Bug#752420: couchdb: Please upgrade to 1.6.0
Hi, >I have the 1.6.0 package work I've done locally, I wasn't sure where to push it >to, as I didn't see a repostiory that is being used for couchdb in debian. I can >make a collab-maint repository if László agrees and maybe we can collaborate >with others who are interested in working on the package? What is the current status of getting a recent, and working, version of CouchDB into Debian? Btw, libjs-requirejs is now in Debian. -nik
Bug#752420: couchdb: Please upgrade to 1.6.0
Hi, I'm sorry I didn't reply to your earlier mail, I was not CC'd on it and not subscribed to the bug. I've just subscribed to the bug so I will get further replies without the need for the CC. On Tue, Jul 08, 2014 at 06:33:34PM +0200, André Gaul wrote: Am 08.07.2014 08:39, schrieb László Böszörményi (GCS): I think there's a small misunderstanding. Packaging CouchDB itself is not a daunting task, Maybe there was a misunderstanding. In Micah's summary it appeared to me that it suffices to note the embedded projects. If you (as the maintainer) think that all included dependencies should be debianized before, then that's OK and I'll help where I can. Indeed, you are correct. I think that László should have a read of my earlier messages on this bug and if there is a disagreement about any of the conclusions I made, it would be good to hear the reasons! That said, I think that working on adding the dependencies is still worth it. As I identified in my message, there are some places where I was going to note the embedded code copy, until a proper package has been made, so making those proper packages would be the right way forwards. One comment on the source of the 1.6 package: although it may be easy to create, I don't like to repeat work that already has been done. ;) Because of the ongoing effort upstream to merge bigcouch, and my requirements for the bigcouch functionality, I decided to wait on this package until that merge has completed and then move on packaging that newer version. It seems like that merge is about to complete, and I am going to look at packaging a newer version, perhaps from git, so I will look back on this issue to try and make some progress with it in the near future. I have the 1.6.0 package work I've done locally, I wasn't sure where to push it to, as I didn't see a repostiory that is being used for couchdb in debian. I can make a collab-maint repository if László agrees and maybe we can collaborate with others who are interested in working on the package? micah -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#752420: couchdb: Please upgrade to 1.6.0
On Mon, Jul 7, 2014 at 6:30 PM, André Gaul g...@web-yard.de wrote: can you point us to a git repo (or similar) where the current version of your couchdb package lives? And have you had some time to address the issues (from your nice summary) that need to be resolved before uploading 1.6.0? This way we can all get up to speed and work together on the package. I think there's a small misunderstanding. Packaging CouchDB itself is not a daunting task, as quoting Micah: I've imported the 1.6.0 upstream code and built a package from it, it was quite easy to do!. What needs to be done is to package the individual projects included in CouchDB. You can pick either ibrowse, mochiweb, erlang-oauth or google-snappy and make a deb out of them. You may also try to compile ZeroClipboard.as to SWF or you may convince upstream to include a non-minified version of spin.js in the source. Which one do you choose? Regards, Laszlo/GCS -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#752420: couchdb: Please upgrade to 1.6.0
Hi László, Am 08.07.2014 08:39, schrieb László Böszörményi (GCS): I think there's a small misunderstanding. Packaging CouchDB itself is not a daunting task, Maybe there was a misunderstanding. In Micah's summary it appeared to me that it suffices to note the embedded projects. If you (as the maintainer) think that all included dependencies should be debianized before, then that's OK and I'll help where I can. One comment on the source of the 1.6 package: although it may be easy to create, I don't like to repeat work that already has been done. ;) Which one do you choose? I'll take a look at the included projects and report back about which I can take care of. cheers, André -- Homepage http://page.math.tu-berlin.de/~gaul github https://github.com/andrenarchy Twitterhttps://twitter.com/#!/andrenarchy Diaspora https://diasp.org/u/andrenarchy (you won't find me on facebook!) Jabber g...@web-yard.de PGP Key0x0FA9170E -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#752420: couchdb: Please upgrade to 1.6.0
Hi micah, can you point us to a git repo (or similar) where the current version of your couchdb package lives? And have you had some time to address the issues (from your nice summary) that need to be resolved before uploading 1.6.0? This way we can all get up to speed and work together on the package. Thanks! André -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#752420: couchdb: Please upgrade to 1.6.0
micah mi...@debian.org writes: The spin.min.js, prettify.js, don't seem to have a license attached to them I've worked on repacking the upstream source to remove the .min.js files, and the .swf... the .swf appears to be just a convenience clipboard function that makes copying text easier, I bet it will function fine without it, but I will test it. share/doc/build/html/_static/jquery.js libjs-jquery in debian unstable is 1.7.2 and this appears to be the version that is in this file, a diff of the debian packaged version and this file produces no results. So this could easily be removed and repacked and the package could instead depend on libjs-jquery. Actually, the package already depends on libjs-jquery and I see in the debian/rules file that you are already removing the file and then symlinking the packaged version. Did you forget that this was done, or was there something else you were wanting to point out with this when you mentioned it? share/doc/build/html/_static/underscore.js this file purports to be underscore.js version 1.4.4, and debian has libjs-underscore 1.4.4, a diff between these two produces no results, so just like libjs-jquery, this could be replaced by the package. Same thing as above, the debian/rules file handles it, and we depend on the package properly. share/server/coffee-script.js the file says it is 1.2.0, debian has 1.4.0, personally I think that depending on the newer package and seeing if it causes any trouble would be a reasonable approach As for CoffeeScript, we could unbundle it, but if we differ from what upstream ships we could confuse people. I vote for leaving this version embedded, noting it in the embedded code copies list for debian security, and I'll talk to upstream about updating their version to be 1.4.0 so we can unbundle it in the future. share/www/fauxton/js/require.js I found node-requirejs in debian, but if you install it, you will install the entire libv8 library and nodejs... it does look like the same javascript, although different versions, and the couchdb one appears to have some couchdb specific things in it, so I would be inclined to continue to use the embedded one, and noting it in the security repository upstream reports that require.js is different from node-requirejs, you can’t replace one with the other. I dont see any reason why we can't include this in the package, its properly licensed and falls under the DFSG. I can't find any other place on the internet that is distributing it, so I think we should use this as is. I'll ask upstream to see if there is some other source for it. share/www/script/jquery-ui-1.8.11.custom.min.js this appears to just be an older version of libjs-jquery-ui's /usr/share/javascript/jquery-ui/ui/jquery-ui.custom.min.js and we could probably use the packaged version I removed it with the other removals of .min.js files. I added a dependency on the libjs-jquery-ui package and made the remove_minified_jquery patch use the packaged version instead. src/fauxton/assets/js/libs/spin.min.js I didn't find a package for this, but it looks pretty small... I removed it from the repack, but there is no non-minified version, so I'll need to ask upstream to include it. src/fauxton/assets/js/plugins/prettify.js didn't find a package for this either... I think this can stay in the package, its an embed of https://code.google.com/p/google-code-prettify/ but it isn't packaged in debian, so we can just note it in the embedded code copies tracker. Also please realize that upstream includes several other projects in the source tarball. Like the packaged ones: src/ibrowse/ , src/snappy and the not yet packaged one: src/mochiweb [1]. There are more, these were just examples. Yes, perhaps we can try to remove the ones that are packaged and depend on the packages and see how things work (or not). I spoke to upstream about some of these. the included ibrowse has important differences from upstream and should not be replaced by the packaged version in debian. The difference is that the upstream ibrowse has a privacy leakage problem when couchdb replication happens over tor hidden services. The ibrowse included in couchdb supports socks5 and doesn't have the privacy leakage. Upstream did file an issue with ibrowse, and one part was fixed, but not the other. I will follow-up with upstream to see if they are chasing this around. Once it has been resolved, this can be unbundled... but until then, we should note it in the embedded code copies list. mochiweb in couchdb has a patch to ensure it works in all timezones that upstream mochiweb still suffers from. They think they filed an issue upstream with this, but I will chase them around about this. I think this too can be embedded, when noted. the rest do not seem to be packaged, and seem to be couchdb specific, with the exception of erlang-oauth and snappy. I'll note these as embedded code copies which are not packaged in debian.
Bug#752420: couchdb: Please upgrade to 1.6.0
Hi László! László Böszörményi (GCS) g...@debian.org writes: Hi Micah, On Mon, Jun 23, 2014 at 4:49 PM, Micah Anderson mi...@debian.org wrote: Package: couchdb Version: 1.4.0-3 Severity: wishlist It would be nice if we could have the most recent version of couchdb available. I've imported the 1.6.0 upstream code and built a package from it, it was quite easy to do! If you like, I can upload this package for you. Building a package is just the minor part. Version 1.5.0 was non-free, just like 1.6.0. Please see the following files: share/doc/build/html/_static/jquery.js share/doc/build/html/_static/underscore.js share/server/coffee-script.js share/www/fauxton/js/require.js share/www/script/jquery-ui-1.8.11.custom.min.js src/fauxton/assets/js/libs/spin.min.js src/fauxton/assets/js/plugins/prettify.js src/fauxton/assets/js/plugins/zeroclipboard/ZeroClipboard.swf Do you have the source for these files? Yes, some of them are packaged, but has very distant major upstream release differences and jquery-ui was customized for CouchDB (how?). Some of them are not yet packaged. What about the SWF file? Please answer these points before uploading anything. Also please realize that upstream includes several other projects in the source tarball. Like the packaged ones: src/ibrowse/ , src/snappy and the not yet packaged one: src/mochiweb [1]. There are more, these were just examples. Great, thank you for responding and pointing these issues out. I was not planning on uploading anything without speaking to you first. Additionally, as you point out, we will need to resolve these issues before anything is uploaded. lintian reports the same files you mention above as missing source for the 1.6.0 package, with the addition of this one: E: couchdb source: source-is-missing src/fauxton/assets/js/libs/ace/ext-elastic_tabstops_lite.js also, it suggests removing the duplicate fonts and instead depending on the package fonts-font-awesome: W: couchdb: duplicate-font-file usr/share/couchdb/www/fauxton/img/FontAwesome.otf also in fonts-font-awesome W: couchdb: duplicate-font-file usr/share/couchdb/www/fauxton/img/fontawesome-webfont.ttf also in fonts-font-awesome I'll look into some of these issues to see if we can get a resolution for them. micah -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#752420: couchdb: Please upgrade to 1.6.0
László Böszörményi (GCS) g...@debian.org writes: share/doc/build/html/_static/jquery.js share/doc/build/html/_static/underscore.js share/server/coffee-script.js share/www/fauxton/js/require.js share/www/script/jquery-ui-1.8.11.custom.min.js src/fauxton/assets/js/libs/spin.min.js src/fauxton/assets/js/plugins/prettify.js src/fauxton/assets/js/plugins/zeroclipboard/ZeroClipboard.swf Do you have the source for these files? I'm a little confused what you mean by 'the source for these files' when it comes to the .js files. Isn't the file itself the source? Looking at them, they all seem to have a free license attached to them (although the require.js one has it embedded in the javascript and is a little hard to see). The spin.min.js, prettify.js, don't seem to have a license attached to them In fact in the upstream LICENSE file, they specifically state the licenses for all of the js files (including the spin.min.js and prettify.js). The only one that I see that doesn't have the source or a specific license attached to it is the .swf. Yes, some of them are packaged, but has very distant major upstream release differences and jquery-ui was customized for CouchDB (how?). Some of them are not yet packaged. I agree that embedding code-copies is a bad practice, and should be avoided as much as possible (in fact, when I was working on testing security issues, I pushed for this policy to be added to the Debian policy, and I still occasionally help in tracking embedded code copies in the security repository). So, lets look at them individually: share/doc/build/html/_static/jquery.js libjs-jquery in debian unstable is 1.7.2 and this appears to be the version that is in this file, a diff of the debian packaged version and this file produces no results. So this could easily be removed and repacked and the package could instead depend on libjs-jquery. share/doc/build/html/_static/underscore.js this file purports to be underscore.js version 1.4.4, and debian has libjs-underscore 1.4.4, a diff between these two produces no results, so just like libjs-jquery, this could be replaced by the package. share/server/coffee-script.js the file says it is 1.2.0, debian has 1.4.0, personally I think that depending on the newer package and seeing if it causes any trouble would be a reasonable approach share/www/fauxton/js/require.js I found node-requirejs in debian, but if you install it, you will install the entire libv8 library and nodejs... it does look like the same javascript, although different versions, and the couchdb one appears to have some couchdb specific things in it, so I would be inclined to continue to use the embedded one, and noting it in the security repository share/www/script/jquery-ui-1.8.11.custom.min.js this appears to just be an older version of libjs-jquery-ui's /usr/share/javascript/jquery-ui/ui/jquery-ui.custom.min.js and we could probably use the packaged version src/fauxton/assets/js/libs/spin.min.js I didn't find a package for this, but it looks pretty small... src/fauxton/assets/js/plugins/prettify.js didn't find a package for this either... What about the SWF file? This one we should ask upstream about... i asked on the #couchdb channel. Looking at how it is used it seems like it is just some convenience clipboard thing, and could be easily removed to route around the problem. Also please realize that upstream includes several other projects in the source tarball. Like the packaged ones: src/ibrowse/ , src/snappy and the not yet packaged one: src/mochiweb [1]. There are more, these were just examples. Yes, perhaps we can try to remove the ones that are packaged and depend on the packages and see how things work (or not). micah -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#752420: couchdb: Please upgrade to 1.6.0
micah mi...@debian.org writes: What about the SWF file? This one we should ask upstream about... i asked on the #couchdb channel. Looking at how it is used it seems like it is just some convenience clipboard thing, and could be easily removed to route around the problem. Upstream pointed out that this is licensed in the LICENSE file as MIT, and the source is available at https://github.com/zeroclipboard/zeroclipboard/blob/master/src/flash/ZeroClipboard.as so maybe this resolves that issue? micah -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#752420: couchdb: Please upgrade to 1.6.0
micah mi...@debian.org writes: micah mi...@debian.org writes: What about the SWF file? This one we should ask upstream about... i asked on the #couchdb channel. Looking at how it is used it seems like it is just some convenience clipboard thing, and could be easily removed to route around the problem. Upstream pointed out that this is licensed in the LICENSE file as MIT, and the source is available at https://github.com/zeroclipboard/zeroclipboard/blob/master/src/flash/ZeroClipboard.as Upstream recognized that this was a license oversight and added information to their LICENSE file: https://git-wip-us.apache.org/repos/asf?p=couchdb.git;a=blobdiff;f=LICENSE;h=67c84e66950e5d715e1c486492df6871d18bdb53;hp=193355e6b8b5713cebbebfcc24b821f7ff3ca33c;hb=46db1a2d70c02bdca7c0c4a177404a554a3a6c1d;hpb=9484bdaff8103bca4e9ee7684e0f78b0281334f7 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#752420: couchdb: Please upgrade to 1.6.0
Package: couchdb Version: 1.4.0-3 Severity: wishlist Hello, It would be nice if we could have the most recent version of couchdb available. I've imported the 1.6.0 upstream code and built a package from it, it was quite easy to do! If you like, I can upload this package for you. micah -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.14-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.utf8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#752420: couchdb: Please upgrade to 1.6.0
Hi Micah, On Mon, Jun 23, 2014 at 4:49 PM, Micah Anderson mi...@debian.org wrote: Package: couchdb Version: 1.4.0-3 Severity: wishlist It would be nice if we could have the most recent version of couchdb available. I've imported the 1.6.0 upstream code and built a package from it, it was quite easy to do! If you like, I can upload this package for you. Building a package is just the minor part. Version 1.5.0 was non-free, just like 1.6.0. Please see the following files: share/doc/build/html/_static/jquery.js share/doc/build/html/_static/underscore.js share/server/coffee-script.js share/www/fauxton/js/require.js share/www/script/jquery-ui-1.8.11.custom.min.js src/fauxton/assets/js/libs/spin.min.js src/fauxton/assets/js/plugins/prettify.js src/fauxton/assets/js/plugins/zeroclipboard/ZeroClipboard.swf Do you have the source for these files? Yes, some of them are packaged, but has very distant major upstream release differences and jquery-ui was customized for CouchDB (how?). Some of them are not yet packaged. What about the SWF file? Please answer these points before uploading anything. Also please realize that upstream includes several other projects in the source tarball. Like the packaged ones: src/ibrowse/ , src/snappy and the not yet packaged one: src/mochiweb [1]. There are more, these were just examples. Regards, Laszlo/GCS [1] https://github.com/mochi/MochiWeb -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org