Bug#718554: ITP: python-flask-login -- User session management for Flask

[Tonnerre Lombard]

Package: wnpp
Severity: wishlist
Owner: Tonnerre Lombard 

* Package name: python-flask-login
  Version : 0.2.6
  Upstream Author : Matthew Frazier 
* URL : https://github.com/maxcountryman/flask-login
* License : Expat
  Programming Lang: Python
  Description : User session management for Flask

Flask-Login provides user session management for Flask. It handles the
common tasks of logging in, logging out, and remembering your users'
sessions over extended periods of time.

Flask-Login is not bound to any particular database system or
permissions model. The only requirement is that your user objects
implement a few methods, and that you provide a callback to the
extension capable of loading users from their ID.


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20130802074556.18879.10871.reportbug@localhost

Bug#718555: ITP: python-flask-principal -- Identity management for flask

[Tonnerre Lombard]

Package: wnpp
Severity: wishlist
Owner: Tonnerre Lombard 

* Package name: python-flask-principal
  Version : 0.4.0
  Upstream Author : Matt Wright 
* URL : https://github.com/mattupstate/flask-principal
* License : Expat
  Programming Lang: Python
  Description : Identity management for flask

Flask-Principal provides a very loose framework to tie in providers of two
types of service, often located in different parts of a web application:

- Authentication providers
- User information providers

For example, an authentication provider may be oauth, using Flask-OAuth and
the user information may be stored in a relational database. Looseness of
the framework is provided by using signals as the interface.


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20130802075015.19122.57131.reportbug@localhost

Re: Status of deb(5) format support in Debian

[Philipp Kern]

On 2013-07-31 18:24, Guillem Jover wrote:

Due to bug 718295, and in preparation to add non-gzip compression
support for control.tar, I've tried to get an accurate view of the
current deb(5) format support in software present in Debian. The
resulting table looks pretty bad:

   


I guess udpkg is missing from the list. ;-)

Kind regards
Philipp Kern


--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/eed630803c691daab3293644ae33b...@hub.kern.lc

Bug#718560: ITP: nbdkit -- toolkit for creating NBD servers

[Hilko Bengen]

Package: wnpp
Owner: Hilko Bengen 
Severity: wishlist

* Package name: nbdkit
  Version : 1.1.2-1
  Upstream Author : Richard W.M. Jones 
* URL or Web page : https://github.com/libguestfs/nbdkit
* License : BSD 3 clause
  Description : toolkit for creating NBD servers


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/87ob9gxwui@msgid.hilluzination.de

ITP: skype4py, can somebody sponsor it for me?

[Gianfranco Costamagna]

Hi developers, I write here since I don't know if there are any problems into 
the ITP bug


I would like to reintroduce skype4py into unstable, since it is maintained 
again and is working well.


http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=717337

http://packages.qa.debian.org/s/skype4py.html


Many thanks

Gianfranco

new hashes (SHA512, SHA3) in apt metadata and .changes files?

[Paul Wise]

I noted[1] that some derivatives have introduced SHA512 into their
Release files (and probably Packages/etc). I was wondering if it is
time to drop or deprecate MD5 from the apt metadata and replace it
with SHA512 and or SHA-3. Thoughts?

If so, here is the list of software that probably needs updating:

dak
apt/apt-ftparchive
reprepro
launchpad
dpkg-dev
devscripts
derivatives census

Side note; is there an SHA-3 shared library yet?

Side note; is SHA512 accepted/checked by apt in Release files yet? If
so it would be great if the spec at [2] could be updated for that.

1. http://dex.alioth.debian.org/census/*/check-package-list
2. https://wiki.debian.org/RepositoryFormat

-- 
bye,
pabs

http://wiki.debian.org/PaulWise


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/caktje6gfbvbjmcech_j3gwpbokobju261v2crgzz5dag+9e...@mail.gmail.com

Re: new hashes (SHA512, SHA3) in apt metadata and .changes files?

[Guillem Jover]

Hi!

On Fri, 2013-08-02 at 14:52:33 +0200, Paul Wise wrote:
> I noted[1] that some derivatives have introduced SHA512 into their
> Release files (and probably Packages/etc).

This will increase those files (Packages, Sources, etc) by quite a bit,
at least 128 bytes per entry. Is that something we want, and is it
really worth it?

> I was wondering if it is time to drop or deprecate MD5 from the apt
> metadata and replace it with SHA512 and or SHA-3. Thoughts?

Adding stronger hashes support seems in general like a good idea, but
I've never quite understood the urge to remove weaker ones in case
these get accumulated instead of replaced, as more hashes should also
in general imply a harder time coming up with data that will produce
all the same hashes.

In any case, removing md5 support seems like a bad idea to me right
now, as older software might not have been adapted to check the other
hashes, or would imply breaking the current .dsc and ,changes formats,
as the Files field uses md5.

It might be good to create a similar wiki page (to DebSupport) with
the repository format support, so that we can get a better idea of the
current status of the software around.

> If so, here is the list of software that probably needs updating:

> dpkg-dev

I've got a local patch to add sha512 support to dpkg-dev, which I
could commit for 1.17.x, if there's no opposition to this proposal.

Thanks,
Guillem


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20130802132914.ga7...@gaara.hadrons.org

Re: new hashes (SHA512, SHA3) in apt metadata and .changes files?

[Paul Wise]

On Fri, Aug 2, 2013 at 3:29 PM, Guillem Jover wrote:

> Adding stronger hashes support seems in general like a good idea, but
> I've never quite understood the urge to remove weaker ones in case
> these get accumulated instead of replaced, as more hashes should also
> in general imply a harder time coming up with data that will produce
> all the same hashes.

The only argument to remove them would be that they take up space in
the apt metadata.

> In any case, removing md5 support seems like a bad idea to me right
> now, as older software might not have been adapted to check the other
> hashes, or would imply breaking the current .dsc and ,changes formats,
> as the Files field uses md5.

We've had SHA1 since before snapshot.d.o data started (2005), I would
guess any relevant software would have been updated in the last 8
years.

http://snapshot.debian.org/archive/debian/20050312T00Z/dists/sid/Release

> It might be good to create a similar wiki page (to DebSupport) with
> the repository format support, so that we can get a better idea of the
> current status of the software around.

Agreed, created one here, minimal content though:

https://wiki.debian.org/RepositorySupport

-- 
bye,
pabs

http://wiki.debian.org/PaulWise


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/caktje6fr1ikdx3ctueiduee1v1jogzsbha-00vdqzzw_zs1...@mail.gmail.com

Re: new hashes (SHA512, SHA3) in apt metadata and .changes files?

[David Kalnischkies]

On Fri, Aug 2, 2013 at 2:52 PM, Paul Wise  wrote:
> If so, here is the list of software that probably needs updating:
>
> dak
> apt/apt-ftparchive
> reprepro
> launchpad
> dpkg-dev
> devscripts
> derivatives census

(c)debootstrap

Also, apt-get is forcing MD5 in --print-uris by default because not doing
it used to break all kinds of scripts. I think jigdo was one of them,
no idea if that is really the case and/or if this changed by now.
(not saying they shouldn't be fixed, just that the list is probably longer)


> Side note; is SHA512 accepted/checked by apt in Release files yet? If
> so it would be great if the spec at [2] could be updated for that.

Yes, APT is supporting SHA512 in in/output, but more as a by-product
of the SHA2 group as a whole than a specific feature. This, and a bit that
APT is just one implementation of this "spec" is the reason that it isn't
mentioned in the wiki.


Best regards

David Kalnischkies


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/caaz6_fbswkxvu5ugcw8qjnerfxfqp8azcfxj5otecf1zsnf...@mail.gmail.com

Bug#718580: ITP: mayan -- Django-based Electronic Document Management System (EDMS)

[Matteo F. Vescovi]

Package: wnpp
Severity: wishlist
Owner: "Matteo F. Vescovi" 

* Package name: mayan
  Version : 0.13.1
  Upstream Author : Roberto Rosario 
* URL : http://www.mayan-edms.com/
* License : GPL-3+
  Programming Lang: Python
  Description : Django-based Electronic Document Management System (EDMS)

Open-source, Django-based document management system with custom
metadata indexing, file serving integration, tagging, digital signature
verification, text parsing and OCR capabilities.

-- 
Matteo F. Vescovi
Debian Maintainer
GnuPG KeyID: 0x83B2CF7A


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20130802144256.GA1889@localhost

Re: new hashes (SHA512, SHA3) in apt metadata and .changes files?

[Ondřej Surý]

On Fri, Aug 2, 2013 at 2:52 PM, Paul Wise  wrote:

> I noted[1] that some derivatives have introduced SHA512 into their
> Release files (and probably Packages/etc). I was wondering if it is
> time to drop or deprecate MD5 from the apt metadata and replace it
> with SHA512 and or SHA-3. Thoughts?
>

SHA512 doesn't bring any advantage over SHA256.

SHA-3 hasn't been standardized yet by NIST as Secure Hash Standard
and doesn't bring any advantages over SHA-2 (yet).

So, yeah let's drop MD5, but don't introduce neither SHA512 nor SHA-3
unless there's a cryptographical need (there isn't at the moment).

O.
-- 
Ondřej Surý 

Bug#718589: ITP: python-tornadio2 -- Socket.io 0.7+ server implementation on top of Tornado

[Tonnerre Lombard]

Package: wnpp
Severity: wishlist
Owner: Tonnerre Lombard 

* Package name: python-tornadio2
  Version : 0.0.4
  Upstream Author : Serge S. Koval 
* URL : https://github.com/MrJoes/tornadio2
* License : Apache-2.0
  Programming Lang: Python
  Description : Socket.io 0.7+ server implementation on top of Tornado

This is python server implementation of the Socket.IO realtime transport
library on top of the Tornado framework.

TornadIO2 is compatible with 0.7+ version of the Socket.IO and
implements most of the features found in original Socket.IO server
software.


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20130802164201.22705.22803.reportbug@localhost

Bug#718591: ITP: octoprint -- Responsive web interface for 3D printers

[Tonnerre Lombard]

Package: wnpp
Severity: wishlist
Owner: Tonnerre Lombard 

* Package name: octoprint
  Version : 0.0.20130801
  Upstream Author : Gina Häußge 
* URL : http://www.octoprint.org/
* License : AGPL-3
  Programming Lang: Python
  Description : Responsive web interface for 3D printers

OctoPrint provides a responsive web interface for controlling a 3D
printer such as a RepRap, Ultimaker or some other model.


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20130802164921.23366.3778.reportbug@localhost

Missing Maintainer?

[Ross Gammon]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi All,

Sorry to bother you all with a non-technical post. I have been trying
to help out a little with bugs on the Gramps package in Debian, and I
have noticed that James A Treacy (the Maintainer) has not been active
over the last year or so, and has not responded to a couple of recent
emails.

Before I go to the MIA Team, I am writing to see if anyone knows his
whereabouts - in case he is just very busy.

Ross
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iQIcBAEBAgAGBQJR++WzAAoJEFP+e72miRD8GtAP/0RDsZekqxTNfjg1VP/vgFwe
vVtQs67ZpjDhIXfF3qu/KIqIS1bOTT36TEr6vabq2WoUbKWKThHKg+TFSQXjUV8S
Lgr+NkYjVzmjjiHs7FUV7sLE1AI6JYa7An6WOXxK8bFSNYAa8wBI1ecx+pPFxFix
sP2qPs0bAl7sMa2X2lTOi8bfh6hpgi5RlQgu2jXjyXdcaQFndeQEYDKrDFPBtSM/
vrzM1jjG3mMXm3nHeJvya1FFN942+g5oeyJ+WBi9rDprxgatrMcLoC1qFLhBC2Pv
Qg7/qyOHX/S1QDriyHrRX91bAH22aKikYmpjc9MM1szHbNbXjkiE0QdyukX80SYh
vukpch15zQsdqIyHv2astLrcq7b7+3Wcn0Umz8akLUs5RqFHtLrR67U8PdsY1I/k
BDboxyp7ckGeDnobxepyVtLRtE0t5XHA6Qu+b6XjHxKXkeBPG942nGfP81YufW3a
kdXWnJsHMI2weBZOuyuzlKrqhPJFZfSNW1wBYVr6+ptzZ7ifOemLKXgP6Rz1HBui
mdF79mIM6sgA3+VmIW/fzo44ksU7J5y7ZRPS4xxz/7jklXkFvUZVZZG0rGtTC71E
02qICoxphxToGgx4yEf0EOkd+1fcu0UUAVIYeinedQREkzLNe28+0xcpnh8jZ7Iu
D3OwbZW2/QepkjJDbPO8
=pUxy
-END PGP SIGNATURE-


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/51fbe5b4.4020...@mail.dk

Re: new hashes (SHA512, SHA3) in apt metadata and .changes files?

[David Kalnischkies]

On Fri, Aug 2, 2013 at 6:33 PM, Ondřej Surý  wrote:
> On Fri, Aug 2, 2013 at 2:52 PM, Paul Wise  wrote:
> So, yeah let's drop MD5, but don't introduce neither SHA512 nor SHA-3
> unless there's a cryptographical need (there isn't at the moment).

Actually, it might be less controversial to drop SHA1[0] as the MD5 has
fieldnames (as Guillem already mentioned) which are probably assumed
to be present. I have not check(-ETIME) that for APT now, but somehow
I would be surprised if it wouldn't dislike (some) missing MD5 sections
even if it isn't using the sections for providing MD5, but because they have
a wonderfully stable name like "Files".

Its not like we are anywhere near to a "cryptographical need" to drop MD5
(as you have to do (at least) two pre-image attacks in a row with the same
 file (aka compressed and uncompressed) – and as a bonus, the filesize has
 to match as well – not to mention that the file has to make sense…) and
at the time we do SHA1 is probably not an interesting candidate.


Best regards

David Kalnischkies

[0] expect in pdiffs as that is the only supported in there so far


--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/CAAZ6_fBiOFv-S�tVvZ=Y+UJbNBCcd64f�vp7ybnkvos...@mail.gmail.com

Re: Switch to OpenJDK 7

[Gerry Butler]

Good morning Sylvestre

Might I be impacted by the switch to OpenJDK7?

(1) I am still using squeeze as, for various reasons, I am not yet ready to
move to wheezy.

(2) I am using OpenJDK6 with the latest updates.

(3) I am using Netbeans 6.0.1 from the release prior to squeeze, as squeeze
did not contain Netbeans. (My old Netbeans remained in place when I
switched to squeeze.)

(4) A couple of weeks ago, with the latest update of OpenJDK6, a Netbeans
feature stopped working; it's annoying but not critical, and I can live
with it.

My configuration is not ideal, but it mostly does what I need. I intend to
move to wheezy soon, but at the moment I do not want any disruption and, if
there is any risk of problems, I would prefer to keep everything the same
until I move to wheezy.

What do you recommend?

Regards

Gerry

Re: Switch to OpenJDK 7

[Sebastian Reichel]

On Sat, Aug 03, 2013 at 09:47:59AM +1000, Gerry Butler wrote:
> Good morning Sylvestre
> 
> Might I be impacted by the switch to OpenJDK7?
> 
> (1) I am still using squeeze as, for various reasons, I am not yet ready to
> move to wheezy.
> 
> (2) I am using OpenJDK6 with the latest updates.
> 
> (3) I am using Netbeans 6.0.1 from the release prior to squeeze, as squeeze
> did not contain Netbeans. (My old Netbeans remained in place when I
> switched to squeeze.)
> 
> (4) A couple of weeks ago, with the latest update of OpenJDK6, a Netbeans
> feature stopped working; it's annoying but not critical, and I can live
> with it.
> 
> My configuration is not ideal, but it mostly does what I need. I intend to
> move to wheezy soon, but at the moment I do not want any disruption and, if
> there is any risk of problems, I would prefer to keep everything the same
> until I move to wheezy.
> 
> What do you recommend?

You will be only be "impacted" once you switch to jessie (wheezy+1). Wheezy has
already been released using OpenJDK6 as default JDK.

-- Sebastian


signature.asc
Description: Digital signature