Re: Packages built with unchecked dependencies
On Thu, 24 Jul 2008, Enrico Zini wrote: > and found that not even our buildds check signatures The reason they do this is that they build from incoming (queue/accepted). And incoming is not signed. I asked Ryan and Joerg if that could be changed a few weeks ago and they said they'd look into it. Joerg mentioned something about doing it during debcamp. Cheers, weasel -- | .''`. ** Debian GNU/Linux ** Peter Palfrader | : :' : The universal http://www.palfrader.org/ | `. `' Operating System | `-http://www.debian.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Packages built with unchecked dependencies
On Fri, Jul 25, 2008 at 09:49:00AM +1000, Brian May wrote:
>> Am I the only one that feels very, very uncomfortable about this?
> Yes. Errr... I mean... No! It also makes me uncomfortable too. If there
> is some good reason, I don't know what it is. Even if the network path
> was completely trusted, I can't think why signature checking should be
> disabled.
This is mentioned in the thread that Raphael Geisser points to in the
other message: basically, the buildds skip signature checking because
they also need to get packages from incoming, which are not in a signed
repository. I'm following up to this in a reply to Raphael, though.
> Anyway, I am lazy ;-). How did you reconfigure sbuild to enable
> signature checking?
It seems that you can't, in my version of sbuild, unless you patch the
code. The code responsible for disabling signature checking is in
/usr/share/perl5/Sbuild/Chroot.pm and it does not seem to allow any sort
of customisation:
sub _setup_options (\$\$) {
[...]
if (defined($info) &&
defined($info->{'Location'}) && -d $info->{'Location'}) {
[...]
my $aptconf = "/var/lib/sbuild/apt.conf";
[...]
# Always write out apt.conf, because it may become outdated.
if (my $F = new File::Temp( TEMPLATE => "$aptconf.XX",
DIR => $self->get('Location'),
UNLINK => 0) ) {
print $F "APT::Get::AllowUnauthenticated true;\n";
print $F "APT::Install-Recommends false;\n";
if (! rename $F->filename, $chroot_aptconf) {
die "Can't rename $F->filename to $chroot_aptconf: $!\n";
}
}
} else {
die $self->get('Chroot ID') . " chroot does not exist\n";
}
}
> (On the topic of schroot and sbuild, I found this references useful; it
> is getting dated now but some parts are still relevant:
>
Re: Packages built with unchecked dependencies
On Fri, Jul 25, 2008 at 10:57:40AM +0200, Peter Palfrader wrote: > On Thu, 24 Jul 2008, Enrico Zini wrote: > > and found that not even our buildds check signatures > The reason they do this is that they build from incoming > (queue/accepted). And incoming is not signed. I asked Ryan and Joerg > if that could be changed a few weeks ago and they said they'd look into > it. Joerg mentioned something about doing it during debcamp. Oh thanks, lovely. I'm glad to hear something's moving: I feel a bit better now. Ciao, Enrico -- GPG key: 1024D/797EBFAB 2000-12-05 Enrico Zini <[EMAIL PROTECTED]> signature.asc Description: Digital signature
Bug#492325: ITP: phpmyid -- standalone, single user, OpenID identity provider
Package: wnpp Severity: wishlist Owner: Andreas Schildbach <[EMAIL PROTECTED]> * Package name: phpmyid Version : 0.9 Upstream Author : CJ Niemira <[EMAIL PROTECTED]> * URL : http://siege.org/projects/phpMyID/ * License : GPL Programming Lang: PHP Description : standalone, single user, OpenID identity provider phpMyID is a single user identity Provider for the OpenID framework. It's a single PHP script with minimal dependancies. You don't need a database, you don't need to make your filesystem writable. OpenID is an open, decentralized, free framework for user-centric digital identity. -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Packages built with unchecked dependencies
On Fri, Jul 25, 2008 at 10:08:57AM +0100, Enrico Zini wrote: > It seems that you can't, in my version of sbuild, unless you patch the > code. ...and if you want to patch the code, you can actually do it using the patch that I've just prepared and sent at http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=492327 Ciao, Enrico -- GPG key: 1024D/797EBFAB 2000-12-05 Enrico Zini <[EMAIL PROTECTED]> signature.asc Description: Digital signature
Re: Intel Atom Processor
Dear Ben and dear Jose, Ben Armstrong wrote: > On Thu, 24 Jul 2008 15:09:57 +0200 > Steffen Moeller <[EMAIL PROTECTED]> wrote: > >> The EeePCs are sold throughout large resellers (Saturn, Staples, ...) in >> Germany and at least until the new ones get out they all ship with >> Debian - perfectly visible to every potential customer passing by. I have >> not seen Debian or Linux on any product before in these shops. So, I >> really think that for the perception of Debian (and Linux at large) it would >> be good if there was some initiative that gives Debian on these >> machines some backup. > > You are aware of http://wiki.debian.org/DebianEeePC I hope? (Aha, I > see it has already been mentioned elsewhere in this thread, good.) many thanks for your reply. Your web sites are indeed what I wanted to see, possibly a bit too far away from John Doe who just bought such a machine as a Newbie Linux user, but nevertheless, I particularly liked the status page on http://wiki.debian.org/DebianEeePC/Status. Your site has no visibility to anyone in the shop who needs to make an informed decision about whether taking the risk to go for the XP route (which that guy probably knows well) and the Linux route (which saves some cash but gives you the impression to be alone). Sales of the Linux version are reportedly going sufficiently well to keep it in the shop, but they are selling far more Windows machines. > We take a very practical, bottom-up approach. Get Debian working well > on one platform, the Eee PC. Then make things as general as possible > and support it as quickly as possible in Debian itself. I think if you > start top down: "let's tackle the problem of making Debian well > supported on this whole class of systems", a laudable goal, mind you, > then you will very quickly bog down in the execution unless you have > resources that go beyond what we currently have in the debian-eeepc > project. > > So what do you think you could do particularly with regards to the Eee > to see it on these systems in shops? We've talked a bit to Asus and > they've even assigned some people to talk to Debian about development > for the Eee. But I'm afraid so far our focus has been very much on > just getting Lenny out the door with solid support for the Eee and not > so much on these bigger-picture issues. I'll translate that status page to German tonight since I liked it. Also will I then use some scribus or LaTeX magic to transform that page into a flyer that, if you agree to it, I will then carry to the local stores and just see what they say. Those stores will fight a lot not give the impression that they would do support themselves, so I need to think about the right wording here. I'll do that both in English and German, should not be too hard. Best, Steffen -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Screenshots of GUI applications (again)
On Tue, Jul 22, 2008 at 05:05:03PM +0200, Christoph Haas wrote: > the matter has been discussed at least twice already. Roberto C. Sanchez > brought the matter back up in January 2008. On d-d? I can't find that thread in the list archives... I would like to raise the issue of licensing. Is a screenshot a derivative work from which it is taken? Could it therefore fall under the same license as the parent (or in the case of the GPL, have to fall under the same license)? I've heard it mentioned that screenshots could be considered quoting under "fair use". I'm not sure what fair use grants you and whether it preserves DFSG freedoms. Of course, the content need not be DFSG-compatible if it is hosted on a website, but it would seem to me that it is very desirable for it to be. This issue is also being discussed in #487218 against games-thumbnails (which puts the screenshots in the archive). -- Jon Dowland -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Screenshots of GUI applications (again)
On Fri, Jul 25, 2008 at 02:40:20PM +0100, Jon Dowland wrote: > On Tue, Jul 22, 2008 at 05:05:03PM +0200, Christoph Haas wrote: > > the matter has been discussed at least twice already. Roberto C. Sanchez > > brought the matter back up in January 2008. > > On d-d? I can't find that thread in the list archives... <[EMAIL PROTECTED]> and <[EMAIL PROTECTED]> were the two previous discussions. -- James GPG Key: 1024D/61326D40 2003-09-02 James Vega <[EMAIL PROTECTED]> signature.asc Description: Digital signature
Re: Screenshots of GUI applications (again)
On Fri, Jul 25, 2008 at 9:40 PM, Jon Dowland <[EMAIL PROTECTED]> wrote: > I would like to raise the issue of licensing. This is being looked into by SPI's legal counsel. I'll be sure to forward the findings to the games-thumbnails bug and debian-legal. -- bye, pabs http://wiki.debian.org/PaulWise -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#492362: ITP: step-into-chinese -- A tool to assist English speakers to understand Chinese
Package: wnpp Severity: wishlist Owner: Asias He <[EMAIL PROTECTED]> * Package name: step-into-chinese Version : 0.6.dfsg-1 Upstream Author : Charles B. Cosse <[EMAIL PROTECTED]> * URL : http://www.asymptopia.org/index.php?topic=StepIntoChinese * License : GPL2 Programming Lang: Python Description : A tool to assist English speakers to understand Chinese Step Into Chinese is a flexible language-mining tool to assist English speakers seeking to understand Chinese language. The lack of a one-to-one correspondence between Chinese characters and the corresponding Pinyin is often regarded as the greatest difficulty facing learners of Chinese. Step Into Chinese has been designed to address exactly this difficulty. . Inside is an extensively cross-referenced data structure which allows the user to pursue deeper understanding of contexts, for example, by "locking on" to a particular Pinyin context and viewing successive instances of the same morpheme used in similar contexts. -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.25-2-686 (SMP w/1 CPU core) Locale: LANG=zh_CN.UTF-8, LC_CTYPE=zh_CN.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#492376: ITP: libwwwbrowser-perl -- Platform independent means to start a WWW browser
Package: wnpp Severity: wishlist Owner: Carlo Segre <[EMAIL PROTECTED]> * Package name: libwwwbrowser-perl Version : 2.23 Upstream Author : Slaven Rezic <[EMAIL PROTECTED]> * URL : http://user.cs.tu-berlin.de/~eserte/src/perl/WWWBrowser/ * License : GPL or Artistic Programming Lang: Perl Description : Platform independent means to start a WWW browser Perl module which starts a web browser, in the background for X11, with a specified URL. Options exist to use a user-specified browser, including text browsers, which are started in a terminal window. -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#492381: ITP: pymxitt -- MXit transport for Jabber
Package: wnpp Severity: wishlist Owner: Ricardo Ichizo <[EMAIL PROTECTED]> * Package name: pymxitt Version : 0.1 Upstream Author : Norman Rasmussen <[EMAIL PROTECTED]> * URL : http://xmpppy.sourceforge.net/mxit/ * License : GPL Programming Lang: Python Description : MXit transport for Jabber PyMXitt -- the purpose of this transport is to provide a way for users to be logged into MXit via their Jabber account. -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 2.6.24-1-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) Shell: /bin/sh linked to /bin/bash -- _(~)_ )"( [[ n1ghtcr4wler ]] (@_@) xmpp:[EMAIL PROTECTED] signature.asc Description: Digital signature
Bug#492388: ITP: fox -- Free Objects for Xtallography
Package: wnpp Severity: wishlist Owner: Carlo Segre <[EMAIL PROTECTED]> * Package name: fox Version : 1.7.7.0 Upstream Author : Vincent Favre-Nicolin <[EMAIL PROTECTED]> * URL : http://objcryst.sourceforge.net/Fox/FoxWiki * License : GPL Programming Lang: C++ Description : Free Objects for Xtallography FOX is a program for the ab initio structure determination from powder diffraction (neutrons, X-Ray). The crystal structure can be described as any combination of atoms, molecules or polyhedras, without a priori information about the connectivity of these 'building block'. Fox can make multi-pattern global optimizations, and automatically correct special positions. . FOX could also be used for educational purposes, to display Crystal Structures in 3D with the associated Powder Pattern -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Bug#492157: ITP: apollo -- The Apollo Solr Server
On Thu, Jul 24, 2008 at 03:47:53PM +1200, Paul Waite wrote: > Description : The Apollo Solr Server That is not a description, that's just the full name. What does this package do? I cannot find any answer in the long description either. The project website mentions that it is an "enterprise search server". Still vague, but I guess it is something equivalent to htdig. Both the short and long description should make clear that this is a web-based search engine/server/whatever. > The Apollo Solr Server is a debian packaging of the standard Solr Server > available from the Apache project (http://lucene.apache.org/solr/). This There is no need to mention that this is a Debian package. Also, the URL to the project page is already in the Homepage: header, there is no need to repeat it. > package can be installed with replication enabled, either as a Master or > a Slave. The latter is set up for you to rsync from the Master via cron. > > This apollo package also supports any number of instances of Solr, > running on separate ports. These are managed via a common utility 'apollo' > to provide create, remove, purge, start, stop, restart, and status. > > The package also includes a MaoriMacronsFilter plugin which can be set up > in your schema.xml to map macronned characters to stright ascii on both > index and query operations. The default schema.xml has this set up for > the 'text' field type already. It is a trivial exercise to provide other > mappings. The rest of the description reads like a manual page, not like a description of the features of Solr. Then, where does the name "Apollo" come from? I do not see any reference to that name on the Solr website. Finally, it seems Solr is already packaged by the Debian Java Maintainers, see http://packages.debian.org/solr-tomcat5.5. If there is anything in your package that is not in theirs, please coordinate with them. -- Met vriendelijke groet / with kind regards, Guus Sliepen <[EMAIL PROTECTED]> signature.asc Description: Digital signature
Re: Bug#492157: ITP: apollo -- The Apollo Solr Server
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Guus, Your other comments are out of date (see the BTS for full bug report e-mail conversation), however many thanks for your reply. This feedback is important though: > Finally, it seems Solr is already packaged by the Debian Java > Maintainers, see http://packages.debian.org/solr-tomcat5.5. If there is > anything in your package that is not in theirs, please coordinate with > them. I'll start out by saying that I'm quite happy NOT to package this separately if that's the general consensus. In fact, I hoped this particular discussion would ensue as I certainly don't want to be spending my time maintaining a package that nobody wants! However in reply to the above suggestion, I would point out that apollo takes a different approach to theirs, as it creates a single instance of the jetty-based example from the Solr tarball, then constructs a framework around that which provides two important features lacking in the above: master/slave replication, out-of-the-box from debconf multiple Solr instances running on the same machine Apollo also installs nicely on the current stable (etch) which was one of the drivers for creating something myself, and not using the above, which at the time of testing did not. Apollo has been running on etch in our client production systems for a year now. Given that lenny is not yet released, and even when it is there will be a *lot* of etch servers running out there for a long while, I think this is still a very useful attribute. I obviously looked at the above Debian Maintainers packages solr-common, solr-jetty and solr-tomcat initially, when starting out to build the above-mentioned applications for our clients, however the fact that they didn't install on our stable (etch) production servers was a blocker. Hence apollo came into being. I should also add that apollo is currently built as a native Debian package, where the Solr tarball is downloaded in the build process, and then bits of it used to construct the apollo binary package. I look forward to your comments on the above, and also on this packaging approach. If you (or anyone) wants a preview of the package, then let me know. As I began by saying, it could be that this package isn't deemed to be useful or suitable for Debian. That's fine with me, my motivation was to make available something that I had already built and am currently using in production systems, to other potential users of Solr. Cheers, Paul. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIij8DtfkpAgkMOyMRAtZ8AJ94OwcLBVbaqpm0X4ZJXFosxfK5yACfQghi ZQl/OaTf4xARojKGIDpQU0Y= =ajyE -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Bug#492157: ITP: apollo -- The Apollo Solr Server
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On further reflection I have decided to withdraw apollo from ITP for now. Although I believe it would be very useful for folks wishing to use Solr in multiple instances with replication out-of-the-box, I now believe there are still some issues around the packaging of it that I want to resolve first. Many thanks to all who contributed to this with feedback. Cheers, Paul. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIiluUtfkpAgkMOyMRAoiEAJ48ZGfknaVtmCSQgAGQ4jyRBmoihgCguDPT pun1FDjxomjhPrzMmBP81No= =EArd -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Screenshots of GUI applications (again)
Jon Dowland <[EMAIL PROTECTED]> writes: > I would like to raise the issue of licensing. Is a screenshot a > derivative work from which it is taken? Could it therefore fall > under the same license as the parent (or in the case of the GPL, > have to fall under the same license)? By my understanding, yes, it could be argued that way. > I've heard it mentioned that screenshots could be considered quoting > under "fair use". I'm not sure what fair use grants you and whether > it preserves DFSG freedoms. There's no such thing as "fair use" in international copyright conventions. Different jurisdictions have diverse local-only implementations of something analogous, but many have no such thing at all. It's not something that can be relied upon for international use. -- \ “I was sad because I had no shoes, until I met a man who had no | `\ feet. So I said, ‘Got any shoes you're not using?’” —Steven | _o__) Wright | Ben Finney -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#492419: ITP: squeezecenter -- Streaming Audio Server
Package: wnpp Severity: wishlist Owner: "Carl Fürstenberg" <[EMAIL PROTECTED]> * Package name: squeezecenter Version : 7.0.1 Upstream Author : Logitech/Slim Devices <[EMAIL PROTECTED]> * URL : http://www.slimdevices.com/ * License : GPL, Artistic Programming Lang: Perl Description : Streaming Audio Server SlimServer is a cross-platform streaming server that supports a wide range of formats, including AAC, AIFF, FLAC, Ogg Vorbis, MP3, WAV, and WMA. Note: The upstream package has to be repackaged because of first most non-free data (firmwares and some fonts primary). Also does upstream tar include all CPAN modules used). Probably must some images also be removed from the source. -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Bug#492419: ITP: squeezecenter -- Streaming Audio Server
Carl Fürstenberg <[EMAIL PROTECTED]> (26/07/2008): > * Package name: squeezecenter > > SlimServer is a cross-platform streaming server that supports a wide > range of formats, including AAC, AIFF, FLAC, Ogg Vorbis, MP3, WAV, and > WMA. Misleading description? One might wonder how SlimServer relates to squeezecenter, or the other way round. Mraw, KiBi. signature.asc Description: Digital signature
