Bug#735045: RFP: X11 -- [SHORT DESCRIPTION]

[Bo Forslund]

Package: wnpp
Severity: wishlist
X-Debbugs-CC: debian-devel@lists.debian.org

--- Please fill out the fields below. ---

Package name: X11
Version: 1.7.2
Upstream Author: [NAME ]
URL: [http://example.com]
License: [GPL, LGPL, BSD, MIT/X, etc.]
Description: [DESCRIPTION]

This is a fresh update from Wheezy to Jessie. Wheezy was installed one 
or two months ago, out of the box. Not much tweaked.


Everything inside X is slow. Youtube films, sound ok, film jumpy. Typing 
response is slow. Letters shows up after 0,5 sec. Moving windows is slow.


Top in a tty under F1 says gnome-shell eats 78.8% cpu.


--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/52d252a2.2080...@abc.se

Re: removal of the vacation package

[Stefano Zacchiroli]

On Sun, Jan 12, 2014 at 03:22:59AM +0100, Marco d'Itri wrote:
> It does not support MIME and a lot of other things that are required to 
> be a good citizen in today's Internet, so unless somebody has some 
> really compelling arguments to keep it around and wants to adopt it 
> I will request removal from the archive.

It still seems to have a fair number of loyal users though. I see your
points, but I wonder if we do have a decent replacement for it to
suggest to our users. A replacement that is better than trying to mimic
vacation by hand in procmail, and doing it wrong; arguably doing so will
contribute to be even worse email citizens. If we do have such a
replacement (I just don't know) please mention it in the removal bug
report.

Thanks for having maintained vacation over all these years!
Cheers.
-- 
Stefano Zacchiroli  . . . . . . .  z...@upsilon.cc . . . . o . . . o . o
Maître de conférences . . . . . http://upsilon.cc/zack . . . o . . . o o
Former Debian Project Leader  . . @zack on identi.ca . . o o o . . . o .
« the first rule of tautology club is the first rule of tautology club »


signature.asc
Description: Digital signature

Re: removal of the vacation package

[Ian Jackson]

Marco d'Itri writes ("removal of the vacation package"):
> I stopped maintaining it years ago and nobody ever bothered to ask me 
> about it...
> It does not support MIME and a lot of other things that are required to 
> be a good citizen in today's Internet, so unless somebody has some 
> really compelling arguments to keep it around and wants to adopt it 
> I will request removal from the archive.

I might want to adopt it.  What's wrong with it not supporting
MIME ?  AFAIAA it doesn't need to do much parsing of the incoming
messages.

The set of bugs looks tractable to me.  Do you have a half-prepared
upload somewhere or is the versionn in the archive the most recent ?

Thanks,
Ian.


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/21202.28038.11801.409...@chiark.greenend.org.uk

Re: removal of the vacation package

[Bastian Blank]

On Sun, Jan 12, 2014 at 11:00:45AM +0100, Stefano Zacchiroli wrote:
> but I wonder if we do have a decent replacement for it to
> suggest to our users.

Dovecot LDA supports Sieve and die vacation extension.  Not sure if we
have other stand-alone replacements.

Bastian

-- 
Emotions are alien to me.  I'm a scientist.
-- Spock, "This Side of Paradise", stardate 3417.3


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20140112101838.ga11...@mail.waldi.eu.org

Bug#735059: ITP: libapache2-mod-authn-otp -- Apache web server module for two-factor authentication using one-time passwords (HOTP/OATH).

[Daniel Goss]

Package: wnpp
Severity: wishlist
Owner: Daniel Goss 

* Package name: libapache2-mod-authn-otp
  Version : 1.1.6+r145
  Upstream Author : Archie L. Cobbs 
* URL : http://mod-authn-otp.googlecode.com/
* License : Apache-2.0
  Programming Lang: C
  Description : Apache web server module for two-factor authentication 
using one-time passwords (HOTP/OATH).

mod_authn_otp is an Apache web server module for two-factor authentication 
using one-time passwords (OTP) generated via the HOTP/OATH algorithm defined in 
RFC 4226. This creates a simple way to protect a web site with one-time 
passwords, using any RFC 4226-compliant hardware or software token device. 
mod_authn_otp also supports the Mobile-OTP algorithm.

mod_authn_otp supports both event and time based one-time passwords. It also 
supports "lingering" which allows the repeated re-use of a previously used 
one-time password up to a configurable maximum linger time. This allows 
one-time passwords to be used directly in HTTP authentication without forcing 
the user to enter a new one-time password for every page load.
mod_authn_otp supports both basic and digest authentication, and will 
auto-synchronize with the user's token within a configurable maximum offset 
(auto-synchronization is not supported with digest authentication).
mod_authn_otp is especially useful for setting up protected web sites that 
require more security than simple username/password authentication yet also 
don't require users to install special VPN software, and is compatible with 
software tokens that run on cell phones.

Also included is otptool, a one-time password command line utility.

For configuration information and other details please see: 
http://mod-authn-otp.googlecode.com/


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/20140112135732.7931.89875.report...@myserver.intern.flashsystems.de

Bug#735073: ITP: evas-loaders -- Additional file format loaders for libevas

[Albin Tonnerre]

Package: wnpp
Severity: wishlist
Owner: Albin Tonnerre 

* Package name: evas-loaders
  Version : 1.8.1
  Upstream Author : Enlightenment Developers 

* URL : http://www.enlightenment.org/
* License : GPL
  Programming Lang: C
  Description : Additional file format loaders for libevas

This package contains programs that allow libevas to load various images
and documents formats for which it has no built-in support:
 - SVG
 - XCF
 - PS
 - PDF
 - Most video formats supported by gstreamer

This package is already in the archive as a supplementary source tarball
to `evas` and maintained by the pkg-e team, but due to changes in the
upstream release tarballs it's now easier to maintain as a separate
source package.


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20140112143644.8018.95426.reportbug@x220

Re: Bug#682045: libtool: please mark libtool multi-arch: allowed

[Helmut Grohne]

On Thu, Jan 09, 2014 at 07:20:40PM +, Colin Watson wrote:
> If you weren't one of the people in the "thinking extremely hard about
> multiarch" BOF at DebConf, note that Multi-Arch: foreign denotes a point
> in the dependency graph where you're allowed to switch architectures,
> Multi-Arch: allowed denotes such a point if and only if the incoming
> dependency is annotated with :any, and otherwise you may not switch
> architectures; this holds even when you're going through an
> Architecture: all package, so you're allowed to do this:

While thinking of Arch:all packages as being somewhat "transparent" and
something to go through is convenient, this way of thinking risks to
bring in the wrong associations. From a dpkg point of view, there is a
special architecture (called native architecture, it happens to be the
architecture of the dpkg package). Now Arch:all is just an alias for
native. So the situation you pictured

>   Package: a
>   Architecture: i386
>   Depends: b
> 
>   Package: b
>   Architecture: all
>   Depends: c
> 
>   Package: c
>   Architecture: i386

may actually be disallowed if you happen to use dpkg:amd64.

This elaboration does not change any of your arguments, but I figured
I'd pick on it again, because I have seen it gotten wrong so many times
to the point of wanting to change this particular behaviour. ;-)

> Bearing that in mind, let's go back to Kurt's options in
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=682045#22, elaborated a
> bit:

Excuse my ignorance to previous discussion, but why is there no
/usr/bin/-libtool? To me it appears that libtools is similar in
nature to a compiler in that it is executed on one architecture (build
architecture in autoconf terms) and produces material useful on a
(possibly) different architecture (host architecture). It is an
established practise to prefix such tools with their host architecture.

I recognize that libtool itself is a shell script that decides on most
of the architecture specific stuff at runtime. But this aspect makes a
transition to an architecture prefix easier, as the evaluation of $0
could be used to override the host* variables defined near its top. All
that it needs would be clever symlinking.

> Reasoning about multiarch can be hard work and I'm running low on
> coffee.  Would anyone like to pick holes in this analysis?

Having a multiarch background, but no libtool background, I tried to
understand it. I did not find any obvious flaws, but I do note that with
option 2.1, having libtool depend on libtool-bin does not conceptually
make sense to me, even though this alternative may be practically
useful.

Helmut


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20140112153959.ga8...@alf.mars

Re: GnuTLS in Debian

[Kurt Roeckx]

On Sun, Dec 22, 2013 at 08:12:40PM +0100, Andreas Metzler wrote:
> Hello,
> 
> Debian ist still relying heavily on GnuTLS 2.12.x, and I do not think
> this is sustainable for much longer.
> 
> State of Play:
> -
> In July 2011 with version 3.0 [1] GnuTLS switched to Nettle as only
> supported crypto backend. Nettle requires GMP.
> 
> GnuTLS and Nettle are available under LGPLv2.1+.  GMP used to be
> licensed LGPLv2.1+ ages ago but upgraded to LGPLv3+ in version 4.2.2
> (released September 2007).

So reading the copyright file I first see:
License: The main library and gnutls-xssl are licensed under GNU Lesser
General Public License (LGPL) version 2.1+, Gnutls Extra (which is currently
just the openssl wrapper library), build system, testsuite and commandline
utilities are licenced under the GNU General Public License version 3+.  The
Guile bindings use the same license as the respective underlying library,
i.e. LGPLv2.1+ for the main library and GPLv3+ for Gnutls extra.

However to be able to use and link against libgnutls a program needs to be
available under a license compatible with LGPLv3+ since GnuTLS
requires nettle which requires GMP. GMP was re-licensed to LGPLv3+ a couple
of years ago.


But later:
Excerpt from upstream's README:
LICENSING
-
Since GnuTLS version 3.0.0, the core library has been released under
the GNU Lesser General Public License (LGPL) version 3 or later.

The GNU LGPL applies to the main GnuTLS library, while the
included applications as well as gnutls-extra and gnutls-openssl
libraries are under the GNU GPL version 3.  The gnutls library is
located in the lib/ directory, while the applications in src/ and
gnutls-extra and gnutls-openssl library are at libextra/.


It seems to me that the copyright file contradicts itself,
and that not only GMP is under LGPLv3+


Kurt


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20140112155434.ga19...@roeckx.be

Re: GnuTLS in Debian

[Andreas Metzler]

Kurt Roeckx  wrote:
[gnutls28 debian copyright file]

> It seems to me that the copyright file contradicts itself,
> and that not only GMP is under LGPLv3+

Thank you for pointing this out, it is a piece if outdated information.
I will fix the Debian copyright file to reflect upstream's current
licensing.

FYI, this is the respective paragraph from 3.2.8.1's README:

=
LICENSING
-
Since GnuTLS version 3.1.10, the core library has been released under
the GNU Lesser General Public License (LGPL) version 2.1 or later.

Note, however, that new versions of the gmplib library used by GnuTLS
are distributed under LGPLv3, and as such binaries of this library
need to be distributed under LGPLv3. If this is undesirable older
versions of the gmplib which are under LGPLv2.1 (e.g., version 4.2.1)
may be used instead.

The GNU LGPL applies to the main GnuTLS library, while the
included applications as well as gnutls-openssl
library are under the GNU GPL version 3.  The gnutls library is
located in the lib/ directory, while the applications in src/ and
gnutls-openssl library is at extra/.

For any copyright year range specified as - in this package
note that the range specifies every single year in that closed interval.
=

cu Andreas
-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/5asaqa-21m@argenau.downhill.at.eu.org

Bug#735081: ITP: r-cran-numderiv -- GNU R package for accurate numerical derivatives

[Dirk Eddelbuettel]

Package: wnpp
Owner: Dirk Eddelbuettel 
Severity: wishlist

* Package name: r-cran-numderiv
  Version : 2012.9-1
  Upstream Author : Paul Gilbert and Ravi Varadhan
* URL or Web page : http:http://optimizer.r-forge.r-project.org/
* License : GPL-2
  Description : GNU R package for accurate numerical derivatives

This is a small package containing just R code; and it is now a reverse
dependency of the 'r-cran-sn' package which has been in Debian since Oct 2007.

Dirk

-- 
Dirk Eddelbuettel | e...@debian.org | http://dirk.eddelbuettel.com


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/87bnzh9n86@max.nulle.part

Re: removal of the vacation package

[Marco d'Itri]

On Jan 12, Stefano Zacchiroli  wrote:

> It still seems to have a fair number of loyal users though. I see your
popcon says 1867 have it installed, but only 222 "voted".

> If we do have such a
> replacement (I just don't know) please mention it in the removal bug
> report.
I agree with waldi that the most simple replacement is a Sieve-enabled 
LDA.  

On Jan 12, Ian Jackson  wrote:

> I might want to adopt it.  What's wrong with it not supporting
> MIME ?  AFAIAA it doesn't need to do much parsing of the incoming
> messages.
As the last bug shows, it is supposed to parse the Subject header.

> The set of bugs looks tractable to me.  Do you have a half-prepared
> upload somewhere or is the versionn in the archive the most recent ?
No, I have really ignored it since december 2003.
If you want it, it's yours.

-- 
ciao,
Marco


signature.asc
Description: Digital signature

Re: GnuTLS in Debian

[Simon McVittie]

On 11/01/14 17:37, Игорь Пашев wrote:
> Do I understand correctly the following:
> 
> Application M under the MIT license linked to LGPL3 library L - ok
> Application C under the CDDL license linked to LGPL3 library L - ok
> Application G under the GPL3 license linked to LGPL3 library L - ok,
> all under GPL3
> 
> Bang!
> 
> Application M is now under the GPL3 ?
> Application C is now illegally linked to L ?

No. As far as I understand the FSF's statements on how they intend the
GPL and shared libraries to interact[1]:

* the {M,C,G,L} source code is under the {MIT,CDDL,...} license

* the binary compiled from L is a separate work (let's call it L')
  which is a derivative work of L, and is also under the LGPL3

* the binary compiled from M and linked with L' is a Combined Work M'
  whose effective license is, or closely resembles, the LGPL3 (because
  it's a derivative work of both M and L', and the LGPL3 is more
  restrictive than MIT)

* the binary compiled from C and linked with L' is a Combined Work C'
  whose license is complicated (you may do anything with it that
  would be allowed by both the CDDL *and* the LGPL3)

* the binary compiled from G and linked with L' is a Combined Work G'
  containing G and L, whose effective license is the GPL3
  (because the GPL3 has more restrictions / fewer exceptions than the
  LGPL3)

(where "Combined Work" is as defined in the LGPL3).

The GPL3's requirement that you distribute G' under the more restrictive
terms of the GPL3 does not affect how you may distribute L'.

Regards,
S

[1] I am not a lawyer, so I am not qualified to assess whether this is
how any particular country's copyright law actually works. However,
it seems the closest to a canonical answer that you're likely
to get.


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/52d2de65.9030...@debian.org

Re: removal of the vacation package

[Bjørn Mork]

m...@linux.it (Marco d'Itri) writes:
> On Jan 12, Stefano Zacchiroli  wrote:
>
>> It still seems to have a fair number of loyal users though. I see your
> popcon says 1867 have it installed, but only 222 "voted".
>
>> If we do have such a
>> replacement (I just don't know) please mention it in the removal bug
>> report.
> I agree with waldi that the most simple replacement is a Sieve-enabled 
> LDA.  

Is there such a beast with feature parity?  vacation has a few nice
defaults, like ignoring list mails and only sending one message per week
to each receiver.  Having every end user implement similar behaviour in
sieve isn't likely to happen.

The world has become a lot more stupid since vacation was written

> On Jan 12, Ian Jackson  wrote:
>
>> I might want to adopt it.  What's wrong with it not supporting
>> MIME ?  AFAIAA it doesn't need to do much parsing of the incoming
>> messages.
> As the last bug shows, it is supposed to parse the Subject header.

This doesn't look like a MIME bug to me.  It looks like vacation
truncates multiline subjects.  There is absolutely no reason it should
try to parse any MIME.

And the truncation doesn't really matter for most use cases (returning a
static message). IMHO this could just be documented and tagged as
wontfix if you wanted to.


>> The set of bugs looks tractable to me.  Do you have a half-prepared
>> upload somewhere or is the versionn in the archive the most recent ?
> No, I have really ignored it since december 2003.
> If you want it, it's yours.

Good to see that there are developers interested in keeping it alive.


Bjørn


--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/87vbxoao4p@nemi.mork.no

Re: removal of the vacation package

[Russ Allbery]

Bjørn Mork  writes:

> This doesn't look like a MIME bug to me.  It looks like vacation
> truncates multiline subjects.  There is absolutely no reason it should
> try to parse any MIME.

Well, if you include the subject in the reply, it would nice if it would
undo RFC 2047 encoding and then declare the right charset in the body.
But this is relatively minor.

-- 
Russ Allbery (r...@debian.org)   


--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/87zjn0o2rc@windlord.stanford.edu