Re: Default font: Transition from DejaVu to Noto
* Gunnar Hjalmarsson [2023-09-09 23:08]: > [...] fonts-noto-core covers "all" scripts [...] Just want to point out it doesn't cover CJK, which ironically is the one thing I actually use and prefer Noto for as I definitely prefer DejaVu (or Bitstream Vera) for latin fonts, which is why I've been overriding the new default. - Fay
Re: Bug#1031634: ITP: gum -- A tool for glamourous shell scripts
* Sam Hartman [2023-02-22 23:33]: [...] > >> A tool for glamorous shell scripts. Leverage the power of > >> Bubbles (https://github.com/charmbracelet/bubbles) and Lip > >> Gloss (https://github.com/charmbracelet/lipgloss) in your > >> scripts and aliases without writing any Go code! [...] > >> Gum provides highly configurable, ready-to-use utilities to > >> help you write useful shell scripts and dotfiles aliases > >> with just a few lines of code. > > Antonio> This last paragraph above looks like a good enough package > Antonio> description. Save everything else for an upstream README > Antonio> installed on /usr/share/doc/gum/, or some other type of > Antonio> documentation. > > I disagree. With what? Antonio said "last paragraph". The links to Bubbles and Lip Gloss are not in the last paragraph. The last paragraph does look alright to me, if a bit vague on what kind of utilities, so a brief description of Bubbles and Lip Gloss does seem useful to add. > I should not have to chase down links to websites to understand a > description No disagreement there. > Please include a phrase or two describing each of bubbles and gloss. No disagreement there -- if they are mentioned in the description. - FC
Re: Problems verifying signed github releases (Re: Q: uscan with GitHub)
* Guillem Jover [2023-02-19 20:50]: > > My upstream creates a tarball with git-archive, creates a signature and > > uploads it (as described in the wiki[3]). This used to work to verify > > the github-created tarball, but fails now - while creating my own > > tarball like upstream and verifying it with upstream's signature works. > > > > The uncompressed .tar files are identical (same hashsum), just the tar.gz > > differ. Does anyone know why, and how to fix it? I tried non-default > > compression levels for gzip with git-archive, but that didn't help to get an > > identical tar.gz like the one from github. > > > > I'd like to avoid having my upstream downloading the github-created > > tarball, verify it and then upload this signature. > > I assume you (or whatever service or tool is failing the verification > while creating a local tarball) might be seeing issues with git having > switched implementation for gzip, and a mismatch with the implementation > being used in either side. Perhaps try to set git's > tar.tar.gz.command="gzip -c" (or/and «tgz» instead of «tar.gz») to use > the external command instead of the internal implementation? Or perhaps > you are using an old git that defaults to the external gzip but upstream > uses the internal one? I was going to suggest that might be the issue, but you were faster :) I do have some relevant links: https://reproducible-builds.org/reports/2023-01/#news https://lists.reproducible-builds.org/pipermail/rb-general/2022-October/002709.html https://lists.reproducible-builds.org/pipermail/rb-general/2022-October/002710.html > (There was a recent LWN article covering this, see > https://lwn.net/Articles/921787/.) That seems to be subscribers-only :( - FC
Bug#1030768: ITP: repro-apk -- scripts to make android apks reproducible
Package: wnpp Severity: wishlist Owner: FC Stegerman X-Debbugs-Cc: debian-devel@lists.debian.org, f...@obfusk.net * Package name: repro-apk Version : 0.2.2 Upstream Contact: FC Stegerman * URL : https://github.com/obfusk/reproducible-apk-tools * License : GPLv3+ Programming Lang: Python Description : scripts to make android apks reproducible reproducible-apk-tools is a collection of scripts (available as subcommands of the repro-apk command) to help make APKs reproducible (e.g. by changing line endings from LF to CRLF), or find out why they are not (e.g. by comparing ZIP file metadata, or dumping baseline.prof files). repro-apk is used by e.g. F-Droid and also a proposed new optional dependency for diffoscope [1], allowing it to compare e.g. baseline.prof/baseline.profm files found in APKs. I am the upstream author and want to package and maintain it for Debian as well (like I already do with apksigcopier). - FC [1] https://salsa.debian.org/reproducible-builds/diffoscope/-/merge_requests/118
announce packages moving to the non-free-firmware area?
Hi! I was aware that non-free firmware packages would be moving to the new non-free-firmware archive area [1] and that people are working hard to update the webpages as well [2]. But I don't recall seeing any announcement (for users of unstable) that existing packages (see attached list) have begun moving there already; I had to add the non-free-firmware component to my sid entries in /etc/apt/sources.list to continue getting updates for these packages. I'm not a DD, so I can't (and shouldn't) post to d-d-announce@ myself, but I think some kind of announcement (and perhaps a NEWS entry, if there's a suitable package for that) would be appreciated by users not following this change closely, especially those unaware that sources.list needs to be changed. Thanks for all the hard work on the bookworm release! - FC [1] https://lists.debian.org/debian-devel/2022/12/msg00176.html [2] https://lists.debian.org/debian-project/2023/01/msg00018.html atmel-firmware bluez-firmware dahdi-firmware-nonfree firmware-amd-graphics firmware-ast firmware-atheros firmware-bnx2 firmware-bnx2x firmware-brcm80211 firmware-cavium firmware-intel-sound firmware-ipw2x00 firmware-ivtv firmware-iwlwifi firmware-libertas firmware-linux firmware-linux-nonfree firmware-misc-nonfree firmware-myricom firmware-netronome firmware-netxen firmware-qcom-media firmware-qcom-soc firmware-qlogic firmware-realtek firmware-realtek-rtl8723cs-bt firmware-samsung firmware-siano firmware-sof-signed firmware-ti-connectivity raspi-firmware
Bug#1023044: ITP: apksigtool -- parse/verify/clean android apk signing blocks & apks
Package: wnpp Severity: wishlist Owner: FC Stegerman X-Debbugs-Cc: debian-devel@lists.debian.org, f...@obfusk.net * Package name: apksigtool Version : 0.5.0 Upstream Author : FC Stegerman * URL : https://github.com/obfusk/apksigtool * License : AGPLv3+ Programming Lang: Python Description : parse/verify/clean android apk signing blocks & apks apksigtool is a tool for parsing android APK Signing Blocks (either embedded in an APK or extracted as a separate file, e.g. using apksigcopier) and verifying APK signatures. It can also clean them (i.e. remove everything that's not an APK Signature Scheme v2/v3 Block or verity padding block), which can be useful for reproducible builds. WARNING: verification is considered EXPERIMENTAL and SHOULD NOT BE RELIED ON, please use apksigner instead. apksigtool is a proposed new optional dependency for diffoscope [1], allowing it to properly compare APK Signing Blocks. I am the upstream author and want to package and maintain it for Debian as well (like I already do with apksigcopier). I am looking for a sponsor, since I am (still) a Sponsored Maintainer. NB: v0.5.0 hasn't actually been released yet, but it will be soon. - FC [1] https://salsa.debian.org/reproducible-builds/diffoscope/-/issues/320