
https://github.com/the2nd/otpme/blob/main/pip-install.sh



If someone knows a better place to ask for testers just let me know and 
ill give it a try.


Regards
the2nd

Re: How to download source package using only console?

[Alexander V. Makartsev]

On 15.05.2023 15:19, Vincent Lefevre wrote:

On 2023-05-15 10:25:45 +0500, Alexander V. Makartsev wrote:


I see. That explains why I can request source package
"golang-github-xenolf-lego/testing" directly and get the right one.
So, in my case, I won't be able to reliably get a source package(-s) from
"testing" if I don't add "deb" part of "testing" to "sources.list", which
could be a different can of worms...
Is this something for me to just be aware of and leave it as is now, or is
there more elegant solution?

Well, if you don't want the "deb" part, you need to provide the
name of the source package directly to "apt source". If you do that
frequently, you can write a script. There are 2 solutions:
* A remote request, e.g. with rmadison.
* Something based of "apt cache show". From that, you can get the
   source package, then call "apt source" with the source package.
   But note that this is only a heuristic; if the name of the source
   package has changed from stable to testing, this won't work.

Note that adding the "deb" part shouldn't be much an issue (except
noise, e.g. with "apt cache show", which would give output for both
stable and testing). If you want to make sure that a package from
testing won't be installed by mistake (by apt), I suppose that you
can use apt preferences with a negative priority for testing to
prevent such an installation:

Package: *
Pin: release a=testing
Pin-Priority: -1

(not tried). See the apt_preferences(5) man page for details.

It looks like adding the "deb" part with apt pinning is the best option.
Even with pinning in effect, packages from "testing" still could be 
installed, but only if they were manually requested.

Now the command "$ apt source lego/testing" is working properly.
Thanks for suggestions, Vincent.

--
With kindest regards, Alexander.

⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system
⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org
⠈⠳⣄

Re: How to download source package using only console?

[Vincent Lefevre]

On 2023-05-15 10:25:45 +0500, Alexander V. Makartsev wrote:
> On 15.05.2023 05:43, Vincent Lefevre wrote:
> > But my point is that your database is obsolete, because if you ask
> > the version from testing, apt thinks that it is 3.2.0-3.1, while it
> > should be 4.9.1-1. You need to fix that.
> What is the best approach to fix that? [...]

That:

[...]
> I see. That explains why I can request source package
> "golang-github-xenolf-lego/testing" directly and get the right one.
> So, in my case, I won't be able to reliably get a source package(-s) from
> "testing" if I don't add "deb" part of "testing" to "sources.list", which
> could be a different can of worms...
> Is this something for me to just be aware of and leave it as is now, or is
> there more elegant solution?

Well, if you don't want the "deb" part, you need to provide the
name of the source package directly to "apt source". If you do that
frequently, you can write a script. There are 2 solutions:
* A remote request, e.g. with rmadison.
* Something based of "apt cache show". From that, you can get the
  source package, then call "apt source" with the source package.
  But note that this is only a heuristic; if the name of the source
  package has changed from stable to testing, this won't work.

Note that adding the "deb" part shouldn't be much an issue (except
noise, e.g. with "apt cache show", which would give output for both
stable and testing). If you want to make sure that a package from
testing won't be installed by mistake (by apt), I suppose that you
can use apt preferences with a negative priority for testing to
prevent such an installation:

Package: *
Pin: release a=testing
Pin-Priority: -1

(not tried). See the apt_preferences(5) man page for details.

-- 
Vincent Lefèvre  - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Re: How to download source package using only console?

[Alexander V. Makartsev]

On 15.05.2023 05:43, Vincent Lefevre wrote:

On 2023-05-14 14:17:05 +0500, Alexander V. Makartsev wrote:

[...]
I think you haven't noticed that I requested for "4.9.1-1" version from
"testing" specifically,

You can't. You can either request some given version, e.g. 4.9.1-1
(but this will work only if it can be found from your local database),
or the version from some given distribution, e.g. "testing".

But my point is that your database is obsolete, because if you ask
the version from testing, apt thinks that it is 3.2.0-3.1, while it
should be 4.9.1-1. You need to fix that.
What is the best approach to fix that? Keep in mind, I only need a 
source package(-s) from "testing".

So, just to be safe, "deb" source for "testing" was commented out:

   $ cat /etc/apt/sources.list | grep -iE "testing"
   #deb https://deb.debian.org/debian/ testing main contrib non-free
   deb-src https://deb.debian.org/debian/ testing main contrib non-free



hence why the command was "$ apt source lego/testing" not just "$ apt source
lego".
There is no reason for building a backport package for "stable" using a
source package from "stable"...

I've changed all my repo mirrors to "deb.debian.org" suspecting the previous
mirror I used was somehow out-of-date. Why is my output differ from yours?

$ apt-show-versions -a lego
lego:amd64 3.2.0-3.1+b5 bullseye deb.debian.org
No proposed-updates version
No stable-updates version
No testing version
No unstable version
lego:amd64 not installed
lego:i386 3.2.0-3.1+b5 bullseye deb.debian.org
No proposed-updates version
No stable-updates version
No testing version
No unstable version
lego:i386 not installed

After changing your sources.list, you need an "apt update" again.
Of course, I always do "$ sudo apt update" after changing apt config 
files and before any package manipulation.



Yet "rmadison" reports there is a version "4.9.1-1" available in "testing":

$ rmadison lego
lego   | 0.3.1-5+b13   | oldstable  | amd64, arm64, armel,
armhf, i386, mips, mips64el, mipsel, ppc64el, s390x
lego   | 3.2.0-3.1+b5  | stable | amd64, arm64, armel,
armhf, i386, mips64el, mipsel, ppc64el, s390x
lego   | 4.9.1-1   | testing    | amd64, arm64, armel,
armhf, i386, mips64el, mipsel, ppc64el, s390x
lego   | 4.9.1-1   | unstable   | amd64, arm64, armel,
armhf, i386, mips64el, mipsel, ppc64el, s390x

I suspect "apt-show-versions" output is inconsistent because I only request
"deb-src" from "testing" in "sources.list", as I've shown before.

Probably. "apt-show-versions" considers only the binary packages
(but "lego" is only a binary package).
I see. "rmadison" utility is checking out repos directly, where as 
"apt-show-versions" rely on local database information.



[...]

I did some additional research and I think I got it.
"lego" package is special because its source package is named differently:

Yes, as said by apt above:

   Picking 'golang-github-xenolf-lego' as source package instead of 'lego'

[...]

But why "apt" doesn't play along, since it knows the source package for
"lego" has different name, but ignores the "testing" part of the request?

$ apt source lego/testing
Reading package lists... Done
Picking 'golang-github-xenolf-lego' as source package instead of 'lego'
E: Can not find version '3.2.0-3.1' of package 'lego'
E: Unable to find a source package for golang-github-xenolf-lego

Looks like an "apt" bug to me.

Probably not. You are doing a request on a binary package (since
"lego" is not a source package). The translation from the binary
package to the source package depends on the particular version of
the binary package. So lego/testing will correspond to the binary
package from testing, which is 3.2.0-3.1+b5 in your case (because
of your obsolete database due to the missing "deb" for testing in
sources.list). Then apt translates this to the source package (of
the same version) golang-github-xenolf-lego 3.2.0-3.1, which is
unknown on your machine because the deb-src database is up-to-date
(contrary to the deb database). Something like that.

I see. That explains why I can request source package 
"golang-github-xenolf-lego/testing" directly and get the right one.
So, in my case, I won't be able to reliably get a source package(-s) 
from "testing" if I don't add "deb" part of "testing" to "sources.list", 
which could be a different can of worms...
Is this something for me to just be aware of and leave it as is now, or 
is there more elegant solution?


--
With kindest regards, Alexander.

⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system
⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org
⠈⠳⣄

Re: How to download source package using only console?

[Vincent Lefevre]

On 2023-05-14 14:17:05 +0500, Alexander V. Makartsev wrote:
> On 14.05.2023 10:06, Vincent Lefevre wrote:
> > On 2023-05-14 00:15:39 +0500, Alexander V. Makartsev wrote:
> > > Hello, fellow Debian users.
> > > 
> > > When I need to build a backport of a package, I sometimes find it 
> > > difficult
> > > to obtain actual source package(-s) from Debian repos using console.
> > > Following advice from a wiki page [1], after "apt update", doesn't do it:
> > > 
> > > $ apt source lego/testing
> > > Reading package lists... Done
> > > Picking 'golang-github-xenolf-lego' as source package instead of 
> > > 'lego'
> > > E: Can not find version '3.2.0-3.1' of package 'lego'
> > > E: Unable to find a source package for golang-github-xenolf-lego
> > zira:~> apt-show-versions -a lego
> > lego:amd64 3.2.0-3.1+b5 stableftp.debian.org
> > No stable-updates version
> > lego:amd64 4.9.1-1  testingftp.debian.org
> > lego:amd64 4.9.1-1  unstableftp.debian.org
> > No experimental version
> > lego:amd64 not installed
> > 
> > Indeed, 3.2.0-3.1 is no longer the testing version. Your database
> > seems to be out-of-date.
> > 
> I think you haven't noticed that I requested for "4.9.1-1" version from
> "testing" specifically,

You can't. You can either request some given version, e.g. 4.9.1-1
(but this will work only if it can be found from your local database),
or the version from some given distribution, e.g. "testing".

But my point is that your database is obsolete, because if you ask
the version from testing, apt thinks that it is 3.2.0-3.1, while it
should be 4.9.1-1. You need to fix that.

> hence why the command was "$ apt source lego/testing" not just "$ apt source
> lego".
> There is no reason for building a backport package for "stable" using a
> source package from "stable"...
> 
> I've changed all my repo mirrors to "deb.debian.org" suspecting the previous
> mirror I used was somehow out-of-date. Why is my output differ from yours?
> 
>$ apt-show-versions -a lego
>lego:amd64 3.2.0-3.1+b5 bullseye deb.debian.org
>No proposed-updates version
>No stable-updates version
>No testing version
>No unstable version
>lego:amd64 not installed
>lego:i386 3.2.0-3.1+b5 bullseye deb.debian.org
>No proposed-updates version
>No stable-updates version
>No testing version
>No unstable version
>lego:i386 not installed

After changing your sources.list, you need an "apt update" again.

> Yet "rmadison" reports there is a version "4.9.1-1" available in "testing":
> 
>$ rmadison lego
>lego   | 0.3.1-5+b13   | oldstable  | amd64, arm64, armel,
>armhf, i386, mips, mips64el, mipsel, ppc64el, s390x
>lego   | 3.2.0-3.1+b5  | stable | amd64, arm64, armel,
>armhf, i386, mips64el, mipsel, ppc64el, s390x
>lego   | 4.9.1-1   | testing    | amd64, arm64, armel,
>armhf, i386, mips64el, mipsel, ppc64el, s390x
>lego   | 4.9.1-1   | unstable   | amd64, arm64, armel,
>armhf, i386, mips64el, mipsel, ppc64el, s390x
> 
> I suspect "apt-show-versions" output is inconsistent because I only request
> "deb-src" from "testing" in "sources.list", as I've shown before.

Probably. "apt-show-versions" considers only the binary packages
(but "lego" is only a binary package).

[...]
> I did some additional research and I think I got it.
> "lego" package is special because its source package is named differently:

Yes, as said by apt above:

  Picking 'golang-github-xenolf-lego' as source package instead of 'lego'

[...]
> But why "apt" doesn't play along, since it knows the source package for
> "lego" has different name, but ignores the "testing" part of the request?
> 
>$ apt source lego/testing
>Reading package lists... Done
>Picking 'golang-github-xenolf-lego' as source package instead of 'lego'
>E: Can not find version '3.2.0-3.1' of package 'lego'
>E: Unable to find a source package for golang-github-xenolf-lego
> 
> Looks like an "apt" bug to me.

Probably not. You are doing a request on a binary package (since
"lego" is not a source package). The translation from the binary
package to the source package depends on the particular version of
the binary package. So lego/testing will correspond to the binary
package from testing, which is 3.2.0-3.1+b5 in your case (because
of your obsolete database due to the missing "deb" for testing in
sources.list). Then apt translates this to the source package (of
the same version) golang-github-xenolf-lego 3.2.0-3.1, which is
unknown on your machine because the deb-src database is up-to-date
(contrary to the deb database). Something like that.

-- 
Vincent Lefèvre  - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Re: How to download source package using only console?

[Greg Wooledge]

On Sun, May 14, 2023 at 02:17:05PM +0500, Alexander V. Makartsev wrote:
> hence why the command was "$ apt source lego/testing" not just "$ apt source
> lego".
> There is no reason for building a backport package for "stable" using a
> source package from "stable"...

If you're trying to build a backport, you add "deb-src" lines for
testing, then "apt-get update", and then simply use
"apt-get source pkgname".  Or their "apt" equivalents, I guess.

Re: How to download source package using only console?

[Alexander V. Makartsev]

On 14.05.2023 10:06, Vincent Lefevre wrote:

On 2023-05-14 00:15:39 +0500, Alexander V. Makartsev wrote:

Hello, fellow Debian users.

When I need to build a backport of a package, I sometimes find it difficult
to obtain actual source package(-s) from Debian repos using console.
Following advice from a wiki page [1], after "apt update", doesn't do it:

    $ apt source lego/testing
Reading package lists... Done
Picking 'golang-github-xenolf-lego' as source package instead of 'lego'
E: Can not find version '3.2.0-3.1' of package 'lego'
E: Unable to find a source package for golang-github-xenolf-lego

zira:~> apt-show-versions -a lego
lego:amd64 3.2.0-3.1+b5 stableftp.debian.org
No stable-updates version
lego:amd64 4.9.1-1  testingftp.debian.org
lego:amd64 4.9.1-1  unstableftp.debian.org
No experimental version
lego:amd64 not installed

Indeed, 3.2.0-3.1 is no longer the testing version. Your database
seems to be out-of-date.

I think you haven't noticed that I requested for "4.9.1-1" version from 
"testing" specifically,
hence why the command was "$ apt source lego/testing" not just "$ apt 
source lego".
There is no reason for building a backport package for "stable" using a 
source package from "stable"...


I've changed all my repo mirrors to "deb.debian.org" suspecting the 
previous mirror I used was somehow out-of-date. Why is my output differ 
from yours?


   $ apt-show-versions -a lego
   lego:amd64 3.2.0-3.1+b5 bullseye deb.debian.org
   No proposed-updates version
   No stable-updates version
   No testing version
   No unstable version
   lego:amd64 not installed
   lego:i386 3.2.0-3.1+b5 bullseye deb.debian.org
   No proposed-updates version
   No stable-updates version
   No testing version
   No unstable version
   lego:i386 not installed

Yet "rmadison" reports there is a version "4.9.1-1" available in "testing":

   $ rmadison lego
   lego   | 0.3.1-5+b13   | oldstable  | amd64, arm64, armel,
   armhf, i386, mips, mips64el, mipsel, ppc64el, s390x
   lego   | 3.2.0-3.1+b5  | stable | amd64, arm64, armel,
   armhf, i386, mips64el, mipsel, ppc64el, s390x
   lego   | 4.9.1-1   | testing    | amd64, arm64, armel,
   armhf, i386, mips64el, mipsel, ppc64el, s390x
   lego   | 4.9.1-1   | unstable   | amd64, arm64, armel,
   armhf, i386, mips64el, mipsel, ppc64el, s390x

I suspect "apt-show-versions" output is inconsistent because I only 
request "deb-src" from "testing" in "sources.list", as I've shown before.


Here is another example package that works as expected:

   $ rmadison roundcube
   roundcube  | 1.3.17+dfsg.1-1~deb10u2 | oldstable    |
   source, all
   roundcube  | 1.4.13+dfsg.1-1~deb11u1~bpo10+1 | buster-backports |
   source, all
   roundcube  | 1.4.13+dfsg.1-1~deb11u1 | stable   |
   source, all
   roundcube  | 1.6.1+dfsg-1    | testing  |
   source, all
   roundcube  | 1.6.1+dfsg-1    | unstable |
   source, all

   $ apt-show-versions -a roundcube
   roundcube:all 1.4.13+dfsg.1-1~deb11u1 bullseye  deb.debian.org
   roundcube:all 1.4.13+dfsg.1-1~deb11u1 bullseye-security deb.debian.org
   No proposed-updates version
   No stable-updates version
   No testing version
   No unstable version
   roundcube:all not installed

   $ apt source roundcube/testing
   Reading package lists... Done
   Selected version '1.6.1+dfsg-1' (testing) for roundcube
   ...


I did some additional research and I think I got it.
"lego" package is special because its source package is named differently:

   $ rmadison golang-github-xenolf-lego
   golang-github-xenolf-lego | 0.3.1-5   | oldstable  | source
   golang-github-xenolf-lego | 3.2.0-3.1 | stable | source
   golang-github-xenolf-lego | 4.9.1-1   | testing    | source
   golang-github-xenolf-lego | 4.9.1-1   | unstable   | source
   golang-github-xenolf-lego | 4.9.1-1   | unstable-debug | source

   $ apt source golang-github-xenolf-lego/testing
   Reading package lists... Done
   Selected version '4.9.1-1' (testing) for golang-github-xenolf-lego
   ...

But why "apt" doesn't play along, since it knows the source package for 
"lego" has different name, but ignores the "testing" part of the request?


   $ apt source lego/testing
   Reading package lists... Done
   Picking 'golang-github-xenolf-lego' as source package instead of 'lego'
   E: Can not find version '3.2.0-3.1' of package 'lego'
   E: Unable to find a source package for golang-github-xenolf-lego


Looks like an "apt" bug to me.


--
With kindest regards, Alexander.

⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system
⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org
⠈⠳⣄

Re: How to download source package using only console?

[Vincent Lefevre]

On 2023-05-14 00:15:39 +0500, Alexander V. Makartsev wrote:
> Hello, fellow Debian users.
> 
> When I need to build a backport of a package, I sometimes find it difficult
> to obtain actual source package(-s) from Debian repos using console.
> Following advice from a wiki page [1], after "apt update", doesn't do it:
> 
>$ apt source lego/testing
>Reading package lists... Done
>    Picking 'golang-github-xenolf-lego' as source package instead of 'lego'
>E: Can not find version '3.2.0-3.1' of package 'lego'
>E: Unable to find a source package for golang-github-xenolf-lego

zira:~> apt-show-versions -a lego
lego:amd64 3.2.0-3.1+b5 stable   ftp.debian.org
No stable-updates version
lego:amd64 4.9.1-1  testing  ftp.debian.org
lego:amd64 4.9.1-1  unstable ftp.debian.org
No experimental version
lego:amd64 not installed

Indeed, 3.2.0-3.1 is no longer the testing version. Your database
seems to be out-of-date.

-- 
Vincent Lefèvre  - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

How to download source package using only console?

[Alexander V. Makartsev]

Hello, fellow Debian users.

When I need to build a backport of a package, I sometimes find it 
difficult to obtain actual source package(-s) from Debian repos using 
console.

Following advice from a wiki page [1], after "apt update", doesn't do it:

   $ apt source lego/testing
   Reading package lists... Done
   Picking 'golang-github-xenolf-lego' as source package instead of 'lego'
   E: Can not find version '3.2.0-3.1' of package 'lego'
   E: Unable to find a source package for golang-github-xenolf-lego

Any other seemingly intended ways also fail in a similar fashion:

   $ dget lego=4.9.1-1
   dget: no hostnames in apt-cache policy lego for version 4.9.1-1 found

   $ apt-get source lego -t testing
   Reading package lists... Done
   E: The value 'testing' is invalid for APT::Default-Release as such a
   release is not available in the sources
   E: Unable to find a source package for

Trying to do the same for another package seems to work:

   $ apt source ipcalc/testing
   Reading package lists... Done
   Selected version '0.42-2' (testing) for ipcalc
   Need to get 33,7 kB of source archives.
   Get:1 https://mirror.yandex.ru/debian testing/main ipcalc 0.42-2
   (dsc) [1 692 B]
   Get:2 https://mirror.yandex.ru/debian testing/main ipcalc 0.42-2
   (tar) [25,9 kB]
   Get:3 https://mirror.yandex.ru/debian testing/main ipcalc 0.42-2
   (diff) [6 144 B]
   Fetched 33,7 kB in 1s (52,5 kB/s)
   dpkg-source: info: extracting ipcalc in ipcalc-0.42
   dpkg-source: info: unpacking ipcalc_0.42.orig.tar.gz
   dpkg-source: info: unpacking ipcalc_0.42-2.debian.tar.xz
   dpkg-source: info: using patch list from debian/patches/series
   dpkg-source: info: applying 01-paths.patch


So why those fail for a "lego" package and is there a way to solve this 
once and for all?
I know I can go to a packages website [2] and manually download ".dsc" 
file and feed it to "dget" utility, or download source files directly 
from said website, but there has to be a better way.


Some useful info:

   $ cat /etc/apt/sources.list | grep -iE "testing"
   #deb https://mirror.yandex.ru/debian/ testing main contrib non-free
   deb-src https://mirror.yandex.ru/debian/ testing main contrib non-free

   $ rmadison lego
   lego   | 0.3.1-5+b13   | oldstable  | amd64, arm64, armel,
   armhf, i386, mips, mips64el, mipsel, ppc64el, s390x
   lego   | 3.2.0-3.1+b5  | stable | amd64, arm64, armel,
   armhf, i386, mips64el, mipsel, ppc64el, s390x
   lego   | 4.9.1-1   | testing    | amd64, arm64, armel,
   armhf, i386, mips64el, mipsel, ppc64el, s390x
   lego   | 4.9.1-1   | unstable   | amd64, arm64, armel,
   armhf, i386, mips64el, mipsel, ppc64el, s390x

   $ uname -a
   Linux host0 5.10.0-22-amd64 #1 SMP Debian 5.10.178-3 (2023-04-22)
   x86_64 GNU/Linux



[1] https://wiki.debian.org/SimpleBackportCreation
[2] https://packages.debian.org/bookworm/lego

--
With kindest regards, Alexander.

⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system
⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org
⠈⠳⣄

Re: Missing Input Source - which package to file bug against?

[Pankaj Jangid]

Pankaj Jangid  writes:

> I just discovered that there is no "input source" for Hindi (language)
> or Devanagari Script. Which package should I file the bug against?
>
> In Debian 11.6, the input source was present and switching with
> Super+Space was working just fine.

I tried "dpkg-reconfigure locales" and added "hi_IN". And it brought
back the input-source related to Indian langauges in GNOME keyboard
settings.

Missing Input Source - which package to file bug against?

[Pankaj Jangid]

I just discovered that there is no "input source" for Hindi (language)
or Devanagari Script. Which package should I file the bug against?

In Debian 11.6, the input source was present and switching with
Super+Space was working just fine.

I have upgraded to "bookworm" 3 days back. Overall experience is very
refreshing after (approx.) two years. Above small problem is the only
glitch that I encountered.

Rather I should say, it has solved a very critical problems, that I
encountered frequently in 11.6.

Source code boost.

[David]

Yandex contribute substantially.

https://tass.com/economy/1591543

Cheers!

Re: Trying to find the source iso's for debian buster and bookworm

[Cindy Sue Causey]

On 3/4/23, davidson  wrote:
> On Sat, 4 Mar 2023 Keith Christian wrote:
>> Several versions back, we could download the source code
>> on various iso files for previous and current releases.
>
>Debian CDs/DVDs archive
>https://cdimage.debian.org/cdimage/archive/

I like to get mine from packages dot Debian. Am using wicd as an
example because I needed to look it up anyway:

https://packages.debian.org/experimental/wicd

The right-hand column has a "Download Source Package" heading with
several files under it.

Source files can (at least sometimes) be found under Debian's own
repository location, too. An example there is:

http://http.us.debian.org/debian/pool/main/w/wicd/

That location can be overwhelming to wade through depending on one's
level of experience. The reason is because anything available for
active releases will be found lumped together in a single directory
instead of filed under their respective release code names the way
packages dot Debian does.

Out of curiosity, I just checked ibiblio for source files:

https://distro.ibiblio.org/debian/pool/main/w/wicd/

No source files were present. It's just an executive decision each
volunteer repository makes depending on how much extra space they
might have available to share.

As a P.S. to Debian's own repository, poking around in there years ago
is how I finally started grasping how our package managers do their
amazing job. P.P.S. Reading text files under /var/lib/apt/lists was
another fun place to play back then, too. Was one of my favorite ah-ha
moments in figuring out how Debian performs with such consistent
accuracy.

Hope that helps someone.

Cindy :)
-- 
Talking Rock, Pickens County, Georgia, USA
* runs with birdseed *

Re: Trying to find the source iso's for debian buster and bookworm

[Luna Jernberg]

Thats correct buster and bullseye is released bookworm is testing and
still being developed for a couple of months more

On 3/5/23, davidson  wrote:
> On Sat, 4 Mar 2023 Keith Christian wrote:
>> Several versions back, we could download the source code
>> on various iso files for previous and current releases.
>
>Debian CDs/DVDs archive
>https://cdimage.debian.org/cdimage/archive/
>
>> Where can those be found for Buster [...]
>
> I would look in the archives linked above.
>
>> [...] and Bookworm?
>
> I understand the Bookworm is, at the moment, still on the testing
> branch. That is, it is not yet a release.
>
> I have a lot of trouble mixing up the codenames that start with
> "B". Maybe I am confused.
>
>>  Several searches turned up nothing.
>
>Debian on CDs/DVDs
>https://www.debian.org/CD/#content
>
>Frequently Asked Questions about Debian CD/DVD/USB images
>https://www.debian.org//CD/faq/#content
>
> --
> Ce qui est important est rarement urgent
> et ce qui est urgent est rarement important
> -- Dwight David Eisenhower
>
>

Re: Trying to find the source iso's for debian buster and bookworm

[davidson]

On Sat, 4 Mar 2023 Keith Christian wrote:

Several versions back, we could download the source code
on various iso files for previous and current releases.


  Debian CDs/DVDs archive
  https://cdimage.debian.org/cdimage/archive/


Where can those be found for Buster [...]


I would look in the archives linked above.


[...] and Bookworm?


I understand the Bookworm is, at the moment, still on the testing
branch. That is, it is not yet a release.

I have a lot of trouble mixing up the codenames that start with
"B". Maybe I am confused.


 Several searches turned up nothing.


  Debian on CDs/DVDs
  https://www.debian.org/CD/#content

  Frequently Asked Questions about Debian CD/DVD/USB images
  https://www.debian.org//CD/faq/#content

--
Ce qui est important est rarement urgent
et ce qui est urgent est rarement important
-- Dwight David Eisenhower

Trying to find the source iso's for debian buster and bookworm

[Keith Christian]

Several versions back, we could download the source code
on various iso files for previous and current releases.

Where can those be found for Buster and Bookworm?  Several searches
turned up nothing.

Thanks.

Re: No emacs source files in Debian testing?

[Dekks Herton]

Charles Curley  writes:

> On Wed, 5 Oct 2022 08:40:14 -0400
> Haines Brown  wrote:
>
>> With an upgrade to testing, I get this warning when I load emacs:
>> 
>>   Warning (comp): Cannot look-up eln file as no source file was found
>>   for /home/haines/.emacs.d/elisp/ibus.elc
>
> Judging by the location (in your user directory) and by the fact that
> searching with apt-file on Bullseye turns up neither ibus.elc nor
> ibus.el, I don't think that ibus.elc or its source file, ibus.el is in
> Bullseye, and so likely not in Debian testing. Nor did I find anything
> by searching for an emacs ibus package. I suspect you got it from
> somewhere else. https://www.emacswiki.org/emacs/IBusMode I suspect you
> did a manual installation.
> https://www.emacswiki.org/emacs/IBusMode#h5o-4
>
>
>> 
>> I gather that with emacs version 28 the ibus.el source file is no 
>> longer installed, although it must found if the compiled ibus.enc
>> file is to load.

Testing is at 27.1 - 28.1 is in unstable and currently broken.

> Emacs can run byte-compiled files without having the source files
> handy. Did you mean ibus.elc here?
>
>> 
>> I tried to find a testing version of ibus.el but did not succeed. I
>> tied to use an old ibus.el file from Jul 2020, but it had obsolete
>> functions and so was not usable.
>> 
>> Can I just ignore the warning? If I do does it leave ibus
>> non-functional? Should I file a bug report?
>> 
>
> The acid test is whether you can run without the source file. I'm
> pretty sure you can ignore the warning. I would try it.
>
> As for filing a bug report, I don't know where you got ibus.elc, so
> can't advise you.
>

-- 
regards.

Thinkpad T60p 2.33Ghz 2GB SXGA+

Re: No emacs source files in Debian testing?

[Charles Curley]

On Wed, 5 Oct 2022 08:40:14 -0400
Haines Brown  wrote:

> With an upgrade to testing, I get this warning when I load emacs:
> 
>   Warning (comp): Cannot look-up eln file as no source file was found
>   for /home/haines/.emacs.d/elisp/ibus.elc

Judging by the location (in your user directory) and by the fact that
searching with apt-file on Bullseye turns up neither ibus.elc nor
ibus.el, I don't think that ibus.elc or its source file, ibus.el is in
Bullseye, and so likely not in Debian testing. Nor did I find anything
by searching for an emacs ibus package. I suspect you got it from
somewhere else. https://www.emacswiki.org/emacs/IBusMode I suspect you
did a manual installation.
https://www.emacswiki.org/emacs/IBusMode#h5o-4


> 
> I gather that with emacs version 28 the ibus.el source file is no 
> longer installed, although it must found if the compiled ibus.enc
> file is to load.

Emacs can run byte-compiled files without having the source files
handy. Did you mean ibus.elc here?

> 
> I tried to find a testing version of ibus.el but did not succeed. I
> tied to use an old ibus.el file from Jul 2020, but it had obsolete
> functions and so was not usable.
> 
> Can I just ignore the warning? If I do does it leave ibus
> non-functional? Should I file a bug report?
> 

The acid test is whether you can run without the source file. I'm
pretty sure you can ignore the warning. I would try it.

As for filing a bug report, I don't know where you got ibus.elc, so
can't advise you.

-- 
Does anybody read signatures any more?

https://charlescurley.com
https://charlescurley.com/blog/

No emacs source files in Debian testing?

[Haines Brown]

With an upgrade to testing, I get this warning when I load emacs:

  Warning (comp): Cannot look-up eln file as no source file was found
  for /home/haines/.emacs.d/elisp/ibus.elc

I gather that with emacs version 28 the ibus.el source file is no 
longer installed, although it must found if the compiled ibus.enc file 
is to load.

I tried to find a testing version of ibus.el but did not succeed. I
tied to use an old ibus.el file from Jul 2020, but it had obsolete
functions and so was not usable.

Can I just ignore the warning? If I do does it leave ibus
non-functional? Should I file a bug report?

-- 

 Haines Brown 
 /"\
 \ /  ASCII Ribbon Campaign
  Xagainst HTML e-mail 
 / \

Re: Paying Debian contributors (Was Re: Advantages/Disadvantages of Open Source Software)

[riveravaldez]

On Thursday, September 15, 2022, Chuck Zmudzinski  wrote:
> On 9/15/2022 11:46 AM, Andy Smith wrote:
>> Hello,
>>
>> On Wed, Sep 14, 2022 at 10:04:48PM -0400, Chuck Zmudzinski wrote:
>> > I am not against giving maintainers like Steve just compensation for the
>> > work they do fixing bugs, and by compensation I mean money.
>> (...)
>> to be able to force the developers to work on what you want them to
>> work on, in the way you want them to work on it. I can only ever see
>> that happening in situations where you pay much much more for a
>> bespoke solution.
>
> So I have to pay someone lots of money to fix a problem I already know how to 
> fix?

Hi, not sure at all, but maybe that could be the case, because to know
how to fix a problem and to make someone else to work on what you want
them to work on in the way you want them to work on it are just two
different and independent things. But I really don't know, just
guessing.
Best regards.

Re: Paying Debian contributors (Was Re: Advantages/Disadvantages of Open Source Software)

[Chuck Zmudzinski]

On 9/16/22 12:05 AM, Maude Summerside wrote:
>
> On 2022-09-15 17:56, Chuck Zmudzinski wrote:
> > On 9/15/2022 11:46 AM, Andy Smith wrote:
> >> Hello,
> >>
> >> On Wed, Sep 14, 2022 at 10:04:48PM -0400, Chuck Zmudzinski wrote:
> >>> I am not against giving maintainers like Steve just compensation for the
> >>> work they do fixing bugs, and by compensation I mean money.
> >>
> >> It's a very tricky subject to propose to start paying (some?) people
> >> in what was always a volunteer project, to do the same work that
> >> others do voluntarily. It has been proposed before, and it did not
> >> go down well. Search for "dunc tank debian" to read about that.
> >>
> >> More recently (since 2014), the Debian LTS effort started paying
> >> people to upload fixed Debian packages past the end of the normal
> >> release lifetime. This is organised by private company Freexian who
> >> accept sponsorship funds and pay developers to do this work for
> >> Debian, not out of Debian's own funds.
> >>
> >> https://www.freexian.com/services/debian-lts.html
> >> https://wiki.debian.org/LTS
> >> https://wiki.debian.org/LTS/FAQ
> >>
> >> They do LTS, ELTS and some other limited scope efforts.
> >>
> >> If you do use Debian LTS maybe you could consider contributing to
> >> this? Though I would point out:
> >>
> >> - It's not going to give you the right to tell people what to work
> >>   on, how to do it, govern their timescales etc. Sponsors are paying
> >>   for a certain amount of developer time per month, but Freexian and
> >>   those developers decide what to work on and how to do it.
> >>
> >> - At the moment the minimum contribution is €255/year.
> >>
> >> It could also be interesting to explore individual packaging teams
> >> within Debian having Patreon and/or ko-fi accounts or similar.
> >>
> >> Broadly though, none of these small scale funding ideas are ever
> >> going to give you the kind of service you apparently seem to want:
> >> to be able to force the developers to work on what you want them to
> >> work on, in the way you want them to work on it. I can only ever see
> >> that happening in situations where you pay much much more for a
> >> bespoke solution.
> > 
> > So I have to pay someone lots of money to fix a problem I already know how 
> > to fix?
> > I don't think you really understand my use case very well.
> > 
> > Cheers
> > 
>
> Can you stop complaining and take a minute to go read the code of
> conduct, rules regarding the Debian mailing list.
> There's no reason to do dual posting.
>
> WtF have you written myself a personal mail ?
I think I did, but it was just an oversight. I am aware
of the Code of Conduct, and it also says everyone is
to presume good intentions, as far as possible. When
I noticed I forgot to reply to list, I sent the message
again, I think with a little more detail, to the list also,
where I should have sent the message in the first place.

BTW, just so everyone is aware, the message I sent
is on debian-user, and it is an interesting story about
a Debian bug and I don't think it was against the Code
of Conduct.

Best regards,

Chuck

Re: Paying Debian contributors (Was Re: Advantages/Disadvantages of Open Source Software)

[Maude Summerside]

On 2022-09-15 17:56, Chuck Zmudzinski wrote:
> On 9/15/2022 11:46 AM, Andy Smith wrote:
>> Hello,
>>
>> On Wed, Sep 14, 2022 at 10:04:48PM -0400, Chuck Zmudzinski wrote:
>>> I am not against giving maintainers like Steve just compensation for the
>>> work they do fixing bugs, and by compensation I mean money.
>>
>> It's a very tricky subject to propose to start paying (some?) people
>> in what was always a volunteer project, to do the same work that
>> others do voluntarily. It has been proposed before, and it did not
>> go down well. Search for "dunc tank debian" to read about that.
>>
>> More recently (since 2014), the Debian LTS effort started paying
>> people to upload fixed Debian packages past the end of the normal
>> release lifetime. This is organised by private company Freexian who
>> accept sponsorship funds and pay developers to do this work for
>> Debian, not out of Debian's own funds.
>>
>> https://www.freexian.com/services/debian-lts.html
>> https://wiki.debian.org/LTS
>> https://wiki.debian.org/LTS/FAQ
>>
>> They do LTS, ELTS and some other limited scope efforts.
>>
>> If you do use Debian LTS maybe you could consider contributing to
>> this? Though I would point out:
>>
>> - It's not going to give you the right to tell people what to work
>>   on, how to do it, govern their timescales etc. Sponsors are paying
>>   for a certain amount of developer time per month, but Freexian and
>>   those developers decide what to work on and how to do it.
>>
>> - At the moment the minimum contribution is €255/year.
>>
>> It could also be interesting to explore individual packaging teams
>> within Debian having Patreon and/or ko-fi accounts or similar.
>>
>> Broadly though, none of these small scale funding ideas are ever
>> going to give you the kind of service you apparently seem to want:
>> to be able to force the developers to work on what you want them to
>> work on, in the way you want them to work on it. I can only ever see
>> that happening in situations where you pay much much more for a
>> bespoke solution.
> 
> So I have to pay someone lots of money to fix a problem I already know how to 
> fix?
> I don't think you really understand my use case very well.
> 
> Cheers
> 

Can you stop complaining and take a minute to go read the code of
conduct, rules regarding the Debian mailing list.
There's no reason to do dual posting.

WtF have you written myself a personal mail ?
-- 
Polyna-Maude R.-Summerside
-Be smart, Be wise, Support opensource development

Re: Paying Debian contributors (Was Re: Advantages/Disadvantages of Open Source Software)

[Chuck Zmudzinski]

On 9/15/22 6:29 PM, Lee wrote:
> On 9/15/22, Chuck Zmudzinski  wrote:
> >
> > So I have to pay someone lots of money to fix a problem I already know how
> > to fix?
> > I don't think you really understand my use case very well.
>
> I surely don't.  If you know how to fix whatever why haven't you fixed
> it already?

I have it fixed in the distro on one bug, but on another I still have to
apply the fix myself because no one in Debian will fix it. Fedora
developers also fixed the same bug. I discuss that bug in some
other posts here. Please read them before asking me about this
again.

Cheers,

Chuck

Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)

[Chuck Zmudzinski]

On 9/15/22 11:45 AM, Maude Summerside wrote:
>
> On 2022-09-14 23:23, Chuck Zmudzinski wrote:
> > On 9/14/2022 11:01 PM, Maude Summerside wrote:
> >>
> >> On 2022-09-14 21:45, Michael Stone wrote:
> >>> On Wed, Sep 14, 2022 at 11:16:00PM +0100, Steve McIntyre wrote:
> >>>> I'll be brutally honest: being accused of "possibly malicious"
> >>>> unwilligness is *not* a great way to convince overstretched volunteers
> >>>> to spend their time on issues.
> >>>
> >>> Especially when it's an ongoing pattern of discourse.
> >>>
> >>
> >> I think there's many barrier that discourage people from wanting to
> >> contribute to many project. I feel some developer use the community as
> >> unpaid beta tester but don't go further into accepting contribution.
> >>
> >> For sure, having managed some project, I have to say that it's hard to
> >> accept contribution that will add new functions to as software when
> >> these come from a unknown contributor. Not because of being scared of
> >> malicious intent (unless the person is really paranoid but that's
> >> another story). Simply because adding a new function means having to
> >> support it's ongoing development and there's no guarantee that the
> >> contributor will do so. Same goes on for code contributed that needs
> >> refactoring, that are badly documented, etc. But all this need some good
> >> social behavior from the project owner/manager.
> > 
> > As a user of the Debian software and a user of the BTS, I am discouraged not
> > because new contributions or functions are being rejected, but because bugs
> > are not being fixed. Those are two very different things. Maybe it's just 
> > too hard
> > for volunteers to fix the bugs and make Debian better, and maybe we need to
> > pay the volunteers so they are not volunteers anymore and will be motivated
> > to actually fix the Debian software. The fact that Debian is created by 
> > volunteers
> > is probably one of the really big disadvantages of Debian software.
> > 
> I think there's a piece missing hugely in *your* equation.
> The package maintainer are the LAST line of resort when there's a bug to
> fix. Sure you can report them thru BTS but they'll transmit those
> upstream to the original software developer.

Not in my experience. Most upstream projects say users should report
bugs to the distro first and let the distro's maintainers decide what to
do. The bugs I see that the Debian maintainer *should* forward to the
upstream project usually fail to do that. Of two cases of bugs affecting
my machine this past couple of years, one I reported the bug to Debian,
Debian's maintainer ignored it, I found the fix after a long bisecting process
and the fix was in the upstream part of the code. So I tagged the
bug with patch and upstream and waited for the maintainer to forward
the bug. The maintainer again ignored it so I had the opportunity to
make a contribution to an upstream project and I submitted the patch
to the upstream project myself and when it was committed upstream
I tagged the bug fixed upstream on BTS and now the bug is closed.

That is a happy ending to a bug report. The other one this year both
Debian and the upstream project, the Linux kernel, are ignoring the
bug and that is the one I described in a post earlier today to this list
when I also asked the community a question about systemd, udev,
and the coldplug all devices stage of boot where the bug happens. This
bug is still not a happy ending, at least for those who want the bug fixed.
I am not the one who reported it. I would not be surprised if the one
who reported it gave up on it and switched to Fedora or another distro
that has fixed the bug in their distro. It is the kind of bug that can be
fixed in *either* the Linux kernel upstream code or in the systemd/udev
configuration by the distro. But Debian maintainers are just volunteers
so they cannot fix it. At least that is what everyone here is telling me.

>
> What would happened if every bug was fixed by the Debian maintainer ?
> We'd end up having two different source code because at every bug fix
> there would be a different tree of source code being built.

Most users are not able to determine when they report a bug if
it is in the upstream or Debian part. I learned how to find where
the bug is because no one else in the free software world would do
it. You advocate for a world where every user can fix their own
bugs and the maintainers can complain they can't fix bugs because
they are just volunteers. That doesn't make sense to me. The BTS
is useful because users do post workarounds for the bugs that
the maintainers don't fix, but users are mistaken if they think
when they report a bug the maintainer will see to it that it
will get fixed. I also think the bot that says the maintainer
will respond to you in due course sometimes lies because in
some cases the maintainer never responds.

Best regards,

Chuck

Re: Paying Debian contributors (Was Re: Advantages/Disadvantages of Open Source Software)

[Lee]

On 9/15/22, Chuck Zmudzinski  wrote:
>
> So I have to pay someone lots of money to fix a problem I already know how
> to fix?
> I don't think you really understand my use case very well.

I surely don't.  If you know how to fix whatever why haven't you fixed
it already?

Lee

Re: Paying Debian contributors (Was Re: Advantages/Disadvantages of Open Source Software)

[Chuck Zmudzinski]

On 9/15/2022 11:46 AM, Andy Smith wrote:
> Hello,
>
> On Wed, Sep 14, 2022 at 10:04:48PM -0400, Chuck Zmudzinski wrote:
> > I am not against giving maintainers like Steve just compensation for the
> > work they do fixing bugs, and by compensation I mean money.
>
> It's a very tricky subject to propose to start paying (some?) people
> in what was always a volunteer project, to do the same work that
> others do voluntarily. It has been proposed before, and it did not
> go down well. Search for "dunc tank debian" to read about that.
>
> More recently (since 2014), the Debian LTS effort started paying
> people to upload fixed Debian packages past the end of the normal
> release lifetime. This is organised by private company Freexian who
> accept sponsorship funds and pay developers to do this work for
> Debian, not out of Debian's own funds.
>
> https://www.freexian.com/services/debian-lts.html
> https://wiki.debian.org/LTS
> https://wiki.debian.org/LTS/FAQ
>
> They do LTS, ELTS and some other limited scope efforts.
>
> If you do use Debian LTS maybe you could consider contributing to
> this? Though I would point out:
>
> - It's not going to give you the right to tell people what to work
>   on, how to do it, govern their timescales etc. Sponsors are paying
>   for a certain amount of developer time per month, but Freexian and
>   those developers decide what to work on and how to do it.
>
> - At the moment the minimum contribution is €255/year.
>
> It could also be interesting to explore individual packaging teams
> within Debian having Patreon and/or ko-fi accounts or similar.
>
> Broadly though, none of these small scale funding ideas are ever
> going to give you the kind of service you apparently seem to want:
> to be able to force the developers to work on what you want them to
> work on, in the way you want them to work on it. I can only ever see
> that happening in situations where you pay much much more for a
> bespoke solution.

So I have to pay someone lots of money to fix a problem I already know how to 
fix?
I don't think you really understand my use case very well.

Cheers

Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)

[Dan Ritter]

Maude Summerside wrote: 
> 
> 
> On 2022-09-14 21:45, Michael Stone wrote:
> > On Wed, Sep 14, 2022 at 11:16:00PM +0100, Steve McIntyre wrote:
> >> I'll be brutally honest: being accused of "possibly malicious"
> >> unwilligness is *not* a great way to convince overstretched volunteers
> >> to spend their time on issues.
> > 
> > Especially when it's an ongoing pattern of discourse.
> > 
> 
> I think there's many barrier that discourage people from wanting to
> contribute to many project. I feel some developer use the community as
> unpaid beta tester but don't go further into accepting contribution.
> 
> For sure, having managed some project, I have to say that it's hard to
> accept contribution that will add new functions to as software when
> these come from a unknown contributor. Not because of being scared of
> malicious intent (unless the person is really paranoid but that's
> another story). Simply because adding a new function means having to
> support it's ongoing development and there's no guarantee that the
> contributor will do so. Same goes on for code contributed that needs
> refactoring, that are badly documented, etc. But all this need some good
> social behavior from the project owner/manager.

I quite like the approach taken by Espen Jurgensen, project
owner of Owntone (formerly forked-daapd). If a feature is
requested and he thinks he might want to use it, he brings it
in. If he doesn't see a point for his own usage but thinks that
other people might want it, he asks the contributor to
maintain a fork for a few months. The initial bugs get worked
out by someone who cares about it, and then a pull request can
be made to bring it back to the main branch.

-dsr-

Paying Debian contributors (Was Re: Advantages/Disadvantages of Open Source Software)

[Andy Smith]

Hello,

On Wed, Sep 14, 2022 at 10:04:48PM -0400, Chuck Zmudzinski wrote:
> I am not against giving maintainers like Steve just compensation for the
> work they do fixing bugs, and by compensation I mean money.

It's a very tricky subject to propose to start paying (some?) people
in what was always a volunteer project, to do the same work that
others do voluntarily. It has been proposed before, and it did not
go down well. Search for "dunc tank debian" to read about that.

More recently (since 2014), the Debian LTS effort started paying
people to upload fixed Debian packages past the end of the normal
release lifetime. This is organised by private company Freexian who
accept sponsorship funds and pay developers to do this work for
Debian, not out of Debian's own funds.

https://www.freexian.com/services/debian-lts.html
https://wiki.debian.org/LTS
https://wiki.debian.org/LTS/FAQ

They do LTS, ELTS and some other limited scope efforts.

If you do use Debian LTS maybe you could consider contributing to
this? Though I would point out:

- It's not going to give you the right to tell people what to work
  on, how to do it, govern their timescales etc. Sponsors are paying
  for a certain amount of developer time per month, but Freexian and
  those developers decide what to work on and how to do it.

- At the moment the minimum contribution is €255/year.

It could also be interesting to explore individual packaging teams
within Debian having Patreon and/or ko-fi accounts or similar.

Broadly though, none of these small scale funding ideas are ever
going to give you the kind of service you apparently seem to want:
to be able to force the developers to work on what you want them to
work on, in the way you want them to work on it. I can only ever see
that happening in situations where you pay much much more for a
bespoke solution.

Cheers,
Andy

-- 
https://bitfolk.com/ -- No-nonsense VPS hosting

Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)

[Maude Summerside]

On 2022-09-14 23:23, Chuck Zmudzinski wrote:
> On 9/14/2022 11:01 PM, Maude Summerside wrote:
>>
>> On 2022-09-14 21:45, Michael Stone wrote:
>>> On Wed, Sep 14, 2022 at 11:16:00PM +0100, Steve McIntyre wrote:
>>>> I'll be brutally honest: being accused of "possibly malicious"
>>>> unwilligness is *not* a great way to convince overstretched volunteers
>>>> to spend their time on issues.
>>>
>>> Especially when it's an ongoing pattern of discourse.
>>>
>>
>> I think there's many barrier that discourage people from wanting to
>> contribute to many project. I feel some developer use the community as
>> unpaid beta tester but don't go further into accepting contribution.
>>
>> For sure, having managed some project, I have to say that it's hard to
>> accept contribution that will add new functions to as software when
>> these come from a unknown contributor. Not because of being scared of
>> malicious intent (unless the person is really paranoid but that's
>> another story). Simply because adding a new function means having to
>> support it's ongoing development and there's no guarantee that the
>> contributor will do so. Same goes on for code contributed that needs
>> refactoring, that are badly documented, etc. But all this need some good
>> social behavior from the project owner/manager.
> 
> As a user of the Debian software and a user of the BTS, I am discouraged not
> because new contributions or functions are being rejected, but because bugs
> are not being fixed. Those are two very different things. Maybe it's just too 
> hard
> for volunteers to fix the bugs and make Debian better, and maybe we need to
> pay the volunteers so they are not volunteers anymore and will be motivated
> to actually fix the Debian software. The fact that Debian is created by 
> volunteers
> is probably one of the really big disadvantages of Debian software.
> 
I think there's a piece missing hugely in *your* equation.
The package maintainer are the LAST line of resort when there's a bug to
fix. Sure you can report them thru BTS but they'll transmit those
upstream to the original software developer.

What would happened if every bug was fixed by the Debian maintainer ?
We'd end up having two different source code because at every bug fix
there would be a different tree of source code being built.

Sure maintainer will fix bug that are Debian specifics.

Didn't this ever went in your consideration ?

Maybe you should take some time to read the different documentations
relating to the roles of everyone and this would save lot of useless
anger on your side.
> Best regards,
> 
> Chuck
> 

-- 
Polyna-Maude R.-Summerside
-Be smart, Be wise, Support opensource development

Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)

[Jude DaShiell]

Jude 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author, 1940)

.

On Wed, 14 Sep 2022, Steve McIntyre wrote:

> Stefan wrote:
> In article  you 
> write:
> >> the interest of the user. These "volunteers" obviously have other,
> >> possibly malicious, interests if they prove themselves unwilling to
> >> apply fixes to bugs that are reported to them.
> >
> >I think there's a confusion here: these volunteers will also have
> >"other, possibly malicious, interests" even if they are willing/eager
> >to apply fixes to bugs that are reported to them.
> >
> >Same goes for people you pay, so it's not specific to volunteers.
> >And of course it's also not specific to a particular kind of license.
>
> Thanks Stefan, it's great to see that some people understand the
> issues.
>
> I'll be brutally honest: being accused of "possibly malicious"
> unwilligness is *not* a great way to convince overstretched volunteers
> to spend their time on issues.
>
>
I think an appropriate analogy for proprietary versus open source software
is the American Electoral College compared to The American General
Election.  The difference in the number of minds brought to apply to each
I think parallels proprietary versus open source software and whatever
effects attach to both.  Open source additionally has the internet which
varies in support quality but is far larger than any proprietary
operation.

Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)

[Chuck Zmudzinski]

On 9/14/2022 11:01 PM, Maude Summerside wrote:
>
> On 2022-09-14 21:45, Michael Stone wrote:
> > On Wed, Sep 14, 2022 at 11:16:00PM +0100, Steve McIntyre wrote:
> >> I'll be brutally honest: being accused of "possibly malicious"
> >> unwilligness is *not* a great way to convince overstretched volunteers
> >> to spend their time on issues.
> > 
> > Especially when it's an ongoing pattern of discourse.
> > 
>
> I think there's many barrier that discourage people from wanting to
> contribute to many project. I feel some developer use the community as
> unpaid beta tester but don't go further into accepting contribution.
>
> For sure, having managed some project, I have to say that it's hard to
> accept contribution that will add new functions to as software when
> these come from a unknown contributor. Not because of being scared of
> malicious intent (unless the person is really paranoid but that's
> another story). Simply because adding a new function means having to
> support it's ongoing development and there's no guarantee that the
> contributor will do so. Same goes on for code contributed that needs
> refactoring, that are badly documented, etc. But all this need some good
> social behavior from the project owner/manager.

As a user of the Debian software and a user of the BTS, I am discouraged not
because new contributions or functions are being rejected, but because bugs
are not being fixed. Those are two very different things. Maybe it's just too 
hard
for volunteers to fix the bugs and make Debian better, and maybe we need to
pay the volunteers so they are not volunteers anymore and will be motivated
to actually fix the Debian software. The fact that Debian is created by 
volunteers
is probably one of the really big disadvantages of Debian software.

Best regards,

Chuck

Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)

[Maude Summerside]

On 2022-09-14 21:45, Michael Stone wrote:
> On Wed, Sep 14, 2022 at 11:16:00PM +0100, Steve McIntyre wrote:
>> I'll be brutally honest: being accused of "possibly malicious"
>> unwilligness is *not* a great way to convince overstretched volunteers
>> to spend their time on issues.
> 
> Especially when it's an ongoing pattern of discourse.
> 

I think there's many barrier that discourage people from wanting to
contribute to many project. I feel some developer use the community as
unpaid beta tester but don't go further into accepting contribution.

For sure, having managed some project, I have to say that it's hard to
accept contribution that will add new functions to as software when
these come from a unknown contributor. Not because of being scared of
malicious intent (unless the person is really paranoid but that's
another story). Simply because adding a new function means having to
support it's ongoing development and there's no guarantee that the
contributor will do so. Same goes on for code contributed that needs
refactoring, that are badly documented, etc. But all this need some good
social behavior from the project owner/manager.

There's people who just think "I've done something free if people are
happy they use it, if they ain't they continue their journey". Those
don't accept criticism. But that's all part of the human behavior.

-- 
Polyna-Maude R.-Summerside
-Be smart, Be wise, Support opensource development

Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)

[Chuck Zmudzinski]

On 9/14/22 6:16 PM, Steve McIntyre wrote:
> Stefan wrote:
> In article  you 
> write:
> >> the interest of the user. These "volunteers" obviously have other,
> >> possibly malicious, interests if they prove themselves unwilling to
> >> apply fixes to bugs that are reported to them.
> >
> >I think there's a confusion here: these volunteers will also have
> >"other, possibly malicious, interests" even if they are willing/eager
> >to apply fixes to bugs that are reported to them.
> >
> >Same goes for people you pay, so it's not specific to volunteers.
> >And of course it's also not specific to a particular kind of license.
>
> Thanks Stefan, it's great to see that some people understand the
> issues.
>
> I'll be brutally honest: being accused of "possibly malicious"
> unwilligness is *not* a great way to convince overstretched volunteers
> to spend their time on issues.
>

Thank you Steve, for the work you do as maintaining the grub software
packages on Debian.

I am not against giving maintainers like Steve just compensation for the
work they do fixing bugs, and by compensation I mean money.

Why not require the user to pay a small fee when reporting a bug
which can be used to provide just compensation for the services the
maintainers provide to the community when the maintainer fixes bugs?
I would be willing to pay a reasonably small fee that would go to the
maintainers who worked on the bug and successfully fixed it.

I'll be brutally honest: Being accused of being a troll is *not* a
great way to convince Debian users who want to contribute to
and help Debian to spend their free time helping maintainers fix
the bugs reported to the BTS. I also suspect many users agree
with me, but are afraid to say so for fear of being accused of
being a troll.

Best regards,

Chuck

Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)

[Michael Stone]

On Wed, Sep 14, 2022 at 11:16:00PM +0100, Steve McIntyre wrote:

I'll be brutally honest: being accused of "possibly malicious"
unwilligness is *not* a great way to convince overstretched volunteers
to spend their time on issues.


Especially when it's an ongoing pattern of discourse.

Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)

[Maude Summerside]

On 2022-09-14 17:06, Thiemo Kellner wrote:
> Am 14.09.22 um 18:39 schrieb Maude Summerside:
>> This is where intellectual shortcut starts...
>> Free/OSS doesn't mean GPL.
>> There's plenty of Free/OSS software that the copyright owner retains
>> right to commercial licensing. Just look at libraries, some of them will
>> be in such a licensing term that if you use the free version, you have
>> to share your code if you distribute it but they offer a commercial
>> license that allow you to link and distribute without source code. If
>> you only stick to Debian, no such thing because they aren't in the
>> licensing term accepted for distribution.
>>
>> But let say QT, you have a free version, force you to distribute freely
>> if linked against or you go with the commercial license.
>>
>> Why would the owner of the copyright regarding Chromium (that can write
>> their own terms) couldn't reserve himself a right to make a closed
>> source version (like Google Chrome, owned by the owner of Chromium
>> license).
>>
>> Something taking a break and make some research just shows off that we
>> don't only know how to type code, but we have a bit more knowledge than
>> that, regarding mostly real life example of what's also part of the
>> ecosystem.
> Thanks for trying to point out. I am afraid, it is beyond me as is dual
> licensing in general.
> 

We all have our forces and weakness, so we are all the same.
I'm probably not as fast as you can be for writing JavaScript code,
HTML, or whatever you do. But my force is mostly at project management,
legal and business side of IT solutions.

I've driven mostly medical projects so I'm pretty used to the *thingy*
related to licensing.

The error I see the most often is generalizing a situation, in this case
thinking that GPL means Free/OSS. And even there free ain't OSS.

One of the reason behind the birth of MariaDB was such a dual licensing
change to MySQL when eveil-Oracle purchased the right to the software.

-- 
Polyna-Maude R.-Summerside
-Be smart, Be wise, Support opensource development

Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)

[Steve McIntyre]

Stefan wrote:
In article  you write:
>> the interest of the user. These "volunteers" obviously have other,
>> possibly malicious, interests if they prove themselves unwilling to
>> apply fixes to bugs that are reported to them.
>
>I think there's a confusion here: these volunteers will also have
>"other, possibly malicious, interests" even if they are willing/eager
>to apply fixes to bugs that are reported to them.
>
>Same goes for people you pay, so it's not specific to volunteers.
>And of course it's also not specific to a particular kind of license.

Thanks Stefan, it's great to see that some people understand the
issues.

I'll be brutally honest: being accused of "possibly malicious"
unwilligness is *not* a great way to convince overstretched volunteers
to spend their time on issues.

-- 
Steve McIntyre, Cambridge, UK.st...@einval.com
"We're the technical experts.  We were hired so that management could
 ignore our recommendations and tell us how to do our jobs."  -- Mike Andrews

Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)

[Thiemo Kellner]

Am 14.09.22 um 18:39 schrieb Maude Summerside:

This is where intellectual shortcut starts...
Free/OSS doesn't mean GPL.
There's plenty of Free/OSS software that the copyright owner retains
right to commercial licensing. Just look at libraries, some of them will
be in such a licensing term that if you use the free version, you have
to share your code if you distribute it but they offer a commercial
license that allow you to link and distribute without source code. If
you only stick to Debian, no such thing because they aren't in the
licensing term accepted for distribution.

But let say QT, you have a free version, force you to distribute freely
if linked against or you go with the commercial license.

Why would the owner of the copyright regarding Chromium (that can write
their own terms) couldn't reserve himself a right to make a closed
source version (like Google Chrome, owned by the owner of Chromium license).

Something taking a break and make some research just shows off that we
don't only know how to type code, but we have a bit more knowledge than
that, regarding mostly real life example of what's also part of the
ecosystem.
Thanks for trying to point out. I am afraid, it is beyond me as is dual 
licensing in general.


--
Signal (Safer than WhatsApp): +49 1578 7723737
Threema (Safer than WhatsApp): A76MKH3J
Handy: +49 1578 772 37 37

Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)

[Maude Summerside]

On 2022-09-14 08:31, Chuck Zmudzinski wrote:

>>> For example, most web
>>> browsers are based on chromium, a free oss project that comes in large part 
>>> from
>>> Google, but some of the most-used browsers in the world based on chromium
>>> are proprietary, such as chrome and edge.
>> I am not sure that this holds true. I would be quite surprised that 
>> chromium or edged can legally use code of a OSS browser, being CSS. But 
>> I am not an attorney.

This is where intellectual shortcut starts...
Free/OSS doesn't mean GPL.
There's plenty of Free/OSS software that the copyright owner retains
right to commercial licensing. Just look at libraries, some of them will
be in such a licensing term that if you use the free version, you have
to share your code if you distribute it but they offer a commercial
license that allow you to link and distribute without source code. If
you only stick to Debian, no such thing because they aren't in the
licensing term accepted for distribution.

But let say QT, you have a free version, force you to distribute freely
if linked against or you go with the commercial license.

Why would the owner of the copyright regarding Chromium (that can write
their own terms) couldn't reserve himself a right to make a closed
source version (like Google Chrome, owned by the owner of Chromium license).

Something taking a break and make some research just shows off that we
don't only know how to type code, but we have a bit more knowledge than
that, regarding mostly real life example of what's also part of the
ecosystem.

-- 
Polyna-Maude R.-Summerside
-Be smart, Be wise, Support opensource development

Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)

[Andrew M.A. Cater]

People of debian-user :)

This thread does seem to be degenerating slightly into accusations and
name-calling, justified or not. Without prejudice to anyone: please may
I remind you that debian-user and all Debian lists and IRC channels are
subject to the Debian Code of Conduct.

It would be very much appreciated if disagreements could be resolved 
constructively and in a positive way. Ad hominem attacks don't help
anyone here. Taking a breath / walking away from the keyboard for half
a day might also help get a sense of perspective in any mailing list
opinion difference. (And yes, I know about https://xkcd.com/386/ and 
the difficulty that brings).

With every good wish, as ever,

Andy Cater

[For and on behalf of the Debian Community Team]

Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)

[Chuck Zmudzinski]

On 9/14/2022 9:06 AM, The Wanderer wrote:
> On 2022-09-14 at 08:51, Chuck Zmudzinski wrote:
>
> > On 9/14/2022 1:03 AM, to...@tuxteam.de wrote:
> >
> >> On Tue, Sep 13, 2022 at 03:41:11PM -0400, Chuck Zmudzinski wrote:
> >>
> >> [...]
> >>
> >>> Actually, someone already has shown us how to do it better. His name is
> >>> Linus Torvalds [...]
> >>
> >> I don't know what your aim is.
> >>
> >> I have the impression that it's just arguing for arguing's sake [1].
> >>
> >> [1] in the classical sense of "trolling", as per Wikipedia:
> >>  "In Internet slang, a troll is a person who posts inflammatory,
> >>   insincere, digressive,[1] extraneous, or off-topic messages in
> >>   an online community [...], with the intent of provoking readers
> >>   into displaying emotional responses,[2] or manipulating others'
> >>   perception.
> >>   https://en.wikipedia.org/wiki/Trolling
> > 
> > So you are accusing me of being a troll. Well, it takes one to know one.
>
> No, it very much does not.
>
> > Congratulations! I am starting my own list of trolls on debian-user and
> > you are the first member of that list.
>
> Given the long, long history of helping people that Tomas has on this
> mailing list, I think that if you want to convince anyone other than
> yourself that Tomas is a troll, you're going to have a *very* heavy lift
> (or a whole lot of lying) ahead of you.
>
> (Mind, by my personal definition - which is a bit different from the
> above, though probably still largely compatible - I'm not entirely
> convinced that you're a troll either. But you're *definitely* behaving
> in such a way that I do not blame others for reaching that conclusion.)

I admit that I behaved like a troll when i tried to enter into a conversation 
with
Tomas. I do know he helps many people on this list, that is something good he
does. But on this thread, he also behaved like a troll and caused me to also
behave like a troll. That is a fact, if anyone wants to take the time to look at
what he said, the things he omitted in his replies, etc.

I especially noted his response to my introduction of the idea in this thread
that open source projects like Debian consider themselves communities, and
I wanted to emphasize that those who volunteer to help out with Debian or
other free software communities should not serve their own interests but the
interests of the community. After I made those points, that is when Tomas
started his ad hominum attacks against me and turned the conversation away
from what it means for Debian to be a community and changed it into an ad
hominum attack against me. It causes me to think there are some aspects of
the idea of Debian as a community that are offensive to him. From what he
actually did in this thread, I am inclined to think his idea of Debian as a 
community
is that it is a community of developers only, and not of users. Maybe he is 
right
about that. Maybe Debian *is only* a community of the one thousand or so
Debian developers with voting rights, and the rest of us are trolls if we dare 
to
express our opinions as mere Debian users on the debian-user list or on any
other Debian hosted forum.

So I am going to be very careful about trying to have an objective conversation
with Tomas, given what I actually saw him do in this thread, and given the 
mistake
I made by letting him bait me into appearing to be a troll. I will be careful
to not let that happen again.

Best regards,

Chuck

Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)

[Chuck Zmudzinski]

On 9/13/2022 7:11 PM, Thiemo Kellner wrote:
> Am 13.09.22 um 23:55 schrieb Chuck Zmudzinski:
> > 
>
> > I am fairly sure I was a victim of
> > the breach of Yahoo that affected hundreds of millions of its users.
> I am sorry for you. I do not know this case, so I cannot tell whether 
> OSS or CSS components of their service were breached, or even a social 
> engineering case.

There is information about the Yahoo data breach on the Internet, including the
$117 million class action case on behalf of 194 million class members:

https://www.cnbc.com/2020/02/06/what-to-do-if-you-got-email-from-yahoo-about-a-data-breach-settlement.html

I don't know if there is enough information available in the public domain to 
determine
to what extent free/oss software might have contributed to that data breach. I 
do remember
Yahoo admitted the number of affected accounts was around 500 million.

Best regards,

Chuck

Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)

[The Wanderer]

On 2022-09-14 at 08:51, Chuck Zmudzinski wrote:

> On 9/14/2022 1:03 AM, to...@tuxteam.de wrote:
>
>> On Tue, Sep 13, 2022 at 03:41:11PM -0400, Chuck Zmudzinski wrote:
>>
>> [...]
>>
>>> Actually, someone already has shown us how to do it better. His name is
>>> Linus Torvalds [...]
>>
>> I don't know what your aim is.
>>
>> I have the impression that it's just arguing for arguing's sake [1].
>>
>> [1] in the classical sense of "trolling", as per Wikipedia:
>>  "In Internet slang, a troll is a person who posts inflammatory,
>>   insincere, digressive,[1] extraneous, or off-topic messages in
>>   an online community [...], with the intent of provoking readers
>>   into displaying emotional responses,[2] or manipulating others'
>>   perception.
>>   https://en.wikipedia.org/wiki/Trolling
> 
> So you are accusing me of being a troll. Well, it takes one to know one.

No, it very much does not.

> Congratulations! I am starting my own list of trolls on debian-user and
> you are the first member of that list.

Given the long, long history of helping people that Tomas has on this
mailing list, I think that if you want to convince anyone other than
yourself that Tomas is a troll, you're going to have a *very* heavy lift
(or a whole lot of lying) ahead of you.

(Mind, by my personal definition - which is a bit different from the
above, though probably still largely compatible - I'm not entirely
convinced that you're a troll either. But you're *definitely* behaving
in such a way that I do not blame others for reaching that conclusion.)

-- 
   The Wanderer

The reasonable man adapts himself to the world; the unreasonable one
persists in trying to adapt the world to himself. Therefore all
progress depends on the unreasonable man. -- George Bernard Shaw



signature.asc
Description: OpenPGP digital signature

Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)

[Chuck Zmudzinski]

On 9/14/2022 1:03 AM, to...@tuxteam.de wrote:
> On Tue, Sep 13, 2022 at 03:41:11PM -0400, Chuck Zmudzinski wrote:
>
> [...]
>
> > Actually, someone already has shown us how to do it better. His name is
> > Linus Torvalds [...]
>
> I don't know what your aim is.
>
> I have the impression that it's just arguing for arguing's sake [1].
>
> [1] in the classical sense of "trolling", as per Wikipedia:
>  "In Internet slang, a troll is a person who posts inflammatory,
>   insincere, digressive,[1] extraneous, or off-topic messages in
>   an online community [...], with the intent of provoking readers
>   into displaying emotional responses,[2] or manipulating others'
>   perception.
>   https://en.wikipedia.org/wiki/Trolling
>

So you are accusing me of being a troll. Well, it takes one to know one.

Congratulations! I am starting my own list of trolls on debian-user and
you are the first member of that list.

Chuck

Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)

[Chuck Zmudzinski]

On 9/14/2022 7:08 AM, debian-u...@howorth.org.uk wrote:
> > On 9/13/2022 3:59 PM, err...@free.fr wrote:
> > > Please STOP!
> > >
> > > you are annoying, and if you want improve free softwares, is not
> > > like this. you will better contribute with your code or with your
> > > translations than by writing to this mailing-list  
>
> I agree with the sentiments of annoyance and that this thread should
> stop now, please.

Not everyone agrees, because some have still been making comments here that
in my opinion and theirs are constructive and not just trolling.

>
> > The problem is, with all due respect, that I do have my code
> > improvements for free software, but some free software people do not
> > want to accept my contributions but instead want to allow the free
> > software to continue to have the bugs, and they will not explain
> > themselves either. Why should I waste my time contributing to
> > software projects who do not want my contributions? Treating people
> > who want to contribute this way is not the way to gain more advocates
> > for free software!
>
> But again you have been asked before to be specific about your
> objections, so a link to your proposed code improvements and whatever
> conversation there was when you submitted them would go some way to
> justifying the space and time you have already wasted on this list.
>
> > > I want you kicked from this list.  
> > 
> > Well, if you get me kicked off, I will be kicked off. But that is not
> > the way to build a community of people trying to make good software.
> > That is all I am advocating for, and I am really surprised to be
> > treated this way on this list for advocating for improved software in
> > Debian. I guess the trolls on here do not really want to increase the
> > number of people working on improving Debian. But without more
> > people, Debian cannot possibly provide quality support for 59,000
> > free software packages. That is just a fact, even it no one here
> > wants to acknowledge it.
>
> I haven't seen much evidence of trolls here, apart from yourself.

I did make the mistake of feeding a couple of trolls, from now on I will ignore 
them.
They baited me into appearing as a troll by refusing to acknowledge a simple 
truth
and forcing me to say the same obvious truth over and over again, and I 
understand
why some people might be annoyed by that.

Chuck

Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)

[Chuck Zmudzinski]

On 9/13/2022 7:11 PM, Thiemo Kellner wrote:
> Am 13.09.22 um 23:55 schrieb Chuck Zmudzinski:
> > On 9/13/2022 4:14 PM, Thiemo Kellner wrote:
> > I think Megha is emphasizing, and possibly over-emphasizing, the fact 
> > that the persons
> > who actually commit the code in free software projects can operate with 
> > little or
> > no oversight when they are just volunteers not really accountable to anyone.
> And I very much think she is wrong there. Being software developer 
> myself, unfortunately closed source mainly, I can tell that oversight is 
> not related to the licensing model or the pay of the developer. I would 
> go to the length to say that volunteers take, in general, a bigger pride 
> in the quality of their work, because they are not payed for it. The few 
> quite fruitless attempts in writing OSS, I took, failed sometimes 
> because I intend to create the perfect solution and thus not 
> progressing, whereas in the work for money I am often forced to 
> implement a working solution I can tell from the start, it will not be 
> easily maintainable or extendable.
> > to think the situation might be better if either 1) open source projects 
> > exercised more
> > oversight than they currently do over the persons who actually write the 
> > code and
> > release the software
> As I already told. In over 25 years of experience, I do not have 
> complaints about the oversight taken by OSS projects, where as I 
> regularly can complain about closed source payed for software. In the 
> past two weeks I was hunting down a problem we had with IBM DataStage. 
> One of the parallel subprocess terminated unexpectedly and all the 
> message DataStage cared to give was that the subprocess received a 
> SIGINT. We hope to have work around, because we could not find the 
> source. To me, one of the worst things one can do as developer not to 
> have proper error reporting - unless you know, you will not get bothered 
> when the shit starts to hit the fan.
> > , or 2) free/oss software never became ubiquitous. We just cannot
> > know without being able to do a time machine experiment and see how the 
> > software
> > world would have developed if free/oss software had not become as 
> > ubiquitous as it is
> > today.
> I cannot agree with you at all on this point. Omnipresence of OSS does 
> not mean there are more error in the code. It just means there are more 
> users to detect problems, thus more possiblities for the bugs to get 
> fixed. Sure, if OSS developers are overloaded the will not get to fix 
> all the problems, just as developers on CSS (closed source software). 
> Much more, because the sales man can sell better new shiny features even 
> if useless, than stable code. The buyer expects that flaws get fixed for 
> free, maybe rightly so, thus the CSS company will fix as few bugs it can 
> get away with (exageration).
> > If there was not a serious problem of malware, identity theft, ransomware, 
> > etc.,
> > I would be more inclined to question what Megha Verma wrote, but based on 
> > what
> > I see in how free/oss projects are governed, I am not surprised that a 
> > world that relies
> > on so much free/oss software also suffers from so much malware, ransomware, 
> > identity
> > theft, etc.
> Again, my experience with OSS is not this one. And I very much think, 
> that malware, ransomware usually is software on its own not built-in any 
> software. Maybe exploiting a backdoor a company put in their products 
> for ease of maintenance or just by negligence. Identity theft sounds 
> like social engineering or man in the middle attack. The latter not 
> necessarily being a problem of OSS.
> >   Just because *you* have not experienced malware in the software you use
> > does not mean that there are no cases where free/oss software is being 
> > deployed
> > elsewhere in a stealthy way for malicious purposes.
>
> I did not state that OSS was free of flaws and bugs. I am make a point 
> to state that in my experience there are fewer bugs therein than in CSS.
>
> > I am fairly sure I was a victim of
> > the breach of Yahoo that affected hundreds of millions of its users.
> I am sorry for you. I do not know this case, so I cannot tell whether 
> OSS or CSS components of their service were breached, or even a social 
> engineering case.
> >
> > I know people will reply and say it is much worse with proprietary 
> > software. But we
> > really cannot know for sure, because free/oss is so ubiquitous now it is 
> > hard to
> > separate free/oss software from proprietary software.
>
> I certainly can tell my experience comparing OSS to CSS. And 

Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)

[Chuck Zmudzinski]

On 9/13/2022 6:47 PM, Stefan Monnier wrote:
> > If free/oss projects like Debian want to provide software with those
> > positive characteristics to their users, those projects must have in
> > place some level of oversight over what the persons who actually write
> > the software actually do, or don't do in the case of failing to fix
> > bugs that could easily be fixed, so that the goals of quality, useful,
> > safe, and secure software are reached.
>
> That's why I like Free Software: all of this is done out in the open,
> making oversight particularly easy.
>
> For proprietary code you generally simply can't do that at all because
> it's all kept secret.
>
>
> Stefan
>

We really agree on this point, thanks.

Chuck

Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)

[Chuck Zmudzinski]

On 9/13/2022 4:38 PM, Stefan Monnier wrote:
> > The users. They stop using software or any product that does not work
> > well or is more trouble than it is worth. Then the entity, whether
> > a free/oss or proprietary provider ends up shutting down
> > the enterprise.
>
> But, being Free Software, any remaining user can keep using it,
> improving it, checking if it contains any back doors, hire someone else
> to do it, etc...
>
> >> You do realize that nobody enforces that on proprietary software
> >> either, right?
> > The users do, in the marketplace - and what is not used by enough
> > users eventually disappears.
>
> That's right.  And then you're typically completely screwed even if it
> happened to work well for you.
>
> The company will also blissfully ignore your requests if you're part of
> too-small a slice of their users.  Ever tried to get an `armhf` binary for
> a proprietary GNU/Linux software?
>
> > I think it is true that the "best" software development model depends
> > less on free/oss vs.  proprietary and more on the wisdom, foresight,
> > integrity, and technical expertise of those doing the work and making
> > the important decisions.
>
> I don't care which is better.  I just prefer not to depend on the
> goodwill of a company (most of which I know act against my interest;
> probably inevitably because they are beholden to their shareholders).

Of course you know many of those companies that you know act against your
interests have employees who "volunteer" to contribute to free/oss software 
projects,
so in practice the free/oss software is not free from this problem, but a truly
open project can make it possible to find out which volunteers are not acting
in the true interests of those who advocate for the benefits of free/oss 
software,
and this is not possible in secretive, proprietary organizations.

Best regards,

Chuck