Re: Bug#540215: Introduce dh_checksums

[Goswin von Brederlow]

Wouter Verhelst  writes:

> On Fri, Mar 12, 2010 at 05:16:55AM +0100, Goswin von Brederlow wrote:
>> Harald Braumann  writes:
>> 
>> > On Wed, Mar 10, 2010 at 03:32:14PM +0100, Wouter Verhelst wrote:
>> >>
>> >> Having package.checksums be GPG-signed will take a significant change in
>> >> our infrastructure (buildd hosts, for instance, would need to have a way
>> >> to sign checksums files as well), so it's not going to happen
>> >> tomorrow.
>> 
>> That can be avoided by including a hash of the checksum file in the
>> Packages files.
>
> That doesn't help for the problem we're trying to fix here: having a
> path to a GPG signature from an individual binary on the hard disk,
> months or years after the package was installed.
>
> With your proposal, you lose the signatures once the package is out of
> the archive and you run 'apt-get update'.

Then don't do that. :)

I don't think signing the checksum file itself will be feasable as that
would alter the contents of the deb and change the checksums in the
changes files autobuilders send the admin for signing. It would break
the existing signing infrastructure for autobuilders. It would also
require running dpkg-genchanges again during signing or otherwise adjust
the checksums in the changes file.

But for packages no longer in the archive there is snapshot.debian.net
(or the official replacement).

MfG
Goswin


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/87eijj7523@frosties.localdomain

Bug#574274: ITP: atspiuiasource -- At-spi UIA source

[Ray Wang]

Package: wnpp
Severity: wishlist
Owner: Ray Wang 

* Package name: atspiuiasource
  Version : 2.0
  Upstream Author : Mono Accessibility 
* URL : http://www.mono-project.com/Accessibility
* License : MIT/X
  Programming Lang: C#
  Description : At-spi UIA source

At-spi UIA source client side



-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20100317094352.2274.38926.report...@ray-desktop

Bug#574275: ITP: at-spi-sharp -- C# bindings for at-spi

[Ray Wang]

Package: wnpp
Severity: wishlist
Owner: Ray Wang 

* Package name: at-spi-sharp
  Version : 1.0
  Upstream Author : Mono Accessibility 
* URL : http://www.mono-project.com/Accessibility
* License : MIT/X
  Programming Lang: C#
  Description : C# bindings for at-spi

C# mono bindings for at-spi.



-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20100317094349.2150.11232.report...@ray-desktop

Bug#574276: ITP: re2 -- efficient, principled regular expression library

[Stefano Rivera]

Package: wnpp
Severity: wishlist
Owner: Stefano Rivera 


* Package name: re2
  Version : 0+hg10+dfsg
  Upstream Author : Google Inc.
* URL : http://code.google.com/p/re2/
* License : BSD
  Programming Lang: C++
  Description : efficient, principled regular expression library

RE2 is a fast, safe, thread-friendly alternative to backtracking regular
expression engines like those used in PCRE, Perl, and Python. It is a C++
library.

RE2 uses automata theory to guarantee that regular expression searches run in
time linear in the size of the input. RE2 implements memory limits, so that
searches can be constrained to a fixed amount of memory. RE2 is engineered to
use a small fixed C++ stack footprint no matter what inputs or regular
expressions it must process; thus RE2 is useful in multithreaded environments
where thread stacks cannot grow arbitrarily large.

On large inputs, RE2 is often much faster than backtracking engines; its use
of automata theory lets it apply optimizations that the others cannot.


It hasn't released a version yet, but is reported to have been widely used
within Google for a while. We presume it has stabilised a bit.



-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20100317100641.13486.30844.report...@bach

Bug#574278: ITP: at-spi-sharp -- C# bindings for at-spi

[Ray Wang]

Package: wnpp
Severity: wishlist
Owner: Ray Wang 

* Package name: at-spi-sharp
  Version : 1.0
  Upstream Author : Mono Accessibility 
* URL : http://www.mono-project.com/Accessibility
* License : MIT/X
  Programming Lang: C#
  Description : C# bindings for at-spi

C# mono bindings for at-spi.



-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20100317100755.2676.53742.report...@ray-desktop

Bug#574279: ITP: atspiuiasource -- At-spi UIA source

[Ray Wang]

Package: wnpp
Severity: wishlist
Owner: Ray Wang 

* Package name: atspiuiasource
  Version : 2.0
  Upstream Author : Mono Accessibility 
* URL : http://www.mono-project.com/Accessibility
* License : MIT/X
  Programming Lang: C#
  Description : At-spi UIA source

At-spi UIA source client side



-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20100317100757.2681.59095.report...@ray-desktop

Re: Bug#540215: Introduce dh_checksums

[Wouter Verhelst]

On Wed, Mar 17, 2010 at 08:58:28AM +0100, Goswin von Brederlow wrote:
> Wouter Verhelst  writes:
> 
> > On Fri, Mar 12, 2010 at 05:16:55AM +0100, Goswin von Brederlow wrote:
> >> Harald Braumann  writes:
> >> 
> >> > On Wed, Mar 10, 2010 at 03:32:14PM +0100, Wouter Verhelst wrote:
> >> >>
> >> >> Having package.checksums be GPG-signed will take a significant change in
> >> >> our infrastructure (buildd hosts, for instance, would need to have a way
> >> >> to sign checksums files as well), so it's not going to happen
> >> >> tomorrow.
> >> 
> >> That can be avoided by including a hash of the checksum file in the
> >> Packages files.
> >
> > That doesn't help for the problem we're trying to fix here: having a
> > path to a GPG signature from an individual binary on the hard disk,
> > months or years after the package was installed.
> >
> > With your proposal, you lose the signatures once the package is out of
> > the archive and you run 'apt-get update'.
> 
> Then don't do that. :)

We can hardly say to our users "if you want to be able to check
signatures, never run run apt-get update"...

> I don't think signing the checksum file itself will be feasable as that
> would alter the contents of the deb and change the checksums in the
> changes files autobuilders send the admin for signing.

Yes, it would be a problem for autobuilders. However, I don't think it's
completely unfeasible.

> It would break the existing signing infrastructure for autobuilders.
> It would also require running dpkg-genchanges again during signing or
> otherwise adjust the checksums in the changes file.
> 
> But for packages no longer in the archive there is snapshot.debian.net
> (or the official replacement).

Which are both not very useful at the moment.

-- 
The biometric identification system at the gates of the CIA headquarters
works because there's a guard with a large gun making sure no one is
trying to fool the system.
  http://www.schneier.com/blog/archives/2009/01/biometrics.html


signature.asc
Description: Digital signature

Re: Bug#540215: Introduce dh_checksums

[Paul Wise]

On Wed, Mar 17, 2010 at 5:31 PM, Wouter Verhelst  wrote:

>> But for packages no longer in the archive there is snapshot.debian.net
>> (or the official replacement).
>
> Which are both not very useful at the moment.

I've found http://snapshot-dev.debian.org quite useful recently.

-- 
bye,
pabs

http://wiki.debian.org/PaulWise


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/e13a36b31003170408q28ad567x9222db5c6eb4d...@mail.gmail.com

Re: Bug#540215: Introduce dh_checksums

[Harald Braumann]

On Wed, Mar 17, 2010 at 08:58:28AM +0100, Goswin von Brederlow wrote:
> I don't think signing the checksum file itself will be feasable as that
> would alter the contents of the deb and change the checksums in the
> changes files autobuilders send the admin for signing. It would break
> the existing signing infrastructure for autobuilders. It would also
> require running dpkg-genchanges again during signing or otherwise adjust
> the checksums in the changes file.

It should be signed at build time, just after dh_shasums and then the
sig file packaged together with all the other files. I don't see a
problem with that. Or maybe I'm not getting something here?

Cheers,
harry


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20100317114158.ga17...@nn.nn

Re: Bug#571255: udev_151-3_amd64 failed at apt-get install

[Marco d'Itri]

severity 571255 grave
found 571255 150-1
thanks

The preinst code which guaranteed lockstep upgrades of udev and kernel
packages does not work reliably anymore, apparently because apt now
tries to install the kernel and udev packages with different dpkg runs.
We need a new solution which does not require users to manually disable
the check...

-- 
ciao,
Marco


signature.asc
Description: Digital signature

Processed: Re: Bug#571255: udev_151-3_amd64 failed at apt-get install

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> severity 571255 grave
Bug #571255 {Done: m...@linux.it (Marco d'Itri)} [udev] Udev 151-2 upgrade 
problem on debian-testing-'squeeze' i386 cd  binary1 20090302-04-:09
Severity set to 'grave' from 'normal'

> found 571255 150-1
Bug #571255 {Done: m...@linux.it (Marco d'Itri)} [udev] Udev 151-2 upgrade 
problem on debian-testing-'squeeze' i386 cd  binary1 20090302-04-:09
Bug Marked as found in versions udev/150-1 and reopened.
> thanks
Stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/handler.s.c.126882641313036.transcr...@bugs.debian.org

Bug#571255: Info received (Bug#571255: udev_151-3_amd64 failed at apt-get install)

[Debian Bug Tracking System]

Thank you for the additional information you have supplied regarding
this Bug report.

This is an automatically generated reply to let you know your message
has been received.

Your message is being forwarded to the package maintainers and other
interested parties for their attention; they will reply in due course.

Your message has been sent to the package maintainer(s):
 Marco d'Itri 

If you wish to submit further information on this problem, please
send it to 571...@bugs.debian.org.

Please do not send mail to ow...@bugs.debian.org unless you wish
to report a problem with the Bug-tracking system.

-- 
571255: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=571255
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/handler.571255.b571255.126882641313045.acki...@bugs.debian.org

Re: Bits from the Release Team: What should go into squeeze?

[Andrew Lee]

Following Yves-Alexis to update the status on LXDE team. :)

As we are just initialing to build a LXDE team for related packages. I
expected we would make these works done faster and more smoothly.

The lxsession 0.4.2 is pending for upload as lxsession 0.4.1 is still in
sid and blocked lxde-common 0.5.0 to be move to testing. LXDE could be
well released as they are now in Sid. But we have a few more important
stuffs we'd like to push into squeeze to release together with
lxde-common 0.5.0:
- pcmanfm 0.9: (with libfm) rewritten to solve many users requests and
wishes
- libfm 0.1: library for pcmanfm 0.9
- lxdm 0.1: a simple display manager for LXDE

>> Core components
>> ~~
>>
>> From a current point of view squeeze will release with kernel 2.6.32,
>> eglibc 2.11, Python 2.6, X11R7.5, Gnome 2.30, qt 4.6 and KDE 4.4.
> 
> And Xfce 4.6 :)

And LXDE 0.5 :)

Cheers,

-Andrew


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/4ba0c482.5000...@debian.org

Bug#574294: ITP: haskell-explicit-exception -- Haskell exceptions which are explicit in the type signature

[USB]

Package: wnpp
Severity: wishlist
Owner: "Ernesto Hernández-Novich (USB)" 


* Package name: haskell-explicit-exception
  Version : 0.1.4
  Upstream Author : Henning Thielemann 
* URL : http://hackage.haskell.org/package/explicit-exception
* License : BSD
  Programming Lang: Haskell
  Description : Haskell exceptions which are explicit in the type signature

This library provides a synchronous and asynchronous exceptions which are
explicit in the type signature. The first ones are very similar to Either
and Control.Monad.Error.ErrorT. The second ones are used for
System.IO.readFile and System.IO.hGetContents.

This is a building dependency for Haskore, a Haskell DSL and combinator
library for music manipulation and generation 

-- System Information:
Debian Release: 5.0.4
  APT prefers stable
  APT policy: (900, 'stable'), (1, 'experimental')
Architecture: i386 (i686)



--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/20100317121220.25882.37009.report...@deepthought.itverx.com.ve

Re: Bug#540215: Introduce dh_checksums

[Simon McVittie]

On Wed, 17 Mar 2010 at 12:41:58 +0100, Harald Braumann wrote:
> It should be signed at build time, just after dh_shasums and then the
> sig file packaged together with all the other files. I don't see a
> problem with that. Or maybe I'm not getting something here?

Most packages (in terms of proportion of the archive, in particular for
architectures other than i386 and amd64) are built by a buildd, so each buildd
would have to have a signing key that could sign the checksums file during
build. Further, the build part of a buildd runs inside a limited chroot
running the target distribution, i.e. usually unstable (the "real system" runs
stable with a backported version of sbuild), which doesn't have access to any
key material in the "real system".

At the moment buildds don't have their own keys: a buildd maintainer inspects
the build log and signs the .changes file for upload.

Even for maintainer uploads, maintainers who build their packages in a
minimal chroot with schroot, pbuilder, cowbuilder etc. (which is strongly
recommended) don't necessarily have their signing key available inside
the chroot (nor should they!).

I build my packages with sbuild/schroot, and my GPG key isn't available inside
the build system as a result of using gfcombinefs to split my key between my
laptop and a USB stick (so that if either is stolen, my key isn't compromised).
I'm told some developers take this further, and only store their key on a
non-networked machine to which they transfer files for signing (the current
package upload procedure makes this possible - they only really need to
transfer the .changes file, in fact). I think it would be irresponsible to
make it necessary for DDs to choose between weakening the security of their
GPG keys, or producing less reproducible builds.

Another issue with signing automatically at build-time is that it gives
preliminary versions of a package the same level of authentication (signature)
as the uploaded version. It sometimes takes a few iterations to make a final
build of a package, so the workflow I use is to build an unsigned package and
test it. If it works well enough to be suitable for upload, I sign and upload
it; if it doesn't, I discard it, amend the source and repeat.

Simon


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/20100317143631.ga5...@reptile.pseudorandom.co.uk

Re: Suggestions to fix #433462 (add free space info to reportbug)

[Goswin von Brederlow]

Sandro Tosi  writes:

> Hi all,
> in bug #433462 there is a request to add free space information in
> reportbug standard info appended to bug report.
>
> It's a valid request, that I want to fulfill, but there are some
> aspects I'd like to discuss.

If the software can not write data because the filesystem is full then
it should give a meaningfull error message. An error message containing
the location and "No space left on device" should be sufficiently
obvious to either the reportee or maintainer to diagnose the problem
without any free space information.

On the other hand including free space information will be difficult to
handle properly and possibly expose information the user considers
private.


But if you do go ahead with this consider this:

The bugreport gives the following argument: "I suspect that a lot of my
packages would fail in mysterious ways if the root partition was full."
How will his software behave with the root partition being mounted
read-only? Listing the free space on root or /usr would be completly
meaningless if they are read-only and writing to them would be a
critical bug anyway.

The only places where a normal application should write to are /tmp and
$HOME. Those could be included by default. Some packages (daemons
mostly) could further need /var/. But I would think most packages would
not be interested in that. Any other place I would think is completly
application specific and should be included only on the applications
request.

MfG
Goswin


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/87ljdqhq3k@frosties.localdomain

Bug#574366: ITP: flush -- GTK-based BitTorrent client

[Dmitry Konishchev]

Package: wnpp
Severity: wishlist
Owner: Dmitry Konishchev 


* Package name: flush
  Version : 0.9.2
  Upstream Author : Dmitry Konishchev 
* URL : http://sourceforge.net/projects/flush
* License : GPL
  Programming Lang: C++
  Description : GTK-based BitTorrent client

Flush is a GTK-based BitTorrent client. You can use it to download
files from the BitTorrent network.

Features:
* Controlling running instance by command line interface.
* Running many instances with different configs from the same user.
* Automatic copying finished downloads to specified directory.
* Setting custom download path for each file of the torrent.
* Ability to choose torrent file's character set encoding.
* Automatic torrents loading from specified directory.
* Automatic pausing and removing old torrents.
* Temporary pausing and resuming torrents.
* Overall and current session statistics.
* Creating your own torrent files.
* IP filter.

Flush uses Rasterbar's version of libtorrent.



-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20100317162245.1364.50132.report...@offline

Re: Bug#540215: Introduce dh_checksums

[Russ Allbery]

Simon McVittie  writes:

> Most packages (in terms of proportion of the archive, in particular for
> architectures other than i386 and amd64) are built by a buildd, so each
> buildd would have to have a signing key that could sign the checksums
> file during build. Further, the build part of a buildd runs inside a
> limited chroot running the target distribution, i.e. usually unstable
> (the "real system" runs stable with a backported version of sbuild),
> which doesn't have access to any key material in the "real system".

> At the moment buildds don't have their own keys: a buildd maintainer
> inspects the build log and signs the .changes file for upload.

> Even for maintainer uploads, maintainers who build their packages in a
> minimal chroot with schroot, pbuilder, cowbuilder etc. (which is
> strongly recommended) don't necessarily have their signing key available
> inside the chroot (nor should they!).

Signatures per buildd or per DD doing uploads are moderately interesting,
but not nearly as interesting as a signature by a long-term stable key
such as the archive key.

Do we actually rely anywhere on packages not changing hashes between
upload and publication in the repository, or is it just something we have
as an invariant now because there's no reason for it not to be one?  The
path of least resistance here would be for DAK to add the package
signature after verifying the signature of the uploader.  This has the
drawback that it modifies the *.deb and therefore breaks the hashes in the
*.changes file and hence its original signature, but given that we throw
out the *.changes file anyway, do we actually care?

-- 
Russ Allbery (r...@debian.org)   


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/87pr32zurw@windlord.stanford.edu

Re: Is Robert Millan MIA?

[Jan Hauke Rahm]

Hi again,

On Mon, Mar 15, 2010 at 04:34:16AM +1030, Karl Goetz wrote:
> I've not seen any life out of Robert since the middle of Febuary. I'm
> aware of several attempts to reach Robert, via Email or IRC [1]. All of
> these have been unsuccessful.  Does someone have contact with Robert
> IRL? I'm primarily worried about him and his well being as a person,
> rather then his contributors as a developer.

I am happy I can tell you that one of our fellow developers just talked
to Robert on the phone. He's fine and just taking some time off of the
usual internet stuff.

All's good after all it seems.

Hauke


signature.asc
Description: Digital signature

Future of KinoSearch in Debian

[Jonathan Yu]

Hello Dominic, et al:

Some changes are happening in KinoSearch soon which will have some
implications for Debian.

For anyone else reading this, a brief introduction to what KinoSearch is:
 KinoSearch is a loose port of the Java search engine library Apache
 Lucene, written in Perl and C. The archetypal application is website
 search, but it can be put to many different uses.

Okay, so, according to upstream, the main "KinoSearch" namespace is
going to become an unstable branch.

There will be two forks of the current version, which will be stable
branches - KinoSearch1 and KinoSearch3. This has some implications for
packages which depend on these; notably, if a package currently
depends on KinoSearch, the interface might change with new versions,
thus breaking the application.

Applications need to explicitly depend on either KinoSearch1 or
KinoSearch3, and must either be patched to use the correct version or
(preferably) be fixed upstream.

In summary, action items:
- Identify reverse dependencies of KinoSearch (apt-cache rdepends
shows nothing, but some people are probably using it for their
applications, and it is currently being used for MojoMojo--which is
packaged but hasn't been uploaded yet)
- Fix reverse dependencies to "use KinoSearch1" rather than "use
KinoSearch"; we then also need to upload libkinosearch1-perl.

I am willing to look into doing packaging work for both
libkinosearch1-perl and libkinosearch3-perl under the Debian Perl
group, unless Dominic would prefer to do so instead (since he has more
experience with KinoSearch).

The upstream developer (Marvin Humphrey) has been Cc'd to this mail,
so he can help us coordinate these changes to minimize the impact to
Debian.

Cheers,

Jonathan


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/d1b732a71003171457o6baea2f3k98592f7125313...@mail.gmail.com

Bug#574397: ITP: python-amazon-product-api -- A python wrapper for the Amazon Product Advertising API

[Sebastian Rahlf]

Package: wnpp
Severity: wishlist
Owner: Sebastian Rahlf 

* Package name: python-amazon-product-api
  Version : 0.2.2
  Upstream Author : Sebastian Rahlf 
* URL : http://pypi.python.org/pypi/python-amazon-product-api/
* License : BSD
  Programming Lang: Python
  Description : A python wrapper for the Amazon Product Advertising API

This module offers a light-weight access to the latest version of the Amazon 
Product Advertising API without getting in your way.

The Amazon API itself provides programmatic access to Amazon's product 
selection and discovery functionality. It has search and look up capabilities, 
provides information on products and other features such as Customer Reviews, 
Similar Products, Wish Lists and New and Used listings. More information about 
the API can be found at 
https://affiliate-program.amazon.com/gp/advertising/api/detail/main.html

All requests made by this module are signed as required since August 15, 2009.

-- System Information:
Debian Release: 5.0.4
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)



-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/20100317220357.13767.95543.report...@rotekroete.de

Re: Bug#540215: Introduce dh_checksums

[Wouter Verhelst]

On Wed, Mar 17, 2010 at 11:07:47AM -0700, Russ Allbery wrote:
> *.changes file and hence its original signature, but given that we throw
> out the *.changes file anyway,

This is not true.

wou...@merkel:/org/ftp.debian.org/queue/done$ ls *ges|wc -l
28969

These are only the *active* changes files, though:

wou...@merkel:/org/ftp.debian.org/queue/done$ find . -name 'nbd*ges'|wc -l
898

... since no .changes file is ever thrown away:

wou...@merkel:/org/ftp.debian.org/queue/done$ du -sh .
7.1G

They may not be visible on the mirrors, but they are there.

-- 
The biometric identification system at the gates of the CIA headquarters
works because there's a guard with a large gun making sure no one is
trying to fool the system.
  http://www.schneier.com/blog/archives/2009/01/biometrics.html


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20100317224016.gc15...@celtic.nixsys.be

Re: Future of KinoSearch in Debian

[Dominic Hargreaves]

On Wed, Mar 17, 2010 at 05:57:51PM -0400, Jonathan Yu wrote:

> I am willing to look into doing packaging work for both
> libkinosearch1-perl and libkinosearch3-perl under the Debian Perl
> group, unless Dominic would prefer to do so instead (since he has more
> experience with KinoSearch).

I'm not currently using KinoSearch; I packaged it with the intention
of using it for some upstream development work on a related package
but this hasn't happened.

I would be glad for your help in updating Debian with these changes;
please feel free to package the new modules under the Perl group.

Cheers,
Dominic.

-- 
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20100317222616.gd4...@urchin.earth.li

Re: Bug#540215: Introduce dh_checksums

[Philipp Kern]

On 2010-03-17, Wouter Verhelst  wrote:
> On Wed, Mar 17, 2010 at 11:07:47AM -0700, Russ Allbery wrote:
>> *.changes file and hence its original signature, but given that we throw
>> out the *.changes file anyway,
> This is not true.
> They may not be visible on the mirrors, but they are there.

But, as far as I know, there is no connection from a file in the archive
to the corresponding .changes.  It's true that they are somehow archived,
but not tracked.

Kind regards,
Philipp Kern


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/slrnhq2mtb.3t7.tr...@kelgar.0x539.de

Re: Is Robert Millan MIA?

[Paul O'Malley]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Jan Hauke Rahm wrote:
>
> I am happy I can tell you that one of our fellow developers just talked
> to Robert on the phone. He's fine and just taking some time off of the
> usual internet stuff.
>
> All's good after all it seems.
>
> Hauke
Hi,

great, thank your developer from me.

Regards

Paul


-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIcBAEBAgAGBQJLoVGyAAoJEI82p0sMOtPy9zEP/iSNywOavn1ECdekUsFOOhLJ
c7uiC5Ys3osggDdD/LAsQtH/c2Ie6hf0vZlbr24cYDDZNeixOH/1RqE6x5+huKJq
qjTF5bpbAmsyjif660BE644Udm6fObAEmx3qgzwDE+dXV52lhb9Q1sLqN65bRW5D
Lv9k70XJdaEJKPHaltGTacKsqzb3FbtkIMI3DzFFrb7ek/kHPNJgHOCzg8bqxPE0
QgYnraJQ3P+eJ+P1AJY5TaRQ6WC8nBwFylpJ1YTeKpKZ7M0MTkJVeyipO2x36pBp
EGfa7II68fnvR4xP3OXqvcS/cJaurCL4e1Q9SgWP84XK9CGRH2kqx895s8CQaw9u
tdCszbDXUVd85Xc+zRCoU/LTr/B6eiyXfKzX8wDYZce6oWLgh64WizeW0ClcMlx3
4lys4lD2IDoVZDqojVRFXP81okM40+e7FHRVRjsQ0vz9wReFU/bJU/GJMP+qe4Um
5L6YV+vwvPy9L1lpSGcKi/H+15G9nFjZED8ixiVHa7kxTjigSlLcS94lZ3zXnB+S
+N6uu0ouk1pBJo4pDVD8aDLjCWH+qoeplDCN75z4n/cEzhu+vRmdb4JnNwH0c11r
71d3bOHJUaKJfBiPcg+qxSD393ELoKzR5J+6Y5QNuBomyA3LRgon3Xxp9bldxIMc
nvmXX72mDmEnhZtV9aFS
=tarh
-END PGP SIGNATURE-


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/4ba151b3.1050...@eircom.net

Re: Bug#540215: Introduce dh_checksums

[Russ Allbery]

Wouter Verhelst  writes:

> This is not true.

> wou...@merkel:/org/ftp.debian.org/queue/done$ ls *ges|wc -l
> 28969

> These are only the *active* changes files, though:

> wou...@merkel:/org/ftp.debian.org/queue/done$ find . -name 'nbd*ges'|wc -l
> 898

> ... since no .changes file is ever thrown away:

> wou...@merkel:/org/ftp.debian.org/queue/done$ du -sh .
> 7.1G

> They may not be visible on the mirrors, but they are there.

Ah, thank you.  I didn't realize that we kept them at all.

Note, though, that if the concern is a cryptographically strong audit
trail, we could still retain a link from the original *.changes file to
the final package with a second (possibly signed) document archived with
the *.changes file listing the original and final checksums of the
now-signed packages.

-- 
Russ Allbery (r...@debian.org)   


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/87ljdqtudt@windlord.stanford.edu

Re: Bug#540215: Introduce dh_checksums

[Wouter Verhelst]

On Wed, Mar 17, 2010 at 04:12:46PM -0700, Russ Allbery wrote:
> Wouter Verhelst  writes:
> 
> > This is not true.
> 
> > wou...@merkel:/org/ftp.debian.org/queue/done$ ls *ges|wc -l
> > 28969
> 
> > These are only the *active* changes files, though:
> 
> > wou...@merkel:/org/ftp.debian.org/queue/done$ find . -name 'nbd*ges'|wc -l
> > 898
> 
> > ... since no .changes file is ever thrown away:
> 
> > wou...@merkel:/org/ftp.debian.org/queue/done$ du -sh .
> > 7.1G
> 
> > They may not be visible on the mirrors, but they are there.
> 
> Ah, thank you.  I didn't realize that we kept them at all.
> 
> Note, though, that if the concern is a cryptographically strong audit
> trail, we could still retain a link from the original *.changes file to
> the final package with a second (possibly signed) document archived with
> the *.changes file listing the original and final checksums of the
> now-signed packages.

True.

-- 
The biometric identification system at the gates of the CIA headquarters
works because there's a guard with a large gun making sure no one is
trying to fool the system.
  http://www.schneier.com/blog/archives/2009/01/biometrics.html


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20100317231806.ge15...@celtic.nixsys.be

Changes in non-free autobuilder?

[Michael Hanke]

Hi,

I'm the maintainer of 'fsl'. I uploaded a new version of the package
about 10 days ago. Since that only an ia64 binary package has been
built.

  http://packages.debian.org/sid/fsl

Did I miss any change to the non-free auto-building procedure, or is
there some other condition that slows down/prevents this package from
being built?

Thanks in advance,

Michael

-- 
GPG key:  1024D/3144BE0F Michael Hanke
http://mih.voxindeserto.de


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20100318004226.ga25...@meiner

Re: Is Robert Millan MIA?

[Karl Goetz]

On Wed, 17 Mar 2010 22:09:43 +0100
Jan Hauke Rahm  wrote:

> Hi again,
> 
> On Mon, Mar 15, 2010 at 04:34:16AM +1030, Karl Goetz wrote:
> > I've not seen any life out of Robert since the middle of Febuary.
> > I'm aware of several attempts to reach Robert, via Email or IRC
> > [1]. All of these have been unsuccessful.  Does someone have
> > contact with Robert IRL? I'm primarily worried about him and his
> > well being as a person, rather then his contributors as a developer.
> 
> I am happy I can tell you that one of our fellow developers just
> talked to Robert on the phone. He's fine and just taking some time
> off of the usual internet stuff.

Fabtastic.

> All's good after all it seems.
> 
> Hauke

Thanks letting us know.
kk

-- 
Karl Goetz, (Kamping_Kaiser / VK5FOSS)
Debian contributor / gNewSense Maintainer
http://www.kgoetz.id.au
No, I won't join your social networking group


signature.asc
Description: PGP signature

Re: Bug#540215: Introduce dh_checksums

[Ben Hutchings]

On Wed, 2010-03-17 at 23:40 +0100, Wouter Verhelst wrote:
> On Wed, Mar 17, 2010 at 11:07:47AM -0700, Russ Allbery wrote:
> > *.changes file and hence its original signature, but given that we throw
> > out the *.changes file anyway,
> 
> This is not true.
> 
> wou...@merkel:/org/ftp.debian.org/queue/done$ ls *ges|wc -l
> 28969
> 
> These are only the *active* changes files, though:
> 
> wou...@merkel:/org/ftp.debian.org/queue/done$ find . -name 'nbd*ges'|wc -l
> 898
> 
> ... since no .changes file is ever thrown away:
> 
> wou...@merkel:/org/ftp.debian.org/queue/done$ du -sh .
> 7.1G
> 
> They may not be visible on the mirrors, but they are there.

Not that you'll be able to verify most of them, since the keyring only
contains keys that are accepted for new uploads.

Ben.

-- 
Ben Hutchings
One of the nice things about standards is that there are so many of them.


signature.asc
Description: This is a digitally signed message part

Bug#574423: ITP: ruby-hdfeos5 -- Ruby interface to the HDF-EOS5 library

[Youhei SASAKI]

Package: wnpp
Owner: Youhei SASAKI 
Severity: wishlist

* Package name: ruby-hdfeos5
  Version : 1.0
  Upstream Author : M.Horikawa, T.Horinouchi, and Dennou-Ruby Project
* URL or Web page : http://ruby.gfd-dennou.org/products/ruby-hdfeos5/
* License : Ruby's
  Description : Ruby interface to the HDF-EOS5 library

Ruby-HDFEOS5 is a Ruby interface to the HDF-EOS5 library provided by
HDF-EOS tools. It is portable C library based on the HDF5.




-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/20100318.145040.741238175222026539.uwab...@gfd-dennou.org