Bug#1029942: ITP: python-lua -- library for using Lua scripts from Python

Package: wnpp Severity: wishlist Owner: Bas Wijnen X-Debbugs-Cc: debian-devel@lists.debian.org, wij...@debian.org * Package name: python-lua Version : 0.4 Upstream Contact: Bas Wijnen * URL : https://github.com/wijnen/python-lua * License : AGPL3

Re: Bug#1010013: ITP: python-websocketd -- Python module for creating a http server which uses WebSockets

Hi, On Fri, Apr 22, 2022 at 05:56:08PM +0200, Andrej Shadura wrote: > I don’t want to discourage you from packaging this, but unless I’m mistaken, > this will be at least the third Websocket client package for Python, and at > least the third Websocket server in Python  Yes, I'm not surprised.

Bug#1010013: ITP: python-websocketd -- Python module for creating a http server which uses WebSockets

Package: wnpp Severity: wishlist Owner: Bas Wijnen X-Debbugs-Cc: debian-devel@lists.debian.org, wij...@debian.org * Package name: python-websocketd Version : 0.2 Upstream Author : Bas Wijnen * URL : https://github.com/wijnen/python-websocketd * License

Bug#1010012: ITP: python-network -- Python module for easy networking

Package: wnpp Severity: wishlist Owner: Bas Wijnen X-Debbugs-Cc: debian-devel@lists.debian.org, wij...@debian.org * Package name: python-network Version : 0.2 Upstream Author : Bas Wijnen * URL : https://github.com/wijnen/python-network * License : AGPL3

Bug#1010010: ITP: python-fhs -- Python module for using the FHS and XDG basedir paths.

Package: wnpp Severity: wishlist Owner: Bas Wijnen X-Debbugs-Cc: debian-devel@lists.debian.org, wij...@debian.org * Package name: python-fhs Version : 1.0 Upstream Author : Bas Wijnen * URL : https://github.com/wijnen/python-fhs * License : AGPL3

Accepted openmsx-catapult 0.15.0-2 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sat, 28 Sep 2019 09:48:05 +0200 Source: openmsx-catapult Architecture: source Version: 0.15.0-2 Distribution: unstable Urgency: medium Maintainer: Bas Wijnen Changed-By: Bas Wijnen Closes: 933477 Changes: openmsx-catapult

Bug#930723: ITP: arduino-sanguino -- atmega644 files for use with Arduino

Package: wnpp Severity: wishlist Owner: 3-D printer team <3dprinter-gene...@alioth-lists.debian.net> * Package name: arduino-sanguino Version : 1.0.0 Upstream Author : Kristian Sloth Lauszus * URL : http://lauszus.github.io/Sanguino/ * License : GPL-3+

Accepted openmsx-catapult 0.15.0-1 (source amd64) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 03 Jan 2019 10:26:00 +0100 Source: openmsx-catapult Binary: openmsx-catapult Architecture: source amd64 Version: 0.15.0-1 Distribution: unstable Urgency: medium Maintainer: Bas Wijnen Changed-By: Bas Wijnen Description

Accepted openmsx 0.15.0-2 (source amd64 all) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 20 Dec 2018 19:29:58 +0100 Source: openmsx Binary: openmsx openmsx-data dmktools Architecture: source amd64 all Version: 0.15.0-2 Distribution: unstable Urgency: medium Maintainer: Bas Wijnen Changed-By: Bas Wijnen

Accepted openmsx 0.15.0-1 (source amd64 all) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 20 Dec 2018 14:07:49 +0100 Source: openmsx Binary: openmsx openmsx-data dmktools Architecture: source amd64 all Version: 0.15.0-1 Distribution: unstable Urgency: medium Maintainer: Bas Wijnen Changed-By: Bas Wijnen

Accepted openmsx 0.14.0-2 (source amd64 all) into unstable, unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 04 Feb 2018 18:03:29 +0100 Source: openmsx Binary: openmsx openmsx-data dmktools Architecture: source amd64 all Version: 0.14.0-2 Distribution: unstable Urgency: medium Maintainer: Bas Wijnen <wij...@debian.org> C

Re: Why do we list individual copyright holders?

On Mon, Jan 01, 2018 at 07:43:06PM +0100, Vincent Bernat wrote: > ❦ 1 janvier 2018 17:47 +0100, Jonas Smedegaard  : > > >> I have very little time for Debian. Each time I update a package, I have > >> to bump Standards-Version and fix new Lintian warnings. I would > >>

Re: salsa.debian.org (git.debian.org replacement) going into beta

On Fri, Dec 29, 2017 at 10:43:58PM +0100, Alexander Wirt wrote: > On Fri, 29 Dec 2017, Philipp Kern wrote: > > Put a mapping into a git repository that DDs can push to? Make sure that > > it is fast-forwarded always? Then let people deal with it? > I am currently working on such a mapping. I

Re: ISO download difficult (was: Debian Stretch new user report (vs Linux Mint))

On Fri, Dec 29, 2017 at 07:18:57PM +0100, Adam Borowski wrote: > On Fri, Dec 29, 2017 at 05:57:21PM +, Dr. Bas Wijnen wrote: > > So we need to decide what we want. I think there probably is consensus > > about: > > > > - We want people with non-free hardware to

Re: ISO download difficult (was: Debian Stretch new user report (vs Linux Mint))

On Thu, Dec 28, 2017 at 10:13:52AM +0500, Andrey Rahmatullin wrote: > On Wed, Dec 27, 2017 at 11:00:38PM +0100, Toni Mueller wrote: > > they will most likely simply not understand the point, and what makes > > free hardware so much better. > > > massively encourage users to use non-free hardware

Re: Whether remotely running software is considered "software" for Debian.

On Thu, Aug 31, 2017 at 11:16:36AM +0200, Ansgar Burchardt wrote: > python-digitalocean, ruby-azure*, waagent, twittering-mode, > probably HBCI clients, python3-googleapi, > python3-pyicloud, python-yowsup, youtube-dl, > libgfbgraph-0.2-dev Thank you for this list. I removed servers that cannot

Re: Whether remotely running software is considered "software" for Debian.

On Mon, Aug 28, 2017 at 09:15:01AM -0400, The Wanderer wrote: > On 2017-08-28 at 07:59, Dr. Bas Wijnen wrote: > > I think if someone wants to write a client with the purpose of > > interacting with a non-free service, that client should go in contrib > > and there is nothin

Re: Whether remotely running software is considered "software" for Debian.

Thanks Philipp, unlike the mail I responded to a few minutes ago, yours is constructive and I'm happy to continue discussing this with you. On Mon, Aug 28, 2017 at 12:31:15PM +0200, Philipp Kern wrote: > On 08/27/2017 12:20 PM, Dr. Bas Wijnen wrote: > > On Sat, Aug 19, 2017 at 06:21:2

Re: Whether remotely running software is considered "software" for Debian.

I'm getting tired of this. You keep avoiding my questions and changing the subject. Unless you start answering my questions, I'm going to stop responding. On Mon, Aug 28, 2017 at 02:21:01PM +0500, Andrey Rahmatullin wrote: > On Mon, Aug 28, 2017 at 08:55:43AM +, Dr. Bas Wijnen wr

Re: Whether remotely running software is considered "software" for Debian.

On Mon, Aug 28, 2017 at 12:29:07PM +0500, Andrey Rahmatullin wrote: > On Mon, Aug 28, 2017 at 06:58:50AM +, Dr. Bas Wijnen wrote: > > Are you saying that a Debian system where only main is enabled is unsafe? > [...] > > If that is correct, it is a huge problem that that is

Re: Whether remotely running software is considered "software" for Debian.

On Sun, Aug 27, 2017 at 04:00:54PM +0500, Andrey Rahmatullin wrote: > On Sun, Aug 27, 2017 at 10:20:27AM +, Dr. Bas Wijnen wrote: > > Let me put it differently then: for me, one of the major benefits of Debian > > over (most of) our derivatives is that I can set the sys

Re: Whether remotely running software is considered "software" for Debian.

On Sat, Aug 19, 2017 at 06:21:23PM +0200, Philipp Kern wrote: > On 08/18/2017 10:36 AM, Dr. Bas Wijnen wrote: > > Consider the following: unrar-nonfree contains some software which is > > non-free > > and can therefore not be in main. The reason we don't put it in main is

Re: Whether remotely running software is considered "software" for Debian.

On Tue, Aug 15, 2017 at 08:46:43AM +1000, Ben Finney wrote: > The language is clear that it is talking about dependency in the sense > of requiring the program installed on the system in order for the > program to build or execute. I think the mention of package dependencies is an incomplete list

Re: Whether remotely running software is considered "software" for Debian.

On Mon, Aug 14, 2017 at 08:58:00AM +1000, Ben Finney wrote: > "Dr. Bas Wijnen" <wij...@debian.org> writes: > > > What seems to be the dispute is whether software that runs on a remote > > system is still "software" for the purpose of our rules.

Whether remotely running software is considered "software" for Debian.

Note: this post is not about certspotter at all, so I'm not Cc'ing the bug and changed the Subject line. On Wed, Aug 09, 2017 at 05:30:19PM -0400, Jonas Smedegaard wrote: > Stuff like s3cmd are tools connecting to cloud services. Arguably > usable to have tools to free data from the clouds.

Accepted openmsx-catapult 0.14.0-1 (source amd64) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Thu, 10 Aug 2017 13:09:26 +0200 Source: openmsx-catapult Binary: openmsx-catapult Architecture: source amd64 Version: 0.14.0-1 Distribution: unstable Urgency: medium Maintainer: Bas Wijnen <wij...@debian.org> Changed-By: Bas

Accepted openmsx 0.14.0-1 (source all i386) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Sun, 06 Aug 2017 14:57:22 +0200 Source: openmsx Binary: openmsx openmsx-data Architecture: source all i386 Version: 0.14.0-1 Distribution: unstable Urgency: medium Maintainer: Bas Wijnen <wij...@debian.org> Changed-By: Bas

Accepted openmsx-debugger 0.1~git20170806-1 (source i386) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Sun, 06 Aug 2017 07:33:40 +0200 Source: openmsx-debugger Binary: openmsx-debugger Architecture: source i386 Version: 0.1~git20170806-1 Distribution: unstable Urgency: medium Maintainer: Bas Wijnen <wij...@debian.org> C

Accepted cbios 0.28-1 (source all) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Sat, 05 Aug 2017 14:35:56 +0200 Source: cbios Binary: cbios Architecture: source all Version: 0.28-1 Distribution: unstable Urgency: medium Maintainer: Bas Wijnen <wij...@debian.org> Changed-By: Bas Wijnen <wij...@d

Re: Let's enable AppArmor by default (why not?)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sat, Aug 05, 2017 at 06:28:20PM +0200, Christoph Biedl wrote: > intrigeri wrote... > > > tl;dr: I hereby propose we enable AppArmor by default in testing/sid, > > and decide one year later if we want to keep it this way in the > > Buster release.

Re: [Pkg-dns-devel] Bug#833309: "Browserified" stuff (knot-resolver-module-http: please package embedded epoch.js separately)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, Oct 21, 2016 at 07:26:43AM +0200, Vincent Bernat wrote: > It would be as easy for the security team to modify the unminified version > than the "upper" upstream version of the source. The release team has just decided that "browserified"

Re: [Pkg-dns-devel] Bug#833309: "Browserified" stuff (knot-resolver-module-http: please package embedded epoch.js separately)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, Oct 19, 2016 at 09:07:26AM +0200, Vincent Bernat wrote: > gulp is just a glorified make and doesn't compile anything on its own. If make wouldn't be in main, any program using it in its build process would also not be allowed in main. The

Re: [Pkg-dns-devel] Bug#833309: "Browserified" stuff (knot-resolver-module-http: please package embedded epoch.js separately)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, Oct 14, 2016 at 10:49:06AM +0200, W. Martin Borgert wrote: > On 2016-10-13 22:39, Joerg Jaspert wrote: > > On 14458 March 1977, W. Martin Borgert wrote: > > > If I package a compiler and put y.tab.c in the package, drop > > > grammar.y in

Re: [Pkg-dns-devel] Bug#833309: "Browserified" stuff (knot-resolver-module-http: please package embedded epoch.js separately)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, Oct 12, 2016 at 10:09:12PM +0200, Martín Ferrari wrote: > On 12/10/16 21:41, Vincent Bernat wrote: > >> I don't think that shipping a binary compiled upstream should be > >> allowed, so where's the line drawn? Technically it would be allowed,

Re: "Browserified" stuff

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, Oct 10, 2016 at 03:08:17PM +0200, Martín Ferrari wrote: > Prometheus being in contrib basically means the work I have done for the > past year is worthless, as users could as well just grab unofficial > packages from other places. I am not

Accepted openmsx-catapult 0.13.0-1 (source amd64) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Thu, 22 Sep 2016 22:09:06 +0200 Source: openmsx-catapult Binary: openmsx-catapult Architecture: source amd64 Version: 0.13.0-1 Distribution: unstable Urgency: medium Maintainer: Bas Wijnen <wij...@debian.org> Changed-By: Bas

Accepted openmsx 0.13.0-1 (source all amd64) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Thu, 22 Sep 2016 12:24:35 +0200 Source: openmsx Binary: openmsx openmsx-data Architecture: source all amd64 Version: 0.13.0-1 Distribution: unstable Urgency: medium Maintainer: Bas Wijnen <wij...@debian.org> Changed-By: Bas

Re[2]: Browserified files and DFSG

July 11 2016 9:57 AM, "Pirate Praveen" wrote: >> Yet it is built with a tool not in Debian, from a different form of the >> work that upstream actually uses for reading and modifying — the source >> form of the work. So that compiled form is not the source form of the >> work. > > There is a

Accepted stx2any 1.56-2.1 (source all) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Mon, 20 Jun 2016 03:28:52 -0400 Source: stx2any Binary: stx2any Architecture: source all Version: 1.56-2.1 Distribution: unstable Urgency: medium Maintainer: Panu Kalliokoski <ate...@sange.fi> Changed-By: Bas Wijne

Accepted openmsx 0.12.0-2 (source all amd64) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Sun, 01 May 2016 11:54:08 -0400 Source: openmsx Binary: openmsx openmsx-data Architecture: source all amd64 Version: 0.12.0-2 Distribution: unstable Urgency: medium Maintainer: Bas Wijnen <wij...@debian.org> Changed-By: Bas

Re: using whiptail and translated strings from arbitrary scripts

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, Apr 27, 2016 at 02:28:22PM +0200, Daniel Pocock wrote: > If I use this method, can the strings be translated easily by the > Debian translators just like the strings for po-debconf/maintainer > scripts? > > Or is there some additional

Re: Packaging of static libraries

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, Apr 19, 2016 at 10:13:28PM +0200, Vincent Danjean wrote: > The initial argument was: > > We in Debian are in a good position to defend our users from the > > fallout from this problem. We could change our default compiler > > options to

Re: Packaging of static libraries

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, Apr 14, 2016 at 02:57:00PM +0200, Vincent Danjean wrote: > > If users have such specialized needs, I think it is not only reasonable that > > they build their own versions of their libraries; I expect them to prefer > > that. > > So we should

Re: Packaging of static libraries

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, Apr 13, 2016 at 05:17:54PM +0200, Marco d'Itri wrote: > On Apr 13, Ian Jackson wrote: > > We in Debian are in a good position to defend our users from the > > fallout from this problem. We could change our

Re: Packaging of static libraries

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, Apr 11, 2016 at 03:25:46PM +0900, Mike Hommey wrote: > > What uses require PIC static libraries that cannot be satisfied by building > > -static --whole-archive ? > >

Re: Packaging of static libraries

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sun, Apr 10, 2016 at 09:06:50PM +0500, Andrey Rahmatullin wrote: > On Sun, Apr 10, 2016 at 05:57:16PM +0200, Andreas Tille wrote: > > > > whether it is advisable to try hard to provide static libraries even if > > > > upstream build system does not

Accepted openmsx-debugger 0.1~git20160326-2 (source amd64) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Sat, 26 Mar 2016 13:39:59 -0400 Source: openmsx-debugger Binary: openmsx-debugger Architecture: source amd64 Version: 0.1~git20160326-2 Distribution: unstable Urgency: medium Maintainer: Bas Wijnen <wij...@debian.org> Changed-B

Accepted cbios 0.27-2 (source all) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Sat, 26 Mar 2016 12:34:38 -0400 Source: cbios Binary: cbios Architecture: source all Version: 0.27-2 Distribution: unstable Urgency: medium Maintainer: Bas Wijnen <wij...@debian.org> Changed-By: Bas Wijnen <wij...@d

Re: Mass Bug Filing: Missing Build-Depends: graphviz

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, Mar 22, 2016 at 09:26:45PM +0100, Santiago Vila wrote: > I think the issue is not really whether HAVE_DOT=yes is good or not > in general, but whether this is an issue that should be decided on a > per package basis or not. I agree, that is

Re: Mass Bug Filing: Missing Build-Depends: graphviz

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, Mar 22, 2016 at 05:04:50PM +0100, Santiago Vila wrote: > So the number of affected packages if the default HAVE_DOT is changed > to "no" would be quite low. > > If, instead, doxygen is changed to depend on graphviz, there would be > nothing

Re: Bug#818900: [Lua Policy] integrate debian's lua modules into Debian's Luarocks

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, Mar 21, 2016 at 02:37:44PM +, lumin wrote: > When I'm dealing with one of my ITP's I found that this is > a noticeable problem to Debian's lua packages. And I think > this may require some changes to our lua policy, or the dh-lua >

Re: Mass Bug Filing: Missing Build-Depends: graphviz

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, Mar 21, 2016 at 11:26:16AM +0100, Santiago Vila wrote: > > Yes, so that's a bug in those programs, not in doxygen. It would be > > "fixed" by > > adding graphviz as a Depends to doxygen, but that would be incorrect. > > Please note that it

Re: Mass Bug Filing: Missing Build-Depends: graphviz

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sun, Mar 20, 2016 at 08:07:55PM +0100, Adam Borowski wrote: > On Sun, Mar 20, 2016 at 06:51:23PM +0000, Bas Wijnen wrote: > > That also means that programs calling dot will need graphviz in their > > Build-Depends, no matter w

Re: Mass Bug Filing: Missing Build-Depends: graphviz

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I think you are mistaken about a few things. On Sun, Mar 20, 2016 at 06:04:55PM +0100, Santiago Vila wrote: > The maintainer points out that the default value for HAVE_DOT is NO, > so he's reluctant to add the build-dependency. If the program can be

Re: How to deal with "assets" packages shadowing real upstream

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, Mar 09, 2016 at 11:37:12AM +0100, IOhannes m zmölnig (Debian/GNU) wrote: > i think that §4.13 does not cover the original issue of jonas at all, as > it's about something different: using convenience copies instead of the > system provided

Re: How to deal with "assets" packages shadowing real upstream

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, Mar 08, 2016 at 02:14:10PM +, Jonathan Dowland wrote: > On Fri, Feb 26, 2016 at 07:59:29PM +0100, Jonas Smedegaard wrote: > > I personally feel it is a bug to not track the true upstream of a > > project, but that seems not part of our

Re: How to deal with "assets" packages shadowing real upstream

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, Mar 07, 2016 at 03:12:10PM +0100, Jonas Smedegaard wrote: > Oh - I just discovered that this _is_ covered by Policy §4.13 already. Reading that again, I see that it says code copies are acceptable if the code is meant to be used that way

Re: Can "PDB" license be considered free ?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, Mar 07, 2016 at 04:38:55PM -0600, Don Armstrong wrote: > On Mon, 07 Mar 2016, Peter Rice wrote: > > The conclusion was that scientific data (SwissProt, PDB, etc.) are > > scientific facts and it is not reasonable to require permission to > >

Re: HTTPS in DEP-5

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sun, Mar 06, 2016 at 08:13:49PM +, Ben Hutchings wrote: > On Sun, 2016-03-06 at 19:19 +0000, Bas Wijnen wrote: > > On Sun, Mar 06, 2016 at 07:35:57PM +0100, Jakub Wilk wrote: > > > > > > So, what we're going to do ab

Re: HTTPS in DEP-5

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sun, Mar 06, 2016 at 07:35:57PM +0100, Jakub Wilk wrote: > So, what we're going to do about it? I see the following options: > > B) Fix the spec to allow the HTTPS URL; fix the HTTP-only consumers. That. Https is good for our users. Even if the

Re: Making Debian ports less burdensome

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, On Fri, Feb 26, 2016 at 09:02:48PM +, Steven Chamberlain wrote: > > Removing the package from the breaking port is an option, and it > > should be easy to trigger, but it should not be automatic. If we make > > the process easy and the

Re: How to deal with "assets" packages shadowing real upstream

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, On Fri, Feb 26, 2016 at 07:59:29PM +0100, Jonas Smedegaard wrote: > Do we favor tracking the true upstreams when packaging for Debian? There was some discussion about this on the list recently, but this is a question that didn't really come up,

Re: Making Debian ports less burdensome

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, I like your suggestions in general, but am a bit worried about the results of this: On Thu, Feb 25, 2016 at 05:41:57PM +, Steven Chamberlain wrote: > * If left unfixed, the bugs should trigger an auto-removal from > unstable so that

Re: chromium disabling use of shared libs, BoringSSL

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Thanks for pursuing this, Daniel, and for being civil while doing so. On Tue, Feb 09, 2016 at 05:47:46PM +0100, Daniel Pocock wrote: > Chromium upstream are keen to discourage use of shared libraries on the > system and encourage packagers to bundle

Re: another mount issue on jessie

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, Feb 09, 2016 at 10:38:26AM -0700, Sebastian Kuzminsky wrote: > On another Jessie machine I had to apply the same workaround to some > additional services. I identified the services that needed the workaround > by grepping for 'PrivateTmp' in

Re: Statically linked library in libdevel packages? (Was: Status of teem package (packaging moved from svn to git))

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, Jan 29, 2016 at 06:03:26PM +0100, Dimitri John Ledkov wrote: > Imho, if static libraries, are shipped we should be conservative about > them (e.g. do it pretty much for libc only to compile minimal > freestanding bootloaders and that's about

Re: Statically linked library in libdevel packages? (Was: Status of teem package (packaging moved from svn to git))

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, Jan 28, 2016 at 01:38:11PM +, Ian Jackson wrote: > Andreas Tille writes ("Statically linked library in libdevel packages? (Was: > Status of teem package (packaging moved from svn to git))"): > > I came across this question since policy

Re: Libre graphics could become the standard if we push right now

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, Jan 19, 2016 at 06:57:43PM +0100, gaffa wrote: > It's an MIT license: > > https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/tree/firmware/WHENCE#n758 That's a fine license as far as the DFSG is concerned, but as long as

Re: support for merged /usr in Debian

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sat, Jan 16, 2016 at 04:09:00PM +0100, Marc Haber wrote: > It would help to be friendly to each other. No CoC needed by that, > it's just basic common sense. The meaning of "friendly" and "common sense" is different for different people. If you

Defaults and virtual package rules (was: default softphone in Debian stretch)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sat, Jan 16, 2016 at 01:48:46PM +0100, Daniel Pocock wrote: > On 15/01/16 14:20, Bas Wijnen wrote: > > On Fri, Jan 15, 2016 at 11:08:35AM +0100, Daniel Pocock wrote: > >> On 15/01/16 04:00, Paul Wise wrote: > >>> O

Re: default softphone in Debian stretch

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, Jan 15, 2016 at 11:08:35AM +0100, Daniel Pocock wrote: > > > On 15/01/16 04:00, Paul Wise wrote: > > On Tue, Jan 12, 2016 at 5:42 PM, Daniel Pocock wrote: > > > >> default softphone in Debian[1] > > > > It should be up to the user what

Re: Going ahead with non-free-firmware

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sun, Jan 10, 2016 at 02:09:24AM +0100, Philippe Cerfon wrote: > On Sun, Jan 10, 2016 at 1:11 AM, Josh Triplett wrote: > > They will if people care as much about that separation as they do about > > separating firmware. > >

Bug#809705: general: let people use non-free software but opt-out of non-open software

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, Jan 04, 2016 at 07:45:37AM +, Niels Thykier wrote: > Philippe Cerfon: > > On Sun, Jan 3, 2016 at 7:35 AM, Christian PERRIER > > wrote: > >> Discussing infrastructure changes like what you're proposing (which I > >>

Accepted openmsx 0.12.0-1 (source all amd64) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Tue, 06 Oct 2015 09:09:16 -0400 Source: openmsx Binary: openmsx openmsx-data Architecture: source all amd64 Version: 0.12.0-1 Distribution: unstable Urgency: medium Maintainer: Bas Wijnen <wij...@debian.org> Changed-By: Bas

Accepted openmsx-catapult 0.12.0-1 (source amd64) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Tue, 06 Oct 2015 09:06:08 -0400 Source: openmsx-catapult Binary: openmsx-catapult Architecture: source amd64 Version: 0.12.0-1 Distribution: unstable Urgency: medium Maintainer: Bas Wijnen <wij...@debian.org> Changed-By: Bas

Re: Security concerns with minified javascript code

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, Sep 03, 2015 at 08:47:11AM +0200, Vincent Bernat wrote: > Without minification, we'll just ship packages that people won't > use. Why would I run a crippled installation of Wordpress that will > drive of part of my users to another competitor?

Re: Security concerns with minified javascript code

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, Sep 02, 2015 at 07:33:10PM +0100, Neil Williams wrote: > On Wed, 2 Sep 2015 13:33:57 -0400 > Marvin Renich wrote: > > > * Ben Hutchings [150902 10:12]: > > > My preferred form is a git repository of

Re: Security concerns with minified javascript code

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, Aug 31, 2015 at 08:49:53AM +0200, Raphael Hertzog wrote: > On Sun, 30 Aug 2015, Bas Wijnen wrote: > > Why do you care that software is in main, if you evidently do not care about > > any of the rules we have for it? >

Re: Security concerns with minified javascript code

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sun, Aug 30, 2015 at 10:14:13AM +0200, Vincent Bernat wrote: The build script determines the outcome of what will effectively run on our users' machine. I fail to see how this is not an important issue. You are correct, this is important. But

Re: Security concerns with minified javascript code

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sun, Aug 30, 2015 at 02:12:43PM +0200, Vincent Bernat wrote: This is becoming quite a stretch. At this rate, we will fail to match SC#2 because we ship previous versions of software and upstream is unlikely to accept a patch against a

Re: Summary of the DebConf firmware discussion

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 First of all, thanks for having this discussion. I think it is a serious problem. Debian is currently hard to install on many machines, and I very much dislike the idea of telling people to enable all of non-free because of some hardware.

Re: Security concerns with minified javascript code

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, Aug 26, 2015 at 07:35:01AM +0200, Vincent Bernat wrote: ❦ 25 août 2015 22:37 GMT, Bas Wijnen wij...@debian.org : We need to leave the Javascript ecosystem mature a bit more but in the meantime, a bit of tolerance would be appreciated

Re: Security concerns with minified javascript code

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, Aug 27, 2015 at 04:14:53PM -0700, Russ Allbery wrote: Bas Wijnen wij...@debian.org writes: On the other hand, shipping packages that cannot be rebuilt with tools from Debian will also result in angry users. For me personally, one

Re: Security concerns with minified javascript code

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, Aug 25, 2015 at 07:17:12PM +0200, Jonas Smedegaard wrote: Quoting Scott Kitterman (2015-08-25 17:57:11) AFAIK we've only ever discussed the need to provide source. I don't know why there would be a requirement to reminify. I see no

Re: Security concerns with minified javascript code

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, Aug 25, 2015 at 07:08:06PM +0100, Ian Jackson wrote: Bas Wijnen writes (Re: Security concerns with minified javascript code): AFAIK Debian doesn't *require* generated files to be rebuilt. For example, it used to be common practice

Re: Security concerns with minified javascript code

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, Aug 25, 2015 at 11:13:15PM +0200, Vincent Bernat wrote: ❦ 25 août 2015 17:58 GMT, Bas Wijnen wij...@debian.org : I don't see why javascript minification would be different from C compilation in a way that would lead to a different

Accepted openmsx-catapult 0.11.0-2 (source amd64) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Wed, 12 Aug 2015 22:13:12 -0400 Source: openmsx-catapult Binary: openmsx-catapult Architecture: source amd64 Version: 0.11.0-2 Distribution: unstable Urgency: medium Maintainer: Bas Wijnen wij...@debian.org Changed-By: Bas Wijnen wij

Re: certificate creation in postinst, potentially using letsencrypt script

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sun, Aug 02, 2015 at 05:44:06PM +0200, Christoph Anton Mitterer wrote: Some ideas that pop up in my mind: - Would be yet another location of privacy leak in Debian, where the system automatically calls home to some more commercial than

Re: Packaging certain libraries as end-user software

On Sun, Jul 19, 2015 at 11:06:45AM +0200, Eduard Bloch wrote: It's less of a library than an environment used for research. Compiling is just a required step to run your code, but applications are usually not distributed in binary form. What is the benefit of providing a shared

Re: Packaging certain libraries as end-user software

On Fri, Jul 17, 2015 at 05:30:04PM +0200, Ansgar Burchardt wrote: It's less of a library than an environment used for research. Compiling is just a required step to run your code, but applications are usually not distributed in binary form. What is the benefit of providing a shared library at

Re: The Spirit of Free Software, or The Reality

Hi, On Thu, Jul 16, 2015 at 06:00:17PM +0200, Simon Richter wrote: Am 16.07.2015 um 16:57 schrieb Don Armstrong: How easy would it be to modify the code so that it only gets the favorite icons when the site is actually visited? [Does it already try to update the icons when it visits one of

Re: The Spirit of Free Software, or The Reality

On Wed, Jul 15, 2015 at 07:56:42PM +0100, Ian Jackson wrote: Right. I find it disappointing to discover that in Debian we have deliberately modified Iceweasl to make this problem worse, even if only in a modest way. ... And one thing we could easily do (well, easily from a technical point

Re: The Spirit of Free Software, or The Reality

On Wed, Jul 15, 2015 at 01:26:16PM +0900, Mike Hommey wrote: On Wed, Jul 15, 2015 at 03:51:42AM +0200, Bas Wijnen wrote: On Wed, Jul 15, 2015 at 01:06:28AM +0200, Jakub Wilk wrote: POST https://safebrowsing.google.com/safebrowsing/downloads?client=Iceweaselappver=38.1.0pver=2.2key

Re: Cluebat needed: Proper way to reference MathJax.js

On Mon, Jul 13, 2015 at 08:01:48PM -0500, Dirk Eddelbuettel wrote: | To make it work only when served by a webbrowser, use this: | | script src=/javascript/mathjax/MathJax.js/script I think this is what I had in mind, thanks! | ...and make sure javascript-common is installed and in

Re: Cluebat needed: Proper way to reference MathJax.js

On Tue, Jul 14, 2015 at 05:56:56AM -0500, Dirk Eddelbuettel wrote: | Can't you make a link in the directory of the file referencing it and use | a non-absolute path, i.e. src=MathJax.js? That should work both locally and | through a browser without any configuration, right? (Except that the

Re: The Spirit of Free Software, or The Reality

On Tue, Jul 14, 2015 at 04:21:07PM +0200, Wouter Verhelst wrote: On Mon, Jul 06, 2015 at 02:10:08PM +0800, Paul Wise wrote: Perhaps we could run everything in $PATH in virtual machines and log all network beyond localhost. I look forward to not reading your emails anymore ;-P (or did I

Re: The Spirit of Free Software, or The Reality

On Wed, Jul 15, 2015 at 01:06:28AM +0200, Jakub Wilk wrote: POST https://safebrowsing.google.com/safebrowsing/downloads?client=Iceweaselappver=38.1.0pver=2.2key=no-google-api-key + a few dozens of GET requests to https://safebrowsing.google.com/ So nothing serious here. It's just casually

Re: Packaging certain libraries as end-user software

Hi, On Thu, Jul 09, 2015 at 05:26:32PM +0200, Ansgar Burchardt wrote: I'm wondering about the shared library packaging requirements in Policy for the special case of scientific libraries that are not intended to be used by applications, but are to be used by end-users directly, What does to

Accepted openmsx 0.11.0-1 (source all amd64) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Sat, 20 Jun 2015 09:27:01 -0400 Source: openmsx Binary: openmsx openmsx-data Architecture: source all amd64 Version: 0.11.0-1 Distribution: unstable Urgency: medium Maintainer: Bas Wijnen wij...@debian.org Changed-By: Bas Wijnen wij

Accepted openmsx-catapult 0.11.0-1 (source amd64) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Sat, 20 Jun 2015 09:25:52 -0400 Source: openmsx-catapult Binary: openmsx-catapult Architecture: source amd64 Version: 0.11.0-1 Distribution: unstable Urgency: medium Maintainer: Bas Wijnen wij...@debian.org Changed-By: Bas Wijnen wij

  1   2   3   >