Bug#719106: marked as done (RFA: passwdqc -- password strength checking and policy enforcement toolset)
Your message dated Mon, 23 Sep 2013 09:34:18 + with message-id and subject line Bug#719106: fixed in passwdqc 1.3.0-1 has caused the Debian Bug report #719106, regarding RFA: passwdqc -- password strength checking and policy enforcement toolset to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 719106: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=719106 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: wnpp Severity: normal I request an adopter for the passwdqc package. The package description is: passwdqc is a password/passphrase strength checking and policy enforcement toolset, including a PAM module (libpam-passwdqc), command-line programs (pwqcheck and pwqgen), and a library (libpasswdqc0). . This package provides pwqcheck and pwqgen, which are standalone password/passphrase strength checking and random passphrase generator programs, respectively, which are usable from scripts. -- .''`. martin f. krafft Related projects: : :' : proud Debian developer http://debiansystem.info `. `'` http://people.debian.org/~madduckhttp://vcs-pkg.org `- Debian - when you have better things to do than fixing systems digital_signature_gpg.asc Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current) --- End Message --- --- Begin Message --- Source: passwdqc Source-Version: 1.3.0-1 We believe that the bug you reported is fixed in the latest version of passwdqc, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 719...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Jackson Doak (supplier of updated passwdqc package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sat, 10 Aug 2013 07:34:51 +1000 Source: passwdqc Binary: passwdqc libpasswdqc0 libpasswdqc-dev libpam-passwdqc Architecture: source amd64 all Version: 1.3.0-1 Distribution: unstable Urgency: low Maintainer: Jackson Doak Changed-By: Jackson Doak Description: libpam-passwdqc - PAM module for password strength policy enforcement libpasswdqc-dev - password checking and policy enforcement library (devel) libpasswdqc0 - password strength checking and policy enforcement library passwdqc - password strength checking and policy enforcement toolset Closes: 676290 719106 Changes: passwdqc (1.3.0-1) unstable; urgency=low . * Set myself as maintainer. closes: #719106 * Update debian/watch. * New upstream release. * Update to standards version 3.9.4. closes: #676290 * Generate symbols Checksums-Sha1: 74e34434779c27a07e623eedbf1f87908e1135de 2160 passwdqc_1.3.0-1.dsc adc85fbfeb32548984ddee11af356719b6747185 48833 passwdqc_1.3.0.orig.tar.gz ce3d60f369a90654aabe0fb12457d7e0c45c0804 7073 passwdqc_1.3.0-1.debian.tar.gz c39db2858874344b751945f652743260bb047d1d 17080 passwdqc_1.3.0-1_amd64.deb fd7da17958ca39848cd3db32aa4cc9bf9bcb2fb0 19676 libpasswdqc0_1.3.0-1_amd64.deb b2254fe5f6857a17aa3d5e0126c22f06f744097f 4606 libpasswdqc-dev_1.3.0-1_all.deb 7ef6ea98a53b424bb1fc659471fef35d30b1 15086 libpam-passwdqc_1.3.0-1_amd64.deb Checksums-Sha256: cdf1c1457e63cd984c2c953c6095a44c3b9d3ed6b5ac5608e9ac946ec8cb36e4 2160 passwdqc_1.3.0-1.dsc 23290ac21a055d9039b510bbc0d830a6dbf4295688d4317e0350ed4b6e5e7f50 48833 passwdqc_1.3.0.orig.tar.gz 29a46a54d6c3e180177eece9f3c3adb58deb5a78a5bfbf571ac2684132b31960 7073 passwdqc_1.3.0-1.debian.tar.gz c40d04188ed204d1cf9186b51fba03e5e266ffd44c2492ee3bad84f35670fc07 17080 passwdqc_1.3.0-1_amd64.deb bee22522367368bcf626a47d3babd60822477bd18d9de26d4654bf9c77d9b82a 19676 libpasswdqc0_1.3.0-1_amd64.deb 3931833c058747593b7b386ace7456f22e5e05cb1990897f5bc1035552cac865 4606 libpasswdqc-dev_1.3.0-1_all.deb 30bf3672138cc9507ec475c508790bff4e50b6520cbb036b5e8d089d444d4517 15086 libpam-passwdqc_1.3.0-1_amd64.deb Files: 458204f81deeccb92748ac7e2ec282b3 2160 admin optional passwdqc_1.3.0-1.dsc 3225280caba817c7009dffc157efc1b9 48833 admin optional passwdqc_1.3.0.orig.tar.gz ed69f277c32772f3c8357bf08dfc1b3b 7073 admin optional passwdqc_1.3.0-1.debian.tar.gz 82835389fd1fd01ea5e4b36e08fa718c
Bug#719106: RFA: passwdqc -- password strength checking and policy enforcement toolset
also sprach Antoine Beaupré [2013-09-17 16:25 +0200]: > Humm... I am not sure! It sure looks like a hardening flag issue, > but really - is that blocking adoption of the package? Maybe that > can be made into a bug report that can be worked on in the long > term, but the package can still be uploaded? Done, and filed a new bug report about the relro thing. -- .''`. martin f. krafft Related projects: : :' : proud Debian developer http://debiansystem.info `. `'` http://people.debian.org/~madduckhttp://vcs-pkg.org `- Debian - when you have better things to do than fixing systems digital_signature_gpg.asc Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)
Bug#719106: RFA: passwdqc -- password strength checking and policy enforcement toolset
also sprach Antoine Beaupré [2013.09.17.1625 +0200]: > Or is this a regression? It's a regression, but obviously I don't want to spoil Jackson's fun. It's just a Lintian warning too, so I suppose we should upload and then solve it. I am on the road. Unless someone else does, I can look at this on Friday. -- .''`. martin f. krafft Related projects: : :' : proud Debian developer http://debiansystem.info `. `'` http://people.debian.org/~madduckhttp://vcs-pkg.org `- Debian - when you have better things to do than fixing systems digital_signature_gpg.asc Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)
Bug#719106: RFA: passwdqc -- password strength checking and policy enforcement toolset
It's a regression, but i think it's because the updates allow it to be found by lintian. On Wed, Sep 18, 2013 at 6:30 AM, martin f krafft wrote: > also sprach Antoine Beaupré [2013.09.17.1625 +0200]: >> Or is this a regression? > > It's a regression, but obviously I don't want to spoil Jackson's > fun. It's just a Lintian warning too, so I suppose we should upload > and then solve it. > > I am on the road. Unless someone else does, I can look at this on > Friday. > > -- > .''`. martin f. krafft Related projects: > : :' : proud Debian developer http://debiansystem.info > `. `'` http://people.debian.org/~madduckhttp://vcs-pkg.org > `- Debian - when you have better things to do than fixing systems -- To UNSUBSCRIBE, email to debian-wnpp-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CA+K2i_3vjoj+cCrBDS0eRJÀfpysggkrxgzu4hed5majfp...@mail.gmail.com
Bug#719106: RFA: passwdqc -- password strength checking and policy enforcement toolset
On 2013-09-13 02:13:50, martin f krafft wrote: > also sprach anarcat [2013.09.13.0150 +0200]: >> What's the status here, you guys need help? > > The lintian warning is the following, and I have no idea what this > is about or how to fix it: > > W: libpasswdqc0: hardening-no-relro lib/libpasswdqc.so.0 > N: > N:This package provides an ELF binary that lacks the "read-only > N:relocation" link flag. This package was likely not built with the > N:default Debian compiler flags defined by dpkg-buildflags. If built using > N:dpkg-buildflags directly, be sure to import LDFLAGS. > N: > N:Refer to http://wiki.debian.org/Hardening for details. > N: > N:Severity: normal, Certainty: certain > N: > N:Check: binaries, Type: binary, udeb > N: > > > Do you? > > Jackson: I suggest writing a mail to debian-mentors@lists.d.o, and > if that does not work, turn to debian-devel@lists.d.o. > > I am sorry I cannot be of more help… Humm... I am not sure! It sure looks like a hardening flag issue, but really - is that blocking adoption of the package? Maybe that can be made into a bug report that can be worked on in the long term, but the package can still be uploaded? Or is this a regression? A. -- Advertisers, not governments, are the primary censors of media content in the United States today. - C. Edwin Baker http://www.ad-mad.co.uk/quotes/freespeech.htm pgp64AjYoq3oD.pgp Description: PGP signature
Bug#719106: RFA: passwdqc -- password strength checking and policy enforcement toolset
also sprach anarcat [2013.09.13.0150 +0200]: > What's the status here, you guys need help? The lintian warning is the following, and I have no idea what this is about or how to fix it: W: libpasswdqc0: hardening-no-relro lib/libpasswdqc.so.0 N: N:This package provides an ELF binary that lacks the "read-only N:relocation" link flag. This package was likely not built with the N:default Debian compiler flags defined by dpkg-buildflags. If built using N:dpkg-buildflags directly, be sure to import LDFLAGS. N: N:Refer to http://wiki.debian.org/Hardening for details. N: N:Severity: normal, Certainty: certain N: N:Check: binaries, Type: binary, udeb N: Do you? Jackson: I suggest writing a mail to debian-mentors@lists.d.o, and if that does not work, turn to debian-devel@lists.d.o. I am sorry I cannot be of more help… -- .''`. martin f. krafft Related projects: : :' : proud Debian developer http://debiansystem.info `. `'` http://people.debian.org/~madduckhttp://vcs-pkg.org `- Debian - when you have better things to do than fixing systems digital_signature_gpg.asc Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)
Bug#719106: RFA: passwdqc -- password strength checking and policy enforcement toolset
I've got a version on mentors, but i couldn't get hardening to work. 2013/9/13 anarcat : > What's the status here, you guys need help? > > -- > La guerre, c'est le massacre d'hommes qui ne se connaissent pas, > au profit d'hommes qui se connaissent mais ne se massacreront pas. > - Paul Valéry -- To UNSUBSCRIBE, email to debian-wnpp-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/ca+k2i_1ms4gcyejbw-feorsdboeh7cjmvkxussrmfsdyczd...@mail.gmail.com
Bug#719106: RFA: passwdqc -- password strength checking and policy enforcement toolset
What's the status here, you guys need help? -- La guerre, c'est le massacre d'hommes qui ne se connaissent pas, au profit d'hommes qui se connaissent mais ne se massacreront pas. - Paul Valéry signature.asc Description: Digital signature
Bug#719106:
also sprach Jackson Doak [2013.08.10.0842 +0200]: > I'll try and fix a few more lintian errors now, can you have > a look at the symbols stuff as i don't really understand it. The problem seems to be that the upstream Makefile overwrites (rather than extends) CFLAGS/LDFLAGS passed in. This will need to be fixed. I now have to go to a 70th birthday and will return to DebConf tomorrow, so unless you had a look this weekend, I'll get to it. Okay if we wait with the upload? -- .''`. martin f. krafft Related projects: : :' : proud Debian developer http://debiansystem.info `. `'` http://people.debian.org/~madduckhttp://vcs-pkg.org `- Debian - when you have better things to do than fixing systems "without music, life would be a mistake." - friedrich nietzsche digital_signature_gpg.asc Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)
Bug#719106:
I've re-uploaded, with most of the lintian errors fixed. This is ready for upload to unstable On Sat, Aug 10, 2013 at 4:42 PM, Jackson Doak wrote: > I'll try and fix a few more lintian errors now, can you have a look at > the symbols stuff as i don't really understand it. > > On Sat, Aug 10, 2013 at 4:36 PM, martin f krafft wrote: >> also sprach Jackson Doak [2013.08.10.0754 +0200]: >>> I have uploaded a new version to >>> https://mentors.debian.net/package/passwdqc . Could you please >>> sponsor it? >> >> Oh, great! I will be happy to sponsor your uploads of passwdqc. >> >> There are a number of lintian warnings, probably from the time when >> I maintained it. The one about the copyright format is really easy >> to fix (empty lines inside the BSD licence need to be replaced with >> a single space). >> >> Also, there's a problem with the manpage that is trivially fixed. >> >> I don't quite understand the thing about relro and hardening. Do >> you? >> >> Would you talk to upstream about the lack of a changelog? >> >> Let me know if we can try to fix these issues before we upload >> 1.3.0-1, or whether you'd prefer 1.3.0-1 to be uploaded and you then >> fix the issues for the next upload. >> >> Thanks! >> >> -- >> .''`. martin f. krafft Related projects: >> : :' : proud Debian developer http://debiansystem.info >> `. `'` http://people.debian.org/~madduckhttp://vcs-pkg.org >> `- Debian - when you have better things to do than fixing systems -- To UNSUBSCRIBE, email to debian-wnpp-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CA+K2i_2ySMf4ffSP8PeMkH0dxM94Hyqpygw82GdU1=tN5s5d=q...@mail.gmail.com
Bug#719106:
I'll try and fix a few more lintian errors now, can you have a look at the symbols stuff as i don't really understand it. On Sat, Aug 10, 2013 at 4:36 PM, martin f krafft wrote: > also sprach Jackson Doak [2013.08.10.0754 +0200]: >> I have uploaded a new version to >> https://mentors.debian.net/package/passwdqc . Could you please >> sponsor it? > > Oh, great! I will be happy to sponsor your uploads of passwdqc. > > There are a number of lintian warnings, probably from the time when > I maintained it. The one about the copyright format is really easy > to fix (empty lines inside the BSD licence need to be replaced with > a single space). > > Also, there's a problem with the manpage that is trivially fixed. > > I don't quite understand the thing about relro and hardening. Do > you? > > Would you talk to upstream about the lack of a changelog? > > Let me know if we can try to fix these issues before we upload > 1.3.0-1, or whether you'd prefer 1.3.0-1 to be uploaded and you then > fix the issues for the next upload. > > Thanks! > > -- > .''`. martin f. krafft Related projects: > : :' : proud Debian developer http://debiansystem.info > `. `'` http://people.debian.org/~madduckhttp://vcs-pkg.org > `- Debian - when you have better things to do than fixing systems -- To UNSUBSCRIBE, email to debian-wnpp-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/ca+k2i_3gx1ksr_pwn9nk2ds1vhlxjor9dfmcumcp7sxtfu-...@mail.gmail.com
Bug#719106:
also sprach Jackson Doak [2013.08.10.0754 +0200]: > I have uploaded a new version to > https://mentors.debian.net/package/passwdqc . Could you please > sponsor it? Oh, great! I will be happy to sponsor your uploads of passwdqc. There are a number of lintian warnings, probably from the time when I maintained it. The one about the copyright format is really easy to fix (empty lines inside the BSD licence need to be replaced with a single space). Also, there's a problem with the manpage that is trivially fixed. I don't quite understand the thing about relro and hardening. Do you? Would you talk to upstream about the lack of a changelog? Let me know if we can try to fix these issues before we upload 1.3.0-1, or whether you'd prefer 1.3.0-1 to be uploaded and you then fix the issues for the next upload. Thanks! -- .''`. martin f. krafft Related projects: : :' : proud Debian developer http://debiansystem.info `. `'` http://people.debian.org/~madduckhttp://vcs-pkg.org `- Debian - when you have better things to do than fixing systems digital_signature_gpg.asc Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)
Bug#719106:
I have uploaded a new version to https://mentors.debian.net/package/passwdqc . Could you please sponsor it? -- To UNSUBSCRIBE, email to debian-wnpp-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CA+K2i_2=oacgbdq50qkp_iqqx5w_k7+ahh4km0ohmy5qcat...@mail.gmail.com
Bug#719106: RFA: passwdqc -- password strength checking and policy enforcement toolset
Package: wnpp Severity: normal I request an adopter for the passwdqc package. The package description is: passwdqc is a password/passphrase strength checking and policy enforcement toolset, including a PAM module (libpam-passwdqc), command-line programs (pwqcheck and pwqgen), and a library (libpasswdqc0). . This package provides pwqcheck and pwqgen, which are standalone password/passphrase strength checking and random passphrase generator programs, respectively, which are usable from scripts. -- .''`. martin f. krafft Related projects: : :' : proud Debian developer http://debiansystem.info `. `'` http://people.debian.org/~madduckhttp://vcs-pkg.org `- Debian - when you have better things to do than fixing systems digital_signature_gpg.asc Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)