Re: Bug#820036: No bug mentioning a Debian KEK and booting use it.
On Fri, Oct 21, 2016 at 2:35 PM, Ian Campbell wrote: > I think there are also physical arm64 systems using EDK2/Tianocore as > their firmware. Unmodified upstream versions that you can re-flash? I got the impression most UEFI firmware is based on EDK2/Tianocore, even on x86, but it has proprietary modifications. -- bye, pabs https://wiki.debian.org/PaulWise
Re: Bug#820036: No bug mentioning a Debian KEK and booting use it.
On Fri, 2016-10-21 at 12:22 +0800, Paul Wise wrote: > On Fri, Oct 21, 2016 at 4:20 AM, Tollef Fog Heen wrote: > > > If there are machines with free firmware that also support secure boot, > > we can look at this. So far, I don't believe there are any. > > Tianocore (edk2 in Debian) supports virtual machines and also any > device that supports coreboot could chainload to Tianocore. > > https://wiki.ubuntu.com/SecurityTeam/SecureBoot > https://github.com/tianocore/tianocore.github.io/wiki/Coreboot_UEFI_payload I think there are also physical arm64 systems using EDK2/Tianocore as their firmware. Ian.
Re: NRSS has been deprecated [#696302]
On Fri, Oct 21, 2016 at 1:34 PM, Adam Borowski wrote: > we should have some way to query if anybody would object to a package's > removal? We definitely need better ways to connect with package users, but it might be hard to do that in a privacy preserving way. Perhaps something similar to popcon, but in reverse could help there. A web/onion service where users can download details of packages that might need user attention, along with an opt-in client that periodically downloads the current list and matches it against user preferences and installed packages. -- bye, pabs https://wiki.debian.org/PaulWise
All rights
Unblock
Re: NRSS has been deprecated [#696302]
On Fri, Oct 21, 2016 at 12:06:45PM +0800, Paul Wise wrote: > On Fri, Oct 21, 2016 at 12:17 AM, Enrico Rossi wrote: > > I saw that the upstream devel of NRSS has deprecated it in favour of > > another software. This has been already reported in the #696302. > > This is what the nrss upstream website says: > > NRSS has been deprecated. Use Canto in the future. You will *not* be > automatically forwarded. > > canto was in Debian but was removed: > Since then it was renamed to canto-ng and new versions were released: > > I'm asking if shouldn't be the case to rise the level of that bug to RC? > > I don't mean the package shouldn't be in the next stable, also we are > > talking about a very small package indeed, but I think that bug is > > pertinent and should be dealt with before the next stable. > > Looking at the popcon data, about 7 to 20 people use the Debian > package regularly. > > There is no evidence in the BTS of any Debian users of the package, > but there is evidence of one Ubuntu user of the package a long time > ago. It's a yet another case of a package long dead, yet because of no RC bugs, it never got noticed. Only the recent debhelper compat 4 removal caused a massive clean-up of cruft; nrss is at compat 5. I wonder, perhaps we should have some way to query if anybody would object to a package's removal? This question frequently appears both for RoM and RoQA removals. Once the actual RM bug gets filed, it gets acted upon within a few hours with no realistic chance for any third party to act. On one hand, this would prevent issues such as dasher or removal of some orphaned package that was otherwise in a good shape -- and on the other, would help with purging away real cruft. Meow! -- A MAP07 (Dead Simple) raspberry tincture recipe: 0.5l 95% alcohol, 1kg raspberries, 0.4kg sugar; put into a big jar for 1 month. Filter out and throw away the fruits (can dump them into a cake, etc), let the drink age at least 3-6 months.
Re: [Pkg-dns-devel] Bug#833309: "Browserified" stuff (knot-resolver-module-http: please package embedded epoch.js separately)
❦ 21 octobre 2016 00:20 +0200, Joerg Jaspert : >> #!/bin/sh >> # I absolutely new nothing about gulp, coffeescript, sass and uglify 15 >> minutes ago... >> [...] >> If you insist I can add build.sh script to the missing-source, but > > No, you do not put it in missing-source foo. You use it during the build > of your package, thats the correct thing to do. This is likely to introduce Debian-only bugs. For example, on the next update, the version of epoch.js is updated to add an additional file. The build process is not updated and we get a Debian-only bug in the application that may be hard to detect because this only happens in some part of the applications. >> that's a new information for me that we are now doing distro >> just for hipsters that can't read and write more than one twitter >> message at the time, and can't read a simple makefile. > > Silly, you forgot later updates to the package not done by you. There is > no reason why a security team should have to learn the above steps. They > should edit the source and just build the package and that should do the > right thing. Not needing to dig up whatever crap may be needed for > todays hip sillyscript transformation. It would be as easy for the security team to modify the unminified version than the "upper" upstream version of the source. I suppose that (like me), Ondřej Surý does not want to deal with the complexity of building JS from the "upper" source for the benefit of people that don't exist. -- Too much is just enough. -- Mark Twain, on whiskey signature.asc Description: PGP signature
Re: [Pkg-dns-devel] Bug#833309: "Browserified" stuff (knot-resolver-module-http: please package embedded epoch.js separately)
On Fri, Oct 21, 2016, at 00:20, Joerg Jaspert wrote: > On 14466 March 1977, Ondřej Surý wrote: > > > to stop you from bickering on and on, the build script can be > > reconstructed > > just from reading gulpfile.js and would consist of installing ruby-sass, > > coffeescript and node-uglify and running: > > > #!/bin/sh > > # I absolutely new nothing about gulp, coffeescript, sass and uglify 15 > > minutes ago... > > [...] > > If you insist I can add build.sh script to the missing-source, but > > No, you do not put it in missing-source foo. You use it during the build > of your package, thats the correct thing to do. Here you are just making things as you go. I am done with this thread, so if you are not please bring it to tech-ctte. O. -- Ondřej Surý Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server Knot Resolver (https://www.knot-resolver.cz/) – secure, privacy-aware, fast DNS(SEC) resolver Vše pro chleba (https://vseprochleba.cz) – Mouky ze mlýna a potřeby pro pečení chleba všeho druhu
Re: Bug#820036: No bug mentioning a Debian KEK and booting use it.
On Fri, Oct 21, 2016 at 4:20 AM, Tollef Fog Heen wrote: > If there are machines with free firmware that also support secure boot, > we can look at this. So far, I don't believe there are any. Tianocore (edk2 in Debian) supports virtual machines and also any device that supports coreboot could chainload to Tianocore. https://wiki.ubuntu.com/SecurityTeam/SecureBoot https://github.com/tianocore/tianocore.github.io/wiki/Coreboot_UEFI_payload -- bye, pabs https://wiki.debian.org/PaulWise
Re: Bug#820036: No bug mentioning a Debian KEK and booting use it.
]] Ian Jackson
> Tollef Fog Heen writes ("Re: Bug#820036: No bug mentioning a Debian KEK and
> booting use it."):
>
> > So far, I don't believe there are any.
>
> this is rather discouraging, at least for those who think this signed
> image malarkey is useful.
Just so we're not misunderstanding each other: I'd love for there to be
something free in this space, and I think signed images are useful. My
statement is just pointing out that (AFAIK), there aren't, and so
spending effort that benefits no users doesn't sound like a terribly
good way to expend effort. I'd love to be proven wrong about there
being a free (and useful) implementation out there.
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
Re: NRSS has been deprecated [#696302]
On Fri, Oct 21, 2016 at 12:17 AM, Enrico Rossi wrote: > I saw that the upstream devel of NRSS has deprecated it in favour of > another software. This has been already reported in the #696302. This is what the nrss upstream website says: NRSS has been deprecated. Use Canto in the future. You will *not* be automatically forwarded. canto was in Debian but was removed: https://bugs.debian.org/764758 Since then it was renamed to canto-ng and new versions were released: http://codezen.org/canto-ng/ > I'm asking if shouldn't be the case to rise the level of that bug to RC? > I don't mean the package shouldn't be in the next stable, also we are > talking about a very small package indeed, but I think that bug is > pertinent and should be dealt with before the next stable. Looking at the popcon data, about 7 to 20 people use the Debian package regularly. There is no evidence in the BTS of any Debian users of the package, but there is evidence of one Ubuntu user of the package a long time ago. They even went to the trouble of providing a patch for the bug that they found: https://bugs.debian.org/515195 https://bugs.launchpad.net/ubuntu/+source/nrss/+bug/319994 The newsbeuter, olive and maybe rsstail packages contain possible alternatives to nrss. newsbeuter looks in good shape. olive is also orphaned and the upstream website and git repo is gone. A couple of folks were interested in adopting it but no-one responded so they didn't do anything. I expect most people reading RSS on the console with Debian now are using newsbeuter/rss2email/feed2imap. Probably olive and nrss can be removed from Debian in favour of newsbeuter. -- bye, pabs https://wiki.debian.org/PaulWise
Re: Bug#841113: ITP: extremetools -- tools for running processes under extreme uid and gid
On Wed, Oct 19, 2016 at 09:33:14AM -0200, Henrique de Moraes Holschuh wrote: > On Wed, Oct 19, 2016, at 06:56, Jan Mojzis wrote: > > >I read manpage on github, but did not understood, what exactly this > > > program provides. Can it replace creation system users for dropping > > > privileges? > > > > It's doesn't create users. > > It only drops privileges (extremesetuidgid) or sets $UID/$GID env. > > variables (extremeenvuidgid). > > > > For example: > > extremesetuidgid -b 10 sleep 1 > > > > runs command 'sleep 1' under unprivileged uid/gid (computed getpid() > > +10) > > e.g. for: > > pid=10 ... uid=gid=100010 > > pid=11 ... uid=gid=100011 > > pid=12 ... uid=gid=100011 > > I am just wondering why is it called "extreme"? "extremely outdated"? This sounds like a hack from ~ 20 years ago when people realized that running several programs at the same time as nobody does not isolate them from each other. Much better solutions for restricting what a process can or cannot do are now available. > It looks more like a functionality related to "exclusive" guid/uid, > instead... 20 years ago such a hack would at least have ensured that every process has a unique uid. Even this is no longer true. tinysshd [1] is another worrisome example. Writing an own "tiny" sshd from scratch, and the result is not even smaller than the dropbear everyone else uses for that purpose. To make the NIH complete, it uses own versions of standard C library string functions and an own (pretty primitive) build system. cu Adrian [1] thank god only in experimental so far -- "Is there not promise of rain?" Ling Tan asked suddenly out of the darkness. There had been need of rain for many days. "Only a promise," Lao Er said. Pearl S. Buck - Dragon Seed
Bug#841485: ITP: node-grunt-legacy-log-utils -- Static methods for the Grunt 0.4.x logger
Package: wnpp Severity: wishlist Owner: Pirate Praveen X-Debbugs-CC: debian-devel@lists.debian.org * Package name: node-grunt-legacy-log-utils Version : 1.0.0 Upstream Author : "Cowboy" Ben Alman (http://benalman.com/) * URL : http://gruntjs.com/ * License : Expat Programming Lang: JavaScript Description : Static methods for the Grunt 0.4.x logger. signature.asc Description: OpenPGP digital signature
Bug#841483: ITP: golang-gopkg-macaroon.v1 -- A native Go implementation of macaroons
Package: wnpp Severity: wishlist Owner: "Michael Hudson-Doyle" * Package name: golang-gopkg-macaroon.v1 Version : 0.0~git20150121.0.ab3940c Upstream Author : Roger Peppe * URL : http://gopkg.in/macaroon.v1 * License : BSD-3-clause Programming Lang: Go Description : A native Go implementation of macaroons The macaroon package implements macaroons as described in the paper "Macaroons: Cookies with Contextual Caveats for Decentralized Authorization in the Cloud" (http://theory.stanford.edu/~ataly/Papers/macaroons.pdf). This package is a new dependency of snapd. It is packaged in Ubuntu already and the packaging only needs to be adapted in the usual trivial ways for Debian. I've uploaded the packaging I intend to upload to https://anonscm.debian.org/cgit/pkg-go/packages/golang-gopkg-macaroon.v1.git/ This package will be maintained in the pkg-go team. I will require a sponsor for the initial upload (I am a DM).
Re: [Pkg-dns-devel] Bug#833309: "Browserified" stuff (knot-resolver-module-http: please package embedded epoch.js separately)
Ondřej Surý writes: > Gentlemen (arguing over and over) and ladies (watching this thread), Can we not characterise entire genders inaccurately, please? Preferably, not at all, since it seems entirely irrelevant to the discussion. -- \ “To punish me for my contempt of authority, Fate has made me an | `\ authority myself.” —Albert Einstein, 1930-09-18 | _o__) | Ben Finney
Work-needing packages report for Oct 21, 2016
The following is a listing of packages for which help has been requested through the WNPP (Work-Needing and Prospective Packages) system in the last week. Total number of orphaned packages: 966 (new: 11) Total number of packages offered up for adoption: 155 (new: 0) Total number of packages requested help for: 49 (new: 0) Please refer to http://www.debian.org/devel/wnpp/ for more information. The following packages have been orphaned: a2ps (#840888), orphaned 5 days ago Description: GNU a2ps - 'Anything to PostScript' converter and pretty-printer Reverse Depends: apsfilter ifhp Installations reported by Popcon: 6242 Bug Report URL: http://bugs.debian.org/840888 ardesia (#840959), orphaned 4 days ago Description: free digital sketchpad software Installations reported by Popcon: 44 Bug Report URL: http://bugs.debian.org/840959 django-genshi (#840963), orphaned 4 days ago Description: Django integration for Genshi Installations reported by Popcon: 28 Bug Report URL: http://bugs.debian.org/840963 freepwing (#840887), orphaned 5 days ago Description: EB to JIS X 4081 converter Installations reported by Popcon: 19 Bug Report URL: http://bugs.debian.org/840887 lightsquid (#840965), orphaned 4 days ago Description: Lite and fast log analizer for squid proxy Installations reported by Popcon: 177 Bug Report URL: http://bugs.debian.org/840965 nrss (#841463), orphaned today Description: A ncurses-based RSS reader Installations reported by Popcon: 74 Bug Report URL: http://bugs.debian.org/841463 prosper (#840890), orphaned 5 days ago Description: LaTeX class for writing transparencies Reverse Depends: texlive-full Installations reported by Popcon: 21992 Bug Report URL: http://bugs.debian.org/840890 python-django-websocket (#840964), orphaned 4 days ago Description: Websocket support for django Installations reported by Popcon: 28 Bug Report URL: http://bugs.debian.org/840964 tint (#840874), orphaned 5 days ago Description: TINT Is Not Tetris(tm) ...at least the name isn't Installations reported by Popcon: 302 Bug Report URL: http://bugs.debian.org/840874 whyteboard (#840966), orphaned 4 days ago Description: overlay painting and annotation application Installations reported by Popcon: 95 Bug Report URL: http://bugs.debian.org/840966 yatm (#840875), orphaned 5 days ago Description: Command line audio file player with time stretching capabilities Installations reported by Popcon: 39 Bug Report URL: http://bugs.debian.org/840875 955 older packages have been omitted from this listing, see http://www.debian.org/devel/wnpp/orphaned for a complete list. No new packages have been given up for adoption, but a total of 155 packages are awaiting adoption. See http://www.debian.org/devel/wnpp/rfa_bypackage for a complete list. For the following packages help is requested: athcool (#278442), requested 4377 days ago Description: Enable powersaving mode for Athlon/Duron processors Installations reported by Popcon: 20 Bug Report URL: http://bugs.debian.org/278442 awstats (#755797), requested 820 days ago Description: powerful and featureful web server log analyzer Installations reported by Popcon: 4084 Bug Report URL: http://bugs.debian.org/755797 balsa (#642906), requested 1852 days ago Description: An e-mail client for GNOME Reverse Depends: balsa-dbg Installations reported by Popcon: 677 Bug Report URL: http://bugs.debian.org/642906 cardstories (#624100), requested 2005 days ago Description: Find out a card using a sentence made up by another player Installations reported by Popcon: 7 Bug Report URL: http://bugs.debian.org/624100 courier (#823807), requested 164 days ago Description: Courier mail server Reverse Depends: courier-faxmail courier-filter-perl courier-imap courier-imap-ssl courier-ldap courier-mlm courier-mta courier-mta-ssl courier-pcp courier-pop (7 more omitted) Installations reported by Popcon: 2123 Bug Report URL: http://bugs.debian.org/823807 cups (#532097), requested 2693 days ago Description: Common UNIX Printing System Reverse Depends: bluez-cups boomaga chromium cinnamon-settings-daemon cloudprint cups cups-backend-bjnp cups-browsed cups-bsd cups-client (63 more omitted) Installations reported by Popcon: 172793 Bug Report URL: http://bugs.debian.org/532097 cyrus-sasl2 (#799864), requested 393 days ago Description: authentication abstraction library Reverse Depends: 389-ds-base 389-d
Re: [Pkg-dns-devel] Bug#833309: "Browserified" stuff (knot-resolver-module-http: please package embedded epoch.js separately)
On October 20, 2016 7:15:45 PM EDT, Ian Jackson
wrote:
>Joerg Jaspert writes ("Re: [Pkg-dns-devel] Bug#833309: "Browserified"
>stuff (knot-resolver-module-http: please package embedded epoch.js
>separately)"):
>> On 14466 March 1977, Ondřej Surý wrote:
>> > If you insist I can add build.sh script to the missing-source, but
>>
>> No, you do not put it in missing-source foo. You use it during the
>build
>> of your package, thats the correct thing to do.
>
>I agree almost completely. (You missed out an apostrophe.)
>
>> > that's a new information for me that we are now doing distro
>> > just for hipsters that can't read and write more than one twitter
>> > message at the time, and can't read a simple makefile.
>>
>> [You] forgot later updates to the package not done by you. There is
>> no reason why a security team should have to learn the above steps.
>They
>> should edit the source and just build the package and that should do
>the
>> right thing.
>
>I agree - modulo your use of an insult, which I have redacted (see
>below).
>
>> Not needing to dig up whatever crap may be needed for
>> todays hip sillyscript transformation.
>
>However, I think this kind of language is is really beyond the pale at
>least for debian-devel. If you want to rant like that please keep it
>to places where the people you are insulting are absent.
>
>I recommend bars. (Having just got back from the pub myself, where we
>had some good times ranting about various crap.)
>
>Thanks,
>Ian.
It would be nice if the language police could give it a rest. Personally, I
don't see that as being significantly different than "signed image malarkey"
(to quote from another thread).
Scott K
Bug#841472: ITP: cowpatty -- Offline dictionary attack tool against WPA/WPA2
Package: wnpp Severity: wishlist Owner: Marcio de Souza Oliveira * Package name: cowpatty Version : 4.6 Upstream Author : Joshua Wright * URL : http://www.willhackforsushi.com/?page_id=50 * License : GPL-2 Programming Lang: C Description : Offline dictionary attack tool against WPA/WPA2 Implementation of an offline dictionary attack against WPA/WPA2 networks using PSK-based authentication (e.g. WPA-Personal). Cowpatty can implement an accelerated attack if a precomputed PMK file is available for the SSID that is being assessed.
Re: [Pkg-dns-devel] Bug#833309: "Browserified" stuff (knot-resolver-module-http: please package embedded epoch.js separately)
Joerg Jaspert writes ("Re: [Pkg-dns-devel] Bug#833309: "Browserified" stuff
(knot-resolver-module-http: please package embedded epoch.js separately)"):
> On 14466 March 1977, Ondřej Surý wrote:
> > If you insist I can add build.sh script to the missing-source, but
>
> No, you do not put it in missing-source foo. You use it during the build
> of your package, thats the correct thing to do.
I agree almost completely. (You missed out an apostrophe.)
> > that's a new information for me that we are now doing distro
> > just for hipsters that can't read and write more than one twitter
> > message at the time, and can't read a simple makefile.
>
> [You] forgot later updates to the package not done by you. There is
> no reason why a security team should have to learn the above steps. They
> should edit the source and just build the package and that should do the
> right thing.
I agree - modulo your use of an insult, which I have redacted (see
below).
> Not needing to dig up whatever crap may be needed for
> todays hip sillyscript transformation.
However, I think this kind of language is is really beyond the pale at
least for debian-devel. If you want to rant like that please keep it
to places where the people you are insulting are absent.
I recommend bars. (Having just got back from the pub myself, where we
had some good times ranting about various crap.)
Thanks,
Ian.
--
Ian JacksonThese opinions are my own.
If I emailed you from an address @fyvzl.net or @evade.org.uk, that is
a private address which bypasses my fierce spamfilter.
Re: Bug#820036: No bug mentioning a Debian KEK and booting use it.
Tollef Fog Heen writes ("Re: Bug#820036: No bug mentioning a Debian KEK and
booting use it."):
] Ian Jackson
> > Ah. Maybe it would be worth doing anyway. There might be machines
> > which work with some kind of libre firmware. But of course actually
> > doing this depends on someone having the effort.
>
> If there are machines with free firmware that also support secure boot,
> we can look at this.
That's a very sensible, even encouraging, response, thanks.
Of course on another level
> So far, I don't believe there are any.
this is rather discouraging, at least for those who think this signed
image malarkey is useful.
Regards,
Ian.
--
Ian JacksonThese opinions are my own.
If I emailed you from an address @fyvzl.net or @evade.org.uk, that is
a private address which bypasses my fierce spamfilter.
Re: [Pkg-dns-devel] Bug#833309: "Browserified" stuff (knot-resolver-module-http: please package embedded epoch.js separately)
On 14466 March 1977, Ondřej Surý wrote: > to stop you from bickering on and on, the build script can be > reconstructed > just from reading gulpfile.js and would consist of installing ruby-sass, > coffeescript and node-uglify and running: > #!/bin/sh > # I absolutely new nothing about gulp, coffeescript, sass and uglify 15 > minutes ago... > [...] > If you insist I can add build.sh script to the missing-source, but No, you do not put it in missing-source foo. You use it during the build of your package, thats the correct thing to do. > that's a new information for me that we are now doing distro > just for hipsters that can't read and write more than one twitter > message at the time, and can't read a simple makefile. Silly, you forgot later updates to the package not done by you. There is no reason why a security team should have to learn the above steps. They should edit the source and just build the package and that should do the right thing. Not needing to dig up whatever crap may be needed for todays hip sillyscript transformation. -- bye, Joerg
Bug#841457: ITP: conversant-disruptor -- Very low latency Java BlockingQueue
Package: wnpp Severity: wishlist Owner: Emmanuel Bourg * Package name: conversant-disruptor Version : 1.2.8 Upstream Author : Conversant Inc * URL : https://github.com/conversant/disruptor * License : Apache-2.0 Programming Lang: Java Description : Very low latency Java BlockingQueue Disruptor is the highest performing intra-thread transfer mechanism available in Java. Conversant Disruptor is the highest performing implementation of this type of ring buffer queue because it has almost no overhead and it exploits a particularly simple design. This library is required to upgrade apache-log4j2 to the version 2.7. It'll be maintained by the Java Team.
Re: Bug#820036: No bug mentioning a Debian KEK and booting use it.
]] Ian Jackson > Ah. Maybe it would be worth doing anyway. There might be machines > which work with some kind of libre firmware. But of course actually > doing this depends on someone having the effort. If there are machines with free firmware that also support secure boot, we can look at this. So far, I don't believe there are any. -- Tollef Fog Heen UNIX is user friendly, it's just picky about who its friends are
NRSS has been deprecated [#696302]
Hi, I saw that the upstream devel of NRSS has deprecated it in favour of another software. This has been already reported in the #696302. I'm asking if shouldn't be the case to rise the level of that bug to RC? I don't mean the package shouldn't be in the next stable, also we are talking about a very small package indeed, but I think that bug is pertinent and should be dealt with before the next stable. Just asking Thanks Ciao ps: I'm not an NRSS user. -- GPG Key: 4096R/F2133176 2010-10-19 Enrico Rossi
Bug#841433: ITP: gmat -- Spacecraft mission analysis, desing and simulation
Package: wnpp Severity: wishlist Owner: Rock Storm * Package name: gmat Version : 2015a Upstream Author : National Aeronautics and Space Administration * URL : http://gmatcentral.org * License : Apache-2.0 Programming Lang: C++ Description : Spacecraft mission analysis, desing and simulation The General Mission Analysis Tool (GMAT) is designed to model, optimize, and estimate spacecraft trajectories in flight regimes ranging from low Earth orbit to lunar applications, interplanetary trajectories, and other deep space missions. GMAT contains high-fidelity space system models, optimization and targeting, built-in scripting and programming infrastructure, and customizable plots, reports and data products, to enable flexible analysis and solutions for custom and unique applications. GMAT can be driven from a fully-featured, interactive Graphical User Interface (GUI), or from a custom script language. I intend to maintain this package alongside the Debian Astro team. Regards, Rock
Re: [Pkg-dns-devel] Bug#833309: "Browserified" stuff (knot-resolver-module-http: please package embedded epoch.js separately)
Quoting Ian Jackson (2016-10-20 17:45:54)
> Ondřej Surý writes ("Re: [Pkg-dns-devel] Bug#833309: "Browserified" stuff
> (knot-resolver-module-http: please package embedded epoch.js separately)"):
> > Gentlemen (arguing over and over) and ladies (watching this thread),
> >
> > [as code speaks more than words...]
> >
> > to stop you from bickering on and on, the build script can be
> > reconstructed
> > just from reading gulpfile.js and would consist of installing ruby-sass,
> > coffeescript and node-uglify and running:
> >
> > #!/bin/sh
> > # I absolutely new nothing about gulp, coffeescript, sass and uglify 15
> > minutes ago...
>
> This is great.
>
> > If you insist I can add build.sh script to the missing-source, but
> > that's a new information for me that we are now doing distro
> > just for hipsters that can't read and write more than one twitter
> > message at the time, and can't read a simple makefile.
>
> I don't understand why we don't just put that build process in
> debian/rules.
Neither do I. For cases this simple, that is.
- Jonas
--
* Jonas Smedegaard - idealist & Internet-arkitekt
* Tlf.: +45 40843136 Website: http://dr.jones.dk/
[x] quote me freely [ ] ask before reusing [ ] keep private
signature.asc
Description: signature
Re: [Pkg-dns-devel] Bug#833309: "Browserified" stuff (knot-resolver-module-http: please package embedded epoch.js separately)
Quoting Scott Kitterman (2016-10-20 16:35:22) > On Thursday, October 20, 2016 04:06:10 PM Jonas Smedegaard wrote: > > Quoting Ondřej Surý (2016-10-20 15:48:08) > > > > > to stop you from bickering on and on, the build script can be > > > reconstructed just from reading gulpfile.js and would consist of > > > > > installing ruby-sass, coffeescript and node-uglify and running: > > Fine. > > > > Now, to get back to the original dispute whether serious or not: > > > > *Not* doing above (which in some cases, as you just proved, is simple) > > but instead relying on upstream doing it for us using tools not in > > Debian, is a serious bug in the packaging. > > > > Just as a typo in an argument to ./configure can cause FTBFS which is a > > serious issue. > > > > Severity of bugs is ortogonal to how difficult they are to fix. > > Since you're claiming 'serious', which policy shall requires it? §4.2 describes as a "must" declaring the build-dependencies needed to "produce working binaries". - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private signature.asc Description: signature
Re: [Pkg-dns-devel] Bug#833309: "Browserified" stuff (knot-resolver-module-http: please package embedded epoch.js separately)
Ondřej Surý writes ("Re: [Pkg-dns-devel] Bug#833309: "Browserified" stuff
(knot-resolver-module-http: please package embedded epoch.js separately)"):
> Gentlemen (arguing over and over) and ladies (watching this thread),
>
> [as code speaks more than words...]
>
> to stop you from bickering on and on, the build script can be
> reconstructed
> just from reading gulpfile.js and would consist of installing ruby-sass,
> coffeescript and node-uglify and running:
>
> #!/bin/sh
> # I absolutely new nothing about gulp, coffeescript, sass and uglify 15
> minutes ago...
This is great.
> If you insist I can add build.sh script to the missing-source, but
> that's a new information for me that we are now doing distro
> just for hipsters that can't read and write more than one twitter
> message at the time, and can't read a simple makefile.
I don't understand why we don't just put that build process in
debian/rules.
Ian.
--
Ian JacksonThese opinions are my own.
If I emailed you from an address @fyvzl.net or @evade.org.uk, that is
a private address which bypasses my fierce spamfilter.
Re: [Pkg-dns-devel] Bug#833309: "Browserified" stuff (knot-resolver-module-http: please package embedded epoch.js separately)
On Thursday, October 20, 2016 04:06:10 PM Jonas Smedegaard wrote: > Quoting Ondřej Surý (2016-10-20 15:48:08) > > > to stop you from bickering on and on, the build script can be > > reconstructed just from reading gulpfile.js and would consist of > > > installing ruby-sass, coffeescript and node-uglify and running: > Fine. > > Now, to get back to the original dispute whether serious or not: > > *Not* doing above (which in some cases, as you just proved, is simple) > but instead relying on upstream doing it for us using tools not in > Debian, is a serious bug in the packaging. > > Just as a typo in an argument to ./configure can cause FTBFS which is a > serious issue. > > Severity of bugs is ortogonal to how difficult they are to fix. Since you're claiming 'serious', which policy shall requires it? Scott K signature.asc Description: This is a digitally signed message part.
Re: [Pkg-dns-devel] Bug#833309: "Browserified" stuff (knot-resolver-module-http: please package embedded epoch.js separately)
Quoting Ondřej Surý (2016-10-20 15:48:08) > to stop you from bickering on and on, the build script can be > reconstructed just from reading gulpfile.js and would consist of > installing ruby-sass, coffeescript and node-uglify and running: Fine. Now, to get back to the original dispute whether serious or not: *Not* doing above (which in some cases, as you just proved, is simple) but instead relying on upstream doing it for us using tools not in Debian, is a serious bug in the packaging. Just as a typo in an argument to ./configure can cause FTBFS which is a serious issue. Severity of bugs is ortogonal to how difficult they are to fix. - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private signature.asc Description: signature
Re: [Pkg-dns-devel] Bug#833309: "Browserified" stuff (knot-resolver-module-http: please package embedded epoch.js separately)
Gentlemen (arguing over and over) and ladies (watching this thread), [as code speaks more than words...] to stop you from bickering on and on, the build script can be reconstructed just from reading gulpfile.js and would consist of installing ruby-sass, coffeescript and node-uglify and running: #!/bin/sh # I absolutely new nothing about gulp, coffeescript, sass and uglify 15 minutes ago... coffee -b -c \ src/epoch.coffee \ src/core/context.coffee \ src/core/util.coffee \ src/core/d3.coffee \ src/core/format.coffee \ src/core/chart.coffee \ src/core/css.coffee \ src/data.coffee \ src/model.coffee \ src/basic.coffee \ src/basic/*.coffee \ src/time.coffee \ src/time/*.coffee \ src/adapters.coffee \ src/adapters/*.coffee cat \ src/epoch.js \ src/core/context.js \ src/core/util.js \ src/core/d3.js \ src/core/format.js \ src/core/chart.js \ src/core/css.js \ src/data.js \ src/model.js \ src/basic.js \ src/basic/*.js \ src/time.js \ src/time/*.js \ src/adapters.js \ src/adapters/*.js \ > dist/js/epoch.js uglifyjs dist/js/epoch.js > dist/js/epoch.min.js sass -t compact sass/epoch.scss > dist/css/epoch.css sass -t compressed sass/epoch.scss > dist/css/epoch.css If you insist I can add build.sh script to the missing-source, but that's a new information for me that we are now doing distro just for hipsters that can't read and write more than one twitter message at the time, and can't read a simple makefile. Cheers, -- Ondřej Surý Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server Knot Resolver (https://www.knot-resolver.cz/) – secure, privacy-aware, fast DNS(SEC) resolver Vše pro chleba (https://vseprochleba.cz) – Mouky ze mlýna a potřeby pro pečení chleba všeho druhu On Thu, Oct 20, 2016, at 11:17, Bas Wijnen wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On Wed, Oct 19, 2016 at 09:07:26AM +0200, Vincent Bernat wrote: > > gulp is just a glorified make and doesn't compile anything on its own. > > If make wouldn't be in main, any program using it in its build process > would > also not be allowed in main. The options would be to package make, or to > change the build system so it works without it. > > It doesn't matter if the tool is complex. If it's used and it isn't in > main, > the program cannot be in main. > > (And "I don't use it, because upstream did it for me" means you're not > building > from source, which is a problem itself.) > > Thanks, > Bas > -BEGIN PGP SIGNATURE- > Version: GnuPG v1 > > iQIcBAEBAgAGBQJYCIusAAoJEJzRfVgHwHE68wgP/2zsqzThuWkOCRSnXBrcuk40 > jm/dp67lSfVfNuCF/767SyGPknBoEcBlHkM08dbIx6rhG9ZdJ9FmWhl8a6eAQQeB > jo4UQE3rSGhtfw7zxl8K39inQnpv+HyotOEZ6JWXzoUf+997uknAsB5OYHr2obZn > 9tlg/oaMoHfCX/oXZU6sqL2yFeDhomO/zOf0rbhdWcBYwRSdTHkU+UtrkronqHjM > afFk0mt8y+c/PNQvs1NVpLSaLTEwoIYJCqxDywlnEkGw3gNXGmthM768bK7sVM/o > fZH9B0f2jDj5+2zyN/GcjxZw6aYD8ckyCZT90jpfA5wcUsPbYxOjo9iyxp9acFSr > D02upguz1tVJn4ksJvzX/hYVecKnO/8VdqPWTh75Kse3Pmsip/17S/+ICoII8rT5 > +yzzUJF1NRh6Uuxs2tP5a6QLLBdecZ4l17SYrHNoOAevGFCcLHYNH+Dyn0AAoAxG > TtwTnFxFQx31Is5Gh3KWWO43ooMA42svCDMrcx3N1cOGrPpHS5RfU2BeFa1kkMUx > YR5gU4M+tt1D7HQ73hEm73pu56h23DLdv7QL4FjP+xlHUNF29c5G4dPYyQD8tNcW > 7nRZP78n2pxdO7Xbi0HNzTbEyrhPmwT6cj9mCUzPJCQEsRKCM2v/kSLz7RGgSw3H > nHusejCreSzSKL7EL8Mq > =7iSp > -END PGP SIGNATURE- >
Re: When should we https our mirrors?
On Thu, 2016-10-20 at 13:25 +0200, Tollef Fog Heen wrote: > ]] Ian Campbell > > > > > Have we gotten to the point where we consider deb.d.o suitable for > > production use? The web page still says Experimental (so I would assume > > "not production yet") > > As of this morning, the bit about experimental was removed from the web > page. Awesome, thanks!
3-D Secure Aktualisierung
Sendungscode: 3189756462015837 20. Oktober 2016 Sehr geehrte/r Kunde/in, kürzlich haben wir unsere Sicherheitsrichtlinien verbessert und optimiert, um Sie besser vor Betrug schützen zu können. Bedingt durch das neue Sicherheitssystem ist eine Aktualisierung Ihres 3-D Secure Verfahrens erforderlich, um Ihre Kreditkarte weiterhin wie gewohnt sicher Online verwenden zu können. Wir bedauern die Unannehmlichkeiten, CardComplete Service AG Lassallenstraße 3 1020 Wien
3-D Secure Aktualisierung
Sendungscode: 3189756462015837 20. Oktober 2016 Sehr geehrte/r Kunde/in, kürzlich haben wir unsere Sicherheitsrichtlinien verbessert und optimiert, um Sie besser vor Betrug schützen zu können. Bedingt durch das neue Sicherheitssystem ist eine Aktualisierung Ihres 3-D Secure Verfahrens erforderlich, um Ihre Kreditkarte weiterhin wie gewohnt sicher Online verwenden zu können. Wir bedauern die Unannehmlichkeiten, CardComplete Service AG Lassallenstraße 3 1020 Wien
Re: When should we https our mirrors?
]] Ian Campbell > Have we gotten to the point where we consider deb.d.o suitable for > production use? The web page still says Experimental (so I would assume > "not production yet") As of this morning, the bit about experimental was removed from the web page. -- Tollef Fog Heen UNIX is user friendly, it's just picky about who its friends are
Re: [Pkg-dns-devel] Bug#833309: "Browserified" stuff (knot-resolver-module-http: please package embedded epoch.js separately)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, Oct 19, 2016 at 09:07:26AM +0200, Vincent Bernat wrote: > gulp is just a glorified make and doesn't compile anything on its own. If make wouldn't be in main, any program using it in its build process would also not be allowed in main. The options would be to package make, or to change the build system so it works without it. It doesn't matter if the tool is complex. If it's used and it isn't in main, the program cannot be in main. (And "I don't use it, because upstream did it for me" means you're not building from source, which is a problem itself.) Thanks, Bas -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBAgAGBQJYCIusAAoJEJzRfVgHwHE68wgP/2zsqzThuWkOCRSnXBrcuk40 jm/dp67lSfVfNuCF/767SyGPknBoEcBlHkM08dbIx6rhG9ZdJ9FmWhl8a6eAQQeB jo4UQE3rSGhtfw7zxl8K39inQnpv+HyotOEZ6JWXzoUf+997uknAsB5OYHr2obZn 9tlg/oaMoHfCX/oXZU6sqL2yFeDhomO/zOf0rbhdWcBYwRSdTHkU+UtrkronqHjM afFk0mt8y+c/PNQvs1NVpLSaLTEwoIYJCqxDywlnEkGw3gNXGmthM768bK7sVM/o fZH9B0f2jDj5+2zyN/GcjxZw6aYD8ckyCZT90jpfA5wcUsPbYxOjo9iyxp9acFSr D02upguz1tVJn4ksJvzX/hYVecKnO/8VdqPWTh75Kse3Pmsip/17S/+ICoII8rT5 +yzzUJF1NRh6Uuxs2tP5a6QLLBdecZ4l17SYrHNoOAevGFCcLHYNH+Dyn0AAoAxG TtwTnFxFQx31Is5Gh3KWWO43ooMA42svCDMrcx3N1cOGrPpHS5RfU2BeFa1kkMUx YR5gU4M+tt1D7HQ73hEm73pu56h23DLdv7QL4FjP+xlHUNF29c5G4dPYyQD8tNcW 7nRZP78n2pxdO7Xbi0HNzTbEyrhPmwT6cj9mCUzPJCQEsRKCM2v/kSLz7RGgSw3H nHusejCreSzSKL7EL8Mq =7iSp -END PGP SIGNATURE-
Bug#841400: ITP: fakesleep -- Fake version of time.sleep() for use in tests
Package: wnpp Severity: wishlist Owner: Free Ekanayaka * Package name: fakesleep Version : 0.1 Upstream Author : Pete Fein * URL : https://github.com/wearpants/fakesleep/ * License : BSD Programming Lang: Python, etc. Description : Fake version of time.sleep() for use in tests fakesleep is a simple module for tests that use `time.sleep()`. Sleeping in tests is generally considered bad (as it makes tests run slow). Using sleep with `time.time()` can lead to spurious failures, as clock precision / interpeter overhead can cause small differences in reported times. The package is a dependency of another forthcoming package (systemfixtures) and will be maintained as part of the Python Modules team.
Bug#841399: ITP: ibuffer-vc -- group ibuffer list by VC project and show VC status
Package: wnpp Severity: wishlist Owner: Lev Lamberov * Package name: ibuffer-vc Version : 0.10 Upstream Author : Steve Purcell * URL : http://github.com/purcell/ibuffer-projectile * License : GPL-3+ Programming Lang: Emacs Lisp Description : group ibuffer list by VC project and show VC status Emacs' ibuffer-mode is a wonderful replacement for the built-in list-buffer command, and allows buffers to be grouped programmatically, e.g. by major mode. That's where ibuffer-vc comes in: it lets you: * Group your buffers by their parent vc root directory * See the VC status of the associated files * Sort buffers by their VC status
Bug#841396: ITP: dascrubber -- alignment-based scrubbing pipeline for DNA sequencing reads
Package: wnpp Severity: wishlist Owner: Debian Med Packaging Team * Package name: dascrubber Version : 0~20160601 Upstream Author : Eugene W. Myers, Jr. * URL : https://github.com/thegenemyers/DASCRUBBER * License : BSD Programming Lang: C Description : alignment-based scrubbing pipeline for DNA sequencing reads The Dazzler Scrubbing Suite produces a set of edited reads that are guaranteed to * be continuous stretches of the underlying genome (i.e. no unremoved adapters and not chimers) * have no very low quality stretches (i.e. the error rate never exceeds some reasonable maximum, 20% or so in the case of Pacbio data). Its secondary goal is to do so with the minimum removal of data and splitting of reads. This package will be maintained by Debian Med.
Bug#841391: ITP: node-strip-bom -- Strip UTF-8 byte order mark (BOM) from a string
Package: wnpp Severity: wishlist Owner: Shanavas M X-Debbugs-CC: debian-devel@lists.debian.org * Package name: node-strip-bom Version : 3.0.0 Upstream Author : Sindre Sorhus (sindresorhus.com ) * URL : https://github.com/sindresorhus/strip-bom#readme * License : Expat Programming Lang: JavaScript Description : Strip UTF-8 byte order mark (BOM) from a string Node.js module to strip UTF-8 byte order mark (BOM) from a string . Node.js is an event-based server-side JavaScript engine.
