Re: Maintaining kernel source in sarge

[Matt Zimmerman]

On Sun, May 25, 2003 at 06:21:00AM +0200, Christoph Hellwig wrote:

> On Sat, May 24, 2003 at 06:32:26PM -0400, Matt Zimmerman wrote:
> > It's not noise at all when it's something that we and others (desperately!)
> > want to know about.
> 
> Then read through the prepatch diffs, everything adding checks to
> ioctl methods or similar is likely one them.  

This approach does not scale.  I cannot personally review the diffs for
every upstream release of all the software in Debian, nor can any other
individual or even a small group.

For the most part, this is not necessary, because upstream announces
security problems.

-- 
 - mdz

Re: Unofficial projects related with Debian.

[Fabio Massimo Di Nitto]

On Fri, 23 May 2003, Gustavo Franco wrote:

> Hi,
>
> [1] = "Mono for Debian", ipv6 (is it official or unofficial?),
> "ddtp", ...

IPv6 is an official subproject founded by Craig Small, even if we host
experimental packages outside Debian for various reasons.

Thanks
Fabio

-- 
Our mission: make IPv6 the default IP protocol
"We are on a mission from God" - Elwood Blues

http://www.itojun.org/paper/itojun-nanog-200210-ipv6isp/mgp4.html

Re: Orphaning my packages

[Hamish Moffatt]

On Fri, May 23, 2003 at 04:28:59PM +0200, Goulais, Raphael wrote:
> On Friday 23 May 2003 03:52, Aaron M. Ucko wrote:
> > Morgon Kanter <[EMAIL PROTECTED]> writes:
> > > None taken. And no, I am not.
> > [a DD]
> >
> > OK, then, I'm going ahead and taking fltk1.1.
> 
> Does this mean that debian policy is that DD have priority over a non-DD ?
> Perhaps Morgon wants to become a DD ... and packaging fltk1.1 could be an 
> interesting work for him, and could give him some help in the process of 
> displaying interest to the debian community. Who are you to take over this 
> package, just because you made it through the processs before him ?

MHO: yes, I think a developer should have priority over a non-DD.
This isn't about elitism, simply about the best interests of the users
and the distribution. 

An existing developer can take over a package, make a new upload 
immediately, and generally knows what he is doing. Of course a DD can 
make mistakes too, but is known to have passed a skills check as part 
of the NM process. A non-DD needs to find a sponsor, may not have the 
skills to take on the package, etc. I am doubtful that this process can
lead to a regularly maintained package.

Further I think the developer has more committment and accountability 
to the project and their packages than a non-DD. This is not necessarily true
but I think it will be in general. Some non-DDs may never make it to be
developers at all - either because they are rejected, or lose interest
along the way.

The same arguments apply to ITPs. If I'm working on new package X, I
don't want to wait until a sponsored upload of package Y that X requires
is available. Sorry. I don't mean to be rude or elitist or whatever.

May I ask what benefits you think a registered developer should be
allowed to have over a non-DD? Do you argue for voting rights too?


Hamish
-- 
Hamish Moffatt VK3SB <[EMAIL PROTECTED]> <[EMAIL PROTECTED]>

Re: Debian conference in the US?

[Manoj Srivastava]

On Sat, 24 May 2003 08:43:12 +1000 (EST), Matthew Palmer <[EMAIL PROTECTED]> 
said: 

> On Thu, 22 May 2003, Manoj Srivastava wrote:
>> On Thu, 22 May 2003 22:39:02 +1000, Russell Coker
>> <[EMAIL PROTECTED]> said:
>> > On Thu, 22 May 2003 17:06, Miles Bader wrote:
>> >> You mean the iraq war?  What's the point?  How is avoiding the
>> >> U.S. going to help anything, regardless of how strongly you feel
>> >> about the U.S. governments acts or positions?
>>
>> > When tourism goes down the hotel, entertainment, and airline
>> > industries suffer.  If enough people boycott the US because of
>> > this then it'll keep the American economy down.
>>
>> I see. You all are personally taking action to make it harder for
>> my friends and relatives to find a job, or get decent health care
>> (my ex-boss has been looking for employment for 27 months now, and
>> my step daughter does not have a job with benefits), and you expect
>> me to have sympathy for your views?

> Do you have a better way of encougaging the U.S.A. to take an
> alternate stance?

Try by not blackmailing us.

> Remember, the rest of the world does *not* owe you and yours a
> living.

Quite. But if they take delibrate action to hurt _any_
 country, or its economy, they shall have to live with the consequences.

manoj
-- 
Knowledge without common sense is folly.
Manoj Srivastava   <[EMAIL PROTECTED]>  
1024R/C7261095 print CB D9 F4 12 68 07 E4 05  CC 2D 27 12 1D F5 E8 6E
1024D/BF24424C print 4966 F272 D093 B493 410B  924B 21BA DABB BF24 424C

Re: Debian conference in the US?

[Manoj Srivastava]

On Fri, 23 May 2003 20:01:48 -0500, Gunnar Wolf <[EMAIL PROTECTED]> said: 

> Not at all. I know that if your economy suffers, mine suffers doubly
> so.  Mexico is so heavily dependent on the US economy that if you
> enter a mild recession we are in crisis... And it is not nice at
> all. 

The fact that you gladly embrace self flagellation changes my
 view of your actions not one whit, really.

manoj
-- 
To a New Yorker, all Californians are blond, even the blacks.  There
are, in fact, whole neighborhoods that are zoned only for blond
people.  The only way to tell the difference between California and
Sweden is that the Swedes speak better English." From "East vs. West:
The War Between the Coasts
Manoj Srivastava   <[EMAIL PROTECTED]>  
1024R/C7261095 print CB D9 F4 12 68 07 E4 05  CC 2D 27 12 1D F5 E8 6E
1024D/BF24424C print 4966 F272 D093 B493 410B  924B 21BA DABB BF24 424C

Re: Unofficial projects related with Debian.

[Craig Small]

Fabio Massimo Di Nitto <[EMAIL PROTECTED]> wrote:
> IPv6 is an official subproject founded by Craig Small, even if we host
> experimental packages outside Debian for various reasons.

I think that might be way, way too formal for what it is.  I'm not too
fussed what it is called as it was setup pragmatically for a practical 
purpose.

The problem was with IPv6 was there was no coordination.  Someone would
make a package or have a technique for IPv6 but noone else knew about it
so there was duplication and wastage.  I thought this was silly, as did
a lot of others but I was also a Debian webmaster (though in the end it
didn't matter).  So I went to the other webmasters and said I want to
put up a page about IPv6 in Debian so there was a rallying point or a
start where people could lookup the current status.

Jay said fine, but you've got webspace as p.d.o/~csmall/ so stick it
there because it is just a lot easier but there should be a link to it
from the main Debian website and oh by the way there were these other
things and they should have a link too so write up a page with all these
Debian bits so we don't have to think too hard when the next one comes
along.

That's how the IPv6 sub-project started.  I'm pleased that despite my
lack of effort it has done very well.  That is due to other people
stepping up and doing things, such as Fabbione.

Just like TINC, there are no subprojects, they're just a figment of a
developer's Debian webspace and a link off the page on the main site.

I'm not going to buy into what they *should* be, but a least you know
how IPv6 started.

  - Craig
I'm not on debian-devel, so please CC me.

-- 
Craig Small VK2XLZ  GnuPG:1C1B D893 1418 2AF4 45EE  95CB C76C E5AC 12CA DFA5
Eye-Net Consulting http://www.enc.com.au/<[EMAIL PROTECTED]>
MIEEE <[EMAIL PROTECTED]> Debian developer <[EMAIL PROTECTED]>

Re: Maintaining kernel source in sarge

[Anthony Towns]

On Sat, May 24, 2003 at 09:24:16PM +1000, Herbert Xu wrote:
> OK, barring any major objections, that's how it will be for 2.4.21.

Is there any possibility of having the various foo-modules-2.4.xx packages
be built concurrently with kernel-image-2.4.xx too?

Something like:

kernel-i386_2.4.21-3_i386.dsc:
Build-Depends: linus-kernel (=2.4.21),
pcmcia-source, alsa-modules-source
Binaries: kernel-image-2.4.21, pcmcia-modules-2.4.21, 
alsa-modules-2.4.21

Having kernel modules associated with the kernel source package they're
built for makes it a bunch easier to make sure they're deleted from
the archive along with the corresponding kernel images, and makes sure
that when someone uploads a new kernel image, new module images get
uploaded too.

Pretty please?

Cheers,
aj

-- 
Anthony Towns <[EMAIL PROTECTED]> 
I don't speak for anyone save myself. GPG signed mail preferred.

  ``Dear Anthony Towns: [...] Congratulations -- 
you are now certified as a Red Hat Certified Engineer!''

retitle 180188 ITA: Defoma

[Debian Font Manager]

retitle 180188 ITA: Defoma -- Debian Font Manager

N.B. Here follows the description as is in the stable distribution:

Defoma, which stands for DEbian FOnt MAnager, provides a framework of
automatic font configuration. An application whose configuration of
fonts requires users' hand can make the configuration process automated
through Defoma, by installing a Defoma-configuration script to Defoma.
The script gets called whenever a font is installed and removed, so that
the script updates the configuration.  Font packages should register
their fonts to Defoma in order to have them configured automatically for
applications.

--
Fielder George Dowding, Non-maintainer

Re: Maintaining kernel source in sarge

[Russell Coker]

On Sun, 25 May 2003 15:11, Matt Zimmerman wrote:
> On Sun, May 25, 2003 at 06:21:00AM +0200, Christoph Hellwig wrote:
> > On Sat, May 24, 2003 at 06:32:26PM -0400, Matt Zimmerman wrote:
> > > It's not noise at all when it's something that we and others
> > > (desperately!) want to know about.
> >
> > Then read through the prepatch diffs, everything adding checks to
> > ioctl methods or similar is likely one them.
>
> This approach does not scale.  I cannot personally review the diffs for
> every upstream release of all the software in Debian, nor can any other
> individual or even a small group.

It does not scale to all software in Debian.  But most software does not need 
much in the way of security auditing.

A small group of people could review all kernel patches that make it into the 
official tree.  Of course getting even a small group of people who have the 
skill to do such work properly and the time to do it continually may not be 
easy.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

Re: Unofficial projects related with Debian.

[Fabio Massimo Di Nitto]

On Sun, 25 May 2003, Craig Small wrote:

> Fabio Massimo Di Nitto <[EMAIL PROTECTED]> wrote:
> > IPv6 is an official subproject founded by Craig Small, even if we host
> > experimental packages outside Debian for various reasons.
>
> I think that might be way, way too formal for what it is.  I'm not too
> fussed what it is called as it was setup pragmatically for a practical
> purpose.

Probably you are right that is way too formal. I just consider it as such
due to the high response we got from the entire community. We are up to 50
pkgs in sid, 1.2GB of archive (including testing, woody and woody
backports), mirrored by 15 different ISP's (most of them both ipv4 and
ipv6). Several developers, official and unofficial, involved. More and
more DD started including IPv6 patches, tested by us, directly in main.

I considered these value as simptoms of acceptance from the community, but
correct me if I am wrong.

> The problem was with IPv6 was there was no coordination.  Someone would
> make a package or have a technique for IPv6 but noone else knew about it
> so there was duplication and wastage.

These are the same reasons that motivated me to start. The entire IPv6
community made a very good job and it was extremely responsive. As well as
the entire infrastructure has been growing a lot in the last year (Also
due to the increasing interest in IPv6 all over the world), more pkgs,
more mirrors, the stat section was born, irc channel and so on...

> That's how the IPv6 sub-project started.  I'm pleased that despite my
> lack of effort it has done very well.

Actually just the fact that you kept the links updated on www.d.o was
quite good, since that page is still the first reference that IPv6 newbie
will hit.

> I'm not going to buy into what they *should* be, but a least you know
> how IPv6 started.

:-)

Fabio

-- 
Our mission: make IPv6 the default IP protocol
"We are on a mission from God" - Elwood Blues

http://www.itojun.org/paper/itojun-nanog-200210-ipv6isp/mgp4.html

Re: Maintaining kernel source in sarge

[Christoph Hellwig]

On Sun, May 25, 2003 at 01:11:44AM -0400, Matt Zimmerman wrote:
> > Then read through the prepatch diffs, everything adding checks to
> > ioctl methods or similar is likely one them.  
> 
> This approach does not scale.

Right, you got it.  Similarly it doesn't scale to announce all these
bits.  Just take the latest upstream if you want these kinds of fixes.

This is how every bigger upstream (and other projects like OpenBSD) work.

Re: retitle 180188 ITA: Defoma

[Colin Walters]

On Sun, 2003-05-25 at 02:14, Debian Font Manager wrote:
> retitle 180188 ITA: Defoma -- Debian Font Manager

I see defoma has become so complex it now is capable of maintaining
itself :)

Re: Debian conference in the US?

[Sven Luther]

On Sun, May 25, 2003 at 12:04:43AM -0400, Duncan Findlay wrote:
> On Sat, May 24, 2003 at 09:57:50PM -0500, Adam Majer wrote:
> > PS. Personally, I would prefer to travel for a DebConf in
> > Cuba than in US. Really.
> 
> Who wouldn't? You got the sun, the beaches and the ocean... what more
> could you ask for than a debconf on a beach?

And it must be way cheaper too.

Friendly,

Sven Luther

Re: Maintaining kernel source in sarge

[Herbert Xu]

Anthony Towns  wrote:
> 
> Having kernel modules associated with the kernel source package they're
> built for makes it a bunch easier to make sure they're deleted from
> the archive along with the corresponding kernel images, and makes sure
> that when someone uploads a new kernel image, new module images get
> uploaded too.

That is an advantage.  However, it also means that any update to the
modules source package cannot be built until another entire
kernel-image set is built.

But what really makes it impossible for me is that if there is a build
problem in one of the modules, then the entire kernel-image has to be
delayed or the module dropped.  If the module build problem is then
fixed, the entire kernel-image has to be rebuilt again.

So IMHO, the cost outweighs the benefit for now.

In the long term, we should have as few binary module packages as
possible.  They should either be integrated into our kernel-source
if it is popular enough or made source-only so that the people who
really need them can build them privately.  I would see alsa in the
former category (it is already integrated into 2.5) and pcmcia-cs in
the latter (the built-in pcmcia works for most people).
-- 
Debian GNU/Linux 3.0 is out! ( http://www.debian.org/ )
Email:  Herbert Xu ~{PmV>HI~} <[EMAIL PROTECTED]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Re: Debian conference in the US?

[Mike Hommey]

On Sunday 25 May 2003 07:27, Manoj Srivastava wrote:
> > Remember, the rest of the world does *not* owe you and yours a
> > living.
>
>   Quite. But if they take delibrate action to hurt _any_
>  country, or its economy, they shall have to live with the consequences.

And what is US trying to do to France, right at the moment ?

-- 
"I have sampled every language, french is my favorite. Fantastic language,
especially to curse with. Nom de dieu de putain de bordel de merde de
saloperie de connard d'enculé de ta mère. It's like wiping your ass
with silk! I love it." -- The Merovingian, in the Matrix Reloaded

Re: Debian conference in the US?

[Mike Hommey]

On Saturday 24 May 2003 00:43, Matthew Palmer wrote:
> * The rest of the world is sick to death of US imperialism;
>
> * The US government ignores world opinion and does it's thing;
>
> * The rest of the world puts pressure on the US people to change things,
> since they've at least got half a chance to make changes;
>
> * The US people make the change, or live with the consequences of not
> changing.

Considering this -> http://www.newamericancentury.org/ , do you really think 
something can change before a government change in the US ? (hint: take a 
look at the names in the page "Statement of Principles")
And considering how Bush was elected [1] [2], do you really think a real 
government change can happen ?

Mike

[1] 
http://www.amazon.com/exec/obidos/tg/detail/-/0060392452/ref=pd_gw_qpt_1//103-6886560-6531804?v=glance
[2] 
http://www.amazon.com/exec/obidos/tg/detail/-/1573929727/qid=1053855921/sr=1-1/ref=sr_1_1/103-6886560-6531804?v=glance&s=books


-- 
"I have sampled every language, french is my favorite. Fantastic language,
especially to curse with. Nom de dieu de putain de bordel de merde de
saloperie de connard d'enculé de ta mère. It's like wiping your ass
with silk! I love it." -- The Merovingian, in the Matrix Reloaded

Re: Maintaining kernel source in sarge

[Anthony Towns]

On Sun, May 25, 2003 at 07:33:04PM +1000, Herbert Xu wrote:
> Anthony Towns  wrote:
> > Having kernel modules associated with the kernel source package they're
> > built for makes it a bunch easier to make sure they're deleted from
> > the archive along with the corresponding kernel images, and makes sure
> > that when someone uploads a new kernel image, new module images get
> > uploaded too.
> That is an advantage.  However, it also means that any update to the
> modules source package cannot be built until another entire
> kernel-image set is built.

Is that really that big a problem?

In unstable for i386, eg, we have pcmcia-modules packages for 2.2.20
(reiser and udma100-ext3), 2.2.25 (vanilla, compact and idepci)
and 2.4.18-bf2.4. For alsa-modules we have seven flavours for
2.4.20-1. 2.4.20-3 seems entirely unsupported.

> But what really makes it impossible for me is that if there is a build
> problem in one of the modules, then the entire kernel-image has to be
> delayed or the module dropped.

Well, what we have now seems to be that the modules are all dropped
everytime a new kernel is uploaded. :-/

> In the long term, we should have as few binary module packages as
> possible.  They should either be integrated into our kernel-source
> if it is popular enough or made source-only so that the people who
> really need them can build them privately.  I would see alsa in the
> former category (it is already integrated into 2.5) and pcmcia-cs in
> the latter (the built-in pcmcia works for most people).

As far as I could tell, we don't have any other examples at present,
than alsa and pcmcia.

Cheers,
aj

-- 
Anthony Towns <[EMAIL PROTECTED]> 
I don't speak for anyone save myself. GPG signed mail preferred.

  ``Dear Anthony Towns: [...] Congratulations -- 
you are now certified as a Red Hat Certified Engineer!''


pgpKBoQT807U5.pgp
Description: PGP signature

Re: Debian conference in the US?

[Mathieu Roy]

Mike Hommey <[EMAIL PROTECTED]> a tapoté :

> On Sunday 25 May 2003 07:27, Manoj Srivastava wrote:
> > > Remember, the rest of the world does *not* owe you and yours a
> > > living.
> >
> > Quite. But if they take delibrate action to hurt _any_
> >  country, or its economy, they shall have to live with the consequences.
> 
> And what is US trying to do to France, right at the moment ?


I personally think that discussing about nations with Manoj here is a
complete waste of time.

He said that he would follow his leaders whatever they do, because
they are american. Isn't it clear? He will hate someone that try to
harm USA, without at any moment trying to guess why, and he will try
to harm any other people is someone tell him that it helps USA.
His approach is completely nationalistic. You cannot understand him
and agree with him until he drops this attitude or until you adopt
it.

Free software is fascinating: so many people so different contribute
to a same project... despite the fact that they think completely
differently on other issues. 




-- 
Mathieu Roy
 
  Homepage:
http://yeupou.coleumes.org
  Not a native english speaker: 
http://stock.coleumes.org/doc.php?i=/misc-files/flawed-english

Re: Maintaining kernel source in sarge

[Russell Coker]

On Sun, 25 May 2003 19:33, Herbert Xu wrote:
> In the long term, we should have as few binary module packages as
> possible.  They should either be integrated into our kernel-source
> if it is popular enough or made source-only so that the people who
> really need them can build them privately.  I would see alsa in the
> former category (it is already integrated into 2.5) and pcmcia-cs in
> the latter (the built-in pcmcia works for most people).

This sounds very sensible.

What is the status of the pcmcia support anyway?  What is broken in the 
in-kernel support?  Is there anything we can do to make the in-kernel code 
work better and get more people to use it?

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

pre-orphaning lft

[Marco d'Itri]

I'm not officially orphaning it yet, but if anybody cares about this
please take it, as I'm not using it much.

Package: lft
Priority: optional
Section: net
Version: 2.1-1
Depends: libc6 (>= 2.3.1-1), libpcap0.7
Size: 33910
Description: display the route packets take to a network host/socket
 lft sends various TCP SYN and FIN probes (differing from Van Jacobson's
 UDP-based method) utilizing the IP protocol "time to live" field and
 attempts to elicit an ICMP TIME_EXCEEDED response from each gateway along
 the path to some host.
 lft also listens for various TCP and ICMP messages along the way to assist
 network managers in ascertaining per-protocol heuristic routing information
 and can optionally retrieve various information about the networks it
 traverses.


-- 
ciao, |
Marco | [1176 l'Z9/Zo.w49v.]

Re: Maintaining kernel source in sarge

[Christoph Hellwig]

On Sun, May 25, 2003 at 08:20:39PM +1000, Russell Coker wrote:
> What is the status of the pcmcia support anyway?

Seems to work fine.  Red Hat uses inkernel pcmcia at least.

There's some pcmcia drivers not (yet?) merged in the kernel but patching
them in is rather easy.

Re: Maintaining kernel source in sarge

[Arnd Bergmann]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Sunday 25 May 2003 06:19, Christoph Hellwig wrote:
> On Sun, May 25, 2003 at 01:51:05AM +0200, Arnd Bergmann wrote:

> > As a real-world example, kernel-patch-s390 can provide
> > the ptrace bug fix from Martin Schwidefsky, while
> > kernel-patch-debian contains the generic solution from Alan Cox.
>
> This sounds like a really bad idea (okay, not worse than the
> current situation but still bad).  Martin should diff his patch ontop
> of Alan, if it has other core changes he should really post it to
> lkml and explain those.  Now this unfortunately hasn't happend and
> if it has incompatible core changes (I haven't checked) that's one
> of those rare cases where you want to appy a patch condtionally.

Martins patch only has one additional change for s390 specific code
and he published both this diff alone as well as the combined patch.
The trouble was that the sid kernel-source included Alan's patch
while the woody kernel-source didn't (it does now), so now you 
could no longer use kernel-patch-s390 from one tree for the other.

> > When building kernel-image-s390, make-kpkg would first apply
> > the arch specific patches and the the arch independent ones that
> > have not been superceded by an arch specific one.
>
> Again that's a very bad idea.  Arch-independent patches should
> _always_ be applied before Arch-dependent ones, otherwiese applying
> MI patches will get absolute horror.

Ok, but I still would love to see single patches instead of one big
patch containing all the common stuff. You can't really avoid
situations where you want a patch on all architectures except one or
two. This may be either because a patch breaks on one architecture
(which should be of course be fixed, but you might not want to 
rebuild all kernels and modules on all other architectures because of
it), or because the same fix is contained both in the debian collection
and in the patch set published by the upstream arch kernel maintainer.

I'm not sure if dh-kpatches already solves this problem, but it should
be possible to add.

Arnd <><
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE+0Lhs5t5GS2LDRf4RAkuFAJ4o2XdC1rVcnW/Bp0S4AMaB8ZQm4wCgpWuc
hDExBmIDeANBbt/jVWmlthw=
=j3ZW
-END PGP SIGNATURE-

assign, reassign, close bug without even telling why

[Mathieu Roy]

About http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=183858

Given the information I previously provided, I do not even understand
how it's possible to think that the bug 183858 is a kernel issue.

I'm not familiar with the kernel neither with coreutils code.
That said, I explicitely said when the output gone wrong: at the
coreutils update. I did not changed my kernel. 
I also copy/paste my /proc/cpuinfo which looks perfectly usual.

Since then, I notice 4 differents computers updating coreutils which
have the same problem, while their kernel is still the same.

So it may be a kernel issue (as said, I'm not familiar with the code)
but please give details! 

You close this bugs with no explanation at all, without even sending
details to people that submitted this bug. This is completely
unacceptable.

PLEASE, reopen that bug or provide appropriate informations.

Note: I added bug-coreutils@gnu.org in Cc to let them check this
bug. Maybe they can provide informations, instead of reassigning the
bug 3 times and closing it silently.


-- 
Mathieu Roy
 
  Homepage:
http://yeupou.coleumes.org
  Not a native english speaker: 
http://stock.coleumes.org/doc.php?i=/misc-files/flawed-english

assign, reassign, close bug without even telling why

[Mathieu Roy]

I've just compiled coreutils 4.5.3 and still got the bug.

So the bug is maybe really a kernel issue, but informations when
closing bug is still important. And the bug exists, even if it need to
be reassigned.


-- 
Mathieu Roy
 
  Homepage:
http://yeupou.coleumes.org
  Not a native english speaker: 
http://stock.coleumes.org/doc.php?i=/misc-files/flawed-english

Re: Bug#183858: assign, reassign, close bug without even telling why

[Jim Meyering]

Mathieu Roy <[EMAIL PROTECTED]> wrote:
> About http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=183858
>
> Given the information I previously provided, I do not even understand
> how it's possible to think that the bug 183858 is a kernel issue.

The problem is that the kernel provides no way to
get the required information.

Re: Maintaining kernel source in sarge

[Matt Zimmerman]

On Sun, May 25, 2003 at 09:23:44AM +0200, Christoph Hellwig wrote:

> On Sun, May 25, 2003 at 01:11:44AM -0400, Matt Zimmerman wrote:
> > > Then read through the prepatch diffs, everything adding checks to
> > > ioctl methods or similar is likely one them.  
> > 
> > This approach does not scale.
> 
> Right, you got it.  Similarly it doesn't scale to announce all these bits.
> Just take the latest upstream if you want these kinds of fixes.

No, that is not similar.  All those bits are changed by many different
people, not one, and even if they weren't, it is easier (by a HUGE measure)
for the person who has made the change to announce it to others, as they are
already aware and do not need to sift through a single diff, much less the
entire kernel tree as you suggested that I do.

This is analogous to someone dropping a particular leaf into a huge pile of
leaves, and suggesting that it makes more sense for me to search the pile
than for them to tell me where they dropped it (or show it to me in the
first place).

This is not a question of what I want.  Either our users need these fixes to
maintain the security of their systems (in which case Debian needs these
fixes, and they are important enough to be announced publicly), or they do
not, and they are not worth talking about.

> This is how every bigger upstream (and other projects like OpenBSD) work.

Apache?  XFree86?  KDE?  Mozilla?  OpenWall?  glibc?  All of these projects
manage to enumerate security fixes.

OpenBSD fails miserably in this respect, and makes for an example of how NOT
to work with the community on security issues.  Their approach is, roughly,
"we fixed this a while ago but didn't tell anyone, so you're vulnerable and
we're not, ha-ha-ha".

-- 
 - mdz

Re: Maintaining kernel source in sarge

[Matt Zimmerman]

On Sun, May 25, 2003 at 04:09:51PM +1000, Russell Coker wrote:

> On Sun, 25 May 2003 15:11, Matt Zimmerman wrote:
> > This approach does not scale.  I cannot personally review the diffs for
> > every upstream release of all the software in Debian, nor can any other
> > individual or even a small group.
> 
> It does not scale to all software in Debian.  But most software does not
> need much in the way of security auditing.

Any software that a user interacts with is trusted to some extent, and could
contain significant vulnerabilities.  We rely on external sources for this
information, such as upstream authors, individual security researchers and
organizations.

> A small group of people could review all kernel patches that make it into
> the official tree.  Of course getting even a small group of people who
> have the skill to do such work properly and the time to do it continually
> may not be easy.

Indeed, it would be even more difficult to find people who would be willing
to waste time searching for things that others discarded, apparently knowing
that they were important.  I certainly don't want that job.

-- 
 - mdz

Re: Maintaining kernel source in sarge

[Christoph Hellwig]

On Sun, May 25, 2003 at 02:34:50PM +0200, Arnd Bergmann wrote:
> > > When building kernel-image-s390, make-kpkg would first apply
> > > the arch specific patches and the the arch independent ones that
> > > have not been superceded by an arch specific one.
> >
> > Again that's a very bad idea.  Arch-independent patches should
> > _always_ be applied before Arch-dependent ones, otherwiese applying
> > MI patches will get absolute horror.
> 
> Ok, but I still would love to see single patches instead of one big
> patch containing all the common stuff.

The one big patch is very bad, I agree.

> You can't really avoid
> situations where you want a patch on all architectures except one or
> two. This may be either because a patch breaks on one architecture
> (which should be of course be fixed, but you might not want to 
> rebuild all kernels and modules on all other architectures because of
> it),

Right.

> or because the same fix is contained both in the debian collection
> and in the patch set published by the upstream arch kernel maintainer.

No, for that case it shouldn't.  Fix the upstream maintainers patch instead.

Re: Bug#183858: assign, reassign, close bug without even telling why

[Michael Stone]

On Sun, May 25, 2003 at 04:51:17PM +0200, Jim Meyering wrote:
The problem is that the kernel provides no way to
get the required information.
s/no way/no reasonable way/
It is possible to parse /proc/cpuinfo (that's what the experimental
patch in the debian coreutils-4.5.2-1 did) but that's a losing game
because the format is non-portable (even between architectures on the
same kernel release) and not guaranteed to remain constant in future
kernels. (Other kernels provide this info either as an extension in
utsname.h or by another regular method that doesn't involve parsing a
poorly documented text file.) Due to the number of complaints regarding
-i and -p returning "unknown" I've simply removed the options from the
debian package. They aren't required by any standards document and are
causing more trouble then they are worth.
Mike Stone

Re: Orphaning my packages

[Graham Wilson]

On Fri, May 23, 2003 at 04:28:59PM +0200, Goulais, Raphael wrote:
> On Friday 23 May 2003 03:52, Aaron M. Ucko wrote:
> > Morgon Kanter <[EMAIL PROTECTED]> writes:
> > > None taken. And no, I am not.
> > [a DD]
> >
> > OK, then, I'm going ahead and taking fltk1.1.
> 
> Does this mean that debian policy is that DD have priority over a non-DD ?

i would hope not, though, in this case, it does not matter, since aaron
responded before moron did.

-- 
gram


pgp5muzwCbqT9.pgp
Description: PGP signature

Re: Orphaning my packages

[John Belmonte]

Aaron M. Ucko wrote:
Also, he seems to have no official status whatsoever; if he's serious
about wanting to maintain stuff, he is welcome to go through the NM
process.
Part of the NM process can be packaging by way of a sponsor.  I would guess that 
it's common for a person's advocate (required to begin the NM process) to be a 
developer who sponsored one of his packages.  So I think you have the order of 
gaining packaging experience and going through the NM process confused.

If you have an interest in the package in question, why not offer to sponsor it 
for him?


--
http:// if   l .o  /

Re: lintian: binary-or-shlib-defines-rpath, --disable-rpath doesn't help

[Sven Luther]

On Fri, May 23, 2003 at 12:43:13AM +0200, Sylvain LE GALL wrote:
> On Thu, May 22, 2003 at 03:58:35PM +0200, Sebastian Muszynski wrote:
> > Hello all!
> > 
> > I am getting a lintian error, binary-or-shlib-defines-rpath although i run
> > configure with --disable-rpath option. It is no automake problem... i've
> > remake all automake stuff to check this.
> > 
> > ./configure --disable-rpath works in so far that it sets or unsets 
> > $KDE_RPATH
> > but -rpath appears nevertheless in the Makefile: 
> > 
> > $(CXXLINK) -rpath $(kde_moduledir) $(libkimagemapeditor_la_LDFLAGS) 
> > $(libkimagemapeditor_la_OBJECTS) $(libkimagemapeditor_la_LIBADD) $(LIBS)
> > 
> > Is it a libtool problem?! What can i do?
> > 
> > At http://cojobo.bonn.de/~muszynski/debian/ you can find sources, diff etc.
> > 
> > 
> Hello,
> 
> I have the same problem with a ocaml compiled binary and i use chrpath
> to remove the rpath ( seems to work great ).

What is the rpath you are removing ?

Friendly,

Sven Luther

Re: debconfig: package description

[Steve Langasek]

On Sat, May 24, 2003 at 07:13:29PM +0200, Bernd Eckenfels wrote:
> from time to time, especially while upgrading a lot of packages I notice
> debconfig questions for packages I do not know. This is of course quite
> likely given the size of debian archive and the fact, that task packages
> introduce a lot of packages one has not selected explecitely.

> Some of those packages ask questions, which are hard to understand, if you
> do not know what the package is all about.

> Of course, one can argue, that this is a problem with the phrasing of the
> question an should be fixed by a bug report, but I truely think that for
> example explaining, what the package is all about should not be repeated in
> every debconfig question.

> Therefore I wonder if the various debconfig frontends cant support something
> like displaying the package description. For the slang frontend for example
> I would think that a footer with

> foo: dealing with bar 

> would do the trick. Where f3 opens a pop-up with the package description and
> dependencies.

> What do you think?

The fact is that such debconf questions *are* bugs; they should either
be clarified, or only shown at the lower priorities that are reserved
for less important questions.  I, for one, am not willing to give up
just yet on the possibility of a proper fix for *this* problem.

Being able to get to the package description from the debconf frontend
might be a nice bonus, but shouldn't distract us from getting buggy
debconf templates fixed.

-- 
Steve Langasek
postmodern programmer


pgp9aUpp4xmhh.pgp
Description: PGP signature

Re: Orphaning my packages

[Morgon Kanter]

This one time, at band camp, Graham Wilson <[EMAIL PROTECTED]> wrote:
> > > > None taken. And no, I am not.
> > > [a DD]
> > >
> > > OK, then, I'm going ahead and taking fltk1.1.
> > 
> > Does this mean that debian policy is that DD have priority over a non-DD ?
> 
> i would hope not, though, in this case, it does not matter, since aaron
> responded before moron did.

I hope that was a typo :p

Morgon
--
"Luckily the Evas can run on gasoline... sad to say, they still get 
better mileage than most American cars." -- Gendo Ikari, parody of 
episode 11 of Neon Genesis Evangelion

Re: Bug#183858: assign, reassign, close bug without even telling why

[Mathieu Roy]

Michael Stone <[EMAIL PROTECTED]> a tapoté :

> On Sun, May 25, 2003 at 04:51:17PM +0200, Jim Meyering wrote:
> >The problem is that the kernel provides no way to
> >get the required information.
> 
> s/no way/no reasonable way/
> 
> It is possible to parse /proc/cpuinfo (that's what the experimental
> patch in the debian coreutils-4.5.2-1 did) but that's a losing game
> because the format is non-portable (even between architectures on the
> same kernel release) and not guaranteed to remain constant in future
> kernels. (Other kernels provide this info either as an extension in
> utsname.h or by another regular method that doesn't involve parsing a
> poorly documented text file.) Due to the number of complaints regarding
> -i and -p returning "unknown" I've simply removed the options from the
> debian package. They aren't required by any standards document and are
> causing more trouble then they are worth.

Thanks a lot for this information.

That said, removing -p and -i option may be problematic. It should be
done upstream. People may (as I've done) write scripts with uname -mip
and unknow is not an error message while  "uname: invalid option -- x
Try `uname --help' for more information." is.
Anyway, if we havent got any chance to get a -pi working in a near
future, it should be removed from any scripts.





-- 
Mathieu Roy
 
  Homepage:
http://yeupou.coleumes.org
  Not a native english speaker: 
http://stock.coleumes.org/doc.php?i=/misc-files/flawed-english

Re: Bug#183858: assign, reassign, close bug without even telling why

[Michael Stone]

On Sun, May 25, 2003 at 07:00:07PM +0200, Mathieu Roy wrote:
That said, removing -p and -i option may be problematic. It should be
done upstream. 
I'm tired of people complaining about the "unknown" entries. They're not
required and they are useless on these systems, so there's no point in
having them.
People may (as I've done) write scripts with uname -mip
Ask yourself why you're doing that. Only the -m is posix-portable. 

Mike Stone

Re: Debian conference in the US?

[Manoj Srivastava]

On 25 May 2003 12:20:45 +0200, Mathieu Roy <[EMAIL PROTECTED]> said: 

> Mike Hommey <[EMAIL PROTECTED]> a tapoté :
>> On Sunday 25 May 2003 07:27, Manoj Srivastava wrote:
>> > > Remember, the rest of the world does *not* owe you and yours a
>> > > living.
>> >
>> >Quite. But if they take delibrate action to hurt _any_
>> >  country, or its economy, they shall have to live with the
>> >  consequences.
>>
>> And what is US trying to do to France, right at the moment ?


> I personally think that discussing about nations with Manoj here is
> a complete waste of time.

> He said that he would follow his leaders whatever they do, because
> they are american.

This is a lie, really, and bordering on slander.

I do not subscribeto "My nation, right or wrong". Indeeed, I
 lean democrat rather than republican, and I like Gore; I consider the
 election of the current president a disaster that the american people
 have to endure and survive. 


> Isn't it clear? He will hate someone that try to harm USA,

Un;less your logic fails you, that is entirely different. The
 ends do not justify the means; and in any case if the means is
 punching me in the nose; you should expect vigorous defense. 

> without at any moment trying to guess why,

You punch my nose, I am not going to pat you on the back
 because your cause is just.  I think most people like to hide behind
 the cloak that they are not punching people in the face, and they are
 hurting an amophous "economy". 

Economies are made of the blood, sweat and tears of real live
 people, and they are the hooks on which dreams are hung.  When you
 set out to deliberately hurt an economy, you are hurting men, women,
 and children, that live and die in that economic system,

> and he will try to harm any other people is someone tell him that it
> helps USA.  His approach is completely nationalistic. You cannot
> understand him and agree with him until he drops this attitude or
> until you adopt it.

Considering I am an Indian, this is getting hilarious; the US
 is merely my country of adoption.

You are missing the point by a mile. This is not nationalism --
 this is merely protection of ones own -- you are asking for common
 cause in trying to hurt people I know and love; and I am rejecting
 this common cause vehemently. 

Have you seen US developers try to raise common cause here to
 boycott French products and conferences in France (because of what
 some consider their silly stnace in removing a dictator from power)?
 No? How many of you would consider that unacceptable? Why is is it
 that is accetable to use this form as an attack platform against
 Americans? 

> Free software is fascinating: so many people so different contribute
> to a same project... despite the fact that they think completely
> differently on other issues.

Quite.

manoj

-- 
Katz' Law: Men and nations will act rationally when all other
possibilities have been exhausted.  History teaches us that men and
nations behave wisely once they have exhausted all other
alternatives. Abba Eban
Manoj Srivastava   <[EMAIL PROTECTED]>  
1024R/C7261095 print CB D9 F4 12 68 07 E4 05  CC 2D 27 12 1D F5 E8 6E
1024D/BF24424C print 4966 F272 D093 B493 410B  924B 21BA DABB BF24 424C

Re: Orphaning my packages

[Graham Wilson]

On Fri, May 23, 2003 at 11:16:21AM -0500, Graham Wilson wrote:
> On Fri, May 23, 2003 at 04:28:59PM +0200, Goulais, Raphael wrote:
> > On Friday 23 May 2003 03:52, Aaron M. Ucko wrote:
> > > Morgon Kanter <[EMAIL PROTECTED]> writes:
> > > > None taken. And no, I am not.
> > > [a DD]
> > >
> > > OK, then, I'm going ahead and taking fltk1.1.
> > 
> > Does this mean that debian policy is that DD have priority over a non-DD ?
> 
> i would hope not, though, in this case, it does not matter, since aaron
> responded before moron did.

sorry, i meant *morgon*. i should be more careful next time.

-- 
gram


pgpbBCgLeaTbx.pgp
Description: PGP signature

Re: Debian conference in the US?

[Sven Luther]

On Sun, May 25, 2003 at 11:59:32AM -0500, Manoj Srivastava wrote:
>   Have you seen US developers try to raise common cause here to
>  boycott French products and conferences in France (because of what
>  some consider their silly stnace in removing a dictator from power)?
>  No? How many of you would consider that unacceptable? Why is is it
>  that is accetable to use this form as an attack platform against
>  Americans? 

Notice that the US governement never said that was their aim, they said
Iraq was dangerous because they have mass destruction weapons and
support terrorism, which has turned out to be blatant lie. The french
governement opposed this, because they felt that the UNO investigators
were enough to prove that Iraq had (or had not) mass destruction
weapons. They also said that if the aim of the US would be to remove a
dictator from power, then this would be another discussion, and the
french stance would maybe have been different, but the US did no speak
of that.

Also, Manoj, you have not to be afraid of the US economy being hurt an
hurting your family since it will assuredly improve a lot in the next
time, with the irakian loot, err oil that is, and the markets attributed
to USian companies (who will pay for them anyway, i had the impression
that the US governement wanted for the UNO to provide the reconstruction
money which will line Bush's friend pocket in the end).

Anyway, i don't hear you protesting against the US governement actively
hurting economies the world over, exporting their depression with the
low dollar value, and so on. Maybe you are not so adverse of hurting
other people's family in order to protect yours ?

Friendly,

Sven Luther

Re: lintian: binary-or-shlib-defines-rpath, --disable-rpath doesn't help

[Sylvain LE GALL]

On Sun, May 25, 2003 at 06:41:34PM +0200, Sven Luther wrote:
> On Fri, May 23, 2003 at 12:43:13AM +0200, Sylvain LE GALL wrote:
> > On Thu, May 22, 2003 at 03:58:35PM +0200, Sebastian Muszynski wrote:
> > > Hello all!
> > > 
> > > I am getting a lintian error, binary-or-shlib-defines-rpath although i run
> > > configure with --disable-rpath option. It is no automake problem... i've
> > > remake all automake stuff to check this.
> > > 
> > > ./configure --disable-rpath works in so far that it sets or unsets 
> > > $KDE_RPATH
> > > but -rpath appears nevertheless in the Makefile: 
> > > 
> > > $(CXXLINK) -rpath $(kde_moduledir) $(libkimagemapeditor_la_LDFLAGS) 
> > > $(libkimagemapeditor_la_OBJECTS) $(libkimagemapeditor_la_LIBADD) $(LIBS)
> > > 
> > > Is it a libtool problem?! What can i do?
> > > 
> > > At http://cojobo.bonn.de/~muszynski/debian/ you can find sources, diff 
> > > etc.
> > > 
> > > 
> > Hello,
> > 
> > I have the same problem with a ocaml compiled binary and i use chrpath
> > to remove the rpath ( seems to work great ).
> 
> What is the rpath you are removing ?
> 
> Friendly,
> 
> Sven Luther
> 

The rpath was /usr/X11/bin or sthg like that. It was lying in mlnet (
mldonkey-server ) and mlgui ( mldonkey-gui ). 

I don't remember but it was shtg very common and already reported for
other application ( in the lintian report pages ).

Regard
Sylvain LE GALL

Re: Debian conference in the US?

[Mathieu Roy]

Manoj Srivastava <[EMAIL PROTECTED]> a tapoté :

> On 25 May 2003 12:20:45 +0200, Mathieu Roy <[EMAIL PROTECTED]> said: 
> 
> > Mike Hommey <[EMAIL PROTECTED]> a tapoté :
> >> On Sunday 25 May 2003 07:27, Manoj Srivastava wrote:
> >> > > Remember, the rest of the world does *not* owe you and yours a
> >> > > living.
> >> >
> >> >  Quite. But if they take delibrate action to hurt _any_
> >> >  country, or its economy, they shall have to live with the
> >> >  consequences.
> >>
> >> And what is US trying to do to France, right at the moment ?
> 
> > I personally think that discussing about nations with Manoj here is
> > a complete waste of time.
> 
> > He said that he would follow his leaders whatever they do, because
> > they are american.
> 
>   This is a lie, really, and bordering on slander.
> 
>   I do not subscribeto "My nation, right or wrong". Indeeed, I
>  lean democrat rather than republican, and I like Gore; I consider the
>  election of the current president a disaster that the american people
>  have to endure and survive. 
> 
> > Isn't it clear? He will hate someone that try to harm USA,
> 
>   Un;less your logic fails you, that is entirely different. The
>  ends do not justify the means;

I'm glad to read that. I'm glad of to see that I was wrong about you
but what you previously wrote lead, IMHO, to this kind of confusion.

For instance you wrote:

 " _You_ may live in a country where you may be ashamed to defend
 your friends and loved ones, but I do not. I do, however, pity you:
 If you think that when people express a desire to hurt your
 relatives, you need to feel ashamed if you raise a voice in protest,
 you really should get the heck out of your country."

Which means basically that you'll support any action of your
government if it implies an aggressive reaction. If your country drop
a H-Bomb on Paris, the fight back will be the expression of a "desire
to hurt your relatives" to stop your government. And supporting your
government in this perspective is clearly a nationalistic approach.

While naturally we care more about our friends and family than to other
people, while there is no shame to defend your friends and loved ones,
it can be a shame if your defense constitute an oppression. To
say it more clearly, Ben Laden dropped an airplane on innocent
people. But if he got so many people happy to die for him, it's also
because the people from where he comes from is very poor (the people,
not the country) and think they are defending their friend and loved
one. 

The difference between aggression and defense is frequently
questionable. For instance, if you read Tite-Live (Roman nationalist
from I BC / I AC) you'll read him explaining that the Roman empire was
only a defense, not an aggression in any way.

While I do not think that boycott is often a good choice -it does not
change things frequently-, you have to accept that as a personal choice
(not helping a country leads by people doing things you despise), not
as an aggression on your friends and beloved ones.

>  and in any case if the means is punching me in the nose; you should
>  expect vigorous defense.

As I said, people are not punching you in the nose but saying 'I do
not like this policy, I cannot contribute'. I personally buy the less
as possible products manufactured by companies known to rape human
rights. By doing that, I'm not trying to harm W**t D*sn** employees
but trying to avoid contributing to harm done in China.


> > without at any moment trying to guess why,
> 
>   You punch my nose, I am not going to pat you on the back
>  because your cause is just.  I think most people like to hide behind
>  the cloak that they are not punching people in the face, and they are
>  hurting an amophous "economy". 
> 
>   Economies are made of the blood, sweat and tears of real live
>  people, and they are the hooks on which dreams are hung.  When you
>  set out to deliberately hurt an economy, you are hurting men, women,
>  and children, that live and die in that economic system,

It happened that employees gone on strike to earn some respect and
money to get a decent life. It was breaking an economy made on their
blood and tears, on their very real life.
While breaking economy finally harm people, considering economy before
humans definitely harm people much more.

> > and he will try to harm any other people is someone tell him that
> > it helps USA.  His approach is completely nationalistic. You
> > cannot understand him and agree with him until he drops this
> > attitude or until you adopt it.
> 
>   Considering I am an Indian, this is getting hilarious; the US
>  is merely my country of adoption.

Yes. And you would not find any romans (400-50 BC) more conservative
than most homo novus (members of the senate we do not have any father
already senator ; very rare, as in any other oligarchy). Adoption
sometimes push people to be "more royalist than the king" (it's a
French expression, I'm not sure it c

Re: Debian conference in the US?

[Jaldhar H. Vyas]

On Fri, 23 May 2003, Don Armstrong wrote:

> On Fri, 23 May 2003, Jaldhar H. Vyas wrote:
> > My only objection to a conference in the US is the weather is
> > miserable.
>
> Which part of the US?

Sorry I should have said Northeast US.  It's absolutely miserable here.

> Surely the weather in Los Angeles isn't
> miserable... unless you consider the total absense of weather to be
> miserable.
>

The West coast may be more expensive to get to for foreign visitors.  But
I like the other suggestion of Florida.  Lot's of cheap flights to there.

But it's all up to the organizers in the end isn't it?

-- 
Jaldhar H. Vyas <[EMAIL PROTECTED]>
La Salle Debain - http://www.braincells.com/debian/

Re: Debian conference in the US?

[Jaldhar H. Vyas]

On Sun, 25 May 2003, Sven Luther wrote:

> Notice that the US governement never said that was their aim,

The aim is Kralizec -- the typhoon struggle.

-- 
Jaldhar H. Vyas <[EMAIL PROTECTED]>
La Salle Debain - http://www.braincells.com/debian/

Re: Debian conference in the US?

[Jaldhar H. Vyas]

On Sat, 24 May 2003, Adam Majer wrote:

> PS. Personally, I would prefer to travel for a DebConf in
> Cuba than in US. Really.
>

So let me get this straight.  Instead of a country where people are
occasionally subject to bureaucratic hassles, (assuming Russell and
Geordies' sources amount to anything more than innuendo which is not
clear.) you would rather go to a place where the immigration policy
consists of shooting people?


-- 
Jaldhar H. Vyas <[EMAIL PROTECTED]>
La Salle Debain - http://www.braincells.com/debian/

Help wanted for packaging postgresql application

[Andreas Tille]

Hello,

I want to package GnuMed which is a Python application accessing
PostgreSQL server.

 http://bugs.debian.org/166282

It comes with a Python bootstrap routine.  That means the postinst
script would need a working Python and PostgreSQL server installed.

I think I would solve this by a simple check whether Python and
PostgreSQL are working. If not I would use a Debconf message to
tell the user, what to do after installation of all prerequsites
is done.  If there is any better way to accomplish this I would be
happy for hints.

The bootstrap routine creates a postgres user where the user is
asked for a password.  I would like to ask via debconf for the
password.  Is there any method to access the debconf database with
Python?  Currently I have the plan to use a shell procedure to
create a temporary configfile via tempfile which stores the
password in plain for the installation time.  This config file
is read by the bootstrap method.  This is no way I would be really
happy about but for the time beeing (regarding to the alpha status
of the programm it is not yet used in production) it would do the
trick until I would find a better solution.  Hints are welcome here.

For the next problem I have no real clue for a solution.  The
bootstrap method does access the database as the newly created user
this requires a change of the PostgreSQL configuration.  To make the
problem clear look at the following shell script:

   #!/bin/sh
   TUSER=mytestuser
   PASSW=jippi

   HASUSER=`echo "SELECT count(*) FROM pg_user WHERE usename = '"${TUSER}"'" | \
  psql template1 | \
  grep "^[[:space:]]*[0-9]\+" | \
  sed "s/^[[:space:]]*\([0-9]\+\)/\1/"`

   if [ $HASUSER -eq 0 ] ; then
  echo "CREATE USER ${TUSER} WITH PASSWORD '"${PASSW}"' CREATEDB" | \
   psql template1
   else
  echo "User $TUSER exists."
   fi

   psql --username ${TUSER} --password template1 <

Re: Orphaning my packages

[Joey Hess]

Graham Wilson wrote:
> i would hope not, though, in this case, it does not matter, since aaron
> responded before moron did.

Passing a package off is not a race to post first. If I am passing a
package on, I will pick whomever I feel is best suited to maintain it.
And yes, that will generally be someone who has the ability to upload it
immediatly.

-- 
see shy jo


pgpCQ6xUyFkWH.pgp
Description: PGP signature

Debian-IN

[Jaldhar H. Vyas]

Now that GNOME (via pango) and KDE (via the upcoming Qt 3.2.0) have viable
support, I wonder if there is any interest in a sub-project for increasing
the support for Indian languages within Debian?

The goals of Debian-IN as I see it would be to

1.  Package Indic software or write it as necessary.

2.  Aid i18n of existing software in Debian.

3.  Advocate the use of Debian in the Indian community.

Thoughts?

-- 
Jaldhar H. Vyas <[EMAIL PROTECTED]>
La Salle Debain - http://www.braincells.com/debian/

Re: Help wanted for packaging postgresql application

[Matt Zimmerman]

On Sun, May 25, 2003 at 09:56:04PM +0200, Andreas Tille wrote:

> I want to package GnuMed which is a Python application accessing
> PostgreSQL server.
> 
>  http://bugs.debian.org/166282
> 
> It comes with a Python bootstrap routine.  That means the postinst script
> would need a working Python and PostgreSQL server installed.
> 
> I think I would solve this by a simple check whether Python and PostgreSQL
> are working. If not I would use a Debconf message to tell the user, what
> to do after installation of all prerequsites is done.  If there is any
> better way to accomplish this I would be happy for hints.

For python, you only need to declare Depends: python to ensure that python
is installed and configured when your postinst runs.

postgresql is more complex, because (presumably) you want to allow for a
remote database.  If so, you must prompt the user for the hostname,
authentication information, etc. and fail if you are unable to connect to
it.  If you only support a local database, you can just depend on
postgresql-server or whatever is appropriate.

> The bootstrap routine creates a postgres user where the user is asked for
> a password.  I would like to ask via debconf for the password.  Is there
> any method to access the debconf database with Python?  Currently I have
> the plan to use a shell procedure to create a temporary configfile via
> tempfile which stores the password in plain for the installation time.
> This config file is read by the bootstrap method.  This is no way I would
> be really happy about but for the time beeing (regarding to the alpha
> status of the programm it is not yet used in production) it would do the
> trick until I would find a better solution.  Hints are welcome here.

I believe someone is working on a python debconf interface, but I do not
know its status.  You can probably find out with some searching and email.
If you store the password in a temporary file, make sure that you do it
securely, using e.g. $(tempfile -m 0600) so that it is created with O_EXCL
and secure permissions before you try to put any data into it.

> This ends in
>psql: FATAL:  IDENT authentication failed for user "mytestuser"
> 
> Now I would llike to know the following two things:
>   1. How to change the postgresql configuration in a way which just
>  adds minimum off additional rights?
>   2. How to accomplish this change?

Presumably you use a GRANT command as in ANSI SQL92.  The specifics may be
slightly different for postgresql's unix socket authentication; I am not so
familiar with it.

-- 
 - mdz

debian-exim mailing list?

[Josip Rodin]

Hi,

I'm perplexed about the mailing list request about Exim.
On one hand, exim is an important package, and there are already ample
precedents like debian-apache, debian-ssh and debian-tetex-maint;
but on the other hand, there's alioth.debian.org which allows for easier
creation and maintenance of per-package mailing lists.

What do others think?

-- 
 2. That which causes joy or happiness.

Re: debian-exim mailing list?

[Bernd Eckenfels]

On Sun, May 25, 2003 at 11:03:36PM +0200, Josip Rodin wrote:
> but on the other hand, there's alioth.debian.org which allows for easier
> creation and maintenance of per-package mailing lists.

we should generally decide to migrate (all) mailinglists, or only create new
project mailinglists and not user support lists, or whatever.

In fact I dont mind about which solution/decision is done, I just dont think
it is a good idea to suddenly point people to alioth like it always existed,
and it is the only reasonable way to go. There are quite a lot of reasons to
not host a list on alioth. Most prominent the fact, that it is not visible
on the mailinglist page. Cannot talk about the QOS.

Greetings
Bernd
-- 
  (OO)  -- [EMAIL PROTECTED] --
 ( .. )  [EMAIL PROTECTED],linux.de,debian.org} http://home.pages.de/~eckes/
  o--o *plush*  2048/93600EFD  [EMAIL PROTECTED]  +497257930613  BE5-RIPE
(OO)  When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!

Re: debian-x86-64 mailing list has been created

[Robert Millan]

On Sun, May 25, 2003 at 10:34:59PM +0200, Josip Rodin wrote:
> Hi,
> 
> $Subject. Enjoy.
> 
> http://lists.debian.org/debian-x86-64/

thanks Josip!

CCing debian-devel as there likely are people interested around.

-- 
Robert Millan

make: *** No rule to make target `war'.  Stop.

Another world is possible - Just say no to genocide

Re: Debian conference in the US?

[Adam Majer]

On Sun, May 25, 2003 at 03:36:39PM -0400, Jaldhar H. Vyas wrote:
> On Sat, 24 May 2003, Adam Majer wrote:
> 
> > PS. Personally, I would prefer to travel for a DebConf in
> > Cuba than in US. Really.
> >
> 
> So let me get this straight.  Instead of a country where people are
> occasionally subject to bureaucratic hassles, (assuming Russell and
> Geordies' sources amount to anything more than innuendo which is not
> clear.) you would rather go to a place where the immigration policy
> consists of shooting people?

s/Immigration/Emigration/ ? You do realize that US is pretty much the
only country that still has an embargo againt Cuba? Of course they
would not do the same to China.. H.. And why could that be?

2 commandments of Politics:
  1. follow the money
  2. see #1

Anyway, this is getting very off-topic Back to Debian. A!!

- Adam

Re: Debian conference in the US?

[Sven Luther]

On Sun, May 25, 2003 at 03:36:39PM -0400, Jaldhar H. Vyas wrote:
> On Sat, 24 May 2003, Adam Majer wrote:
> 
> > PS. Personally, I would prefer to travel for a DebConf in
> > Cuba than in US. Really.
> >
> 
> So let me get this straight.  Instead of a country where people are
> occasionally subject to bureaucratic hassles, (assuming Russell and
> Geordies' sources amount to anything more than innuendo which is not
> clear.) you would rather go to a place where the immigration policy
> consists of shooting people?

And you do have proof of that claim, do you ? Or did you only gather
that from a bunch of James Bond movies ?

Friendly,

Sven Luther

Re: Help wanted for packaging postgresql application

[Adam Majer]

On Sun, May 25, 2003 at 04:50:03PM -0400, Matt Zimmerman wrote:
> On Sun, May 25, 2003 at 09:56:04PM +0200, Andreas Tille wrote:
> 
> > I want to package GnuMed which is a Python application accessing
> > PostgreSQL server.
> > 
> >  http://bugs.debian.org/166282
> > 
> > It comes with a Python bootstrap routine.  That means the postinst script
> > would need a working Python and PostgreSQL server installed.
> > 
> > I think I would solve this by a simple check whether Python and PostgreSQL
> > are working. If not I would use a Debconf message to tell the user, what
> > to do after installation of all prerequsites is done.  If there is any
> > better way to accomplish this I would be happy for hints.
> 
> For python, you only need to declare Depends: python to ensure that python
> is installed and configured when your postinst runs.

Wouldn't you need predepends?

Re: Help wanted for packaging postgresql application

[Matt Zimmerman]

On Sun, May 25, 2003 at 04:30:08PM -0500, Adam Majer wrote:

> On Sun, May 25, 2003 at 04:50:03PM -0400, Matt Zimmerman wrote:
> > For python, you only need to declare Depends: python to ensure that python
> > is installed and configured when your postinst runs.
> 
> Wouldn't you need predepends?

No.

-- 
 - mdz

Re: debian-exim mailing list?

[Josip Rodin]

On Sun, May 25, 2003 at 11:36:23PM +0200, Bernd Eckenfels wrote:
> > but on the other hand, there's alioth.debian.org which allows for easier
> > creation and maintenance of per-package mailing lists.
> 
> we should generally decide to migrate (all) mailinglists, or only create
> new project mailinglists and not user support lists, or whatever.

I think it's impossible to say packages automatically don't "deserve" a list
on lists.d.o, but it would also be silly to set up 1 lists, one (or
more!) for each package.

> I just dont think it is a good idea to suddenly point people to alioth
> like it always existed, and it is the only reasonable way to go.

And I suggested this... when? Let's not start with random accusations just
yet.

> There are quite a lot of reasons to not host a list on alioth. Most
> prominent the fact, that it is not visible on the mailinglist page.

That doesn't have to be, it's reasonably easy for me to add external lists
into lists.d.o lists (sic, heh).

> Cannot talk about the QOS.

Point. Gforge-managed Mailman, IIRC, but I didn't try.

-- 
 2. That which causes joy or happiness.

Re: debian-exim mailing list?

[Marc Haber]

On Sun, 25 May 2003 23:03:36 +0200, Josip Rodin <[EMAIL PROTECTED]> wrote:
>I'm perplexed about the mailing list request about Exim.
>On one hand, exim is an important package, and there are already ample
>precedents like debian-apache, debian-ssh and debian-tetex-maint;
>but on the other hand, there's alioth.debian.org which allows for easier
>creation and maintenance of per-package mailing lists.

Please note that the mailing list request was filed months ago - well
before alioth went into service - and that your e-mail is the first
reaction to the bug report filed. We actually discussed on the
internal exim mailing list whether to move the existing mailing list
to alioth and decided against doing so for lack of a web archive.

Anyway, the major work on exim 4 packaging is done, the mailing list
we used because we didn't hear a single word of reaction to bug
#166357 has seen about 900 messages in four months. I seriously doubt
that a debian-exim mailing list is needed any more after the major
packaging effort has been almost completely finished.

If Debian would like to offer mailing lists for internal projects,
response time to requests needs to be MUCH faster. At the current
state of affairs, the time spent with writing the request has been a
total waste.

Greetings
Marc

-- 
-- !! No courtesy copies, please !! -
Marc Haber  |   " Questions are the | Mailadresse im Header
Karlsruhe, Germany  | Beginning of Wisdom " | Fon: *49 721 966 32 15
Nordisch by Nature  | Lt. Worf, TNG "Rightful Heir" | Fax: *49 721 966 31 29

Re: debian-exim mailing list?

[Sven Luther]

On Sun, May 25, 2003 at 11:53:31PM +0200, Marc Haber wrote:
> On Sun, 25 May 2003 23:03:36 +0200, Josip Rodin <[EMAIL PROTECTED]> wrote:
> >I'm perplexed about the mailing list request about Exim.
> >On one hand, exim is an important package, and there are already ample
> >precedents like debian-apache, debian-ssh and debian-tetex-maint;
> >but on the other hand, there's alioth.debian.org which allows for easier
> >creation and maintenance of per-package mailing lists.
> 
> Please note that the mailing list request was filed months ago - well
> before alioth went into service - and that your e-mail is the first
> reaction to the bug report filed. We actually discussed on the
> internal exim mailing list whether to move the existing mailing list
> to alioth and decided against doing so for lack of a web archive.
> 
> Anyway, the major work on exim 4 packaging is done, the mailing list
> we used because we didn't hear a single word of reaction to bug
> #166357 has seen about 900 messages in four months. I seriously doubt
> that a debian-exim mailing list is needed any more after the major
> packaging effort has been almost completely finished.
> 
> If Debian would like to offer mailing lists for internal projects,
> response time to requests needs to be MUCH faster. At the current
> state of affairs, the time spent with writing the request has been a
> total waste.

Well, you could have used the bugreport as interim mailing list :)))

Friendly,

Sven Luther

Re: debian-exim mailing list?

[Josip Rodin]

On Sun, May 25, 2003 at 11:53:31PM +0200, Marc Haber wrote:
> Please note that the mailing list request was filed months ago - well
> before alioth went into service - and that your e-mail is the first
> reaction to the bug report filed.

Yes, I know.

> We actually discussed on the internal exim mailing list whether to move
> the existing mailing list to alioth and decided against doing so for lack
> of a web archive.

Really?

> because we didn't hear a single word of reaction to bug #166357

> If Debian would like to offer mailing lists for internal projects,
> response time to requests needs to be MUCH faster.

The listmaster team has in the past had grave difficulties with documenting
proper procedures, even with simply communicating its issues with bug
reports to the submitters.

I would apologize in the name of the team, were it not for the fact I was
not a member of it up to very recently. (There, now that we have the blame
cast off to someone else, can we continue with this conversation normally? :)

The reason there was no action in this particular case is mostly that there
has been no real policy on whether to create lists for each package, and
more importantly, that no need for this list has been shown.

> At the current state of affairs, the time spent with writing the request
> has been a total waste.

I beg to differ... although, never mind, that statement sounds like a simple
knee-jerk reaction.

-- 
 2. That which causes joy or happiness.

Re: Orphaning my packages

[David Nusinow]

On Sun, May 25, 2003 at 12:19:57PM -0400, John Belmonte wrote:
> Aaron M. Ucko wrote:
> >Also, he seems to have no official status whatsoever; if he's serious
> >about wanting to maintain stuff, he is welcome to go through the NM
> >process.
> 
> Part of the NM process can be packaging by way of a sponsor.  I would guess 
> that it's common for a person's advocate (required to begin the NM process) 
> to be a developer who sponsored one of his packages.  So I think you have 
> the order of gaining packaging experience and going through the NM process 
> confused.
Another point of note is that nascent packagers are encouraged to adopt
other software that's already in the archive before packaging new
items. In this case, he is merely following that advice.

 - David Nusinow

Re: Bug#194155: ITP: ehnt -- Extreme Happy Netflow Tool - Obtains useful information out of netflow data

[Brian May]

On Wed, May 21, 2003 at 04:04:50PM +0200, Paul Slootman wrote:
> You might have made the effort of filling in the fields; I can't believe
> the version is x.y.z, the upstream author is  Name <[EMAIL PROTECTED]>,
> etc.  Especially the license...

Obviously the upstream author is very flexible... ;-).
-- 
Brian May <[EMAIL PROTECTED]>

Re: What makes a debconf?

[Jonathan Oxer]

On Sat, 2003-05-24 at 15:27, Brian May wrote:
> On Fri, May 23, 2003 at 05:25:29PM -0400, Joe Drew wrote:
> > Do we need some method of deciding what constitutes 'the' Debconf? 
> 
> No, as everyone knows that the only true "Debconf" are the ones in
> Australia, with LCA.

Hehe, preach it brother  ;-)

Maybe a reasonable compromise would be to have 2 'official' debconfs /
year, as 'Debconf North' and 'Debconf South' (as in Northern and
Southern hemisphere). With the last Mini-Conf in Australia attracting
more people than any Debconf so far, it's probably not unreasonable for
the annual Debian Mini-Conf at LCA to be promoted as Debconf South.

That would provide an official Debconf in each hemisphere for people
that need to convince their bosses to send them to one, making it more
attainable (ie: cheaper) but without leaching too much from each other.

Cheers

Jonathan


signature.asc
Description: This is a digitally signed message part

Bug#194705: ITP: yavipin -- daemon for creating secure tunnels

[Graham Wilson]

Package: wnpp
Version: unavailable; reported 2003-05-24
Severity: wishlist

* Package name: yavipin
  Version : 0.9.6
  Upstream Author : Jerome Etienne 
* URL : http://yavipin.sf.net/
* License : GPL [1]
  Description : daemon for creating secure tunnels

Yavipin is a daemon for creating a secure tunnel between two peers,
which allows either to securely send packets to the other.

Yavipin's main features are its network efficiency, security, and ease
of use. Its packet overhead is less than IPsec default, it supports
packet compression, and can establish a tunnel over a NAT.

Yavipin exists completly in userspace, so there is no need to recompile
your kernel. Also, since Yavipin operates at the link layer, it is able
to tunnel any kind of packet.

Security features include protection against replay attacks, efficient
session key renewal, and encryption of data sent between the peers.

[1] the author of the program has said that he would add an openssl
exception to the license, since the package uses openssl, and is
licensed under the gpl.

-- 
gram


pgpp1rYpBRX05.pgp
Description: PGP signature

Re: Very uneven distribution of packages per maintainer

[Jamie Wilkinson]

This one time, at band camp, Petter Reinholdtsen wrote:
>Packages  Developers

Looks like a normal distribution curve in gnuplot.

-- 
[EMAIL PROTECTED]   http://people.debian.org/~jaq

Re: Debian conference in the US?

[Matthew Palmer]

On Sun, 25 May 2003, Manoj Srivastava wrote:

> >> > On Thu, 22 May 2003 17:06, Miles Bader wrote:
> >> >> You mean the iraq war?  What's the point?  How is avoiding the
> >> >> U.S. going to help anything, regardless of how strongly you feel
> >> >> about the U.S. governments acts or positions?
> >>
> >> > When tourism goes down the hotel, entertainment, and airline
> >> > industries suffer.  If enough people boycott the US because of
> >> > this then it'll keep the American economy down.
> >>
> >> I see. You all are personally taking action to make it harder for
> >> my friends and relatives to find a job, or get decent health care
> >> (my ex-boss has been looking for employment for 27 months now, and
> >> my step daughter does not have a job with benefits), and you expect
> >> me to have sympathy for your views?
> 
> > Do you have a better way of encougaging the U.S.A. to take an
> > alternate stance?
> 
>   Try by not blackmailing us.

Wish to elaborate on that one a little?  I'm finding it hard to work out how
"not blackmailing" you is going to encourage the U.S.A. to rethink it's
policies.

> > Remember, the rest of the world does *not* owe you and yours a
> > living.
> 
>   Quite. But if they take delibrate action to hurt _any_
>  country, or its economy, they shall have to live with the consequences.

Boycott us back.  Considering the US government screws .au at every
opportunity, I doubt we'd even notice.


-- 
---
#include 
Matthew Palmer, Geek In Residence
http://ieee.uow.edu.au/~mjp16

Re: Debian conference in the US?

[Jaldhar H. Vyas]

On Sun, 25 May 2003, Sven Luther wrote:

> > So let me get this straight.  Instead of a country where people are
> > occasionally subject to bureaucratic hassles, (assuming Russell and
> > Geordies' sources amount to anything more than innuendo which is not
> > clear.) you would rather go to a place where the immigration policy
> > consists of shooting people?
>
> And you do have proof of that claim, do you ? Or did you only gather
> that from a bunch of James Bond movies ?
>
> Friendly,
>
> Sven Luther
>

I could swear there are more examples but a very quick google search only
turned up this[1] from 1993.  Perhaps now things have changed and now you
only get shot for staying _in_ Cuba[2].


[1] http://www.fiu.edu/~fcf/us.rips.cruelty.html

[2] http://www.guardian.co.uk/cuba/story/0,11983,944925,00.html


-- 
Jaldhar H. Vyas <[EMAIL PROTECTED]>
La Salle Debain - http://www.braincells.com/debian/

Re: Debian conference in the US?

[John H. Robinson, IV]

Jaldhar H. Vyas wrote:
> 
> The West coast may be more expensive to get to for foreign visitors.
> But I like the other suggestion of Florida.  Lot's of cheap flights to
> there.

i live on the west coast (san diego, specifically), but if there was a
debconf held in southern florida (fort lauderdale, specifically) i would
do my damndest to get there.

-john, one of the rarest of breeds: a native floridian