Re: Archive changes

[Josh Triplett]

Guillem Jover wrote:
> On Tue, 2016-03-15 at 15:32:40 -0700, Josh Triplett wrote:
> > On Tue, Mar 15, 2016 at 11:15:16PM +0100, Joerg Jaspert wrote:
> > > I've just activated a few changes to the archive we talk(ed) about for a
> > > long time. And while it is not exactly the start of this release cycle,
> > > it should still work out nicely (so one hopes).
> > > 
> > > As of now, InRelease/Release files, Packages and Sources no longer
> > > provide MD5Sum and SHA1sums, only SHA256.
> > > 
> > > Additionally I turned off generating gzip compressed versions of those
> > > files, xz is there.
> > 
> > In addition to the security improvement,
> 
> The only way this might possibly improve security is by perhaps flushing
> out things that rely exclusively on weak hashes, once these start to fail.

That was what I meant, yes.

> > a quick analysis on
> > binary-amd64 shows that this will reduce the size of Packages for
> > binary-amd64 from 39MB to 35MB (uncompressed), and the size of the
> > xz-compressed version from 7.9MB to 5.9MB.  Very nice!
> 
> While the space reduction is nice…
> 
> > That also helps reduce the impact and overhead of adding additional
> > binary packages.
> 
> …I get the feeling you seem to be fixated on the metadata as the only
> problem with an explosion of additional binary packages (tiny or not).

Not at all.  I just said "helps reduce"; this is one of *many* changes
that would need to happen.  I'm happy to see any reduction in overhead.

> As I've commented on before, metadata size is just a tiny part of the
> overhead for a package introduced into the system:
> 
>   

This is something I'm quite familiar with as well; I've reviewed many of
the various sources of overhead previously:
https://lists.debian.org/debian-devel/2015/11/msg8.html .

Bug#818569: ITP: golang-github-hashicorp-go-getter -- download from a URL using a variety of protocols

[Dmitry Smirnov]

Package: wnpp
Severity: wishlist
Owner: Dmitry Smirnov 
X-Debbugs-CC: debian-devel@lists.debian.org, 
pkg-go-maintain...@lists.alioth.debian.org

   Package name: golang-github-hashicorp-go-getter
Version: 0.0~git20160316
Upstream Author: HashiCorp
License: MPL-2.0
URL: https://github.com/hashicorp/go-getter
Description: download from a URL using a variety of protocols
 Go-getter is a library for Golang to download files or directories from
 various sources using a URL as the primary form of input.
 .
 The power of this library is being flexible in being able to download from
 a number of different sources (file paths, Git, HTTP, Mercurial, etc.)
 using a single string as input. This removes the burden of knowing how
 to download from a variety of sources from the implementer.


signature.asc
Description: This is a digitally signed message part.

Work-needing packages report for Mar 18, 2016

[wnpp]

The following is a listing of packages for which help has been requested
through the WNPP (Work-Needing and Prospective Packages) system in the
last week.

Total number of orphaned packages: 736 (new: 12)
Total number of packages offered up for adoption: 187 (new: 0)
Total number of packages requested help for: 45 (new: 1)

Please refer to http://www.debian.org/devel/wnpp/ for more information.



The following packages have been orphaned:

   goldeneye (#818383), orphaned yesterday
 Description: HTTP DoS test tool
 Installations reported by Popcon: 29

   ido (#818016), orphaned 5 days ago
 Description: widgets and other objects used for indicators
 Reverse Depends: libido-0.1-dev libido3-0.1-dev
 Installations reported by Popcon: 363

   indicator-applet (#818014), orphaned 5 days ago
 Description: indicator-applet
 Reverse Depends: indicator-applet-session
 Installations reported by Popcon: 291

   indicator-messages (#818018), orphaned 5 days ago
 Description: indicator that collects messages that need a response
 Reverse Depends: indicator-messages indicator-messages-gtk2
   indicator-status-provider-emesene indicator-status-provider-mc5
   indicator-status-provider-pidgin indicator-status-provider-telepathy
   libindicator-messages-status-provider-dev
 Installations reported by Popcon: 907

   indicator-session (#818017), orphaned 5 days ago
 Description: indicator showing session management, status and user
   switching
 Reverse Depends: indicator-session-gtk2
 Installations reported by Popcon: 258

   libappindicator (#818019), orphaned 5 days ago
 Description: allow applications to export a menu into the panel
 Reverse Depends: alarm-clock-applet blueman caffeine cherrytree
   diodon gir1.2-appindicator-0.1 gir1.2-appindicator3-0.1 gmpc
   gnome-pie gtimelog (21 more omitted)
 Installations reported by Popcon: 28894

   libdbusmenu (#818020), orphaned 5 days ago
 Description: library for passing menus over DBus
 Reverse Depends: cairo-dock-dbus-plug-in diodon
   gir1.2-dbusmenu-glib-0.4 gir1.2-dbusmenu-gtk-0.4
   gir1.2-dbusmenu-gtk3-0.4 gir1.2-indicate-0.7 gnome-pie
   indicator-messages indicator-messages-gtk2 indicator-session (34
   more omitted)
 Installations reported by Popcon: 37759

   libgtk2-appindicator-perl (#818025), orphaned 5 days ago
 Description: Perl bindings for libappindicator
 Installations reported by Popcon: 80

   libindicate (#818021), orphaned 5 days ago
 Description: library for raising indicators via DBus
 Reverse Depends: gir1.2-indicate-0.7 indicator-messages
   indicator-messages-gtk2 indicator-status-provider-emesene
   indicator-status-provider-mc5 indicator-status-provider-pidgin
   indicator-status-provider-telepathy libindicate-dev
   libindicate-gtk-dev libindicate-gtk0.1-cil (13 more omitted)
 Installations reported by Popcon: 7878

   libindicate-qt (#818022), orphaned 5 days ago
 Description: Qt bindings for libindicate
 Reverse Depends: libindicate-qt-dev quassel quassel-client
 Installations reported by Popcon: 1360

   libindicator (#818023), orphaned 5 days ago
 Description: panel indicator applet - shared library
 Reverse Depends: cairo-dock-alsamixer-plug-in
   cairo-dock-messaging-menu-plug-in indicator-applet
   indicator-applet-appmenu indicator-applet-complete
   indicator-applet-session indicator-messages indicator-messages-gtk2
   indicator-session indicator-session-gtk2 (14 more omitted)
 Installations reported by Popcon: 29778

   notify-osd (#818024), orphaned 5 days ago
 Description: daemon that displays passive pop-up notifications
 Reverse Depends: gufw xfce4-goodies
 Installations reported by Popcon: 686

724 older packages have been omitted from this listing, see
http://www.debian.org/devel/wnpp/orphaned for a complete list.



No new packages have been given up for adoption, but a total of 187 packages
are awaiting adoption.  See http://www.debian.org/devel/wnpp/rfa_bypackage
for a complete list.



For the following packages help is requested:

[NEW] vpnc (#818547), requested today
 Description: Cisco-compatible VPN client
 Reverse Depends: network-manager-vpnc
 Installations reported by Popcon: 20360

   athcool (#278442), requested 4160 days ago
 Description: Enable powersaving mode for Athlon/Duron processors
 Installations reported by Popcon: 28

   awstats (#755797), requested 603 days ago
 Description: powerful and featureful web server log analyzer
 Installations reported by Popcon: 4191

   balsa (#642906), requested 1635 days ago
 Description: An e-mail client for GNOME
 Reve

Is there a problem with the build all infra of experimental ?

[PICCA Frederic-Emmanuel]

Hello,

I did a source upload yesterday of the 9.2.2-1~exp1 into experimental and since 
then the all part of the package do not build with a strange error [1].
This package contain a Build-Depends-Indep part.

I tested it with sbuild and and it was ok last week. (unstable sbuild not 
experimental)

but now.

The following packages have unmet dependencies:
 apt : Depends: libgcc1 (>= 1:3.0) but it is not going to be installed
   Depends: libstdc++6 (>= 5.2) but it is not going to be installed
 aspcud : Depends: libgcc1 (>= 1:4.1.1) but it is not going to be installed
  Depends: libstdc++6 (>= 4.9) but it is not going to be installed
 clasp : Depends: libgcc1 (>= 1:3.0) but it is not going to be installed
 Depends: libstdc++6 (>= 5.2) but it is not going to be installed
 cpp : Depends: cpp-5 (>= 5.3.1-3~) but it is not going to be installed
 doxygen : Depends: libgcc1 (>= 1:3.0) but it is not going to be installed
   Depends: libstdc++6 (>= 4.4.0) but it is not going to be installed
 g++ : Depends: g++-5 (>= 5.3.1-3~) but it is not going to be installed
   Depends: gcc-5 (>= 5.3.1-3~) but it is not going to be installed
 gcc : Depends: gcc-5 (>= 5.3.1-3~) but it is not going to be installed
 gettext : Depends: libgomp1 (>= 4.9) but it is not going to be installed
 gringo : Depends: libgcc1 (>= 1:3.0) but it is not going to be installed
  Depends: libstdc++6 (>= 5.2) but it is not going to be installed
 groff-base : Depends: libgcc1 (>= 1:3.0) but it is not going to be installed
  Depends: libstdc++6 (>= 4.1.1) but it is not going to be installed
 libapt-pkg5.0 : Depends: libgcc1 (>= 1:3.0) but it is not going to be installed
 Depends: libstdc++6 (>= 5.2) but it is not going to be 
installed
 libaspell15 : Depends: libgcc1 (>= 1:4.1.1) but it is not going to be installed
   Depends: libstdc++6 (>= 4.6) but it is not going to be installed
 libboost-regex1.58.0 : Depends: libgcc1 (>= 1:3.0) but it is not going to be 
installed
Depends: libstdc++6 (>= 5.2) but it is not going to be 
installed
 libboost-signals1.58.0 : Depends: libgcc1 (>= 1:3.0) but it is not going to be 
installed
  Depends: libstdc++6 (>= 5.2) but it is not going to 
be installed
 libc6 : Depends: libgcc1 but it is not going to be installed
 libclang1-3.6 : Depends: libgcc1 (>= 1:4.1.1) but it is not going to be 
installed
 Depends: libstdc++6 (>= 5.2) but it is not going to be 
installed
 Depends: libstdc++-5-dev but it is not going to be installed
 Depends: libgcc-5-dev but it is not going to be installed
 libcos4-1 : Depends: libgcc1 (>= 1:4.1.1) but it is not going to be installed
 Depends: libstdc++6 (>= 4.1.1) but it is not going to be installed
 libenchant1c2a : Depends: libgcc1 (>= 1:4.1.1) but it is not going to be 
installed
  Depends: libstdc++6 (>= 4.1.1) but it is not going to be 
installed
 libharfbuzz-icu0 : Depends: libgcc1 (>= 1:4.1.1) but it is not going to be 
installed
Depends: libstdc++6 (>= 4.1.1) but it is not going to be 
installed
 libhunspell-1.3-0 : Depends: libgcc1 (>= 1:3.0) but it is not going to be 
installed
 Depends: libstdc++6 (>= 5.2) but it is not going to be 
installed
 libicu55 : Depends: libgcc1 (>= 1:3.0) but it is not going to be installed
Depends: libstdc++6 (>= 5.2) but it is not going to be installed
 libllvm3.6v5 : Depends: libgcc1 (>= 1:4.1.1) but it is not going to be 
installed
Depends: libstdc++6 (>= 5.2) but it is not going to be installed
 liblua5.2-0 : Depends: libgcc1 (>= 1:4.1.1) but it is not going to be installed
   Depends: libstdc++6 (>= 4.1.1) but it is not going to be 
installed
 libmysqlclient18 : Depends: libgcc1 (>= 1:3.0) but it is not going to be 
installed
Depends: libstdc++6 (>= 4.1.1) but it is not going to be 
installed
 libmythes-1.2-0 : Depends: libgcc1 (>= 1:4.1.1) but it is not going to be 
installed
   Depends: libstdc++6 (>= 4.1.1) but it is not going to be 
installed
 libobjc-5-dev : Depends: gcc-5-base (= 5.3.1-12) but it is not going to be 
installed
 Depends: libgcc-5-dev (= 5.3.1-12) but it is not going to be 
installed
 libobjc4 : Depends: gcc-5-base (= 5.3.1-12) but it is not going to be installed
Depends: libgcc1 (>= 1:3.3.1) but it is not going to be installed
 libomniorb4-1 : Depends: libgcc1 (>= 1:4.1.1) but it is not going to be 
installed
 Depends: libstdc++6 (>= 4.1.1) but it is not going to be 
installed
 libomnithread3c2 : Depends: libgcc1 (>= 1:4.1.1) but it is not going to be 
installed
Depends: libstdc++6 (>= 4.1.1) but it is not going to be 
installed
 libpoppler57 : Depends: libstdc++6 (>= 4.9) but it is not going to be installed
 libqtcore4 : Depends: libgcc1 (>= 1:3.0) 

Bug#818580: ITP: golang-github-prometheus-client-model -- data model artifacts for Prometheus

[Dmitry Smirnov]

Package: wnpp
Severity: wishlist
Owner: Dmitry Smirnov 
X-Debbugs-CC: debian-devel@lists.debian.org, 
pkg-go-maintain...@lists.alioth.debian.org

   Package name: golang-github-prometheus-client-model
Version: 0.0.2+git20150212
Upstream Author: Prometheus Team
License: Apache-2.0
URL: https://github.com/prometheus/client_model
Description: data model artifacts for Prometheus
 Golang data model artifacts for Prometheus.


signature.asc
Description: This is a digitally signed message part.

Re: Archive changes

[Johannes Schauer]

Hi,

Quoting Bill Allombert (2016-03-16 10:30:58)
> On Tue, Mar 15, 2016 at 11:15:16PM +0100, Joerg Jaspert wrote:
> > Additionally I turned off generating gzip compressed versions of those
> > files, xz is there.
> 
> Does all services that read Packages files handle xz already ?

dose3 consumes Packages and Sources files and does not yet support the xz
format.

At least qa.d.o/dose and bootstrap.d.n rely on dose3.

Since ben is also written in OCaml it might also be affected by this.

I do not yet know about any xz library for OCaml.

Thanks!

cheers, josch


signature.asc
Description: signature

Re: Archive changes

[Mehdi Dogguy]

On 2016-03-16 22:20, Johannes Schauer wrote:

Hi,

Quoting Bill Allombert (2016-03-16 10:30:58)

On Tue, Mar 15, 2016 at 11:15:16PM +0100, Joerg Jaspert wrote:
> Additionally I turned off generating gzip compressed versions of those
> files, xz is there.

Does all services that read Packages files handle xz already ?


dose3 consumes Packages and Sources files and does not yet support the 
xz

format.

At least qa.d.o/dose and bootstrap.d.n rely on dose3.

Since ben is also written in OCaml it might also be affected by this.



FWIW, Ben supports more than only Gz format:

http://anonscm.debian.org/cgit/collab-maint/ben.git/tree/lib/benl_compression.ml

And this can be specified with a CLI flag or in the configuration file.

Regards,

--
Mehdi

Bug#818594: ITP: golang-github-shopify-sarama -- Go library for Apache Kafka

[Dmitry Smirnov]

Package: wnpp
Severity: wishlist
Owner: Dmitry Smirnov 
X-Debbugs-CC: debian-devel@lists.debian.org, 
pkg-go-maintain...@lists.alioth.debian.org

   Package name: golang-github-shopify-sarama
Version: 1.8.0
Upstream Author: Evan Huus
License: Expat, Apache-2.0
URL: https://github.com/Shopify/sarama
Description: Go library for Apache Kafka
 Sarama is a Go client library for Apache Kafka (https://kafka.apache.org/)
 version 0.8 (and later).


signature.asc
Description: This is a digitally signed message part.

Re: Archive changes

[Bastian Blank]

Hi Joerg

On Wed, Mar 16, 2016 at 10:26:30AM +0100, Joerg Jaspert wrote:
> Also, from reading the current replies, noone has a problem with
> removing sha1, so that one seems a set thing. md5 and gz files
> removals make people more happy.

I'm currently checking if there are places in d-i which check sha1 but
not md5.  Some parts does not support anything newer yet, I'm working on
that.

Regards,
Bastian

-- 
Vulcans never bluff.
-- Spock, "The Doomsday Machine", stardate 4202.1

Bug#818581: ITP: golang-gopkg-mcuadros-go-syslog.v2 -- syslog server library for Golang

[Dmitry Smirnov]

Package: wnpp
Severity: wishlist
Owner: Dmitry Smirnov 
X-Debbugs-CC: debian-devel@lists.debian.org, 
pkg-go-maintain...@lists.alioth.debian.org
Control: block -1 by 818530
Control: block 818296 by -1

   Package name: golang-gopkg-mcuadros-go-syslog.v2
Version: 2.1.1
Upstream Author: Máximo Cuadros
License: Expat
URL: https://github.com/mcuadros/go-syslog
Description: syslog server library for Golang
 Syslog server library for go to build custom syslog server over UDP, TCP
 or Unix sockets using RFC3164, RFC6587 or RFC5424.


signature.asc
Description: This is a digitally signed message part.

Bug#818441: ITP: libtest-is-perl -- Skip test in a declarative way, following the Lancaster Consensus

[Nick Morrott]

Package: wnpp
Owner: Nick Morrott 
Severity: wishlist
X-Debbugs-CC: debian-devel@lists.debian.org, debian-p...@lists.debian.org

* Package name: libtest-is-perl
  Version : 20140823.1
  Upstream Author : Olivier Mengué 
* URL : https://metacpan.org/release/Test-Is
* License : Artistic or GPL-1+
  Programming Lang: Perl
  Description : Skip test in a declarative way, following the Lancaster 
Consensus

Test::Is is a simple way of following the specifications of the
environment variables available for Perl tests as defined as one of the
"Lancaster Consensus" at Perl QA Hackathon 2013. Those variables
(NONINTERACTIVE_TESTING, EXTENDED_TESTING) define which tests should be
skipped.

If the environment does not match what the author of the test expected, the
complete test is skipped (in the same way as use Test::More skip_all => ...).

As an author, you can also expect that you will automatically benefit of
later evolutions of this specification just by upgrading the module.

The package will be maintained under the umbrella of the Debian Perl Group.

The package is a dependency of libmediawiki-bot-perl (#786800)

Bug#818534: ITP: golang-github-hashicorp-go-plugin -- Golang plugin system over RPC

[Dmitry Smirnov]

Package: wnpp
Severity: wishlist
Owner: Dmitry Smirnov 
X-Debbugs-CC: debian-devel@lists.debian.org, 
pkg-go-maintain...@lists.alioth.debian.org
Control: block 818296 by -1

   Package name: golang-github-hashicorp-go-plugin
Version: 0.0~git20160212
Upstream Author: HashiCorp
License: MPL-2.0
URL: https://github.com/hashicorp/go-plugin
Description: Golang plugin system over RPC
 Plugin System over RPC.


signature.asc
Description: This is a digitally signed message part.

We Have Ideas For Debian

[Charlotte | Lemonlight Media]

*|MC:SUBJECT|*

Hi There, we'd love to stop by Debian...

Hi There,

I just wanted to drop a line to let you know that our award-winning Executive 
Producer is going to be in Alexandria and right down the street from Debian on 
Friday!

If you're open to it, I'd love to set up a time for him to stop by and talk to 
you about some ideas we have for Debian. There's no obligation to you - just an 
opportunity to explore some marketing ideas for your brand.

Lemonlight Media
http://lemonlight.msgfocus.com/c/1GP7DWoIsJQqNHzClEWf1ux is a Los Angeles based 
video marketing company that produces beautiful, on-brand commercials for your 
business, and then digitally distributes them to your target customers.

If you'd like to schedule a 20-minute meeting, please let me know what time is 
best for you! Thanks and hope you're staying warm!

Cheers,

Charlotte Broadbent
Marketing Coordinator

charlo...@lemonlightmedia.com
323.813.8069


If you wish to unsubscribe, please click on the link below.
Please note this is an automated operation.
http://lemonlight.msgfocus.com/u/1lgsL5T5wOimAErKycJXX

a poll for Dgit workflows

[Daniel Stender]

Hi,

dealing with Dgit beyond a "simple" workflow (clone/fetch - make changes - dgit 
push) I
wanted to poll for workflows towards new upstream tarballs and, connected to 
that, the
treatment of patches.

I've experimented with applying `gbp import-orig` on an extra upstream branch 
and merging into
e.g. dgit/sid, but this seems to be substandard because `dgit quilt-fixup` 
wants to quiltify
all the changes in the working tree, which isn't wanted.

The next thing which would be interesting is how to rework patches e.g. 
unfuzzing them (for
rebase isn't possible on freshly cloned repos with no previous Git history?). 
Obsolete patches
which have been applied upstream I would guess just could be deleted.

I would like to know how folks handle these things, if somebody wants to share 
...

Thx for hints in advance!
Daniel Stender

-- 
4096R/DF5182C8
http://www.danielstender.com/blog/

Re: a poll for Dgit workflows

[Manoj Srivastava]

On March 19, 2016 8:27:43 AM PDT, Daniel Stender  wrote:
>Hi,
>
>dealing with Dgit beyond a "simple" workflow (clone/fetch - make
>changes - dgit push) I
>wanted to poll for workflows towards new upstream tarballs and,
>connected to that, the
>treatment of patches.

  My work flow is probably not what you are looking for, but here goes. I have 
adopted dgit into my usual vcs based model. There is an development branch that 
tracks upstream development. Based on that there is upstream, that occasionally 
also imports tarballs, which have artifacts not in upstream git at times. I use 
pristine tar to reproduce the tarballs.

For each feature or fix that I carry, there is a feature branch based off the 
upstream branch, so I can feed changes back.

All these branches are merged into the matter branch. Dgit/Sid is identical to 
master.

git co development
git pull
git co upstream
git merge -S development
git import-tar-pristine
git co master
git merge -S upstream
git merge -S some-fix-branch
edit debian/changelog
git ci -S -S 
git co dgit/sid
git merge -S --ff-only master
gitpkg HEAD
Test
dgit push

  I use gitpkg to build on a KVM or remote virtual machine. Source format 1.0 
means this is pure git schema, no serialized patches.

   Manoj

-- 
Sent from my Android phone with K-9 Mail. Please excuse my brevity.

Re: Archive changes

[Raphael Hertzog]

Hi,

On Tue, 15 Mar 2016, Joerg Jaspert wrote:
> As of now, InRelease/Release files, Packages and Sources no longer
> provide MD5Sum and SHA1sums, only SHA256.

FYI the lack of the "Files" field (having only Checksums-Sha256) in
Sources broke the update procedure of tracker.debian.org...

> Additionally I turned off generating gzip compressed versions of those
> files, xz is there.

tracker.debian.org is using python-apt so it was not broken by this.

Cheers,
-- 
Raphaël Hertzog ◈ Debian Developer

Support Debian LTS: http://www.freexian.com/services/debian-lts.html
Learn to master Debian: http://debian-handbook.info/get/

Bug#818685: ITP: python2-lxc -- Linux Containers userspace tools (Python 2 bindings)

[Evgeni Golov]

Package: wnpp
Severity: wishlist
Owner: Evgeni Golov 

* Package name: python2-lxc
  Version : 0.1
  Upstream Author : lxc-de...@lists.linuxcontainers.org
* URL : https://github.com/lxc/python2-lxc/
* License : LGPLv2+
  Programming Lang: Python, C
  Description : Linux Containers userspace tools (Python 2 bindings)

This is needed to manage LXC containers from Ansible.

Bug#818530: ITP: golang-github-jeromer-syslogparser -- syslog parser library

[Dmitry Smirnov]

Package: wnpp
Severity: wishlist
Owner: Dmitry Smirnov 
X-Debbugs-CC: debian-devel@lists.debian.org, 
pkg-go-maintain...@lists.alioth.debian.org

   Package name: golang-github-jeromer-syslogparser
Version: 0~20150717
Upstream Author: Jérôme Renard
License: BSD-2-clause
URL: github.com/jeromer/syslogparser
Description: syslog parser library
 Syslog parser for the Go programming language.


signature.asc
Description: This is a digitally signed message part.

Bug#818538: ITP: golang-github-mitchellh-reflectwalk -- library for "walking" a value in Go using reflection

[Dmitry Smirnov]

Package: wnpp
Severity: wishlist
Owner: Dmitry Smirnov 
X-Debbugs-CC: debian-devel@lists.debian.org, 
pkg-go-maintain...@lists.alioth.debian.org

   Package name: golang-github-mitchellh-reflectwalk
Version: 0.0~git20150527
Upstream Author: Mitchell Hashimoto
License: Expat
URL: https://github.com/mitchellh/reflectwalk
Description: library for "walking" a value in Go using reflection
 reflectwalk is a Go library for "walking" a value in Go using reflection,
 in the same way a directory tree can be "walked" on the filesystem. Walking
 a complex structure can allow you to do manipulations on unknown structures
 such as those decoded from JSON.


signature.asc
Description: This is a digitally signed message part.

Bug#818705: general: multipackage issue

[Richard Jasmin]

Package: general
Severity: critical
Justification: breaks unrelated software

Dear Maintainer,

when sshfs is mounted IE: my webserver
and I do a package update(updating libreO, so must be removed first)

lxdesktop file manager crashes. Im noticing it sometimes generically with the
sshfs mount, which remains mounted but apt-get apt-fast and synaptic should not
cause this.

I do not know what is causing this.



-- System Information:
Debian Release: 8.3
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-4-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Bug#818373: ITP: vo-aladin -- Interactive sky atlas for astronomical images and datasets

[Paul Sladen]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

package: wnpp
Owner: Paul Sladen 
Severity: Wishlist

* Package Name: vo-aladin
* Version:  9.013
* Upstream Author:  Pierre Fernique, Strasbourg astronomical Data Center 
(CDS)
* URL:  http://aladin.u-strasbg.fr/
* Programming Language: Java
* License:  GPL-3
* Description:  Interactive sky atlas for astronomical images and 
datasets

Aladin is an desktop client for viewing and analysis of Virtual
Observatory (VO) astronomical datasets in real-time.  Data, tables and
images are dynamically fetched and displayed to the user, via the
network of registries and and data centres offering access using VO
protocols.
.
Aladin is written in Java, released under the GPLv3 and
maintined by the Strasbourg astronomical Data Center (CDS).
.
http://aladin.u-strasbg.fr/

The main code base is written in Java and published under the GPLv3 as
Src.jar files, at:

  http://aladin.u-strasbg.fr/java/nph-aladin.pl?frame=downloading

These 'jarballs' are unversioned; a tool to download and renumber the
upstream sources jarballs is available at:

  https://github.com/sladen/vo/blob/master/aladin-meta/fetch-aladin-source.py

Several internal dependencies are used, (included by default as binary
.class object in the source distribution:  'microhub' + dependencies,
'kxml2', 'jsamp', 'moc', 'cds-astro', 'savot'.

These dependences need separately packaging and uploading first, and
are listed in more detail at:

  https://github.com/sladen/vo/blob/master/aladin-meta/dependencies.md

The current application-to-application data sharing protocol is SAMP,
meaning that it should be possible to safely disable the the
'microhub') dependency.  The Plastic Manager (supplied by Microhub)
and its further dependencies appear to be frequently disabled in the
main code anyway, and can likely be fully commented out the via the
'USE_PLASTIC_REQUESTED=false' code-paths.

'libkxml2-java' is already packaged in Debian as:

  https://packages.debian.org/search?keywords=libkxml2-java

'jsamp' is available in 'debian-astro' revision control, based on
previous work by Florian Rothmaier:

  http://anonscm.debian.org/cgit/debian-astro/packages/jsamp.git/

'MOC' presently has an unknown licence:

  http://wiki.ivoa.net/twiki/bin/view/IVOA/MocInfo

Both the 'CDS-Astro' and 'SAVOT3' libraries have a non-free
educational-use-only licence, requiring explicit permission for
anything else.  The Present restrictive CDS licence text is in:

  http://cds.u-strasbg.fr/resources/doku.php?id=using_conditions
  "reproduction and representation as a private copy or for
  educational and research purposes" /
  "la reproduction et la representation a titre de copie privee ou des
  fins d'enseignement et de recherche"

Which is linked from the download pages at:

  http://cds.u-strasbg.fr/resources/doku.php?id=3Dunits
  "Read before any use of available Java classes"

  http://cds.u-strasbg.fr/resources/doku.php?id=3Dsavot_v3.0=20
  "Read before any use of available Java classes"

Although SAVOT3 appears under the educational-only (non-free) licence,
there is a SAVOT4 GPL3 implementation from Andre Schaaff (CDS) to be
found on Github.  If this is API-compatible, it should be possible to
package and switch to this:

  https://github.com/aschaaff/savot/

Communication is underway in order to try to get moc, cds-astro and,
if needed SAVOT3, clearly under the GPL-3 licence aswell as this is
required prior to inclusion in Debian.

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFW6XOGc444tukM+iQRAkxQAKCTKJ95bFDfQxzelodiBFKhQ5bGXACdFBIN
nFTvBYEMRZ2JqrBnOAVgXRM=
=btVR
-END PGP SIGNATURE-

Bug#818718: ITP: python-pdal -- Point Data Abstraction Library - Python extension

[Bas Couwenberg]

Package: wnpp
Severity: wishlist
Owner: Bas Couwenberg 

* Package name: python-pdal
  Version : 1.1.0+ds
  Upstream Author : Hobu, Inc. 
* URL : https://pypi.python.org/pypi/PDAL
* License : BSD-3-Clause
  Programming Lang: Python/C++
  Description : Point Data Abstraction Library - Python extension

PDAL is a BSD licensed library for translating and manipulating point
cloud data of various formats. PDAL can be used to read, write and
translate point cloud data in many formats. Support is included for
input files of LAS, LAZ, SBET, BPF, QFIT and others. PDAL can also read
from and write to databases that support point cloud storage, including
Oracle, Postgres and SQLite.

PDAL should not be confused with PCL (Point Cloud Library). PCL is a
library specifically designed to provide algorithmic analysis and
modification of point clouds. PDAL provides a limited interface to the
facilities of PCL, but does not in general attempt to duplicate its
capabilities.


The Python extension is packaged separately from PDAL (#797126) using
the sources from PyPi, because the extension cannot be built along with
the rest of PDAL.

The python-pdal package will be maintained along with pdal in the
Debian GIS team.

Bug#818378: ITP: libcds-moc-java -- Multi-Order Coverage Virtual Observatory library

[Paul Sladen]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

package: wnpp
Owner: Paul Sladen 
Severity: Wishlist

* Package Name: libcds-moc-java
* Version:  4.5
* Upstream Author:  Pierre Fernique, Strasbourg astronomical Data Center 
(CDS)
* URL:  http://wiki.ivoa.net/twiki/bin/view/IVOA/MocInfo
* Programming Language: Java
* License:  GPL-3
* Description:  Java-based library for Multi-Order Coverage access in 
the astronomical Virtual Observatory

The Multi-Order Coverage (MOC) library provides access to
functionality under the 'cds.moc' namespace:
.
  http://wiki.ivoa.net/twiki/bin/view/IVOA/MocInfo

The library is maintained by the Strasbourg astronomical Data Center
(CDS) and published by the International Virtual Observatory Alliance
(IVOA) under the GPLv3.  A GPLv3 licence statement is included at top
of each .java source file when downloaded from:

  http://wiki.ivoa.net/internal/IVOA/MocInfo/MocSrc.jar

It is one of the dependencies of the Aladin Virtual Observatory (VO)
client; see: 'vo-aladin', ITP: #818373.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFW6YDEc444tukM+iQRAh/1AKDCugMNbvde2HSyT4p0RHrc3NmnuwCfWegp
gK9Fmp/PqI2Q2/sq6DT2L6w=
=wzT2
-END PGP SIGNATURE-

Bug#818375: ITP: libsavot-java -- Simple Access to VOTable (SAVOT)

[Paul Sladen]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

package: wnpp
Owner: Paul Sladen 
Severity: Wishlist

* Package Name: libsavot-java
* Version:  4.0
* Upstream Author:  Andre Schaaff (CDS), Laurent Bourges (JMMC)
* URL:  https://github.com/aschaaff/savot/
* Programming Language: Java
* License:  GPL-3
* Description:  SAVOT: Java-based VO-Table (Virtual Observatory) library

Simple Access to VOTable (SAVOT) is a Java library for VO-Tables which
lives under the 'cds.savot' namespace.

SAVOTv4 is a library written in Java, and maintined by the Strasbourg
astronomical Data Center (CDS).  It has been released by one of its
co-authors, Andre Schaaff under the GPLv3 on Github:
.
  https://github.com/aschaaff/savot/

This package is one of the dependencies for the CDS Aladin package,
see: 'vo-aladin', ITP: #818373.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFW6Xoec444tukM+iQRAgFvAJ9hIMnqVUMZAry3g444wLuXcgIr4gCfRkpP
ShwLE/DlSaRbM+o5RiCsa2Q=
=TT79
-END PGP SIGNATURE-

Bug#818438: ITP: libconstant-generate-perl -- Common tasks for symbolic constants

[Nick Morrott]

Package: wnpp
Owner: Nick Morrott 
Severity: wishlist
X-Debbugs-CC: debian-devel@lists.debian.org, debian-p...@lists.debian.org

* Package name: libconstant-generate-perl
  Version : 0.17
  Upstream Author : M. Nunberg 
* URL : https://metacpan.org/release/Constant-Generate
* License : Artistic or GPL-1+
  Programming Lang: Perl
  Description : Common tasks for symbolic constants

Constant::Generate provides useful utilities for handling, debugging, and
generating opaque, 'magic-cookie' type constants as well as value-significant
constants.

Using its simplest interface, it will generate a simple enumeration of names
passed to it on import.

The package will be maintained under the umbrella of the Debian Perl Group.

The package is a dependency of libmediawiki-bot-perl (#786800)

Bug#818545: ITP: golang-github-mitchellh-copystructure -- library for deep copying values in Go

[Dmitry Smirnov]

Package: wnpp
Severity: wishlist
Owner: Dmitry Smirnov 
X-Debbugs-CC: debian-devel@lists.debian.org, pkg-go-
maintain...@lists.alioth.debian.org

   Package name: golang-github-mitchellh-copystructure
Version: 0.0~git20160128
Upstream Author: Mitchell Hashimoto
License: Expat
URL: https://github.com/mitchellh/copystructure
Description: library for deep copying values in Go
 Copystructure is a Go library for deep copying values in Go.
 .
 This library can copy Go values that may contain reference values such as
 maps, slices, or pointers, and copy their data as well instead of just
 their references.


signature.asc
Description: This is a digitally signed message part.

Bug#818376: ITP: libcds-astro-java -- CDS Astronomical Units conversions

[Paul Sladen]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

package: wnpp
Owner: Paul Sladen 
Severity: Wishlist

* Package Name: libcds-astro-java
* Version:  1.2
* Upstream Author:  François Ochsenbein, Strasbourg astronomical Data 
Center (CDS)
* URL:  http://cds.u-strasbg.fr/resources/doku.php?id=units
* Programming Language: Java
* License:  Educational-use only (non-free)
* Description:  Java-based library for units conversion in the 
astronomical Virtual Observatory

CDS Astro is a units conversion library that provides library
functionality under the 'cds.astro' namespace.  It is one of the
dependencies of the Aladin Virtual Observatory (VO) client; see:

The library was written by the Strasbourg astronomical Data Center
(CDS) and source code is made available by CDS as a zip file from:

  http://cds.u-strasbg.fr/cdsdevcorner/units1.2/src.zip

(This states it is from November 2006, but contains files modified in
February 2007).

This package is one of the dependencies for the CDS Aladin package,
see: 'vo-aladin', ITP: #818373.

At present the read me information on the homepage at:

  http://cds.u-strasbg.fr/resources/doku.php?id=units

contains a link to:

  http://cds.u-strasbg.fr/resources/doku.php?id=using_conditions

which includes restrictions on use, only allowing for:

  "the reproduction and representation as a private copy or for
  educational and research purposes outside any lucrative use" /

  "la reproduction et la representation a titre de copie privee ou
  des fins d'enseignement et de recherche et en dehors de toute
  utilisation lucrative"

This is incompatible with the GPLv3 licence under which the rest of
Aladin is already published and distributed.  Contact has been made
with the authors in the of gaining a clear confirmation of GPLv3
licencing.

This would need to be done prior to acceptance of Aladin and its
dependencies into Debian.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFW6X2Cc444tukM+iQRAoVLAKCGyofE4nZKFv34gltfjGT9+AzEYQCfQFpj
wznT/Edi56v5MZsGd3inYh0=
=MDFw
-END PGP SIGNATURE-

Re: Archive changes

[Stefano Zacchiroli]

All,

On Wed, Mar 16, 2016 at 08:32:17AM +0100, Stefano Zacchiroli wrote:
> But it might be a good idea to track all upcoming breakages using the
> BTS. Fell free to tag and/or mark as blocking the above bug report as
> needed. And to report more similar bugs :)

I've now reported #818463 against ftp.d.o to track the archive changes.

Please report individual bugs against the services that are broken as a
consequence of the archive changes, and mark the above bug as blocked by
those new bugs.

Cheers.
-- 
Stefano Zacchiroli  . . . . . . .  z...@upsilon.cc . . . . o . . . o . o
Maître de conférences . . . . . http://upsilon.cc/zack . . . o . . . o o
Former Debian Project Leader . . . . . @zacchiro . . . . o o o . . . o .
« the first rule of tautology club is the first rule of tautology club »


signature.asc
Description: PGP signature

Re: Possible MBF: Packages depending on iceweasel but not firefox/firefox-esr

[David Prévot]

Le 18/03/2016 18:06, Josh Triplett a écrit :

> I would suggest that Firefox addon packages should depend on "firefox |
> firefox-esr"

Most of those packages are mozilla-devscripts for the build and just
need to be rebuilt to get fixed. Even if our infrastructure has all the
needed tools to binNMU all of them as a proper transition, some
limitations on the way arch:all binNMU are handled currently prevents us
from having most of them already fixed, see #818104.

What is currently needed if the arch:all binNMU doesn’t get fixed, is
“just” to upload all of them. I’m currently dragged into doing that for
hundred of PHP classes packages because of this no arch:all binNMU
limitation, so I hope someone else from the Debian Mozilla Extension
Maintainers could take the lead on it (new members are welcome ;).

Regards

David



signature.asc
Description: OpenPGP digital signature

Bug#818575: ITP: circlator -- circularize genome assemblies

[Afif Elghraoui]

Package: wnpp
Severity: wishlist
Owner: Debian Med Packaging Team 

* Package name: circlator
  Version : 1.2.0
  Upstream Author : Martin Hunt & Nishadi De Silva 
* URL : http://sanger-pathogens.github.io/circlator/
* License : GPL
  Programming Lang: Python
  Description : circularize genome assemblies

Circlator is a tool to automate assembly circularization for bacterial and
small eukaryotic genomes and produce accurate linear representations of
circular sequences.

This package will be maintained by the Debian Med team.

Re: About archived squeeze

[Adam D. Barratt]

On 2016-03-16 10:53, Mathieu Parent wrote:

Hello Joerg,

squeeze-lts on archive [1] has a Valid-Until header which makes apt 
complain.


That's expected - see 
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670141


Also, squeeze is still on security [2] and LTS is still on primary 
miror [3].


"Yes". You'll notice that all the packages / sources files for -lts are 
empty.


Also, ftp.debian.org is *not* "[the] primary mirror". So far as the 
mirror network goes, it's Just Another Mirror[tm], as per 
https://www.debian.org/mirror/ftpmirror


Regards,

Adam

[1,2,3] dangling, sorry