Bug#1061153: ITP: sigsum-go -- tools for public and transparent logging of signed checksums

[Holger Levsen]

Hi Simon,

On Fri, Jan 19, 2024 at 05:32:05PM +0100, Simon Josefsson wrote:
> * URL : https://git.glasklar.is/sigsum/core/sigsum-go
>   Description : tools for public and transparent logging of signed 
> checksums
> 
>  The goal of Sigsum is to provide building blocks that can be used to
>  enforce public logging of signed checksums.

do you think this would be a suitable tool to publically log all checksums of
all Debian source and binary packages published?


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

Life may not be the party we hoped for, but while we're here we might as well
dance!


signature.asc
Description: PGP signature

Bug#1054595: ITP: nom -- command line tool that helps you lose weight

[Holger Levsen]

control: tag -1 + pending
thanks

https://salsa.debian.org/debian/nom/-/tree/debian/0.1.5-1 is what I have
uploaded to unstable/NEW now.


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

Wir können aus der Erde keinen Himmel machen, aber jeder von uns kann etwas
tun, dass sie nicht zur Hölle wird.
(Fritz Bauer, hessischer Generalstaatsanwalt)


signature.asc
Description: PGP signature

Bug#1054595: ITP: nom -- command line tool that helps you lose weight

[Holger Levsen]

Package: wnpp
Severity: wishlist
Owner: Holger Levsen 
X-Debbugs-Cc: debian-de...@lists.debian.org, m...@blinry.org

* Package name: nom
  Version : 0.1.3
* URL : https://github.com/blinry/nom
* License : GPL2+
  Programming Lang: Ruby
  Description : command line tool that helps you lose weight

 nom is a command line tool that helps you lose weight by tracking your energy
 intake and creating a negative feedback loop. It's inspired by John Walker's
 The Hacker's Diet (https://www.fourmilab.ch/hackdiet/) and tries to automate
 things as much as possible.


I'm using this myself and plan to maintain it in the debian group on salsa.


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

In a world where you can be anything, be kind.


signature.asc
Description: PGP signature

Bug#1025460: ITP: mock -- Build rpm packages inside a chroot

[Holger Levsen]

Hi Tzafrir,

On Mon, Dec 05, 2022 at 10:35:11AM +0200, Tzafrir Cohen wrote:
> * Package name: mock
>   Version : 3.5
>   Upstream Author : Pavel Raiskup 
> * URL : https://github.com/rpm-software-management/mock
> * License : GPL-2+
>   Programming Lang: Python
>   Description : Build rpm packages inside a chroot
> 
>  Mock creates chroots and builds rpms in them. Its only task is to
>  reliably populate a chroot and attempt to build a package in that
>  chroot. It is used be the Fedora Extras project to build their
>  packages cleanly.
> 
> Mock was previously included in Debian and was removed due to python2
> removal. It was repackaged by Juri Grabowski and should probably be
> maintained by the pkg-rpm-team.
> 
> See current packaging in https://salsa.debian.org/gratuxri/mock

I'm glad to see this ITP and am adding Frédéric Pierret into the loop.
Frédéric is already (co)maintaining dnf and related libs and told me he
wanted to work on getting mock back into Debian too.

(I'm sponsoring his uploads currently.)


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

It's not climate change nor climate crisis, it's climate disaster.


signature.asc
Description: PGP signature

Bug#1023282: wnpp/debrebuild-fepitre: reassign to devscripts

[Holger Levsen]

control: reassign -1 descripts
thanks

Hi,

as discussed during the r-b summit in Venice this should rather be included
in src:devscripts, reassigning accordingly.


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

Never waste a crisis.


signature.asc
Description: PGP signature

Bug#1023282: RFP: debrebuild-fepitre -- yet another package rebuilder tool

[Holger Levsen]

Package: wnpp
Severity: wishlist
X-Debbugs-Cc: frederic.pier...@qubes-os.org

* Package name: debrebuild-fepitre
  Upstream Author : Frédéric Pierret 
* URL : https://github.com/fepitre/debrebuild
* License : unclear ;) (author has been notified)
  Programming Lang: Python3
  Description : yet another package rebuilder tool

Given a buildinfo file from a Debian package, generate instructions for
attempting to reproduce the binary packages built from the associated
source and build information.

This package is currently used to create 
https://beta.tests.reproducible-builds.org/
and should be used for creating many more Debian rebuilder instances in future 
to
verify the reproducibility of packages distributed by Debian via ftp.debian.org


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

The moon landing 50 years ago was paid by taxes, while Bezos space trip was
paid by not paying taxes.


signature.asc
Description: PGP signature

Bug#1023281: RFP: package-rebuilder -- package-rebuilder: orchestration tool for rebuilding packages

[Holger Levsen]

Package: wnpp
Severity: wishlist
X-Debbugs-Cc: frederic.pier...@qubes-os.org

* Package name: package-rebuilder
  Upstream Author : Frédéric Pierret 
* URL : https://github.com/fepitre/package-rebuilder
* License : unclear ;) (author has been notified)
  Programming Lang: Python3
  Description : package-rebuilder: orchestration tool for rebuilding 
packages

Standalone orchestrator for rebuilding Debian, Fedora and Qubes OS packages in
order to generate `in-toto` metadata which can be used with
`apt-transport-in-toto` or `dnf-plugin-in-toto` to validate reproducible 
status. 

This package is currently used to create 
https://beta.tests.reproducible-builds.org/
and should be used for creating many more Debian rebuilder instances in future 
to
verify the reproducibility of packages distributed by Debian via ftp.debian.org


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

During 2021 Bitcoin consumed 134 TWh in total, which is comparable to the
electrical energy consumed by a country like Argentina. It's also twice as
much as 2020. Related CO2 emissions were ~64 Megatons; enough to negate the
entire global net savings from deploying electrical vehicles world wide.


signature.asc
Description: PGP signature

Bug#1023100: ITP: cancelreader -- A cancelable reader for Go

[Holger Levsen]

On Tue, Nov 01, 2022 at 05:30:16PM +0100, Martin Dosch wrote:
> It is: 
> https://salsa.debian.org/go-team/packages/golang-github-muesli-cancelreader/-/blob/debian/sid/debian/control#L28
> :)

coolio!


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

we'll all die. make a difference while you can. disobey. smile.


signature.asc
Description: PGP signature

Bug#1023100: ITP: cancelreader -- A cancelable reader for Go

[Holger Levsen]

On Tue, Nov 01, 2022 at 03:10:37PM +, Martin Dosch wrote:
> https://github.com/muesli/cancelreader#usage says 'the cancel function can be 
> used to interrupt a blocking Read call'.

thanks! I think something like this should be included in the (long and/or
short) description...


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

Money is worth nothing on a dead planet.


signature.asc
Description: PGP signature

Bug#1023100: ITP: cancelreader -- A cancelable reader for Go

[Holger Levsen]

On Sun, Oct 30, 2022 at 09:23:52AM +0100, Martin Dosch wrote:
>   Description : A cancelable reader for Go
> 
>  CancelReader
>  .
>  Latest Release (https://github.com/muesli/cancelreader/releases) Go Doc
>  (https://pkg.go.dev/github.com/muesli/cancelreader) Software License
>  (/LICENSE) Build Status (https://github.com/muesli/cancelreader/actions)
>  Go ReportCard (https://goreportcard.com/report/muesli/cancelreader)
>  .
>  A cancelable reader for Go
>  .
>  This package is based on the fantastic work of Erik Geiser
>  (https://github.com/erikgeiser) in Charm's Bubble Tea
>  (https://github.com/charmbracelet/bubbletea) framework.
> 
>  This is a build-depend for newer versions of
> golang-github-charmbracelet-bubbletea.

what's a cancelable reader?


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

The vision of self driving cars is nothing compared to the vision of no cars at 
all.


signature.asc
Description: PGP signature

Bug#973860: ITP: callaudiod -- Call audio routing daemon

[Holger Levsen]

Hi Guido,

On Fri, Nov 06, 2020 at 09:13:40AM +0100, Guido Günther wrote:
> Package: wnpp
> Severity: wishlist
> Owner: Guido Günther 
> * Package name: callaudiod
>   Version : 0.0.4
>   Upstream Author : Arnaud Ferraris 

this seems to be a duplicate of #973841 filed by Arnaud (cc:ed) himself...


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁   holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀ PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C
 ⠈⠳⣄

In Europe there are people prosecuted by courts because they saved other people
from drowning in the  Mediterranean Sea.  That is almost as absurd  as if there
were people being prosecuted because they save humans from drowning in the sea.


signature.asc
Description: PGP signature

Bug#971602: ITP: trojan-go -- A Trojan proxy written in Go. An unidentifiable mechanism that helps you bypass GFW.

[Holger Levsen]

On Fri, Oct 02, 2020 at 02:37:13PM -0400, Tom Yang wrote:
>   Description : A Trojan proxy written in Go. An unidentifiable mechanism 
> that helps you bypass GFW.
> 
> trojan-go is a much more functional and easier to configure proxy 
> tool than the original Trojan. It supports WebSocket over TLS/SSL,
> router modules, and multiplexing for better performance.

please make the description understandable for people not knowing (the
original) Trojan and please also explain GFW. I have no idea what GFW is
and with trojan I associate a trojan, as in a backdoor.
 
is it a http(s) proxy? if so, say so. if not, what is it? (maybe also
explain what trojan-go(/the original Trojan) does well.)


-- 
cheers,
Holger

---
   holger@(debian|reproducible-builds|layer-acht).org
   PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C

There are only two kinds of nazis: stupid ones and those without an excuse.
(Volker Strübing)


signature.asc
Description: PGP signature

Bug#969942: ITP: tty-share -- Terminal sharing over the Internet

[Holger Levsen]

On Wed, Sep 09, 2020 at 11:45:54AM +0200, Ansgar wrote:
> > this pretty much sounds like this should go into contrib, rather than
> > Debian main. Or is there free server code as well?
> 
> There is no requirement for the "other side", be it firmware, network
> services, ... of communication software (clients, drivers, ...) to be
> released under a DFSG-free license to be in Debian (main).
> 
> It seems counter-productive to have such a requirement as it only would
> mean more people have to use contrib/non-free.

indeed, I stand corrected, thanks.

now after some more coffee I also indeed remember past previous discussions 
about this.


-- 
cheers,
Holger

---
   holger@(debian|reproducible-builds|layer-acht).org
   PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C

There are no jobs on a dead planet.


signature.asc
Description: PGP signature

Bug#969942: ITP: tty-share -- Terminal sharing over the Internet

[Holger Levsen]

On Wed, Sep 09, 2020 at 08:41:38AM +, Francisco Vilmar Cardoso Ruviaro 
wrote:
> > this pretty much sounds like this should go into contrib, rather than Debian
> > main. Or is there free server code as well?
> as Alex replied, there is a source https://github.com/elisescu/tty-server and
> from what I saw is GPL-2.

with that, "all" is fine.


-- 
cheers,
Holger

---
   holger@(debian|reproducible-builds|layer-acht).org
   PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C

"There's no glory in prevention." (Christian Drosten)


signature.asc
Description: PGP signature

Bug#969942: ITP: tty-share -- Terminal sharing over the Internet

[Holger Levsen]

On Wed, Sep 09, 2020 at 06:27:28AM +, Francisco Vilmar Cardoso Ruviaro 
wrote:
> * Package name: tty-share
>   Version : 0.6.2
>   Upstream Author : Vasile Popescu 
> * URL : https://github.com/elisescu/tty-share
> * License : Expat
>   Programming Lang: Go
>   Description : Terminal sharing over the Internet
> 
> tty-share is a very simple command line tool that gives remote access to a 
> UNIX
> terminal session.
[...]
> tty-share connects over a TLS connection to the server (runs at 
> tty-share.com),
[...]

this pretty much sounds like this should go into contrib, rather than Debian
main. Or is there free server code as well?


-- 
cheers,
Holger

---
   holger@(debian|reproducible-builds|layer-acht).org
   PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C


signature.asc
Description: PGP signature

Bug#951882: O: html2text -- advanced HTML to text converter

[Holger Levsen]

Package: wnpp
Severity: normal

I intend to orphan the html2text package.

The package description is:
 html2text is a converter from HTML to plain text.
 .
 html2text reads HTML documents supplied in the command line (or from standard
 input), converts each of them into a stream of plain text characters and
 writes output to the file or the terminal.
 .
 Debian version also can recognize encoding of documents, do on-fly
 input and output recoding.
 .
 html2text was written because the author wasn't happy with the
 output of "lynx -dump" and so he wrote something better.


I only adopted it because it's a reverse depends of munin and as I'm slowly
handing over maintance of munin to Lars Kruse anyway, I dont see the point of 
maintaining html2text anymore. Also the c code is a bit too much for me (as
can be seen by those 3 open bugs with patches which I've never merged as I
wasn't able to fully grok them.)

I'll do one last upload now, setting the maintainer to debian-qa.


-- 
cheers,
Holger

---
   holger@(debian|reproducible-builds|layer-acht).org
   PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C

Our civilization is being sacrificed for the opportunity of a very small number
of people to continue making enormous amounts of money...  It is the sufferings
of the many  which pay  for the luxuries  of the few...  You say  you love your
children  above all else,  and yet  you are stealing  their future  in front of 
their very eyes...


signature.asc
Description: PGP signature

Bug#759995: RFH still valid

[Holger Levsen]

Hi,

this is just a quick heads-up that src:developers-reference still needs
help and hands. The switch from SGML to ReStructuredText has happened,
so contributing should be much more straightforward now. There are still
74 bugs open currently and all *I* can surely commit to is doing an upload
once one or two bugs are fixed in GIT.

Also, the package is kept on salsa in the Debian group, so any DD can
just commit. Please do so!

So, src:developers-reference needs more contributors (whether one time
or constant) and also more people acting as uploaders would be great.


-- 
cheers,
Holger

---
   holger@(debian|reproducible-builds|layer-acht).org
   PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C



signature.asc
Description: PGP signature

Bug#934137: securesystemslib ftbfs in sid

[Holger Levsen]

On Mon, Aug 12, 2019 at 04:17:46PM +0200, Lukas Puehringer wrote:
> Hooray, thanks! I just applied the same "override_dh_auto_test" patch [1] to
> in-toto, whose tests will also only be available with the next upstream 
> release.

yay!

> The freshly built package is available on mentors [2].

yay!

> And there are similar build instructions for in-toto, which take into account
> that the securesystemslib dependency might be fed to sbuild via 
> --extra-package
> [3]. 

this won't work on the buildds, they cannot access packages in NEW. so
we need to wait until securesystemslib made it through...


-- 
tschau,
cheers,
Holger

---
   holger@(debian|reproducible-builds|layer-acht).org
   PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C


signature.asc
Description: PGP signature

Bug#934137: securesystemslib ftbfs in sid

[Holger Levsen]

Hi Lukas,

I've uploaded this now. Once it's passed NEW I'll take another look at
in-toto. I assume it's available on mentors as well?

On Mon, Aug 12, 2019 at 02:46:31PM +0200, Lukas Puehringer wrote:
> Thanks for the heads-up. Just applied and pushed your patch [1], re-built
> successfully, and re-uploaded to mentors [2].

cool, thanks!

> securesystemslib release that adds the tests also makes some minor but 
> backwards
> incompatible API changes, so we'd also have to first make a new in-toto 
> release,
> before we upload in-toto (it doesn't pin its securesystemslib dependency).

ok

> And since we are making good progress on the rebuilder setup [2], it would be
> very nice to test it with the real in-toto/securesystemslib debian packages 
> soon.

indeed!

> Also, it feels like bumping the downstream release as soon as there is a new
> upstream release should be quite easy. Especially if the new releases add
> comprehensive testing. What do you think?

yes! :)


-- 
cheers,
Holger

---
   holger@(debian|reproducible-builds|layer-acht).org
   PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C


signature.asc
Description: PGP signature

Bug#934137: securesystemslib ftbfs in sid

[Holger Levsen]

Hi Lukas,

On Mon, Aug 12, 2019 at 10:44:04AM +0200, Lukas Puehringer wrote:
> Thanks for your efforts! The reason why it fails is that it can't find the
> tests, as they are not part of the current release. They will be in the next
> release though (see [1]).

ah

> For now I built without tests (see build instructions in [2]) with:
> DEB_BUILD_OPTIONS=nocheck sbuild -A -s -d unstable

official builds are never build with DEB_BUILD_OPTIONS=nocheck thus we
need to disable the tests in d/rules with an

override_dh_auto_test:
:

block.

Just tested this, it works nicely as it should.

Do you think it makes sense to upload 0.11.3-2 as that or should we wait
for 0.11.4-1 with the tests?

> In [2] I also describe how to copy the tests from upstream into the tarball to
> test while building. However, that seems to require recording them as 
> downstream
> patches, otherwise sbuild complains about local changes.

indeed.


--
cheers,
Holger

---
   holger@(debian|reproducible-builds|layer-acht).org
   PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C


signature.asc
Description: PGP signature

Bug#934137: securesystemslib ftbfs in sid

[Holger Levsen]

Hi Lukas,

so I reviewed
https://mentors.debian.net/debian/pool/main/p/python-securesystemslib/python-securesystemslib_0.11.3-1.dsc
and wanted to upload it, thus I tried to build it in pbuilder and sadly
it failes like this:

I: Running cd /build/python-securesystemslib-0.11.3/ && env 
PATH="/usr/sbin:/usr/bin:/sbin:/bin" HOME="/nonexistent" dpkg-buildpackage -us 
-uc -rfakeroot
dpkg-buildpackage: info: source package python-securesystemslib
dpkg-buildpackage: info: source version 0.11.3-1
dpkg-buildpackage: info: source distribution unstable
dpkg-buildpackage: info: source changed by Lukas Puehringer 

dpkg-buildpackage: info: host architecture amd64
 dpkg-source --before-build .
 fakeroot debian/rules clean
dh clean --with python3 --buildsystem=pybuild
   dh_auto_clean -O--buildsystem=pybuild
I: pybuild base:217: python3.7 setup.py clean 
running clean
removing 
'/build/python-securesystemslib-0.11.3/.pybuild/cpython3_3.7_securesystemslib/build'
 (and everything under it)
'build/bdist.linux-amd64' does not exist -- can't clean it
'build/scripts-3.7' does not exist -- can't clean it
   dh_autoreconf_clean -O--buildsystem=pybuild
   dh_clean -O--buildsystem=pybuild
 dpkg-source -b .
dpkg-source: info: using source format '3.0 (quilt)'
dpkg-source: info: building python-securesystemslib using existing 
./python-securesystemslib_0.11.3.orig.tar.gz
dpkg-source: info: building python-securesystemslib using existing 
./python-securesystemslib_0.11.3.orig.tar.gz.asc
dpkg-source: info: building python-securesystemslib in 
python-securesystemslib_0.11.3-1.debian.tar.xz
dpkg-source: info: building python-securesystemslib in 
python-securesystemslib_0.11.3-1.dsc
 debian/rules build
dh build --with python3 --buildsystem=pybuild
   dh_update_autotools_config -O--buildsystem=pybuild
   dh_autoreconf -O--buildsystem=pybuild
   dh_auto_configure -O--buildsystem=pybuild
I: pybuild base:217: python3.7 setup.py config 
running config
   dh_auto_build -O--buildsystem=pybuild
I: pybuild base:217: /usr/bin/python3 setup.py build 
running build
running build_py
creating 
/build/python-securesystemslib-0.11.3/.pybuild/cpython3_3.7_securesystemslib/build/securesystemslib
copying securesystemslib/pyca_crypto_keys.py -> 
/build/python-securesystemslib-0.11.3/.pybuild/cpython3_3.7_securesystemslib/build/securesystemslib
copying securesystemslib/keys.py -> 
/build/python-securesystemslib-0.11.3/.pybuild/cpython3_3.7_securesystemslib/build/securesystemslib
copying securesystemslib/unittest_toolbox.py -> 
/build/python-securesystemslib-0.11.3/.pybuild/cpython3_3.7_securesystemslib/build/securesystemslib
copying securesystemslib/ecdsa_keys.py -> 
/build/python-securesystemslib-0.11.3/.pybuild/cpython3_3.7_securesystemslib/build/securesystemslib
copying securesystemslib/settings.py -> 
/build/python-securesystemslib-0.11.3/.pybuild/cpython3_3.7_securesystemslib/build/securesystemslib
copying securesystemslib/schema.py -> 
/build/python-securesystemslib-0.11.3/.pybuild/cpython3_3.7_securesystemslib/build/securesystemslib
copying securesystemslib/hash.py -> 
/build/python-securesystemslib-0.11.3/.pybuild/cpython3_3.7_securesystemslib/build/securesystemslib
copying securesystemslib/exceptions.py -> 
/build/python-securesystemslib-0.11.3/.pybuild/cpython3_3.7_securesystemslib/build/securesystemslib
copying securesystemslib/formats.py -> 
/build/python-securesystemslib-0.11.3/.pybuild/cpython3_3.7_securesystemslib/build/securesystemslib
copying securesystemslib/__init__.py -> 
/build/python-securesystemslib-0.11.3/.pybuild/cpython3_3.7_securesystemslib/build/securesystemslib
copying securesystemslib/ed25519_keys.py -> 
/build/python-securesystemslib-0.11.3/.pybuild/cpython3_3.7_securesystemslib/build/securesystemslib
copying securesystemslib/util.py -> 
/build/python-securesystemslib-0.11.3/.pybuild/cpython3_3.7_securesystemslib/build/securesystemslib
copying securesystemslib/interface.py -> 
/build/python-securesystemslib-0.11.3/.pybuild/cpython3_3.7_securesystemslib/build/securesystemslib
creating 
/build/python-securesystemslib-0.11.3/.pybuild/cpython3_3.7_securesystemslib/build/securesystemslib/_vendor
copying securesystemslib/_vendor/ssl_match_hostname.py -> 
/build/python-securesystemslib-0.11.3/.pybuild/cpython3_3.7_securesystemslib/build/securesystemslib/_vendor
copying securesystemslib/_vendor/__init__.py -> 
/build/python-securesystemslib-0.11.3/.pybuild/cpython3_3.7_securesystemslib/build/securesystemslib/_vendor
creating 
/build/python-securesystemslib-0.11.3/.pybuild/cpython3_3.7_securesystemslib/build/securesystemslib/_vendor/ed25519
copying securesystemslib/_vendor/ed25519/science.py -> 
/build/python-securesystemslib-0.11.3/.pybuild/cpython3_3.7_securesystemslib/build/securesystemslib/_vendor/ed25519
copying securesystemslib/_vendor/ed25519/__init__.py -> 
/build/python-securesystemslib-0.11.3/.pybuild/cpython3_3.7_securesystemslib/build/securesystemslib/_vendor/ed25519
copying securesystemslib/_vendor/ed25519/ed25519.py -> 

Bug#759995: RFH: developers-reference -- guidelines and information for Debian developers

[Holger Levsen]

Hi Tobi, hi everyone!

On Sun, Sep 16, 2018 at 01:16:24PM +0200, Tobias Frost wrote:
> After doing some bug triaging this weekend on the dev-ref and finding
> it not too bad, I'd like to offer help in maintaining the dev-ref…
> 
> Let me know if that be ok with you.

That would be very much ok with me! :) I only got involved in
developers-reference very recently, so here I mostly want to spread the
news that after 22 years of the Debian Developers Reference being maintained
as an SGML document, the sources are now maintained as ReStructuredText, while
the translations remain .po files.

This will make updating the document so much easier! \o/

Big kudos and many thanks to Osamu Aoki for doing most of the work on this.
Obviously also many thanks to everyone else involved, both upstream and in
Debian!


-- 
cheers,
Holger

---
   holger@(debian|reproducible-builds|layer-acht).org
   PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C


signature.asc
Description: PGP signature

Bug#922643: ITP: build-alternative -- helper to build Debian package with diet libc

[Holger Levsen]

On Mon, Feb 18, 2019 at 07:37:38PM +, Dmitry Bogatov wrote:
>  Regular users do not need to install this package, it is only
>  useful to Debian Contributors.

Debian contributors are regular users too. (And then there are many
contributors who will never use this as they are contributing in other
areas, eg translation or graphics or testing or foo.)

I'd suggest to reword to: 

This package is only useful for people developing software.

And then you can also probably rather drop it completly.


-- 
tschau,
Holger

---
   holger@(debian|reproducible-builds|layer-acht).org
   PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C


signature.asc
Description: PGP signature

Bug#922155: [Pkg-matrix-maintainers] ITP: matrix-archive-keyring -- OpenPGP archive key for the Matrix.org package repository

[Holger Levsen]

On Wed, Feb 13, 2019 at 05:17:27PM +0100, Ansgar wrote:
> More important is the question if the system should /trust/ the keys.
> 
> IMHO installing a non-Debian keyring should *not* make the keys trusted
> by APT by default (i.e. with the default answer if debconf is used).

agreed.

> ubuntu-keyring does that; most other keyrings sadly do not follow this.

file bugs?


-- 
tschau,
Holger

---
   holger@(debian|reproducible-builds|layer-acht).org
   PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C


signature.asc
Description: PGP signature

Bug#918995: ITP: fonts-quicksand -- free sans-serif font with round attributes

[Holger Levsen]

On Fri, Jan 11, 2019 at 06:22:42PM +0200, Jonathan Carter wrote:
> > see https://lists.debian.org/debian-desktop/2019/01/msg8.html for
> Hah, yes it was that post that lead me to starting the packaging. Will
> make an initial upload in a moment.

ah! nice, very!


-- 
cheers,
Holger

---
   holger@(debian|reproducible-builds|layer-acht).org
   PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C


signature.asc
Description: PGP signature

Bug#918995: ITP: fonts-quicksand -- free sans-serif font with round attributes

[Holger Levsen]

On Fri, Jan 11, 2019 at 05:28:54PM +0200, jonathan wrote:
> * Package name: fonts-quicksand
[...]
> This font is used by the chosen artwork proposal for Debian 10
> (buster). I indend to package this so that SVG files that uses
> this font can be rendered properly.

thank you for packaging this.

FYI and in case you don't manage to get this package into buster:

Debian Edu (in src:debian-edu-artwork) replaced the Quicksand font (not packaged
for Debian) with one from fonts-open-sans and also changed the text format.
see https://lists.debian.org/debian-desktop/2019/01/msg8.html for
more information.


-- 
cheers,
Holger

---
   holger@(debian|reproducible-builds|layer-acht).org
   PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C


signature.asc
Description: PGP signature

Bug#912553: ITP: eglexternalplatform -- EGL External Platform Interface

[Holger Levsen]

On Thu, Nov 01, 2018 at 11:15:45AM +0200, Timo Aaltonen wrote:
>   Description : EGL External Platform Interface
> 
> This is a work-in-progress specification of the EGL External Platform 
> interface
> for writing EGL platforms and their interactions with modern window systems on
> top of existing low-level EGL platform implementations. This keeps window
> system implementation specifics out of EGL drivers by using application-facing
> EGL functions.
 
please explain the EGL acronymn somewhere in the description. Thanks!


-- 
cheers,
Holger

---
   holger@(debian|reproducible-builds|layer-acht).org
   PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C


signature.asc
Description: PGP signature

Bug#911865: ITP: ibus-kmfl -- IBus-kmfl is an IM engine for multiple languages, based on IBus

[Holger Levsen]

Hi Daniel,

On Fri, Oct 26, 2018 at 12:13:25AM +0700, Daniel Glassey wrote:
> I was sorry to not make it to Taiwan this year and see you and others again
> but hopefully another day.
 
there's always the next DebConf! Plan your travels early! :)

> Thanks, that's a good point. The description mostly came from old upstream
> and > scim-kmfl-imengine so I'll fix that in that package as well. New 
> suggestion:
> 
> Description: Input method engine for multiple languages using KMFL for IBus
> 
> This package provides the KMFL (Keyboard Mapping for Linux) input method
> engine for
> IBus. With this module, you can use keyboard layouts designed for Keyman
> for Windows 6.0
> under the IBus platform.

reads much better to me (who basically knows nothing about this),
thanks!

> > > It is being maintained in the Debian Input Method Team and is
> > > on salsa at https://salsa.debian.org/input-method-team/ibus-kmfl
> > That's far too late and non obvious.
> I assume that comment is because of my missed separator above.
 
ah! :)


-- 
cheers,
Holger

---
   holger@(debian|reproducible-builds|layer-acht).org
   PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C


signature.asc
Description: PGP signature

Bug#911865: ITP: ibus-kmfl -- IBus-kmfl is an IM engine for multiple languages, based on IBus

[Holger Levsen]

Hi Daniel,

On Thu, Oct 25, 2018 at 11:39:46PM +0700, Daniel Glassey wrote:
>   Description : IBus-kmfl is an IM engine for multiple languages, based 
> on IBus
> 
> IBus-kmfl is a IM Engine for multiple languages, based on IBus.
> 
> This package provides the KMFL (Keyboard Mapping for Linux) IM engine for
> IBus. With this module, you can use keyboard layouts designed for
> Keyman for Windows 6.0 under the IBus platform.
> 
> There is currently a kmfl engine for scim in Debian. This
> is the engine for IBus.
 
Please mention somewhere that this is about Input Methods and not
Instand Messaging, best in the short description even.

> It is being maintained in the Debian Input Method Team and is
> on salsa at https://salsa.debian.org/input-method-team/ibus-kmfl

That's far too late and non obvious.


-- 
cheers,
Holger

---
   holger@(debian|reproducible-builds|layer-acht).org
   PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C


signature.asc
Description: PGP signature

Bug#903815: ITP: pw -- A simple command-line password manager

[Holger Levsen]

On Sun, Jul 15, 2018 at 12:41:36PM +0200, Carsten Schoenert wrote:
> Hmm, do you have tried to validate your shell code?
> https://www.shellcheck.net/
> I just pasted
> https://raw.githubusercontent.com/dashohoxha/pw/master/src/pw.sh into
> and got quite a lot of problematic remarks.

I've also done this now and must say/add "ouch":

$ sudo apt install shellcheck
$ curl -s https://raw.githubusercontent.com/dashohoxha/pw/master/src/pw.sh | 
shellcheck -

In - line 26:
$GPG --symmetric $opts --cipher-algo=AES256 \
 ^-- SC2086: Double quote to prevent globbing and word 
splitting.


In - line 31:
$GPG --encrypt $opts --use-agent --no-encrypt-to \
   ^-- SC2086: Double quote to prevent globbing and word 
splitting.


In - line 32:
$recipients "$archive"
^-- SC2086: Double quote to prevent globbing and word splitting.


In - line 39:
$GPG $opts --passphrase-fd 0 "$archive.gpg" <<< "$PASSPHRASE"
 ^-- SC2086: Double quote to prevent globbing and word splitting.


In - line 41:
$GPG --decrypt $opts --use-agent --output="$archive" "$archive.gpg"
   ^-- SC2086: Double quote to prevent globbing and word 
splitting.


In - line 71:
make_workdir
^-- SC2119: Use make_workdir "$@" if function's $1 should mean script's $1.


In - line 91:
make_workdir
^-- SC2119: Use make_workdir "$@" if function's $1 should mean script's $1.


In - line 144:
local before="$(xclip -o -selection "$X_SELECTION" 2>/dev/null | base64)"
  ^-- SC2155: Declare and assign separately to avoid masking return 
values.


In - line 149:
local now="$(xclip -o -selection "$X_SELECTION" | base64)"
  ^-- SC2155: Declare and assign separately to avoid masking return 
values.


In - line 166:
make_workdir() {
^-- SC2120: make_workdir references arguments, but none are ever passed.


In - line 189:
find "$WORKDIR" -type f -exec $SHRED {} +
  ^-- SC2086: Double quote to prevent 
globbing and word splitting.


In - line 200:
[[ -f "$platform_file" ]] && source "$platform_file"
 ^-- SC1090: Can't follow non-constant source. Use 
a directive to specify location.


In - line 346:
local pass="$(cat "$WORKDIR/$path" | head -n 1)"
  ^-- SC2155: Declare and assign separately to avoid masking return 
values.
  ^-- SC2002: Useless cat. Consider 'cmd < file | ..' 
or 'cmd file | ..' instead.


In - line 569:
GPG_KEYS="$@"
 ^-- SC2124: Assigning an array to a string! Assign as array, or 
use * instead of @ to concatenate.


In - line 584:
$GPG $GPG_OPTS --gen-key
 ^-- SC2086: Double quote to prevent globbing and word splitting.


In - line 606:
| while read pwfile
^-- SC2162: read without -r will mangle backslashes.


In - line 624:
[[ -f "$customize_file" ]] && source "$customize_file"
  ^-- SC1090: Can't follow non-constant source. Use 
a directive to specify location.


In - line 647:
*)   try_ext_cmd $cmd "$@" ;;
 ^-- SC2086: Double quote to 
prevent globbing and word splitting.


In - line 659:
read -e -p 'pw> ' command options
^-- SC2162: read without -r will mangle backslashes.


In - line 665:
*)   run_cmd $command $options ;;
 ^-- SC2086: Double quote to prevent globbing and word 
splitting.
  ^-- SC2086: Double quote to prevent globbing 
and word splitting.


In - line 684:
sleep $TIMEOUT
  ^-- SC2086: Double quote to prevent globbing and word splitting.


In - line 698:
source "$PW_DIR/cmd_$cmd.sh"
^-- SC1090: Can't follow non-constant source. Use a directive to 
specify location.


In - line 699:
debug running: cmd_$cmd "$@"
   ^-- SC2086: Double quote to prevent globbing and 
word splitting.


In - line 700:
cmd_$cmd "$@"
^-- SC2086: Double quote to prevent globbing and word splitting.


In - line 707:
source "$LIBDIR/ext/$PLATFORM/cmd_$cmd.sh"
^-- SC1090: Can't follow non-constant source. Use a directive to 
specify location.


In - line 708:
debug running: cmd_$cmd "$@"
   ^-- SC2086: Double quote to prevent globbing and 
word splitting.


In - line 709:
cmd_$cmd "$@"
^-- SC2086: Double quote to prevent globbing and word splitting.


In - line 716:
source "$LIBDIR/ext/cmd_$cmd.sh"
^-- SC1090: Can't follow non-constant source. Use a directive to 
specify location.


In - line 717:
debug running: cmd_$cmd "$@"
   ^-- SC2086: Double quote to prevent globbing and 
word splitting.


In - line 718:
cmd_$cmd "$@"
^-- 

Bug#903815: ITP: pw -- A simple command-line password manager

[Holger Levsen]

On Mon, Jul 16, 2018 at 05:56:39AM +0200, Dashamir Hoxha wrote:
> I just uploaded it: https://mentors.debian.net/package/pw
> Please review and sponsor it.

please *dont* sponsor this until Dashamir has addressed the concerns
pointed out in
https://lists.debian.org/msgid-search/aa2d4d3d-41d2-5399-225b-f492be2d2...@t-online.de


-- 
cheers,
Holger


signature.asc
Description: PGP signature

Bug#753350: ITP: youtube-dl-gui -- a graphical frontend for youtube-dl

[Holger Levsen]

Hi,

On Mon, Dec 26, 2016 at 10:59:17PM +0100, Félix Sipma wrote:
> Do you still plan to work on a package for youtube-dl-gui? If not, I'll be
> happy to do it myself.

ping?

I'd be glad to sponsor an upload of this too.


-- 
cheers,
Holger


signature.asc
Description: PGP signature

Bug#877404: Debian _Regnal_ dates?

[Holger Levsen]

Hi Elena,

On Mon, Oct 02, 2017 at 10:14:20AM -, Packages entering NEW: Elena Grandi 
wrote:
> Description: 
>  debdate- Convert Gregorian dates to Debian Regnal dates
> Changes: 
>  debdate (0.20170714-1) unstable; urgency=low
>* First debian upload. Closes: #877404

when I first saw this package (or its ITP) I liked it (and I still do!), I just
mildly wondered what "Regnal" means. Now that it entered NEW I looked it up and
learned on wikipedia that "A regnal year is a year of the reign of a sovereign,
from the Latin regnum meaning kingdom, rule." 
(https://en.wikipedia.org/wiki/Regnal_date)

Which strikes me as quite unappropriate for Debian! 

"We reject: kings, presidents and voting.
We believe in: rough consensus and running code. "

is a quote used by Anthony Towns a lot, in fact so much, that I was led to 
believe it's from Debian and an old Debian motto - while in fact it was
coined by Dave Clark from and for the IETF. (See 
https://en.wikiquote.org/wiki/David_D._Clark)

Still, this quote is very close to the core values of Debian too, we too
believe in rough consensus and running code! And we have a DPL, not a king!

So I guess this boils down that I should file this as a wishlist bug against
debdate to change the package description to, eg, "Convert Gregorian dates to
Debian Release dates" - what do you think?


-- 
cheers,
Holger


signature.asc
Description: PGP signature

Bug#655889: help still needed

[Holger Levsen]

control: retitle -1 RFH: munin -- please help with maintenance
thanks

Hi,

help with both maintaining munin 2.0.x and getting 2.999/3.0 into
shape would be much very much appreciated.

If you want to help with this, please reply to this bug. And/or reply to
other bugs and/or provide git patches for existing bugs.

Best way to help with bugs is actually to forward them to the upstream
github issue tracker and make sure they are fixed there and then see how we
can include those fixes in the Debian package, probably via upstream
releases.

Please just ask if you have any further questions how to help.

Thanks.


-- 
cheers,
Holger


signature.asc
Description: Digital signature

Bug#862354: ITP: installation-birthday -- Receive congratulations on system installation anniversaries

[Holger Levsen]

On Fri, May 12, 2017 at 10:09:09AM +0100, Chris Lamb wrote:
> Updated the package description to make this clearer. :)

cool, thanks!

is it already suggested by debian-goodies? ;-)


-- 
cheers,
Holger


signature.asc
Description: Digital signature

Bug#862354: ITP: installation-birthday -- Receive congratulations on system installation anniversaries

[Holger Levsen]

On Thu, May 11, 2017 at 06:14:30PM +0100, Chris Lamb wrote:
>   Description : Receive congratulations on system installation 
> anniversaries
 
lol, nice one!

does it also work when the package is installed years after the birthday?


-- 
cheers,
Holger


signature.asc
Description: Digital signature

Bug#861646: ITP: reprounzip -- Linux tools for reproducible experiments

[Holger Levsen]

On Tue, May 02, 2017 at 12:59:31PM +0100, Ghislain Vaillant wrote:
> Good point. I'll forward your suggestion upstream. 

thank you!

:)


-- 
cheers,
Holger


signature.asc
Description: Digital signature

Bug#861646: ITP: reprounzip -- Linux tools for reproducible experiments

[Holger Levsen]

On Tue, May 02, 2017 at 11:18:35AM +0100, Ghislain Vaillant wrote:
> > and how is it different from zip? (or tar|gzip)
> > those can also be used to (un)pack reproducible archives…
> The unpacking step includes fetching the necessary dependencies, and
> spawning a run of the experiment (locally, or on Vagrant / Docker)
> automatically.
 
ah! I think something along the lines should be added to the description.

And you should very probably remove the word "Linux" from the short description,
and maybe also s#reproducible#reproducing#…

> It's a step forward compared to providing a tar with code and data +
> custom deployment script, which researchers are usually quite terrible
> at writing.

/me nods.

Thanks for these clarifications!


-- 
cheers,
Holger


signature.asc
Description: Digital signature

Bug#861646: ITP: reprounzip -- Linux tools for reproducible experiments

[Holger Levsen]

On Tue, May 02, 2017 at 11:04:48AM +0100, Ghislain Vaillant wrote:
> In a nutshell, take a scientific experiment (data + processing
> pipeline), create a single archive out of it (packing step), and enable
> a different machine to reproduce the experiment (unpacking step).

and how is it different from zip? (or tar|gzip)

those can also be used to (un)pack reproducible archives…


-- 
cheers,
Holger


signature.asc
Description: Digital signature

Bug#860531: Bug#861646: ITP: reprounzip -- Linux tools for reproducible experiments

[Holger Levsen]

On Tue, May 02, 2017 at 10:44:49AM +0100, Ghislain Vaillant wrote:
> > I didnt notice because those two bugs have
> > - an identical upstream URL
> > - an identical description
> > - actually everything identical except for the package name
> TBH, I have been a bit lazy on that one. I could have made the
> distinction much more explicit.
 
indeed, you should have…

> > Does this really need to packages?
> 
> The whole ReproZip project is a collection of utilities, including
> reprozip, reprounzip and reprounzip plugins for Vagrant and Docker.
> 
> Each tool is registered as a separate download on pip and are versioned
> separately. Based on that alone, I guess it makes more sense to provide
> separate source packages too.

indeed, thanks for that explaination!

I still wonder what these tools exactly do, though ;-)


-- 
cheers,
Holger


signature.asc
Description: Digital signature

Bug#860531: Bug#861646: ITP: reprounzip -- Linux tools for reproducible experiments

[Holger Levsen]

unmerge 860531

On Tue, May 02, 2017 at 10:18:00AM +0100, Ghislain Vaillant wrote:
> > a few days ago you already filed an ITP bug for this package?!!
> No, reprozip != reprounzip (one is the packer, the other is the
> unpacker).

aha! 

I didnt notice because those two bugs have
- an identical upstream URL
- an identical description
- actually everything identical except for the package name

Does this really need to packages?
 
> Please undo the merge. Thanks.

done.


-- 
cheers,
Holger


signature.asc
Description: Digital signature

Bug#860531: Bug#861646: ITP: reprounzip -- Linux tools for reproducible experiments

[Holger Levsen]

forcemerge 861646 860531
thanks

On Tue, May 02, 2017 at 09:19:07AM +0100, Ghislain Antony Vaillant wrote:
> Owner: Ghislain Antony Vaillant 
> 
> * Package name: reprounzip

a few days ago you already filed an ITP bug for this package?!!


-- 
cheers,
Holger


signature.asc
Description: Digital signature

Bug#859446: ITP: node-falafel -- transform javascript ast on a recursive walk

[Holger Levsen]

On Mon, Apr 03, 2017 at 05:23:29PM +0200, Bastien ROUCARIES wrote:
>  Falafel is a pure javascript implementation of recursive walk of
>  abstract syntax tree (AST) for javascript.

there's a reduncy here, twice javascript.


-- 
cheers,
Holger


signature.asc
Description: Digital signature

Bug#854153: Fwd: ITP: node-babel-code-frame -- Generate errors that contain a code frame that point to source locations.

[Holger Levsen]

On Sat, Feb 04, 2017 at 07:36:52PM +0530, Aarti Kashyap wrote:
> * Package name: node-babel-code-frame
>   Description : Generate errors that contain a code frame that point to
> source locations.
> This library is a dependency for ava, a futuristic test runner.

please improve the long description to describe what the package does, not why
it's needed (as that's metadata expressed in debian/control via the "depends"
relation…)


-- 
cheers,
Holger


signature.asc
Description: Digital signature

Bug#854168: ITP: node-babel-messages -- Collection of debug messages used by Babel.

[Holger Levsen]

On Sat, Feb 04, 2017 at 08:34:36PM +0530, Aarti Kashyap wrote:
>   Description : Collection of debug messages used by Babel.
> 
> This library is a dependency for ava, a futuristic test runner.

please improve the long description to describe what the package does, not why
it's needed (as that's metadata expressed in debian/control via the "depends"
relation…)


-- 
cheers,
Holger


signature.asc
Description: Digital signature

Bug#852350: affects 852350

[Holger Levsen]

Hi Gregor,

On Fri, Jan 27, 2017 at 04:40:51PM +0100, gregor herrmann wrote:
> > HTTP::Server::Simple::CGI is used by munin >= 2.999.4 which is in
> > experimental, so packaging this timely would be very nice…
> Uploaded to NEW.

awesome, thank you!


-- 
cheers,
Holger


signature.asc
Description: Digital signature

Bug#852350: affects 852350

[Holger Levsen]

affects 852350 munin
thanks

Hi,

HTTP::Server::Simple::CGI is used by munin >= 2.999.4 which is in
experimental, so packaging this timely would be very nice…


-- 
cheers,
Holger


signature.asc
Description: Digital signature

Bug#811377: Bug#851747: sysvinit-utils: unmaintained package should not be Essential

[Holger Levsen]

On Wed, Jan 18, 2017 at 11:21:46PM +, Ian Jackson wrote:
> With sysvinit being maintained in collab-maint, I think Benda won't be
> able to push to it directly.  Benda, I suggest that if you want to
> contribute you make a git branch in a tree of your own on alioth, and
> use git-request-pull.

or just apply (within the alioth web gui) to become a collab-maint member,
explain that you want to commit to sysvinit.git and then get the access
granted and directly commit to collab-maint :-)

collab-maint membership is open to anyone, one just needs to apply and
state why.


-- 
cheers,
Holger


signature.asc
Description: Digital signature

Bug#779893: gx is not needed to package go-ipfs

[Holger Levsen]

Hi,

archlinux has a go-ipfs package without gx, see
https://git.archlinux.org/svntogit/community.git/tree/trunk/PKGBUILD?h=packages/go-ipfs

also from #ipfs on freenode:

 <@whyrusleeping> its worth pointing out that gx does not require ipfs
 <@whyrusleeping> it can function just fine on its own using https from the 
gateways 


-- 
cheers,
Holger


signature.asc
Description: Digital signature

Bug#850254: ITP: node-extract-zip -- unzip a zip file into a directory using 100% pure gluten-free organic javascript

[Holger Levsen]

On Fri, Jan 06, 2017 at 01:22:55PM -0800, Kunal Mehta wrote:
> The description comes from package.json's "description" field, which
> contained those words. I submitted an upstream pull request to remove
> it: .

Thank you, Kunal.


-- 
cheers,
Holger


signature.asc
Description: Digital signature

Bug#850254: ITP: node-extract-zip -- unzip a zip file into a directory using 100% pure gluten-free organic javascript

[Holger Levsen]

On Thu, Jan 05, 2017 at 05:21:11PM +0530, Sumedh Pendurkar wrote:
> * Package name: node-extract-zip
> * URL : https://github.com/maxogden/extract-zip
>   Description : unzip a zip file into a directory using 100% pure
> gluten-free organic javascript
 
uhm, could you please remove that "gluten-free organic" from the short
description? It comes across as offensive plus I also cannot see those
terms at https://github.com/maxogden/extract-zip :/

(most people who need to eat gluten-free food don't do so by choice, but
because of medical indication, aka, they are sick. Not funny in a
package description.)


-- 
cheers,
Holger


signature.asc
Description: Digital signature

Bug#850238: ITP: node-hoek -- General purpose node utilities

[Holger Levsen]

On Thu, Jan 05, 2017 at 05:46:32PM +0530, Akash Sarda wrote:
> Oh. Impatience is not good

what do you mean? 


-- 
cheers,
Holger


signature.asc
Description: Digital signature

Bug#850238: ITP: node-hoek -- General purpose node utilities

[Holger Levsen]

On Thu, Jan 05, 2017 at 03:39:31PM +0530, Akash Sarda wrote:
>   Description : General purpose node utilities
> 
>  Utility methods for the hapi ecosystem. This module is not intended to
> solve every problem for everyone, but rather as a central place to store
> hapi-specific methods. If you're looking for a general purpose utility
> module, …

please make the short description match the long one…


-- 
cheers,
Holger


signature.asc
Description: Digital signature

Bug#845743: ITP: node-cpr -- Recursively copy files - Node.js module

[Holger Levsen]

On Sat, Nov 26, 2016 at 05:11:49PM +0530, Pirate Praveen wrote:
>   Description : cp -R

I dont think this is an acceptable short description.


-- 
cheers,
Holger


signature.asc
Description: Digital signature

Bug#844611: debian-installer-launcher proposed removal

[Holger Levsen]

Hi,

On Thu, Nov 17, 2016 at 04:02:46PM +, Iain R. Learmonth wrote:
> I am proposing the removal of debian-installer-launcher from Debian as this
> software generally gives bad user experience and does not see the levels of
> testing required for us to ensure it is of reasonable quality.

fair enough.

> If there is anyone that really really wants to keep
> debian-installer-launcher in the archives, please follow up on Debian bug
> #844611. This package is orphaned and you would have to take over as the
> primary maintainer of the package. It is not going to be included in the
> official Debian Live images for the release of stretch.

I'm not sure I fully understand your proposal. Do you plan to remove
this from stretch as well or just dont plan to include it in the live
images for stretch?

On the latter I can't really comment, but I would find it very
unfortunate if this package would get removed from stretch *now*… (where
there is no time to develop a replacement…)


-- 
cheers,
Holger


signature.asc
Description: Digital signature

Bug#841996: ITP: node-repeating -- Repeat a string fast

[Holger Levsen]

On Tue, Oct 25, 2016 at 11:31:23AM +0530, Sruthi Chandran wrote:
> * URL : https://github.com/sindresorhus/repeating#readme
>   Description : Repeat a string - fast

I was going to ask to improve the description to clarify what this
package does and then I read said readme… and I'm speechless and want to
share that speechlessness…

Maybe the word "fast" could be removed from the description though ;-)
It seems pointless…


-- 
cheers,
Holger


signature.asc
Description: Digital signature

Bug#835925: Bug#840323: debhelper: cmake build system: cross compilation

[Holger Levsen]

On Tue, Oct 11, 2016 at 08:40:13AM +0100, Neil Williams wrote:
> I could file 15 RC bugs against dpkg-cross for the flagrant
> disregard of ALL Debian Policy, if you really want proof of the
> abominations that hide within it. 

file at least one?

> However, cross-config has none of
> those issues, so to allow cross-config to exist in Stretch I want to
> see the removal of the dpkg-cross and libdebian-dpkgcross-perl binary
> packages instead. These should have been removed from Debian before we
> released Lenny, let alone Jessie. Yay for the inertia of cross-building
> in Debian.

the way to get a package removed in Debian is to file a RM bug.

uploading another package replacing it and assuming everybody knows that
the old package is useless and buggy is not the way to go and doesnt
work. 

see this bug report for evidence.


> cross-config exists solely to allow the removal of the dpkg-cross and
> libdebian-dpkgcross-perl binaries. Even then, the contents of
> cross-config could end up in other packages just as easily.
 
then please file a bug for the removal of dpkg-cross.


 
> > There is a reason why dpkg-cross is not part of jessie.
> > 
> > Wookey, should we add a blocker bug keep it out of jessie?
> 
> Holger: did you mean Stretch?

I ment stretch and *I* never spoke of jessie in this bug report. Helmut
added this confusion.

I explicitly said "dpkg-cross is even part of testing!"

> However, Stretch must not release with the dpkg-cross and
> libdebian-dpkgcross-perl binary packages.

Please file bugs (to get those binary packages removed).

> If the new upload doesn't
> happen by the end of November 2017, then (as agreed at DebConf16), I'll
> have to do it as a final QA upload, leaving only the cross-config
> binary package.

And this now finally made me realize cross-config is coming from the
same source package :)

Anyhow, dpkg-cross is part of testing (Stretch) and according to you it
shouldnt. So please fix this.

And, to repeat myself, indicating that it shouldnt be used, via a public
bug in the BTS against dpkg-cross would be helpful. (Not hiding problems
and all that.)


-- 
cheers,
Holger


signature.asc
Description: Digital signature

Bug#837913: ITP: qubes-utils -- Common Qubes utils for dom0 and VMs

[Holger Levsen]

Package: wnpp
Severity: wishlist
Owner: Holger Levsen <hol...@layer-acht.org>

* Package name: qubes-utils
  Upstream Author : Marek Marczykowski <marma...@invisiblethingslab.com>
* URL : https://github.com/QubesOS/qubes-linux-utils.git
* License : GPL2+
  Programming Lang: C / several
  Description : Common Qubes utils for dom0 and VMs

Qubes OS is a security-oriented operating system (OS). The main principle
of Qubes OS is security by compartmentalization (or isolation), in which
activities are compartmentalized (or isolated) in separate qubes.

Virtualization is performed by Xen, and user environments can be based on
Fedora, Debian, Whonix, and Microsoft Windows, among other operating systems.

This package contains the common Qubes utils for dom0 and VMs.



For more information on Qubes, see
https://www.qubes-os.org/tour/#what-is-qubes-os

For more information on this packaging effort, see
https://wiki.debian.org/Qubes/Devel

-- 
cheers,
Holger


signature.asc
Description: Digital signature

Bug#837910: ITP: qubes-gui-daemon -- Qubes GUI daemon

[Holger Levsen]

Package: wnpp
Severity: wishlist
Owner: Holger Levsen <hol...@layer-acht.org>

* Package name: qubes-gui-daemon
  Upstream Author : Joanna Rutkowska <joa...@invisiblethingslab.com>
* URL : https://github.com/QubesOS/qubes-gui-daemon.git
* License : GPL2+
  Programming Lang: C
  Description : Qubes GUI daemon

Qubes OS is a security-oriented operating system (OS). The main principle
of Qubes OS is security by compartmentalization (or isolation), in which
activities are compartmentalized (or isolated) in separate qubes.

Virtualization is performed by Xen, and user environments can be based on
Fedora, Debian, Whonix, and Microsoft Windows, among other operating systems.

This package contains the GUI daemon running on dom0.



For more information on Qubes, see
https://www.qubes-os.org/tour/#what-is-qubes-os

For more information on this packaging effort, see
https://wiki.debian.org/Qubes/Devel

-- 
cheers,
Holger


signature.asc
Description: Digital signature

Bug#837908: ITP: qubes-gui-common -- Common files for Qubes GUI - protocol headers

[Holger Levsen]

Package: wnpp
Severity: wishlist
Owner: Holger Levsen <hol...@layer-acht.org>

* Package name: qubes-gui-common
* Upstream Author : Joanna Rutkowska <joa...@invisiblethingslab.com>
Rafal Wojtczuk  <ra...@invisiblethingslab.com>
Marek Marczykowski <marma...@invisiblethingslab.com>
* URL : https://github.com/QubesOS/qubes-gui-common.git
* License : GPL2+
  Programming Lang: C
  Description : Common files for Qubes GUI - protocol headers

Qubes OS is a security-oriented operating system (OS). The main principle
of Qubes OS is security by compartmentalization (or isolation), in which
activities are compartmentalized (or isolated) in separate qubes.

Virtualization is performed by Xen, and user environments can be based on
Fedora, Debian, Whonix, and Microsoft Windows, among other operating systems.

This package contains the protocol description headers for Qubes GUI, needed
on both dom0 and the VMs.



For more information on Qubes, see
https://www.qubes-os.org/tour/#what-is-qubes-os

For more information on this packaging effort, see
https://wiki.debian.org/Qubes/Devel

-- 
cheers,
Holger


signature.asc
Description: Digital signature

Bug#837906: ITP: qubes-gui-agent -- Qubes GUI Agent for VMs

[Holger Levsen]

Package: wnpp
Severity: wishlist
Owner: Holger Levsen <hol...@layer-acht.org>

* Package name: qubes-gui-agent
  Upstream Author : Joanna Rutkowska <joa...@invisiblethingslab.com>
* URL : https://github.com/QubesOS/qubes-gui-agent-linux.git
* License : GPL2+
  Programming Lang: C
  Description : Qubes GUI Agent for VMs

Qubes OS is a security-oriented operating system (OS). The main principle
of Qubes OS is security by compartmentalization (or isolation), in which
activities are compartmentalized (or isolated) in separate qubes.

Virtualization is performed by Xen, and user environments can be based on
Fedora, Debian, Whonix, and Microsoft Windows, among other operating systems.

This package contains the Qubes GUI agent that needs to be installed in VMs
in order to provide the Qubes manager GUI.



For more information on Qubes, see
https://www.qubes-os.org/tour/#what-is-qubes-os

For more information on this packaging effort, see
https://wiki.debian.org/Qubes/Devel

-- 
cheers,
Holger


signature.asc
Description: Digital signature

Bug#837905: ITP: libvchan-xen-qubes -- Qubes vchan libraries

[Holger Levsen]

Package: wnpp
Severity: wishlist
Owner: Holger Levsen <hol...@layer-acht.org>

* Package name: libvchan-xen-qubes
  Upstream Author : Joanna Rutkowska <joa...@invisiblethingslab.com>
Rafal Wojtczuk  <ra...@invisiblethingslab.com>
Marek Marczykowski <marma...@invisiblethingslab.com>
* URL : https://github.com/QubesOS/qubes-core-vchan-xen.git
* License : GPL2+
  Programming Lang: C
  Description : Qubes vchan libraries

Qubes OS is a security-oriented operating system (OS). The main principle
of Qubes OS is security by compartmentalization (or isolation), in which
activities are compartmentalized (or isolated) in separate qubes.

Virtualization is performed by Xen, and user environments can be based on
Fedora, Debian, Whonix, and Microsoft Windows, among other operating systems.

This package contains the Qubes vchan communication libraries for Dom0 and VMs.



For more information on Qubes, see
https://www.qubes-os.org/tour/#what-is-qubes-os

For more information on this packaging effort, see
https://wiki.debian.org/Qubes/Devel

-- 
cheers,
Holger


signature.asc
Description: Digital signature

Bug#837903: ITP: qubes-db -- Qubes OS database and tools

[Holger Levsen]

Package: wnpp
Severity: wishlist
Owner: Holger Levsen <hol...@layer-acht.org>

* Package name: qubes-db
  Upstream Author : Marek Marczykowski <marma...@invisiblethingslab.com>
* URL : https://github.com/QubesOS/qubes-core-qubesdb.git
* License : GPL2+
  Programming Lang: C
  Description : Qubes OS database and tools

Qubes OS is a security-oriented operating system (OS). The main principle
of Qubes OS is security by compartmentalization (or isolation), in which
activities are compartmentalized (or isolated) in separate qubes.

Virtualization is performed by Xen, and user environments can be based on
Fedora, Debian, Whonix, and Microsoft Windows, among other operating systems.

This package contains the Qubes OS database and tools running on dom0 and the 
VMs.



For more information on Qubes, see
https://www.qubes-os.org/tour/#what-is-qubes-os

For more information on this packaging effort, see
https://wiki.debian.org/Qubes/Devel

-- 
cheers,
Holger


signature.asc
Description: Digital signature

Bug#837902: ITP: qubes-core-agent -- The Qubes core files for VMs

[Holger Levsen]

Package: wnpp
Severity: wishlist
Owner: Holger Levsen <hol...@layer-acht.org>

* Package name: qubes-core-agent
  Upstream Author : Joanna Rutkowska <joa...@invisiblethingslab.com>
Rafal Wojtczuk  <ra...@invisiblethingslab.com>
* URL : https://github.com/QubesOS/qubes-core-agent-linux.git
* License : GPL2+
  Programming Lang: several
  Description : The Qubes core files for VMs

Qubes OS is a security-oriented operating system (OS). The main principle
of Qubes OS is security by compartmentalization (or isolation), in which
activities are compartmentalized (or isolated) in separate qubes.

Virtualization is performed by Xen, and user environments can be based on
Fedora, Debian, Whonix, and Microsoft Windows, among other operating systems.

This package contains the core-agent functionality running on VMs.



For more information on Qubes, see
https://www.qubes-os.org/tour/#what-is-qubes-os

For more information on this packaging effort, see
https://wiki.debian.org/Qubes/Devel

-- 
cheers,
Holger


signature.asc
Description: Digital signature

Bug#837900: ITP: qubes-core-admin-linux -- Linux-specific files for Qubes dom0

[Holger Levsen]

Package: wnpp
Severity: wishlist
Owner: Holger Levsen <hol...@layer-acht.org>

* Package name: qubes-core-admin-linux
  Upstream Author : Marek Marczykowski  <marma...@invisiblethingslab.com>
* URL : https://github.com/QubesOS/qubes-core-admin-linux.git
* License : GPL2+
  Programming Lang: several
  Description : Linux-specific files for Qubes dom0

Qubes OS is a security-oriented operating system (OS). The main principle
of Qubes OS is security by compartmentalization (or isolation), in which
activities are compartmentalized (or isolated) in separate qubes.

Virtualization is performed by Xen, and user environments can be based on
Fedora, Debian, Whonix, and Microsoft Windows, among other operating systems.

This package contains the linux specific core-admin functionality running on
dom0.


For more information on Qubes, see
https://www.qubes-os.org/tour/#what-is-qubes-os

For more information on this packaging effort, see
https://wiki.debian.org/Qubes/Devel

-- 
cheers,
Holger


signature.asc
Description: Digital signature

Bug#837896: ITP: qubes-core-admin -- The Qubes core files (Dom0-side)

[Holger Levsen]

Package: wnpp
Severity: wishlist
Owner: Holger Levsen <hol...@layer-acht.org>

* Package name: qubes-core-admin
  Upstream Author : Joanna Rutkowska <joa...@invisiblethingslab.com>
Rafal Wojtczuk  <ra...@invisiblethingslab.com>
* URL : https://github.com/QubesOS/qubes-core-admin.git
* License : GPL2+
  Programming Lang: Python
  Description : The Qubes core files (Dom0-side)

Qubes OS is a security-oriented operating system (OS). The main principle 
of Qubes OS is security by compartmentalization (or isolation), in which
activities are compartmentalized (or isolated) in separate qubes.

Virtualization is performed by Xen, and user environments can be based on
Fedora, Debian, Whonix, and Microsoft Windows, among other operating systems.

This package contains the core-admin functionality running on dom0.



For more information on Qubes, see
https://www.qubes-os.org/tour/#what-is-qubes-os

For more information on this packaging effort, see
https://wiki.debian.org/Qubes/Devel

-- 
cheers,
Holger


signature.asc
Description: Digital signature

Bug#836867: ITP: sicherboot -- Installs systemd-boot and kernels to ESP, signed for secure boot

[Holger Levsen]

Hi Julian,

On Tue, Sep 06, 2016 at 06:23:46PM +0200, Julian Andres Klode wrote:
> Package: wnpp
> Severity: wishlist
> Owner: Julian Andres Klode 
> 
> * Package name: sicherboot
>   Version : 0.1.0
>   Upstream Author : Julian Andres Klode 
> * URL : https://github.com/julian-klode/sicherboot
> * License : MIT
>   Programming Lang: Shell
>   Description : Installs systemd-boot and kernels to ESP, signed for 
> secure boot

please explain the "ESP" acronym in the long description:
 
>  sicherboot manages kernels and systemd-boot on a secure boot
>  machine. It installs kernels and systemd-boot, generates signing keys to
>  enroll in the machine,  and signs the kernels and the bootloader with it.
>  .
>  The keys used to sign the UEFI binaries are located in /var/lib. If /var/lib
>  is not encrypted, the whole setup is unsafe: One of the files generated is
>  rm_PK.auth, which, when written to UEFI, reverts the system to setup mode
>  where no checks are performed.
>  .
>  Currently, the package only supports amd64 architecture. It also has to
>  divert the /etc/kernel/postinst.d/dracut file and replace it with its
>  own file that calls the diverted one and updates the ESP afterwards, as
>  dracut does not support any form of hooks.
> 
> Lifting the amd64 restriction requires a bit more work: Triggers
> need to be adjusted and the correct EFI binaries need to be found
> at run time (for the EFI stub which allows us to merge a kernel
> with an initramfs).


-- 
cheers,
Holger


signature.asc
Description: Digital signature

Bug#833388: Please raise your opinion to package size and the given options to restrict it (Was: Bug#833388: ITP: metaphlan2 -- Metagenomic Phylogenetic Analysis)

[Holger Levsen]

On Thu, Aug 04, 2016 at 09:30:19AM +0200, Andreas Tille wrote:
> my remarks about the size of this package and the explicite request to
> discuss it here might have been remain unseen at the end of this ITP so
> I'm hereby making some more noise.
 
thanks for that!

[...]
> >   2) When unpackaging the orig.tar.gz translating binary data to
> >  text format and recompress using xz the tarball is "only" 265MB.
> >  The transformation process takes about 30min on my Laptop - not
> >  longer than any larger project might need to build but the
> >  resulting binary package would have again close to 1GB.
[...]
> >  2b) Do the conversion of the format in postinst at the expense
> >  of users time which is acceptable since the package usually
> >  unpacks on high performance machines and not so many
> >  installations which means bandwidth and disk space on Debian
> >  mirrors should be saved here instead of users machine
> > 
> >  Source tarball 256MB + binary package ~250MB (estimated)

this seems the most reasonable option to me.


-- 
cheers,
Holger


signature.asc
Description: Digital signature

Bug#719624: Upgrading xrdp

[Holger Levsen]

On Thu, Jun 02, 2016 at 06:19:58AM +0200, Andreas Tille wrote:
> Without checking: After Building you get a *.changes file. 

run lintian on it to check, lintian will complain if the syntax is
wrong…

lintian $changes_file


-- 
cheers,
Holger


signature.asc
Description: Digital signature

Bug#825785: ITP: tab -- Typesetter for lute tablature

[Holger Levsen]

Hi Chris,

On Mon, May 30, 2016 at 10:54:26AM +0100, Chris Lamb wrote:
> > the README on this github repo says the software is nonfree
> I have opened discussion with upstream.
 
thanks!

> > can you point me to a "screenshot" how the typeset
> > looks? thats what i was really curious in… :)
> Sure: http://i.imgur.com/ZSxar2h.jpg

neato! thanks for that too! :)


-- 
cheers,
Holger


signature.asc
Description: Digital signature

Bug#655889: offer to help with munin packaging

[Holger Levsen]

Hi Dominic!

On Thu, May 12, 2016 at 12:21:55PM +0100, Dominic Hargreaves wrote:
> Not that I have vast amounts of free time, but I do care about
> munin packaging, so I can offer to put a little bit of time into a
> team effort.
 
that would be much welcome! \o/

> What's the current status, thuough? The last update on the rfh bug
> is a few years ago, so I want to know what I'm letting myself in for :)

well, the package is maintained by Stig (ssm) and myself and in the last 1.5
years not much has been done, as we have been waiting for the upstream
3.0 release… (which was said to be immiment for quite some time now :/

Because of this we also didnt bother to send bugs upstream, as most if
not all bugs in the BTS are filed against munin 1.4 or 2.0 and quite
some bugs have been fixed upstream in the 3.0 development phase…

> What are the main tasks/priorities other than bug squashing? Is an
> upload of the current development branch to experimental useful, for
> example?

yes, absolutly. once that is done, I suppose it would also be sensible
to go through the current list of bugs and investigate whether they
still happen with munin 2.999.2.

We (ssm and upstream) hang out on #munin on OFTC, though the same
channel is also available on freenode. (it's mirrored/piped.)

Please do feel very much invited to work in the git repo and also do
uploads, if you feel confident to do so :) Also I believe your work will
have a motivation effect on us :) Also upstream (hi Steve) is reading
the debian BTS too and having more 3.0 testing might convince them to
release 3.0.0 rather sooner than later.

It's starting getting late to have 3.0 in stretch.


-- 
cheers,
Holger


signature.asc
Description: Digital signature

Bug#822805: ITP: voctomix -- Full-HD Software Live-Video-Mixer

[Holger Levsen]

Package: wnpp
Severity: wishlist
Owner: Holger Levsen <hol...@layer-acht.org>

* Package name: voctomix
  Version : 0.2
  Upstream Author : C3Voc <v...@c3voc.de>
* URL : https://github.com/voc/voctomix
* License : MIT
  Programming Lang: Python
  Description : Full-HD Software Live-Video-Mixer

 The Voctomix Project consists of three parts:
  - Voctocore, the videomixer core-process that does the actual video-
and
audio crunching
  - Voctogui, a GUI implementation in GTK controlling the core's
functionality
and giving visual feedback of the mixed video
  - Voctotools (not yet implemented), a collection of tools and examples
on how
to talk to the core-process, feeding and receiving video-streams
 .
 Voctomix is written in Python using GStreamer by the CCC VOC.


I don't really want to maintain this though, but I figured it would be
useful to have this packaged for DebConf16 and beyond. I'm happy to bring
the package in shape though, get it into the Debian archive and sponsor
future uploads.

IOW: more maintainers wanted!

I have a 90% ready package and will publish the git branch shortly.


-- 
cheers,
Holger


signature.asc
Description: Digital signature

Bug#821397: RFP: sway -- i3-compatible window manager for Wayland

[Holger Levsen]

Hi Drew,

On Mon, Apr 18, 2016 at 11:03:44AM -0400, Drew DeVault wrote:
> Not sure how the Debian process works, so forgive me if I'm
> misunderstanding anything.

I'm glad you're asking…! :)

> My concern is that Debian is slow and sway is <1.0 right now. Will sway
> ship with Debian 9 or such and then I'll be receiving bug reports about
> version 0.* for years?

Not neccessarily:

At first, sway will be uploaded to "unstable" and unstable is actually quite
very uptodate. After some days and if it's free from bugs of severity
"serious" and higher, it will automatically migrate to "testing".

So unstable and testing are actually usually quite uptodate and people run
unstable and testing and they are used to create a number of popular
derived distros, *buntu is one of them. So it's useful to have sway
there and updated regularily.

And then, there will be a freeze of testing at the end of this year and
then sometime next year testing will be declared "stable". stable is
free of major changes (well, except for firefox and the kernel and
some…) and in general only receives security fixes.

One easy way of preventing sway from being released as stable is to file
a RC bug to prevent it from entering "testing".

> On 2016-04-18  3:16 PM, Holger Levsen wrote:
> > * License : BSD
> Sway uses the MIT license.

ah, thanks!

-- 
cheers,
Holger


signature.asc
Description: Digital signature

Bug#821397: RFP: sway -- i3-compatible window manager for Wayland

[Holger Levsen]

Package: wnpp
Severity: wishlist

* Package name: sway
  Version : 0.5
  Upstream Author : s...@cmpwn.com
* URL : http://swaywm.org/
https://github.com/SirCmpwn/sway
* License : BSD
  Programming Lang: C
  Description : i3-compatible window manager for Wayland

Sway is a drop-in replacement for the i3 window manager, but for Wayland
instead of X11. It works with your existing i3 configuration and
supports most of i3's features, and a few extras. 

-- 
cheers,
Holger


signature.asc
Description: Digital signature

Bug#821328: ITP: debian-paketmanagement-buch -- German-written book about package management with Debian

[Holger Levsen]

Hi Justin,

On Mon, Apr 18, 2016 at 11:11:42AM +0100, Justin B Rye wrote:
> "German-written" would mean "written by Germans" - a more efficient
> alternative to "ghost-written".

*g*
 
thanks for (all) your quick and informative feedback!


-- 
cheers,
Holger


signature.asc
Description: Digital signature

Bug#821328: ITP: debian-paketmanagement-buch -- German-written book about package management with Debian

[Holger Levsen]

Hi Axel,

kudos for the book and packaging it for Debian!

On Sun, Apr 17, 2016 at 08:04:40PM +0200, Axel Beckert wrote:
> * Package name: debian-paketmanagement-buch

it feels a bit weird to see a package name mostly made up out of German
words… not sure what would be better though. maybe
debian-paketmanagement-book ?

>   Description : German-written book about package management with Debian

maybe better "Book about package management with Debian in German"? Or
"German book about…" or "German language book"?
 
> This package contains the book "Debian Paketmanagement" by Axel Beckert
> and Frank Hofmann as single HTML page, as PDF document and as e-book in
> the epub format.

The long description should probably also mention the language the book
is written in.


-- 
cheers,
Holger


signature.asc
Description: Digital signature

Bug#819649: ITP: tinydb -- TinyDB is a lightweight document oriented database optimized for your happiness

[Holger Levsen]

On Thu, Mar 31, 2016 at 10:00:46AM -0300, Adrian Alves wrote:
> TinyDB is a tiny, document oriented database optimized
> for your happiness :) It's written in pure Python and 
> has no external requirements. The target are small apps
> that would be blown away by a SQL-DB or an external 
> database server.

that's cute, but doesn't explain much why it's better or different than
sqlite.


-- 
cheers,
Holger


signature.asc
Description: Digital signature

Bug#792916: why exactly should this crap be in Debian?

[Holger Levsen]

Hi,

On Tue, Mar 15, 2016 at 09:34:12PM -0400, Antoine Beaupré wrote:
> Well... you writing to me, dropping the bug report in CC, in the last
> post. You re-added it in CC now, i guess that was an oversight? :)

ah, yes, it was. I switched my mail client 5 days ago after 20 years of using
the "other client" and am still new to this fancy mutt thing ;-)

(I've briefly considered resending that mail to the bug report too, not
sure if it's worth it.)

> > Really thanks for your comments, they make a lot of sense to me! (Much
> > more than your blogpost alone.)
> No problem, glad I could clarify.

:)

> Feel free to comment on the blog post as well.

nah, the bug report is linked from the blog post, that should be enough…

-- 
cheers,
Holger

Bug#792916: why exactly should this crap be in Debian?

[Holger Levsen]

Hi,

On Tue, Mar 15, 2016 at 08:38:50PM -0400, Antoine Beaupré wrote:
> By that standard, we should remove a *lot* of stuff from Debian.

yes, we probably should…

> And somehow, you propose we draw the line at... Keybase? Of all places,
> it seems like a weird detour to draw a line. I would totally ban
> Facebook and Google clients way before Keybase.

you have a point here.

(and my "argument" in favor is probably a weak one: lots of user demand
for those others…)
 
> Think of how much security you give up the second you fire up
> Chromium before you complain about issues in Keybase.

I haven't used Chromium since more than a year…
 
> Well, "encourages" is a big word. It asks you, and defaults to
> "yes". That is a small detail, that can be easily patched in Debian if
> we are so obstinate about it.

I actually like this idea, this detail, a lot.
 
> In other words, foot-shooting devices are plentiful in Debian. The
> alternative to Keybase, right now, is GPG, and is probably worse, by a
> few orders of magnitude, than keybase in terms of foot-shooting! I have
> seen people:
> 
>  * sign PGP keys after getting the fingerprints by email in the clear
>without no other form of authentication
>  * lose revocation certificates
>  * loose their private GPG (and therefore access to their data and
>previous communications)
>  * mistakenly revoke their keys by double-clicking on them (oops)
>  * mistakenly publish their private key material

point.
 
 
> All this with our so beloved GPG that we hold dear to our hearts. GPG is
> one of the worst usability nightmare in the history of crypto computing,
> yet we not only use it, but manage the whole Debian upload process and
> voting with it.
> 
> So please, foot-shooting is not an argument against new software coming
> into Debian. From what I can see, it's almost a philosophy to make
> crypto software so cryptic no one can actually use them properly without
> reading a 20 page manual.

Sadly I have to agree here too :/
 
> > Which actually can be seen as an endorsement for packaging this.
> 
> That, again, is quite a stretch. I have been very explicit in my blog
> and on Twitter that I do not endorse keybase. I don't understand why you
> misconstrue my intentions that way.

because that's what people always^woften do. (understand each other differently
than intended by the speaker…)
 
> I do not believe in Hell. :p

:-)

me neither, but I do use the figure of speech…
 
> > So I will speak up: please don't package this for Debian (as long as the
> > flaws are as they are now…), please close this RFP.
> 
> I wasn't planning on packaging this for Debian, for the record. This is
> an RFP, not an ITP, and not assigned to anyone.
> 
> I'm just the messenger.

I wasn't addressing you here, I should have probably made this more
clear.


Really thanks for your comments, they make a lot of sense to me! (Much
more than your blogpost alone.)

-- 
cheers,
Holger

Bug#792916: why exactly should this crap be in Debian?

[Holger Levsen]

Hi anarcat,

I've just read http://anarc.at/blog/2016-03-10-keybase/ and I have looked at 
keybase in more detail a year or so ago… and am puzzled to learn that you 
think that this perceptive crappy tool which is also suggesting crappy 
workflows should be packaged and shipped in Debian.

Can you explain why this would be good? For Debian? For the free software 
community?

I can understand how this is good for the company behind it…


cheers,
Holger

Bug#814736: ITP: irkernel -- R kernel for Jupyter/IPython

[Holger Levsen]

Hi Gordon,

On Sonntag, 14. Februar 2016, Gordon Ball wrote:
>   Description : R kernel for Jupyter/IPython
> 
> This is a native R kernel for the Jupyter (formerly IPython) interactive
> computing tool.

what is that? Please expand the description a bit, explaining what an R kernel 
is. (is that something like the linux or hurd kernel? I doubt it :)


cheers,
Holger




signature.asc
Description: This is a digitally signed message part.

Bug#775436: ITP: xlennart -- An XBill fork but with Lennart and SystenD instead of Bill and Wingdows

[Holger Levsen]

On Freitag, 16. Januar 2015, Dmitry Yu Okunev wrote:
 I think it is not going farther than XBill. Permitting of XBill and
 forbidding of XLennart making double standards. Forbid both or permit both.

Lennart is part of our community. Bill Gates aint.

And the disclaimer, this aint ment to be offensive is as meaningless as a 
disclaimer before a racist joke.


signature.asc
Description: This is a digitally signed message part.

Bug#775436: please dont put this in the archive

[Holger Levsen]

Hi,

I don't think this should be included in Debian as it - despite the disclaimer 
- clearly attacks and/or makes fun in a disrespectful way of a member of our 
community. (So this is different from xbill.) 

please don't let this package enter the Debian archive.


cheers,
Holger


signature.asc
Description: This is a digitally signed message part.

Bug#759822: functionality included in dh_stripnondeterminism

[Holger Levsen]

Hi,

the functionality of this package has been included in dh_stripnondeterminism, 
so for the Debian reproducible builds project it's not needed to have this 
packaged anymore. It mighth still make sense for other use cases though.


cheers,
Holger


signature.asc
Description: This is a digitally signed message part.

Bug#772907: ITA: anarchism

[Holger Levsen]

control: owner -1 hol...@layer-acht.org
control: retitle -1 ITA: anarchism

Hi,

I'll adopt anarchism and plan to maintain it in a team! :)

Thanks Mauro, for all your work on this (and other) package(s)!


cheers,
Holger


signature.asc
Description: This is a digitally signed message part.

Bug#772907: pending - fixed in git

[Holger Levsen]

control: tags -1 + pending

Hi,

this bug is fixed in git, currently just in a develop branch and not uploaded, 
while I'm waiting for confirmation that 
http://lists.alioth.debian.org/mailman/listinfo/collab-maint-devel still works 
and is usable as maintainer address.

http://anonscm.debian.org/cgit/collab-maint/anarchism.git/


cheers,
Holger


signature.asc
Description: This is a digitally signed message part.

Bug#763328: RFP: reproducible/misc.git

[Holger Levsen]

package: wnpp
User: reproducible-bui...@lists.alioth.debian.org
Usertags: infrastructure
X-Debbugs-CC: reproducible-bui...@lists.alioth.debian.org

Hi,

please package git.debian.org/git/reproducible/misc.git - I mostly care about 
having the diffp tool installable via apt-get, so maybe move this into an 
existing package instead? But then I believe the other stuff is also useful, 
hence this RFP for a reproducible-tools package or such.

I believe having /usr/bin/diffp easily installable will also be important for 
wider developer adoption during jessie+1s development cycle.


cheers,
Holger


signature.asc
Description: This is a digitally signed message part.

Bug#763328: retitle to: RFP debbindiff.git

[Holger Levsen]

control retitle -1 RFP: debbindiff.git

Hi,

diffp has been rewritten and the rewrite is available in 
git.debian.org/git/reproducible/debbindiff.git


cheers,
Holger


signature.asc
Description: This is a digitally signed message part.

Bug#739005: Bug#747083: ITP: xcape -- use a modifier key as another key

[Holger Levsen]

forcemerge 747083 739005
thanks

Hi,

On Montag, 5. Mai 2014, KAction wrote:
 * Package name: xcape
   Version : 1.1
   Upstream Author : Albin Olsson albin.ols...@gmail.com
 * URL : https://github.com/alols/xcape
 * License : GPL
   Programming Lang: C
   Description : use a modifier key as another key

Someone else already submitted an ITP for this, merging and cc:ing.


cheers,
Holger


signature.asc
Description: This is a digitally signed message part.

Bug#742597: ITP: casperjs -- a navigation scripting testing utility for PhantomJS and SlimerJS written in Javascript

[Holger Levsen]

Hi,

On Dienstag, 25. März 2014, Xavier Claude wrote:
 * Package name: casperjs
   Description : a navigation scripting  testing utility for PhantomJS
 and SlimerJS written in Javascript

please include some hints in the package description what  PhantomJS
and SlimerJS are and what they are useful for. Thanks!


cheers,
Holger



signature.asc
Description: This is a digitally signed message part.

Bug#741971: ITP: lttngtop -- A top-like interface to read and browse LTTng traces.

[Holger Levsen]

Hi,

On Montag, 17. März 2014, Michael Jeanson wrote:
   Description : A top-like interface to read and browse LTTng traces.
 Lttngtop is an ncurses interface for reading and browsing traces recorded
 by the LTTng tracer and displaying various statistics.

mabye add a word or two about what LTTng is?


cheers,
Holger


signature.asc
Description: This is a digitally signed message part.

Bug#741971: ITP: lttngtop -- A top-like interface to read and browse LTTng traces.

[Holger Levsen]

Hi Michael,

On Dienstag, 18. März 2014, Michael Jeanson wrote:
 The LTTng project is[...]

thanks. Please add something like this to the package description.


cheers,
Holger


signature.asc
Description: This is a digitally signed message part.

Bug#739171: ITP: ruby-hipchat -- library to interact with HipChat with Ruby

[Holger Levsen]

Hi,

On Sonntag, 16. Februar 2014, Jonas Genannt wrote:
   Description : library to interact with HipChat with Ruby
 Ruby library to interact with HipChat

what's hipchat? IOW: please explain that in the long description... thanks!


cheers,
Holger


signature.asc
Description: This is a digitally signed message part.

Bug#738839: ITP: mps -- Poor Man's Spotify - Search and stream music

[Holger Levsen]

Hi Zlatan,

On Donnerstag, 13. Februar 2014, Zlatan Todoric wrote:
   Description : Poor Man's Spotify - Search and stream music

so how is this related to Spotify? Not at all, it's just streaming music?
(And what has it to do with poverty? And with poor men especially?)


cheers,
Holger


signature.asc
Description: This is a digitally signed message part.

Bug#545710: will adopt html2text

[Holger Levsen]

retitle 545710 ITA: html2text
owner 545710 hol...@layer-acht.org
thanks

Hi,

the PTS has been nagging me enough (html2text is a dependency of munin), so I 
will adopt this package to make it quiet. And then probably file a RFH bug for 
html2text for dealing with the 5 uncategorized bugs and future ones too ... :)


cheers,
Holger


signature.asc
Description: This is a digitally signed message part.

Bug#737563: ITP: telegram-cli -- Command-line interface for Telegram

[Holger Levsen]

Hi,

On Montag, 3. Februar 2014, Cleto Martín wrote:
 * URL : https://github.com/vysheng/tg
  Telegram messenger is a cloud-based instant messaging platform
  designed for smart phones and similar to Whatsapp but more flexible,
  and powerful. You can send messages, photos, videos and documents to
  people who are in your phone contacts (and have Telegram). Telegram
  also supports secret chats whose provide a private (encrypted) way of
  communication.

according to http://blog.tincho.org/posts/Telegram/ the privacy of this 
tool/plattform is non existing, it rather collects the users private data and 
sends it to a server. 

I believe such software should not be packaged for+in Debian as it seems to be 
today...: literally, a money-quote from this blog post (from a fellow DD): 

The first thing the application did was to check my address book for 
contacts, without my permission or knowledge. I got greeted by being told that 
some of my contacts already have Telegram installed, and since then I keep 
getting notification that some more of my geek friends are installing it. So 
it is obvious that this company got all my records, breaking my privacy and 
security.


cheers,
Holger, who hasn't tried telegram himself...


signature.asc
Description: This is a digitally signed message part.

Bug#663577: shall 663577 be closed ?

[Holger Levsen]

Hi,

663577 was opened almost 2 years ago, asking for help maintaining irssi-
scripts, as it seems with success, (last upload 3 months ago, 1 open bug), so 
I wonder whether 663577 should be closed...

I stumbled on it while looking at wnpp output and think that others shouldnt 
waste their time like this :) (It wasnt much time, but still..)


cheers,
Holger


signature.asc
Description: This is a digitally signed message part.

Bug#730569: ITP: docker.io -- easy container wrapper that's fun for the whole family

[Holger Levsen]

merge 706060 730569
thanks

Hi Paul,

On Dienstag, 26. November 2013, Paul Tagliamonte wrote:
   Description : easy container wrapper that's fun for the whole family

what?
  
 Everyone should know about this by now :)

are you kidding me?

But, actually and at least, your ITP made me learn about docker, so thanks for 
that!

 It's just taking me so long to get the damn thing through NEW and package
 deps that I'm filing the ITP.

and then it seems you were too busy to search for already existing ITP bugs as 
well, way to go!


much love  cheers,
Holger


signature.asc
Description: This is a digitally signed message part.

Bug#730569: ITP: docker.io -- easy container wrapper that's fun for the whole family

[Holger Levsen]

Heya,

   Everyone should know about this by now :)
  are you kidding me?
 These aren't the final descriptions, but docker has been all over the
 tech news lately, and everyone's been using it.

why do you keep excluding me and other people from the tech community?

or am I just perceiving this?


more clearly now?


love,
Holger


signature.asc
Description: This is a digitally signed message part.

Bug#724978: ITP: python-mockito -- spying (testing) framework

[Holger Levsen]

Hi Thomas,

On Montag, 30. September 2013, Thomas Goirand wrote:
   Description : spying (testing) framework
 
  Mockito is a testing framework. The framework allows the creation of Test
  Double objects (called Mock Objects) in automated unit tests for the
 purpose of Test-driven Development (TDD) or Behavior Driven Development
 (BDD). .
  Python Mockito is a spying framework based on Java library with the same
 name.

what does spying mean here? It's part of the short description also, so it 
seems to be important...


cheers,
Holger



signature.asc
Description: This is a digitally signed message part.