Re: [Pkg-ace-devel] Status of the ACE package | Is the ACE team still active ?

[Johnny Willemsen]

Hi,

When there is someone that could assist me in doing it the first time I am 
interested in packaging ACE. I
already upload the release to various places and adding debian should
not be a problem, but some help the first time would make this easier. I
do have a debian account, installed debian 9 last week in a VM to start
with.

Johnny


On 09/01/2017 08:55 PM, Sebastian Andrzej Siewior wrote:
> I dropped Marek from Cc because the email delivery times out.
>
> On 2017-09-01 13:41:18 [+0200], Thomas Girard wrote:
>> hello,
> Hi,
>
>> I don't have much time for ACE packaging and I don't use it anymore. I 
>> should probably remove myself from uploaders. 
> Okay.
>
>> Are you willing to step in?
> no, not really but I would like to see it built against openssl1.1 :)
>
>> Unless Pau has some time for it the package should be RFA'ed. I can find 
>> time to sponsor an upload though.
> Okay, good to know.
> Johnny, are you interrested in packaging ACE?
>
>> Regards,
>>
>> Thomas 
> Sebastian
>
> ___
> Pkg-ace-devel mailing list
> pkg-ace-de...@lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-ace-devel
>

Re: [Pkg-ace-devel] Status of the ACE package | Is the ACE team still active ?

[Tobias Frost]

Hallo Johnny,

On Sun, Sep 03, 2017 at 09:11:32AM +0200, Johnny Willemsen wrote:
> Hi,
> 
> When there is someone that could assist me in doing it the first time I am 
> interested in packaging ACE. I
> already upload the release to various places and adding debian should
> not be a problem, but some help the first time would make this easier. I
> do have a debian account, installed debian 9 last week in a VM to start
> with.

thanks for your mail and many thanks for wanting to improve Debian!

We have mentors.debian.net to help von someone wants to
package something for Debian. There is also documentation there.
I suggest starting to read here:
https://mentors.debian.net/intro-maintainers and maybe the QA
https://mentors.debian.net/qa and https://wiki.debian.org/DebianMentorsFaq

You can ask questions on the debian-mentors mailing list [1] or on IRC,
#debian-mentors on OFTC.

[1] https://lists.debian.org/debian-mentors/ 

I hope the above information helps to get you started.
If not, please feel free to post to the mentors mailing list (I'm also
active there.)

> Johnny

--
tobi



> 
> On 09/01/2017 08:55 PM, Sebastian Andrzej Siewior wrote:
> > I dropped Marek from Cc because the email delivery times out.
> >
> > On 2017-09-01 13:41:18 [+0200], Thomas Girard wrote:
> >> hello,
> > Hi,
> >
> >> I don't have much time for ACE packaging and I don't use it anymore. I 
> >> should probably remove myself from uploaders. 
> > Okay.
> >
> >> Are you willing to step in?
> > no, not really but I would like to see it built against openssl1.1 :)
> >
> >> Unless Pau has some time for it the package should be RFA'ed. I can find 
> >> time to sponsor an upload though.
> > Okay, good to know.
> > Johnny, are you interrested in packaging ACE?
> >
> >> Regards,
> >>
> >> Thomas 
> > Sebastian
> >
> > ___
> > Pkg-ace-devel mailing list
> > pkg-ace-de...@lists.alioth.debian.org
> > http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-ace-devel
> >
> 


signature.asc
Description: PGP signature

Re: distributing .buildinfo files (Re: Bad interaction between pbuilder/debhelper/dpkg-buildinfo/dpkg-genchanges and dak on security-master)

[Philipp Kern]

On 2017-09-02 23:48, Holger Levsen wrote:

On Mon, Jul 03, 2017 at 07:23:29PM +0200, Philipp Kern wrote:

> Not yet.  We people from the reproducible team couldn't find a way to
> usefully talk to ftp-masters people, whom never replied to any of the
> questions in the thread at #763822 (they only did some quick comments on
> IRC, and we have been left on guessing what they would like…).
>
> Anyhow, .buildinfo files are stored in ftp-master, just not exported to
> the mirrors, you can find them in
> coccia.debian.org:/srv/ftp-master.debian.org/.

So I suppose we talk about 13 GB[1] of static content in about 1.7M
files. Is that something that could be distributed through
static.debian.org if there are concerns around inodes for the main
mirrors? Given that they would be accessed mostly rarely[2]?

[1] 7.7kB (75%ile as mentioned in the referenced bug) * 55000 binary
packages * 10 architectures * 3 versions - so quite conservatively
[2] So supposedly a CDN wouldn't bring a lot of benefit as individual
files aren't likely to be hit frequently.


using static.debian.org seems to be a good idea to me, what would be
needed to make
this happen?

or, we could put them in a git repo instead, and use git.debian.org…


Git is an interesting thought for incremental mirroring. But then it 
also seems to be a poor choice for something that is an only growing 
repository of data.


What I think should be a requirement is that the data is pushed out 
before the mirror pulse. Otherwise you end up with a race where you try 
to mirror the data including the buildinfo but can't access it. (It's a 
little unfortunate that we don't simply put them onto the mirrors.


Kind regards
Philipp Kern

Re: distributing .buildinfo files (Re: Bad interaction between pbuilder/debhelper/dpkg-buildinfo/dpkg-genchanges and dak on security-master)

[Holger Levsen]

On Sun, Sep 03, 2017 at 11:40:53AM +0200, Philipp Kern wrote:
> Git is an interesting thought for incremental mirroring. But then it also
> seems to be a poor choice for something that is an only growing repository
> of data.

the nice thing with git is that you get a signed tree for free (or rather, very
easily with tools almost everybody understands), even though it atm only uses
sha1 hashes. IOW: it's a very simple blockchain, which has better properties
than a simple file based mirror.
 
> What I think should be a requirement is that the data is pushed out before
> the mirror pulse. Otherwise you end up with a race where you try to mirror
> the data including the buildinfo but can't access it. (It's a little
> unfortunate that we don't simply put them onto the mirrors.

agreed.


-- 
cheers,
Holger


signature.asc
Description: Digital signature

Re: [Pkg-ace-devel] Status of the ACE package | Is the ACE team still active ?

[Johnny Willemsen]

Hi,

Thanks for the list, I will have a look. Thomas, do you have any
hints/commands that could help?

Johnny


Johnny Willemsen
Remedy IT
Postbus 81 | 6930 AB Westervoort | The Netherlands
http://www.remedy.nl

On 09/03/2017 11:22 AM, Tobias Frost wrote:
> Hallo Johnny,
>
> On Sun, Sep 03, 2017 at 09:11:32AM +0200, Johnny Willemsen wrote:
>> Hi,
>>
>> When there is someone that could assist me in doing it the first time I am 
>> interested in packaging ACE. I
>> already upload the release to various places and adding debian should
>> not be a problem, but some help the first time would make this easier. I
>> do have a debian account, installed debian 9 last week in a VM to start
>> with.
> thanks for your mail and many thanks for wanting to improve Debian!
>
> We have mentors.debian.net to help von someone wants to
> package something for Debian. There is also documentation there.
> I suggest starting to read here:
> https://mentors.debian.net/intro-maintainers and maybe the QA
> https://mentors.debian.net/qa and https://wiki.debian.org/DebianMentorsFaq
>
> You can ask questions on the debian-mentors mailing list [1] or on IRC,
> #debian-mentors on OFTC.
>
> [1] https://lists.debian.org/debian-mentors/ 
>
> I hope the above information helps to get you started.
> If not, please feel free to post to the mentors mailing list (I'm also
> active there.)
>
>> Johnny
> --
> tobi
>
>
>
>> On 09/01/2017 08:55 PM, Sebastian Andrzej Siewior wrote:
>>> I dropped Marek from Cc because the email delivery times out.
>>>
>>> On 2017-09-01 13:41:18 [+0200], Thomas Girard wrote:
 hello,
>>> Hi,
>>>
 I don't have much time for ACE packaging and I don't use it anymore. I 
 should probably remove myself from uploaders. 
>>> Okay.
>>>
 Are you willing to step in?
>>> no, not really but I would like to see it built against openssl1.1 :)
>>>
 Unless Pau has some time for it the package should be RFA'ed. I can find 
 time to sponsor an upload though.
>>> Okay, good to know.
>>> Johnny, are you interrested in packaging ACE?
>>>
 Regards,

 Thomas 
>>> Sebastian
>>>
>>> ___
>>> Pkg-ace-devel mailing list
>>> pkg-ace-de...@lists.alioth.debian.org
>>> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-ace-devel
>>>
>>
>>
>> ___
>> Pkg-ace-devel mailing list
>> pkg-ace-de...@lists.alioth.debian.org
>> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-ace-devel

Bug#874166: ITP: node-grunt-babel -- grunt plugin of babel

[Rahulkrishnan R A]

Package: wnpp
Severity: wishlist
Owner: Rahulkrishnan R A 
X-Debbugs-CC: debian-devel@lists.debian.org

* Package name: node-grunt-babel
  Version : 7.0.0
  Upstream Author : Sindre Sorhus  (sindresorhus.com
)
* URL : https://github.com/babel/grunt-babel#readme
* License : Expat
  Programming Lang: JavaScript
  Description : grunt plugin of babel

This package is the dependency of node-filesize module

I would like to  maintain this package for long term. I am a member of the
Debian
JavaScript maintainers team.

thoughts about freeradius package (especially dhcp)

[Kamil Jońca]

Some time ago I migrated my home dhcp server from isc to freeradius.
Almost everything worked like a charm.
The only thing were problems with arp table [1].

Then I ended with configuration:
radius binary have set cap bits[2]
radius is run from systemd as freerad user
(it is important that "User=freerad" should be in unit file, not only
radius config)
the only thing is '/var/run/freeradius/' directory creation.

Is it bad idea to make freeradius run as freerad user with capabilities
enabled?
KJ

[1] I even filled bug reports
https://bugzilla.kernel.org/show_bug.cgi?id=187791
[2] cap_net_admin=eip CAP_NET_RAW=eip CAP_NET_BIND_SERVICE=eip
-- 
http://wolnelektury.pl/wesprzyj/teraz/
Everyone is a genius.  It's just that some people are too stupid to realize it.

Re: thoughts about freeradius package (especially dhcp)

[Russ Allbery]

kjo...@poczta.onet.pl (Kamil Jońca) writes:

> Some time ago I migrated my home dhcp server from isc to freeradius.
> Almost everything worked like a charm.
> The only thing were problems with arp table [1].

> Then I ended with configuration:
> radius binary have set cap bits[2]
> radius is run from systemd as freerad user

Consider instead having systemd set the capabilties in the unit file using
AmbientCapabilities.  It ends up being roughly equivalent for the service,
but it means that processes that run the binary outside of the context of
systemd won't get the capabilities, which slightly decreases the chances
of some local privilege escalation attacks.

> (it is important that "User=freerad" should be in unit file, not only
> radius config)
> the only thing is '/var/run/freeradius/' directory creation.

> Is it bad idea to make freeradius run as freerad user with capabilities
> enabled?

I think this sort of change is an excellent idea, and would love to see
more of this type of hardening in Debian as default behavior.

-- 
Russ Allbery (r...@debian.org)   

Re: make dpkg-buildpackage default locale UTF-8

[殷啟聰 | Kai-Chung Yan]

+1 to setting UTF-8 as default.

Some Java packages that I worked with contain source files with symbols not 
recognized by compilers unless the encoding is set to UTF-8. Mostly these 
symbols are a copyright sign "©" apprearing in the license section, 
occasionally CJK letters in the author names. This change to dpkg should be 
able to solve the problem conveniently.

Hans-Christoph Steiner 於 2017/9/1 下午4:23 寫道:
> Package: dpkg-dev
>
> More and more packages are adding unicode files as unicode support has
> become more reliable and available.  The package building process is not
> guaranteed to happen in a unicode locale since the Debian default locale
> is LC_ALL=C, which is ASCII not UTF-8.  Reading UTF-8 filenames when the
> system is using ASCII causes errors (Python makes them very visible, for
> example).
>
> mbiebl, youpi, wRAR, bunk, and I had a discussion in #debian-devel.  It
> looks like setting the default locale to C.UTF-8 in dpkg-buildpackage is
> an easy way to improve this situation a lot.  Any package that needs an
> encoding besides UTF-8 could always set it by adding something like this
> to debian/rules:
>
>   export LC_ALL = C
>
> Setting C.UTF-8 as the global default in Debian would be the best
> solution to this and many other issues, but that's a much much larger
> project:
> https://sourceware.org/glibc/wiki/Proposals/C.UTF-8
>




signature.asc
Description: OpenPGP digital signature

Re: thoughts about freeradius package (especially dhcp)

[Kamil Jońca]

Russ Allbery  writes:

[...]
>
> Consider instead having systemd set the capabilties in the unit file using
> AmbientCapabilities.  It ends up being roughly equivalent for the service,

Hm. I tried to add
--8<---cut here---start->8---
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_RAW CAP_NET_BIND_SERVICE
--8<---cut here---end--->8---
and takes off capabilities from file but without success (ie. service
does not starts)
Shoudl I do something else?
KJ


-- 
http://wolnelektury.pl/wesprzyj/teraz/
... [concerning quotation marks] even if we *___did* quote anybody in this
business, it probably would be gibberish.
-- Thom McLeod

Re: thoughts about freeradius package (especially dhcp)

[Alec Leamas]

On 04/09/17 07:40, Kamil Jońca wrote:

> the only thing is '/var/run/freeradius/' directory creation.

If that's the problem(?), perhaps you should look into systemd's tmpfile 
mechanism.


--alec

Bug#874203: ITP: libapache2-mod-md -- ACME certificate support for apache2

[Ondřej Surý]

Package: wnpp
Severity: wishlist
Owner: =?utf-8?b?T25kxZllaiBTdXLDvQ==?= 

* Package name: libapache2-mod-md
  Version : 0.8.1
  Upstream Author : greenbytes GmbH
* URL : github.com/icing/mod_md
* License : Apache-2.0
  Programming Lang: C
  Description : ACME certificate support for apache2

 This is an apache2 module for obtaining and maintaining certificates
 issued by ACME-compatible Certificate Authority such as Let's Encrypt.