Re: Static analyzer / linter for debian/rules?

2024-01-10 Thread Peter B 

On 10/01/2024 07:20, Otto Kekäläinen wrote:

Hi!

Is anybody aware if there is some kind of static analyzer for the
`debian/rules` file?


Not being aware of such a tool, I usually run 'debuild -S'
Much faster than a full build.

Bug#1060382: ITP: rust-xkbcommon-dl -- Dynamically loaded xkbcommon and xkbcommon-x11 Rust bindings

2024-01-10 Thread James McCoy 
Package: wnpp
Severity: wishlist
Owner: James McCoy 
X-Debbugs-Cc: debian-devel@lists.debian.org

* Package name: rust-xkbcommon-dl
  Version : 0.4.1
  Upstream Contact: Kirill Chibisov 
* URL : https://github.com/rust-windowing/xkbcommon-dl
* License : MIT
  Programming Lang: Rust
  Description : Dynamically loaded xkbcommon and xkbcommon-x11 Rust bindings

This is a dependency for the new version of rust-winit and will be
maintained in the pkg-rust repo.

Debian Med sprint February 16.-18. 2024 in Berlin (in person meeting)

2024-01-10 Thread Andreas Tille 
Hi,

the Debian Med team will held its yearly in person meeting from Friday,
February 16 (evening) until Sunday, February 18 (evening) in Berlin.
For more detailed information please visit the Wiki page[1] and if you
like to join our small meeting with bug squashing (may be Python 3.12
bug fixing etc.) you are perfectly welcome to add your name to the list
of attendees.

Looking forward to see you all

 Andreas.

[1] https://wiki.debian.org/Sprints/2023/DebianMed2024

-- 
http://fam-tille.de

Bug#1060401: ITP: python-scooby -- A lightweight tool for easily reporting your Python environment's package versions and hardware resources

2024-01-10 Thread Francesco Ballarin 
Package: wnpp
Severity: wishlist
Owner: Francesco Ballarin 
X-Debbugs-Cc: debian-devel@lists.debian.org, francesco.balla...@unicatt.it

* Package name: python-scooby
  Version : 0.9.2
  Upstream Contact: Bane Sullivan 
* URL : https://github.com/banesullivan/scooby
* License : MIT
  Programming Lang: Python
  Description : A lightweight tool for easily reporting your Python 
environment's package versions and hardware resources

This package is a dependency of pyvista, see bug #1001105
The package will be maintained at 
https://salsa.debian.org/python-team/packages/python-scooby
in collaboration with my sponsor Drew Parsons and the Debian Python Team

Re: HFS/HFS+ are insecure

2024-01-10 Thread Michael Biebl 

On Sun, 27 Aug 2023 02:34:04 +0200 Marco d'Itri  wrote:

So I propose this content for a file like
/usr/lib/udev/rules.d/75-insecure-fs.rules:



While we could ship such a udev rule for udisks, I don't think it will 
properly solve the issue. The device will still show up in nautilus, 
plasma etc and mounting is just an additional click away.


The UI would have to updated to present some kind of information to the 
user, that mounting the FS is potentially unsafe and asking the users 
for extra confirmation.


This would need more design work though and buy in from the desktop 
environments like say GNOME or KDE.


Tagging such FSes via udev rules seems like a reasonable idea though.


OpenPGP_signature.asc
Description: OpenPGP digital signature

Re: HFS/HFS+ are insecure

2024-01-10 Thread Marco d'Itri 
On Jan 10, Michael Biebl  wrote:

> While we could ship such a udev rule for udisks, I don't think it will
> properly solve the issue. The device will still show up in nautilus, plasma
> etc and mounting is just an additional click away.
The threat model here is: somebody connects a crafted USB stick to 
a computer with a locked screen.

Also, the listed file systems are not used or not used anymore on 
removable devices.
Certainly not on removable devices used by regular users.

-- 
ciao,
Marco


signature.asc
Description: PGP signature

Re: HFS/HFS+ are insecure

2024-01-10 Thread rhys 
I think the idea that HFS+ is not used on removable device is a bit of a 
fallacy.  I, myself, use this frequently on removable hard drives when moving 
large data sets back and forth from my Mac.  The Mac doesn't easily read ext 
filesystems, but Linux can read HFS, and the various Microsoft filesystems lose 
too much metadata.

--J

> On Jan 10, 2024, at 12:39, Marco d'Itri  wrote:
> 
> On Jan 10, Michael Biebl  wrote:
> 
>> While we could ship such a udev rule for udisks, I don't think it will
>> properly solve the issue. The device will still show up in nautilus, plasma
>> etc and mounting is just an additional click away.
> The threat model here is: somebody connects a crafted USB stick to 
> a computer with a locked screen.
> 
> Also, the listed file systems are not used or not used anymore on 
> removable devices.
> Certainly not on removable devices used by regular users.
> 
> -- 
> ciao,
> Marco

Bug#1060430: ITP: python-django-test-migrations -- Testing database migrations for Django

2024-01-10 Thread Jérémy Lal 
Package: wnpp
Severity: wishlist
Owner: Jérémy Lal 
X-Debbugs-Cc: debian-devel@lists.debian.org, Debian Python Team 


* Package name: python-django-test-migrations
  Version : 1.3.0
  Upstream Contact: Nikita Sobolev 
* URL : https://github.com/wemake-services/django-test-migrations
* License : Expat
  Programming Lang: Python
  Description : Testing database migrations for Django

 This framework allows one to test migrations with respect to:
  * schema and data
  * forward and rollback
  * order, names
  * database configuration
 It also features fully typed annotations.
 .
 Django is a high-level Python web development framework.

This package will be maintained in python team.

It is a test dependency of awx.
It seems to be a nice piece for testing in Django, and is alive.