Re: netcat-openbsd implementations
On Tue, Dec 27, 2016 at 5:42 PM, ng0wrote: > Hi Aron, > > Aron Xu writes: > >> Hi there, >> >> On Tue, Jul 12, 2016 at 5:19 PM, Ludovic Courtès wrote: >>> Hi, >>> >>> ng0 skribis: >>> Aron Xu writes: >>> >>> [...] >>> > I don't treat this netcat-openbsd a full fork even if it's targeting > an older revision at the moment. Also, maintaining patches are very > easy using the git-buildpackage[1] tools for Debian packages. > > [1]https://wiki.debian.org/PackagingWithGit > >> >> Third option I thought of, could Debian provide a tarball of >> the orig-source with the patches applied, so there's no need >> to conflict with systems currently pulling one or both of the >> currently existing tarball. >> > > I think it is hardly possible to provide another tarball because > there's no way of doing that with current Debian infrastructure. But >>> >>> [...] >>> So what do others make of this? Ludovic, any follow-up thoughts or actions regarding our thread on this? >>> >>> I think it would be more convenient to have a source repo for >>> netcat-openbsd rather than the current setup with a set of >>> debian/*.patch files. >>> >>> Perhaps alioth.debian.org could host a netcat-openbsd project containing >>> the GNU/Linux port (with all the patches applied), from which both the >>> Debian package and the Guix package would be built? >>> >>> If that’s not an option then yes, you can do as you proposed, ng0. >>> >>> Ludo’. > > To me it still looks like the layout and releases did not include > any of the listed above, so if I'll package openbsd-netcat with > patches in the source sometime next year. > >> We've updated netcat-openbsd package to 1.130 with all patches >> refreshed, if you have plan to follow the update then it's the time, >> :) >> >> Cheers, >> Aron > > Thanks for your message on the update. So far the package on our > (my) side is stuck in the TODO phase of applying the patches as > it's not a priority for me. > > I have no idea about the Debian project organization, but > if it's not already an open bug, could you open a bug for your > infrastructure and/or openbsd-netcat about what Ludovic wrote > here: > > > >Perhaps alioth.debian.org could host a netcat-openbsd project containing >the GNU/Linux port (with all the patches applied), from which both the >Debian package and the Guix package would be built? > > > > This would make work on our side (and possibly also other systems > distributing your version of netcat) much easier, otherwise I'll > just pull in the patches. > I've said before that I don't treat it as a fork, so sorry I'm not going to request that feature on Debian's infrastructure. Thanks, Aron
Re: netcat-openbsd implementations
Hi Aron, Aron Xuwrites: > Hi there, > > On Tue, Jul 12, 2016 at 5:19 PM, Ludovic Courtès wrote: >> Hi, >> >> ng0 skribis: >> >>> Aron Xu writes: >> >> [...] >> I don't treat this netcat-openbsd a full fork even if it's targeting an older revision at the moment. Also, maintaining patches are very easy using the git-buildpackage[1] tools for Debian packages. [1]https://wiki.debian.org/PackagingWithGit > > Third option I thought of, could Debian provide a tarball of > the orig-source with the patches applied, so there's no need > to conflict with systems currently pulling one or both of the > currently existing tarball. > I think it is hardly possible to provide another tarball because there's no way of doing that with current Debian infrastructure. But >> >> [...] >> >>> So what do others make of this? >>> Ludovic, any follow-up thoughts or actions regarding our thread >>> on this? >> >> I think it would be more convenient to have a source repo for >> netcat-openbsd rather than the current setup with a set of >> debian/*.patch files. >> >> Perhaps alioth.debian.org could host a netcat-openbsd project containing >> the GNU/Linux port (with all the patches applied), from which both the >> Debian package and the Guix package would be built? >> >> If that’s not an option then yes, you can do as you proposed, ng0. >> >> Ludo’. To me it still looks like the layout and releases did not include any of the listed above, so if I'll package openbsd-netcat with patches in the source sometime next year. > We've updated netcat-openbsd package to 1.130 with all patches > refreshed, if you have plan to follow the update then it's the time, > :) > > Cheers, > Aron Thanks for your message on the update. So far the package on our (my) side is stuck in the TODO phase of applying the patches as it's not a priority for me. I have no idea about the Debian project organization, but if it's not already an open bug, could you open a bug for your infrastructure and/or openbsd-netcat about what Ludovic wrote here: Perhaps alioth.debian.org could host a netcat-openbsd project containing the GNU/Linux port (with all the patches applied), from which both the Debian package and the Guix package would be built? This would make work on our side (and possibly also other systems distributing your version of netcat) much easier, otherwise I'll just pull in the patches. Thanks, -- ♥Ⓐ ng0 PGP keys and more: https://n0is.noblogs.org/ http://ng0.chaosnet.org
Re: netcat-openbsd implementations
Hi there, On Tue, Jul 12, 2016 at 5:19 PM, Ludovic Courtèswrote: > Hi, > > ng0 skribis: > >> Aron Xu writes: > > [...] > >>> I don't treat this netcat-openbsd a full fork even if it's targeting >>> an older revision at the moment. Also, maintaining patches are very >>> easy using the git-buildpackage[1] tools for Debian packages. >>> >>> [1]https://wiki.debian.org/PackagingWithGit >>> Third option I thought of, could Debian provide a tarball of the orig-source with the patches applied, so there's no need to conflict with systems currently pulling one or both of the currently existing tarball. >>> >>> I think it is hardly possible to provide another tarball because >>> there's no way of doing that with current Debian infrastructure. But > > [...] > >> So what do others make of this? >> Ludovic, any follow-up thoughts or actions regarding our thread >> on this? > > I think it would be more convenient to have a source repo for > netcat-openbsd rather than the current setup with a set of > debian/*.patch files. > > Perhaps alioth.debian.org could host a netcat-openbsd project containing > the GNU/Linux port (with all the patches applied), from which both the > Debian package and the Guix package would be built? > > If that’s not an option then yes, you can do as you proposed, ng0. > > Ludo’. We've updated netcat-openbsd package to 1.130 with all patches refreshed, if you have plan to follow the update then it's the time, :) Cheers, Aron
Re: netcat-openbsd implementations
Hi, ng0skribis: > Aron Xu writes: [...] >> I don't treat this netcat-openbsd a full fork even if it's targeting >> an older revision at the moment. Also, maintaining patches are very >> easy using the git-buildpackage[1] tools for Debian packages. >> >> [1]https://wiki.debian.org/PackagingWithGit >> >>> >>> Third option I thought of, could Debian provide a tarball of >>> the orig-source with the patches applied, so there's no need >>> to conflict with systems currently pulling one or both of the >>> currently existing tarball. >>> >> >> I think it is hardly possible to provide another tarball because >> there's no way of doing that with current Debian infrastructure. But [...] > So what do others make of this? > Ludovic, any follow-up thoughts or actions regarding our thread > on this? I think it would be more convenient to have a source repo for netcat-openbsd rather than the current setup with a set of debian/*.patch files. Perhaps alioth.debian.org could host a netcat-openbsd project containing the GNU/Linux port (with all the patches applied), from which both the Debian package and the Guix package would be built? If that’s not an option then yes, you can do as you proposed, ng0. Ludo’.
Re: netcat-openbsd implementations
Aron Xu writes: > Hi, > > See comment below, > > On Wed, Jun 29, 2016 at 8:13 PM,wrote: >> >> Hi, >> >> I've seen you as the last person commiting to netcat-openbsd >> for Debian in 2012[2]. >> >> I have written a package definition for netcat-openbsd for Guix. >> >> At Guix we don't want to maintain forks through in-tree patchsets >> and avoid it whenever possible. Patches are usually for fixing >> CVEs and fixing severe build problems specific to guix. >> >> Now this is a problem which is reflected in the thread at [0] >> (discussing the netcat-openbsd package). >> >> Resulting from the discussion I have questions for you: >> >> 1. I'd like to know if Debian could merge the specific changes >>applied to the OpenBSD package, available in the patches set, >>into the OpenBSD GNU-linux port. >>If this is not possible, could you give us the reason for it? >>My impression is that at least Gentoo, Gentoo deriviates and >>based systems, Archlinux, and Debian use the orig-source + >>the patches tarball. >> > > This is long overdue - my intention was to keep netcat-openbsd to > track the development of the openbsd one, but it appears not happened > that way. > >> 2. Did you try to merge more generic changes back to OpenBSD? >> >>From what I've seen so far, those are bug fixes and a minority >>of feature fixes. >> > > Some of them was sent, but getting few responses. > >> 3. There's an initial statement in the README but as many of those >>are non-trivial patches, could you try and give an explanation >>on why they are needed, >>if they can't get merged into the Debian orig-source? >> > > I don't treat this netcat-openbsd a full fork even if it's targeting > an older revision at the moment. Also, maintaining patches are very > easy using the git-buildpackage[1] tools for Debian packages. > > [1]https://wiki.debian.org/PackagingWithGit > >> >> Third option I thought of, could Debian provide a tarball of >> the orig-source with the patches applied, so there's no need >> to conflict with systems currently pulling one or both of the >> currently existing tarball. >> > > I think it is hardly possible to provide another tarball because > there's no way of doing that with current Debian infrastructure. But > you can apply those patches easily using quilt[2]. In Debian, patches > are applied automatically when extracting the source package using > dpkg-source. > > [2]https://wiki.debian.org/UsingQuilt > >> We can apply all the patches in a way mentioned here [1], but >> because we collectively maintain all the packages/source instead >> of `n' specific packages per `n' specific developer(s) it would >> be good in case Debian can't merge the changes to be able to >> point to a reason. >> For this, I ask for your permission to quote parts you give me >> permission to use for, should for any reason this email >> discussion not end up completely CC'ed on guix-devel. >> > > No problem. > >> [0]: https://lists.gnu.org/archive/html/guix-devel/2016-06/msg00843.html >> [1]: https://lists.gnu.org/archive/html/guix-devel/2016-06/msg00909.html >> [2]: >> http://anonscm.debian.org/cgit/collab-maint/netcat-openbsd.git/commit/debian?id=db2b1d9a8d4644ef892f47d84606ee96598d23fb >> >> >> thanks, >> -- > > Best, > Aron Thanks for your reply, Aron. It's not very satisfying to read about the reactions of OpenBSD. So what do others make of this? Ludovic, any follow-up thoughts or actions regarding our thread on this? In my opinion we could apply the patches like you suggested, in the source and not as in-tree patches. -- ♥Ⓐ ng0 For non-prism friendly talk find me on http://www.psyced.org SecuShare – http://secushare.org
Re: netcat-openbsd implementations
Hi, See comment below, On Wed, Jun 29, 2016 at 8:13 PM,wrote: > > Hi, > > I've seen you as the last person commiting to netcat-openbsd > for Debian in 2012[2]. > > I have written a package definition for netcat-openbsd for Guix. > > At Guix we don't want to maintain forks through in-tree patchsets > and avoid it whenever possible. Patches are usually for fixing > CVEs and fixing severe build problems specific to guix. > > Now this is a problem which is reflected in the thread at [0] > (discussing the netcat-openbsd package). > > Resulting from the discussion I have questions for you: > > 1. I'd like to know if Debian could merge the specific changes >applied to the OpenBSD package, available in the patches set, >into the OpenBSD GNU-linux port. >If this is not possible, could you give us the reason for it? >My impression is that at least Gentoo, Gentoo deriviates and >based systems, Archlinux, and Debian use the orig-source + >the patches tarball. > This is long overdue - my intention was to keep netcat-openbsd to track the development of the openbsd one, but it appears not happened that way. > 2. Did you try to merge more generic changes back to OpenBSD? > >From what I've seen so far, those are bug fixes and a minority >of feature fixes. > Some of them was sent, but getting few responses. > 3. There's an initial statement in the README but as many of those >are non-trivial patches, could you try and give an explanation >on why they are needed, >if they can't get merged into the Debian orig-source? > I don't treat this netcat-openbsd a full fork even if it's targeting an older revision at the moment. Also, maintaining patches are very easy using the git-buildpackage[1] tools for Debian packages. [1]https://wiki.debian.org/PackagingWithGit > > Third option I thought of, could Debian provide a tarball of > the orig-source with the patches applied, so there's no need > to conflict with systems currently pulling one or both of the > currently existing tarball. > I think it is hardly possible to provide another tarball because there's no way of doing that with current Debian infrastructure. But you can apply those patches easily using quilt[2]. In Debian, patches are applied automatically when extracting the source package using dpkg-source. [2]https://wiki.debian.org/UsingQuilt > We can apply all the patches in a way mentioned here [1], but > because we collectively maintain all the packages/source instead > of `n' specific packages per `n' specific developer(s) it would > be good in case Debian can't merge the changes to be able to > point to a reason. > For this, I ask for your permission to quote parts you give me > permission to use for, should for any reason this email > discussion not end up completely CC'ed on guix-devel. > No problem. > [0]: https://lists.gnu.org/archive/html/guix-devel/2016-06/msg00843.html > [1]: https://lists.gnu.org/archive/html/guix-devel/2016-06/msg00909.html > [2]: > http://anonscm.debian.org/cgit/collab-maint/netcat-openbsd.git/commit/debian?id=db2b1d9a8d4644ef892f47d84606ee96598d23fb > > > thanks, > -- Best, Aron