Bug#993434: ITP: golang-github-itchyny-go-flags -- A fork version of https://github.com/jessevdk/go-flags

[Anthony Fok]

Package: wnpp
Severity: wishlist
Owner: Anthony Fok 

* Package name: golang-github-itchyny-go-flags
  Version : 1.5.0-1
  Upstream Author : Jesse van den Kieboom; itchyny
* URL : https://github.com/itchyny/go-flags
* License : BSD-3-clause
  Programming Lang: Go
  Description : A fork version of https://github.com/jessevdk/go-flags

 go-flags is a Go library for parsing command line arguments.
 This is a fork version of github.com/jessevdk/go-flags
 .
 This library provides similar functionality to the builtin flag library
 of go, but provides much more functionality and nicer formatting. From
 the documentation:
 .
 Package flags provides an extensive command line option parser.  The flags
 package is similar in functionality to the go builtin flag package but
 provides more options and uses reflection to provide a convenient and
 succinct way of specifying command line options.

Reason for packaging:
 Prerequisite of golang-github-itchyny-gojq
 which in turn is prerequisite for gh (GitHub CLI)

Re: Bug#992692: general: Use https for {deb,security}.debian.org by default

[Helmut Grohne]

Control: tags -1 + moreinfo

On Sun, Aug 22, 2021 at 09:56:57PM +0900, Hideki Yamane wrote:
>  As we discussed on -devel(*), it seems that we can enable https for
>  {deb,security}.debian.org by default. With this bug report, I'll
>  collect related things and fix it.

I believe that the discussion has later identified that doing so would
break squid-deb-proxy-client and auto-apt-proxy. Given that the security
benefits are not strong (beyond embracing good habits), I think the
reasonable thing to do is keep preferring http.

Caching packages and transport level encryption are fundamentally
incompatible. Possibly it would make more sense to offer users a choice
between performance and privacy on installation?

Helmut

Processed: Re: Bug#992692: general: Use https for {deb,security}.debian.org by default

[Debian Bug Tracking System]

Processing control commands:

> tags -1 + moreinfo
Bug #992692 [general] general: Use https for {deb,security}.debian.org by 
default
Added tag(s) moreinfo.

-- 
992692: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992692
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Re: Bug#992692: general: Use https for {deb,security}.debian.org by default

[Ansgar]

On Wed, 2021-09-01 at 11:15 +0200, Helmut Grohne wrote:
> I believe that the discussion has later identified that doing so
> would
> break squid-deb-proxy-client and auto-apt-proxy. Given that the
> security
> benefits are not strong (beyond embracing good habits), I think the
> reasonable thing to do is keep preferring http.

That is an opt-in choice which likely only a small number of users use.
People wanting to use a caching proxy can just switch to http as part
of this choice; it doesn't seem a good reason to not use https by
default for all other users.

> Caching packages and transport level encryption are fundamentally
> incompatible.

No. You can explicitly configure apt to use a local caching mirror or
use a trusted TLS certificate for the mirror the proxy impersonates.


Ansgar

Bug#993436: ITP: golang-github-itchyny-timefmt-go -- Efficient time formatting library (strftime, strptime) for Go

[Anthony Fok]

Package: wnpp
Severity: wishlist
Owner: Anthony Fok 

* Package name: golang-github-itchyny-timefmt-go
  Version : 0.1.3-1
  Upstream Author : itchyny
* URL : https://github.com/itchyny/timefmt-go
* License : Expat
  Programming Lang: Go
  Description : Efficient time formatting library (strftime, strptime) for 
Go

 timefmt-go is a Go language package for formatting and parsing date time 
strings.

Reason for packaging:
 Prerequsite for gojq (also by itchyny) and its library,
 which is also a prerequisite for "gh" (GitHub CLI).

Bug#993437: ITP: gojq -- pure Go implementation of jq

[Anthony Fok]

Package: wnpp
Severity: wishlist
Owner: Anthony Fok 

* Package name: gojq
  Version : 0.12.4-1
  Upstream Author : itchyny
* URL : https://github.com/itchyny/gojq
* License : Expat
  Programming Lang: Go
  Description : pure Go implementation of jq

 gojq is an implementation of jq command written in Go language.
 You can also embed gojq as a library to your Go products.

Reason for packaging:
 Besides the interesting gojq tool itself,
 golang-github-itchyny-gojq-dev is a prerequisite for gh (GitHub CLI).

Re: Debian Reunion Hamburg 2021

[Dominik George]

Hi,

On Wed, Sep 01, 2021 at 12:04:13AM +, Holger Levsen wrote:
> Moin!
> 
> I'm glad to finally be able to send out this invitation for the "Debian 
> Reunion
> Hamburg 2021" taking place at the venue of the 2018 & 2019 MiniDebConfs!
> 
> The event will run from Monday, Sep 27 2021 until Friday Oct 1 2021, with
> Sunday, Sep 26 2021 as arrival day. IOW, Debian people meet again in Hamburg.
> The exact format is less defined and structured than previous years, probably
> we will just be hacking from Monday to Wednesday, have talks on Thursday and
> a nice day trip on Friday.

Great to hear that someone will take place in Hamburg again!

One question, is the collision with MiniDebCamp Regensburg
intended/accidental/duly noted, and will there be any exchange?

Cheers,
Nik


signature.asc
Description: PGP signature

Bug#993442: ITP: golang-github-charmbracelet-glamour -- stylesheet-based Markdown rendering for your CLI apps

[Anthony Fok]

Package: wnpp
Severity: wishlist
Owner: Anthony Fok 

* Package name: golang-github-charmbracelet-glamour
  Version : 0.3.0-1
  Upstream Author : Charmbracelet, Inc.
* URL : https://github.com/charmbracelet/glamour
* License : Expat
  Programming Lang: Go
  Description : stylesheet-based Markdown rendering for your CLI apps (Go 
library)

 glamour lets you render Markdown documents and templates on ANSI-compatible
 terminals.  You can create your own stylesheet or simply use one of the
 stylish defaults.

Reason for packaging:
 golang-github-charmbracelet-glamour-dev is a prerequisite of gh (GitHub CLI)

Re: Debian Med video conference tomorrow, Tuesday 2021-08-17 18:00 UTC

[Andreas Tille]

Hi,

this is the call for the next video conference of the Debian Med team
that are an established means to organise the tasks inside our team.
We do these conferences twice per month on every

   2th  and  17th

of a month.  Usually it takes us only 15-20min depending what we are
talking about and how many people are joining.  The next meeting is
tomorrow 18:00 UTC
   
 
https://www.timeanddate.com/worldclock/fixedtime.html?msg=Debian+CoViD-19+Biohackathon+Video+Conference&iso=20210902T18

The meeting is on the Debian Social channel

 https://jitsi.debian.social/DebianMedCovid19

These video meetings were started in the Debian Med Biohackathon.
The topic is what contributors have done in the past period and to
coordinate the work until the next meeting.

For those who are interested in hot topics we want to tackle, here
are some items:

  - Effort to package tensorflow and other ML software which is
used in several applications that are used to fight COVID-19.
The precondition bazel to package tensorflow was a direct
consequence of a Debian Med hackathon and it was even
acknowledged[1]

  - Package software that is used to fight COVID-19 which we are
listing in some spreadsheet[2].  It reaches from small tools
up to complex software packages.  There should be targets for
everybody who wants to join us.

  - General Debian Med issues not directly connected to COVID-19

  - Upgrading BioConductor and CRAN packages

  - Updating packages with failing watch files

Newcomers are always welcome.

Lets keep on the great work and see you tomorrow
 
   Andreas.

[1] https://blog.bazel.build/2021/03/04/bazel-debian-packaging.html
[2] 
https://docs.google.com/spreadsheets/d/1tApLhVqxRZ2VOuMH_aPUgFENQJfbLlB_PFH_Ah_q7hM/edit#gid=543782716

-- 
http://fam-tille.de

Bug#993448: ITP: cutefish-core -- Cutefish core system components and backend

[Arun Kumar Pariyar]

Package: wnpp
Severity: wishlist
Owner: Arun Kumar Pariyar 
X-Debbugs-Cc: debian-devel@lists.debian.org

* Package name : cutefish-core
Version : 0.4
Upstream Author : Reion Wong 
* URL : https://github.com/cutefishos/core
* License : GPL-3+
Programming Lang: C++
Description : Cutefish core system components and backend

Cutefish core system components and backend for Cutefish desktop 
environment.

.
This package is a part of the Cutefish DE.



OpenPGP_0x4B542AF704F74516.asc
Description: OpenPGP public key


OpenPGP_signature
Description: OpenPGP digital signature

Re: Bug#992692: general: Use https for {deb,security}.debian.org by default

[Russ Allbery]

Ansgar  writes:
> On Wed, 2021-09-01 at 11:15 +0200, Helmut Grohne wrote:

>> I believe that the discussion has later identified that doing so would
>> break squid-deb-proxy-client and auto-apt-proxy. Given that the
>> security benefits are not strong (beyond embracing good habits), I
>> think the reasonable thing to do is keep preferring http.

> That is an opt-in choice which likely only a small number of users use.
> People wanting to use a caching proxy can just switch to http as part of
> this choice; it doesn't seem a good reason to not use https by default
> for all other users.

Completely agreed.

>> Caching packages and transport level encryption are fundamentally
>> incompatible.

> No. You can explicitly configure apt to use a local caching mirror or
> use a trusted TLS certificate for the mirror the proxy impersonates.

Yes.  For example, the approach used by apt-cacher-ng works fine.
Explicitly opting in to a local cache seems desirable.

-- 
Russ Allbery (r...@debian.org)  

Re: Debian Reunion Hamburg 2021

[Holger Levsen]

On Wed, Sep 01, 2021 at 01:56:08PM +0200, Dominik George wrote:
> Great to hear that someone will take place in Hamburg again!

:)
 
> One question, is the collision with MiniDebCamp Regensburg
> intended/accidental/duly noted, 

iirc both dates were choosen independently and based on venue availability.
definitly not intended.

> and will there be any exchange?

I dont understand the question, can you explain?


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

The entire society has no clue what the word freedom means in the context of
relating to the world around them. It has degenerated into "my ego first". It
is why the entire planet is dying right now.


signature.asc
Description: PGP signature

Bug#993465: ITP: libxs-parse-keyword-perl -- XS functions to assist in parsing keyword syntax

[gregor herrmann]

Package: wnpp
Owner: gregor herrmann 
Severity: wishlist
X-Debbugs-CC: debian-devel@lists.debian.org, debian-p...@lists.debian.org

* Package name: libxs-parse-keyword-perl
  Version : 0.14
  Upstream Author : Paul Evans 
* URL : https://metacpan.org/release/XS-Parse-Keyword
* License : Artistic or GPL-1+
  Programming Lang: Perl
  Description : XS functions to assist in parsing keyword syntax

XS::Parse::Keywords provides some XS functions to assist in writing syntax
modules that provide new perl-visible syntax, primarily for authors of
keyword plugins using the PL_keyword_plugin hook mechanism. It is unlikely to
be of much use to anyone else; and highly unlikely to be any use when writing
perl code using these. Unless you are writing a keyword plugin using XS, this
module is not for you.

The package will be maintained under the umbrella of the Debian Perl Group.

--
Generated with the help of dpt-gen-itp(1) from pkg-perl-tools.


signature.asc
Description: Digital Signature

Bug#993479: ITP: go-control-plane -- Go implementation of data-plane-api

[srud]

Package: wnpp
Severity: wishlist
Owner: Sruthi Chandran 
X-Debbugs-CC: debian-devel@lists.debian.org

* Package name : go-control-plane
Version : 0.9.9
Upstream Author : Envoy Proxy - CNCF
* URL : https://github.com/envoyproxy/go-control-plan
* License : Apache-2.0
Description : Go implementation of data-plane-api (program)

This is a Go-based implementation of an API server
that implements the discovery service APIs defined in data-plane-api
(https://github.com/envoyproxy/data-plane-api). Due to the
variety of platforms out there, there is no single control plane
implementation that can satisfy everyone's needs. Hence this code
base does not attempt to be a full scale control plane for a fleet
of Envoy proxies. Instead, it provides infrastructure that is shared
by multiple different control plane implementations.

Re: Bug#992692: general: Use https for {deb,security}.debian.org by default

[Hideki Yamane]

Hi,

On Wed, 01 Sep 2021 07:46:07 -0700
Russ Allbery  wrote:
> >> I believe that the discussion has later identified that doing so would
> >> break squid-deb-proxy-client and auto-apt-proxy. Given that the
> >> security benefits are not strong (beyond embracing good habits), I
> >> think the reasonable thing to do is keep preferring http.
> 
> > That is an opt-in choice which likely only a small number of users use.
> > People wanting to use a caching proxy can just switch to http as part of
> > this choice; it doesn't seem a good reason to not use https by default
> > for all other users.
> 
> Completely agreed.

 Providing "default secure setting" is good message to users.


 Some users want proxy but they can configure their settings.
 So just change "default setting for {deb,security}.debian.org"
 is not so harmful, IMO. 

 - Users can choose other mirror than https://deb.debian.org
 - Caching .debs from security.debian.org is not so huge, I guess
   (maybe except linux-image).


-- 
Hideki Yamane 

Bug#993486: ITP: mirrorrib -- tool locally to mirror a Debian release, including backports

[Thaddeus H. Black]

Package: wnpp
Severity: wishlist
Owner: "Thaddeus H. Black" 
X-Debbugs-Cc: debian-devel@lists.debian.org

* Package name: mirrorrib
  Version : 0.14.4
  Upstream Author : Thaddeus H. Black 
* URL : https://www.derivations.org/mirrorrib/
* License : GPL-2
  Programming Lang: Shell (bash)
  Description : tool locally to mirror a Debian release, including backports

Debian releases a major revision of its operating system about every
two years and a minor revision approximately quarterly, but these
revisions exclude Debian backports.  Debian releases backports only on
a rolling basis like sid.

Mirrorrib is for Debian users who want an approximately quarterly,
stable revision of backports to accompany the approximately quarterly,
stable revision of the rest of the operating system -- with both
revisions dated as of the same date.

Mirrorrib reproducibly assembles a stable backports revision and
release to accompany a stable regular revision and release.  It
downloads the matched pair of releases with all their packages and
associated files, mirroring the pair together to your hard drive.
After running Mirrorrib and configuring /etc/apt/sources.list to
access the local repository Mirrorrib has assembled, one no longer
needs a live network connection to update or reinstall one's system to
Debian stable -- not even if the update or reinstallation requires
access to backports.

Mirrorrib's name stands for "MIRROR Release Including Backports."

I will maintain the package.  No sponsor is needed.  Because the
software is Debian-specific and is useful only to users of Debian, the
package is a Debian-native package.

Processed: closing 993488

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> reassign 993488 general
Bug #993488 [security-tracker] security-tracker: Revoked group permission on a 
user continue to take effect on all existing processes and sessions
Bug reassigned from package 'security-tracker' to 'general'.
Ignoring request to alter found versions of bug #993488 to the same values 
previously set
Ignoring request to alter fixed versions of bug #993488 to the same values 
previously set
> tags 993488 + wontfix
Bug #993488 [general] security-tracker: Revoked group permission on a user 
continue to take effect on all existing processes and sessions
Added tag(s) wontfix.
> close 993488
Bug #993488 [general] security-tracker: Revoked group permission on a user 
continue to take effect on all existing processes and sessions
Marked Bug as done
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
993488: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993488
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems