Re: Bug#646894: ITP: maitreya -- Vedic and western astrology

[astroindia]

I am also looking for a good astrology software. I would definitely like to
download this software. Thanks for this wonderful share. 
-
Know about your  Horoscope on Phone
  



--
View this message in context: 
http://debian.2.n7.nabble.com/Bug-646894-ITP-maitreya-Vedic-and-western-astrology-tp1035657p3022190.html
Sent from the Debian Devel mailing list archive at Nabble.com.


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/1375946241444-3022190.p...@n7.nabble.com

Processed: Re: Bug#719050: general: reportbug is not able to file bugs against some packages.

[Debian Bug Tracking System]

Processing control commands:

> reassign -1 reportbug
Bug #719050 [general] general: reportbug is not able to file bugs against some 
packages.
Bug reassigned from package 'general' to 'reportbug'.
Ignoring request to alter found versions of bug #719050 to the same values 
previously set
Ignoring request to alter fixed versions of bug #719050 to the same values 
previously set

-- 
719050: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=719050
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/handler.s.b719050.137595377714617.transcr...@bugs.debian.org

Bug#719050: general: reportbug is not able to file bugs against some packages.

[gregor herrmann]

Control: reassign -1 reportbug

On Thu, 08 Aug 2013 06:06:41 +, atar wrote:

> Package: general
> Severity: normal
> 
> reportbug is not able to file bugs against some packages.

So we have a possible problem with reportbug; reassigning the bug
report to this package accordingly.

(Fullquoting the rest to give reportbug maintainers some context)
 
> for example, if you try to file a bug against the 'wget' package, or against 
> the 'reportbug' 
> package, reportbug emit the following error messages:
> 
> Querying Debian BTS for reports on wget (source)...
> Traceback (most recent call last):
>   File "/usr/bin/reportbug", line 2206, in 
> main()
>   File "/usr/bin/reportbug", line 1080, in main
> return iface.user_interface()
>   File "/usr/bin/reportbug", line 1702, in user_interface
> latest_first=self.options.latest_first)
>   File "/usr/lib/pymodules/python2.7/reportbug/ui/text_ui.py", line 517, in 
> handle_bts_query
> source=source, http_proxy=http_proxy, archived=archived)
>   File "/usr/lib/pymodules/python2.7/reportbug/debbugs.py", line 1263, in 
> get_reports
> stats = debianbts.get_status(bugs)
>   File "/usr/lib/pymodules/python2.7/debianbts.py", line 170, in get_status
> bugs.append(_parse_status(elem))
>   File "/usr/lib/pymodules/python2.7/debianbts.py", line 243, in _parse_status
> bug.msgid = _uc(tmp['msgid'])
>   File "/usr/lib/pymodules/python2.7/SOAPpy/Types.py", line 1283, in 
> __getitem__
> return getattr(self, item)
> AttributeError: structType instance has no attribute 'msgid'
> 
> 
> 
> -- System Information:
> Debian Release: 7.1
>   APT prefers stable-updates
>   APT policy: (500, 'stable-updates'), (500, 'stable')
> Architecture: i386 (i686)
> 
> Kernel: Linux 3.2.0-4-686-pae (SMP w/2 CPU cores)
> Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
> Shell: /bin/sh linked to /bin/dash

Cheers,
gregor

-- 
 .''`.  Homepage: http://info.comodo.priv.at/ - OpenPGP key 0xBB3A68018649AA06
 : :' : Debian GNU/Linux user, admin, and developer  -  http://www.debian.org/
 `. `'  Member of VIBE!AT & SPI, fellow of the Free Software Foundation Europe
   `-   


signature.asc
Description: Digital signature

Bug#719145: ITP: libdata-pond-perl -- Perl-based open notation for data module

[gregor herrmann]

Package: wnpp
Owner: gregor herrmann 
Severity: wishlist
X-Debbugs-CC: debian-devel@lists.debian.org,debian-p...@lists.debian.org

* Package name: libdata-pond-perl
  Version : 0.004
  Upstream Author : Andrew Main (Zefram) 
* URL : https://metacpan.org/release/Data-Pond/
* License : Artistic or GPL-1+
  Programming Lang: Perl
  Description : Perl-based open notation for data module

Data::Pond is concerned with representing data structures in a textual
notation known as "Pond" (Perl-based open notation for data). The notation is
a strict subset of Perl expression syntax, but is intended to have
language-independent use. It is similar in spirit to JSON, which is based on
JavaScript, but Pond represents fewer data types directly.

The data that can be represented in Pond consist of strings (of characters),
arrays, and string-keyed hashes. Arrays and hashes can recursively (but not
cyclically) contain any of these kinds of data. This does not cover the full
range of data types that Perl or other languages can handle, but is intended
to be a limited, fixed repertoire of data types that many languages can
readily process. It is intended that more complex data can be represented
using these basic types. The arrays and hashes provide structuring facilities
(ordered and unordered collections, respectively), and strings are a
convenient way to represent atomic data.


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20130808191049.ga5...@jadzia.comodo.priv.at

Bug#719146: ITP: libtime-olsontz-data-perl -- Olson timezone data wrapper

[gregor herrmann]

Package: wnpp
Owner: gregor herrmann 
Severity: wishlist
X-Debbugs-CC: debian-devel@lists.debian.org,debian-p...@lists.debian.org

* Package name: libtime-olsontz-data-perl
  Version : 0.201304
  Upstream Author : Andrew Main (Zefram) 
* URL : https://metacpan.org/release/Time-OlsonTZ-Data/
* License : Artistic or GPL-1+
  Programming Lang: Perl
  Description : Olson timezone data wrapper

Time::OlsonTZ::Data encapsulates the Olson timezone database, providing
binary tzfiles and ancillary data. Each version of this module encapsulates a
particular version of the timezone database. It is intended to be regularly
updated, as the timezone database changes.

In Debian the package is patched to use the tzfiles from /usr/share/zoneinfo,
provided by the tzdata package, instead of shipping a copy of them.


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20130808192059.ga23...@jadzia.comodo.priv.at

Bug#719149: ITP: libdatetime-timezone-olson-perl -- module for accessing timezones from the Olson database

[gregor herrmann]

Package: wnpp
Owner: gregor herrmann 
Severity: wishlist
X-Debbugs-CC: debian-devel@lists.debian.org,debian-p...@lists.debian.org

* Package name: libdatetime-timezone-olson-perl
  Version : 0.004
  Upstream Author : Andrew Main (Zefram) 
* URL : https://metacpan.org/release/DateTime-TimeZone-Olson/
* License : Artistic or GPL-1+
  Programming Lang: Perl
  Description : module for accessing timezones from the Olson database

DateTime::TimeZone::Olson encapsulates the Olson timezone database, providing
DateTime-compatible timezone objects and ancillary data. On each program run
this module provides access to a particular version of the timezone database,
determined by which version of Time::OlsonTZ::Data is installed.


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20130808192702.ga31...@jadzia.comodo.priv.at

Bug#719152: ITP: libipc-filter-perl -- module to filter data through an external process

[gregor herrmann]

Package: wnpp
Owner: gregor herrmann 
Severity: wishlist
X-Debbugs-CC: debian-devel@lists.debian.org,debian-p...@lists.debian.org

* Package name: libipc-filter-perl
  Version : 0.004
  Upstream Author : Andrew Main (Zefram) 
* URL : https://metacpan.org/release/IPC-Filter/
* License : Artistic or GPL-1+
  Programming Lang: Perl
  Description : module to filter data through an external process

The filter function provided by IPC::Filter passes data through an
external command, thus providing filtering in non-pipeline situations.


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20130808193611.ga18...@jadzia.comodo.priv.at

Re: new hashes (SHA512, SHA3) in apt metadata and .changes files?

[Wouter Verhelst]

On 05-08-13 02:16, Ben Hutchings wrote:
> On Sun, 2013-08-04 at 16:45 +0200, Wouter Verhelst wrote:
>> On 03-08-13 13:45, Ondřej Surý wrote:
>>> I think it's useless to upgrade to SHA512 (or SHA-3),
>>
>> It's never useless to upgrade to a stronger hash.
>>
>> The cost might outweight the benefit, yes. But that's a different matter.
> 
> What makes you think these are stronger?

Simple mathematics.

To me, a "strong hash" is a hash for which collisions are unlikely.

A SHA512 hash is longer than a SHA1 hash. Therefore it has more bits.
Therefore it has more possible values, which decreases the likelihood
that two collections of bits will produce the same hash value by accident.

In addition, there are some concerns today about the strength of SHA1.
It's not yet broken, but it's not right to think of it as "fully safe"
anymore, either. Hashes don't get stronger over time; they get weaker.

Of course, the very fact that SHA512 produces a longer hash does mean
that there is a cost involved; and as said, that cost might outweigh the
benefits. But that doesn't make it "useless".

-- 
This end should point toward the ground if you want to go to space.

If it starts pointing toward space you are having a bad problem and you
will not go to space today.

  -- http://xkcd.com/1133/



signature.asc
Description: OpenPGP digital signature

Re: new hashes (SHA512, SHA3) in apt metadata and .changes files?

[Ben Hutchings]

On Thu, 2013-08-08 at 22:21 +0200, Wouter Verhelst wrote:
> On 05-08-13 02:16, Ben Hutchings wrote:
> > On Sun, 2013-08-04 at 16:45 +0200, Wouter Verhelst wrote:
> >> On 03-08-13 13:45, Ondřej Surý wrote:
> >>> I think it's useless to upgrade to SHA512 (or SHA-3),
> >>
> >> It's never useless to upgrade to a stronger hash.
> >>
> >> The cost might outweight the benefit, yes. But that's a different matter.
> > 
> > What makes you think these are stronger?
> 
> Simple mathematics.
> 
> To me, a "strong hash" is a hash for which collisions are unlikely.
[...]

There is a big difference between *likelihood* of a random collision,
and *difficulty* of deliberately constructing a collision.  The latter
case is not simple mathematics.  Still, if I understand correctly,
current attacks on SHA-256 and SHA-512 only improve by a few orders of
magnitude over a brute force search, which does make SHA-512 much
stronger.

If I understand correctly, SHA-3 is a very different algorithm, but not
necessarily stronger.  It's probably worth designing into cryptographic
hardware for the next few decades, but there's no need to start using
it.

I think SHA-2 (with any of the specified hash lengths) is good enough
for now - it's just not going to be the weak link in authenticating
Debian packages.

Ben.

-- 
Ben Hutchings
The two most common things in the universe are hydrogen and stupidity.


signature.asc
Description: This is a digitally signed message part

Re: new hashes (SHA512, SHA3) in apt metadata and .changes files?

[Russ Allbery]

Wouter Verhelst  writes:

> Simple mathematics.

> To me, a "strong hash" is a hash for which collisions are unlikely.

> A SHA512 hash is longer than a SHA1 hash. Therefore it has more bits.
> Therefore it has more possible values, which decreases the likelihood
> that two collections of bits will produce the same hash value by
> accident.

SHA-1 is already sufficiently unlikely that, barring a break in the
underlying mathematics, it's not clear that you're gaining anything.
Increasing the number of multiples of the age of the universe that it
takes to brute force something doesn't make any actual, practical
difference.

In both cases, the primary concern is around breaks in the underlying
mathematics, rather than in comparative brute force.  I find it very hard
to get excited about simple counts of the number of bits in the hash when
the important factor for whether it's a secure hash is basically
independent of length.  The length is adequate for even theoretical
computation models that use every atom in the solar system.

> In addition, there are some concerns today about the strength of SHA1.
> It's not yet broken, but it's not right to think of it as "fully safe"
> anymore, either. Hashes don't get stronger over time; they get weaker.

This is the part that's more interesting.

However, SHA-256 and SHA-512 are the same algorithm, and therefore are
probably subject to the same attacks.  So adding SHA-512 when we already
have SHA-256 seems rather pointless.  Adding SHA-3, which is a different
algorithm and therefore might resist mathematical attacks that break
SHA-2, is much more interesting.

-- 
Russ Allbery (r...@debian.org)   


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/87r4e3zyps@windlord.stanford.edu

Re: best policies for third party Debian packaging and get-orig-source target

[Faheem Mitha]

Hi Andreas,

Thank you for the friendly message.

I've now put the project in question on Bitbucket at the following
URL: https://bitbucket.org/faheem/corrmodel. This is still unfinished
work, but the package should at least build.

Any comments, and particularly those on packaging, are appreciated. I
still need to figure out a suitable make-orig-source for creating an
orig.tar.gz.

On Wed, 31 Jul 2013, Andreas Tille wrote:


Hi Faheem,

On Wed, Jul 31, 2013 at 06:41:59PM +, Faheem Mitha wrote:



Additionally, I wrote on June 7th asking if the project wanted any
help with the ggplot2 package, which was out of date, and asking to
be added to the Project Member List. (I'm faheem-guest on alioth.)
I did not get a reply to this message.



That's a bit sad and definitely not the usual way we are dealing
with requests.  The savest way is to use the alioth interface to ask
for membership but at least now you are member of Debian Med


Thanks.


I'm a little puzzled why ggplot2 is being packaged by Debian
Med. It is a general purpose R graphing package.


If nobody else is packaging preconditions we are simply doing it
in our own Vcs.  And this is just a precondition:


I see.


$ apt-cache rdepends r-cran-ggplot2
r-cran-ggplot2
Reverse Depends:
 r-bioc-cummerbund

And you are right - it is not uploaded yet which is most probably
due to the fact that Charles is quite occupied since some time.
What I currently can see from the status in Git the preparation for
the latest upstream is done but the Build-Depends r-cran-scales is
just missing.  It is waiting in

  http://ftp-master.debian.org/new.html

since one month when Charles has uploaded this package.  So we can hope
that it will be accepted soonish so r-cran-ggplot2 will follow.


r-cran-scales is now in Debian, but r-cran-ggplot2 has not yet been 
updated. I see that r-cran-scales is not installable, because it depends 
on r-cran-munsell, which is not in Debian, at least not currently on my 
mirror for amd64.



I'm in the process of reworking my repos so I can make it public. When
I have done so I'll post the repos location to Debian Med, and then
you (the Debian Med developers) can decide if you have any interest in
the software.


We can also work on preconditions for your package - you mentioned that
there are some R packages missing.


Sure thing. Here is a list of R packages I am using. If a package is
in Debian, the Debian package is in a second column. As you can see,
five of these are not in Debian. I certainly think it would be a good
idea to get these into Debian. If so, how should one proceed?

yaml
ggplot2  r-cran-ggplot2 (currently out of date in Debian)
gridExtra
gtable   r-cran-gtable
reshape2 r-cran-reshape2
RPostgreSQL
tikzDevice
Hmiscr-cran-hmisc
RJSONIO


In the meantime, I'd still appreciate feedback on the general issues I
originally posted about in this thread.


I think you mean the way you should create the private package?  I'd
recommend applying the very same rules as for any other Debian package.
You are welcome to do the development in Debian Med Git / SVN at your
preference (as I said you now have commit permissions).  The rules
are explained in our group policy[1].


I use mercurial. Would you allow mercurial repositories in your
system? If not, it would be difficult to sync between two version
control systems, I think. At least, I have no experience in doing so.


The software uses SQL (PostgreSQL), Python, R and C++, so it is a bit
of a hotchpotch, and while a small package, it has a large number of
dependencies. Unfortunately the R packages I use are not all in
Debian, last I checked.


So why not changing at least the availablity of the preconditions?


I'm not sure what you mean.


You wrote: "Unfortunately the R packages I use are not all in Debian" -
so lets try to get those packages you need in.  As you see we are taking
also quite general packages if they are preconditions.  The rationale is
simply that there is no such thing like an R packaging team (which is a
shame but we need to cope with this).


Ok.


BTW, please do us a favour and if you somehow feel ignored (for
instance by failing to accept your alioth membership request) please
ping again.  That's usually not the way we deal with newcomers and
it should not happen again - but pinging somehow helps specifically
it seems that it were in a quite busy time with release
preparations, Debian Med sprint etc.  So sorry if something did not
went as smooth as you would have expected.


It's no problem, but thank you for your concern.

Regards, Faheem


--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/alpine.deb.2.02.1308081640490.27...@orwell.homelinux.org

Re: Fwd: /etc/hosts and resolving of the local host/domainname - 127.0.0.1 vs. 127.0.1.1

[Tom H]

On Mon, 5 Aug 2013 13:08:28 -0400, Thomas Hood wrote:

(I had an exchange of emails with Thomas off-list and he suggested that 
I reply on-list.)


> With the nsswitch configuration
>
> hosts: files ... dns ... myhostname
>
> myhostname resolves the system hostname if nothing else does so
> first. So it can be overridden either by DNS or by /etc/hosts. If
> the system hostname changes, no file has to be edited. Nice.
>
> Also nice is the fact that myhostname resolves the system hostname
> to an external address if there is one, increasing the chances that
> the result is similar to what would be obtained from DNS.

The output below is from Debian Sid with libnss-myhostname installed
and Fedora 19.

On Debian, getent outputs the system's IP address for 127.0.1.1,
whereas on Fedora, getent outputs 127.0.0.2 for 127.0.0.2.


Debian Sid

[root@debdeb:/etc]# cat hostname
debdeb

[root@debdeb:/etc]# cat hosts
127.0.0.1 localhost

[root@debdeb:/etc]# getent hosts 127.0.1.1
192.168.1.250   debdeb


Fedora 19

[root@fedfed:/etc]# cat hostname
fedfed.defdef

[root@fedfed:/etc]# cat hosts
127.0.0.1 localhost

[root@fedfed:/etc]# getent hosts 127.0.0.2
127.0.0.2   fedfed.defdef



--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/5204124c.7030...@gmail.com

Re: best policies for third party Debian packaging and get-orig-source target

[Charles Plessy]

Le Fri, Aug 09, 2013 at 03:00:25AM +0530, Faheem Mitha a écrit :
> 
> r-cran-scales is now in Debian, but r-cran-ggplot2 has not yet been
> updated. I see that r-cran-scales is not installable, because it
> depends on r-cran-munsell, which is not in Debian, at least not
> currently on my mirror for amd64.

Hi Faheem,

r-cran-munsell was submitted to the Debian archive and is currently under
review.

http://ftp-master.debian.org/new/r-cran-munsell_0.4-1.html

However, it contains a binary file, 'sysdata.rda', that is data table in a
compressed format.  The question is whether it is generated and refreshed by
the upstream author using a source file that is not distributed in the source
package.  Such a work would not be Free according to our principles.


http://lists.alioth.debian.org/pipermail/debian-med-packaging/2013-August/021177.html

In the newer upstream version 0.4.2, there is a script to generate sysdata.rda
from another file, real.dat, in text format.  There is no information on where
this table comes from, how was it created, and what is the preferred way to
modify it.

If you had time to contact the upstream authors and get this point clarified,
that would be a tremendous help.  In the meantime, it may be difficult to
update r-cran-ggplot2.  I have asked for a temporary exemption, but I did not
receive an answer yet.

http://lists.debian.org/20130807233230.ga12...@falafel.plessy.net

Have a nice day,


PS: I had a quick look at corrmodel (but did not have time to test it), and did
not find obvious problems.  For the package containing the R scripts, it may not
be necessary to name it according to the convention for packaged R modules,
since it is not a R module.  By the way, is it a software to study clonotypes ?
I have a (much simpler) work on line at http://clonotyper.branchable.com/

Cheers,

-- 
Charles Plessy
Debian Med packaging team,
http://www.debian.org/devel/debian-med
Tsurumi, Kanagawa, Japan


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20130808232835.ga4...@falafel.plessy.net

Bug#719169: ITP: minetruco -- Bluffing trick-taking card game played in Brazil

[Rodrigo Sarmento]

Package: wnpp
Severity: wishlist
Owner: Rodrigo Sarmento 

* Package name: minetruco
  Version : 1.0.1
  Upstream Author : Rodrigo Luis Costa Sarmento  
* URL : http://sourceforge.net/projects/minetruco/files/
* License : GPL-3
  Programming Lang: C++
  Description : Bluffing trick-taking card game played in Brazil


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20130808233900.2235.26385.reportbug@rod-STI

Work-needing packages report for Aug 9, 2013

[wnpp]

The following is a listing of packages for which help has been requested
through the WNPP (Work-Needing and Prospective Packages) system in the
last week.

Total number of orphaned packages: 483 (new: 0)
Total number of packages offered up for adoption: 153 (new: 3)
Total number of packages requested help for: 60 (new: 0)

Please refer to http://www.debian.org/devel/wnpp/ for more information.



No new packages have been orphaned, but a total of 483 packages are
orphaned.  See http://www.debian.org/devel/wnpp/orphaned
for a complete list.



The following packages have been given up for adoption:

   dwoo (#719096), offered today
 Description: PHP5 template engine
 Installations reported by Popcon: 30

   iprelay (#719099), offered today
 Description: User-space bandwidth shaping TCP proxy daemon
 Installations reported by Popcon: 79

   passwdqc (#719106), offered today
 Description: password strength checking and policy enforcement
   toolset
 Reverse Depends: libpam-passwdqc libpasswdqc-dev passwdqc
 Installations reported by Popcon: 440

150 older packages have been omitted from this listing, see
http://www.debian.org/devel/wnpp/rfa_bypackage for a complete list.



For the following packages help is requested:

   apt-xapian-index (#567955), requested 1284 days ago
 Description: maintenance tools for a Xapian index of Debian packages
 Reverse Depends: ept-cache fuss-launcher goplay packagesearch
 Installations reported by Popcon: 72128

   asymptote (#517342), requested 1623 days ago
 Description: script-based vector graphics language inspired by
   MetaPost
 Installations reported by Popcon: 3990

   athcool (#278442), requested 3208 days ago
 Description: Enable powersaving mode for Athlon/Duron processors
 Installations reported by Popcon: 58

   balsa (#642906), requested 683 days ago
 Description: An e-mail client for GNOME
 Reverse Depends: balsa-dbg
 Installations reported by Popcon: 927

   bastille (#592137), requested 1097 days ago
 Description: Security hardening tool
 Installations reported by Popcon: 141

   cardstories (#624100), requested 836 days ago
 Description: Find out a card using a sentence made up by another
   player
 Installations reported by Popcon: 8

   chromium-browser (#583826), requested 1166 days ago
 Description: Chromium browser
 Reverse Depends: chromium chromium-browser chromium-browser-dbg
   chromium-browser-inspector chromium-browser-l10n chromium-dbg
   chromium-l10n mozplugger
 Installations reported by Popcon: 18096

   cups (#532097), requested 1524 days ago
 Description: Common UNIX Printing System
 Reverse Depends: bluez-cups chromium cups cups-backend-bjnp
   cups-browsed cups-bsd cups-client cups-daemon cups-dbg cups-filters
   (60 more omitted)
 Installations reported by Popcon: 118898

   debtags (#567954), requested 1284 days ago
 Description: Enables support for package tags
 Reverse Depends: goplay packagesearch
 Installations reported by Popcon: 2414

   fbcat (#565156), requested 1303 days ago
 Description: framebuffer grabber
 Installations reported by Popcon: 141

   flightgear (#487388), requested 1874 days ago
 Description: Flight Gear Flight Simulator
 Installations reported by Popcon: 535

   freeipmi (#628062), requested 805 days ago
 Description: GNU implementation of the IPMI protocol
 Reverse Depends: freeipmi freeipmi-bmc-watchdog freeipmi-ipmidetect
   freeipmi-tools libfreeipmi-dev libfreeipmi12 libipmiconsole-dev
   libipmiconsole2 libipmidetect-dev libipmidetect0 (3 more omitted)
 Installations reported by Popcon: 3369

   gnat-4.4 (#539633), requested 1941 days ago
 Description: backport bug fixes from trunk (GCC 4.5)
 Reverse Depends: ghdl gnat-4.4 libgnat-4.4 libgnat-4.4-dbg
   libgnatprj-dev libgnatprj4.4 libgnatprj4.4-dbg libgnatprj4.4-dev
   libgnatvsn-dev libgnatvsn4.4 (2 more omitted)
 Installations reported by Popcon: 1249

   gnat-gps (#496905), requested 1806 days ago
 Description: co-maintainer needed
 Reverse Depends: gnat-gps gnat-gps-dbg
 Installations reported by Popcon: 483

   gnokii (#677750), requested 418 days ago
 Description: Datasuite for mobile phone management
 Reverse Depends: gnokii gnokii-cli gnokii-smsd gnokii-smsd-mysql
   gnokii-smsd-pgsql gnome-phone-manager libgnokii-dev libgnokii6
   xgnokii
 Installations reported by Popcon: 1942

   gnupg (#660685), requested 535 days ago
 Description: GNU privacy guard - a free PGP replacement
 Reverse Depends: apt bootstrap-base cdebootstrap cdebootstrap-static
   cdebootstrap-udeb clamav-unofficial-sigs c

Re: new hashes (SHA512, SHA3) in apt metadata and .changes files?

[Ondřej Surý]

On Thu, Aug 8, 2013 at 10:21 PM, Wouter Verhelst  wrote:

> On 05-08-13 02:16, Ben Hutchings wrote:
> > On Sun, 2013-08-04 at 16:45 +0200, Wouter Verhelst wrote:
> >> On 03-08-13 13:45, Ondřej Surý wrote:
> >>> I think it's useless to upgrade to SHA512 (or SHA-3),
> >>
> >> It's never useless to upgrade to a stronger hash.
> >>
> >> The cost might outweight the benefit, yes. But that's a different
> matter.
> >
> > What makes you think these are stronger?
>
> Simple mathematics.
>
> To me, a "strong hash" is a hash for which collisions are unlikely.
>
> A SHA512 hash is longer than a SHA1 hash. Therefore it has more bits.
> Therefore it has more possible values, which decreases the likelihood
> that two collections of bits will produce the same hash value by accident.
>

This is a very dangerous fallacy. More bits != stronger. It's the algorithm
properties that makes the hash stronger, not the number of the bits in the
resulting hash.

O.
-- 
Ondřej Surý 
Have you tried Knot DNS – https://www.knot-dns.cz/
– a high-performance authoritative-only DNS server