Re: [Pkg-javascript-devel] pre-spring cleaning, please advise

2017-01-27 Thread Ben Finney 
Jérémy Lal  writes:

> - or having a reverse (build-)dependency, or what's the point ?

I am very much in favour of this: node libraries should be in Debian to
provide a library that is needed for some actual program of benefit to
Debian users.

But my eagerness to remove useless packages makes me worry that some
useful ones could be swept up also.

One use case I don't see addressed: How will we ensure that a library is
not needed for some other package not yet uploaded to Debian?

-- 
 \ “The aim of science is not to open the door to infinite wisdom, |
  `\but to set some limit on infinite error.” —Bertolt Brecht, |
_o__)_Leben des Galilei_, 1938 |
Ben Finney


-- 
Pkg-javascript-devel mailing list
Pkg-javascript-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-javascript-devel

[Pkg-javascript-devel] pre-spring cleaning, please advise

2017-01-27 Thread Jérémy Lal 
Would it be a good idea to keep in next release only
node packages matching one of these conditions:

- providing a meaningful binary (not that stupid rimraf,
but marked-man of course yes)

- or depending on node-gyp (keep them because that's what
debian nodejs addons do best, npm sucks at installing
nodejs addons depending on system libs).

- or having a reverse (build-)dependency, or what's the point ?

- or being less than one year (approx.) behind upstream (yes i think npm
or node-postgres should not be in next stable)

If we don't take some action before release, users are going to be angry
of the poor quality of the packages we put in stable.
I have my share of responsibility in that fact, in this email is an attempt
at fixing things... Thank you for considering it seriously.

Jérémy


-- 
Pkg-javascript-devel mailing list
Pkg-javascript-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-javascript-devel

[Pkg-javascript-devel] Bug#699482: marked as done (CVE-2011-4969: jQuery 1.6.2 XSS)

2017-01-27 Thread Debian Bug Tracking System 
Your message dated Fri, 27 Jan 2017 22:05:43 +0100
with message-id 
and subject line CVE-2011-4969 was fixed in Debian in 2011
has caused the Debian Bug report #699482,
regarding CVE-2011-4969: jQuery 1.6.2 XSS
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
699482: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699482
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: jquery
Severity: important
Tags: security squeeze
Justification: user security hole

Hi there,
   It's 2011 calling :)
   The CVE-2011-4969 for this issue:
http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/
   I'm not sure if squeeze (1.4.2-2) is affected. Any way to check it?
  
Cheers,
luciano
--- End Message ---
--- Begin Message ---
Version: 1.6.4-1

Bug maintenance.

CVE-2011-4969 was fixed upstream in 1.6.3 which was accepted in Debian
via 1.6.4-1 on 2011-09-27. All current supported Debian versions are fixed.

Paul



signature.asc
Description: OpenPGP digital signature
--- End Message ---
-- 
Pkg-javascript-devel mailing list
Pkg-javascript-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-javascript-devel

[Pkg-javascript-devel] RFS: node-home-path-1.0.3

2017-01-27 Thread Tushar Agey 
I have packaged "node-home-path". I have made it lintian-clean and
have tested it using sbuild.

It is available on the repository:

https://git.fosscommunity.in/tushar/node-home-path.git

I would like to have it sponsored!
Thank you for your valuable time!

-- 
Pkg-javascript-devel mailing list
Pkg-javascript-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-javascript-devel

[Pkg-javascript-devel] RFS: node-widest-line-1.0.0

2017-01-27 Thread Tushar Agey 
I have packaged "node-widest-line". I have made it lintian-clean and
have tested
it using sbuild.

It is available on the repository:

https://git.fosscommunity.in/tushar/node-widest-line.git

I would like to have it sponsored!
Thank you for your valuable time!

-- 
Pkg-javascript-devel mailing list
Pkg-javascript-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-javascript-devel

[Pkg-javascript-devel] RFS: node-duplexer3-0.1.4

2017-01-27 Thread Tushar Agey 
I have packaged "node-duplexer3". I have made it lintian-clean and
have tested
it using sbuild.

It is available on the repository:

https://git.fosscommunity.in/tushar/node-duplexer3.git

I would like to have it sponsored!
Thank you for your valuable time!

-- 
Pkg-javascript-devel mailing list
Pkg-javascript-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-javascript-devel

[Pkg-javascript-devel] Bug#852775: npm2deb search should look in experimental as well

2017-01-27 Thread Pirate Praveen 
package: npm2deb
version: 0.2.6-1
severity: important

$ npm2deb search timed-out

Looking for similiar package:
  None

Looking for existing repositories:
  None

Looking for wnpp bugs:
  None

Looking for packages in NEW:
  None

pravi@nishumbha:~$

This is already packaged in experimental
https://tracker.debian.org/pkg/node-timed-out so it leads to duplication
of effort.



signature.asc
Description: OpenPGP digital signature
-- 
Pkg-javascript-devel mailing list
Pkg-javascript-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-javascript-devel

[Pkg-javascript-devel] node-asynckit_0.4.0-1_amd64.changes is NEW

2017-01-27 Thread Debian FTP Masters 
binary:node-asynckit is NEW.
binary:node-asynckit is NEW.
source:node-asynckit is NEW.

Your package has been put into the NEW queue, which requires manual action
from the ftpteam to process. The upload was otherwise valid (it had a good
OpenPGP signature and file hashes are valid), so please be patient.

Packages are routinely processed through to the archive, and do feel
free to browse the NEW queue[1].

If there is an issue with the upload, you will receive an email from a
member of the ftpteam.

If you have any questions, you may reply to this email.

[1]: https://ftp-master.debian.org/new.html
 or https://ftp-master.debian.org/backports-new.html for *-backports

-- 
Pkg-javascript-devel mailing list
Pkg-javascript-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-javascript-devel

[Pkg-javascript-devel] Processing of node-asynckit_0.4.0-1_amd64.changes

2017-01-27 Thread Debian FTP Masters 
node-asynckit_0.4.0-1_amd64.changes uploaded successfully to localhost
along with the files:
  node-asynckit_0.4.0-1.dsc
  node-asynckit_0.4.0.orig.tar.gz
  node-asynckit_0.4.0-1.debian.tar.xz
  node-asynckit_0.4.0-1_all.deb
  node-asynckit_0.4.0-1_amd64.buildinfo

Greetings,

Your Debian queue daemon (running on host usper.debian.org)

-- 
Pkg-javascript-devel mailing list
Pkg-javascript-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-javascript-devel

Re: [Pkg-javascript-devel] RFS: asynckit

2017-01-27 Thread Pirate Praveen 
On വെള്ളി 27 ജനുവരി 2017 01:13 രാവിലെ, Aditya Neralkar wrote:
> I've added all .js files. Sorry for late response.

Uploaded, thanks! Please add debian/0.4.0-1 to your repo.



signature.asc
Description: OpenPGP digital signature
-- 
Pkg-javascript-devel mailing list
Pkg-javascript-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-javascript-devel

Re: [Pkg-javascript-devel] lots of requests to join pkg-javascript

2017-01-27 Thread Pirate Praveen 
Thanks to a bug in npm2deb search which does not look in experimental
and our excellent on boarding practices which prefers keeping new git
repos out of team repo in alioth, people are duplicating work, packaging
already packaged node modules (node-timed-out and node-cli-spinners
already, I expect more duplication). I don't see the same level of
enthusiasm to import those repos to alioth (I'm not going to do it as I
strongly disagree with the unilateral decision of rejecting their alioth
requests based on one person's prejudice, it is also unnecessary extra
work for the team, those who advocated this setup should be willing to
take the extra work).



signature.asc
Description: OpenPGP digital signature
-- 
Pkg-javascript-devel mailing list
Pkg-javascript-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-javascript-devel

Re: [Pkg-javascript-devel] RFS: node-cli-spinners-1.0.0

2017-01-27 Thread Pirate Praveen 
On വെള്ളി 27 ജനുവരി 2017 10:35 രാവിലെ, Tushar Agey wrote:
> I have packaged "node-cli-spinners". I have made it lintian-clean and
> have tested
> it using sbuild.
> 
> It is available on the repository: project link:-
> https://git.fosscommunity.in/tushar/node-cli-spinners.git
> 
> I would like to have it sponsored!
> Thank you for your valuable time!
> 
This is also packaged already.
https://tracker.debian.org/pkg/node-cli-spinners

Please check on tracker.debian.org before you start working until
npm2deb is fixed to look in experimental too.



signature.asc
Description: OpenPGP digital signature
-- 
Pkg-javascript-devel mailing list
Pkg-javascript-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-javascript-devel

Re: [Pkg-javascript-devel] RFS: node-timed-out_4.0.1

2017-01-27 Thread Pirate Praveen 
On വെള്ളി 27 ജനുവരി 2017 12:08 വൈകു, Tushar Agey wrote:
> I have packaged "node-timed-out". I have made it lintian-clean and
> have tested it using sbuild.
> 
> It is available on the repository: project link:-
> https://git.fosscommunity.in/tushar/node-timed-out.git
> 
> I would like to have it sponsored!
> Thank you for your valuable time!
> 

This is already packaged. https://tracker.debian.org/pkg/node-timed-out

pravi@nishumbha:~$ npm2deb search timed-out

Looking for similiar package:
  None

Looking for existing repositories:
  None

Looking for wnpp bugs:
  None

Looking for packages in NEW:
  None

pravi@nishumbha:~$

npm2deb currently looks for a package only in sid. And thanks to our
extra bureaucratic team setup, this was never imported to alioth. Some
people in the team wants to enforce their wishes on other team members
without volunteering to do the extra work caused by their unilateral
decisions.



signature.asc
Description: OpenPGP digital signature
-- 
Pkg-javascript-devel mailing list
Pkg-javascript-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-javascript-devel