Re: default MTA
On Thu, May 30, 2013 at 12:15:03PM +0200, Bjørn Mork wrote: > The issue that worries me most about these desktop notification plans is > the possibility that some package may decide to unnecessarily drop > support for non-desktop systems, adding dependencies on the desktop > notification system. I believe we already have had a few examples of > such unnecessary dependencies on services which are "nice to have", like > GNOME depending on NetworkManager for example. I'm having a hard time understanding this particular gripe. If you're running a non-desktop system (by this I take it to mean that you're not using a GUI), why would you worry about GNOME's dependencies anyhow? If you're using a desktop system it doesn't feel like a stretch to use functionality that fits in with the desktop system. And vice versa, obviously. Regards: David -- /) David Weinehall /) Rime on my window (\ // ~ // Diamond-white roses of fire // \) http://www.acc.umu.se/~tao/(/ Beautiful hoar-frost (/ -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130615110439.gc26...@hirohito.acc.umu.se
Bug#712377: ITP: mapcache -- tile caching server
Package: wnpp Severity: wishlist Owner: Bas Couwenberg * Package name: mapcache Version : 1.0.0 Upstream Author : Thomas Bonfort and the MapServer team * URL : http://mapserver.org/en/mapcache/ * License : MIT/X with BSD-3-clause and GPL-2+ components. Programming Lang: C, Python Description : tile caching server MapCache is a server that implements tile caching to speed up access to WMS layers. The primary objectives are to be fast and easily deployable, while offering the essential features (and more!) expected from a tile caching solution. -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130615122124.28516.19348.report...@osiris.linuxminded.xs4all.nl
Fwd: Debian RT
Hello, What is the right way to contact the Security Team? I have tried the tracker, and a variety of e-mail addresses but nothing yet (maybe I'm doing something wrong?). An update to Debian 7 was released today without a security fix for my package jquery-jplayer, even though the fix has been available for one solid month :-/ -- Forwarded message -- From: Pau Garcia i Quiles Date: Fri, May 31, 2013 at 10:09 AM Subject: Fwd: Debian RT To: secur...@rt.debian.org Cc: secur...@debian.org, t...@security.debian.org, Vincent Bernat < ber...@debian.org> Hello, I have had no response for my security report in two weeks. Any news on allowing jquery-jplayer 2.1.0-3 in the security repository? Also, this is wrong: https://security-tracker.debian.org/tracker/CVE-2013-2023 ALL versions are vulnerable. The fix for stable is 2.1.0-3 (waiting for an answer from the Security Team) and the "fix" for testing/unstable is 2.3.4-1, which Vincent just sponsored. Thank you. -- Forwarded message -- From: Pau Garcia i Quiles Date: Thu, May 16, 2013 at 6:22 PM Subject: Debian RT To: secur...@rt.debian.org Cc: Vincent Bernat Hello, A new XSS vulnerability was discovered in my package jquery-jplayer. Useful information (as listed in the DD Reference) : - Whether or not the bug is already public The bug is public and classified as CVE-2013-2023 - Which versions of the package are known to be affected by the bug. Check each version that is present in a supported Debian release, as well as testing and unstable Upstream versions 2.2.19 and newer are affected, including 2.3.0 Wheezy contains 2.1.0-2, which is upstream's 2.1.0 plus three backported security fixes Testing contains 2.1.0-2 too Sid contains 2.3.0-1, which is upstream's 2.3.0, unchanged. I am packaging upstream's 2.3.2 as 2.3.2-1 and it will be ready later today. - The nature of the fix, if any is available (patches are especially helpful) Backport of upstream's fixes - Any fixed packages that you have prepared yourself (send only the .diff.gz and .dsc files and read Section 5.8.5.4, “Preparing packages to address security issues” first) jquery-jplayer 2.1.0-3 contains the fixes. It is available from mentors: http://mentors.debian.net/debian/pool/main/j/jquery-jplayer/jquery-jplayer_2.1.0-3.dsc Debdiff to 2.1.0-2 attached - Any assistance you can provide to help with testing (exploits, regression testing, etc.) - Any information needed for the advisory (see Section 5.8.5.3, “Security Advisories”) Please check CVE-2013-2023 -- Pau Garcia i Quiles http://www.elpauer.org (Due to my workload, I may need 10 days to answer) -- Pau Garcia i Quiles http://www.elpauer.org (Due to my workload, I may need 10 days to answer) -- Pau Garcia i Quiles http://www.elpauer.org (Due to my workload, I may need 10 days to answer) jquery-jplayer_2.1.0-2_to_2.1.0-3.debdiff Description: Binary data
how to deal with "not yet built" / "missing binaries" on autobuilders, requesting transition needed?
Hi, 3 weeks ago I've uploaded package ticcutils 0.4-3 to unstable. It got accepted for unstable. However, I believe I've made a mistake and didn't request the release team for some measures to be taken. The buildd's are stuck: "trying to update ticcutils from 0.3-1 to 0.4-3 (candidate is 20 days old) ticcutils is not yet built on i386: 0.3-1 vs 0.4-3 (missing 2 binaries: libticcutils1, libticcutils1-dev) ticcutils is not yet built on amd64: 0.3-1 vs 0.4-3 (missing 2 binaries: libticcutils1, libticcutils1-dev) [...]" (see http://release.debian.org/migration/testing.pl?package=ticcutils) ticcutils 0.3-1 builds binary packages libticcutils1 and libticcutils1-dev ticcutils 0.4-3 builds binary packages libticcutils2 and libticcutils2-dev (Reverse dependencies of those are all maintained/sponsored by me.) I believe I should now: 1) Prepare a better ticcutils 0.4-4 package, which builds libticcutils2 and unversioned libticcutils-dev (which Conflicts: libticcutils1-dev, libticcutils2-dev and Replaces: libticcutils1-dev, libticcutils2-dev). 2) Submit a bug to release.debian.org, requesting "transition tracking" (as per http://release.debian.org/transitions/), apologising for previous mistake and requesting an ACK for uploading ticcutils 0.4-4. 3) Once ACK'd, upload and keep an eye on autobuilders Correct? Please honor mail-followup-to and Cc me on replies. Thanks, Bye, Joost PS / Note to self: ucto 0.5.3-3, timblserver 1.7-3, mbt 3.2.10-3 (this morning) and other stuff in http://ftp-master.debian.org/new.html -- Worrying is like paying interest on a debt you may never have owed. --Charlie Papazian about Home Brewing, 1991, quoted by http://mdcc.cx/ Sandor "Wild Fermentation" Elix Katz Joost van Baal-Ilić ※ http://ad1810.com/※Eindhoven, .nl -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130615163501.gg...@beskar.mdcc.cx
Bug#712406: ITP: libpgobject-simple-role-perl -- Moo/Moose mappers for minimalist PGObject framework
Package: wnpp Severity: wishlist X-Debbugs-CC: debian-devel@lists.debian.org,debian-p...@lists.debian.org * Package name: libpgobject-simple-role-perl Version : 0.11 Upstream Author : Chris Travers * URL or Web page : http://search.cpan.org/dist/PGObject-Simple-Role/ * License : BSD (2 clause) Description : PGObject::Simple::Role - Moo/Moose mappers for minimalist PGObject framework. PGObject::Simple::Role is a role implementation of the PGObject::Simple functionality aimed at cases where the quick and dirty approach is not ideal. PGObject::Simple::Role is a Moo role which allows you to use this functionality in Moo and Moose environments. The role itself makes no assumptions about database state, but provides hooks for classes to use to retrieve or create database handles for their use. This module is suited to quick and easy integration of PostgreSQL stored procedures with Moo and Moose object models. It is quite powerful and it makes developing in such environments relatively easy. Robert James Clay j...@rocasa.us rjc...@gmail.com -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130615110742.13b79...@rocasa.us
Bug#712407: ITP: libpgobject-perl -- A toolkit integrating intelligent PostgreSQL dbs into Perl objects
Package: wnpp Severity: wishlist X-Debbugs-CC: debian-devel@lists.debian.org,debian-p...@lists.debian.org * Package name: libpgobject-perl Version : 1.2 Upstream Author : Chris Travers * URL or Web page : http://search.cpan.org/dist/PGObject/ * License : BSD (2 clause) Description : PGObject - A toolkit integrating intelligent PostgreSQL dbs into Perl objects PGObject contains the base routines for object management using discoverable stored procedures in PostgreSQL databases. PGObject contains only common functionality and support structures, and low-level API's. Most developers will want to use more functional modules which add to these functions. The overall approach here is to provide the basics for a toolkit that other modules can extend. This is thus intended to be a component for building integration between PostgreSQL user defined functions and Perl objects. Because decisions such as state handling are largely outside of the scope of this module, this module itself does not do any significant state handling. Database handles (using DBD::Pg 2.0 or later) must be passed in on every call. This decision was made in order to allow for diversity in this area, with the idea that wrapper classes would be written to implement this. Robert James Clay j...@rocasa.us rjc...@gmail.com -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130615103453.2cc8d...@rocasa.us
Bug#712408: ITP: libpgobject-simple-perl -- Minimalist stored procedure mapper based on LedgerSMB's DBObject.
Package: wnpp Severity: wishlist X-Debbugs-CC: debian-devel@lists.debian.org,debian-p...@lists.debian.org * Package name: libpgobject-simple-perl Version : 1.3 Upstream Author : Chris Travers * URL or Web page : http://search.cpan.org/dist/PGObject-Simple/ * License : BSD (2 clause) Description : PGObject::Simple - Minimalist stored procedure mapper based on LedgerSMB's DBObject. PGObject::Simple a top-half object system for PGObject which is simple and inspired by (and a subset functionally speaking of) the simple stored procedure object method system of LedgerSMB 1.3. The framework discovers stored procedure APIs and dispatches to them and can therefore be a base for application-specific object models and much more. PGObject::Simple is designed to be light-weight and yet robust glue between your object model and the RDBMS's stored procedures. It works by looking up the stored procedure arguments, stripping them of the conventional prefix 'in_', and mapping what is left to object property names. Properties can be overridden by passing in a hashrefs in the args named argument. Named arguments there will be used in place of object properties. This system is quite flexible, perhaps too much so, and it relies on the database encapsulating its own logic behind self-documenting stored procedures using consistent conventions. No function which is expected to be discovered can be overloaded, and all arguments must be named for their object properties. For this reason the use of this module fundamentally changes the contract of the stored procedure from that of a fixed number of arguments in fixed types contract to one where the name must be unique and the stored procedures must be coded to the application's interface. This inverts the way we typically think about stored procedures and makes them much more application friendly. -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130615105720.50450...@rocasa.us
[rt.debian.org #4305] communicating with Debian Security Team
Hi, The ticket number in Debian's RT for your request is 4305. I'm adding the appropriate subject line and carbon copying secur...@rt.debian.org to add this conversation to the history of the ticket. To answer your question, yes, your ticket has been received by the Debian Security Team. Feel free to reply to this email (I've set the reply-to of this email to secur...@rt.debian.org) to send more information to the Security Team. Luca On Sat, Jun 15, 2013 at 05:02:18PM +0200, Pau Garcia i Quiles wrote: > What is the right way to contact the Security Team? I have tried the > tracker, and a variety of e-mail addresses but nothing yet (maybe I'm doing > something wrong?). An update to Debian 7 was released today without a > security fix for my package jquery-jplayer, even though the fix has been > available for one solid month :-/ -- Luca Filipozzi http://www.crowdrise.com/SupportDebian -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130615171102.ga27...@emyr.net
Re: boot ordering and resolvconf
On Wed, 12 Jun 2013, Wouter Verhelst wrote: > On 10-06-13 18:36, Ian Jackson wrote: > > B. resolv.conf is not static and may change due to network > >environment changes. > > Implications: > > 1. All existing DNS applications must be modified to notice > >changes to resolv.conf. > > 2. Corollary: all existing DNS resolver libraries must be > >so modified. > > 3. This will be impractical unless a common mechanism with > >a convenient interface (and low impact on the rest of a > >program) is provided. Hopefully resolvconf fits this bill. > > > > I don't know exactly how impractical B2 is. The libc's resolver is > > probably a hard case because of the libc's low level in the protocol > > stack. Can we make it aware of resolvconf ? > > You can replace it (through nsswitch.conf) by lwresd, which can easily > be restarted when resolv.conf is updated. I've been using lwresd for a long time (2+ years), and it isn't very reliable. I don't think it is widely used at all, we'd need to talk to upstream about it and probably hit lwresd hard to flush out the worst bugs. -- "One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie." -- The Silicon Valley Tarot Henrique Holschuh -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130615220446.ga10...@khazad-dum.debian.net
cc65 in non-free
Hey there! I am interested in packaging cc65 for Debian but I am having my doubts if that's actually possible license-wise. The cc65 license states [1]: " 1: You don't charge anything for the copy. It is permissable to charge a nominal fee for media, etc." While as we all know this declares such software as non-free, see point i. in [2]. Yet, I am wondering, would it still be legal to upload such a software package to the non-free section? Cheers, Adrian > [1] http://www.cc65.org/index.php#Copyright > [2] http://people.debian.org/~bap/dfsg-faq.html -- .''`. John Paul Adrian Glaubitz : :' : Debian Developer - glaub...@debian.org `. `' Freie Universitaet Berlin - glaub...@physik.fu-berlin.de `-GPG: 62FF 8A75 84E0 2956 9546 0006 7426 3B37 F5B5 F913 -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/51bcf0b7.8000...@physik.fu-berlin.de
Re: cc65 in non-free
On Sun, 2013-06-16 at 00:54 +0200, John Paul Adrian Glaubitz wrote: > Hey there! > > I am interested in packaging cc65 for Debian but I am having my > doubts if that's actually possible license-wise. The cc65 license > states [1]: > > " 1: You don't charge anything for the copy. It is permissable to >charge a nominal fee for media, etc." > > While as we all know this declares such software as non-free, see > point i. in [2]. > > Yet, I am wondering, would it still be legal to upload such a > software package to the non-free section? This is fine for the non-free section. Ben. -- Ben Hutchings Klipstein's 4th Law of Prototyping and Production: A fail-safe circuit will destroy others. signature.asc Description: This is a digitally signed message part
Re: how to deal with "not yet built" / "missing binaries" on autobuilders, requesting transition needed?
On Sun, Jun 16, 2013 at 12:35 AM, Joost van Baal-Ilić wrote: > 1) Prepare a better ticcutils 0.4-4 package, which builds libticcutils2 > and unversioned libticcutils-dev (which Conflicts: libticcutils1-dev, > libticcutils2-dev and Replaces: libticcutils1-dev, libticcutils2-dev). > > 2) Submit a bug to release.debian.org, requesting "transition tracking" > (as per http://release.debian.org/transitions/), apologising for previous > mistake and requesting an ACK for uploading ticcutils 0.4-4. > > 3) Once ACK'd, upload and keep an eye on autobuilders > > Correct? Indeed. Please ensure that you test the upgrade path using piuparts though. -- bye, pabs http://wiki.debian.org/PaulWise -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/caktje6ekq1ibbrrwxqncx_czsse7m9lh82e881flopaq_x9...@mail.gmail.com
Bug#712442: ITP: fonts-noto -- Noto is a "No Tofu" font family for over 30 scripts
Package: wnpp
Severity: wishlist
Owner: Vasudev Kamath
* Package name: fonts-noto
Version : 2013-04-11
Upstream Author : Noto font developers
* URL : https://code.google.com/p/noto
* License : Apache 2.0
Programming Lang: font
Description : Noto is a "No Tofu" font family for over 30 scripts
When there is no font to display a piece of text we see square boxes
which are called as tofu. This font family want to remove tofu from the
web and hence the name Noto.
.
Noto helps to make the web more beautiful across platforms for all
languages. Currently, Noto covers over 30 scripts, and will cover all of
Unicode in the future.
.
Noto fonts are intended to be visually harmonious across multiple
languages, with compatible heights and stroke thicknesses.
--
Vasudev Kamath
http://copyninja.info
Connect on ~friendica: copyninja@{frndk.de | vasudev.homelinux.net}
IRC nick: copyninja | vasudev {irc.oftc.net | irc.freenode.net}
GPG Key: C517 C25D E408 759D 98A4 C96B 6C8F 74AE 8770 0B7E
signature.asc
Description: Digital signature
