Re: new archive signing keys for Debian 13/trixie
Ansgar writes: > Hi, > > as usual we have prepared new archive signing keys. Can you share some more information about these keys? Some questions were asked in https://lists.debian.org/debian-devel/2024/02/msg9.html quoted here again for easy reference: 2) For each private key, information about its management and lifecycle. Relevant questions include: a) How was the key generated? By whom? On what hardware? What software? In what environment? What legal jurisdiction apply to people involved? b) How is the key stored and protected during its lifetime? What media is used? Who control the physical storage of the key? How are they stored and transported? What jurisdiction? c) Under what policy is the key used? What should it sign? Who authorize the signing? What hardware and software is used? What jurisdiction? d) For externally held keys, what are the legal terms we use the keys under? What insight into key transparency questions do we have? What of those can we make public? How do they restrict what we are allowed to do? /Simon > These keys will *NOT* be put into use immediately; they have been > generated now so that they can already be included in Debian 13/trixie > and in a future point release of Debian 12/bookworm. We will start > using this key once either of > > - the release of Debian 13/trixie > - the expiry of the old keys on 2031-01-19 > > happens or shortly after. > > The new keys are: > > pub rsa4096 2025-03-30 [SC] [expires: 2035-03-28] > 04B54C3CDCA79751B16BC6B5225629DF75B188BD > uid Debian Archive Automatic Signing Key (13/trixie) > > sub rsa4096 2025-03-30 [S] [expires: 2035-03-28] > B8E5F13176D2A7A75220028078DBA3BC47EF2265 > > pub rsa4096 2025-03-30 [SC] [expires: 2035-03-28] > 5E04A1E3223A19A20706E20F9904613D4CCE68C6 > uid Debian Security Archive Automatic Signing Key > (13/trixie) > sub rsa4096 2025-03-30 [S] [expires: 2035-03-28] > 89C87ACEA5DD6B8E6A7068808E9F831205B4BA95 > > Both keys are signed by two FTP masters and the current archive signing > keys for Debian 12/bookworm. > > The keys are already available from > > URL: https://ftp-master.debian.org/keys/archive-key-13.asc > SHA256: 6f1d277429dd7ffedcc6f8688a7ad9a458859b1139ffa026d1eeaadcbffb0da7 > > URL: https://ftp-master.debian.org/keys/archive-key-13-security.asc > SHA256: 844c07d242db37f283afab9d5531270a0550841e90f9f1a9c3bd599722b808b7 > > and can also be found below. > > Ansgar > > -BEGIN PGP PUBLIC KEY BLOCK- > > mQINBGfpPhUBEACnIlNQO4hEcoTe6/fkasYBgsIYoZvKfOemGKVAO+v+wQJ8X8DM > 4ffT3QrmO291LPwsmR+sGfMStf9Zbuv/reWsY8NCOTDt98RFQWG5OZw0g1TOdheM > nO43wfTJQNUyOAqKVArXrjvPKb472KEMQckvvccUoVupmcfom2Eofgqk6Z+aRfof > VvhT6BQlmE1hb5uGRibEqm0RbDtUeSgs39pSGF9gbfCw6ZjqxGJHcSJXKJCJu2Us > wddueSJWj6UfHfywPbIuXYx2Ypfb6RDx/kbkJCK+vNEl8FmD+6dl8hY4P+RfI/0i > KWPaWwg5J9ohWk5kjL65BOOQ4uRdq6TNeibOsS5DKlp0nozseaAUhDWsepY7k81/ > M9iLALV3cNExQasLkdGprSUjY1fKlpNnFZ/jfQT6eqR50dptA858d9+0iost2F40 > fGd5HWuA6GJWfIhMCEwcf9aiRYzmD67Wie6agxF1z/PK3VGGBdmbZzZTMGRBrt6a > yTEPLpbFUJvkLtf9vLcvkGS58OTFcnrqFCtEzQYCfYQvmdJaRHmOR6r7k2epBC6e > Q81h27TwhhfGvCuX7Hl/qYIHH37MMXZBonA7zICBI8b8EZOGdib2IjoLgm9Ez8Vq > 5rpTS28dMRDz5/MDHqSAy3PB33X3S+sTDc4K567FS79aMpng57Qg4plqEwARAQAB > iQJOBB8BCgA4FiEEBLVMPNynl1Gxa8a1IlYp33WxiL0FAmfpPhoXDIABgOl28UpQ > ikjpyj/pvDciUsoc+WQCBwAACgkQIlYp33WxiL3tYA//ZZc3kZnfHCXoUIYPPFcK > C4oA/HFKn3HnRiN+KLbcP1naJ3X+0TFLw70r8yDo4+2zGlu+vCbEhSVdO2Gfxdnc > MpiOWcPwSiKk/x1yCipnPAMJN1OAo2oEjDvhTF76mgOIJKtDnSu12CLKkSf2az53 > r06T1GHaJV1Nm0rWTWhgVbk8Ir561gAn6nz89qdCUF7PALFq2L/55yt1E1YL7wtZ > cbto3SBH5di9OUJGCTrEIPnxf0DZSny5LJXs6lKEIMnvkQrcitD/Lw/1BT3wLzeZ > mH5Cpr9EM9WyxJxbZFJeAWfgwv8JcSqpwlphV2wnfOFBKt88vbJDPAaTSUo2z2mA > f/Ps9V/VsgU4hN9cGcBCTl+SaZHQyf9Hm54DSmr9L/KMAk9/7tzrYdde2F9L8yb7 > DQ0aw6CBn4IjpG4fDEIJQQisBFluTB7Od0lA1CAuoMYjmonUvES3RucM8Yeote9b > jf6KTbfcmkuIyrfLdUsz7sALuvdNsiCLq30zOBhKq9svkm5oNSSaTJ2J4ILOEthC > ZMT9sJ039tFZxvaBEQS8W8gW6y8eQWSVlixj65PJ2ck9jABEmRwG2YW9UKSFRtRe > WF0WpY3Ijj6fcDJIHpThZ6Sz4HUvGr7jvcs8qFFZxEb111xbwbQsGVBecP3s8Tcn > zVO2S+E/JbrS7xTyUY9xmGSJAk4EHwEKADgWIQQEtUw83KeXUbFrxrUiVinfdbGI > vQUCZ+k+GhcMgAH7+r21QbXclVvZum7bFs9bsSUlxAIHAAAKCRAiVinfdbGIvYTF > D/9zy9LyYJ4+zQ6ycKffsGXGLKNkAp8L7KS9eZAS+CcvRAZQQHwEFGaFeuRUNSA5 > Z4tATh4IY9w8ySwGHeDE+Jat68YZ+mV7loig0RROew2WYkr5xSzj+0MIzmS5++ng > Zf6S++5VwJAEmuG3aAlwiL2BJuk/wn4fqoeGXLM6gOaCnCJO8TC5lmJPhJPwj6E4 > gcE7MS7BfYRKd5emOlI7m2FytuQ7eo48IzSlkODZJfuv8rnKA/TTNQa2U9Nrl70U > ChR+5QYeAOuxJ1kw00RYOmCMAR346f7/esfYeMyM5ItG74xmYGLjj4PStAbHZsOx > o8H82KG0pjadVBpmZAQgI9lN2QWO7kbRz55TV5nZFZaP8fJgYl3BerVuvHamowrS > pSz5mVyBpb9JJmOJ2pUwSi2wQWvp5yT+LMh2Q2Uhm/3Fk+q5lRIxDNfPukzgem6W > KxfEfMDjDjDKwjeL61JlLJrnllmylcrt/cEvsyzdbkpDjTVfsKtUIk8K2+aY6cqb > dLnezBgVONuGGdunRvVXSKiUTngnBSKcyGsSlJtH3TxicEBsTnFAplGA5D7GPVPF > 7XEEYpBifKkJz4UDH6cy1qCJBtOUd9Dsxi2hQxfzOHj41m4lB61yin5rTnJjujQw > Wfh8bGz6Yatv/K7Aejdj/DbHEDf+8ixcYfNxAQ1WpynrqIk
Re: Brief progress report on the Gatway to NEW project.
On 05/04/25 9:29 pm, Charles Plessy wrote: > Hi all, > > I just want to update you with a few words about the Gateway to NEW > project. (https://salsa.debian.org/newgateway-team) > > Our goal is to have an infrastructure and tools to host pre-upload > peer-review of the debian/copyright file of source packages before they > are sent to the NEW queue, in the hope of making them perfect and reduce > the rejection rate, thus accelerating the processing. > > At the moment there are rudimentary Salsa CI pipelines that aim at > providing a web-browsable view of the package contents that are relevant > for copyright checks (https://salsa.debian.org/newgateway-team), and > another repository hosting a checklist and hosting the reviews in its > issue tracker > (https://salsa.debian.org/newgateway-team/reviews/-/blob/main/.gitlab/issue_templates/Default.md). > > We explored two possible workflows, one where one issue contains all the > review, and one with one issue per review. The first one, simpler, is > gaining traction, but we are only three, so, the door is surely not > closed for other ways of operating in the future. > > I would be delighted if more people would join, as much on the review > side as on the pipeline development side. There is a lot to do, but we > can change Debian together! Do you plan to integrate this into the existing salsa-ci-team/pipeline? Best, Nilesh
Bug#1102201: ITP: lomiri-account-polld -- Poll daemon for notifications through the Lomiri Push Client
Package: wnpp Severity: wishlist Owner: Mike Gabriel X-Debbugs-Cc: debian-devel@lists.debian.org * Package name: lomiri-account-polld Version : 0.4 Upstream Contact: Guido Berhörster * URL : https://gitlab.com/ubports/development/core/lomiri-account-polld * License : GPL-3, Apache-2.0, Expat Programming Lang: C++ Description : Poll daemon for notifications through the Lomiri Push Client This component polls remote services for updates and communicates with the postal service provided by the Lomiri push client to expose notifications for webapps for the aforementioned services. . This package will be maintained by the Debian UBports Packaging Team.
Bug#1102210: ITP: python-django-fsm-2 -- Django friendly finite state machine support
Package: wnpp Severity: wishlist Owner: Jakob Haufe X-Debbugs-Cc: debian-devel@lists.debian.org, debian-pyt...@lists.debian.org * Package name: python-django-fsm-2 Version : 4.0.0 Upstream Contact: https://github.com/django-commons/django-dsm-2/discussions * URL : https://github.com/django-commons/django-fsm-2 * License : MIT Programming Lang: Python Description : Django friendly finite state machine support django-fsm-2 adds declarative states management for django models. Instead of adding some state field to a django model, and managing its values by hand, you could use FSMState field and mark model methods with the transition decorator. Your method could contain the side-effects of the state change. django-fsm-2 is a continuation of django-fsm. -- ceterum censeo microsoftem esse delendam. pgph6D1ROEAAS.pgp Description: OpenPGP digital signature
Re: Brief progress report on the Gatway to NEW project.
Le Sat, Apr 05, 2025 at 06:45:09PM +0200, Andrea Pappacoda a écrit : I'm sorry, but I don't understand. Why should I do copyright reviews in the Gateway to NEW team, instead of joining the NEW team itself? Hi Andrea, the FTP Team does not accept applications at the moment. Indeed I sent one recently and received no answer. Every time a package is rejected from NEW, it has to be reviewed once again, which mechanically slows down the queue. Thus I aim that pre-upload peer review will accelerate the processing. Also I hope that peer-review will evolve in a process so efficient and trusted, that at some point it will become a matter of course to completely switch to that way to screen new packages, and that the waiting time will become just a couple of days maximum in most cases. Have a nice day, Charles -- Charles Plessy Nagahama, Yomitan, Okinawa, Japan Debian Med packaging team http://www.debian.org/devel/debian-med Tooting from work, https://fediscience.org/@charles_plessy Tooting from home, https://framapiaf.org/@charles_plessy
Bug#1102200: ITP: lomiri-push-service -- Lomiri Push Notifications client and server
Package: wnpp Severity: wishlist Owner: Mike Gabriel X-Debbugs-Cc: debian-devel@lists.debian.org * Package name: lomiri-push-service Version : 0.100.0 Upstream Contact: Guido Berhörster * URL : https://gitlab.com/ubports/development/core/lomiri-push-service * License : GPL-3, BSD-3-clause Programming Lang: Go Description : Lomiri Push Notifications client and server Protocol, client, and server code for Lomiri Push Notifications. . The package comes with a Lomiri Push Notifications client-side daemon and a Lomiri Push Notifications server (for being hosted on the internet). . This package will be maintained by the Debian UBports Packaging Team.
Bug#1102239: ITP: ssh-proxy-ice-gsocket -- ssh proxy using ice and gsocket for traversing CGNAT
Package: wnpp Severity: wishlist Owner: "Ying-Chun Liu (PaulLiu)" X-Debbugs-Cc: debian-devel@lists.debian.org * Package name : ssh-proxy-ice-gsocket Version : 0.1 Upstream Contact: "Ying-Chun Liu (PaulLiu)" * URL : https://gitlab.com/grandpaul/ssh-proxy-ice-gsocket * License : MPL-1.1 Programming Lang: C Description : ssh proxy using ice and gsocket for traversing CGNAT This project aims to develop an SSH proxy that leverages the ICE protocol (RFC 8445) for data transmission. By employing Ice's communication capabilities, this proxy facilitates the establishment of secure SSH connections, enabling clients to access SSH servers effectively even when traversing Network Address Translation (NAT) boundaries. This approach offers a robust solution for scenarios where direct SSH access is hindered by NAT restrictions.
Re: new archive signing keys for Debian 13/trixie
On 06/04/2025 22:04, Simon Josefsson wrote: Ansgar writes: Hi, as usual we have prepared new archive signing keys. Can you share some more information about these keys? Some questions were asked in https://lists.debian.org/debian-devel/2024/02/msg9.html quoted here again for easy reference: These are good questions. I'd like to add a less serious one: e) Is there a reason they are still RSA? Are there blockers to adopt ECC keys, e.g. Ed25519? Thanks. -- Sdrager, Blair Noctis OpenPGP_signature.asc Description: OpenPGP digital signature
Re: new archive signing keys for Debian 13/trixie
Hi, On 4/6/25 4:04 PM, Simon Josefsson wrote: Some questions were asked in https://lists.debian.org/debian-devel/2024/02/msg9.html quoted here again for easy reference: 2) For each private key, information about its management and lifecycle. Relevant questions include: a) How was the key generated? By whom? On what hardware? What software? In what environment? What legal jurisdiction apply to people involved? b) How is the key stored and protected during its lifetime? What media is used? Who control the physical storage of the key? How are they stored and transported? What jurisdiction? c) Under what policy is the key used? What should it sign? Who authorize the signing? What hardware and software is used? What jurisdiction? d) For externally held keys, what are the legal terms we use the keys under? What insight into key transparency questions do we have? What of those can we make public? How do they restrict what we are allowed to do? I understand that people would like transparency here. I am currently working on a key inventory. However I do not think that the time is right to put this all out into the open. The crucial parts are okay to share: The online keys are hardware-backed. In general it should not be surprising to observers that Debian is currently subject to the software export regime of the United States of America and thus our archive is living there. If we want a key usage transparency log, I think that's fine - but that'd require an actual proposal, with code integrated into dak. Or optimally more generically in a way where we could also reuse it for other signatures like the ones generated for images. Kind regards Philipp Kern
Bug#1102274: ITP: ocaml-decimal -- arbitrary-precision floating-point decimal library
Package: wnpp Severity: wishlist Owner: Stéphane Glondu X-Debbugs-Cc: debian-devel@lists.debian.org, debian-ocaml-ma...@lists.debian.org * Package name: ocaml-decimal Version : 1.0.2 Upstream Contact: Yawar Amin * URL : https://github.com/yawaramin/ocaml-decimal * License : PSF-2.0 Programming Lang: OCaml Description : arbitrary-precision floating-point decimal library Arbitrary-precision floating-point decimal library ported from the Python decimal module. This package will be maintained in the OCaml team.
Bug#1102272: ITP: obs-noise -- Plugin for OBS Studio to generate fractal noises
Package: wnpp Severity: wishlist Owner: Joao Eriberto Mota Filho X-Debbugs-Cc: debian-devel@lists.debian.org, FiniteSingularity * Package name: obs-noise Version : 1.0.0 Upstream Contact: FiniteSingularity * URL : https://obsproject.com/forum/resources/noise.1916/ * License : GPL-2 Programming Lang: C Description : Plugin for OBS Studio to generate fractal noises The Noise Plugin for OBS provides fractal noise sources and displacement filters for generating real-time special effects. . Overview: - The plugin provides a source for generating dynamic and user tunable fractal noise textures. - There are five different base noise types including block noise, linear value noise, smoothstep value noise, Open Simplex noise and Worley/Voronoi noise. - The plugin allows the user to tune dozens of parameters to create countless different effects and textures. - The noise can either be static or animated. - The plugin also provides plenty of presets that can then be tuned to dial in exactly the visual effect you are aiming for.
Bug#1102267: ITP: golf -- Programming language and application server for building web services and back-end solutions on Linux.
Package: wnpp Severity: wishlist Owner: Golf Team X-Debbugs-Cc: debian-devel@lists.debian.org, t...@golf-lang.com * Package name: golf Version : 370 Upstream Contact: Golf Team * URL : https://golf-lang.com/ * License : Apache 2 Programming Lang: Written in C Description : Programming language and application server for building web services and back-end solutions on Linux. - Please read more about Golf at https://golf-lang.com/about-golf.html It's mean to save time and effort to write high-performance web services and standalone programs (including learning curve). Hello World: https://golf-lang.blogspot.com/2024/09/hello-world-in-golf_17.html Hello World as a Service: https://golf-lang.blogspot.com/2024/09/hello-world-as-service_60.html Hello World as a Web Service: https://golf-lang.blogspot.com/2024/09/web-service-hello-world_10.html Example #1: https://golf-lang.blogspot.com/2024/12/web-file-manager-in-less-than-100-lines_35.html Example #2: https://golf-lang.blogspot.com/2024/11/multi-tenant-saas-notes-web-application_43.html More examples, see Articles section on https://golf-lang.com - Maintainance and packaging does not need additional help. Sponsor is needed.
Re: Brief progress report on the Gatway to NEW project.
Hello Charles, On Sun 06 Apr 2025 at 12:59am +09, Charles Plessy wrote: > At the moment there are rudimentary Salsa CI pipelines that aim at > providing a web-browsable view of the package contents that are relevant > for copyright checks (https://salsa.debian.org/newgateway-team), and > another repository hosting a checklist and hosting the reviews in its > issue tracker > (https://salsa.debian.org/newgateway-team/reviews/-/blob/main/.gitlab/issue_templates/Default.md). Thanks for working on this. Would you be able to provide me a link to an example of this web-browseable view? I might be able to provide some feedback. Thanks! -- Sean Whitton signature.asc Description: PGP signature
Bug#1102257: ITP: pytest-unordered -- Test equality of unordered collections in pytest
Package: wnpp Severity: wishlist Owner: Edward Betts X-Debbugs-Cc: debian-devel@lists.debian.org, debian-pyt...@lists.debian.org * Package name: pytest-unordered Version : 0.6.1 Upstream Author : Ivan Zaikin * URL : https://github.com/utapyngo/pytest-unordered * License : MIT Programming Lang: Python Description : Test equality of unordered collections in pytest This library provides a utility to assert the equality of collections while ignoring the order of elements, a requirement often encountered when dealing with unordered datasets. Utilizing this library simplifies the process of verifying that collections contain equivalent items without necessitating a concern for order, which is especially useful in testing frameworks where external data sources might return data in non-guaranteed sequences. By incorporating functionality to operate within complex nested data structures, it enhances test writing by allowing precise order checking control, thereby minimizing boilerplate code and increasing readability. The ability to specifically designate unordered assertions within larger structured datasets provides a granular approach to type and element equivalence verification. I plan to maintain this package as part of the Python team.
