Re: Requesting DDs who want to help greet new contributors

2013-08-04 Thread Lucas Nussbaum 
On 30/07/13 at 12:00 -0400, Asheesh Laroia wrote:
> Hi all Debianites,
> 
> I've been inspired by the "Developer Advisory Team" in another
> project [1], and so I want to create a similar team within Debian.
> In this email, first I'll summarize what the concept of Developer
> Advisory Team is, and second I'll request help.
> 
> The stated goals are:
> 
> * Reach out to new contributors, thank them for their work and get
> feedback.
> 
> * Reach out to people who might be ready to apply for upload rights
> and help them.
> 
> * Reach out to contributors that went inactive and get feedback from
> them and offer help.

Hi,

I'm currently processing the answers to the survey I mentioned in [1].
Looking at what I've processed so far, one of the conclusions, I think,
will be that a very large proportion of people who managed to get their
first package uploaded had a friend or colleague to whom they could ask
questions when needed. This is not a bad thing per se, but it means that
it's much harder for people without such a "direct support channel" to
succeed.

This initiative could be the basis for a way for new contributors to
find such a "online Debian friend" that could then answer their
questions about BTS usage, packaging, etc.

Lucas

[1] https://lists.debian.org/debian-project/2013/07/msg00010.html


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20130804100815.ga9...@xanadu.blop.info

Re: Finding correct component for Virtual Box / Debian / screen resolution issue

2013-08-04 Thread Cyril Brulebois 
Paul Wise  (2013-08-03):
> We need to implement DEP-11 so that we can map hardware (and other
> things) to packages.
> 
> isenkram/PackageKit needs to be extended to use DEP-11 information.
> 
> isenkram (or similar DEP-11 solution) needs to be run from the Debian 
> installer.

Depends: python (>= 2.7), python (<< 2.8), python-gudev, python-gobject, 
python-notify, python-aptdaemon-gtk, libgnome2-perl, lsb-release

Doesn't look like something to be run in d-i.

> This will mean that installs using d-i will automatically install
> virtualbox-guest-x11/virtualbox-guest-dkms. It also means that when
> you move a physical machine into VirtualBox, PackageKit/isenkram
> should prompt you to install these packages.

discover already pulls virtualbox bits in. Mentioned not so long ago in:
  https://lists.debian.org/20130726091036.gb22...@mraw.org

Mraw,
KiBi.


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20130804130938.gc23...@mraw.org

Re: [Popcon-developers] Encrypted popcon submissions

2013-08-04 Thread Bill Allombert 
On Wed, Jul 10, 2013 at 04:14:02PM +0200, Bill Allombert wrote:
> On Tue, Jul 02, 2013 at 11:27:12PM +0200, Bill Allombert wrote:
> > On Fri, Jun 21, 2013 at 05:08:08PM +0200, Bill Allombert wrote:
> > > Dear Debian people,
> > > 
> > > I upload popularity-contest 1.58 which add support for encrypted 
> > > submissions.
> > > For this release it is not activated by default. 
> > > Please help test this feature by adding
> > > ENCRYPT="yes"
> > > to /etc/popularity-contest.conf to activate it.
> > > 
> > > Once this feature has seen proper testing, we will activate it by default.
> > 
> > Well, 1.58 is now is testing and I still received only an handful of 
> > encrypted
> > report. I know you can do better!
> 
> Indeed, I receive much more encrypted report now.
> 
> A bug I like to fix before enabling encryption by default is #714917:
> gpg is creating a directory /root/gnupg with various files which are
> essentially useless since popcon do not perform any signature checks.
> 
> I do not know how to fix this bug short of creating a dummy GPGHOME
> directory with useless files.
> Any help welcome!

Well I have fixed this problem in popcon 1.59 by using a temporary GPGHOME
that I remove afterward.

If no more problem are found, I will release 1.60 in September with 
ENCRYPT=maybe
by default (i.e. encryp if gpg is available).
Thanks for your tests!

Cheers,
-- 
Bill. 

Imagine a large red swirl here. 


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20130804135425.GA30882@yellowpig

Re: new hashes (SHA512, SHA3) in apt metadata and .changes files?

2013-08-04 Thread Wouter Verhelst 
On 03-08-13 13:45, Ondřej Surý wrote:
> I think it's useless to upgrade to SHA512 (or SHA-3),

It's never useless to upgrade to a stronger hash.

The cost might outweight the benefit, yes. But that's a different matter.

-- 
This end should point toward the ground if you want to go to space.

If it starts pointing toward space you are having a bad problem and you
will not go to space today.

  -- http://xkcd.com/1133/


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/51fe6907.7020...@debian.org

Re: Requesting DDs who want to help greet new contributors

2013-08-04 Thread Andreas Tille 
Hi,

On Sun, Aug 04, 2013 at 12:08:15PM +0200, Lucas Nussbaum wrote:
> I'm currently processing the answers to the survey I mentioned in [1].
> Looking at what I've processed so far, one of the conclusions, I think,
> will be that a very large proportion of people who managed to get their
> first package uploaded had a friend or colleague to whom they could ask
> questions when needed. This is not a bad thing per se, but it means that
> it's much harder for people without such a "direct support channel" to
> succeed.

IMHO newcomers just do not expect to find such a friend inside the
Debian community.  My canonical answer to increase the chances that
people will be able to easily find friends is to build teams with a
certain focus which should try to make themselves visible to users
(=potential developers).  We just found the name Blends for this and I
hope to be able to *prove* that Blends can be help getting new
developers in my talk at DebConf[1] when I present numbers that we have
won one DD per year (in average) who admitted that he is only in Debian
*because* this specific Blend exist.  If this is possible for a leaf
project as I defintely regard medicine and biology how much better could
be our chances in other fields if people would *actively* reach out
for users and thus developers as Debian Med did?

> This initiative could be the basis for a way for new contributors to
> find such a "online Debian friend" that could then answer their
> questions about BTS usage, packaging, etc.

In Debian Med this is called Mentoring of the Month[2] and besides
I will metnion it in[1] as well I will have a dedicated talk about
MoM as well[3].

Kind regards

   Andreas.

[1] http://penta.debconf.org/dc13_schedule/events/986.en.html
[2] http://wiki.debian.org/DebianMed/MoM
[3] http://penta.debconf.org/dc13_schedule/events/987.en.html

-- 
http://fam-tille.de


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20130804184944.gb19...@an3as.eu

Re: new hashes (SHA512, SHA3) in apt metadata and .changes files?

2013-08-04 Thread Ben Hutchings 
On Sun, 2013-08-04 at 16:45 +0200, Wouter Verhelst wrote:
> On 03-08-13 13:45, Ondřej Surý wrote:
> > I think it's useless to upgrade to SHA512 (or SHA-3),
> 
> It's never useless to upgrade to a stronger hash.
> 
> The cost might outweight the benefit, yes. But that's a different matter.

What makes you think these are stronger?

Ben.

-- 
Ben Hutchings
This sentence contradicts itself - no actually it doesn't.


signature.asc
Description: This is a digitally signed message part

We need a global decision about R data in binary format, and stick to it.

2013-08-04 Thread Charles Plessy 
Le Mon, Aug 05, 2013 at 12:37:17AM +, Paul Richards Tagliamonte a écrit :
> Hi maintainer,
> 
> sysdata.rda appears to be in your source, which is a dataset compressed
> into pickled R objects.
> 
> Can you assure me of one of two things:
> 
>   1. that this data is *not* used anywhere in the binary packages
>  (and is not shipped) and *can* be rebuilt from *just* the contents
>  of the package and that it is *not* shipped.
> 
>   2. that you rebuild this at build-time, and that is included.
> 
> I see two sysdata files that are getting installed.
> 
> If these are coming from this binary file, please respond asking
> for a REJECT and re-upload this package fixing the situation

Dear Paul and everybody,

it is the common practice in upstream R packages to store data in binary
objects.  Those objects can be modified with R, and exported into various
formats.  The Debian archive if full of them.

The question asked by Paul is a recurrent question that comes each time the FTP
trainees rotate (basically once per release cycle, because during the Freeze
the FTP trainees find other exciting tasks to do, and then do not seem to have
much time to process NEW anymore).

The proble is that if there is a too strong mismatch between what the R modules
currently in the Debian archive, and the criteria for introducing new packages.
As a consequence, the work on packages that are actively developped stops, and
Debian slowly retains only the packages that nobody uses anymore, and that
therefore do not pick extra dependancies that have to go through the NEW queue.
This is active bitrotting at its worst.

I would like to have a global decision about R packages in Debian, not only
about the new ones, and then document this decision and stick to it.  But I
warn that it may have the consequence of moving most of them to non-free,
despite the data in binaryformat is freely modifiable or exportable to text
format with R, which is a Free software that we distribute.

Have a nice day,

-- 
Charles Plessy
Debian Med packaging team,
http://www.debian.org/devel/debian-med
Tsurumi, Kanagawa, Japan


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20130805005735.ge22...@falafel.plessy.net

Re: We need a global decision about R data in binary format, and stick to it.

2013-08-04 Thread Paul Tagliamonte 
On Mon, Aug 05, 2013 at 09:57:35AM +0900, Charles Plessy wrote:
> Dear Paul and everybody,
> 
> it is the common practice in upstream R packages to store data in binary
> objects.  Those objects can be modified with R, and exported into various
> formats.  The Debian archive if full of them.

This is not unlike a Python pickle.

However, even more to the point, with *this* package, that was a
*generated data table*. These *generated* values are clearly not prefered
form of modification. I asked the uploader to point to where they came
from. I don't think this is unfair.

Surely you can see this.

> The question asked by Paul is a recurrent question that comes each time the 
> FTP
> trainees rotate (basically once per release cycle, because during the Freeze
> the FTP trainees find other exciting tasks to do, and then do not seem to have
> much time to process NEW anymore).

This must mean many people who care deeply about this topic see this as an
issue.

Cheers,
  Paul

-- 
 .''`.  Paul Tagliamonte 
: :'  : Proud Debian Developer
`. `'`  4096R / 8F04 9AD8 2C92 066C 7352  D28A 7B58 5B30 807C 2A87
 `- http://people.debian.org/~paultag


signature.asc
Description: Digital signature

Non-identical files with identical md5sums on Debian systems?

2013-08-04 Thread Fabian Greffrath 
Hi all,

I do occasionally check for identical files on different systems by
comparing their md5sums. So, just out of interest, could someone tell me
(how to find out) how many non-identical files with identical md5sums
there are there on a typical (say, amd64) Debian system?

Thanks!

- Fabian



-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/1375677889.26834.8.camel@kff50

Re: Non-identical files with identical md5sums on Debian systems?

2013-08-04 Thread Russ Allbery 
Fabian Greffrath  writes:

> I do occasionally check for identical files on different systems by
> comparing their md5sums. So, just out of interest, could someone tell me
> (how to find out) how many non-identical files with identical md5sums
> there are there on a typical (say, amd64) Debian system?

Unless you have a collection of MD5 collision attacks, or have installed a
package that includes a sample MD5 collision, the changes are quite good
that the answer is "zero."  MD5 is no longer considered cryptographically
strong, but that doesn't mean it's not a fairly random 128-bit hash.  You
need a *lot* of files before even the birthday paradox will give you much
likelihood of an MD5 collision that wasn't intentionally constructed.

-- 
Russ Allbery (r...@debian.org)   


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/87li4gogqi@windlord.stanford.edu

Re: Non-identical files with identical md5sums on Debian systems?

2013-08-04 Thread Vincent Cheng 
On Sun, Aug 4, 2013 at 9:44 PM, Fabian Greffrath  wrote:
> Hi all,
>
> I do occasionally check for identical files on different systems by
> comparing their md5sums. So, just out of interest, could someone tell me
> (how to find out) how many non-identical files with identical md5sums
> there are there on a typical (say, amd64) Debian system?

The closest thing to what you want may be dedup.debian.net, but I
don't think it lets you filter out non-identical files.

Regards,
Vincent


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/caczd_tcqeftp3si47fzhgtfejf0zwz-ys6_kaaee2jvwnse...@mail.gmail.com

Re: Non-identical files with identical md5sums on Debian systems?

2013-08-04 Thread Michael Welle 
Hello,

Russ Allbery  writes:

> Fabian Greffrath  writes:
>
>> I do occasionally check for identical files on different systems by
>> comparing their md5sums. So, just out of interest, could someone tell me
>> (how to find out) how many non-identical files with identical md5sums
>> there are there on a typical (say, amd64) Debian system?
>
> Unless you have a collection of MD5 collision attacks, or have installed a
> package that includes a sample MD5 collision, the changes are quite good
> that the answer is "zero."  MD5 is no longer considered cryptographically
> strong, but that doesn't mean it's not a fairly random 128-bit hash.  You
> need a *lot* of files before even the birthday paradox will give you much
> likelihood of an MD5 collision that wasn't intentionally constructed.
exactly. And why don't you run a experiment, Fabian? I guess you have a
typical Debian system at your hands and calculating the MD5 hashes of
all distribution files burns only a few IOPs and CPU cycles ;).

Regards
hmw

PS: Let us see the results ;)


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/8761vkljwm@luisa.c0t0d0s0.de