Accepted boinc 7.6.33+dfsg-4exp1 (source) into experimental

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Tue, 25 Oct 2016 07:36:51 +0200 Source: boinc Binary: boinc boinc-client-nvidia-cuda boinc-client-opencl boinc-client-fglrx boinc-client boinc-screensaver boinc-manager boinc-dev libboinc-app-dev libboinc-app7 libboinc7

Accepted boinc 7.6.33+dfsg-4 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Tue, 25 Oct 2016 07:35:14 +0200 Source: boinc Binary: boinc boinc-client-nvidia-cuda boinc-client-opencl boinc-client-fglrx boinc-client boinc-screensaver boinc-manager boinc-dev libboinc-app-dev libboinc-app7 libboinc7

Accepted cherrytree 0.37.6-1 (source all) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Mon, 24 Oct 2016 21:48:13 -0700 Source: cherrytree Binary: cherrytree Architecture: source all Version: 0.37.6-1 Distribution: unstable Urgency: medium Maintainer: Python Applications Packaging Team

Accepted dos2unix 7.3.4-1 (source amd64) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 24 Oct 2016 20:51:11 +0300 Source: dos2unix Binary: dos2unix Architecture: source amd64 Version: 7.3.4-1 Distribution: unstable Urgency: medium Maintainer: Jari Aalto Changed-By: Jari Aalto

Accepted debdry 0.2.2-1 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Tue, 25 Oct 2016 09:19:23 +0800 Source: debdry Binary: debdry Architecture: source Version: 0.2.2-1 Distribution: unstable Urgency: medium Maintainer: Debian QA Group Changed-By: Paul Wise

Accepted classic-theme-restorer 1.5.8.1-1 (all source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 24 Oct 2016 20:09:43 -0700 Source: classic-theme-restorer Binary: xul-ext-classic-theme-restorer Architecture: all source Version: 1.5.8.1-1 Distribution: unstable Urgency: medium Maintainer: Debian Mozilla Extension

Re: client-side signature checking of Debian archives (Re: When should we https our mirrors?)

Paul Wise writes: > Debian has Tor onion service frontends to various Debian services, > including several Debian machines with archive mirrors, this is > implemented in an automated way using Puppet and onionbalance. So we do > not rely on Tor exit nodes, just relays and the

"PIE by default" transition is underway -- wiki needs updating

Hi, I haven't been paying close attention to the "PIE by default" [1] discussions, so I may have missed the memo, but: it seems the transition is underway? I've seen two bugs already claiming "static library foo must be compiled with -fPIC" -- because some reverse dependency now fails to

Re: client-side signature checking of Debian archives (Re: When should we https our mirrors?)

On Tue, Oct 25, 2016 at 7:33 AM, Russ Allbery wrote: > Tor is easier for us as a project, since we don't really have to do > anything (assuming we just rely on existing exit nodes). Debian has Tor onion service frontends to various Debian services, including several Debian machines with archive

Accepted haskell-pango 0.13.3.0-2 (source) into experimental

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 24 Oct 2016 21:23:55 -0400 Source: haskell-pango Binary: libghc-pango-dev libghc-pango-prof libghc-pango-doc Architecture: source Version: 0.13.3.0-2 Distribution: experimental Urgency: medium Maintainer: Debian Haskell Group

Accepted haskell-gio 0.13.3.0-2 (source) into experimental

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 24 Oct 2016 21:23:48 -0400 Source: haskell-gio Binary: libghc-gio-dev libghc-gio-prof libghc-gio-doc Architecture: source Version: 0.13.3.0-2 Distribution: experimental Urgency: medium Maintainer: Debian Haskell Group

Accepted haskell-gtk3 0.14.5-2 (source) into experimental

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 24 Oct 2016 21:23:53 -0400 Source: haskell-gtk3 Binary: libghc-gtk3-dev libghc-gtk3-prof libghc-gtk3-doc Architecture: source Version: 0.14.5-2 Distribution: experimental Urgency: medium Maintainer: Debian Haskell Group

Accepted haskell-gtk 0.14.5-2 (source) into experimental

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 24 Oct 2016 21:23:52 -0400 Source: haskell-gtk Binary: libghc-gtk-dev libghc-gtk-prof libghc-gtk-doc Architecture: source Version: 0.14.5-2 Distribution: experimental Urgency: medium Maintainer: Debian Haskell Group

Accepted haskell-cairo 0.13.3.0-2 (source) into experimental

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 24 Oct 2016 21:23:44 -0400 Source: haskell-cairo Binary: libghc-cairo-dev libghc-cairo-prof libghc-cairo-doc Architecture: source Version: 0.13.3.0-2 Distribution: experimental Urgency: medium Maintainer: Debian Haskell Group

Accepted haskell-cryptonite 0.20-3 (source) into experimental

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 24 Oct 2016 20:08:40 -0400 Source: haskell-cryptonite Binary: libghc-cryptonite-dev libghc-cryptonite-prof libghc-cryptonite-doc Architecture: source Version: 0.20-3 Distribution: experimental Urgency: medium Maintainer:

Accepted chaosreader 0.94-8 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Mon, 24 Oct 2016 21:22:07 -0200 Source: chaosreader Binary: chaosreader Architecture: source Version: 0.94-8 Distribution: unstable Urgency: medium Maintainer: Debian Forensics Changed-By:

Accepted network-manager-strongswan 1.4.1-1 (amd64 source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Sat, 22 Oct 2016 14:25:40 +0200 Source: network-manager-strongswan Binary: network-manager-strongswan Architecture: amd64 source Version: 1.4.1-1 Distribution: unstable Urgency: medium Maintainer: Harald Dunkel

Accepted mdbtools 0.7.1-5 (source amd64 all) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Mon, 24 Oct 2016 23:17:53 +0200 Source: mdbtools Binary: mdbtools mdbtools-gmdb mdbtools-dev libmdb2 libmdbsql2 odbc-mdbtools mdbtools-dbg mdbtools-doc Architecture: source amd64 all Version: 0.7.1-5 Distribution: unstable

Accepted haskell-stack 1.1.2-5 (source) into experimental

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 24 Oct 2016 18:49:40 -0400 Source: haskell-stack Binary: haskell-stack Architecture: source Version: 1.1.2-5 Distribution: experimental Urgency: medium Maintainer: Debian Haskell Group

Accepted haskell-string-conversions 0.4-2 (source) into experimental

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sat, 15 Oct 2016 12:43:20 -0400 Source: haskell-string-conversions Binary: libghc-string-conversions-dev libghc-string-conversions-prof libghc-string-conversions-doc Architecture: source Version: 0.4-2 Distribution: experimental

Accepted gap-float 0.7.4+ds-3 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 20 Oct 2016 03:11:47 + Source: gap-float Binary: gap-float Architecture: source Version: 0.7.4+ds-3 Distribution: unstable Urgency: medium Maintainer: Debian Science Maintainers

Re: client-side signature checking of Debian archives (Re: When should we https our mirrors?)

Adrian Bunk writes: > The government operating or having access to the mirror you are using is > a lot more realistic and easier than the MITM with a fake certificate > you were talking about. Both of those were also in the category of things that I think are unlikely attacks

Accepted minissdpd 1.2.20130907-3.2 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 24 Oct 2016 08:54:59 +0100 Source: minissdpd Binary: minissdpd Architecture: source Version: 1.2.20130907-3.2 Distribution: unstable Urgency: high Maintainer: Thomas Goirand Changed-By: James Cowgill

Accepted ndppd 0.2.5-3 (source amd64) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Mon, 24 Oct 2016 23:57:20 +0200 Source: ndppd Binary: ndppd Architecture: source amd64 Version: 0.2.5-3 Distribution: unstable Urgency: medium Maintainer: Jean-Michel Vourgère Changed-By: Jean-Michel Vourgère

Accepted libpdl-io-hdf5-perl 1:0.73-3 (source amd64) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 24 Oct 2016 22:46:58 +0200 Source: libpdl-io-hdf5-perl Binary: libpdl-io-hdf5-perl Architecture: source amd64 Version: 1:0.73-3 Distribution: unstable Urgency: medium Maintainer: Debian Perl Group

Accepted libastro-fits-cfitsio-perl 1.11-2 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 24 Oct 2016 23:59:22 +0200 Source: libastro-fits-cfitsio-perl Binary: libastro-fits-cfitsio-perl Architecture: source Version: 1.11-2 Distribution: unstable Urgency: medium Maintainer: Debian Perl Group

Accepted libirman 0.5.2-0.2 (source) into experimental

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Mon, 24 Oct 2016 22:20:01 +0200 Source: libirman Binary: libirman-dev libirman0 lirc-drv-irman Architecture: source Version: 0.5.2-0.2 Distribution: experimental Urgency: medium Maintainer: lirc Maintainer Team

Accepted html-xml-utils 7.1-1 (source amd64) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Mon, 24 Oct 2016 22:47:52 +0200 Source: html-xml-utils Binary: html-xml-utils Architecture: source amd64 Version: 7.1-1 Distribution: unstable Urgency: medium Maintainer: Debian XML/SGML Group

Accepted gtk+3.0 3.22.2-1 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Tue, 25 Oct 2016 00:10:32 +0200 Source: gtk+3.0 Binary: libgtk-3-0 libgtk-3-0-udeb libgtk-3-common libgtk-3-bin libgtk-3-dev libgtk-3-doc gtk-3-examples gir1.2-gtk-3.0 gtk-update-icon-cache libgail-3-0 libgail-3-dev libgail-3-doc

Accepted gthumb 3:3.4.4.1-2 (source all amd64) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Mon, 24 Oct 2016 17:33:34 -0200 Source: gthumb Binary: gthumb gthumb-data gthumb-dev Architecture: source all amd64 Version: 3:3.4.4.1-2 Distribution: unstable Urgency: medium Maintainer: Herbert Parentes Fortes Neto

Accepted ghc 8.0.1-6 (source) into experimental

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 24 Oct 2016 19:48:26 +0300 Source: ghc Binary: ghc ghc-prof ghc-doc Architecture: source Version: 8.0.1-6 Distribution: experimental Urgency: medium Maintainer: Debian Haskell Group

Accepted gajim-urlimagepreview 0.9.8-1 (source all) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Mon, 24 Oct 2016 20:10:21 + Source: gajim-urlimagepreview Binary: gajim-urlimagepreview Architecture: source all Version: 0.9.8-1 Distribution: unstable Urgency: medium Maintainer: W. Martin Borgert

Accepted freezegun 0.3.7-1 (source all) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Tue, 25 Oct 2016 11:05:01 +1400 Source: freezegun Binary: python-freezegun python3-freezegun Architecture: source all Version: 0.3.7-1 Distribution: unstable Urgency: medium Maintainer: Federico Ceratto

Accepted dub 1.0.0-2 (source amd64) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Mon, 24 Oct 2016 21:11:00 +0200 Source: dub Binary: dub Architecture: source amd64 Version: 1.0.0-2 Distribution: unstable Urgency: medium Maintainer: Debian D Language Group Changed-By:

Accepted boinc 7.6.33+dfsg-3exp2 (source) into experimental

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Mon, 24 Oct 2016 23:52:37 +0200 Source: boinc Binary: boinc boinc-client-nvidia-cuda boinc-client-opencl boinc-client-fglrx boinc-client boinc-screensaver boinc-manager boinc-dev libboinc-app-dev libboinc-app7 libboinc7

Accepted boinc 7.6.33+dfsg-3exp1 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Mon, 24 Oct 2016 23:33:57 +0200 Source: boinc Binary: boinc boinc-client-nvidia-cuda boinc-client-opencl boinc-client-fglrx boinc-client boinc-screensaver boinc-manager boinc-dev libboinc-app-dev libboinc-app7 libboinc7

Accepted boinc 7.6.33+dfsg-3 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Mon, 24 Oct 2016 23:27:12 +0200 Source: boinc Binary: boinc boinc-client-nvidia-cuda boinc-client-opencl boinc-client-fglrx boinc-client boinc-screensaver boinc-manager boinc-dev libboinc-app-dev libboinc-app7 libboinc7

Accepted babeltrace 1.5.0~rc1-2 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 24 Oct 2016 16:26:46 -0400 Source: babeltrace Binary: babeltrace libbabeltrace1 libbabeltrace-dev libbabeltrace-ctf1 libbabeltrace-ctf-dev python3-babeltrace Architecture: source Version: 1.5.0~rc1-2 Distribution: unstable

Accepted autoradio 2.8.6-1 (source all) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Mon, 24 Oct 2016 21:19:09 +0200 Source: autoradio Binary: autoradio Architecture: source all Version: 2.8.6-1 Distribution: unstable Urgency: high Maintainer: Andrea Capriotti Changed-By: Andrea Capriotti

Re: client-side signature checking of Debian archives (Re: When should we https our mirrors?)

On Mon, Oct 24, 2016 at 09:22:39AM -0700, Russ Allbery wrote: > Adrian Bunk writes: > > On Sun, Oct 23, 2016 at 07:28:23PM -0700, Russ Allbery wrote: > > >>... > >> The value of HTTPS lies in its protection against passive snooping. Given > >> the sad state of the public CA

Bug#841978: ITP: opcua-client-gui -- simple OPC-UA GUI client

Package: wnpp Severity: wishlist Owner: "W. Martin Borgert" * Package name: opcua-client-gui Version : 0.4.5 Upstream Author : Olivier Roulet-Dubonnet * URL : https://github.com/FreeOpcUa/opcua-client-gui * License

Bug#841976: ITP: puppet-module-camptocamp-kmod -- Puppet module for managing kmod configuration

Package: wnpp Severity: wishlist Owner: Thomas Goirand * Package name: puppet-module-camptocamp-kmod Version : 2.1.1 Upstream Author : Raphaël Pinson * URL : https://github.com/camptocamp/puppet-kmod * License :

FTP Master move, second try | Upload queue

Hi first a short announce: Saturday (that is, 29th of October) we give it another shot of moving the ftp-master host, so expect another bit of downtime there. More importantly: With the changes to the upload queues I announced just yesterday, we turned off ftpd on the ftp-master host. Anyone who

Accepted mistral 3.0.0-2 (source all) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Wed, 19 Oct 2016 11:05:37 +0200 Source: mistral Binary: python-mistral mistral-common mistral-engine mistral-executor mistral-api Architecture: source all Version: 3.0.0-2 Distribution: unstable Urgency: medium Maintainer: PKG

Re: When should we https our mirrors?

On Mon, Oct 24, 2016 at 07:26:37PM +0200, Tollef Fog Heen wrote: > ]] Paul Tagliamonte > > On Mon, Oct 24, 2016 at 04:00:39PM +0100, Ian Jackson wrote: > > > It is also evident that there are some challenges for deploying TLS on > > > a mirror network and/or CDN. I don't think anyone is

Accepted emacs25 25.1+1-2 (source amd64 all) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Mon, 24 Oct 2016 13:10:40 -0500 Source: emacs25 Binary: emacs25-lucid emacs25-lucid-dbg emacs25-nox emacs25-nox-dbg emacs25 emacs25-dbg emacs25-bin-common emacs25-common emacs25-el Architecture: source amd64 all Version: 25.1+1-2

Accepted libmatio 1.5.9-1 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Sat, 22 Oct 2016 22:00:39 +0200 Source: libmatio Binary: libmatio-dev libmatio4 libmatio-doc Architecture: source Version: 1.5.9-1 Distribution: unstable Urgency: medium Maintainer: Debian Science Team

Accepted ltt-control 2.8.2-2 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 24 Oct 2016 14:23:55 -0400 Source: ltt-control Binary: lttng-tools liblttng-ctl0 liblttng-ctl-dev python3-lttng Architecture: source Version: 2.8.2-2 Distribution: unstable Urgency: medium Maintainer: Jon Bernard

Accepted libpng1.6 1.6.26-1 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Mon, 24 Oct 2016 19:36:32 +0200 Source: libpng1.6 Binary: libpng16-16 libpng-dev libpng-tools libpng16-16-udeb Architecture: source Version: 1.6.26-1 Distribution: unstable Urgency: low Maintainer: Anibal Monsalve Salazar

Accepted enigmail 2:1.9.5-4 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 24 Oct 2016 14:48:38 -0400 Source: enigmail Binary: enigmail Architecture: source Version: 2:1.9.5-4 Distribution: unstable Urgency: medium Maintainer: Debian Mozilla Extension Maintainers

Accepted csync2 2.0-8-g175a01c-4 (source amd64) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 23 Oct 2016 15:38:46 +0200 Source: csync2 Binary: csync2 Architecture: source amd64 Version: 2.0-8-g175a01c-4 Distribution: unstable Urgency: medium Maintainer: Debian HA Maintainers

Accepted babeltrace 1.5.0~rc1-1 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 24 Oct 2016 14:10:34 -0400 Source: babeltrace Binary: babeltrace libbabeltrace1 libbabeltrace-dev libbabeltrace-ctf1 libbabeltrace-ctf-dev python3-babeltrace Architecture: source Version: 1.5.0~rc1-1 Distribution: unstable

signature checking in libcupt (Re: client-side signature checking of Debian archives (Re: When should we https our mirrors?))

Hi Kristian, To one of your side questions, On 24.10.2016 02:33, Kristian Erik Hermansen wrote: >> 1) Checking chain (e.g. gpgv and its callers) have bugs. True, same as >> checking layer for secure transports also have bugs. > > Agreed. Please let me know of a good test case to validate that

Accepted node-sqlite3 3.1.6+ds1-1 (source amd64) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Mon, 24 Oct 2016 17:38:20 + Source: node-sqlite3 Binary: node-sqlite3 Architecture: source amd64 Version: 3.1.6+ds1-1 Distribution: unstable Urgency: low Maintainer: Debian Javascript Maintainers

Accepted mapbox-variant 1.1.3-1 (source all) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 24 Oct 2016 19:59:18 +0200 Source: mapbox-variant Binary: libmapbox-variant-dev Architecture: source all Version: 1.1.3-1 Distribution: unstable Urgency: medium Maintainer: Debian GIS Project

Accepted libnet-cli-interact-perl 2.200006-1 (source all) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Mon, 24 Oct 2016 19:39:54 +0200 Source: libnet-cli-interact-perl Binary: libnet-cli-interact-perl Architecture: source all Version: 2.26-1 Distribution: unstable Urgency: medium Maintainer: Debian Perl Group

Accepted gdal 2.1.2~rc4+dfsg-1~exp1 (source amd64 all) into experimental

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 24 Oct 2016 18:56:33 +0200 Source: gdal Binary: libgdal20 libgdal-dev libgdal-doc gdal-bin python-gdal python3-gdal libgdal-perl libgdal-java Architecture: source amd64 all Version: 2.1.2~rc4+dfsg-1~exp1 Distribution:

Accepted converseen 0.9.5.2-1 (source amd64) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Mon, 24 Oct 2016 15:57:09 + Source: converseen Binary: converseen Architecture: source amd64 Version: 0.9.5.2-1 Distribution: unstable Urgency: low Maintainer: Laszlo Boszormenyi (GCS) Changed-By: Laszlo

Accepted qgis 2.14.8+dfsg-1~exp1 (source amd64 all) into experimental, experimental

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 21 Oct 2016 20:18:11 +0200 Source: qgis Binary: qgis qgis-common libqgis-app2.14.8 libqgis-core2.14.8 libqgis-gui2.14.8 libqgis-analysis2.14.8 libqgis-networkanalysis2.14.8 libqgisgrass7-2.14.8 libqgispython2.14.8

Accepted signond 8.59-1 (source amd64 all) into unstable, unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 24 Jun 2016 08:20:35 -0400 Source: signond Binary: libsignon-qt5-dev libsignon-qt5-1 libsignon-qt-doc libsignon-plugins-common1 libsignon-extension1 signond signond-dev signond-doc signon-plugins-dev libsignon-plugins-doc

Accepted nvidia-cuda-toolkit 8.0.44-1 (source amd64 all) into experimental, experimental

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Fri, 21 Oct 2016 18:34:36 +0200 Source: nvidia-cuda-toolkit Binary: nvidia-cuda-toolkit nvidia-cuda-doc nvidia-cuda-gdb nvidia-profiler nvidia-visual-profiler nvidia-nsight nvidia-cuda-dev nvidia-opencl-dev libcudart8.0

Accepted linux 4.8.4-1~exp1 (all source) into experimental, experimental

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 23 Oct 2016 17:21:13 +0100 Source: linux Binary: linux-source-4.8 linux-support-4.8.0-trunk linux-doc-4.8 linux-manual-4.8 linux-kbuild-4.8 linux-cpupower libcpupower1 libcpupower-dev linux-perf-4.8 libusbip-dev usbip

Accepted munin 2.0.26-4 (source all) into unstable, unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 20 Oct 2016 18:38:19 +0200 Source: munin Binary: munin-node munin-plugins-core munin-plugins-extra munin-plugins-java munin munin-common munin-async munin-doc Architecture: source all Version: 2.0.26-4 Distribution: unstable

Accepted libjs-jquery-colorpicker 1.2.4-1 (source all) into unstable, unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Thu, 13 Oct 2016 21:33:31 +0200 Source: libjs-jquery-colorpicker Binary: libjs-jquery-colorpicker Architecture: source all Version: 1.2.4-1 Distribution: unstable Urgency: medium Maintainer: Paul Gevers

Accepted libosinfo 1.0.0-1 (all source) into experimental, experimental

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Thu, 20 Oct 2016 14:58:58 +0200 Source: libosinfo Binary: libosinfo-1.0-0 libosinfo-bin libosinfo-l10n libosinfo-1.0-dev gir1.2-libosinfo-1.0 Architecture: all source Version: 1.0.0-1 Distribution: experimental Urgency: medium

Re: Bug#841852: Bug#841851: ITP: bind-key -- simple way to manage personal keybindings

Hi Sean, 24.10.2016 22:27, Sean Whitton пишет: > Dear Lev, > > On Mon, Oct 24, 2016 at 09:55:50AM +0500, Lev Lamberov wrote: >> (3) users will rather see their elpa-{bind-key,use-package} >> counterparts > I don't understand this reasoning. I don't get what you don't understand. 1. use-package

Accepted m2l-pyqt 1.3-2 (source all) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Mon, 24 Oct 2016 19:18:21 +0200 Source: m2l-pyqt Binary: mediawiki2latexguipyqt Architecture: source all Version: 1.3-2 Distribution: unstable Urgency: medium Maintainer: Georges Khaznadar Changed-By: Georges

Accepted enigmail 2:1.9.5-3 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 19 Oct 2016 13:43:43 -0400 Source: enigmail Binary: enigmail Architecture: source Version: 2:1.9.5-3 Distribution: unstable Urgency: medium Maintainer: Debian Mozilla Extension Maintainers

Accepted exim4 4.88~RC3-1 (source) into experimental

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 24 Oct 2016 19:25:31 +0200 Source: exim4 Binary: exim4-base exim4-config exim4-daemon-light exim4 exim4-daemon-heavy eximon4 exim4-dbg exim4-daemon-light-dbg exim4-daemon-heavy-dbg exim4-dev Architecture: source Version:

Re: Keysafe dynamic UID

On Mon, Oct 24, 2016 at 08:58:49AM +0200, Christian Seiler wrote: > The requirement to have this for dynamically allocated IDs also > probably stems from the fact that the users created in postinst scripts > should not conflict. But wouldn't it be far easier to just create a > page on the Debian

Bug#841943: ITP: bootstrap-datetimepicker -- Date/time picker widget based on twitter bootstrap

Package: wnpp Severity: wishlist Owner: Michael Fladischer -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 * Package name: bootstrap-datetimepicker Version : 4.17.43 Upstream Author : Jonathan Peterson * URL :

Re: Bug#841851: ITP: bind-key -- simple way to manage personal keybindings

Dear Lev, On Mon, Oct 24, 2016 at 09:55:50AM +0500, Lev Lamberov wrote: > (3) users will rather see their elpa-{bind-key,use-package} > counterparts I don't understand this reasoning. The source package name is based on upstream's project name. The elpa package name is based on the package.el

Re: When should we https our mirrors?

]] Paul Tagliamonte > On Mon, Oct 24, 2016 at 04:00:39PM +0100, Ian Jackson wrote: > > It is also evident that there are some challenges for deploying TLS on > > a mirror network and/or CDN. I don't think anyone is suggesting > > tearing down our existing mirror network. > >

Accepted lxqt-l10n 0.11.0-19-g717bd7e-5 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 24 Oct 2016 18:18:04 +0200 Source: lxqt-l10n Binary: compton-conf-l10n libfm-qt-l10n liblxqt-l10n lximage-qt-l10n lxqt-about-l10n lxqt-admin-l10n lxqt-config-l10n lxqt-globalkeys-l10n lxqt-notificationd-l10n

Accepted libtext-vcard-perl 3.09-1 (source all) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Mon, 24 Oct 2016 18:53:55 +0200 Source: libtext-vcard-perl Binary: libtext-vcard-perl Architecture: source all Version: 3.09-1 Distribution: unstable Urgency: medium Maintainer: Debian Perl Group

Accepted libmail-imaptalk-perl 4.04-1 (source all) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Mon, 24 Oct 2016 19:11:25 +0200 Source: libmail-imaptalk-perl Binary: libmail-imaptalk-perl Architecture: source all Version: 4.04-1 Distribution: unstable Urgency: medium Maintainer: Debian Perl Group

Re: awesome, it's done! (Re: When should we https our mirrors?)

On Mon, Oct 24, 2016 at 06:52:41PM +0200, Ansgar Burchardt wrote: > deb.debian.org has a debian-security area, so security updates should > also be available via https:// now. yes, they are, thanks! -- cheers, Holger signature.asc Description: Digital signature

Re: When should we https our mirrors?

Adrian Bunk writes ("Re: When should we https our mirrors?"): > My point is that for the problem Kristian is describing, > using https is just snake oil. Since you haven't stopped being rude just because I asked, I have emailed listmaster. Russ's recent posting is a useful contribution to the

Re: when should we esmtps our mxes?

On Mon, 2016-10-24 at 15:15 +, Ivan Shmakov wrote: > > > > > > > > > > Ben Hutchings writes: > > > […] > >  > Those certificates look as expected.  Since TLS encryption of SMTP >  > between servers is opportunistic, there's no particular reason to use >  > a widely

Re: awesome, it's done! (Re: When should we https our mirrors?)

On Mon, 2016-10-24 at 16:30 +, Holger Levsen wrote: > On Mon, Oct 24, 2016 at 11:51:00AM -0400, Paul Tagliamonte wrote: > > https://deb.debian.org/ is now set up (thanks, folks!) > > whoohooo, & it works on stable too! apt install apt-transport-https > was > all it took. (and changing the

Accepted haskell-glib 0.13.4.0-3 (source) into experimental

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 24 Oct 2016 11:40:35 -0400 Source: haskell-glib Binary: libghc-glib-dev libghc-glib-prof libghc-glib-doc Architecture: source Version: 0.13.4.0-3 Distribution: experimental Urgency: medium Maintainer: Debian Haskell Group

Re: Bug#820036: No bug mentioning a Debian KEK and booting use it.

On Tue, Oct 18, 2016 at 07:52:13PM +0800, Paul Wise wrote: > > It was posted to bug #820036, which is tracking Debian support for > secure boot. Peter was advocating quite correctly that as well as > having our copy of shim (the first-stage bootloader on secure boot > systems) signed by

Accepted jetty9 9.2.19-2 (source all) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Mon, 24 Oct 2016 18:18:50 +0200 Source: jetty9 Binary: libjetty9-java libjetty9-extra-java jetty9 Architecture: source all Version: 9.2.19-2 Distribution: unstable Urgency: medium Maintainer: Debian Java Maintainers

Accepted gtimelog 0.10.3-1 (source all) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Mon, 24 Oct 2016 12:12:09 -0400 Source: gtimelog Binary: gtimelog Architecture: source all Version: 0.10.3-1 Distribution: unstable Urgency: medium Maintainer: Barry Warsaw Changed-By: Barry Warsaw

Accepted git-phab 1.0.0-1 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Thu, 20 Oct 2016 18:01:49 +0200 Source: git-phab Binary: git-phab Architecture: source Version: 1.0.0-1 Distribution: unstable Urgency: medium Maintainer: Héctor Orón Martínez Changed-By: Andrew Shadura

Accepted dispcalgui 3.1.7.3-1 (source i386) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Mon, 24 Oct 2016 16:12:13 +0200 Source: dispcalgui Binary: dispcalgui Architecture: source i386 Version: 3.1.7.3-1 Distribution: unstable Urgency: medium Maintainer: Christian Marillat Changed-By: Christian

Accepted cyrus-imapd 2.5.10-1 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 24 Oct 2016 17:27:38 +0200 Source: cyrus-imapd Binary: cyrus-common cyrus-doc cyrus-imapd cyrus-pop3d cyrus-admin cyrus-murder cyrus-replication cyrus-nntpd cyrus-caldav cyrus-clients cyrus-dev libcyrus-imap-perl

awesome, it's done! (Re: When should we https our mirrors?)

On Mon, Oct 24, 2016 at 11:51:00AM -0400, Paul Tagliamonte wrote: > https://deb.debian.org/ is now set up (thanks, folks!) whoohooo, & it works on stable too! apt install apt-transport-https was all it took. (and changing the entries in sources.list to that…) Just security.d.o (or rather, it's

Re: client-side signature checking of Debian archives (Re: When should we https our mirrors?)

Adrian Bunk writes: > On Sun, Oct 23, 2016 at 07:28:23PM -0700, Russ Allbery wrote: >>... >> The value of HTTPS lies in its protection against passive snooping. Given >> the sad state of the public CA infrastructure, you cannot really protect >> against active MITM with HTTPS

Re: When should we https our mirrors?

On Mon, Oct 24, 2016 at 04:00:39PM +0100, Ian Jackson wrote: > Adrian Bunk writes ("Re: When should we https our mirrors?"): >... > Adrian: > > Noone is arguing that switching to https would be a bad thing, > > but whether or not it will happen depends solely on whether or > > not people like you

Re: When should we https our mirrors?

On Mon, Oct 24, 2016 at 04:00:39PM +0100, Ian Jackson wrote: > It is also evident that there are some challenges for deploying TLS on > a mirror network and/or CDN. I don't think anyone is suggesting > tearing down our existing mirror network. https://deb.debian.org/ is now set up (thanks,

Re: when should we esmtps our mxes?

> Ben Hutchings writes: […] > Those certificates look as expected. Since TLS encryption of SMTP > between servers is opportunistic, there's no particular reason to use > a widely trusted CA for server certificates. A MITM can just as > easily block STARTTLS as

Re: when should we esmtps our mxes?

> Julien Cristau writes: > On Mon, Oct 24, 2016 at 11:45:33 +, Ivan Shmakov wrote: […] >> Speaking of which. Does the gnutls-cli transcript MIMEd signify of >> an ongoing MitM attack, or is it just a misconfiguration? > Neither. >

Re: When should we https our mirrors?

Adrian Bunk writes ("Re: When should we https our mirrors?"): > On Mon, Oct 24, 2016 at 04:00:49AM -0700, Kristian Erik Hermansen wrote: > > so I also probably > > shouldn't consider your TLS knowledge very highly... > > Your incorrect claims won't become better by personal attacks against me.

Accepted lastpass-cli 1.0.0-1 (source amd64) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Thu, 20 Oct 2016 08:17:08 -0600 Source: lastpass-cli Binary: lastpass-cli Architecture: source amd64 Version: 1.0.0-1 Distribution: unstable Urgency: medium Maintainer: Troy Heber Changed-By: Troy Heber

Accepted snd 16.9-1 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Mon, 24 Oct 2016 14:00:09 +0200 Source: snd Binary: snd snd-doc snd-gtk-jack snd-gtk-pulse snd-nox Architecture: source Version: 16.9-1 Distribution: unstable Urgency: medium Maintainer: Debian Multimedia Maintainers

Accepted seqan2 2.3.0~1.20161019~af07bc1+dfsg-2 (source) into experimental

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 20 Oct 2016 04:48:11 -0700 Source: seqan2 Binary: seqan-apps libseqan2-dev Architecture: source Version: 2.3.0~1.20161019~af07bc1+dfsg-2 Distribution: experimental Urgency: medium Maintainer: Debian Med Packaging Team

Accepted spice-gtk 0.33-2 (source amd64) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Mon, 24 Oct 2016 20:06:17 +0800 Source: spice-gtk Binary: spice-client-gtk spice-client-glib-usb-acl-helper libspice-client-glib-2.0-8 gir1.2-spice-client-glib-2.0 libspice-client-glib-2.0-dev libspice-client-gtk-3.0-5

Re: when should we esmtps our mxes?

On Mon, 2016-10-24 at 13:00 +, Ivan Shmakov wrote: > > > > Andrey Rahmatullin writes: > > On Mon, Oct 24, 2016 at 11:45:33AM +, Ivan Shmakov wrote: > > >  >> $ gnutls-cli --starttls -p 25 bendel.debian.org  > > […] > >  >> Connecting to '82.195.75.100:443'... > >  >

Re: when should we esmtps our mxes?

On Mon, Oct 24, 2016 at 11:45:33 +, Ivan Shmakov wrote: > > Kristian Erik Hermansen writes: > > On Mon, Oct 24, 2016 at 1:59 AM, Adrian Bunk wrote: > > […] > > >> For the kind of attacks you are describing, https is just snake oil. >

  1   2   >