Re: Recreating history of a package

[Timo Weingärtner]

Hallo,

16.02.19 21:24 Ben Hutchings:
> On Sat, 2019-02-16 at 14:17 +0100, Guillem Jover wrote:
> > On Sat, 2019-02-16 at 12:22:04 +, peter green wrote:
> > > 2. Snapshot.debian.org is only offered over plain insecure http. For
> > >recent versions the packages can be verified against the
> > >Packages/Sources files which can in turn be verified with gpg but
> > >older versions are more problematic to verify as the relevant
> > >packages/sources files are only signed with 1024 bit keys or not
> > >signed at all. This is made worse by the fact that
> > >snapshot.debian.org has an API to obtain the first snapshot a
> > >package is available in but not any API to find the last snapshot
> > >it was available in.
> > 
> > http://snapshot.debian.org/ is now offered over https too. Its front-page
> > even documents its usage as such. :)
> 
> And it has HSTS, which is nice, but it is missing the redirection
> that's needed to make that work completely.

I guess global HTTP redirects might break older apt setups without apt-
transport-https installed.

For browsers it should be enough to add the redirects for the HTML pages.


Grüße
Timo

signature.asc
Description: This is a digitally signed message part.

Bug#922518: ITP: libdata-methodproxy-perl -- module to inject dynamic data into static data

[gregor herrmann]

Package: wnpp
Owner: gregor herrmann 
Severity: wishlist
X-Debbugs-CC: debian-devel@lists.debian.org, debian-p...@lists.debian.org

* Package name: libdata-methodproxy-perl
  Version : 0.03
  Upstream Author : Aran Clary Deltac 
* URL : https://metacpan.org/release/Data-MethodProxy
* License : Artistic or GPL-1+
  Programming Lang: Perl
  Description : module to inject dynamic data into static data

A method proxy as provided by the Data::MethodProxy module is an array ref
describing a class method to call and the arguments to pass to it. The first
value of the array ref is the scalar $proxy, followed by a package name, then
a subroutine name which must callable in the package, and a list of any
subroutine arguments.

 [ '$proxy', 'Foo::Bar', 'baz', 123, 4 ]

The above is saying, do this:

 Foo::Bar->baz( 123, 4 );

The package will be maintained under the umbrella of the Debian Perl Group.

--
Generated with the help of dpt-gen-itp(1) from pkg-perl-tools.


signature.asc
Description: Digital Signature

Re: Bug#922353: ITP: socket-activate -- Run a socket-activated daemon with minimal dependencies

[Peter Pentchev]

On Sat, Feb 16, 2019 at 03:32:46PM +0100, Guillem Jover wrote:
> Hi!
> 
> On Fri, 2019-02-15 at 10:46:43 -0500, Daniel Kahn Gillmor wrote:
> > Control: clone 922353 -2
> > Control: reassign -2 dpkg
> > Control: retitle -2 start-stop-daemon should support socket-activation via 
> > the sd_listen_fds(3) convention
> > Control: severity -2 wishlist
> 
> Thanks.
> 
> > On Fri 2019-02-15 04:34:47 +0100, Guillem Jover wrote:
> > > Another option would be to implement this in start-stop-daemon, like
> > > the similar support for the systemd readiness protocol was recently
> > > implemented there too.
> > 
> > Thanks for the suggestion!  How widely-distributed is start-stop-daemon
> > outside of debian?  I see it's been ported to OpenBSD; are they
> > syncing from upstream?
> 
> . For the BSDs to use
> this more seriously the code would probably need to be split into its
> own project, so that it does not pollute their licensing. Its current
> "license" might also need to be clarified (PD), and "relicensed" into
> MIT or similar.
> 
> This is something I've actually pondered doing anyway, so this might
> be a good excuse, I guess.
> 
> > The code i have is just python3 right now (simple argument parsing made
> > development much quicker), but it's not too terrible to do it in C.
> 
> Yes, and it should be pretty generic and portable.
> 
> > I'm opening this as a wishlist issue for dpkg just so we don't lose
> > track of it, since it might take me some cycles to get the C
> > implementation in shape.  If anyone else wants to beat me to it, i
> > certainly wouldn't complain :)
> 
> I'll probably look into it once I've gone over some of the immediate
> stuff I have on my plate, if there's been no patch submitted by then.
> :)

Here you go :)

https://gitlab.com/dkg/socket-activate/merge_requests/1#note_142084524

G'luck,
Peter

-- 
Peter Pentchev  roam@{ringlet.net,debian.org,FreeBSD.org} p...@storpool.com
PGP key:http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint 2EE7 A7A5 17FC 124C F115  C354 651E EFB0 2527 DF13


signature.asc
Description: PGP signature

Bug#922522: ITP: waylandpp -- wayland compositor infrastructure - C++ development files

[Balint Reczey]

Package: wnpp
Owner: Balint Reczey 
Severity: wishlist
X-Debbugs-CC: debian-devel@lists.debian.org

* Package name: waylandpp
  Version : 0.2.4
  Upstream Author : Nils Brause
* URL : https://github.com/NilsBrause/waylandpp
* License : GPL-3+
  Programming Lang: C++
  Description : wayland compositor infrastructure - C++ development files

Wayland is a protocol for a compositor to talk to its clients as well
as a C library implementation of that protocol. The compositor can be
a standalone display server running on Linux kernel modesetting and
evdev input devices, an X application, or a wayland client
itself. The clients can be traditional applications, X servers
(rootless or fullscreen) or other display servers.

This package ships the C++ bindings for the development libraries.

--
Generated with the help of dpt-gen-itp(1) from pkg-perl-tools.

The package is a build dependency of Kodi 18 for enabling Wayland support.

I'd be happy to maintain the package under Debian X Strike Force's
umbrella if the team accepts that.

Bug#922528: ITP: golang-github-arduino-go-timeutils -- Functions to handle timezones in golang

[Rock Storm]

Package: wnpp
Severity: wishlist
Owner: Rock Storm 

* Package name: golang-github-arduino-go-timeutils
  Version : 0.0~git20171220.d1dd9e3-1
  Upstream Author : Arduino
* URL : https://github.com/arduino/go-timeutils
* License : GPL-2.0
  Programming Lang: Go
  Description : Functions to handle timezones in golang

The package 'arduino-builder' [1] has been split into several smaller
Go libraries like this one. I intend to maintain this package within
the umbrella of the Go team.

[1]: https://salsa.debian.org/electronics-team/arduino/arduino-builder

Regards,

-- 
Rock Storm
GPG KeyID: 4096R/C96832FD
GPG Fingerprint:
 C304 34B3 632C 464C 2FAF  C741 0439 CF52 C968 32FD


signature.asc
Description: PGP signature

Re: Use of the Build-Conflicts field

[Tollef Fog Heen]

]] Andrey Rahmatullin 

> If "support" means "allow in the archive" then I think for we support only
[…]
> If "support" means "guarantee that a package will be able to build" then I
[…]
> If "support" means "guarantee that a package will be able to build and

I don't think guarantees are particularly interesting here; we generally
don't guarantee anything.

I think maybe «support» means «are we going to summarily close your bug
that you're doing something we don't think is reasonable to
do?». Basically something not entirely unlike your option number three,
but without the guarantee part.  That's an essential point of the
reproducible builds effort: if you build the same sources, you should
end up with the same binary.  A question is how far does that goal
stretch?

-- 
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are

Re: Use of the Build-Conflicts field

[Sean Whitton]

Hello,

On Fri 15 Feb 2019 at 08:59PM -0700, Sean Whitton wrote:

> Use of the Build-Conflicts field is currently mostly optional, but Ian
> Jackson and I have been working on text for Debian Policy that would
> require its use in certain cases.  See #824495 for the discussion.
>
> There are two cases which we think that everyone would agree that there
> is a bug, but we are not sure that the bug would be considered to be RC.
> We are posting to -devel to see if, in fact, we do have a consensus that
> these bugs would be RC, or not.

Thank you all for the feedback.

It seems that that is not a consensus that the two cases are RC.

-- 
Sean Whitton


signature.asc
Description: PGP signature

Re: Recreating history of a package

[Luke Faraone]

On Sun, 17 Feb 2019 at 12:59, Timo Weingärtner  wrote:
> 16.02.19 21:24 Ben Hutchings:
> > On Sat, 2019-02-16 at 14:17 +0100, Guillem Jover wrote:
> > > http://snapshot.debian.org/ is now offered over https too. Its front-page
> > > even documents its usage as such. :)
> > And it has HSTS, which is nice, but it is missing the redirection
> > that's needed to make that work completely.
>
> I guess global HTTP redirects might break older apt setups without apt-
> transport-https installed.
>
> For browsers it should be enough to add the redirects for the HTML pages.

Feel free to redirect this to an appropriate list, but perhaps
redirecting non-`apt` user agents is worthwhile? E.g. something like
the solution detailed[1] for nginx. (I'm sure there's something easier
for Apache). Happy to send a patch if that'd be appreciated :)


[1]: https://serverfault.com/a/825725/880

-- 
Luke Faraone;; Debian & Ubuntu Developer; Sugar Labs; MIT SIPB
lfaraone on irc.[freenode,oftc].net -- https://luke.wf/ohhello
PGP fprint: 8C82 3DED 10AA 8041 639E  1210 5ACE 8D6E 0C14 A470