Bug#1068354: ITP: python-github-webhook -- microframework for writing GitHub webhooks in Python

Package: wnpp Severity: wishlist Owner: Kunal Mehta X-Debbugs-Cc: debian-devel@lists.debian.org, lego...@debian.org * Package name: python-github-webhook Version : 1.0.4 Upstream Contact: Alex Chamberlain * URL : https://github.com/bloomberg/python-github-webhook * Li

Re: Upstream dist tarball transparency (was Re: Validating tarballs against git repositories)

Hi Guillem, On Wed, 3 Apr 2024 19:36:33 +0200, Guillem wrote: > On Fri, 2024-03-29 at 23:29:01 -0700, Russ Allbery wrote: > > On 2024-03-29 22:41, Guillem Jover wrote: > > I think with my upstream hat on I'd rather ship a clear manifest (checked > > into Git) that tells distributions which files i

Re: Debian openssh option review: considering splitting out GSS-API key exchange

On Wed, Apr 03, 2024 at 04:01:34PM -0400, Michael Stone wrote: > To speed things up for those who really want it, perhaps make > openssh-client/server dependency-only packages on > openssh-client/server-nogss? People can choose the less-compatible version > for this release if they want to, and the

Re: Debian openssh option review: considering splitting out GSS-API key exchange

On Tue, Apr 02, 2024 at 01:30:10AM +0100, Colin Watson wrote: * add dependency-only packages called something like openssh-client-gsskex and openssh-server-gsskex, depending on their non-gsskex alternatives * add NEWS.Debian entry saying that people need to install these packages

Upstream dist tarball transparency (was Re: Validating tarballs against git repositories)

Hi! On Fri, 2024-03-29 at 23:29:01 -0700, Russ Allbery wrote: > On 2024-03-29 22:41, Guillem Jover wrote: > > (For dpkg at least I'm pondering whether to play with switching to > > doing something equivalent to «git archive» though, but see above, or > > maybe generate two tarballs, a plain «git a

Re: Debian openssh option review: considering splitting out GSS-API key exchange

On Wed, Apr 03, 2024 at 04:38:19PM +0200, Marc Haber wrote: > On Wed, 03 Apr 2024 14:10:37 +0100, "Jonathan Dowland" > wrote: > >For you and fellow greybeards, perhaps: I'd be surprised if many people > >younger than us have even heard of tcp wrappers. I don't think the > >muscle memory of a dimin

Re: Debian openssh option review: considering splitting out GSS-API key exchange

On Wed, 03 Apr 2024 14:10:37 +0100, "Jonathan Dowland" wrote: >On Tue Apr 2, 2024 at 12:30 PM BST, Marc Haber wrote: >> Please don't drop the mechanism that saved my¹ unstable installations >> from being vulnerable to the current xz-based attack. Just having to >> dump an ALL: ALL into /etc/hosts.

Re: Debian openssh option review: considering splitting out GSS-API key exchange

On Tue Apr 2, 2024 at 12:30 PM BST, Marc Haber wrote: > Please don't drop the mechanism that saved my¹ unstable installations > from being vulnerable to the current xz-based attack. Just having to > dump an ALL: ALL into /etc/hosts.deny is vastly easier than having to > maintain a packet filter. F

Bug#1068317: ITP: python-pyzstd -- Facebook's Zstandard (or zstd as short name) algorithm for Python

Package: wnpp Severity: wishlist Owner: YOKOTA Hiroshi X-Debbugs-Cc: debian-devel@lists.debian.org, yokota.h...@gmail.com * Package name: python-pyzstd Version : 0.15.10 Upstream Contact: Rogdham * URL : https://github.com/Rogdham/pyzstd * License : BSD-3-Clau

Bug#1068315: ITP: python-pyppmd -- PPM(Prediction by partial matching) compression algorithm for Python

Package: wnpp Severity: wishlist Owner: YOKOTA Hiroshi X-Debbugs-Cc: debian-devel@lists.debian.org, yokota.h...@gmail.com * Package name: python-pyppmd Version : 1.1.0 Upstream Contact: Hiroshi Miura * URL : https://codeberg.org/miurahr/pyppmd * License : LGPL

Bug#1068314: ITP: python-inflate64 -- Enhanced Deflate compression algorithm for Python

Package: wnpp Severity: wishlist Owner: YOKOTA Hiroshi X-Debbugs-Cc: debian-devel@lists.debian.org, yokota.h...@gmail.com * Package name: python-inflate64 Version : 1.0.0 Upstream Contact: Hiroshi Miura * URL : https://codeberg.org/miurahr/inflate64 * License

Bug#1068313: ITP: python-brotlicffi -- Python CFFI bindings for the reference Brotli encoder/decoder

Package: wnpp Severity: wishlist Owner: YOKOTA Hiroshi X-Debbugs-Cc: debian-devel@lists.debian.org, yokota.h...@gmail.com * Package name: python-brotlicffi Version : 1.1.0.0 Upstream Contact: Seth Michael Larson * URL : https://github.com/python-hyper/brotlicffi * Lic

Bug#1068309: ITP: python-bcj -- BCJ(Branch-Call-Jump) filter for python

Package: wnpp Severity: wishlist Owner: YOKOTA Hiroshi X-Debbugs-Cc: debian-devel@lists.debian.org, yokota.h...@gmail.com * Package name: python-bcj Version : 1.0.2 Upstream Contact: Hiroshi Miura * URL : https://codeberg.org/miurahr/pybcj * License : LGPL-2.1-

Bug#1068305: ITP: python-multivolumefile -- multiple files-wrapping library for Python

Package: wnpp Severity: wishlist Owner: YOKOTA Hiroshi X-Debbugs-Cc: debian-devel@lists.debian.org, yokota.h...@gmail.com * Package name: python-multivolumefile Version : 0.2.3 Upstream Contact: Hiroshi Miura * URL : https://codeberg.org/miurahr/multivolume * License

Re: xz backdoor

On Fri, Mar 29, 2024 at 09:09:45PM +0100, Sirius wrote: > This is quite actively discussed on Fedora lists. > https://www.openwall.com/lists/oss-security/2024/ > https://www.openwall.com/lists/oss-security/2024/03/29/4 > > Worth taking a look if action need to be taken on Debian. FWIW, just uploa