Bug#1013339: ITP: rust-oxiri -- validation and relative resolution of IRIs

[Jonas Smedegaard]

Package: wnpp
Severity: wishlist
Owner: Jonas Smedegaard 
X-Debbugs-Cc: debian-devel@lists.debian.org

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

* Package name: rust-oxiri
  Version : 0.2.2
  Upstream Author : Tpt  
* URL : https://github.com/oxigraph/oxiri
* License : Apache-2.0 or Expat
  Programming Lang: Rust
  Description : validation and relative resolution of IRIs

 OxIRI is a simple and fast implementation of IRIs
 based on RFC 3987 .
 .
 It allows zero stack allocation IRI validation and resolution.

This package is needed by oxigraph (Bug#996504) and atomic-data-rust
(Bug#996464).
It will be maintained in the collaborative Debian section at Salsa:
.

 - Jonas

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAmKyze0ACgkQLHwxRsGg
ASHNYRAAnwURelcHFFJnx7G/uNJvxafX/iDp5g7Um6F2bkf+MEaUU2EEdxqhT6nT
7LHlXNiOuMZrc3jTW72v+gB9/rUCXWiduX7Dlo+odyNmrOVGgCYgUnkbsJHJ+Sqe
sNzLMxOh4TLMbQM/g4khJhsJ7DRHqjnq027Ql6RCybq7Cujl8O76Kr6LyVFQcJ4K
y7zC0Kq7gHjaDPA2M20SMejjJqSTVrr+7DUXK/e1KDtVqx63drxF36YmxoHaHgmC
nnBcTMpjvEG8477Qgpdm61oIcZTuih3GQ1v45ZG4Q4PDofk4K56tRsewQeLOy/cF
J8HqLGVK/E3OKYaSrvOgUIP9Xh6qzFIjR7Jw2nw5wlRU0HviidIX+t/9cT8mRlZ9
+tVxkQN4cxeRfas5GI6PUChJnUMMNGN1YZaIMUUV2jaOXOX7TVaSOppYIDhSHRjc
qSdVmJ4Q+wYtZ17I1mSzGPKfgdnCrqgxulcDyy8kaB4Jkby/0p+ZbZ56RfIlD450
m/6ieCr/xlOxviztZlKxz/CdtTa2nqQWcFX+3RVFfiq4pCdlSb9/EfY9m8hWxu7F
JIxreOg+4Hs5mK1JhhCopv30jt6hweDXmYdiPm9gdl7RVSeP0f7cyOVfq8IknMJ2
/UzxDDbJCbeKuS4OyUcV562mOizKdtBttWO720H8cwaxNzMvCHc=
=XFyu
-END PGP SIGNATURE-

Bug#1013345: ITP: west -- Description: meta tool for Zephyr RTOS

[Zygmunt Krynicki]

Package: wnpp
Severity: wishlist
Owner: Zygmunt Krynicki 
X-Debbugs-Cc: debian-devel@lists.debian.org, m...@zygoon.pl

* Package name: west
  Version : 0.13.1
  Upstream Author : Marti Bolivar 
* URL : https://github.com/zephyrproject-rtos/west
* License : Apache-2.0
  Programming Lang: Python
  Description : meta tool for Zephyr RTOS

West lets you manage multiple Git repositories under a single directory
using a single file, called the west manifest file, or manifest for
short.  By default the manifest file is named west.yml. You use "west
init" to set up this directory, then "west update"to fetch and/or update
the repositories named in the manifest.

West is relevant to the Zephyr community. Having a proper Debian package
would simplify initial setup and avoid some of the "install everything
from pip" workflows that are harder to control.

I would like to team-maintain the package inside the Python apps or
modules team, as appropriate. The package has few dependencies and
should be relatively hassle-free.

I need a sponsor to review and upload the package.

Bug#1013346: ITP: rust-criterion -- statistics-driven micro-benchmarking

[Jonas Smedegaard]

Package: wnpp
Severity: wishlist
Owner: Jonas Smedegaard 
X-Debbugs-Cc: debian-devel@lists.debian.org

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

* Package name: rust-criterion
  Version : 0.3.5
  Upstream Author : Jorge Aparicio 
* URL : https://github.com/bheisler/criterion.rs
* License : Apache-2.0 or Expat
  Programming Lang: Rust
  Description : statistics-driven micro-benchmarking

 Criterion.rs helps you write fast Rust code
 by detecting and measuring performance improvements or regressions,
 even small ones, quickly and accurately.
 You can optimize with confidence,
 knowing how each change affects the performance of your code.

This package is needed for testsuites of rust-rustls (and likely
numerous other packages currently patching those tests away).
It will be maintained in the Debian section of Salsa, here:
.

 - Jonas

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAmKy+HQACgkQLHwxRsGg
ASGd7xAAifJq/38ROyz87VT86p0lrZs/r0msriK20ANHTGYy5zvIOI3wLsITqvuw
czOcqdZEN2TrY5lOp45wCuGPAEsrr/cj3uXZrzJ7mB//TL6oMuTw79PQUOljOPcC
5cFXF7ITaJq9Qhd4urFwMjF17sQ5PlzUkWZmURCr8zLYt0Bojn1YBaQ/7R1p/wsz
B1aPqAK4Kn3rtDFdXRjGx9sRummMgMf1LDm6tO9VF+3mfoireZqQmswr3oOFQz9i
A1VzztjSpngcnWBnXjF6ddg8vQfDEyj4oN9whmPdlEeWH+Dt6x1q0nYuxNQp6wuO
Yil58voc9VZ16r8jB4NCnJUOaL0mVNkeBcLncOf9Bc5JwK3CHSf+Nh6vqUZPtJxG
nvJ6Iy6XmUKlx9cjTPF+iwNZ5Qgc2wNWfB2ENmcSSK9EJRVSa0gQrubRMlE5Kgt3
7Tg5Lr9lLTES+lEi8ab3a46wzYk6vuYWb6bja1+naBI9VnfAHRl6efyUzrbO4R/c
KsD+GfnHmRPHHiLwPFpMDIxwO5GMf+FyOk08Gn5AA8jEv+9CioRZG8jj47h6u8Zp
fQSJuNPMpYllblBvOgmtqjS7wThoBf3Cms6YzC9aJbpv1PwrQPD/MVKMUKZaEO+v
08/8XzPuM/W8RYG9Y3q4xJ5zaQcpTtwxwroJnmS//wMt0vCPBz0=
=lsJe
-END PGP SIGNATURE-

Re: Bug#1013132: ITP: BabaSSL -- BabaSSL is a base library for modern cryptography and communication security protocols.

[Lance Lin]

Hello Aron,

Thank you for your email.

> AFAIK this library is forked from OpenSSL with some extensive
> modifications to support new crypto technologies, do you think we need
> to involve the Security Team to review whether this package can be
> supported during the next stable release cycle?
> Also this project has a planned rename, and I'm a bit concerned this
> could cause some maintenance burden if the rename is not well
> coordinated at the time we accept it into Debian.

I think any reviews and oversight are a good thing. In making this ITP, I 
figured it would cause discussion as it's a "drop-in" replacement for OpenSSL 
and the libraries have the same name. I wasn't sure if this was directly 
permitted so the ITP is a good place to have the discussion.

The rename would help the name conflict issue, but you're also right about 
maintenance/path forward becoming more difficult. I welcome your input or 
guidance on how to proceed.

Lance Lin 
GPG Fingerprint:  8CAD 1250 8EE0 3A41 7223  03EC 7096 F91E D75D 028F

signature.asc
Description: OpenPGP digital signature

Re: Bug#1013132: ITP: BabaSSL -- BabaSSL is a base library for modern cryptography and communication security protocols.

[Andrey Rahmatullin]

On Wed, Jun 22, 2022 at 02:21:43PM +, Lance Lin wrote:
> > AFAIK this library is forked from OpenSSL with some extensive
> > modifications to support new crypto technologies, do you think we need
> > to involve the Security Team to review whether this package can be
> > supported during the next stable release cycle?
> > Also this project has a planned rename, and I'm a bit concerned this
> > could cause some maintenance burden if the rename is not well
> > coordinated at the time we accept it into Debian.
> 
> I think any reviews and oversight are a good thing. In making this ITP,
> I figured it would cause discussion as it's a "drop-in" replacement for
> OpenSSL and the libraries have the same name. I wasn't sure if this was
> directly permitted so the ITP is a good place to have the discussion.
Have you already designed how will this be packaged to work as a drop-in
replacement for libssl3? I see quite a lot of problems with that,
both Policy ones and technical ones.


-- 
WBR, wRAR


signature.asc
Description: PGP signature

Re: Bug#1013132: ITP: BabaSSL -- BabaSSL is a base library for modern cryptography and communication security protocols.

[Lance Lin]

Hello Marco,

> What is the plan? Are there any current or new packages which will
> depend on it?

Yes, from my understanding it is a "drop in" replacement for OpenSSL. One of my 
packages (Workflow) uses it but can also use OpenSSL. 


I think this package will be beneficial to the Workflow users and downstream 
OS's.

Lance Lin 
GPG Fingerprint:  8CAD 1250 8EE0 3A41 7223  03EC 7096 F91E D75D 028F

signature.asc
Description: OpenPGP digital signature

Bug#1013352: ITP: rust-oxhttp -- very simple implementation of HTTP 1.1

[Jonas Smedegaard]

Package: wnpp
Severity: wishlist
Owner: Jonas Smedegaard 
X-Debbugs-Cc: debian-devel@lists.debian.org

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

* Package name: rust-oxhttp
  Version : 0.1.4
  Upstream Author : Tpt 
* URL : https://github.com/oxigraph/oxhttp
* License : Apache-2.0 or Expat
  Programming Lang: Rust
  Description : very simple implementation of HTTP 1.1

 OxHTTP is a very simple synchronous implementation
 of HTTP 1.1 in Rust.
 It provides both a client and a server.

This package is needed by oxigraph (Bug#996504) and atomic-data-rust
(Bug#996464).

It will be maintained in the collaborative Debian section at Salsa:
.

 - Jonas

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAmKzMEQACgkQLHwxRsGg
ASFlGxAAn1QTKniNqNmB7BlKNc4v7ZWBo29dCstVudyDMW4novUpNzbdJXYTBO58
LygfZO0hcvxDWCO0ccc2M5Qm8xcNnjjj0vPyvWtO66DifJxxydqr4dCpIEj59y1x
M5eX8EJOQXv9OMAeYYR7scie12MnQFAEE6DTFmTZ3F8qtzrBw2999he4SBMy8qRQ
0sq43FodvL4RPpKSEcJO436JgyGTgiDcng6jdW4HEy0DIXIuYmUygp1ZULISH9K1
z9K9yv6DHHBKMPFeVTm3xFnNzNuHJu4gWlsynrWSQMELyFrKt6Jfk7D6k9tLBwOd
vw5VxdtGKCorgAAUlKkx6oH+Owwxhsk8ZcRzA5vGCIzmkdLB5P+7s3kXDtRZaUZo
msl//+czE7tTihyP7DMuB+v6csd1RJ26TjDq1rSMEZ2wdsSPjrzNPfDt5sqdAgrl
RsedpfAkD1yM0toVBOpN8fd9u4AJHycWxWDyoELryd/2iIS2xwR4gvseLDyhu5Hs
JM36EKTa0kURWWwHRiqlRLVtttXyI6euk1HskZMd5+3XNeEWysCLr3FJNoSVhfvK
LOOWyhVXPpur3z4ZADIzzXSe6Q5IETf1ULhXqsXXPH8wCo3T2Y4xCl4w5gf8oceB
T2wQ3jB8wvLcuhR88/Lso/BSoOUzv03zld2MzTJn3J6q10QVBZE=
=HBAF
-END PGP SIGNATURE-

Bug#1013354: ITP: rust-oxilangtag -- language tag normalization and validation

[Jonas Smedegaard]

Package: wnpp
Severity: wishlist
Owner: Jonas Smedegaard 
X-Debbugs-Cc: debian-devel@lists.debian.org

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

* Package name: rust-oxilangtag
  Version : 0.1.3
  Upstream Author : Pyfisch Tpt 
* URL : https://github.com/oxigraph/oxilangtag
* License : Expat
  Programming Lang: Rust
  Description : language tag normalization and validation

 OxiLangTag is a Rust library
 allowing to validate and normalize language tags
 following RFC 5646 (BCP 47).
 .
 It is a fork of "language-tags" focusing on RDF use cases.
 You might find the "language-tags" crate more convenient.
 .
 Resource Description Framework (RDF)
 is a standard model for data interchange on the Web.

This package is needed by oxigraph (Bug#996504) and atomic-data-rust
(Bug#996464).

It will be maintained in the collaborative Debian section at Salsa:
.

 - Jonas

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAmKzOIAACgkQLHwxRsGg
ASEt1g/+OLpKT68AZoQiua4qCfqI/6a7EgU4ma7+riS0KhY9/QhHSw3o6wFAZif/
SiJpgQvZB6sgl01Q3AHyzurxflXT9606OfYPIpuVPncDzwln2gcZVBy2HPya+nGy
3/Q1QcjHJ8ezTRb2YwEVmAov8RgCHoWDhurW0LybqRpWS1oqBghb7tcCxN2jUqem
d9Sgg0lR4V6XWZ0h/7o7c+cHLKqfs73kZYuPNVr1DVLnPnJZkyNfgW3dKXQ7yqx9
ygs5lgm3hHJOS8D8LExYhUkjQfFqfXkOPghpe8vzCuF/efgdbn0aV2yQ89lz6SEw
3HqWtriW8Bi7qjzb0gVC/mTj+LhCpHrSX3P8/ExT8LYn51DqrFTc97FC2aDqAwgX
ITcFNNI6R7RAOMw/3bgA9hoSaRkhLzn3sGZiLdmeKJjRsOFxkYPrQ1NE1PVPaxgs
t6tOBcqBBkWZRNDSWPqb20VRprFpD0NZZNGhIKB2li6SlcYnZxl0NjGILhsYVnDL
JiE0xTyXGOHMBPzpAm8Rcr3whJF6WJhXfU1XXeKlZftimbOCuFo0kj9ir6FzLXMj
Gv8yaerVYtI2v8xTRT1hxKOPJIGwNi6wHYE2nK6BrdSv1NHLQ+Nx+Z+dwN9za6xt
/Eqg4RG2eKHRVWviPFeREMYKJ1EPrDmOWUyeiyMGOQWkjWMjdpU=
=0KhR
-END PGP SIGNATURE-

Bug#1013357: ITP: rust-nom-bibtex -- BibTeX parser using nom

[Jonas Smedegaard]

Package: wnpp
Severity: wishlist
Owner: Jonas Smedegaard 
X-Debbugs-Cc: debian-devel@lists.debian.org

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

* Package name: rust-nom-bibtex
  Version : 0.3.0
  Upstream Author : Charles Vandevoorde 
* URL : https://github.com/charlesvdv/nom-bibtex
* License : Expat
  Programming Lang: Rust
  Description : BibTeX parser using nom

 nom-bibtex is a feature complete *BibTeX* parser using nom.
 It can parse the four differents types of entries
 listed in the BibTeX format description:
  * Preambles which allows to call *LaTeX* command inside your *BibTeX*.
  * Strings which defines abbreviations in a key-value format.
  * Comments.
  * Bibliography entries.

This package is needed by zola (bug#976052).
It will be maintained in the Debian section of Salsa, here:
.

 - Jonas

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAmKzTRYACgkQLHwxRsGg
ASFS3g/+NPoL99pdIz1lkldvL+/s/EUl1CG4DJxjqnIw9aIITVAhG5bIauZg2VO3
PS9q5LBi5oKbBK4SZRFT3O64J88ftO3sX+4uSrzlgleAb3sF+WXjAmtlsQtuHEGH
wlpTkM+TEhs8qgtchh4LgsbJjgdzJUB+fYFmxRG8yAp2BC1fNA26kLXgkketDt1n
dau5KQ5sjIYoGgewnF4ZbcX3Bphum9wLDNEmf1/jkiwAM9qHtq0jBWwPnckMoLdB
5LtW9WugH6K6+FZR995QuZmRmJ7uiF3YMP9M2GRGzJuVI8HqAECDFvwLZGTkk/Fa
1DthGSCt92LZhiZRo+0u1t4OBf0+fniO8ZARbB2Tyz5p8Y8LoM76c8r9cM1L+716
1lPrL+kbDz3AzlE1AXpuJUaa61d0agziFwmky5D9+YRh1S4n27YbnRJ32XWkNA4m
wxrUu3g1FzRKyVmo606TYYOnEIl8IiMouibD4XEarLXumGShP+mzGpruxIDfuNYt
gRCx+w+SJf5WUXEClp/PEs55qq6faFnJrE/ViL/TXH7XadCuzJ2HGmMKlGbnm1Eg
lCfYHNJlwxK9PAnFYT414bTrnq+FXzIi47IH2Wniuo/2XIp7ctzhZ5BSV2e0C53+
acos8wVT+xhGXcM90WlEwYaBXRgwBLG7qfv1eyOIr4iEHEhYIko=
=842g
-END PGP SIGNATURE-

Re: Bug#1013357: ITP: rust-nom-bibtex -- BibTeX parser using nom

[Nilesh Patra]

On 6/22/22 10:40 PM, Jonas Smedegaard wrote:

* Package name: rust-nom-bibtex
   Version : 0.3.0
   Upstream Author : Charles Vandevoorde 
* URL : https://github.com/charlesvdv/nom-bibtex
* License : Expat
   Programming Lang: Rust
   Description : BibTeX parser using nom

  nom-bibtex is a feature complete *BibTeX* parser using nom.
  It can parse the four differents types of entries
  listed in the BibTeX format description:
   * Preambles which allows to call *LaTeX* command inside your *BibTeX*.
   * Strings which defines abbreviations in a key-value format.
   * Comments.
   * Bibliography entries.

This package is needed by zola (bug#976052).
It will be maintained in the Debian section of Salsa, here:
.



Thanks for your work, Jonas. I was just curious to know if there is a reason
that you are not maintaining it in the rust-team itself (given that there is a 
team)?
BTW, I am not (actively) a part of the team, myself - I might package 
$something rust in near future and
hence the question.

--
Best,
Nilesh
 






OpenPGP_signature
Description: OpenPGP digital signature

Bug#1013357: ITP: rust-nom-bibtex -- BibTeX parser using nom

[Jonas Smedegaard]

Quoting Nilesh Patra (2022-06-22 19:21:15)
> On 6/22/22 10:40 PM, Jonas Smedegaard wrote:
> > This package is needed by zola (bug#976052).
> > It will be maintained in the Debian section of Salsa, here:
> > .
> 
> 
> Thanks for your work, Jonas. I was just curious to know if there is a reason
> that you are not maintaining it in the rust-team itself (given that there is 
> a team)?
> BTW, I am not (actively) a part of the team, myself - I might package 
> $something rust in near future and
> hence the question.

The Rust team require all their packages be maintained in one giant git.
I disagree with that approach and am far more comfortable with
maintaining packages as one git per upstream project - as I do with the
other 500+ packages I maintain (which includes packages I maintain in
the Haskell team which has a similar approach but only by default: They
are open to some packages being maintained differently).

They also don't use Debbugs - but hopefully that's a thing of the past:
Recently at least one team member actively responds to bugs I file (but
there are still RC bugs hanging for *years* with zero response from the
team).

Oh, and their odd packaging style also means you may upset them if you
do a source-full NMU, seemingly because they need the source tarball to
fit exactly their custom setup (i.e. *not* a Github release but what is
distributed at crates.io).

If you decide to maintain Rust packages outside of the Rust team as
well, then I would be happy to form another team if that might be
interesting.  Otherwise you might want to consider reusing my fork of
dh-cargo which I adapted to behave more like general debhelper snippets,
less hardcoding of how the Rust team does packaging.

...Or if my whining here didn't scare you, then join the Rust team! :-)

Thanks for asking,

 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

signature.asc
Description: signature

Re: Bug#1013132: ITP: BabaSSL -- BabaSSL is a base library for modern cryptography and communication security protocols.

[Moritz Mühlenhoff]

Am Wed, Jun 22, 2022 at 02:28:36PM + schrieb Lance Lin:
> Hello Marco,
> 
> > What is the plan? Are there any current or new packages which will
> > depend on it?
> 
> Yes, from my understanding it is a "drop in" replacement for OpenSSL. One of 
> my packages (Workflow) uses it but can also use OpenSSL. 

Then make it use OpenSSL. If there's anything exciting in BabaSSL, they
should submit it for inclusion in OpenSSL. We should aim for fewer
crypto libraries in our stable releases, not more.

Or if the goal is rather to experiment and expose BabaSSL to the many archs
we have in Debian, then keep it in unstable only by filing a bug to block
it from testing.

Cheers,
Moritz

Re: Bug#1013132: ITP: BabaSSL -- BabaSSL is a base library for modern cryptography and communication security protocols.

[Paul Gevers]

Hi,

On 22-06-2022 20:04, Moritz Mühlenhoff wrote:

Or if the goal is rather to experiment and expose BabaSSL to the many archs
we have in Debian, then keep it in unstable only by filing a bug to block
it from testing.


Or better: experimental, to avoid packages starting to (build-)depend on it.

Paul


OpenPGP_signature
Description: OpenPGP digital signature

Bug#1013361: ITP: ruptime -- poor man's ruptime

[Gürkan Myczko]

Package: wnpp
Severity: wishlist
Owner: Gürkan Myczko 
X-Debbugs-Cc: debian-devel@lists.debian.org

* Package name: ruptime
  Version : 1.0
  Upstream Authors: 2022 Alex Myczko
  URL : https://github.com/alexmyczko/ruptime
* License : “Commons Clause” License Condition v1.0
  Description : poor man's ruptime
 Re-implementation of the old r-software from 1982. Its main
advantage over original ruptime is encrypted traffic and
multinetwork ruptime.

* the package is intended to non-free due to licensing
* it'll provide ruptime and ruptimed binary packages (where ruptimed 
source was not released yet)