Re: State of Roundcube packaging in Debian?

2015-03-16 Thread Vincent Bernat 
 ❦ 15 mars 2015 15:38 -0500, John Goerzen  :

>>> I found out today that roundcube was removed from Debian testing due to
>>> some unfixed bugs. I investigated a bit further and found that:
>>>
>>>  - 1.1.0 has long been released upstream, but:
>>> - the watch file never picked it up, and
>>> - the package VCS is stuck at an unreleased 1.0.0
>>>  - A partially fixed package was uploaded to unstable in January,
>>>but was not unblocked, and
>>> - is not in the package VCS
>>>
>>> Could you please elaborate a bit on the state of Roundcube in Debian,
>>> and what I (or others) could do to get it straight again?
>> The package is team-maintained but none of the maintainers have time to
>> take care of Roundcube. Hence, the removal from Jessie. The main
>> difficulty is to handle the 0.9.5 to 1.x upgrade where the configuration
>> files change.
> I assume you mean the config files change in some dramatic way; that is,
> some way that means the existing files won't work anymore?

Yes.

> If that is the case, why does this have to be a big deal?  Couldn't you
> just warn people that the upgrade will break their config, point them to
> the docs, and call it good?  After all, if that is all upstream
> provides, isn't it better than nothing?

Upstream provides a conversion script. But, yes, we could put the
upgrade burden on the user, this is better than no upgrade.

The bottom line is the maintainers don't have time. It is unclear if
orphaning works for a team-maintained package. People propose to help
From time to time, then usually disappear. Someone just proposed to help
(Sandro). Maybe this will help push 1.1.0.

The packaging is not utterly complex but not trivial (dbconfig-common
handling, ucf-managed configuration files, some debconf questions,
embedded code removal, DFSG tarball needed for political reasons).

Also, security handling is difficult because Roundcube is exposed to a
class of attacks (script injection and CSRF) that are usually fixed by
applying large patches difficult to backport. Even when the patch
applies on older versions, we really don't know if it is complete for
the older version.
-- 
Write clearly - don't sacrifice clarity for "efficiency".
- The Elements of Programming Style (Kernighan & Plauger)


signature.asc
Description: PGP signature

Bug#780586: ITP: node-sprintf-js -- JavaScript sprintf implementation

2015-03-16 Thread Matthew Pideil 
Package: wnpp
Severity: wishlist
Owner: Matthew Pideil 

* Package name: node-sprintf-js
  Version : 1.0.2
  Upstream Author : Alexandru Marasteanu 
* URL : https://github.com/alexei/sprintf.js
* License : BSD-3
  Programming Lang: JavaScript
  Description : JavaScript sprintf implementation

sprintf.js is a complete open source JavaScript sprintf implementation
for the browser and node.js.

This source package should install nodejs library (node-sprintf-js) and 
javascript library (libjs-sprintf-js)

node-sprintf-js is required by node-argparse and will be
maintained within the Javascript Team.


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/20150316104632.10900.75388.reportbug@pcplat68.interne-mtd

Bug#780593: ITP: python-oslo.policy -- RBAC policy enforcement library for OpenStack

2015-03-16 Thread Thomas Goirand 
Package: wnpp
Severity: wishlist
Owner: Thomas Goirand 

* Package name: python-oslo.policy
  Version : 0.1.0
  Upstream Author : OpenStack Foundation 
* URL : https://github.com/openstack/oslo.policy
* License : Apache-2.0
  Programming Lang: Python
  Description : RBAC policy enforcement library for OpenStack

 Oslo.policy provides a Role Based Access Control policy enforcement library
 for OpenStack.


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/20150316131812.30627.16677.report...@buzig2.mirantis.com

Bug#780608: ITP: freelan -- P2P VPN daemon

2015-03-16 Thread Rolf Leggewie 
Package: wnpp
Severity: wishlist
Owner: Rolf Leggewie 

* Package name: freelan
  Upstream Author : Julien Kaufmann
* URL : http://www.freelan.org/
* License : (GPL)
  Programming Lang: (C, C++, Python)
  Description : P2P VPN daemon

 Freelan is an application to create secure ethernet tunnels over a
 single UDP port. It can be used to create virtual LANs ("Local
 Area Network"), hence the name: "freelan".
 .
 Freelan may create peer-to-peer tunnel connections or rely on a
 more classic client/server layout. The virtual network can be
 shaped to fit exactly the bandwidth or topology constraints,
 providing an optimal virtual private network.
 .
 Freelan is particularly useful for remote sites interconnection and
 gaming.


I already maintain n2n and was intruiged by the nice feature set
and active development offered by freelan.  I plan to maintain
the package together with upstream.  I might need a sponsor.


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/20150316164902.10048.62670.report...@www.google-analytics.com