Bug#760347: a must have missed a question somewhere
Brian, I believe I have all the archives from the list. No need to start recreating anything… stew -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#534338: OpenSSL bindings for Perl -- licensing questions
On Wed, Jun 27, 2012 at 12:52:28PM -0400, Guy Hulbert wrote: On Wed, 2012-27-06 at 12:49 -0400, Daniel Kahn Gillmor wrote: On 06/27/2012 12:38 PM, Guy Hulbert wrote: It's unenforcable if the modules in question do not incorporate any OpenSSL code and are just an interface to the library. I think this is probably the case. Eh? How is a binding to a library not a project that is derived from that library? I don't follow your explanation that the clause is unenforcable. What makes it unenforcable? Because if I write the code, I own it. So in the case of a perl module I can call it anything I want unless there is a trademark involved (and, i believe trademarking words is a perversion). In this case *some* of the code was written by the authors of the perl code, but much of the source code comes directly from openssl. The perl module author is taking a lot of code from openssl, adding some of their own, them compiling that together into a new work. This is clearly a derrivative work. Look, for example at the source code to libcrypt-openssl-rsa-perl. In RSA.xs, these lines appear: #include openssl/bio.h #include openssl/bn.h #include openssl/err.h #include openssl/md5.h #include openssl/objects.h #include openssl/pem.h #include openssl/rand.h #include openssl/ripemd.h #include openssl/rsa.h #include openssl/sha.h #include openssl/ssl.h Those are instructions to the compiler to directly include source code from the openssl project. stew signature.asc Description: Digital signature
Bug#534338: OpenSSL bindings for Perl -- licensing questions
Kai Storbeck k...@xs4all.nl writes: I'm a bit perplexed that the module authors have anything to do with this as long as they are clearly stating their code is released under the artistic license. The license of the perl module is not the concern. The concern is that we are violating the license of the openssl software. Should Debian concern itself (too much) with the authority of such a claim? Yes. Is there any reason to think that The OpenSSL Project does not have a valid claim on the headers in /usr/include/openssl? Is it debians task to mediate between all open source forges around the world and their claims for licensing? It is Debian's task to make sure that our software archive is legal. We can help upstream here by getting them to where it is legal to redistribute functional builds of their software. We can also just stop distributing this software, or we can go through the process of renaming the software in Debian. Of all these options, having this problem fixed upstream seems to clearly be in the interest of not only Debian, but of many other users of this software. Apologies if this is in the debian policy. It should be implicit that debian cannot ignore the software licenses terms for the software we are distributing. pgpNT0r97yiG5.pgp Description: PGP signature
Bug#677723: gnome-settings-daemon: --no-daemon option in manpage is invalid
Package: gnome-settings-daemon Version: 3.4.2-3 Severity: minor The manpage for gnome-settings-daemon lists a --no-daemon option: --no-daemon Do not detach the daemon process from its controlling terminal However, try to run gnome-settings-daemon with that option fails: stew@cardinal:~ $ gnome-settings-daemon --no-daemon ** (gnome-settings-daemon:759): WARNING **: Unknown option --no-daemon -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.2.0-2-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages gnome-settings-daemon depends on: ii dconf-gsettings-backend [gsettings-backend] 0.12.1-1 ii dpkg 1.16.4.2 ii gsettings-desktop-schemas3.4.2-1 ii libatk1.0-0 2.4.0-2 ii libc62.13-33 ii libcairo-gobject21.12.2-2 ii libcairo21.12.2-2 ii libcanberra-gtk3-0 0.28-4 ii libcanberra0 0.28-4 ii libcolord1 0.1.21-1 ii libcomerr2 1.42.4-3 ii libcups2 1.5.3-1 ii libdbus-glib-1-2 0.98-1 ii libfontconfig1 2.9.0-6 ii libgcrypt11 1.5.0-3 ii libgdk-pixbuf2.0-0 2.26.1-1 ii libglib2.0-0 2.32.3-1 ii libgnome-desktop-3-2 3.4.2-1 ii libgnomekbd7 3.4.0.2-1 ii libgnutls26 2.12.20-1 ii libgssapi-krb5-2 1.10.1+dfsg-1 ii libgtk-3-0 3.4.2-1 ii libgudev-1.0-0 175-3.1 ii libk5crypto3 1.10.1+dfsg-1 ii libkrb5-31.10.1+dfsg-1 ii liblcms2-2 2.2+git20110628-2.2 ii libnotify4 0.7.5-1 ii libnspr4 2:4.9.1-1 ii libnspr4-0d 2:4.9.1-1 ii libnss3 2:3.13.5-1 ii libnss3-1d 2:3.13.5-1 ii libpackagekit-glib2-14 0.7.4-4 ii libpango1.0-01.30.0-1 ii libpolkit-gobject-1-00.105-1 ii libpulse-mainloop-glib0 2.0-3 ii libpulse02.0-3 ii libsqlite3-0 3.7.13-1 ii libupower-glib1 0.9.16-3 ii libwacom20.5-1 ii libx11-6 2:1.4.99.901-2 ii libxfixes3 1:5.0-4 ii libxi6 2:1.6.1-1 ii libxklavier165.2.1-1 ii libxtst6 2:1.2.1-1 ii nautilus-data3.4.2-1 ii zlib1g 1:1.2.7.dfsg-11 Versions of packages gnome-settings-daemon recommends: ii pulseaudio 2.0-3 Versions of packages gnome-settings-daemon suggests: ii awesome [x-window-manager] 3.4.12-2 ii gnome-screensaver3.4.1-1 ii metacity [x-window-manager] 1:2.34.3-2 ii openbox [x-window-manager] 3.5.0-4 ii twm [x-window-manager] 1:1.0.6-1 ii x11-xserver-utils7.7~3 -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#677146: python-uno uses file from libreoffice-core in preinst without declaring PreDepends
Package: python-uno Version: 1:3.5.3-5 Severity: serious Justification: Policy 7.2 during an upgrade, the python-uno preinst script calls: /usr/lib/libreoffice/program/unopkg This file seems to come from the libreoffice-core pacakge. According to the policy: Pre-Depends are also required if the preinst script depends on the named package I found this when helping someone that was having trouble upgrading from squeeze to wheezy and was getting a preinst failure due to this file being missing. stew -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-2-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages python-uno depends on: ii libc6 2.13-32 ii libgcc1 1:4.7.0-10 ii libpython2.7 2.7.3~rc2-2.1 ii libreoffice-core 1:3.5.3-5 ii libstdc++64.7.0-10 ii python2.7.2-10 ii python2.7 2.7.3~rc2-2.1 ii uno-libs3 3.5.3-5 ii ure 3.5.3-5 python-uno recommends no packages. python-uno suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#658341: upload of multi-arch enabled dpkg (in time for wheezy)
On Thu, 2 Feb 2012 16:59:53 +0100, Guillem Jover guil...@debian.org wrote: In any case a multi-arch enabled dpkg will not miss wheezy.=20 Guillem, Are you really in a position to declare this? The release team as previously said [0] directly to you that they were looking for an upload in Octoboer in order to ensure this release goal was met. Forgive me if I've missed some other discussion about this, but since we are now months beyond this, are we expecting the freeze date to be moved to accomodate? Or has somehting else changed? stew [0] http://lists.debian.org/debian-dpkg/2011/10/msg00050.html pgpflFWpYYRmS.pgp Description: PGP signature
Bug#625050: cannot reproduce
tags 625050 unreproducible thanks I'm unable to reprodue this bug on amd64. Is anyone else able to reproduce this? pgp97XyjhsYYf.pgp Description: PGP signature
Bug#612562: unable to reproduce
Thomas, I'm unable to reproduce this. It also looks like there has been a new version of this package uploaded since your report was filed. Are you still able to reproduce this bug? stew pgpcAqonAeWlx.pgp Description: PGP signature
Bug#614527: unable to reproduce
I'm unable to reproduce this bug. Is anyone else able to reproduce this bug? stew -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#647319: RM: freesba -- RoQA; Buggy, unmaintained, NPOASR
Package: ftp.debian.org Severity: normal freesba has only ever had one upload, its been RC buggy for months with no response from the maintainer. It has no reverse depends and a popcon ~ 10. thanks, stew -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#646953: RM: aolserver4-nsimap -- RoQA; Buggy, unmaintained, miniscule popcon
Package: ftp.debian.org Severity: normal aolserver4-nsimap has an RC bug that hasn't gotten a response in 6 months, it hasn't had an upload in years, and the popcon is 5 and it has no reverse depends. It seems like a good candidate for removal. thanks, stew -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#646729: source code is required in main
severity 646729 serious thanks The section of policy referenced in the Justification is quite clear on this one: 2. Source Code The program must include source code, and must allow distribution in source code as well as compiled form. We on the ftp team have been requiring this of minimized javascript files routinely of packages in main. thanks, stew -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#637622: dtc-common: places configuration files in /var/lib
Package: dtc-common Severity: serious Justification: Policy 10.7.2 dtc seems to put lots of configuation files in /var/lib/dtc, contrary to policy. -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (600, 'unstable'), (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.0.0-1-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#637509: RM: dtc -- RoQA; consistently buggy and non-policy
On Fri, 12 Aug 2011 22:01:58 +0800, Thomas Goirand tho...@goirand.fr wrote: Philipp Kern pk...@debian.org wrote: In case that the bug numbers are not obvious: #614302, #614304, #611680, #414480, #566654. We're going more than 4 years in the past here, with some being false positive. Just so we are clear. Which of these bugs were false positives? pgprJPRMDjZrP.pgp Description: PGP signature
Bug#637509: RM: dtc -- RoQA; consistently buggy and non-policy compliant
On Fri, 12 Aug 2011 17:52:59 +0800, Thomas Goirand tho...@goirand.fr wrote: * This package depends on being able to modify configuration files of other packages. (see #637501 and the bugs referenced in that bug) Yes, which is the goal of the software, yes. If the gaol this software is to violate debian policy by modifying the configuratio files of other packages, I don't know why we are wasting so much time on this, we should just be rid of it. Also, I had some discussions with many DDs, some during debconf11, like with Ian Jackson, Raphael Hertzog, and many others, on how to fix this on a clean way, and I have plans for it. I'm troubled by this notion. This package has been around for years, we are supposed to be encouraged by the fact that you have talked to other developers about how it might possibly be able to comply with policy sometime in the future? stew pgpJ0KocsR6wm.pgp Description: PGP signature
Bug#637501: dtc-common: modifies config files of other packages
On Fri, 12 Aug 2011 17:31:19 +0800, Thomas Goirand tho...@goirand.fr wrote: The goal of my software is to handle the configuration of the server. If we follow what you are saying, then an administrator would have to spend hours to setup his server manually for a single installation. Do you think that this is manageable? I don't care. This isn't a reason for your package to ignore debian policy. Note also that I've opened discussions about it, and that I'm trying to solve the issue, but the postfix maintainer (for example) didn't even bother to reply. Upstream said that a conf.d folder isn't even possible. What solution do I have here? The solution is to not modify the cofiguration files of other packages, obviously. My package doesn't at all fit with debian policy. My package cannot be made to follow policy isn't a sign that the policy needs to be changed or that the policies should be ignored. It is a sign that the package doesn't belong in debian. stew pgp3Og6wUx1JK.pgp Description: PGP signature
Bug#637622:
Thomas Goirand writes: I don't see any configuration file there. seriously? How about named.conf? How about vhosts.conf? root@testdtc:~# source /etc/apache2/envvars root@testdtc:/root# apache2 -S 192.168.122.137:* is a NameVirtualHost default server www.foo.com (/var/lib/dtc/etc/vhosts.conf:40) port 80 namevhost www.foo.com (/var/lib/dtc/etc/vhosts.conf:40) port 443 namevhost dtc.vireo.org (/var/lib/dtc/etc/vhosts.conf:76) port 80 namevhost dtc.vireo.org (/var/lib/dtc/etc/vhosts.conf:112) port 80 namevhost mx.vireo.org (/var/lib/dtc/etc/vhosts.conf:145) port 80 namevhost www.vireo.org (/var/lib/dtc/etc/vhosts.conf:180) Please reread the definition of a configuration file in the policy manual: A file that affects the operation of a program, or provides site- or host-specific information, or otherwise customizes the behavior of a program. I'd say that most of the files in here fit that description.. apache.pid does not, but it belongs in /var/run not /var/lib -stew p.s. please Cc: bug#-submit...@bugs.debian.org when following up to bugs when you solicit a response. pgpHOXpST3wbi.pgp Description: PGP signature
Bug#637618: I don't understand your response.
I don't understand your response. I don't know what chrooted users have to do with this bug. The problem is that you are allowing the dtc user to run any program they wish as root. This means that any apache vulnerability easily becomes a remote root vulnerability. If your intention is to let dtc run any command as root (which I think is a very bad idea), then what is the point of having the dtc user at all? debian typically runs apache as the www-data user which has very few privileges for good reasons. stew p.s. please include bug#-submit...@bugs.debian.org in replies. pgpOBufJXcWz9.pgp Description: PGP signature
Bug#637498: dtc-common: does not sanitize input allowing SQL injection
Package: dtc-common Version: 0.32.10-2 Severity: important Tags: upstream, security The two logPushlet.php pages do not sanitize input allowing for SQL injection. as an example, going to a url like: http://127.0.0.1/dtcadmin/logPushlet.php?vps_node='%20or%201%20into%20outfile%20'/tmp/kilroy will create a /tmp/kilroy file on the server using the mysql server credentials. -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (600, 'unstable'), (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.0.0-1-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#637501: dtc-common: modifies config files of other packages
Package: dtc-common Version: 0.32.10-2 Severity: serious Justification: Policy 10.7.4 It seems to me that the package tries to subvert policy 10.7.4 here. Other bugs have been opened against this source package in the past (for example #414469, #402432, #414484). I think that trying to get around policy by having the postinst do stuff like this: echo echo * Warning! DTC setup is not completed. The postinst didn't do it all. * echo To finish the installation: execute /usr/share/dtc/admin/install/install echo And thus telling the user to run a script which modifies the configuration files of a dozen other packages without warning, and often without a way back, is violating the spirit of the policy. stew -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (600, 'unstable'), (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.0.0-1-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#637505: dtc: minimized js files without source
Source: dtc Version: missing source for shared/gfx/skin/grayboard/js/DD_roundies-min.js Severity: serious Justification: Policy 2.2.1 shared/gfx/skin/grayboard/js/DD_roundies-min.js is minimized javascript without included source. Upstream provides non-minimized source which is clearly the prefered medium for modification, and therefore should be included in the debian souce package if this minimized version is to be included. -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (600, 'unstable'), (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.0.0-1-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#637509: RM: dtc -- RoQA; consistently buggy and non-policy compliant
Package: ftp.debian.org Severity: normal It's a shame having to do this for a package with an active maintainer, but I strongly feel like dtc should be removed from debian. My reasons for thinking this: * It seems like anyone that spends any time looking at this package finds security bugs. * If you don't want to look specifically for security bugs, there are plenty of other RC bug s to be found. * This package depends on being able to modify configuration files of other packages. (see #637501 and the bugs referenced in that bug) I'm troubled by the responses that the many security bugs in these packages get from the maintainer who is also the upstream author. I'm worried that the maintainer/upstream author does not have an adequate respect for security related issues. stew -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#637509: RM: dtc -- RoQA; consistently buggy and non-policy compliant
Thomas Goirand tho...@goirand.fr wrote: And me, I'm really seriously thinking you don't know how to handle security issues as well, given the fact that you've open public bugs, when you should have get in touch with me privately. This shows as well a big disrespect for what I do, if opening this bug wasn't enough. Note that when I first attempted to alert you to the issue that started http://lists.debian.org/debian-release/2011/07/msg00325.html that first you obviously didn't actually read my report fully. My report: On Mon, 11 Jul 2011 23:43:19 -0400, Mike O'Connor s...@vireo.org wrote: Although dtc-xen creates a password protected RSA for SSL communication with the SOAP daemon in /etc/dtc-xen/privkey.pem, it leaves a plaintext copy in /etc/dtc-xen/dtc-xen.cert.key. Your reply: On Fri, 15 Jul 2011 12:33:18 +0200, Thomas Goirand tho...@goirand.fr wrote: I don't think there's an grave issue here, the key might be world readable, but there is a passphrase in it, But you also ask for it to be disclosed publicly: On Fri, 15 Jul 2011 12:33:18 +0200, Thomas Goirand tho...@goirand.fr wrote: if someone can submit this bug in the BTS for me (with this message in the bug entry) I'd be fracking grateful! -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#637617: dtc-common: install script creates logfile with weak permissions
Package: dtc-common Severity: important Tags: upstream, security /usr/share/dtc/admin/install/functions: chmod 666 /var/log/dtc.log root@testdtc:~# ls -l /var/log/dtc.log -rw-rw-rw- 1 root root 27664 Aug 13 00:40 /var/log/dtc.log Why would a log file like this need to be world writable? 0666 is rarely if ever going to be the correct permissions. The logrotate config that is installed makes the file 0640 and owned by root:adm when the file is rotated. why would the permissions differ from the install script? -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (600, 'unstable'), (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.0.0-1-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#637509: RM: dtc -- RoQA; consistently buggy and non-policy compliant
On Sat, 13 Aug 2011 09:27:18 +0800, Thomas Goirand tho...@goirand.fr wrote: On 08/13/2011 12:27 AM, Ansgar Burchardt wrote: * No priviledge separation: everything -- including apache -- runs as the user dtc which also owns config files for apache, bind and others. This probably makes this user root-equivalent. But the latest Git version uses sbox to jail each customer in a chroot (running on a union filesystem using aufs), making it quite hard to be harmful. And since the dtc user owns the chroot_template directory. A compromise of the dtc user means that any new chroots should be considered compromised. The www-data user that apache normally runs under has very little privileges for a reason. On sanely setup systems, the www-data user doesn't get to modify many files at all. In your setup, a compromise of the webserver gets to modify the named configuration, the mta configuration, gets to modify, for instance, the ls binary that gets installed into the chroots you mention above... pgplhoyaej2ja.pgp Description: PGP signature
Bug#637618: dtc-common: giving sudo access to chrootuid is giving access to root
Package: dtc-common Severity: critical Tags: security Justification: root security hole the install script gives sudo access to the dtc user (the user that is running apache) unrestricted access to chrootuid, which essentially gives root access to the dtc account: root@testdtc:/var/lib/dtc/etc# su - dtc $ whoami dtc $ sudo chrootuid / root /bin/bash root@testdtc:/# whoami root root@testdtc:/# wc -l /etc/shadow 27 /etc/shadow rot@testdtc:/# grep dtc /etc/sudoers Defaults:dtc !set_logname dtc ALL= NOPASSWD: /usr/bin/chrootuid * -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (600, 'unstable'), (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.0.0-1-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#637619: dtc-common: predictable tmpfile create allows symlink attack
Package: dtc-common Severity: normal Tags: upstream, security If maxmind is enabled, it uses the predictable filename: /tmp/maxmind.ws.cache allowing a symlink to use the dtc priveleges to overwrite a file: nobody@testdtc:/$ whoami nobody nobody@testdtc:/$ ln -s /var/lib/dtc/etc/cband_scores/foo /tmp/maxmind.ws.cache nobody@testdtc:/$ ls -l /var/lib/dtc/etc/cband_scores/foo ls: cannot access /var/lib/dtc/etc/cband_scores/foo: No such file or directory ... then a new user registers... nobody@testdtc:/$ ls -l /var/lib/dtc/etc/cband_scores/foo -rw-r--r-- 1 dtc dtcgrp 38 Aug 13 01:17 /var/lib/dtc/etc/cband_scores/foo nobody@testdtc:/$ cat /var/lib/dtc/etc/cband_scores/foo 208.43.124.50;74.86.25.131 1313212635 -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (600, 'unstable'), (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.0.0-1-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#637509: RM: dtc -- RoQA; consistently buggy and non-policy compliant
On Fri, 12 Aug 2011 17:52:59 +0800, Thomas Goirand tho...@goirand.fr wrote: * It seems like anyone that spends any time looking at this package finds security bugs. .snip. This is purely your appreciation and your view on my software, I don't think this is reality. I was waiting for something in the oven tonight before I go to bed, and I find 3 more security bugs: #637617, #637618, #637619 stew pgpXW5Kxs84T7.pgp Description: PGP signature
Bug#634015: Proposition to team-maintain m2crypto.
Package: python-m2crypto Severity: serious That may take a little more time, as I noted that demo/x509/proxylib.py is not free: # Matt Rodriguez, LBNL #Copyright (c) 2003, The Regents of the University of California, #through Lawrence Berkeley National Laboratory #(subject to receipt of any required approvals from the U.S. Dept. of Energy). #All rights reserved. Of course, this file is not used at build time and is not distributed in our binary packages, but if I understand well our procedures, I can not knowingly upload a package that contains this file. Hence the question to the other developers: is it necessary to correct m2crypto source package in Stable ? Not that I am interested to do it – you know my position on these files is that they should be documented but ignored otherwise (see http://lists.debian.org/20100124144741.gd13...@kunpuu.plessy.org ). So if the answer is yes, can somebody volunteer to do the work ? Have a nice day, -- Charles Plessy Tsurumi, Kanagawa, Japan It's certainly necessary for us to not distribute stuff which is not distributable. I'm therefore BCCing sub...@bugs.debian.org, as this should be a separate bug from the wishlist bug this is currently attached to. stew -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#635084: php-html-common: inaccurate copyright file
Source: php-html-common Version: 1.2.5-1 Severity: serious Justification: Policy 12.5 debian/copyright refers to the php 2.02 license, but the source code refers to the 3.01 license. The copyright files claims that PHP Group is the copyright holder of this software. Where did that information come from? I don't find that in the upstream source. bye, stew -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.39-2-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#635085: php-net-ping: please update copyright file
Source: php-net-ping Version: 2.4.5-2 Severity: serious Justification: Policy 12.5 The source code claims to be copyright by several of the upstream authors, but the source code itself doesn't have these copyright claims anyway. The sourcecode claims to be held by the the PHP Group. Please update debian/copyright. As I assume you know, since you have an override for the lintian error, there are questions about the distributability of code under php 2.x licenses for software which is not part of PHP itself. Since the upstream homepage [1] now seems to claim that this is distributable under the php 3.01 license, lets update debian/copyright to reflect that; stew [1] http://pear.php.net/package/Net_Ping/redirected -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.39-2-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#607839: Question about GNOME Trademark and GNOME project packages in Debian
On Fri, 15 Jul 2011 13:01:13 +0100 (BST), MJ Ray m...@phonecoop.coop wrote: Joerg Jaspert wrote: We feel that it is infeasible for Debian to be in complete compliance with the current GNOME trademark license. [...] OK, sorry if this is an old chestnut, but do we actually need a licence in general? Is most of the use in Debian more than honest description of the source of the software? As far as I know, we have not made any inquiries to lawyers as to how valid their claim to the GNOME mark is. If their claim to the mark is valid, then we could be legally be required to stop using this mark. The case of the image which was created combining the GNOME foot and the Debian swirl seem unquestionably in violation of their trademark, [...] Yes, that seems like something that will have to stop if the GNOME foot is not free software because of some restrictive TM licence. :-( [...] We understand they are doing so to defend Free Software related marks, but that doesn't solve the underlying problem. It may also be the case that from Debian's point of view, the developer body as a whole needs to take a formal stand by means of a GR on the general issue of how to resolve the tension among DFSG principles and trademark licenses. [...] Is there a tension? Isn't it obvious that many Free Software related marks are not themselves free software? The way you state your question Isn't it obvious that many Free Software related marks are not themselves free software? Makes me want to respond No, trademarks are not software. Perhaps in an ideal world we would be saying that the DSFG applies as cleanly to trademark issues as it does to copyright issues, but in reality it is not the case. The stance that we do not allow the use of any trademarks in Debian would be an insane stance to take, once you realize how many trademarks are in Debian already. MySQL is trademarked, OpenGL is trademarked, we mention Microsoft, Apple, and probably a number of other companies. Python is trademarked, mono is trademarked. For that matter Linux and Debian are trademarked. We clearly are not going to either remove all this software or rename it. We ARE going to be using trademarks that other entities have some legal control over. Since this puts us in the position of having external entities having some legal control over what we do with our software, this is in tension with the DFSG which tries to make sure I have complete control over the software in Debian. I believe we are going to have to make decisions about what to do about a trademark we are using once a trademark owner notifies us that we are using their trademarks in ways which they don't approve of, as it is happening in this case with the GNOME marks, and once we are notified, decide how we react. In some cases, we should be able to dismiss a trademark owner's claims entirely. Although someone owns the Git trademark, since our use of git is not likely to cause confusion to people, we don't have to worry of our use as infringing. In other cases we might decide that our use of their mark falls under fair use and thus not infringing. When we are contacted by a owner of a trademark on which we believe we are infringing, the safest thing for us to do legally is to cease all use of the mark. The easiest thing for us to do is to ignore their claim. We'll need to figure out where we want to land between these two extremes, and here again, there is tension. I don't believe it is as simple as you state it: ...that seems like something that will have to stop if the GNOME foot is not free software because of some restrictive TM license. Because by that argument tells us that we have to rename all GNOME software, since the trademark license is restrictive about how we use GNOME. I think it is clear in the case of the foot/swirl icon, which has been definitively identified as infringing on their mark in a way which is objectionable to the owners of the mark, we should cease the distribution and/or use of this icon. There perhaps is little tension here. When they tell us that our non-compliance with their trademark policy in areas like using GNOME in all lowercase letters is objectionable, there will be considerable trouble in resolving this. It disappoints me when free software projects use proprietary frosting to restrict user freedom, but it seems like an old chestnut rather than a new problem requiring a new GR. Since we are in the position of having to decide on multiple different outcomes, none of which are 100% desirable, and that this is not likely to be the last time that such a situation will arise, I believe it might be wise to reach a consensus about how the project wants to handle these situations. The best means to do this might be to memorialize this using a GR. stew p.s. You used the term old chestnut twice. If is some kind of colloquialism that might carry additional meaning, it is not one I'm familiar with,
Bug#633617: dtc-core: config script gives false/misleading information
Package: dtc-core Version: 0.32.10-2 Severity: normal debian/dtc-core.templates contains this: In any case, please make sure that your MySQL root password is set. As per default, Debian installs it with a blank password. To set your MySQL root password, issue the following command: dpkg-reconfigure mysql-server-5.0. You've been warned! I have two problems, one is that debian doesn't not default to installing with a blank password, the other is that mysql-server-5.0 is not a package that is currently in debian. -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (600, 'unstable'), (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.39-2-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#633643: libnatpmp: missing license in copyright file
Source: libnatpmp Version: 20101211-2 Severity: serious Justification: Policy 12.5 Some of the source files carry a MIT like license which is not mentioned in the package copyright file bye, stew -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (600, 'unstable'), (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.39-2-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#633616: dtc-xen_finish_install is suspect
On Tue, 12 Jul 2011 20:08:30 +0800, Thomas Goirand tho...@goirand.fr wrote: It assumes I have ssh installed. If I don't, the script terminates early with an error. Sure, it assumes sshd to be installed: that's the hole point of the script! Do you think it should be made more explicit? If so, please suggest something else that what is already in the Debconf template: This doesn't seem to be the whole point of the script. The script is doing several things. But in any case, if this script needs to be run to complete the installation of this package, and this script cannot execute without openssh-server installed, then you need to depend on openssh-server. The script does a poor job of interpreting /etc/ssh/sshd_config: grep AllowTcpForwarding no /etc/ssh/sshd_config is not a reliable way to see if TCPForwarding is disabled. If that fails, then grep AllowTcpForwarding /etc/ssh/sshd_config is not a reliable way to see if TCPForwarding is enabled. Remember that the goal is to provide a helper to quickly disable port forwarding. It does work on a freshly installed server. I don't mind improving the script if you can think of improvements. How would you do it then? Do you understand why these are currently inadequate? If so, I'd hope they'd be trivial to imporove. The script checks to see what stuff might exist in /usr/share/dtc-xen-os, which doesn't seem to be a directory in any debian package. I don't seem to find any documentation that tells me what might go there. The /usr/share/dtc-xen-os is a repository of OS templates that can be installed automatically by dtc-xen (see man dtc_reinstall_os, particularly the -os option). Of course, these aren't available in Debian, I don't see the security team doing the security updates of other distributions (and frankly, the images we provide are on the best effort basis, some should be upgraded). dtc_reinstall_os would download them? how do I do that? Am I to understand that I would run dtc_reinstall_os with some parameters after installing the package, but before running dtc-xen_finish_install? If so, shouldn't this be mentioned somewhere? (If it is, please show me where). Then you tell the user that they should add a sources.list entry for a third party repsitory which seems to have packages for lenny ?!? Why is this. Are there packages in this repository that are needed for using dtc-xen? Yes, see above. The packages in the repository for Lenny are working without any issue in any Debian release anyway, it's just some tar.gz and some tiny scripts to do the setup of these images. Is it the case that we can expect any user of this software to want those scripts and .tar.gzs? It appears that since /usr/share/dtc-xen-os doens't exist, you will then tell the user to run: apt-get install Which seems rather pointless. were you going to tell them to apt-get update? apt-key add? The idea is to give pointers to the user that there are some image templates available. I agree that the message needs to be updated, and I will. But now, do you really think that an administrator wouldn't know how to use apt? Well, the rest of this script is making assumptions that given pointers the administrator isn't able to make changes to sudoers or sshd_config, so, I dunno, you tell me. Thomas pgp0XgVngZwpz.pgp Description: PGP signature
Bug#633643: libnatpmp: missing license in copyright file
On Tue, 12 Jul 2011 21:43:02 +0800, Thomas Goirand tho...@goirand.fr wrote: On 07/12/2011 08:43 PM, Mike O'Connor wrote: Source: libnatpmp Version: 20101211-2 Severity: serious Justification: Policy 12.5 Some of the source files carry a MIT like license which is not mentioned in the package copyright file bye, stew Would you mind to be a little bit more specific? compare this text: Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. * The name of the author may not be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. to this text: * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED AS IS AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ They are quite different. bye, stew pgpsaG8Np0Qb6.pgp Description: PGP signature
Bug#552995: unable to reproduce
tag 552995 + unreproducible thanks I'm not able to reproduce this with a current version of emacs and ecb. I suspect that whatever was causing your problem has since been fixed. Can you confirm whether or not you are still able to reproduce this bug? Thanks, stew pgpwDce4x1n1l.pgp Description: PGP signature
Bug#269794: unreproducible
tag 269794 + unreproducible tag 471693 + unreproducible tag 426805 + unreproducible tag 384590 + unreproducible thanks I'm not able to produce this bug with current versions of emacs/ecb. As these bugs were filed a long time ago, I believe it is quite possible that these bugs were fixed by previous uploads of either emacs or ecb. Can you verify if this bug is still reproducible? Thanks, stew pgpxfbtvg0XFk.pgp Description: PGP signature
Bug#633616: dtc-xen_finish_install is suspect
On Tue, 12 Jul 2011 23:30:19 +0800, Thomas Goirand tho...@goirand.fr wrote: On 07/12/2011 09:23 PM, Mike O'Connor wrote: Remember that the goal is to provide a helper to quickly disable port forwarding. It does work on a freshly installed server. I don't mind improving the script if you can think of improvements. How would you do it then? Do you understand why these are currently inadequate? If so, I'd hope they'd be trivial to imporove. Are we doing a cat and mouse game here? I will reiterate: what is your suggestion? Something like a grep -v to remove any lines with the directive, then adding it at the end of the file? This would work, but would also remove any commented out directive. A sed -i wouldn't be any better to me. I can't think of any solution that would be 100% clean, and this never has been the goal anyway. It's just a time saver, and also points to the administrator what should be done. In fact, I would expect an experienced administrator to have a look to the script content. Maybe that's a wrong assumption? Please reread my concern. Its not what you are doing to modify the file, but how you are determining if you think the file should be modified. I think if you are not even trying to do this accurately, you should not attempt to modify a file like sshd_config. The /usr/share/dtc-xen-os is a repository of OS templates that can be installed automatically by dtc-xen (see man dtc_reinstall_os, particularly the -os option). Of course, these aren't available in Debian, I don't see the security team doing the security updates of other distributions (and frankly, the images we provide are on the best effort basis, some should be upgraded). dtc_reinstall_os would download them? how do I do that? Am I to understand that I would run dtc_reinstall_os with some parameters after installing the package, but before running dtc-xen_finish_install? If so, shouldn't this be mentioned somewhere? (If it is, please show me where). No. What you'd do would be adding the repository where the templates are, then install them in your system. For example: apt-get install dtc-xen-os-ubuntu-amd64-9.04 dtc-xen-os-suse-11.1-x86-64 dtc-xen-os-netbsd5-amd64 dtc-xen-os-elastix-centos5.5-amd64 So you suggest to the user what 3rd party pacakge they should install by inspecting a directory which is only created by installing the 3rd party packages? This doesn't make sense to me. It appears that since /usr/share/dtc-xen-os doens't exist, you will then tell the user to run: apt-get install Which seems rather pointless. were you going to tell them to apt-get update? apt-key add? The idea is to give pointers to the user that there are some image templates available. I agree that the message needs to be updated, and I will. But now, do you really think that an administrator wouldn't know how to use apt? ok, but why would you tell, even someone that knows how to use apt to run apt-get install with no package names? The script is just there to do things faster than with a text editor. It's a helper, nothing more. It's not designed to be very clean either. You don't have to use it if you don't feel like it. Doing things by hand is ok too. If its not trying to do things cleanly, please don't edit files like /etc/sudoers and /etc/ssh/sshd_config. This seems like instructions that should just go into README.Debian. If it is the case that You dont have to use it, why do you tell the user via debconf that this is a script that you need to run? But one thing for sure: if you are granting access to virtual machines to untrusted users, you should avoid at all costs to enable the sudoers thing (which opens the ssh for the virtual users) without removing the port forwarding, because that's a security issue (using port forwarding, you can access the tty1 of another VM, and do all sorts of nasty things). And since you are not designing the script to do the second accurately, please do not do the first. By the way, I've added more echo in the script to explain the above, and to suggest the administrator to inspect the result. Please have a look to the new version, and let me know what you think: http://git.gplhost.com/gitweb/?p=dtc-xen.git;a=blob;f=src/dtc-xen_finish_install;h=b672bacf201be54ecc18c7af494c084befc4c8ee;hb=b3432d5dbb603e3a14f0fa39df83738627283f65 I'd like to avoid editing the dtc-xen Debconf template if possible, because that means a lot of work for translators. Thomas pgpmzTjkIdL2a.pgp Description: PGP signature
Bug#633665: tumgreyspf: inaccurate copryight file
Source: tumgreyspf Version: 1.35-7 Severity: serious Justification: Policy 12.5 As discussed offline in email with maintainer, this package claims that the software is GPL-2+, when it seems that there is no reason to believe it is anything other than GPL-1 bye, stew -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.39-1-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#633666: user/group created by dtc-stats-daemon in postinst should be a system user
Package: dtc-stats-daemon Version: 0.32.10-2 Severity: normal the package creates a new group and new user in postinst. According to policy 9.2.2, a package requiring a user should be allocating system users. bye, stew -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (600, 'unstable'), (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.39-2-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#633665: tumgreyspf: inaccurate copryight file
anything other than GPL-1 Pardon me, that should read anything other than GPL-2 stew pgpdWscDnjHrg.pgp Description: PGP signature
Bug#633579: mlmmj: inadequate debian/copyright
Source: mlmmj Version: 1.2.17-2 Severity: serious Justification: Policy 12.5 find_email_adr.c is the source package is a 4-clause BSD license. This license is not documented in any of the copyright files. This needs to be documented, as does the copyright holder of this file. As an asside. Is there a reason not to put the copyright file in debian/copyright as recommended by policy 12.5? bye, stew -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.39-1-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#633580: dtc: inadequate debian/copyright
Source: dtc Version: 0.32.10-2 Severity: serious Justification: Policy 12.5 shared/gfx/xanjaxXHR.js appears to be distributed under the AGPL, but this license isn't mentioned in debian/copyright. (there are also several other copies of this same file) --- debian/copyright contains the following: License: PHP 2.02 This source file is subject to version 2.02 of the PHP license, that is bundled with this package in the file LICENSE, and is available at through the world-wide-web at http://www.php.net/license/2_02.txt. If you did not receive a copy of the PHP license and are unable to obtain it through the world-wide-web, please send a note to lice...@php.net so we can mail you a copy immediately. please include a verbatim copy of the license text. --- shared/gfx/skin/grayboard/css/slide.css is GPL-3, but this license is not mentioned in debian/copyright --- This package contains many minimized .js files for which there is no source. --- There might be other problems. I did not verify the accuracy of the statements in debian/copyright to see which files are under which licenses, but just looked to see if there were licenses which were un-documented. bye, stew -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.39-1-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#633600: nova: inadequate copyright file
Source: nova Version: 2011.2-1 Severity: serious Justification: Policy 12.5 In reviewing this source package, I find several problems with the copyright file: tools/ajaxterm/sarissa* are LGPL, but this is not mentioned in debian/copyright. The rest of ajaxterm is public domain In the smoketests directory, i find: openwrt-x86-ext2.image openwrt-x86-vmlinuz one seems to be a kernel, the other an ext2 image with a kernel and grub. The licenses for these are not mentioned in debian/copyright, and I do not find source for these The license and copyright notice from nova/virt/xenapi/fake.py does not appear contrib/boto_v6 is under a MIT like license that is not mentioned in debian/copyright, nor are its copyright holders bin/nova-manage carries a BSD license which is not mentioned in debian/copyright, nor are its copyright holders bye, stew -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#633602: sbox-dtc: should allocate a system user/group
Package: sbox-dtc Version: 1.11.3-1 Severity: normal sbox-dtc uses groupadd/useradd without -r. According to policy 9.2.2, a package requiring a user should be allocating system users. when the package is purged, this user/group is left on the system. thanks, stew -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (600, 'unstable'), (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.39-2-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages sbox-dtc depends on: ii debconf [debconf-2.0 1.5.39 Debian configuration management sy ii libc62.13-6 Embedded GNU C Library: Shared lib ii libdotconf1.01.0.13-3Configuration file parser library ii passwd 1:4.1.4.2+svn3283-3 change and administer password and Versions of packages sbox-dtc recommends: ii apache2 2.2.19-1 Apache HTTP Server metapackage ii apache2-mpm-prefork [httpd-cg 2.2.19-1 Apache HTTP Server - traditional n sbox-dtc suggests no packages. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#633603: sbox-dtc: logrotate script recreates log with wrong user/group
Package: sbox-dtc Version: 1.11.3-1 Severity: normal when I install sbox-dtc, it creates /var/log/sbox.log owned by dtc:dtcgrp However, the logrotate file it installs has: create 640 www-data www-data Seems like these cant both be correct. Should the adm group be givin read permission to this log? Does the dtcgroup need permission to read this log? thanks stew -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (600, 'unstable'), (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.39-2-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages sbox-dtc depends on: ii debconf [debconf-2.0 1.5.39 Debian configuration management sy ii libc62.13-6 Embedded GNU C Library: Shared lib ii libdotconf1.01.0.13-3Configuration file parser library ii passwd 1:4.1.4.2+svn3283-3 change and administer password and Versions of packages sbox-dtc recommends: ii apache2 2.2.19-1 Apache HTTP Server metapackage ii apache2-mpm-prefork [httpd-cg 2.2.19-1 Apache HTTP Server - traditional n sbox-dtc suggests no packages. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#633613: dtc-xen: purge does not remove all files
Package: dtc-xen Version: 0.5.14-1 Severity: normal While purging the package, I get: dpkg: warning: while removing dtc-xen, directory '/usr/share/dtc-xen' not empty so not removed. When I inspect: # ls /usr/share/dtc-xen/ Properties.pyc daemon.pyc -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (600, 'unstable'), (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.39-2-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#633613: also /etc/dtc-xen
I also see that: authorized_keys2 dtc-xen-firewall-custom-rules dtc-xen-firewall.sh dtc-xen.cert.cert dtc-xen.cert.csr dtc-xen.cert.key htpasswd privkey.pem are all left in /etc/dtc-xen after purging both dtc-xen and dtc-xen-firewall. pgpfCVAWhc3PS.pgp Description: PGP signature
Bug#633615: dtc-xen: vgdisplay_free_size is either useless or broken
Package: dtc-xen Version: 0.5.14-1 Severity: minor I cannot figure out why /usr/sbin/vgdisplay_free_size is useful. It assumes that you have a lvm named lvm1? I don't see anything in dtc-xen that creates a lvm1. The only other reference I see is that the fsckVPSpartition verb in the SOAP server also seems to make the same assumption that you have lvm1. (Do we assume this is also broken). I do see that vgdisplay_free_size is called by the SOAP sever in the getFreeSpace function. If this command is really supposed to be called by the SOAP server and not by the system administrator, it should be in /usr/lib, not /usr/sbin stew -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (600, 'unstable'), (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.39-2-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#633616: dtc-xen_finish_install is suspect
Package: dtc-xen Version: 0.5.14-1 Severity: normal I find a number of issues with /usr/sbin/dtc-xen_finish_install The user is told via debconf that this script should be run to finish the install of dtc-xen. This script however seems to do I bunch of things that I find suspect. chown root:xenusers /usr/bin/dtc-xen_userconsole chmod -s /usr/bin/dtc-xen_userconsole Why are we doing this? did you mean /bin/dtc-xen_userconsole? Even if you did, what is the point of changing the group owner? (afaict this doesn't give the group any extra privileges, since it is 0644 anyway) It assumes I have ssh installed. If I don't, the script terminates early with an error. The script does a poor job of interpreting /etc/ssh/sshd_config: grep AllowTcpForwarding no /etc/ssh/sshd_config is not a reliable way to see if TCPForwarding is disabled. If that fails, then grep AllowTcpForwarding /etc/ssh/sshd_config is not a reliable way to see if TCPForwarding is enabled. The script checks to see what stuff might exist in /usr/share/dtc-xen-os, which doesn't seem to be a directory in any debian package. I don't seem to find any documentation that tells me what might go there. Then you tell the user that they should add a sources.list entry for a third party repsitory which seems to have packages for lenny ?!? Why is this. Are there packages in this repository that are needed for using dtc-xen? It appears that since /usr/share/dtc-xen-os doens't exist, you will then tell the user to run: apt-get install Which seems rather pointless. were you going to tell them to apt-get update? apt-key add? -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (600, 'unstable'), (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.39-2-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#632142: reassign to emacs23
reassign 632142 emacs23 thanks So the problem here is really that cedet, speedbar, eieio are now implemented by emacs directly. These packages, which are no longer in testing/unstable, should not have targetted emacs23. But since that cat is already out of the bag, the easiest way to avoid this problem in the future would probably be for emacs23 to conflict with these older packages, which will help avoid this problem for people upgrading from squeeze to wheezy. Therefore, I'm reassigning this bug from ecb to emacs23. Thanks, stew pgpRThTPDGbYE.pgp Description: PGP signature
Bug#632142: how is cedet installed?
When you say Installing ecb results in a broken package due to several errors regarding missing libs from CEDET (though all such packages are installed) What packages do you mean? CEDET is part of emacs, so there should be no additional packages. Do you have cedet packages installed From stable or oldstable? Perhaps I need to Conflict with those. Do you have a cedet directory in /usr/share/emacs23/site-lisp ? Thanks, stew pgp5nGhgPHAK5.pgp Description: PGP signature
Bug#632652: Invalid maintainer email address
Source: gecko-mediaplayer Severity: serious Justification: 3.3 Trying to email the maintainer of this package results in: 550 5.1.1 norse...@ubuntu.com: Recipient address rejected: User unknown in virtual alias table A valid email address is required by policy 3.3. bye, stew pgpNUXdKV9bm5.pgp Description: PGP signature
Bug#632653: Invalid maintainer email address
Source: gnome-mplayer Severity: serious Justification: 3.3 Trying to email the maintainer of this package results in: 550 5.1.1 norse...@ubuntu.com: Recipient address rejected: User unknown in virtual alias table A valid email address is required by policy 3.3. bye, stew pgpx085QwAYXN.pgp Description: PGP signature
Bug#632654: Invalid maintainer email address
Source: tolua++ Severity: serious Justification: 3.3 Trying to email the maintainer of this package results in: 550 5.1.1 norse...@ubuntu.com: Recipient address rejected: User unknown in virtual alias table A valid email address is required by policy 3.3. bye, stew pgpzYSNwE7WGp.pgp Description: PGP signature
Bug#632655: Invalid maintainer email address
Source: conky Severity: serious Justification: 3.3 Trying to email the maintainer of this package results in: 550 5.1.1 norse...@ubuntu.com: Recipient address rejected: User unknown in virtual alias table A valid email address is required by policy 3.3. bye, stew pgpekkDDBhmwd.pgp Description: PGP signature
Bug#632410: O: gtkglext -- OpenGL Extension to GTK+ (shared libraries)
Package: wnpp Severity: normal After discovering that this package was no longer maintained, I had the oppertunity to speak to the listed maintainer of this package, who indicated that he is no longer participating in Debian, and his packages should be orphaned The package description is: GtkGLExt provides the GDK objects to support OpenGL rendering in GTK+, and GtkWidget API add-ons to make GTK+ widgets OpenGL-capable. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#632411: O: pidgin-audacious -- pidgin integration with Audacious
Package: wnpp Severity: normal The maintainer of this package has indicated to me that he is no loner participating in the Debian project and that his packages should be orphaned. The package description is: pidgin-audacious is a plugin for pidgin which provides integration with Audacious. . It supports features like updating your userinfo with your currently playing track, and adding your currently playing track to your MSN friendly name. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#632412: O: pidgin-mpris -- sets your available message to your currently playing track
Package: wnpp Severity: normal The maintainer of this package has indicated to me that he is no loner participating in the Debian project and that his packages should be orphaned. The package description is: The pidgin-mpris plugin sets the title of a currently playing track in a user selected MPRIS-complaint media player as your away or available message. . The following players are supported: VLC (VideoLAN), BMPx, Audacious 1.4. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#632413: O: qpopper -- Enhanced Post Office Protocol server (POP3)
Package: wnpp Severity: normal The maintainer of this package has indicated to me that he is no loner participating in the Debian project and that his packages should be orphaned. The package description is: This is The Qualcomm enhanced version of the Post Office Protocol Daemon (POP3 daemon), based on the latest BSD version. The QualComm popper has some extensions to the normal pop3 daemon, such as UIDL and bulletin support. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#632414: O: upse
Package: wnpp Severity: normal The maintainer of this package has indicated to me that he is no loner participating in the Debian project and that his packages should be orphaned. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#632262: Invalid maintainer address
Source: upse Justification: 3.3 Severity: serious The listed maintainer of this package is William Pitcock neno...@sacredspiral.co.uk, however the only listed MX record for this domain is unusable: stew@tang:~ $ host -t mx sacredspiral.co.uk sacredspiral.co.uk mail is handled by 5 ifrit.dereferenced.org. stew@tang:~ $ telnet ifrit.dereferenced.org 25 Trying 66.212.21.15... telnet: Unable to connect to remote host: No route to host A valid email address is required by policy 3.3. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#632263: Invalid maintainer address
Source: qpopper Justification: 3.3 Severity: serious The listed maintainer of this package is William Pitcock neno...@sacredspiral.co.uk, however the only listed MX record for this domain is unusable: stew@tang:~ $ host -t mx sacredspiral.co.uk sacredspiral.co.uk mail is handled by 5 ifrit.dereferenced.org. stew@tang:~ $ telnet ifrit.dereferenced.org 25 Trying 66.212.21.15... telnet: Unable to connect to remote host: No route to host A valid email address is required by policy 3.3. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#632264: Invalid maintainer address
Source: pidgin-mpris Justification: 3.3 Severity: serious The listed maintainer of this package is William Pitcock neno...@sacredspiral.co.uk, however the only listed MX record for this domain is unusable: stew@tang:~ $ host -t mx sacredspiral.co.uk sacredspiral.co.uk mail is handled by 5 ifrit.dereferenced.org. stew@tang:~ $ telnet ifrit.dereferenced.org 25 Trying 66.212.21.15... telnet: Unable to connect to remote host: No route to host A valid email address is required by policy 3.3. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#632266: Invalid maintainer address
Source: gtkglext Justification: 3.3 Severity: serious The listed maintainer of this package is William Pitcock neno...@sacredspiral.co.uk, however the only listed MX record for this domain is unusable: stew@tang:~ $ host -t mx sacredspiral.co.uk sacredspiral.co.uk mail is handled by 5 ifrit.dereferenced.org. stew@tang:~ $ telnet ifrit.dereferenced.org 25 Trying 66.212.21.15... telnet: Unable to connect to remote host: No route to host A valid email address is required by policy 3.3. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#632265: Invalid maintainer address
Source: pidgin-audacious Justification: 3.3 Severity: serious The listed maintainer of this package is William Pitcock neno...@sacredspiral.co.uk, however the only listed MX record for this domain is unusable: stew@tang:~ $ host -t mx sacredspiral.co.uk sacredspiral.co.uk mail is handled by 5 ifrit.dereferenced.org. stew@tang:~ $ telnet ifrit.dereferenced.org 25 Trying 66.212.21.15... telnet: Unable to connect to remote host: No route to host A valid email address is required by policy 3.3. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#630818: Invalid Maintainer
Package: diff-ext Version: 0.3.2-1.1 Severity: serious Justification: Policy 3.3 The listed maintainer of this package is: Maintainer: Andrea Veri andrea.ver...@gmail.com However, attempting to email this address results in: andrea.ver...@gmail.com SMTP error from remote mail server after RCPT TO:andrea.ver...@gmail.com: host gmail-smtp-in.l.google.com [74.125.91.27]: 550-5.1.1 The email account that you tried to reach does not exist. Please try 550-5.1.1 double-checking the recipient's email address for typos or 550-5.1.1 unnecessary spaces. Learn more at 550 5.1.1 http://mail.google.com/support/bin/answer.py?answer=6596 e3si7091155qcs.29 bye, stew -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.38-2-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#630830: xorg: licenses / copyright statements missing from copyright file
Source: xorg Version: 1:7.6+7 Severity: serious Justification: Policy 12.5 The debian/copyright for this package is confusing to me. It seems to try to indicate that the copyright holder of this software changes depending on whether this is a debian or a ubuntu package? Can this be clarified? There are licenses in the source code which are not present in debian/copyright. For example, much of the software is GPL-2 licensed, but there is no mention of the GPL-2. There seem to be many copyright holders which should be listed in debian/copyright which are not. xsf-docs/COPYING specifies a copyright holder which MUST be mentioned in debian/copyright in order to comply with the distribution license: © 2010-2011 Cyril Brulebois k...@debian.org thanks, stew -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#630551: ifupdown: please don't include network and broadcast in example configurations
Package: ifupdown Version: 0.6.10 Severity: wishlist one of the first examples in /usr/share/doc/ifupdown/exmamples/network-interfaces.gz is: # auto eth0 # iface eth0 inet static # address 192.168.0.42 # network 192.168.0.0 # netmask 255.255.255.0 # broadcast 192.168.0.255 # gateway 192.168.0.1 I think we should be removing network and broadcast from these examples. These addresses should be calculated correctly except in cases where the user is doing sometihng so very non-standard that they know enough to find these options on their own. Showing these settings to the casual user risks making the casual user think that they should be specifying these options, which are almost never ever needed, and therefore needlessly introducing a place to make errors. thanks, stew -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (600, 'unstable'), (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.39-2-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages ifupdown depends on: ii libc6 2.13-6 Embedded GNU C Library: Shared lib ii lsb-base 3.2-27 Linux Standard Base 3.2 init scrip ii net-tools 1.60-24The NET-3 networking toolkit ifupdown recommends no packages. Versions of packages ifupdown suggests: ii dhcp3-client 4.1.1-P1-17 ISC DHCP server (transitional pack ii iproute 20110315-1 networking and traffic control too ii isc-dhcp-client [dhcp3-clien 4.1.1-P1-17 ISC DHCP client pn ppp none (no description available) -- debconf information excluded -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#617303: pending hijack
tags 617303 +pending tags 617303 +fixed-upstream tags 548854 +pending thanks Since the maintainer of this package seems MIA, and hasn't responded to any of the bugs in this package in the last few years, I intend to hijack this package. I've sent the maintainer a private email, and I uploaded a fix to delayed/3. http://git.vireo.org/ecb.git has my git repository of the package I've uploaded. stew pgpi9zinouxPe.pgp Description: PGP signature
Bug#627867: RM: notmuchsync -- ROM; ; NPOASR, obsolete
Package: ftp.debian.org Severity: normal The functionality of notmuchsync has now been integrated into notmuch itself as of the 0.5 release of notmuch, which is now available for all arches in both testing and unstable, so this package is no longer of much value. thanks, stew -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#627867: notmuchsync
On Wed, 25 May 2011 02:54:47 +, Clint Adams cl...@debian.org wrote: Strictly speaking, it doesn't do the equivalent of notmuchsync -p. sure, but notmuch search --output=files tag:delete | xargs rm does, and I don't think this alone warrants keeping notmuchsync. pgp8MXt9yG4KK.pgp Description: PGP signature
Bug#344926: you mistakenly closed another again
On Sat, 14 May 2011 20:40:05 +0800, jida...@jidanni.org wrote: You mistakenly closed another again. Well maybe this one is fixed anyway. This bug was automatically closed when the package it was assigned to (yaird) was removed from debian. Since the software this bug pertains to is no longer in debian, there is no reason for this bug to remain open. If you think that this bug is still existant in debian, and is still reproducable with software in debian, please reassign the bug to the correct package and reopen it. stew pgphIYq6oZwcC.pgp Description: PGP signature
Bug#624457: rkhunter: invalid maintainer address
Package: rkhunter Version: 1.3.8-3 Severity: serious Justification: Policy 3.3 The 1.3.8-3 upload of rkhunter had the Maintainer listed as: Maintainer: Debian Forensics forensic-de...@lists.alioth.debian.org However, emailing that address results in: SMTP error from remote mail server after RCPT TO:forensic-de...@lists.alioth.debian.org: host lists.alioth.debian.org [217.196.43.134]: 550 Unrouteable address I believe you wanted forensics-devel instead of forensic-devel. bye, stew -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.37-2-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#624463: unhide.rb: invalid maintainer address
Package: unhide.rb Version: 12-1 Severity: serious Justification: Policy 3.3 the unhide.rb packages lists this as Maintainer: Debian Forensics forensic-de...@lists.alioth.debian.org however, emailing that address results in: SMTP error from remote mail server after RCPT TO:forensic-de...@lists.alioth.debian.org: host lists.alioth.debian.org [217.196.43.134]: 550 Unrouteable address I believe you want forensics-devel instead of forensic-devel. bye, stew -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.37-2-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#624464: rsakeyfind: invalid maintainer address
Package: rsakeyfind Version: 1.0.0-1 Severity: serious Justification: Policy 3.3 the rsakeyfind packages lists this as Maintainer: Debian Forensics forensic-de...@lists.alioth.debian.org however, emailing that address results in: SMTP error from remote mail server after RCPT TO:forensic-de...@lists.alioth.debian.org: host lists.alioth.debian.org [217.196.43.134]: 550 Unrouteable address I believe you want forensics-devel instead of forensic-devel. bye, stew -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.37-2-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#617688: b43-fwcutter: debian/copyright lists incorrect license, missing copyright holders
Source: b43-fwcutter Version: 1:013-3 Severity: serious Justification: Policy 12.5 debian/copyright states that this package is GPL, however, it appears to have a 2 clause BSD license, and some code in the public domain. The BSD license requires that copyright holders be listed, and they are not all listed in debian/copyright. thanks, stew -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#610257: Bug#610300: dropbox 1.0.17 distribution now complies to copyright complaints
On Tue, 15 Feb 2011 20:37:34 -0800, Vincent Cheng vincentc1...@gmail.com wrote: As promised earlier, I've re-packaged Dropbox (based off of Ivan's work) and have tried to address the licensing issues in the packaging. I would be grateful if any Debian developers/maintainers could look through my packaging and help me resolve any further licensing issues that I missed, and perhaps even sponsor my package. Thank you! The package can be found on mentors.debian.net: - URL: http://mentors.debian.net/debian/pool/non-free/d/dropbox - Source repository: deb-src http://mentors.debian.net/debian unstable main contrib non-free - dget http://mentors.debian.net/debian/pool/non-free/d/dropbox/dropbox_1.0.20-1.dsc Best regards, ~ Vincent Cheng vincentc1...@gmail.com As mentioned previously, without a distribution license for this software. we cannot distribute it. Please get upstream to clarify what the terms are for distributing their software. Their README and ACKNOLOEGEMENTS files talk about the licenses for distributing the software they agregate, but not for the software for which they claim copyright. stew pgpa1wlpCZs9t.pgp Description: PGP signature
Bug#613656: ITP: libapp-repl-perl -- Perl interactive shell
Do we really need libshell-perl-perl and libapp-repl-perl and perl-console (which is already in the repos)? Do either of these new ITPs provide any functionality that we don't already have in debian? bye, stew On Wed, 16 Feb 2011 22:16:59 +0900 (JST), TANIGUCHI Takaki tak...@debian.org wrote: Package: wnpp Owner: tak...@debian.org Severity: wishlist * Package name: libapp-repl-perl Version : 0.012 Upstream Author : Julian Fondren, ayrn...@cpan.org * URL or Web page : http://search.cpan.org/dist/App-REPL/ * License : Perl Description : Perl interactive shell -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110216131659.6E2E1F20B8@vanaheim pgpK5yZeZ94ez.pgp Description: PGP signature
Bug#613656: ITP: libapp-repl-perl -- Perl interactive shell
App::Repl and Shell::Perl seem to do the same thing? How do they
differ? do we need both?
bye,
mike
On Wed, 16 Feb 2011 23:02:20 +0900, TANIGUCHI Takaki tak...@asis.media-as.org
wrote:
Hi,
App::Repl and Shell::Perl have better output.
I think Devel::Perl is not useful.
Please see sample output.
re.pl(Devel::Perl)
$ use CGI
$ CGI-new
$CGI1 = CGI=HASH(0x3e38f60);
App::REPL
App::REPL _ use CGI
App::REPL _ CGI-new
$VAR1 = bless( {
'.parameters' = [],
'use_tempfile' = 1,
'.charset' = 'ISO-8859-1',
'.fieldnames' = {},
'param' = {},
'escape' = 1
}, 'CGI' );
Shell::Perl
pirl @ use CGI
@var = ();
pirl @ CGI-new
@var = (
bless( {
'.parameters' = [],
'use_tempfile' = 1,
'.charset' = 'ISO-8859-1',
'.fieldnames' = {},
'param' = {},
'escape' = 1
}, 'CGI' )
);
Regards,
On Wed, 16 Feb 2011 08:46:06 -0500
s...@debian.org(Mike O'Connor) said:
[1 text/plain (quoted-printable)]
Do we really need libshell-perl-perl and libapp-repl-perl and
perl-console (which is already in the repos)?
Do either of these new ITPs provide any functionality that we don't
already have in debian?
bye,
stew
On Wed, 16 Feb 2011 22:16:59 +0900 (JST), TANIGUCHI Takaki
tak...@debian.org wrote:
Package: wnpp
Owner: tak...@debian.org
Severity: wishlist
* Package name: libapp-repl-perl
Version : 0.012
Upstream Author : Julian Fondren, ayrn...@cpan.org
* URL or Web page : http://search.cpan.org/dist/App-REPL/
* License : Perl
Description : Perl interactive shell
--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact
listmas...@lists.debian.org
Archive: http://lists.debian.org/20110216131659.6E2E1F20B8@vanaheim
[2 application/pgp-signature (7bit)]
--
谷口 貴紀 (TANIGUCHI Takaki)tak...@asis.media-as.org
http://takaki-web.media-as.org/ tak...@debian.org
pgpMhwz5ntYB6.pgp
Description: PGP signature
Bug#610257: Bug#610300: dropbox 1.0.17 distribution now complies to copyright complaints
On Mon, 24 Jan 2011 15:41:47 -0800 (PST), Rian Hunter r...@dropbox.com wrote: hi all we recently released a distribution of dropbox that corrects all the complains listed in these debian bug reports. thanks for the feedback, please let me know if there is anything i can do to make dropbox comply to any more possible copyright requirements. get the new build at: http://forums.dropbox.com/topic.php?id=31870 check the README or ACKNOWLEDGEMENTS files included in the distribution for the required copyright notices. thanks a lot! rian Rian, I don't see a license for dropbox in either the README nor ACKNOWLEDGEMENTS. I only see licenses for 3rd party software you agregated. I also don't find source code for this release. Forgive me if I'm overlooking something obvious. thanks, stew pgpoXUYSDxhRj.pgp Description: PGP signature
Bug#610776: notmuch-show-view-raw-message stopped working
Package: notmuch Version: 0.5+nmu2 Severity: normal since upgrading to 0.5+nmu2, notmuch-show-view-raw-message has stopped working. When running it in notmuch-show mode, I just get the message: notmuch-show-message-top: Beginning of buffer -- System Information: Debian Release: 6.0 APT prefers unstable APT policy: (600, 'unstable'), (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages notmuch depends on: ii libc6 2.11.2-8 Embedded GNU C Library: Shared lib ii libglib2.0-0 2.24.2-1 The GLib library of C routines ii libgmime-2.4-2 2.4.14-1+nmu1 MIME message parser and creator li ii libnotmuch10.5+nmu2 thread-based email index, search a ii libtalloc2 2.0.4-1 hierarchical pool based memory all notmuch recommends no packages. Versions of packages notmuch suggests: ii emacs23.2+1-7The GNU Emacs editor (metapackage) ii vim 2:7.3.035+hg~8fdc1210-1 Vi IMproved - enhanced vi editor pn vim-addon-ma none (no description available) -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#610776: only in emacs-snapshot
severity 610776 minor thanks I realized today that this only happens with emacs-snapshot, not with emacs23, so downgrading to minor. FWIW: emacs-snapshot: Installed: 1:20110112-1 Candidate: 1:20110112-1 Version table: *** 1:20110112-1 0 500 http://emacs.naquadah.org/ unstable/ Packages 100 /var/lib/dpkg/status pgpInh9tbqSSH.pgp Description: PGP signature
Bug#610338: psi-plus: contains non-free icons; inadequate copyright file
Source: psi-plus Severity: serious Justification: Policy 2.2.1, Policy 12.5 There are many files which are LGPL-2.1+ and many files which are GPL2+, your debian/copyight is not accurate about this saying only that the software is LGPL-2+ and pointing to GPL instead of the LGPL -- I noticed that many of the icons in in the iconsets-psi-plus directory appear to be taken from non-free from various websites. For example, the icondef.xml file inside iconsets-psi-plus/affiliations/vista-halloween-affiliations.jisp reads: Based on Vista halloween Icons by Icons Land. This appears to be http://icons-land.com/vista-style-halloween-pumpkin-emoticons.php The icons look to be identical copies which have been resized. Other icon sets appear to be creative commons licensed, for example, smileys-affiliations/icondef.xml refers to http://p.yusukekamiyamane.com/ as the source, and this site is claiming the icons to be under creative commons which is not mentioned in debian/copyright I worry about the lack of a license for the icons which just claim to have been found on iconfinder.com, as that site constains many non-free icons. iconsets-psi-plus/emoticons/Android.jisp contains icons from the android project which is apache licensed, but this license isn't mentioned in debian/copyright iconsets-psi-plus/emoticons/kolobok* is non-free. There is a copyright file inside the .jisp files which is clearly non-free, and is also not included in debian/copyright At this point I stopped looking at licenses of the iconsets. It is quite clear that many of them are taking from non-free sources. Some might be redistributable and free, but with licenses not mentioned in debian/copyright. --- iris/src/jdns is MIT licensed, but this isn't mentioned in debian/copyright --- src/tools/crash/crash_sigsev* contains a license not mentioned in debian/copyright --- third-party/qca/qca/src/botantools contains multiple licenses not mentioned in debian/copyright --- I stop at this point. I didn't fully audit the source code, but it is clearly needed. -- System Information: Debian Release: 6.0 APT prefers unstable APT policy: (600, 'unstable'), (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#610338: only checked testing/unstable
found 610338 0.15~svn3447 thanks Have you seen updated packages? No, I only looked at the version in testint/unstable. Marking the bug accordingly. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#581232: not a bug
dpkg in lenny depends on lzma, so lzma must be Priority: required. dpkg in squeeze and later does not have this dependency, so the Priority: required is not warranted, and the override for this package was changed. This is intentional, and in no way a bug. so I'm closing this report. thanks, stew -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#609691: libtextcat: invalid maintainer address
Source: libtextcat Severity: serious Justification: Policy 3.3 The maintainer of this package is listed as: Daniele Favara no...@dsslive.org, however the dsslive.org domain doesn't accept email. A working email address is required by policy 3.3 -- System Information: Debian Release: squeeze/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#609612: bgoffice-computer-terms: invalid maintainer address
Package: bgoffice-computer-terms Severity: serious Justification: Policy 3.3 debian-addons-bg-maintain...@openfmi.net is not a valid email address, since its only listed MX server does not allow SMTP connections. This was discovered when dinstall tried to send email to the maintainers, which bounced. Subsequent emails from other machines also failed stew -- System Information: Debian Release: squeeze/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#609613: bgoffice-dict-downloader: invalid maintainer address
Package: bgoffice-dict-downloader Severity: serious Justification: Policy 3.3 the domain name of the Maintainer address does not accept email. -- System Information: Debian Release: squeeze/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#608969: docbookwiki: modified /etc/sudoers in the maintainer scripts
Package: docbookwiki Version: 0.9.1cvs-11 Severity: serious Justification: Policy 10.7.4 the maintainer scripts directly modify /etc/sudoers which is a conffile of the sudo package. -- System Information: Debian Release: 6.0 APT prefers unstable APT policy: (600, 'unstable'), (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages docbookwiki depends on: ii adduser 3.112+nmu2 add and remove users and groups ii apache2-mpm-prefork [http 2.2.16-4 Apache HTTP Server - traditional n pn dblatex none (no description available) ii debconf [debconf-2.0] 1.5.37 Debian configuration management sy pn docbook-dsssl none (no description available) pn docbook-utils none (no description available) ii docbook-xml 4.5-7 standard XML documentation system ii docbook-xsl 1.75.2+dfsg-5 stylesheets for processing DocBook ii gawk 1:3.1.7.dfsg-5 GNU awk, a pattern scanning and pr pn jadetex none (no description available) ii libapache2-mod-php5 5.3.3-6server-side, HTML-embedded scripti ii libxml2-utils 2.7.8.dfsg-2 XML utilities ii mysql-server 5.1.49-3 MySQL database server (metapackage ii mysql-server-5.1 [mysql-s 5.1.49-3 MySQL database server binaries and ii openssl 0.9.8o-4 Secure Socket Layer (SSL) binary a ii php5-cli 5.3.3-6command-line interpreter for the p ii php5-mysql5.3.3-6MySQL module for php5 ii subversion1.6.12dfsg-2 Advanced version control system ii sudo 1.7.4p4-5 Provide limited super user privile pn swish-e none (no description available) pn xmltexnone (no description available) ii xmlto 0.0.23-2 XML-to-any converter ii xsltproc 1.1.26-6 XSLT 1.0 command line processor docbookwiki recommends no packages. docbookwiki suggests no packages. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#608970: docbookwiki: copyright file is incomplete
Package: docbookwiki Version: 0.9.1cvs-15 Severity: serious Justification: Policy 12.5 There are many files in the tarball which are GFDL licensed some with and some without invariant sections, this license is not, however, mentioned in the copyright file -- System Information: Debian Release: 6.0 APT prefers unstable APT policy: (600, 'unstable'), (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages docbookwiki depends on: ii adduser 3.112+nmu2 add and remove users and groups ii apache2-mpm-prefork [http 2.2.16-4 Apache HTTP Server - traditional n pn dblatex none (no description available) ii debconf [debconf-2.0] 1.5.37 Debian configuration management sy pn docbook-dsssl none (no description available) pn docbook-utils none (no description available) ii docbook-xml 4.5-7 standard XML documentation system ii docbook-xsl 1.75.2+dfsg-5 stylesheets for processing DocBook ii gawk 1:3.1.7.dfsg-5 GNU awk, a pattern scanning and pr pn jadetex none (no description available) ii libapache2-mod-php5 5.3.3-6server-side, HTML-embedded scripti ii libxml2-utils 2.7.8.dfsg-2 XML utilities ii mysql-server 5.1.49-3 MySQL database server (metapackage ii mysql-server-5.1 [mysql-s 5.1.49-3 MySQL database server binaries and ii openssl 0.9.8o-4 Secure Socket Layer (SSL) binary a ii php5-cli 5.3.3-6command-line interpreter for the p ii php5-mysql5.3.3-6MySQL module for php5 ii subversion1.6.12dfsg-2 Advanced version control system ii sudo 1.7.4p4-5 Provide limited super user privile pn swish-e none (no description available) pn xmltexnone (no description available) ii xmlto 0.0.23-2 XML-to-any converter ii xsltproc 1.1.26-6 XSLT 1.0 command line processor docbookwiki recommends no packages. docbookwiki suggests no packages. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#602932: tilecache: Invalid maintainer address
Package: tilecache Severity: serious Justification: Policy 3.3 Trying to send email to the maintainer address of this package caused the following DSN: This message was created automatically by mail delivery software. A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed: crschm...@metacarta.com SMTP error from remote mail server after RCPT TO:crschm...@metacarta.com: host mail2.metacarta.com [72.9.52.52]: 550 No such user (crschm...@metacarta.com) stew -- System Information: Debian Release: squeeze/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#602869: gadmin-openvpn-server: puts logfile in /etc instead of /var/log
Package: gadmin-openvpn-server Version: 0.1.5-1 Severity: serious Justification: Policy 9.1.1 The configuration created by gadmin-openvpn-server contains these two lines: log/etc/gadmin-openvpn/server/openvpn-server.log status /etc/gadmin-openvpn/server/openvpn-server-status.log I don't see any way to change this from a client perspective. Logfiles should be placed in /var/log by the FHS. stew -- System Information: Debian Release: squeeze/sid APT prefers unstable APT policy: (600, 'unstable'), (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages gadmin-openvpn-server depends on: ii libatk1.0-0 1.30.0-1The ATK accessibility toolkit ii libc62.11.2-6Embedded GNU C Library: Shared lib ii libcairo21.8.10-6The Cairo 2D vector graphics libra ii libfontconfig1 2.8.0-2.1 generic font configuration library ii libfreetype6 2.4.2-2 FreeType 2 font engine, shared lib ii libglib2.0-0 2.24.2-1The GLib library of C routines ii libgtk2.0-0 2.20.1-1+b1 The GTK+ graphical user interface ii libpango1.0-01.28.1-1Layout and rendering of internatio ii menu 2.1.44 generates programs menu for all me ii openvpn 2.1.3-1 virtual private network daemon gadmin-openvpn-server recommends no packages. gadmin-openvpn-server suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#602870: gadmin-openvpn-server: generates unusable config depending on openvpn-pam-auth.so
Package: gadmin-openvpn-server Version: 0.1.5-1 Severity: minor *** Please type your report below this line *** If you enable the Require Authentication option (which is by default enabled), The following line is added to the configuration: plugin /usr/lib/openvpn/openvpn-pam-auth.so login I don't find a file named openvpn-pam-auth.so in any package in debian, however. Is this a mistake? or is this an outdated or unusable option? stew -- System Information: Debian Release: squeeze/sid APT prefers unstable APT policy: (600, 'unstable'), (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages gadmin-openvpn-server depends on: ii libatk1.0-0 1.30.0-1The ATK accessibility toolkit ii libc62.11.2-6Embedded GNU C Library: Shared lib ii libcairo21.8.10-6The Cairo 2D vector graphics libra ii libfontconfig1 2.8.0-2.1 generic font configuration library ii libfreetype6 2.4.2-2 FreeType 2 font engine, shared lib ii libglib2.0-0 2.24.2-1The GLib library of C routines ii libgtk2.0-0 2.20.1-1+b1 The GTK+ graphical user interface ii libpango1.0-01.28.1-1Layout and rendering of internatio ii menu 2.1.44 generates programs menu for all me ii openvpn 2.1.3-1 virtual private network daemon gadmin-openvpn-server recommends no packages. gadmin-openvpn-server suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#600304: monkeysphere-authentication keys-for-user fails when userid contains apostrophe
Package: monkeysphere Version: 0.31-1 Severity: important Tags: upstream monkeysphere-authentication fails when a userid contains an apostrophe, and Unfortunately all of my userids contain apostrophes. reported upstream: https://labs.riseup.net/code/issues/2544 -- System Information: Debian Release: squeeze/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages monkeysphere depends on: ii adduser 3.112+nmu1 add and remove users and groups ii gnupg 1.4.10-4 GNU privacy guard - a free PGP rep ii libcrypt-openssl-rsa-perl 0.25-1+b1 Perl module providing basic RSA fu ii lockfile-progs0.1.15 Programs for locking and unlocking ii perl [libdigest-sha-perl] 5.10.1-14 Larry Wall's Practical Extraction ii procmail 3.22-19Versatile e-mail processor Versions of packages monkeysphere recommends: ii cron 3.0pl1-114 process scheduling daemon ii netcat-openbsd [netcat] 1.89-4 TCP/IP swiss army knife ii netcat-traditional [netcat] 1.10-38 TCP/IP swiss army knife ii openssh-client 1:5.5p1-5 secure shell (SSH) client, for sec ii ssh-askpass 1:1.2.4.1-9 under X, asks user for a passphras ii ssh-askpass-gnome [ssh-askpa 1:5.5p1-5 interactive X program to prompt us Versions of packages monkeysphere suggests: ii msva-perl [monkeysphere-valid 0.3-1 Cryptographic identity validation -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#594519: More info
retitle 594519 multiple copyright problems make software non-redistributable as currently packaged thanks I encouraged the submitter to submit this bug after he raised concerns on IRC about some of software in this package. I thought that I'd better take a closer look at this source myself, and I immediately found multiple problems related to the licenses/copyrights of this software package. The problem originally reported by the submitter appears to be a valid concern for upstream. There are also errors in the debian/copyright file which should be addressed by the maintainers with the next upload. I found many instances where copyright holders were missing from debian/copyright when the BSD like license requires that they be present. There are multiple flavors of the BSD license which should be explicitly present in debian/copyright. There were files which were GPL v2 only and files which were GPL v3 only where debian/copyright simply said GPL. I haven't closely enough to determine if software from these two incompatible licenses is beiong used in such a way as to produce non-redistributable binaries. I don't have time to make a full source code audit of this source package immediately, but one needs to be done. Thanks, stew pgpR1YqPmHtUd.pgp Description: PGP signature
Bug#584383: Not pending, disappeared from NEW ?
I rejected titantools with a message saying that because of a bug in dak, we are unable to easily handle non-sourceful uploads that move a package from main to non-free. As we are bogged down with other stuff, the quickest way to get titantools through new is going to be making a sourceful upload. My suggestion is to build with the same .orig.tar.gz but with an artificial version bump in order to make it appear to be a new upstream version. so perhaps 4.0.11+notdfsg0 or something (creating a 4.0.11+notdfsg0-1 debian version). Sorry for the inconvenience. stew On Wed, 22 Sep 2010 17:55:50 +0200, Didier 'OdyX' Raboud did...@raboud.com wrote: tags 584383 -pending thanks Hi dear titantools maintainers, From what I could gather from the NEW log, it seems that there was once a titantools 4.0.11-7 in NEW, that was supposed to fix this RC bug: * Makefile.linux: Do not build noshell as a static binary as this does not gain anything and leads to a FTBFS in amd64 (Closes: 584383) My RSS tells me that titantools 4.0.11-7 left NEW on 04.09.2010 02:00, but I can't get a trace of that anywhere on the packages.qa.d.o, on the buildd or on the archive (CC'ing ftpmaster to get a enlightening on that). So #584383 is still to be fixed. Cheers, OdyX -- Didier Raboud, proud Debian Maintainer (DM). CH-1020 Renens did...@raboud.com -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#588019: uploaded to DELAYED/3
forcemerge 588019 592077 tags 588019 +pending thanks I've uploaded the patch from Jakub Wilk from 592077 to DELAYED/3. It fixes both bugs. Thanks Jakub. interdiff attached stew pgpJlLXUSz2wd.pgp Description: PGP signature message/external-body; name*=us-ascii''%2ftmp%2fblueman_1.21-4_blueman_1.21-4.1.interdiff; access-type=local-file: Unrecognized
Bug#542476: downgrade, only a documentation bug
tags 542476 +pending minor 542476 minor thanks Downgrading this bug as it is only a documentation bug. The software works fine when invoked correctly. (require gnuserv-compate) instead of (require gnuserv) signature.asc Description: Digital signature
