Re: interested in (co-)maintaining midori

[Sergio Durigan Junior]

On Monday, August 24 2015, I wrote:

> On Friday, August 14 2015, Andres Salomon wrote:
>
>>> Your work was done back in June, so if you prefer I can provide
>>> patches against your branch to implement/fix the issues I have been
>>> working on. It won't really matter much, I think: in the end, we'll
>>> have to use the "official" repository anyway and patch it.
>>> 
>>
>> That would be highly preferred, simply for reviewing purposes.  I'm
>> also happy to rewrite parts of my history to, for example, not include
>> the -O--buildsystem stuff.  But the existing git history is useful, and
>> I'd rather work from that.
>
> OK, I've done it:
>
>   
>
> It's the same link, but the repository is a new one, based on the
> official repository.

Just another update.

I've re-created the repository above (the previous version contained
some mistakes, and I thought it made sense to restart from scratch).
Now, you can find the latest version of Midori (0.5.11, released a few
days ago) along with all the other changes that I had already made.

Still builds successfully, and I'm using this latest version without
problems.  IOW, everything is ready to be used in Debian, and I'm pretty
happy with the current state of the repository.

Andreas, what do you think if we push my changes to the official
repository and start working from there?  It has been a while since
we're discussing without reaching a real agreement, and Midori is still
not present in testing.

Meanwhile, I have been looking at the BTS and making a list of bugs that
should be fixed by this update.

Comments are welcome.

Thanks,

-- 
Sergio
GPG key ID: 237A 54B1 0287 28BF 00EF  31F4 D0EB 7628 65FC 5E36
Please send encrypted e-mail if possible
http://sergiodj.net/

Bug#798418: ITP: hugo -- Fast and flexible Static Site Generator written in Go

[Anthony Fok]

Package: wnpp
Severity: wishlist
Owner: Anthony Fok 

* Package name: hugo
  Version : 0.14+git20150908.197.daf5f32-1
  Upstream Author : Steve Francia and friends
* URL : https://github.com/spf13/hugo
* License : SimPL-2.0 (Simple Public License)
  Programming Lang: Go
  Description : Fast and flexible Static Site Generator written in Go

 Hugo is a static site generator written in Go. It is optimized for speed,
 ease of use, and configurability. Hugo takes a directory with content and
 templates, and renders them into a full HTML website.
 .
 Hugo relies on Markdown files with front matter for meta data. And you
 can run Hugo from any directory. This works well for shared hosts and
 other systems where you don’t have a privileged account.
 .
 Hugo renders a typical website of moderate size in a fraction of a
 second. A good rule of thumb is that each piece of content renders in
 around 1 millisecond.
 .
 Hugo is meant to work well for any kind of website including blogs,
 tumblelogs and docs.
 .
 Complete documentation is available at http://gohugo.io/ .

Reason for packaging:

 Hugo is among the top five static site generators according to
 http://www.staticgen.com/ .  It is the fastest among them all,
 is under active development from many contributors,
 and is quickly gaining popularity.
 .
 I think Hugo would be a handy tool and worthy addition to Debian.

Bug#798416: ITP: golang-github-spf13-cobra -- A Commander for modern Go CLI interactions

[Anthony Fok]

Package: wnpp
Severity: wishlist
Owner: Anthony Fok 

* Package name: golang-github-spf13-cobra
  Version : 0.0~git20150904.0.68f5a81-1
  Upstream Authors: Steve Francia, Eric Paris
* URL : https://github.com/spf13/cobra
* License : Apache-2.0
  Programming Lang: Go
  Description : A Commander for modern Go CLI interactions

 Cobra is a commander providing a simple interface to create powerful
 modern CLI interfaces similar to git & go tools. In addition to providing
 an interface, Cobra simultaneously provides a controller to organize your
 application code.
 .
 Inspired by go, go-Commander, gh and subcommand, Cobra improves on
 these by providing fully POSIX-compliant flags (including short & long
 versions), nesting commands, and the ability to define your own help
 and usage for any or all commands.
 .
 Cobra has an exceptionally clean interface and simple design without
 needless constructors or initialization methods.

Reason for packaging:

 Needed by Go applications like:
   * Hugo, the static website generator, http://gohugo.io/
   * Kubernetes by Google, Manage a cluster of Linux containers
 as a single system to accelerate Dev and simplify Ops
 http://kubernetes.io/

Re: Mozilla's CNNIC white list: anything to do with ca-certificates ?

[Jérémy Lal]

2015-09-09 1:00 GMT+02:00 Michael Shuler :

> On 09/08/2015 05:05 PM, Jérémy Lal wrote:
>
>> Hi,
>>
>> i'm packaging nodejs 4.0.0, which contains CNNICHashWhitelist.inc,
>> related to https://bugzilla.mozilla.org/show_bug.cgi?id=1151512
>>
>> This file is non-dfsg in itself (it's not preferred form for
>> modification),
>> but i don't really understand what it is.
>>
>
> From the best of my reading, it's restricting Firefox from validating any
> cert signed by CNNIC except those on the provided whitelist. I don't see
> where this was included in NSS.
>
> FYI the debian nodejs package itself uses the files from ca-certificates,
>> not the ones bundled in it.
>> Is this CNNIC white list something meaningful in that case ?
>>
>
> ca-certificates is very little beyond the mozilla CA bundle and a method
> for users to select the CAs they wish to trust/distrust. There is no
> library, just root certs. CNNIC is one of those root certs. If a user does
> not want to trust a CA, then can disable it. Unfortunately, there is no
> middle ground.
>
> This whitelist is one of those grey area things that Mozilla has started
> doing in code outside of the root CA bundle, instead of just invalidating
> the root CA completely. There's nothing that can really be done in the
> ca-certificates package, since it's boolean; trust or not. This means there
> is not an exact parity between what Firefox may validate (or not) and
> software that uses the Debian ca-certificates trusted root CA list. NSS, on
> the other hand, may have gotten the same whitelist logic as Firefox - I
> don't know.
>
> Is it meaningful? CNNIC is a trusted CA by default, so certs will
> validate. If someone waves their arms because we don't invalidate something
> exactly the same way as Firefox, then we need a library of some sort to do
> that, like NSS, which means re-writing software like nodejs to link against
> it, etc. Not sure if it's worth the effort - and users that don't trust
> CNNIC can simply disable that CA completely.
>
> Let me know if that helps (or not)!  :^)


It does, thank you a lot.
Apparently nodejs is doing that work of filtering itself !
Depending on the dfsg status of the generated file i'll disable that
functionnality, or not.

cc-ing to -devel in case someone is interested.

Jérémy

Bug#798411: ITP: python-castellan -- generic key manager interface for OpenStack

[Thomas Goirand]

Package: wnpp
Severity: wishlist
Owner: Thomas Goirand 

* Package name: python-castellan
  Version : 0.2.1
  Upstream Author : OpenStack Foundation 
* URL : https://github.com/openstack/castellan
* License : Apache-2.0
  Programming Lang: Python
  Description : generic key manager interface for OpenStack

 The Castellan module provides a generic key manager interface so that
 OpenStack projects can use Barbican, but also have the flexibilty to choose an
 alternative Key Manager as needed. This is helpful during development, for
 example, where a simple implementation of the Key Manager Interface can be
 used instead of having to spin up a Barbican instance.

This is a new dependency for Glance.

Re: GNU IceCat?

[Riley Baird]

> > Also, what advantages does IceCat have over the Tor Browser? (Debian
> > doesn't have the Tor Browser either, due to the impossibility of long
> > term maintenance, but just wondering.)
> 
> Have a look at torbrowser-launcher in synaptic

Ah, didn't realise that!


pgpqsKNlZs_cp.pgp
Description: PGP signature

Re: GNU IceCat?

[Moritz Mühlenhoff]

Russ Allbery  schrieb:
> Simon Josefsson  writes:
>
>> Is there any reason (other than lack of manpower) that GNU IceCat is not
>> packaged in Debian?
>
> I suspect it's mostly just resources, but it's an immense amount of work,
> and not just for the packaging.  Web browsers have one of the largest and
> most actively exploited attack surfaces of any package in Debian, and I
> suspect the security team will be very wary of introducing another version
> of Firefox into the archive unless the security update story is very
> well-understood.

Indeed. If there's any worthwhile wrt security enhancements, please submit
patches to Mozilla so that it ends up in Firefox.

Cheers,
Moritz

Re: GNU IceCat?

[Bob Holtzman]

On Tue, Sep 08, 2015 at 05:20:24PM +1000, Riley Baird wrote:
> On Tue, 08 Sep 2015 08:58:46 +0200
> Simon Josefsson  wrote:
> 
> > Riley Baird writes:
> > 
> > >> Is there any reason (other than lack of manpower) that GNU IceCat is not
> > >> packaged in Debian?
> > >> 
> > >> I understand Debian has IceWeasel to (primarily?) fix the Firefox
> > >> trademark issue and to have a mechanism to deal with security backports.
> > >> 
> > >> IceCat has diverged from Firefox/Iceweasel and has a different feature
> > >> set than both, so it would seem reasonable to have it available through
> > >> Debian.
> > >
> > > Would it really be worth it? There aren't that many changes:
> > > http://git.savannah.gnu.org/cgit/gnuzilla.git/tree/makeicecat
> > 
> > The entire tree contains a number of other things:
> > http://git.savannah.gnu.org/cgit/gnuzilla.git/tree/
> > 
> > For example some privacy/security default settings:
> > http://git.savannah.gnu.org/cgit/gnuzilla.git/tree/data/settings.js
> 
> Ah, that's a good set of default settings. Perhaps a modified
> settings.js and an explanation of how to use it could be included with
> the iceweasel package?

+1

> 
> Also, what advantages does IceCat have over the Tor Browser? (Debian
> doesn't have the Tor Browser either, due to the impossibility of long
> term maintenance, but just wondering.)

Have a look at torbrowser-launcher in synaptic

-- 

Bob Holtzman
A fair fight is the result of poor planning.

Re: GCC-5 transition will move to testing tonight

[Ian Jackson]

Niels Thykier writes ("GCC-5 transition will move to testing tonight"):
> Thanks to Adam, Julien, Jonathan, Matthias, Scott, Simon and many
> others, we are ready to migrate the bulk of the GCC-5 transition and
> related sub-transitions to testing tonight.  Apologise for the short notice.

Wow, impressive work to get this done so quickly and with so little
breakage.  Well done everyone.

Ian.

Re: Buen dia

[Gunnar Wolf]

[ Sending instructions on how to subscribe to our lists ]

Marcos Jimenez dijo [Sun, Sep 06, 2015 at 04:05:23AM +]:
> Buen dia me gustaria suscribirme
> 
> Marcos Jimenez

Hola Marcos,

Para subscribirse a las listas de Debian, puedes hacerlo desde nuestra
página Web. Para esta lista en particular, puedes hacerlo desde la
página:

https://lists.debian.org/debian-devel/

Toma en cuenta que esta es una lista enfocada al desarrollo de la
distribución. Si te interesan listas para aprender o preguntar acerca
del uso, te sugiero esta:

https://lists.debian.org/debian-user/

Y si prefieres una en español:

https://lists.debian.org/debian-user-spanish/

En general, si no se indica explícitamente, las listas de Debian son
en idioma inglés.

Saludos,

Re: Bug#798202: ITP: fonts-leckerli-one -- Leckerli One font

[Tomas Pospisek]

The URL entry below is broken.
*t

Am 06.09.2015 um 20:05 schrieb Gioele Barabucci:
> Package: wnpp
> Severity: wishlist
> Owner: Gioele Barabucci 
> 
> * Package name: fonts-leckerli-one
>   Version : 2011
>   Upstream Author : Gesine Todt
> * URL : 
> http://www.example.org://www.google.com/fonts/specimen/Leckerli+One
> * License : OFL-1.1
>   Description : Leckerli One font
> 
> Leckerli One is a free Open Type font designed by Gesine Todt.
> It is a fat display typeface with irregular brush shapes and a
> handwritten feeling.
> 

Re: GNU IceCat?

[Russ Allbery]

Simon Josefsson  writes:

> Is there any reason (other than lack of manpower) that GNU IceCat is not
> packaged in Debian?

I suspect it's mostly just resources, but it's an immense amount of work,
and not just for the packaging.  Web browsers have one of the largest and
most actively exploited attack surfaces of any package in Debian, and I
suspect the security team will be very wary of introducing another version
of Firefox into the archive unless the security update story is very
well-understood.

-- 
Russ Allbery (r...@debian.org)   

Re: Unattended upgrade to 8.2 point release breaks cron when running systemd

[Nikolaus Rath]

On Sep 08 2015, Jeroen Dekkers  wrote:
> So if you are running Jessie with systemd and have configured
> unattended-upgrades to also automatically install non-security
> updates then cron will very likely be broken on all your systems. You
> can fix it by running "dpkg --configure -a" and "apt-get --reinstall
> install cron".

Indeed, thank you very much for the pointer.

> The good part is that only security updates are enabled by default by
> unattended-upgrades, but my guess is that I'm not the only one who has
> non-security updates enabled in unattended-upgrades. There is also no
> way for us to automatically fix this because cron isn't running
> anymore on those systems. How do we let people know that they need to
> check their systems and manually fix them by running "dpkg --configure
> -a" and "apt-get --reinstall install cron"? Because until they do they
> also won't get any automatic security updates...

I think a mail to debian-announce@ would be helpful.


Best,
-Nikolaus

-- 
GPG encrypted emails preferred. Key id: 0xD113FCAC3C4E599F
Fingerprint: ED31 791B 2C5C 1613 AF38 8B8A D113 FCAC 3C4E 599F

 »Time flies like an arrow, fruit flies like a Banana.«

Bug#798356: ITP: libnftables -- high-level library for nftables framework

[Arturo Borrero Gonzalez]

Package: wnpp
Severity: wishlist
Owner: Arturo Borrero Gonzalez 

* Package name: libnftables
  Version : 0.0.1
  Upstream Author : Pablo Neira Ayuso 
* URL : http://www.netfilter.org
* License : GPL
  Programming Lang: C
  Description : high-level library for nftables framework

libnftables is high-level library for the nftables framework.

A bit of background: at first, the current libnftnl (low-level library for the
nftables framework) was called libnftables. But just before libnftables was
released, the Netfilter folks renamed it to libnftnl, so the name
libnftables was keep reserved for this high-level library.

As announced by the Netfilter folks, the release of libnftables is about
to happen.

Bug#798349: ITP: golang-github-inconshreveable-mousetrap -- Go library to detect starting from Windows Explorer

[Anthony Fok]

Package: wnpp
Severity: wishlist
Owner: Anthony Fok 

* Package name: golang-github-inconshreveable-mousetrap
  Version : 0.0~git20141017.0.76626ae-1
  Upstream Author : Alan Shreve
* URL : https://github.com/inconshreveable/mousetrap
* License : Apache-2.0
  Programming Lang: Go
  Description : Go library to detect starting from Windows Explorer

 mousetrap is a tiny Go library that answers a single question:
 On a Windows machine, was the process invoked by someone double clicking
 on the executable file while browsing in Explorer?
 .
 Motivation: Windows users unfamiliar with command line tools will
 often "double-click" the executable for a tool. Because most CLI tools
 print the help and then exit when invoked without arguments, this is
 often very frustrating for those users.
 .
 mousetrap provides a way to detect these invocations so
 that you can provide more helpful behavior and instructions
 on how to run the CLI tool.

Reason for packaging:

 * github.com/inconshreveable/mousetrap is a dependency of
   github.com/spf13/cobra, which in turn is used by
   Hugo ( http://gohugo.io/ ) and Kubernetes ( http://kubernetes.io/ ).

Bug#798328: ITP: golang-github-spf13-jwalterweatherman -- Go library for printing to the terminal and logging to files

[Anthony Fok]

Package: wnpp
Severity: wishlist
Owner: Anthony Fok 

* Package name: golang-github-spf13-jwalterweatherman
  Version : 0.0~git20141219.0.3d60171-1
  Upstream Author : Steve Francia
* URL : https://github.com/spf13/jwalterweatherman
* License : MIT
  Programming Lang: Go
  Description : Go library for printing to the terminal and logging to files

 jWalterWeatherman provides seamless printing to the terminal (stdout)
 and logging to a io.Writer (file) that's as easy to use as fmt.Println.
 .
 JWW is primarily a wrapper around the excellent Go standard log library.
 It provides a few advantages over using the standard log library alone:
 .
  * One library for both printing to the terminal and logging (to files).
  * Allow the user to easily control what levels are printed and logged
  * No unnecessary initialization cruft.  Just use it.

Reason for packaging:

 Needed by Hugo, A Fast and Flexible Static Site Generator - http://gohugo.io/

Re: GNU IceCat?

[Riley Baird]

On Tue, 08 Sep 2015 09:30:46 +0200
Simon Josefsson  wrote:

> Riley Baird 
> writes:
> 
> > On Tue, 08 Sep 2015 08:58:46 +0200
> > Simon Josefsson  wrote:
> >
> >> Riley Baird writes:
> >> 
> >> >> Is there any reason (other than lack of manpower) that GNU IceCat is not
> >> >> packaged in Debian?
> >> >> 
> >> >> I understand Debian has IceWeasel to (primarily?) fix the Firefox
> >> >> trademark issue and to have a mechanism to deal with security backports.
> >> >> 
> >> >> IceCat has diverged from Firefox/Iceweasel and has a different feature
> >> >> set than both, so it would seem reasonable to have it available through
> >> >> Debian.
> >> >
> >> > Would it really be worth it? There aren't that many changes:
> >> > http://git.savannah.gnu.org/cgit/gnuzilla.git/tree/makeicecat
> >> 
> >> The entire tree contains a number of other things:
> >> http://git.savannah.gnu.org/cgit/gnuzilla.git/tree/
> >> 
> >> For example some privacy/security default settings:
> >> http://git.savannah.gnu.org/cgit/gnuzilla.git/tree/data/settings.js
> >
> > Ah, that's a good set of default settings. Perhaps a modified
> > settings.js and an explanation of how to use it could be included with
> > the iceweasel package?
> 
> That's up to the IceWeasel team -- my perception is that they want to
> keep changes compared to Firefox to a minimum.

Good point.

> > Also, what advantages does IceCat have over the Tor Browser? (Debian
> > doesn't have the Tor Browser either, due to the impossibility of long
> > term maintenance, but just wondering.)
> 
> I'm not familiar enough with how the Tor Browser is different to really
> tell.  It seems based on ESR, so long term maintenance may be possible?

Maybe. I'm content with the upstream tarball of the Tor Browser (once
you've installed it, it enables autoupdating), so I'm not willing to
volunteer.


pgp_db2ZzhF9b.pgp
Description: PGP signature

Re: GNU IceCat?

[Simon Josefsson]

Riley Baird 
writes:

> On Tue, 08 Sep 2015 08:58:46 +0200
> Simon Josefsson  wrote:
>
>> Riley Baird writes:
>> 
>> >> Is there any reason (other than lack of manpower) that GNU IceCat is not
>> >> packaged in Debian?
>> >> 
>> >> I understand Debian has IceWeasel to (primarily?) fix the Firefox
>> >> trademark issue and to have a mechanism to deal with security backports.
>> >> 
>> >> IceCat has diverged from Firefox/Iceweasel and has a different feature
>> >> set than both, so it would seem reasonable to have it available through
>> >> Debian.
>> >
>> > Would it really be worth it? There aren't that many changes:
>> > http://git.savannah.gnu.org/cgit/gnuzilla.git/tree/makeicecat
>> 
>> The entire tree contains a number of other things:
>> http://git.savannah.gnu.org/cgit/gnuzilla.git/tree/
>> 
>> For example some privacy/security default settings:
>> http://git.savannah.gnu.org/cgit/gnuzilla.git/tree/data/settings.js
>
> Ah, that's a good set of default settings. Perhaps a modified
> settings.js and an explanation of how to use it could be included with
> the iceweasel package?

That's up to the IceWeasel team -- my perception is that they want to
keep changes compared to Firefox to a minimum.

> Also, what advantages does IceCat have over the Tor Browser? (Debian
> doesn't have the Tor Browser either, due to the impossibility of long
> term maintenance, but just wondering.)

I'm not familiar enough with how the Tor Browser is different to really
tell.  It seems based on ESR, so long term maintenance may be possible?

/Simon


signature.asc
Description: PGP signature

Re: GNU IceCat?

[Riley Baird]

On Tue, 08 Sep 2015 08:58:46 +0200
Simon Josefsson  wrote:

> Riley Baird writes:
> 
> >> Is there any reason (other than lack of manpower) that GNU IceCat is not
> >> packaged in Debian?
> >> 
> >> I understand Debian has IceWeasel to (primarily?) fix the Firefox
> >> trademark issue and to have a mechanism to deal with security backports.
> >> 
> >> IceCat has diverged from Firefox/Iceweasel and has a different feature
> >> set than both, so it would seem reasonable to have it available through
> >> Debian.
> >
> > Would it really be worth it? There aren't that many changes:
> > http://git.savannah.gnu.org/cgit/gnuzilla.git/tree/makeicecat
> 
> The entire tree contains a number of other things:
> http://git.savannah.gnu.org/cgit/gnuzilla.git/tree/
> 
> For example some privacy/security default settings:
> http://git.savannah.gnu.org/cgit/gnuzilla.git/tree/data/settings.js

Ah, that's a good set of default settings. Perhaps a modified
settings.js and an explanation of how to use it could be included with
the iceweasel package?

Also, what advantages does IceCat have over the Tor Browser? (Debian
doesn't have the Tor Browser either, due to the impossibility of long
term maintenance, but just wondering.)


pgpSsPIG4v55O.pgp
Description: PGP signature

Re: GNU IceCat?

[Simon Josefsson]

Riley Baird writes:

>> Is there any reason (other than lack of manpower) that GNU IceCat is not
>> packaged in Debian?
>> 
>> I understand Debian has IceWeasel to (primarily?) fix the Firefox
>> trademark issue and to have a mechanism to deal with security backports.
>> 
>> IceCat has diverged from Firefox/Iceweasel and has a different feature
>> set than both, so it would seem reasonable to have it available through
>> Debian.
>
> Would it really be worth it? There aren't that many changes:
> http://git.savannah.gnu.org/cgit/gnuzilla.git/tree/makeicecat

The entire tree contains a number of other things:
http://git.savannah.gnu.org/cgit/gnuzilla.git/tree/

For example some privacy/security default settings:
http://git.savannah.gnu.org/cgit/gnuzilla.git/tree/data/settings.js

Various patches (security patches are probably in IceWeasel too):
http://git.savannah.gnu.org/cgit/gnuzilla.git/tree/data/patches

/Simon


signature.asc
Description: PGP signature