Bug#1071540: ITP: lua-vips -- A fast image processing library with low memory needs for Lua

[Jérémy Lal]

Package: wnpp
Severity: wishlist
Owner: Jérémy Lal 
X-Debbugs-Cc: debian-devel@lists.debian.org, The Debian Lua Team 


* Package name: lua-vips
  Version : 1.1.11
  Upstream Contact: John Cupitt 
* URL : https://github.com/libvips/lua-vips
* License : Expat
  Programming Lang: Lua
  Description : A fast image processing library with low memory needs for 
Lua

 This Lua module implements bindings for VIPS using LuaJIT's FFI module.
 .
 VIPS is a fast and efficient image processing system.

Upstream is the same as vips, so it makes sense to package it too.
This software can easily be used in nginx/lua to provide a full-featured
image transformation HTTP service, among other things.
I will maintain it within the Lua Team, and am already planning on using it too.

how to upgrade testing

[Jérémy Lal]

Hi,

could we have a hint when it's "safe" to upgrade testing ?
Currently I get for a full-upgrade:
2338 mis à jour, 362 nouvellement installés, 715 à enlever et 41 non mis à
jour.

Thanks !
Jérémy

Re: Status of the t64 transition

[Jérémy Lal]

Le mer. 24 avr. 2024 à 19:39, Paul Gevers  a écrit :

> Hi,
>
> On 24-04-2024 7:35 p.m., Andrey Rakhmatullin wrote:
> > What to do with autopkgtests that fail in testing because of problems
> with
> > packages in testing that are fixed in unstable, e.g. the autopkgtest for
> > speech-dispatcher/0.11.5-2 on
>
> Inform the Release Team and we can either schedule the combination
> manually, add a hint or both.
>

Isn't it processed automatically ? What needs manual intervention and what
doesn't ?

Re: xz backdoor

[Jérémy Lal]

xz-utils (5.6.1+really5.4.5-1) unstable; urgency=critical



  * Non-maintainer upload by the Security Team.

  * Revert back to the 5.4.5-0.2 version



 -- Salvatore Bonaccorso   Thu, 28 Mar 2024 15:59:38
+0100

Le ven. 29 mars 2024 à 21:17, Sirius  a écrit :

> Hi there,
>
> This is quite actively discussed on Fedora lists.
> https://www.openwall.com/lists/oss-security/2024/
> https://www.openwall.com/lists/oss-security/2024/03/29/4
>
> Worth taking a look if action need to be taken on Debian.
>
> --
> Kind regards,
>
> /S
>
>

Bug#1066027: ITP: node-import-meta-resolve -- Ponyfill for import.meta.resolve - Node.js module

[Jérémy Lal]

Package: wnpp
Severity: wishlist
Owner: Jérémy Lal 
X-Debbugs-Cc: debian-devel@lists.debian.org, Debian Javascript Maintainers 


* Package name: node-import-meta-resolve
  Version : 4.0.0-1
  Upstream Contact: Titus Wormer 
* URL : https://github.com/wooorm/import-meta-resolve
* License : Expat
  Programming Lang: JavaScript
  Description : Ponyfill for import.meta.resolve - Node.js module

 A module-relative resolution function scoped to each module,
 returning the URL string.
 This module backports an experimental Node.js 21 implementation
 of a standard ECMAScript modules feature.
 It will allow smoother transitions when upgrading Node.js.
 .
 Node.js is an event-based server-side JavaScript engine.

This module will be team-maintained.

It is an indirect dependency of a bundled front-end module of AWX,
however, I bet it will be needed in the coming months, since
it exposes an interface that is not available by default until
at least Node 22.

Re: Processed: closing 1061512

[Jérémy Lal]

I always wondered if there was a reason to allow unverified BTS access ?

Le jeu. 25 janv. 2024 à 21:27, Debian Bug Tracking System <
ow...@bugs.debian.org> a écrit :

> Processing commands for cont...@bugs.debian.org:
>
> > close 1061512
> Bug #1061512 [general] 4
> Marked Bug as done
> > thanks
> Stopping processing here.
>
> Please contact me if you need assistance.
> --
> 1061512: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061512
> Debian Bug Tracking System
> Contact ow...@bugs.debian.org with problems
>
>

Re: Limited security support for Go/Rust? Re ssh3

[Jérémy Lal]

Le mar. 16 janv. 2024 à 13:09, Bastian Blank  a écrit :

> On Tue, Jan 16, 2024 at 11:22:48AM +0100, Jérémy Lal wrote:
> > I naively believed that golang-* packages expressed those dependencies
> with
> > "Built-Using".
>
> As Built-Using is for license compliance only, no?
>
> See
>
> https://www.debian.org/doc/debian-policy/ch-relationships.html#additional-source-packages-used-to-build-the-binary-built-using


Indeed, thanks for the link.

Re: Limited security support for Go/Rust? Re ssh3

[Jérémy Lal]

Le mar. 16 janv. 2024 à 11:00, Simon Josefsson  a
écrit :

> Paul Wise  writes:
>
> > On Mon, 2024-01-15 at 10:17 +0100, Bastian Blank wrote:
> >
> >> I asked for practical solutions, not theoretical ones.  We don't have a
> >> suitable way to rebuild all packages just because right now.
> >
> > There are some ideas on the static linking wiki page:
> >
> > https://wiki.debian.org/StaticLinking
> >
> > Probably the most practical solution for today would be to use a build
> > info database to find out which builds had installed binary packages
> > containing insecure statically linkable files of any kind, then rebuild
> > the source packages that were affected. There is a 2019 demo here:
> >
> >
> https://salsa.debian.org/bremner/builtin-pho/-/blob/master/demos/needs-rebuild.sh
> > https://www.cs.unb.ca/~bremner//blog/posts/builtin-pho/
> >
> > This may mean rebuilding more packages than were really needed,
> > but a more exact method would require full tracing of input data to
> > output data during builds being added to all toolchains, which seems
> > like a much longer term project than buildinfo based rebuilds.
>
> Rebuilding a bit more than what is strictly needed sounds fine as a
> first solution to me.
>
> My naive approach on how to fix a security problem in package X which is
> statically embedded into other packages A, B, C, ... would be to rebuild
> the transitive closure of all packages that Build-Depends on X and
> publish a security update for all those packages.
>
> What is the problem with that approach to handle security problems in a
> Go package for trixie?
>
> I'm sure the number of packages to rebuild could be reduced in various
> clever ways, but until we have tooling to automate that, a naive but
> costly approach seems feasible, unless i'm missing something.
>
> How large is the gap between tracing buildinfo information and simply
> relying on Build-Depends?
>
> Isn't the gap between using Build-Depends and the buildinfo-approach
> only concerning the always-assumed-to-be-installed packages like libc or
> /bin/sh which I never seems to recall if they are what build-essential
> installs, or what the policy manual says it should do, or what
> 'Essential: yes' implies, or 'Priority: required' implies, etc.  For Go
> packages I don't think they are relevant in practice.
>

I naively believed that golang-* packages expressed those dependencies with
"Built-Using".

Jérémy

Bug#1060793: ITP: node-luxon -- Wrapper for JavaScript dates and times

[Jérémy Lal]

Package: wnpp
Severity: wishlist
Owner: Jérémy Lal 
X-Debbugs-Cc: debian-devel@lists.debian.org, Debian Javascript Maintainers 


* Package name: node-luxon
  Version : 3.4.4
  Upstream Contact: https://github.com/moment/luxon/issues
* URL : https://moment.github.io/luxon/
* License : Expat
  Programming Lang: JavaScript
  Description : Wrapper for JavaScript dates and times

 Luxon provides a set of powerful, modern, and friendly wrappers for
 DateTimes, Durations and Intervals. The API is immutable, chainable,
 and unambiguous. It uses native time zones and internationalization.

Luxon is often used in webapps.
It will be maintained within Javascript team.
In particular I need to upload to Debian to use it in the front-end of AWX 
package.

Bug#1060430: ITP: python-django-test-migrations -- Testing database migrations for Django

[Jérémy Lal]

Package: wnpp
Severity: wishlist
Owner: Jérémy Lal 
X-Debbugs-Cc: debian-devel@lists.debian.org, Debian Python Team 


* Package name: python-django-test-migrations
  Version : 1.3.0
  Upstream Contact: Nikita Sobolev 
* URL : https://github.com/wemake-services/django-test-migrations
* License : Expat
  Programming Lang: Python
  Description : Testing database migrations for Django

 This framework allows one to test migrations with respect to:
  * schema and data
  * forward and rollback
  * order, names
  * database configuration
 It also features fully typed annotations.
 .
 Django is a high-level Python web development framework.

This package will be maintained in python team.

It is a test dependency of awx.
It seems to be a nice piece for testing in Django, and is alive.

Bug#1060265: ITP: python-django-ansible-base -- Reusable base for Ansible applications using Django

[Jérémy Lal]

Package: wnpp
Severity: wishlist
Owner: Jérémy Lal 
X-Debbugs-Cc: debian-devel@lists.debian.org, Debian Python Team 


* Package name: python-django-ansible-base
  Version : 0.1.0
  Upstream Contact: John Westcott IV 
* URL : https://github.com/ansible/django-ansible-base
* License : Apache-2.0
  Programming Lang: Python
  Description : Reusable base for Ansible applications using Django

 This Python library provides a set of classes for building
 Ansible applications using the extensible configurability of
 Django. It currently brings tools for authentication,
 filtering, validation, management commands, logging, models.
 .
 Django is a high-level Python web development framework.

This package is maintained by python team, and is a dependency of awx.

Bug#1060216: ITP: python-django-solo -- Singleton objects helper for Django

[Jérémy Lal]

Package: wnpp
Severity: wishlist
Owner: Jérémy Lal 
X-Debbugs-Cc: debian-devel@lists.debian.org, Debian Python Team 


* Package name: python-django-solo
  Version : 2.1.0
  Upstream Contact: https://github.com/lazybird/django-solo/issues
* URL : https://github.com/lazybird/django-solo
* License : CC-BY-3.0
  Programming Lang: Python
  Description : Singleton objects helper for Django

 Solo helps to enforce instantiating only one instance of a model
 in Django. Singletons are database tables with only one row.
 .
 Django is a high-level Python web development framework.

This package will be maintained by python team, is used by awx.
Also seems to be a good django module.

Bug#1060210: ITP: python-djangorestframework-yaml -- YAML parser and renderer for Django REST Framework

[Jérémy Lal]

Package: wnpp
Severity: wishlist
Owner: Jérémy Lal 
X-Debbugs-Cc: debian-devel@lists.debian.org, Debian Python Team 


* Package name: python-djangorestframework-yaml
  Version : 3.0.1
  Upstream Contact: José Padilla , Xavier Francisco 

* URL : https://github.com/Qu4tro/drf-yaml
* License : BSD-3-clause
  Programming Lang: Python
  Description : YAML parser and renderer for Django REST Framework

 This library exports a parser class and a renderer for the
 Django REST Framework, allowing YAML parsing et serialization.
 .
 Django REST framework is a powerful and flexible toolkit for
 building Web APIs.

This package is maintained in python team.
It is a dependency of awx, and might also be useful for
django rest framework users.
I'm packaging the fork under the name of the original,
because the fork only did maintenance, and the original
has been inactive for four years.

Bug#1060184: ITP: python-django-guid -- Identify Django request logs

[Jérémy Lal]

Package: wnpp
Severity: wishlist
Owner: Jérémy Lal 
X-Debbugs-Cc: debian-devel@lists.debian.org, Debian Python Team 


* Package name: python-django-guid
  Version : 3.4.1
  Upstream Contact: Jonas Krüger Svensson 
* URL : https://github.com/snok/django-guid
* License : Expat
  Programming Lang: Python
  Description : Identify Django request logs

 This library allows one to attach a unique ID to all log outputs
 for every request, making debugging more simple.
 .
 Django is a high-level Python web development framework.

It will be maintained by python team and is a dependency of awx.

Bug#1060183: ITP: python3-django-crum -- Current request user capture middleware for Django

[Jérémy Lal]

Package: wnpp
Severity: wishlist
Owner: Jérémy Lal 
X-Debbugs-Cc: debian-devel@lists.debian.org, Debian Python Team 


* Package name: python3-django-crum
  Version : 0.7.9
  Upstream Contact: ch...@ninemoreminutes.com
* URL : https://github.com/ninemoreminutes/django-crum/
* License : BSD-3-clause
  Programming Lang: Python
  Description : Current request user capture middleware for Django

 This Python library enables apps to check permissions, capture
 audit trails or access the current request and user without
 requiring the request object to be passed directly.
 .
 Django is a high-level Python web development framework.

It will be maintained in Debian Python Team, and is a dependency
of awx.

Bug#1060168: ITP: python-json-log-formatter -- JSON formatter logging for Python

[Jérémy Lal]

Package: wnpp
Severity: wishlist
Owner: Jérémy Lal 
X-Debbugs-Cc: debian-devel@lists.debian.org, Debian Python Team 


* Package name: python-json-log-formatter
  Version : 0.5.2
  Upstream Contact: https://github.com/marselester/json-log-formatter/issues/new
* URL : https://github.com/marselester/json-log-formatter
* License : Expat
  Programming Lang: Python
  Description : JSON formatter logging for Python

 This library allows one to configure Python logging to
 use a JSON formatter.

This library will be under Debian Python Team 
maintenance, and is a dependency of awx.

Bug#1060068: ITP: python3-asn1 -- Simple ASN.1 encoder and decoder for Python

[Jérémy Lal]

Package: wnpp
Severity: wishlist
Owner: Jérémy Lal 
X-Debbugs-Cc: debian-devel@lists.debian.org, Debian Python Team 


* Package name: python3-asn1
  Version : 2.7.0
  Upstream Contact: Sebastien Andrivet 
* URL : https://github.com/andrivet/python-asn1
* License : Expat
  Programming Lang: Python
  Description : Simple ASN.1 encoder and decoder for Python

 This pure Python library features:
 * a BER decoder
 * a DER decoder and encoder (except indefinite lengths)

This package has still an active upstream (contrary to pyasn1),
and is a dependency of awx.
Its maintenance will be done inside python-team.

Bug#1059733: ITP: golang-k8s-client-go -- Go client for Kubernetes

[Jérémy Lal]

Package: wnpp
Severity: wishlist
Owner: Jérémy Lal 
X-Debbugs-Cc: debian-devel@lists.debian.org, Debian Go Packaging Team 


* Package name: golang-k8s-client-go
  Version : 0.29.0
  Upstream Contact: https://github.com/kubernetes/client-go/issues
* URL : https://github.com/kubernetes/client-go
* License : Apache-2.0
  Programming Lang: Golang
  Description : Go client for Kubernetes

 Go clients for talking to a kubernetes cluster.
  * The kubernetes package contains the clientset to access Kubernetes
API.
  * The discovery package is used to discover APIs supported by a
Kubernetes API server.
  * The dynamic package contains a dynamic client that can perform
generic operations on arbitrary Kubernetes API objects.
  * The plugin/pkg/client/auth packages contain optional authentication
plugins for obtaining credentials from external sources.
  * The transport package is used to set up auth and start a connection.
  * The tools/cache package is useful for writing controllers.

This package will be published in go-team.

It is needed by kubernetes, and other projects like receptor, which is a 
controller for awx.

Bug#1058807: ITP: acme.sh -- Pure unix shell script implementing ACME client protocol

[Jérémy Lal]

Package: wnpp
Severity: wishlist
Owner: Jérémy Lal 
X-Debbugs-Cc: debian-devel@lists.debian.org

* Package name: acme.sh
  Version : 3.0.7
  Upstream Contact: w...@neilpang.com
* URL : https://acme.sh
* License : GPL-3
  Programming Lang: Shell
  Description : Pure unix shell script implementing ACME client protocol

 The acme.sh executable has minimal dependencies and maximal features:
 - full ACME protocol implementation
 - ECDSA certificates support
 - SAN and wildcard certificates with many DNS providers support
 - issue then renew and deploy automatically
 - does not require privileged user

This acme.sh tool is a must-have for everyone who stumbled upon
certbot shotcomings. It is odd that it isn't already in debian.

Bug#1057415: ITP: golang-github-ghjm-cmdline -- Command line parser with multiple configurations for the Go language

[Jérémy Lal]

Package: wnpp
Severity: wishlist
Owner: Jérémy Lal 
X-Debbugs-Cc: debian-devel@lists.debian.org, Debian Go Packaging Team 


* Package name: golang-github-ghjm-cmdline
  Version : 0.1.2
  Upstream Contact: Graham Mainwaring
* URL : https://github.com/ghjm/cmdline
* License : Apache-2.0
  Programming Lang: Golang
  Description : Command line parser with multiple configurations for the Go 
language

 This package provides a parsing and execution framework based on
 the idea that structs define accepted fields, receiver functions,
 and execution phases.
 It is more general than the common Go language command line parser.

This is needed by receptor, a cli needed by awx.
I plan to team-maintain it within pkg-go team.

Jérémy

Re: main-dev

[Jérémy Lal]

Le ven. 10 nov. 2023 à 22:22, Geert Stappers  a
écrit :

>
> Hello,
>
>
> This is about evolving Debian further, for getting beyond a growing pain.
>
>
> In upstream sources are many libraries, crates, modules and such[0].
> Those files are needed during development[1] and packaged for Debian
> for that reason. They are not needed for running the compiled program.
>
> What I want, is to explore if we put those libraries in a special corner
> of the Debian Package Archive, something like 'main-dev'.
>
> Having a different kind of packages means we can threat them differently.
> Which benefits will it bring?
>
> One such thing could be that multiple versions of same library exist.
> ( foo version 0.2  needing baz v0.3.4 and bar v2.0 needing baz v0.3.3 )
>
> Actual goal I want to achieve (goal we Debian should want to achieve) is
> having various ways to improve the process of getting upstream development
> files into Debian. Yeah, currently I think it is too tedious to keep
> with the pace of upstream.
>
> What would be needed to catch-up?
>

Automated updates, and automated crash bug reports (with statistics
notifications).

lintian.debian.org off ?

[Jérémy Lal]

Hi,

Host lintian.debian.org not found: 3(NXDOMAIN)

is this expected ?

Jérémy

Re: security autopkgtests ci

[Jérémy Lal]

Perfect !

Le ven. 30 juin 2023 à 22:58, Paul Gevers  a écrit :

> Hi,
>
> On 30-06-2023 22:40, Jérémy Lal wrote:
> > Nice, but how can we see it when we prepare a package for security team ?
>
> You can't. Only the security team has access to the results. After the
> packages have been released the results will be published and can be
> seen in the history on ci.d.n, e.g. [1] where you'll see a result for
> security-team.
>
> Paul
>
> [1] https://ci.debian.net/packages/o/openjdk-17/oldstable/amd64/
>

Re: security autopkgtests ci

[Jérémy Lal]

Le ven. 30 juin 2023 à 21:41, Paul Gevers  a écrit :

> Hi,
>
> On 30-06-2023 20:14, Jérémy Lal wrote:
> > is there something like a CI for security uploads ?


> Yes.
>

Nice, but how can we see it when we prepare a package for security team ?

security autopkgtests ci

[Jérémy Lal]

Hi,

is there something like a CI for security uploads ?

Jérémy

Re: Évènement parisen pour la sortie de Debian 12 / Bookworm

[Jérémy Lal]

Une idée pour ceux qui ne peuvent pas venir ?
Serait-il possible de venir faire un tour via un jitsi ?

Le mer. 7 juin 2023 à 22:24, Aurélien COUDERC  a écrit :

> Bonjour,
>
> l’apéro est confirmé, vous pouvez vous inscrire et obtenir plus de détails
> ici :
> https://pad.chapril.org/p/aperodebianbookworm
>
> L’évènement a également été publié sur l’agenda du libre.
>
>
> À samedi !
> --
> Aurélien

Re: Yearless copyrights: what do people think?

[Jérémy Lal]

Le mer. 22 févr. 2023 à 15:39, Sam Hartman  a écrit :

> > "Peter" == Peter Pentchev  writes:
>
> Peter> Hi, So I've seen this idea floating around in the past couple
> Peter> of years (and in some places even earlier), but I started
> Peter> doing it for the couple of pieces of software that I am
> Peter> upstream for after reading Daniel Stenberg's blog entry:
> Peter> https://daniel.haxx.se/blog/2023/01/08/copyright-without-years/
>
> Peter> And then, a couple of weeks ago, I quietly checked whether
> Peter> the Debian FTP team would be okay with that by uploading two
> Peter> NEW packages without any years mentioned in the
> Peter> debian/copyright file: either upstream or for my Debian
>
> As Jonas mentions, including the years allows people to know when works
> enter the public domain and the license becomes more liberal.
> I think our users are better served by knowing when the Debian packaging
> would enter the public domain.
>

Maybe only the first year the copyright was applied is important ?

Jérémy

Many packages will install apache2

[Jérémy Lal]

Hi,

I just keep on removing apache2 on my system, and find it bad that some
updates will reinstall it.
It seems to be coming from dependencies on "apache2 | httpd-cgi"
which favors the former (I have some httpd-cgi installed, just not apache2).
Is it okay to open bugs asking to use instead "httpd-cgi | apache2" ? Which
severity would be correct ? Unless there is a general reason not to do this
?

Jérémy

Bug#1027779: ITP: receptor -- Link controllers with executors across a mesh of nodes

[Jérémy Lal]

Package: wnpp
Severity: wishlist
Owner: Jérémy Lal 
X-Debbugs-Cc: debian-devel@lists.debian.org

* Package name: receptor
  Version : 1.3.0
  Upstream Contact: https://github.com/ansible/receptor/issues
* URL : https://github.com/ansible/receptor
* License : Apache-2.0
  Programming Lang: golang
  Description : Link controllers with executors across a mesh of nodes

Receptor is an overlay network intended to ease the distribution
of work across a large and dispersed collection of workers.
Receptor nodes establish peer-to-peer connections with each other via
existing networks.

Receptor comes as daemon and a python client. This package provides the daemon.
It is a crucial part of ansible/awx, see also
https://bugs.debian.org/908763

Current packaging work is available at
https://salsa.debian.org/go-team/packages/receptor.git

Bug#1025998: ITP: libnginx-mod-js -- JavaScript module for Nginx

[Jérémy Lal]

Package: wnpp
Severity: wishlist
Owner: Jérémy Lal 
X-Debbugs-Cc: debian-devel@lists.debian.org, Debian Nginx Maintainers 


* Package name: libnginx-mod-js
  Version : 0.7.9
  Upstream Contact: nginx-de...@nginx.org
* URL : https://nginx.org/en/docs/njs/
* License : BSD-2-clause
  Programming Lang: C
  Description : JavaScript module for Nginx

This module extends Nginx with configuration directives
that allows one to run a subset of ECMAScript 5.1 (and later
extensions) language.
Its HTTP module features integration with
 - response body filter
 - location content handler
 - http, server, location variables
Its Stream module features integration with
  - the access phase
  - the content phase
  - stream, server variables

I have been using Lua in Nginx for a while, and that's fine,
with an abundant ecosystem. However JavaScript extensions
in Nginx is going to be way more easy, and there is a trend
in that direction.
So I will be using that package, and maintaining it as well
in the nginx team.

Re: looking for debian friendly web app technology

[Jérémy Lal]

Hi,


Le ven. 9 déc. 2022 à 13:13, Andreas Josef Heil  a
écrit :
>
> Hi!
>
> I'd like to develop a free software web app and I wanne be the debian
> maintainer for it. It should be fully integrated to debian und freedombox.
>
> What web technology should I use? My first choice is
> vuejs/vuetify/express/typeorm, but vuetify and typeorm are not packaged
> for debian. Is it difficult to add them to debian? My second choice is
> be django/bootstrap/jquery. They are packaged for debian but it's not as
> modern as vuejs.
>
> What do you recommend?


Could you ask this to pkg-javascript-de...@alioth-lists.debian.net ?

Thanks,
Jérémy

Bug#1025291: ITP: libnginx-mod-http-set-misc -- Extended rewrite directives module for Nginx

[Jérémy Lal]

Package: wnpp
Severity: wishlist
Owner: Jérémy Lal 
X-Debbugs-Cc: debian-devel@lists.debian.org, Debian Nginx Maintainers 


* Package name: libnginx-mod-http-set-misc
  Version : 0.33
  Upstream Author : Yichun "agentzh" Zhang (章亦春) agen...@gmail.com
* URL : https://github.com/openresty/set-misc-nginx-module
* License : BSD-2-clause
  Programming Lang: C
  Description : Extended rewrite directives module for Nginx

 This module provides more directives that can be used in
 the Nginx rewrite phase, like the 'set' directive.
 - URI escaping and unescaping
 - JSON quoting
 - digests encoding and decoding
 - random number generator

This is another module that is part of a cache stack for Nginx,
along with srcache, and memc.
It is put in nginx-team, and I will upload it and take care of it.

Bug#1025289: ITP: libnginx-mod-http-memc -- Extended memcached commands module for Nginx

[Jérémy Lal]

Package: wnpp
Severity: wishlist
Owner: Jérémy Lal 
X-Debbugs-Cc: debian-devel@lists.debian.org, Debian Nginx Maintainers 


* Package name: libnginx-mod-http-memc
  Version : 0.19
  Upstream Author : Yichun "agentzh" Zhang (章亦春) agen...@gmail.com
* URL : https://github.com/openresty/memc-nginx-module
* License : BSD-2-clause
  Programming Lang: C
  Description : Extended memcached commands module for Nginx

 This module supports almost the whole memcached ascii protocol,
 and provides many more commands than the embedded memcached
 module in Nginx.
 The libnginx-mod-http-srcache-filter module can be configured to
 use that module to cache responses.

This is nginx-team maintained and I will upload and take care of it.

Bug#1025288: ITP: libnginx-mod-http-srcache -- Transparent caching layer for Nginx

[Jérémy Lal]

Package: wnpp
Severity: wishlist
Owner: Jérémy Lal 
X-Debbugs-Cc: debian-devel@lists.debian.org, Debian Nginx Maintainers 


* Package name: libnginx-mod-http-srcache
  Version : 0.32
  Upstream Author : Yichun "agentzh" Zhang (章亦春) agen...@gmail.com
* URL : https://github.com/openresty/srcache-nginx-module
* License : BSD-2-clause
  Programming Lang: C
  Description : Transparent caching layer for Nginx

 This module provides a transparent caching layer for arbitrary nginx
 locations. The caching behavior is mostly compatible with RFC 2616.
 It allows full configuration through its nginx directives.

 - this package is awesome and I've been using it for many years.
   The ability to build it outside nginx source triggered the
   possibility to package it properly.
 - this will be maintained inside nginx team. I plan to be
   the uploader. Jan Mojžíš helped packaging it.

Bug#1022163: ITP: video-downloader -- Download videos from websites with an easy-to-use interface

[Jérémy Lal]

Package: wnpp
Severity: wishlist
Owner: Jérémy Lal 
X-Debbugs-Cc: debian-devel@lists.debian.org

* Package name: video-downloader
  Version : 0.10.9
  Upstream Author : Unrud 
* URL : https://github.com/Unrud/video-downloader
* License : GPL-3+
  Programming Lang: Python
  Description : Download videos from websites with an easy-to-use interface

 This package is an easy-to-use user interface based on yt-dlp.
 It provides the following features:
  - Convert videos to MP3
  - Supports password-protected and private videos
  - Download single videos or whole playlists
  - Automatically selects a video format based on your quality demands
 .
 yt-dlp is a command-line program to download videos from a variety of
 supported websites.

I've been using this software for a while, it has a nice and simple 
Gnome-styled UI,
nicer than current alternatives in Debian.
It is actively maintained.
It will be python-team maintained.

Re: Switch default from PulseAudio to PipeWire (and WirePlumber) for audio

[Jérémy Lal]

Le ven. 9 sept. 2022 à 15:06, Vincent Bernat  a écrit :

> On 2022-09-09 04:51, Paul Wise wrote:
> > On Thu, 2022-09-08 at 17:58 +0200, Dylan Aïssi wrote:
> >
> >> I have been asked several times regarding when Debian will switch its
> default
> >> sound server from PulseAudio to PipeWire without having an official
> answer.
> >> Thus, I suppose it's the right time to start a discussion about that.
> >
> > I switched to PipeWire some time ago. I don't have particularly complex
> > audio needs (just AUX/headphones on a desktop). When the system is
> > under load and the CPU throttled, I get choppy audio, which is
> > especially annoying when the load is caused by a video. That doesn't
> > happen with PulseAudio and setting the quantum to 2048 is a workaround.
> >
> > pw-metadata -n settings 0 clock.force-quantum 2048
> >
> > Probably there are more of these sorts of issues, so I agree we should
> > switch to it by default sooner rather than later to find the problems.
>
> I also had this issue. This was greatly improved since May and I am now
> using it instead of PulseAudio. Check that you have rtkit-daemon
> installed. It helps.


wireplumber (up-to-date sid) on an armhf laptop:
- same problem as above (even with rtkit + force-quantum) which wasn't the
case with pulseaudio
- micro no longer recognized
- hdmi audio jack no longer recognized
- headphones have no sound
This laptop have a rockchip alsa ucm2 profile, alsa sees speakers, micro,
headphones, hdmi,
but not pipewire apparently.

Bug#1019383: ITP: node-cjs-module-lexer -- Fast lexer to extract named exports from CommonJS modules

[Jérémy Lal]

Package: wnpp
Severity: wishlist
Owner: Jérémy Lal 
X-Debbugs-Cc: debian-devel@lists.debian.org

* Package name: node-cjs-module-lexer
  Version : 1.2.2
  Upstream Author : Guy Bedford
* URL : https://github.com/nodejs/cjs-module-lexer#readme
* License : Expat
  Programming Lang: JavaScript
  Description : Fast lexer to extract named exports from CommonJS modules

 Very fast JavaScript CommonJS module syntax lexer used to detect
 the most likely list of named exports of a CommonJS module.
 .
 It is used by Node.js for CommonJS and ES Modules interoperability.
 .
 Node.js is an event-based server-side JavaScript engine.

For now nodejs and jest both have a bundled copy of it, and both don't
generate the wasm build, so this package is meant to fix that.

It also makes it cleaner for nodejs internal modules to be externalized.

It is stable, and I intend to maintain this package along with nodejs
in pkg-javascript team.

Re: LTO and ABI compatibility

[Jérémy Lal]

Le sam. 23 juil. 2022 à 02:45, Seth Arnold  a
écrit :

> On Fri, Jul 22, 2022 at 03:30:16PM +0200, Hideki Yamane wrote:
> >  Fedora, openSUSE, and Ubuntu did LTO by default, and I've not heard
> about
> >  any wrong. Is the situation in Debian differ from theirs?
>
> Not everything works with LTO right away: debugging build problems or
> runtime problems takes effort.
>
> Ubuntu has kept track of some problematic packages via a new package:
> https://launchpad.net/ubuntu/+source/lto-disabled-list/+changelog


While the list seems big, It looks like it has packages that don't compile
stuff,
like some pure js node modules. In particular, node-babel may not even be
an actual package name.

Jérémy

When uploading a package we get two mails. Could it be one ?

[Jérémy Lal]

Hi,

Is it some misconfiguration on my side ?
When a package is uploaded, we get two emails:

node-d3-color_1.2.8-3_source.changes ACCEPTED into unstable
Accepted node-d3-color 1.2.8-3 (source) into unstable

Couldn't this be just one email ?

Jérémy

Re: use of Recommends by vlc to force users to use pipewire

[Jérémy Lal]

Le jeu. 26 mai 2022 à 21:08, Simon McVittie  a écrit :

> On Thu, 26 May 2022 at 17:21:27 +0200, Vincent Lefevre wrote:
> > Here, this could be
> >
> >   Recommends: pipewire | pulseaudio
>
> Those are not interchangeable.
>
> pipewire started as a multiplexer for video streams, and only later
> gained audio capabilities. The reason most people with pipewire will
> have it installed is that it's necessary when doing screen-sharing or
> screencasting from a Wayland environment like GNOME.
>
> If you're *also* using pipewire as an audio multiplexing server, which
> is not the default for any installation of Debian yet (but might be in
> future), then you will also need pipewire-pulse, which has two purposes:
>
> * it configures the pipewire service to open the audio device;
> * it provides a separate PulseAudio-compatible server which acts as a
>   wire-protocol-compatible replacement for pulseaudio
>
> Without pipewire-pulse, pipewire is only a video multiplexer, not an
> audio multiplexer.
>
> pipewire is actually more like a metapackage, which pulls in the packages
> that are needed to have Pipewire actually work for a particular library
> architecture (libpipewire-0.3-0 cannot pull in libpipewire-0.3-modules
> itself, because that would be a circular dependency), together with the
> pipewire service from the primary architecture (pipewire-bin).
>
> > Indeed, for a remote VM, it is silly to recommend a sound server,
> > just because a library appears in the chain of dependencies:
> >
> > joooj:~> apt-get install -s atril | grep '^Inst pipewire'
>
> It looks like that's happening because atril depends on WebKitGTK, a
> relatively complete web browser engine, which uses xdg-desktop-portal
> to invoke per-user services across a sandbox boundary (so that it can
> provide the web APIs people expect from it, without having arbitrary
> websites able to access your webcam without your permission).
>
> xdg-desktop-portal depends on pipewire because one of the services it
> provides is access to webcams, and another is screen-sharing and
> screencasting. Both of those use the Pipewire video protocol to get the
> actual frames across the sandbox boundary.
>
> Maybe Atril never actually uses WebKitGTK to access arbitrary websites,
> but WebKitGTK is a fully-featured web browser engine, so it has to
> be prepared to do anything that an arbitrary website expects to work,
> and that includes (for example) the Jitsi web frontend.
>
> > Ditto for the gnucash accounting software
>
> Same dependency here: it depends on WebKitGTK.
>


That's an incredibly interesting explanation. Should be part of a wiki
somewhere !

Bug#1010470: ITP: node-undici -- HTTP/1.1 client written from scratch for Node.js

[Jérémy Lal]

Package: wnpp
Severity: wishlist
Owner: Jérémy Lal 
X-Debbugs-Cc: debian-devel@lists.debian.org

* Package name: node-undici
  Version : 5.0.0
  Upstream Author : Matteo Collina 
* URL : https://undici.nodejs.org
* License : Expat
  Programming Lang: JavaScript
  Description : HTTP/1.1 client written from scratch for Node.js

 This module provides the Node.js core HTTP client, using
 WebAssembly to achieve performance and pluggability.
 It brings features like:
 - redirect support
 - native mocking layer using MockAgent
 - Client, Pool, Agent are unified by a Dispatcher API
 .
 Node.js is an event-based server-side JavaScript engine.

This module is going to be a must-have for all HTTP clients that can
run on js+wasm platforms, so it is best packaged separately, as
intended by upstream Node.js.
It also features a parser generator, javascript producing C, and
the generated C compiled to WebAssembly.

Re: faciliter la contribution ?

[Jérémy Lal]

On Sat, Apr 2, 2022 at 3:42 PM Marc Chantreux  wrote:

> > En fait reportbug fait aussi fuir certains développeurs debian
>
> je metterais bien les pieds dedans pour en extraire les parties
> intéressantes mais c'est du python: un vrai tueur de toute motivation
> chez moi.
>

Du perl:
https://salsa.debian.org/debbugs-team/debbugs/-/tree/master/lib/Debbugs

Re: faciliter la contribution ?

[Jérémy Lal]

On Sat, Apr 2, 2022 at 1:25 PM Marc Chantreux  wrote:

> > > apt show gitweb > gitweb-control
> > > quilt new typo
> > > EDITOR='sed -i s/cdi/cgi/' quilt edit control
> > > quilt refresh
> > > mutt -H- -s 'gitweb: typo in french control' \
> > > sp...@debian.org < patches/typo
>
> > possible, via reportbug, de créer le bug et dans le mail qui le crée, de
> > joindre le patch.
>
> mon exemple ci-avant m'a couté 0 temps de réflexion donc j'aurais
> tendance à le faire.
>
> reportbug est un outils à l'ergonomie tout a fait discutable, qui tente
> de faire beaucoup trop de truc, qui le fait mal et qui ne s'intègre pas
> facilement dans un workflow rodé ou dans un SI particulier.
>
> c'est peut-être pas lourd, je te l'accorde, mais assez mal fichu pour
> faire fuire des contributeurs occasionnels. j'en ai parlé sur le campus
> et dans le lug: même constat. pour pousser les gens à la contribution,
> j'ai tenté de dire que ce serait cool de créer l'équivalent de spoon à
> strasbourg (et c'est probablement ce qu'on va faire si notre volontaire
> ne nous fait pas faux bon) mais je me disais que le besoin était
> peut-être plus général.


En fait reportbug fait aussi fuir certains développeurs debian.
C'est une ergonomie pensée il y a 22 ans... ça a plutôt bien vieilli en
fait.

Jérémy

Re: funding salsa runners for planning transitions with lots of reverse build deps

[Jérémy Lal]

On Wed, Mar 23, 2022 at 1:04 AM Paul Wise  wrote:

> Jérémy Lal wrote:
>
> > I asked, and got that answer:
> > "The shared runners are definitely not for such kind of rebuilds."
> > https://salsa.debian.org/salsa/support/-/issues/291#note_301386
>
> Perhaps the existing infra for archive-wide rebuilds could be used?
>
> https://wiki.debian.org/qa.debian.org/ArchiveTesting
>
> Otherwise combining ratt and debomatic or other hardware might work:
>
> https://packages.debian.org/ratt
> https://debomatic.github.io/


Well, installing gitlab-runner + systemd-nspawn is really easy and
lightweight,
so I'll stick with that.

https://wiki.debian.org/Hardware/Wanted#Available_hardware


Yes, that is the information I needed, thank you !

Jérémy

Re: funding salsa runners for planning transitions with lots of reverse build deps

[Jérémy Lal]

On Tue, Mar 22, 2022 at 9:18 PM Shengjing Zhu  wrote:

> On Wed, Mar 23, 2022 at 4:09 AM Jérémy Lal  wrote:
> >
> > Hi,
> >
> > I think Salsa CI is a great tool for rebuilding all the reverse build
> dependencies
> > of a given package (here nodejs, but it applies to all others).
> > Unfortunately, the current salsa gitlab runners available are not scaled
> to be
> > able to handle that use case.
>
> Are the runners, or Salsa, or the GitLab(software) itself not scaled
> to handle such cases?
>
> I have the impression that Google Cloud has funded the shared runners,
> and the budget is not the problem.
>

I asked, and got that answer:
"The shared runners are definitely not for such kind of rebuilds."
https://salsa.debian.org/salsa/support/-/issues/291#note_301386

Jérémy

funding salsa runners for planning transitions with lots of reverse build deps

[Jérémy Lal]

Hi,

I think Salsa CI is a great tool for rebuilding all the reverse build
dependencies
of a given package (here nodejs, but it applies to all others).
Unfortunately, the current salsa gitlab runners available are not scaled to
be
able to handle that use case.
Of course, ideally, it would be great if all salsa teams could do that
kind of task
using shared runners, or perhaps another group of shared runners, different
from
the one used to do pure CI.
Finding some sponsors willing to provide some server resources for runners
should be doable, but it raises some questions:
- how can a sponsor advertise its participation to Debian ? Is there a
legal framework for this ?
- is it ok if we have runners that are only meant to be used by a salsa
team ?

Regards,
Jérémy

Re: Re: No mips64el porterbox?

[Jérémy Lal]

On Sat, Mar 19, 2022 at 4:40 PM Nilesh Patra  wrote:

> Quoting Julien Pudyt
> > Le mardi 01 mars 2022 à 10:34 +0100, Sebastiaan Couwenberg a écrit :
> >> On 3/1/22 10:28, Julien Puydt wrote:
> >> > Is there really no mips64el porterbox, or is it only a transitory
> >> > situation?
> >>
> >> eller.debian.org has mips64el chroots.
> >>
>
> > How do I use one of those and not a mipsel one? I'm using
> > https://dsa.debian.org/doc/schroot/ as usual, and it looks like I'm
> > getting a mipsel and not mips64el...
>
> Just in case this helps, I use this very helpful script from Enrico Zini,
> you can find it here[1]
>
> So for mips64el, just do
>
> $ debug-on-porterbox mips64el --host eller.debian.org


Already documented here (since 2021-01), with a link to Enrico's blog post:
https://wiki.debian.org/PorterBoxHowToUse

Re: Bits from the Release Team: bookworm freeze dates (preliminary)

[Jérémy Lal]

On Mon, Mar 14, 2022 at 9:36 PM Paul Gevers  wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Dear all,
>
> We are currently considering the following dates as our freeze
> dates. If you are aware of major clashes of these dates with anything
> we depend on please let us know. We also like to stress again that we
> really would like to have a short Hard and Full Freeze (counting in
> weeks, rather than months), so please plan accordingly. If serious
> delays turn up during any of the Freeze steps, we rather (partially or
> completely) thaw bookworm again than staying frozen for a long time.
>
> 2022-01-12  - Milestone 1 - Transition and toolchain freeze
> 2022-02-12  - Milestone 2 - Soft Freeze
> 2022-03-12  - Milestone 3 - Hard Freeze - for key packages and
> packages without autopkgtests
> To be announced - Milestone 4 - Full Freeze
>
> On behalf of the Release Team,
> Paul
>

Is it possible to adopt ISO8601 dates like -MM-DD please (to avoid
heart attacks) ?

Jérémy

Re: No mips64el porterbox?

[Jérémy Lal]

On Tue, Mar 1, 2022 at 10:28 AM Julien Puydt  wrote:

> Hi,
>
> one of my package has a failure on mips64el and upstream is ready to
> help me find the cause and debug the issue.
>
> Unfortunately, on https://db.debian.org/machines.cgi I only see five
> developer machines on this architecture -- all buildd!
>

The "architecture" column filter is not the one to use to find a porter box
for a given architecture,
that's why you did not find it.

Jérémy

Re: Finding rough consensus on level of vendoring for large upstreams

[Jérémy Lal]

Le ven. 3 sept. 2021 à 00:39, Phil Morrell  a écrit :

> Over this last year there seems to have been a noticeable divergence of
> maintainer opinion, on what has become known as vendoring, from a strict
> reading of [policy 4.13]. I think it's notable that the heading is
> [Embedded] copies and was [Convenience] copies since its inception,
> thankfully I found a request to expand this section using [vendoring].
>
> [policy 4.13]:
> https://www.debian.org/doc/debian-policy/ch-source.html#embedded-code-copies
> [Embedded]: https://bugs.debian.org/955036
> [Convenience]: https://bugs.debian.org/392362
> [vendoring]: https://bugs.debian.org/907051
>
> It is my reading of the situation that not only has this practice become
> more prevalent across multiple ecosystems since 2008, but that it can be
> a good thing when upstreams use it to better modularise their code. As a
> consequence, and in particular for large upstream projects, it is not a
> good use of maintainer time to package every single vendored library as
> a separate source package. See e.g. [kubernetes], [python BoF @25mins],
> [android-platform-tools], and even [uscan] grouping used by nodejs.
>
> [kubernetes]: https://bugs.debian.org/971515#172
> [python BoF @25mins]:
> https://meetings-archive.debian.net/pub/debian-meetings/2021/DebConf21/debconf21-97-python-team-bof.webm
> [android-platform-tools
> ]:
> https://salsa.debian.org/android-tools-team/admin/-/issues/40
> [uscan]: https://manpages.debian.org/uscan#grouped_package
>
> Is there any objection to the following summary?
>

> 1. If the reused code is small and intended to be embedded into a
>package, then this MUST be documented in the [security-tracker].
> 2. If the included project has already been packaged, then the Debian
>version SHOULD be used instead.
> 3. If modifications have been made, then those changes SHOULD be
>forwarded and/or the package ported to the official version.
> 4. When 2 or 3 are too onerous to maintain, the package MAY use the
>convenience copy but MUST document why in README.source and SHOULD be
>included in the [security-tracker].
> 5. Where only a small number of unrelated projects are bundled, they
>SHOULD be uploaded as separate source packages.
> 6. If the upstream authors are largely the same, then vendored
>sub-projects MAY simply be built together as the same source.
> 7. A large number of vendored dependencies used only together for a
>single Debian package MAY be grouped into a single source upload.
> 8. If 6 or 7 are used initially but a new package has some overlap, then
>the new package MUST NOT duplicate the vendoring. The duplication
>SHOULD be packaged separately, then the original package SHOULD be
>updated to use the Debian version instead.
> 9. When upstream has a proven track record of promptly handling security
>vulnerabilities inside their vendored dependencies, then maintainers
>SHOULD follow the same practice, updating versions in lockstep.
>

a couple naive questions:
- should a package debian/control list bundled dependencies to make
sure to avoid duplications ?
- when a bundled package dependency is already available in debian,
and is the same (unpatched), should the upstream source tarball be
repacked without that dependency, or kept inside the source tarball ?

Jérémy

Bug#991761: ITP: swc -- A super-fast typescript / javascript compiler written in rust

[Jérémy Lal]

Package: wnpp
Severity: wishlist
Owner: Jérémy Lal 
X-Debbugs-Cc: debian-devel@lists.debian.org, 
pkg-javascript-de...@alioth-lists.debian.net

* Package name: swc
  Version : 1.2.70
  Upstream Author : kdy1 
* URL : https://swc.rs/
* License : Apache-2.0 or Expat
  Programming Lang: Rust, Nodejs
  Description : A super-fast typescript / javascript compiler written in 
rust

swc is a typescript / javascript transpiler.
It consumes javascript or typescript file written in one version
of these languages and emits javascript code which can be executed
on javascript engines that are not yet supporting latest features.
.
It is an order a magnitude faster than similar projects written in
javascript.
.
It also provides spack, a full featured javascript modules bundler
that can do tree shaking among other things.

swc is a game changer for javascript development / deployment.
It can transpile, bundle, minify a large project in second(s).
It is now quite mature and usable.

Re: debian names

[Jérémy Lal]

Le lun. 9 nov. 2020 à 00:25, Paul Sutton  a écrit :

> On 08/11/2020 21:41, Jérémy Lal wrote:
> > Using toy story names for debian releases surely isn't free from any
> > disney/pixar license ?
> > Or is it ?
>
> Given we have been using them for nearly 30 years (scary eh), I don't
> think they are going to bother too much.
>
> I think trademarks only become an issue when the names get confused,
> with another product, or a company is just in to bullying others over a
> name.
>
> There was a company called Utube here (UK) (made tubes) that got sued by
> youtube, and a pub, with a lord of the rings related name (was there
> before the movies were made) that got sued by the people who made the
> movies.
>
> Some companies are like that, they lack common sense. How do we know
> that disney are not using Debian on their cluster things to render the
> movies.
>
> Plus anyone goto disney world and other parks and get their pic taken
> with a character while wearing a debian t-shirt,  :) I haven't but maybe
> people have.
>

Do you mean that if i coin "Mickey and Donald API" my software won't get
troubles from the owners of those trademarks ?
Considering how agressive american trademarks are defended, i wouldn't
count on that assumption, ever.

Jérémy



> Paul
>
> --
> Paul Sutton, Cert ContSci (Open)
> https://personaljournal.ca/paulsutton/
> OpenPGP : 4350 91C4 C8FB 681B 23A6 7944 8EA9 1B51 E27E 3D99
>
> https://www.linkedin.com/in/paul-sutton-5737171b8/
>

debian names

[Jérémy Lal]

Using toy story names for debian releases surely isn't free from any
disney/pixar license ?
Or is it ?

Re: NEW queue almost empty

[Jérémy Lal]

Who uses ftp nowadays ?
They should be called "super debian masters".

Le dim. 8 nov. 2020 à 21:48, Pierre-Elliott Bécue  a écrit :

> Le lundi 02 novembre 2020 à 13:37:16+0100, Christian Kastner a écrit :
> > The NEW queue length is down a single digit, from ~500 not all too long
> > ago. That's an amazing effort by ftp-master that must have consumed a
> > *lot* of energy.
> >
> > THANK YOU!
>
> Agreed, that's a huge work done, thanks to all FTP Masters!
>
> --
> Pierre-Elliott Bécue
> GPG: 9AE0 4D98 6400 E3B6 7528  F493 0D44 2664 1949 74E2
> It's far easier to fight for one's principles than to live up to them.
>

Re: Why Vcs-* fields are not at least recommended ?

[Jérémy Lal]

Le mer. 19 août 2020 à 19:29, Sean Whitton  a
écrit :

> Hello,
>
> On Wed 19 Aug 2020 at 12:49PM +02, Ulrike Uhlig wrote:
>
> > For actively maintained packages I personally do not understand that
> > people in 2020 develop code without using a VCS and still put out only
> > tarballs. But I might be unaware of some corner cases where this is the
> > only way to do it.
>
> AIUI there are some packages with huge assets which git can't handle.
>
> But not many.
>

About that:
i wonder why just maintaining a debian/ dir is not enough.
The gbp layout with master/upstream/pristine-tar is overkill.

Jérémy

Re: help needed to resolve nodejs transition #963039

[Jérémy Lal]

Le ven. 3 juil. 2020 à 20:53, Jonas Smedegaard  a écrit :

> Quoting Jonas Smedegaard (2020-07-03 20:45:22)
> > Quoting Jérémy Lal (2020-07-03 19:50:55)
> > > I have a problem with the transition of nodejs:
> > > from version 10 with abi libnode64
> > > to version 12 with abi libnode72
> > >
> > > C(++) addons like node-iconv can be compiled using libnode-dev,
> > > so installing an addon automatically installs the right libnodeXX
> version.
> > > (all addons Build-Depend libnode-dev).
> > >
> > > One can install nodejs 10 along with libnode64, and build node-iconv
> > > using libnode-dev 12 which links to libnode72.
> > >
> > > However, running node-iconv tests in the autopkgtests environment
> requires
> > > the nodejs version that is linked against the same libnode abi (i hope
> that
> > > part is obvious).
> > >
> > > But it's not the case: the tests are run with nodejs 10 from testing,
> > > against a package
> > > built with libnode72, so the module loading fails.
> > >
> > > Those failures seem to be preventing transition to testing (which is
> > > understandable).
> > > Two questions:
> > > - how to fix the issue now
> > > - how to fix the issue for good
> > >
> > > Thanks in advance for any help.
> >
> > Have libnodeNN include a symbols file tracking changes to the ABI, so
> > that any C++ addon depending on a part of the ABI which changes gets
> > tightened package dependency on that specific binary release of the ABI.
>
> No wait, that's complete rubbish what I wrote above: We are talking
> about new major releases of the ABI so a symbols file would simply be
> reset completely - and also, what I was thinking should happen already
> does happen: node-iconv depends on a specific libnodeNN.
>
> Problem is (talking to myself here, you already know it) that we need to
> ensure that node-iconv is only ever _loaded_ by that same node as it is
> linked against.
>
> Only way I can imagine ensuring that is to extend symbols/shlibs
> handling to add Breaks (if that is even possible), or add breaks to the
> libnodeNN package itself so that only one libnodeNN can be present on
> the system at once.
>
> In which situations do we need libnodeNN to be co-installable?
>

Some other program linking against libnodePP.
The only case i know of is the one where libnode-dev provides libv8-dev.
But the absence of cases shouldn't be hushhushed.


>
>
>  - Jonas
>
> --
>  * Jonas Smedegaard - idealist & Internet-arkitekt
>  * Tlf.: +45 40843136  Website: http://dr.jones.dk/
>
>  [x] quote me freely  [ ] ask before reusing  [ ] keep private

help needed to resolve nodejs transition #963039

[Jérémy Lal]

Hi,

I have a problem with the transition of nodejs:
from version 10 with abi libnode64
to version 12 with abi libnode72

C(++) addons like node-iconv can be compiled using libnode-dev,
so installing an addon automatically installs the right libnodeXX version.
(all addons Build-Depend libnode-dev).

One can install nodejs 10 along with libnode64, and build node-iconv
using libnode-dev 12 which links to libnode72.

However, running node-iconv tests in the autopkgtests environment requires
the nodejs version that is linked against the same libnode abi (i hope that
part is obvious).

But it's not the case: the tests are run with nodejs 10 from testing,
against a package
built with libnode72, so the module loading fails.

Those failures seem to be preventing transition to testing (which is
understandable).
Two questions:
- how to fix the issue now
- how to fix the issue for good

Thanks in advance for any help.

Jérémy

Bug#908763: ITP: awx -- web-based task engine built on top of ansible

[Jérémy Lal]

Package: wnpp
Followup-For: Bug #908763
Owner: Jérémy Lal 

awx is now at version 13.

I have prepared a simple package that downloads dependencies
using pip and npm - now the huge work is going to package
all deps separately or bundle them:

https://salsa.debian.org/kapouer/awx

Bug#962662: ITP: node-addon-api -- Headers for using Node.js N-API from C++

[Jérémy Lal]

Package: wnpp
Severity: wishlist
Owner: Jérémy Lal 

* Package name: node-addon-api
  Version : 3.0.0
  Upstream Author : Node.js API collaborators
* URL : https://github.com/nodejs/node-addon-api
* License : Expat
  Programming Lang: C++
  Description : Headers for using Node.js N-API from C++

 This package contains header-only C++ wrapper classes which
 simplify the use of the C based N-API provided by Node.js
 when using C++.
 .
 It provides a C++ object model and exception handling semantics
 with low overhead.
 .
 N-API is an ABI stable C interface provided by Node.js for
 building native addons.

With latest Node.js releases, legacy addons will need somewhat
more important rewrites, and now that the stable N-API is available
it's only a matter of time before a C++ addon need this module.

Maintained in pkg-javascript-devel, by me along with node-gyp,
node-nan, nodejs (they go along together).

Bug#954793: ITP: golang-github-caddyserver-certmagic -- Automatic HTTPS using Let's Encrypt

[Jérémy Lal]

Package: wnpp
Severity: wishlist
Owner: Jérémy Lal 

* Package name: golang-github-caddyserver-certmagic
  Version : 0.10.4-1
  Upstream Author : Caddy
* URL : https://github.com/caddyserver/certmagic
* License : Apache-2.0
  Programming Lang: Go
  Description : Automatic HTTPS using Let's Encrypt

Mature and reliable ACME client integration for Go.
Provides a simple interface for a go HTTP server:
- handles redirection to HTTPS automatically
- obtain and renew TLS certificates
- staples OCSP responses

CertMagic supports the full suite of ACME features.

It's a dependency of acme-dns package, and looks quite nice on its own.

Bug#946595: ITP: acme-dns -- Limited DNS server to handle ACME DNS challenges

[Jérémy Lal]

Package: wnpp
Severity: wishlist
Owner: Jérémy Lal 

* Package name: acme-dns
  Version : 0.8
  Upstream Author : Joona Hoikkala
* URL : https://github.com/joohoi/acme-dns
* License : Expat
  Programming Lang: Go
  Description : Limited DNS server to handle ACME DNS challenges

This DNS server is specialized to handle ACME dns-01 challenges,
by providing a simple HTTP API exclusively for TXT record updates
of the "_acme-challenge" subdomain that has been configured with
a CNAME record.

This way, in the unfortunate exposure of API keys, the effects are
limited to the subdomain TXT record in question.

Supports SQLite and PostgreSQL database backends.

A Certbot authentication hook for acme-dns is available separately.

I never packaged go applications so anyone is welcome to co-maintain
or even package this app entirely.

Accepted node-re2 1.10.0-1 (source amd64) into unstable, unstable

[Jérémy Lal]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Wed, 10 Jul 2019 19:30:46 +0200
Source: node-re2
Binary: node-re2 node-re2-dbgsym
Architecture: source amd64
Version: 1.10.0-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Javascript Maintainers 

Changed-By: Jérémy Lal 
Description:
 node-re2   - Node.js bindings for RE2, a fast and safe regular expression engi
Closes: 927866
Changes:
 node-re2 (1.10.0-1) unstable; urgency=medium
 .
   * Initial release (Closes: #927866)
Checksums-Sha1:
 424523fb33826e7eb2c130b95db19165451497a3 2841 node-re2_1.10.0-1.dsc
 a3a9e7696de741ad890523fed61e58d17b4c5542 10404 
node-re2_1.10.0.orig-heya-ice.tar.gz
 142a49af08cd9cc42da4d5b05d61372731457cfb 23975 
node-re2_1.10.0.orig-heya-unify.tar.gz
 178de012ea5215cd1b9e9c5fd6bf84cc3dd234e7 10453 
node-re2_1.10.0.orig-heya-unit.tar.gz
 3c466545bc977d80db2f605e374b1841dbb9ba10 25840 node-re2_1.10.0.orig.tar.gz
 97f0919608fd763c533d6b14221a5aadabc392a8 3296 node-re2_1.10.0-1.debian.tar.xz
 8020ac6721fbe8e5d03c38880f25f810b7c2d6f6 1071640 
node-re2-dbgsym_1.10.0-1_amd64.deb
 5382967ea9a5441270967b169d6e72e1a0eccd67 9569 node-re2_1.10.0-1_amd64.buildinfo
 04b0d78fc697ead96a0b97a1bfe731fa860af680 49956 node-re2_1.10.0-1_amd64.deb
Checksums-Sha256:
 3fa86dcaa8e54c8a791be936ec9fe939f6224f464d4518b93026b7514a89c316 2841 
node-re2_1.10.0-1.dsc
 bdf786e8c2b9440559ac1c815e083a092f30a28593a3b03f2c8b226e90a60f0e 10404 
node-re2_1.10.0.orig-heya-ice.tar.gz
 b5f1b367ff7a69cce6c7a96fa23a7d44dfd301d286be52af5a7e76e6c7a2b6a6 23975 
node-re2_1.10.0.orig-heya-unify.tar.gz
 ca79367930fa60916e6289710661ad8497f4fb36727fc22df94c96cdf792cc7e 10453 
node-re2_1.10.0.orig-heya-unit.tar.gz
 87b0d09a8ea6c746d015374311e7090095723179eff637e05b38ead52fb1ca15 25840 
node-re2_1.10.0.orig.tar.gz
 47243885454885021e4d8d045585c7f4c139bdd58096e40b1c1248bc9d3bf281 3296 
node-re2_1.10.0-1.debian.tar.xz
 5a25937a00d456d7ef4e776b157d1e733cdc8d15a2d6f99cebc3ab86f43ce836 1071640 
node-re2-dbgsym_1.10.0-1_amd64.deb
 27ad8c13d287f6c123c9d3ff2e39305cfe881452072aa4ab7c45ce012aa02124 9569 
node-re2_1.10.0-1_amd64.buildinfo
 5b9ad8aac141345c571bef330e25afeb6a46650e2e4ffc082443eaade7a78cb2 49956 
node-re2_1.10.0-1_amd64.deb
Files:
 1b51ed5958cced0a2331281477564052 2841 javascript optional node-re2_1.10.0-1.dsc
 ea39583dfea8562ce8edcda87d559f9e 10404 javascript optional 
node-re2_1.10.0.orig-heya-ice.tar.gz
 e9bb0135e308a78c040fd44cf763ec94 23975 javascript optional 
node-re2_1.10.0.orig-heya-unify.tar.gz
 6cf9eccf2d18f05fc8d314b060bac25f 10453 javascript optional 
node-re2_1.10.0.orig-heya-unit.tar.gz
 5ba9943cc05fcba0b4262f5370cf72a3 25840 javascript optional 
node-re2_1.10.0.orig.tar.gz
 cdf92d711b774918b6b148a7b904782f 3296 javascript optional 
node-re2_1.10.0-1.debian.tar.xz
 ac44ec4e3643d52c1e45b2be232dc8a6 1071640 debug optional 
node-re2-dbgsym_1.10.0-1_amd64.deb
 57ee4c655b383df427b93d0ce5fa1841 9569 javascript optional 
node-re2_1.10.0-1_amd64.buildinfo
 0c13cc2734bccd3e1a88335cd15a50c3 49956 javascript optional 
node-re2_1.10.0-1_amd64.deb

-BEGIN PGP SIGNATURE-

iQJGBAEBCgAwFiEEA8Tnq7iA9SQwbkgVZhHAXt0583QFAl0mIbMSHGthcG91ZXJA
bWVsaXgub3JnAAoJEGYRwF7dOfN0azsP/34QugRnzpw8+bmXGJlR+8zuTf0fD7BF
mu422igpPVs4QzvW/x9cvPUMv0CWTJNPmKxFckxMZ94XFRz/X/mS6oEHVYgUMsZo
NYoMpVffZhduwi8KLUQEjciH3oumbx35CIzW9/no1A1EDeEe9Vn0mIftM9UKa53W
MGKKLMsW6rPzETIstKCKMVj4OcELCmoDNjVXJmdrwz0o+u9tszDn1irz+4YSc1Mj
FPjoCqq9T6akY2g0LFiCcEgoP4ixm+WPtBxmBjAoLZpWzDiMlXh4UpZ00svPKu8j
gfXkQO1sZTAarkOSEPOF1zbYPpRyIZ+V32U54LkHtSrPLHgQWBLY2rjm8CzL5Z0r
LVj5OY4atysl87iL3DvvIbJ7SBzG6ciewCY7RQwmSv9FgLKzrmv3izufabroHeBf
pDzV4JSzeC9sNxRjaRkwC+lXeDQlHfluQNEqV0GoZztb8V8QBMAWy9bA1995ytA0
78efJl4z7ety4GJgbNaSU/fBBMXs/fxh6fOcomAuH9we38at22JSEJil+8eSffs5
C9ttpXzYyX7AfPXCe9jjGliwUi2deBIChyVrwurFi+1/7h/HN4rqKUj6a0Uklhxo
F2817UHKE847kHvJEkuMWQBOf/C1FLCi2rkqD0YUwk9i49qUArdcYBiggAcTwypH
DZ8LMUtVCBZa
=wWFd
-END PGP SIGNATURE-

Accepted node-re2 1.10.4-1 (source amd64) into unstable, unstable

[Jérémy Lal]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Tue, 29 Oct 2019 22:55:56 +0100
Source: node-re2
Binary: node-re2 node-re2-dbgsym
Architecture: source amd64
Version: 1.10.4-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Javascript Maintainers 

Changed-By: Jérémy Lal 
Description:
 node-re2   - Node.js bindings for RE2, a fast and safe regular expression engi
Changes:
 node-re2 (1.10.4-1) unstable; urgency=medium
 .
   * New upstream version 1.10.4
   * Fix patch to build against system re2
   * Standards-Version 4.4.1
Checksums-Sha1:
 6dfd4520b93e1afbaaae9424addf496d221ec87b 2841 node-re2_1.10.4-1.dsc
 6dcc059e82a0c9925f01ef6bffb0546f5cc695a3 10323 
node-re2_1.10.4.orig-heya-ice.tar.gz
 9b127376701ba7427c7059aa7988a00e28c5c574 23904 
node-re2_1.10.4.orig-heya-unify.tar.gz
 4d6d8e63ae1cb76983a8b89ad174ca2a628f451d 10365 
node-re2_1.10.4.orig-heya-unit.tar.gz
 c9831dfcc5f62324bd37b18b8eaed3a4663085c7 25889 node-re2_1.10.4.orig.tar.gz
 4542e4a93ef90192f6b771ac00bd7230bef2def3 3384 node-re2_1.10.4-1.debian.tar.xz
 3f5785ab83fa04b229ec9a69e9b01d38f801e87e 1057492 
node-re2-dbgsym_1.10.4-1_amd64.deb
 19d73886845bd9b9c233dee4d90328d783b3dba2 9510 node-re2_1.10.4-1_amd64.buildinfo
 8b2dd3b09bbf6227d54960371a0af6bd8254df8e 48736 node-re2_1.10.4-1_amd64.deb
Checksums-Sha256:
 0a8d51933d774405deeb05c6b5618dd0ba2c72b1e544476c16e568698116ddb4 2841 
node-re2_1.10.4-1.dsc
 c7548d9960bbeb593f859ea4f10b379bac95c76eb9b33fd6a8386495c913e16d 10323 
node-re2_1.10.4.orig-heya-ice.tar.gz
 43ad0bebbe9f13e95e2c8c68b786b7da007e415db69b77459b2adddabacbfcd2 23904 
node-re2_1.10.4.orig-heya-unify.tar.gz
 d3bf703d65348f52f1d663877bd6e8148957380ac974ae6804787bc921c2c079 10365 
node-re2_1.10.4.orig-heya-unit.tar.gz
 1b9c5563bb0535fb52f25d9600b5d91d312eadef6363c8ebdea8030aa993bbde 25889 
node-re2_1.10.4.orig.tar.gz
 8a0c54d2669f11f6ba64b5a5e0ac6856f00872130ba8b69ab5c624e1c72a24e8 3384 
node-re2_1.10.4-1.debian.tar.xz
 0b8642f4dab992e11901cff4bc43e29590009585a00278ac3a3267f19d94806c 1057492 
node-re2-dbgsym_1.10.4-1_amd64.deb
 b0dc061513634acc6304a68d95d0829bbd367477d77c0afc18d1832000557808 9510 
node-re2_1.10.4-1_amd64.buildinfo
 c296bc6b7a2a2f13ab110b79207fcdbcc471ac9840153a27846e631c7e9cb7d3 48736 
node-re2_1.10.4-1_amd64.deb
Files:
 0f307c35b2bcf4d5cdf4b7279a357e4b 2841 javascript optional node-re2_1.10.4-1.dsc
 33ed2ba5dc8746346b09402c9a5f6cd5 10323 javascript optional 
node-re2_1.10.4.orig-heya-ice.tar.gz
 e66772f7662feecdf50f97a1f333e19d 23904 javascript optional 
node-re2_1.10.4.orig-heya-unify.tar.gz
 f135a681dcb790176bb2092b893a8c83 10365 javascript optional 
node-re2_1.10.4.orig-heya-unit.tar.gz
 f9ebf04934b0cd5b89fbcd59bdd3cab6 25889 javascript optional 
node-re2_1.10.4.orig.tar.gz
 f18163fb69b48c7681ed015edca0d181 3384 javascript optional 
node-re2_1.10.4-1.debian.tar.xz
 f0ebe60ad20368eb55289a4dc3757ba8 1057492 debug optional 
node-re2-dbgsym_1.10.4-1_amd64.deb
 56837e2c64d0b4d1f42a92c86777fd8d 9510 javascript optional 
node-re2_1.10.4-1_amd64.buildinfo
 6e35525b1b0feaeab00678b2e793d26d 48736 javascript optional 
node-re2_1.10.4-1_amd64.deb

-BEGIN PGP SIGNATURE-

iQJGBAEBCgAwFiEEA8Tnq7iA9SQwbkgVZhHAXt0583QFAl24u7cSHGthcG91ZXJA
bWVsaXgub3JnAAoJEGYRwF7dOfN0oTcQAIe0NQ8jTubB/C4i7z1fUcWndSo8Zihz
7wNo6kfT+4pHrvlCqbPZ/JiVvUQow/5nZMvC9/2ghrh1yCMrY1nDJ2LkTkxVk/mB
FuTmzBrS+UFq7vPehmJmESqgrfD/wbs9cOoKABS6ksLj+wJBua/gcBk5Ght17Wdr
9EOH+gLOHV3C/yMxJ6V2omNVCKhN1+nn2RNYw1n6zoYZH34jaRD2emsKW82L6A0F
mZ6ggmslDvMrEkZleHCmkswmmda6CaVAK3buRExAAtMVcwRDjrYWC7q69DBDVLHi
Mek81z6KZpl5J9hg1b1lTTyULcKGhy0p2C+1dADO9JByn/13cC8oMVpUr5dm4MvL
nPtZmLVhgIbM6JcpXJpHr58OGLjig6E+b6BkkL9aH+5x8EFn7FwpUhMq1QKhNH69
ez+a0w92HTnZI0E2Qj5GpisUYPGVK/oT5pSuRbV7JlFxTslVDp799zVCmr+bwMrO
Ce5gK29uokfWIRUqNDvw5+5xUbIgAof2O8eFko+fc733yJGJQTJIC4nFpXdDtpL8
63q9pOxWCNZYoR0UPYsJH4MJhoU+rKsScZIr8pzxjNUFn2KSrgYSapvEb8EzeNL2
FqnwjuE1bULW6qoCzjh8Q1P9tkdrhEQZW0LBWiyRAbUCiBD3kAXiZQQgQxeFzJrb
YDlKUHSuKd3i
=RFZ0
-END PGP SIGNATURE-

Accepted nodejs 12.13.1~dfsg-1 (source) into experimental

[Jérémy Lal]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Tue, 19 Nov 2019 15:34:06 +0100
Source: nodejs
Architecture: source
Version: 12.13.1~dfsg-1
Distribution: experimental
Urgency: medium
Maintainer: Debian Javascript Maintainers 

Changed-By: Jérémy Lal 
Changes:
 nodejs (12.13.1~dfsg-1) experimental; urgency=medium
 .
   * New upstream version 12.13.1~dfsg
   * gsplit-dwarf for all mips variants
   * Standards-Version 4.4.1
   * Non-trivial refresh of make-doc patch
   * Remove uv 1.30 compatibility patch
   * Depends libuv1-dev >= 1.33
   * Override source-is-missing to work around pattern matching issues
   * Comment kfreebsd patch in series to keep lintian quiet
Checksums-Sha1:
 51a25c349f8386b0f15dc70fd1eee29f752e6f67 3093 nodejs_12.13.1~dfsg-1.dsc
 63210a14417e1e540bbbc34ced5c24c42207be82 18649692 
nodejs_12.13.1~dfsg.orig.tar.xz
 3e5609322215ba2857ebe131cca8dabda6c90efb 95752 
nodejs_12.13.1~dfsg-1.debian.tar.xz
 6fa7e8b166d6eb542767329728698a7697c5911a 14140 
nodejs_12.13.1~dfsg-1_source.buildinfo
Checksums-Sha256:
 6353f9efe0c7ba3b80d8533113d8454c3ed8b264a388f28416ef3a255e7e3811 3093 
nodejs_12.13.1~dfsg-1.dsc
 c47840d2111c6f259cb76647da971b6a3e168898fb7c35b6053ad2186399fa38 18649692 
nodejs_12.13.1~dfsg.orig.tar.xz
 3f0403d9a2584b2a0d96edeaed83038d12688a7fa61073d9ae9a7c9ba9e8295f 95752 
nodejs_12.13.1~dfsg-1.debian.tar.xz
 b7e0e4a6d68869e033d566d4027f4a1ecf1626d702984e95713c111d199900ea 14140 
nodejs_12.13.1~dfsg-1_source.buildinfo
Files:
 30e637e12ae19609d1f45dc2d11f678a 3093 javascript optional 
nodejs_12.13.1~dfsg-1.dsc
 b6d6e2a875b2597abd649a2cc8810313 18649692 javascript optional 
nodejs_12.13.1~dfsg.orig.tar.xz
 561e6dbe0a791a7f828ba52d03c79681 95752 javascript optional 
nodejs_12.13.1~dfsg-1.debian.tar.xz
 35d87a2ba3e10dd1797ec263b2e6befb 14140 javascript optional 
nodejs_12.13.1~dfsg-1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQJGBAEBCgAwFiEEA8Tnq7iA9SQwbkgVZhHAXt0583QFAl3T//MSHGthcG91ZXJA
bWVsaXgub3JnAAoJEGYRwF7dOfN0zzMP/288qoQib6EoH61tERZxBLic3evUeAir
eHJejPTImA96AljGwcM5kyhRJWjQaT1I2vry3ecCiB3JGf+rYCb05fPw7vX677ks
SuUwRIaid1bb8f+CW0fSYon+qK/G8SoxVC0gx8SVsBcA5S12PVdaLUsDHo4a+gkg
ZfRhEw4DlZTWDGobrLX+QETgKbxwEfQ5efQKp2Ixb7bV2PJfpb+hBZV/o3qyYKIn
Vblp283gl5Ue9z6irEtNmk3PDse1JrGtvlu1ORAunQehyJ5aOKcLVDkHzdlVi8yy
wb30QTmfywE6muVqe9j8VFJYR31N7+uQJoxyp8AQvrVvuoPMVVlTW3EYIo5SeNtR
V5U7zKItj9ZF0Bi7u5JMwrPivECH1IQSFo8CY2Ktlkx1cdFZz2Vwa6qzy0ZvLQYg
ScyiMELpIp6f/7cyWutYNBZBJ3u/XuivOKjv6cHhK1IOop0WRSYV1lkGaR3ool8D
7nSYLb7ntj9buFTuQt1zKfIYqDkR4AtO5OT+cFx5Zs35rBlDwWefw9kbg22Pdadn
1qmvS01Fra60VwWw1hKy17rMY3zYVADv6jpAMdlkWfjqOc3i43pT9yK67kCQg+iz
izrdl1GJQLm3Jq9fnZEhjMM+m0G3+NC96XT+c+jDojv8mMQl6V2n6c0updvvaJtr
vB+zppj5wzvu
=SY/2
-END PGP SIGNATURE-

Re: Présentation de Debian au Capitole du libre

[Jérémy Lal]

https://i.stack.imgur.com/nLXu9.jpg
mais j'ai pas trouvé le source

Le sam. 2 nov. 2019 à 18:43, Xavier  a écrit :

>
>
> Le 02/11/2019 à 18:15, Baptiste Jammet a écrit :
> > Bonjour,
> >
> >> + Les rayons ne font pas tous l'objet du même soutien: l'étage "main"
> >> est soutenu, celui "backports" aussi, "contrib" et "non-free" non
> > Sauf erreur, contrib fait partie de Debian (mais dépend de non-free).
>
> Bonjour,
>
> non, à ma connaissance, seul "main" fait partie de Debian
>
> > Seul non-free n'est pas "soutenu".
> > Et les backports sont pris en charge par l'équipe backports.
>
> Non plus, les backports sont maintenus par les mainteneurs de paquets
>
> > Baptiste
> > (non inscrit à d-d-f)
> >
>
>

Accepted nodejs 12.13.0~dfsg-1 (source) into experimental

[Jérémy Lal]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Fri, 01 Nov 2019 11:19:03 +0100
Source: nodejs
Architecture: source
Version: 12.13.0~dfsg-1
Distribution: experimental
Urgency: medium
Maintainer: Debian Javascript Maintainers 

Changed-By: Jérémy Lal 
Changes:
 nodejs (12.13.0~dfsg-1) experimental; urgency=medium
 .
   * New upstream version 12.13.0~dfsg
   * Link to atomic using a patch, LDFLAGS is not enough
   * Need libuv1-dev >= 1.32.0
   * Do not run parallel jobs at all (consumes too much memory,
 and may make some tests fail).
   * Use shared libhttp-parser (>= 2.9.2) again
   * copyright: update paths
   * Standards-Version 4.4.1
   * Ignore source-is-missing for long lines
Checksums-Sha1:
 09f2187a27de9238c7b51fc4cd1fef5198c0448b 3093 nodejs_12.13.0~dfsg-1.dsc
 20c999ca4112a8c43953cef8e753b03d8020c5f3 18641528 
nodejs_12.13.0~dfsg.orig.tar.xz
 dc576cc3a4ffe5cc5b2dbf07c64d7b792b43a52d 96684 
nodejs_12.13.0~dfsg-1.debian.tar.xz
 9733fa48d749d4f660d854d3cfc86bafc72ad1ec 14161 
nodejs_12.13.0~dfsg-1_source.buildinfo
Checksums-Sha256:
 42f481cb4270fcf55ccd326da3668f879fb80099baf42bbe22ee1e31353fc111 3093 
nodejs_12.13.0~dfsg-1.dsc
 48ece4b7a3a3ce69a5e43849af9c060d9a0d1c50d968dc446a177ad36a028ee6 18641528 
nodejs_12.13.0~dfsg.orig.tar.xz
 529c8e88bd2d33527c5ba6f532786afe417f85ee926199851d3b6ae748bfd81e 96684 
nodejs_12.13.0~dfsg-1.debian.tar.xz
 6173c9ac8c99111a3e0184a85c6eb8259dac7636f3d66ecc95a5b9d16f366918 14161 
nodejs_12.13.0~dfsg-1_source.buildinfo
Files:
 475d7858c7a77d05a6263ada981cd0f7 3093 javascript optional 
nodejs_12.13.0~dfsg-1.dsc
 df5f1feff76c41eb3dc9f1b655372ca7 18641528 javascript optional 
nodejs_12.13.0~dfsg.orig.tar.xz
 454991209013b7cbd3fbae34c5103742 96684 javascript optional 
nodejs_12.13.0~dfsg-1.debian.tar.xz
 ebc11cd01e9394d892f7548eff315386 14161 javascript optional 
nodejs_12.13.0~dfsg-1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQJGBAEBCgAwFiEEA8Tnq7iA9SQwbkgVZhHAXt0583QFAl28B9YSHGthcG91ZXJA
bWVsaXgub3JnAAoJEGYRwF7dOfN0ANEP/iMTRY4/aU1s3WgY0ck9c7r6FudOAv30
2sK75JKaZsnbZtQDnVLVLJi8slEQ4iDegt3+W9MeLVTsNMRtTbT1RhUjaCmfLwbO
Ar3CXHUgJ1M0Eu2iEbMFqjYolUby0xw4eLEVNuVrOc2c5IwihgFs07afr30oCHfs
mHuyGxQ02WJDdJyhpux0Yn5zJjL9qDVamnEGrxknygucy3pPySsnMoN3huFblSgd
kUL4ruQCarnyHAdsgoqcXTlungVsbGTwygnoZOhyRobX/kkIENTaTuLxiVsb3TZB
lxQB9HM2io1QsTHQTs+Rgms11V6X+32KUHdNRRWaU3XEEzCrCBMTaAJrWJ1nkcQJ
FhTTI7tP4/3x/2r/55k8sKUNb2rcvHQLGIJrTOaqi6JiPAfumQ3f3cTVf0sC1d8A
N2Z5eEinencyErUZUq0E6GP8KZ0fKv2O2HEGBUdzBpIiv+wkZhURI9Z6vh9/410P
fy90wY1w8qjZZfUxvDHgpxe/+9+WYy9RBdgU8+fI+bPbqEl/MgQj41/Pv04OoBVm
6Veoy7cLaum2rg35DC92mVvSMiYwUMca23pi9mWUUpi4gGohb8Kn3soQ+1kti3YV
E6MsUjPPFVcxK2Tcpvt4qT1LTjH/EEHB7mesy0obtQIMLfFYJxVQQbfKCrT0PGz0
0sdcnyyG/O6k
=D/Ee
-END PGP SIGNATURE-

Accepted nodejs 10.17.0~dfsg-2 (source) into unstable

[Jérémy Lal]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Fri, 25 Oct 2019 11:09:09 +0200
Source: nodejs
Architecture: source
Version: 10.17.0~dfsg-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Javascript Maintainers 

Changed-By: Jérémy Lal 
Changes:
 nodejs (10.17.0~dfsg-2) unstable; urgency=medium
 .
   * Link to atomic using a patch, LDFLAGS is not enough
 This is at least needed on mipsel.
Checksums-Sha1:
 bb7deff6dd0153bfb3875993d37de49750a8a3f7 3062 nodejs_10.17.0~dfsg-2.dsc
 48d3eacc3579273509f90071e04ccecf976f111f 93488 
nodejs_10.17.0~dfsg-2.debian.tar.xz
 a1a09c4e4172b36e80775f9b4f7af4d9179bf511 14185 
nodejs_10.17.0~dfsg-2_source.buildinfo
Checksums-Sha256:
 959016117a521a6b351d409cd40189a0e8f0743f81717fdf2409fa42d954ae6b 3062 
nodejs_10.17.0~dfsg-2.dsc
 9334cbeefe4f6cfa9f9c023f302dbe9d02d0ae33f6bf005774bbb8d6d82fa45b 93488 
nodejs_10.17.0~dfsg-2.debian.tar.xz
 f05cb5975618ce17608e298067e3ca0c8afd4f9df3fcb6e68532452d07704ffb 14185 
nodejs_10.17.0~dfsg-2_source.buildinfo
Files:
 08b27a41cdec3a9dfd8b02f4b4f953a5 3062 javascript optional 
nodejs_10.17.0~dfsg-2.dsc
 530a3e11ad84af700f170c7f1b32d58f 93488 javascript optional 
nodejs_10.17.0~dfsg-2.debian.tar.xz
 5841ef8dc042581cc50cf2040af6921e 14185 javascript optional 
nodejs_10.17.0~dfsg-2_source.buildinfo

-BEGIN PGP SIGNATURE-

iQJGBAEBCgAwFiEEA8Tnq7iA9SQwbkgVZhHAXt0583QFAl2yu9kSHGthcG91ZXJA
bWVsaXgub3JnAAoJEGYRwF7dOfN0U48QALq6FTPYMUAX5LSLYeFzfKlD8u9Ul+gs
Ao4kGfjVawA2SjIJZjRr9m4/Q3HrPy9pMjL5+6FPe305ZgABxauijJ1hH/sVq156
31O8ILVxuCbXQuy9hXsZPaYauauC9nZfIh5ajgbyhsEdXHpKudXIfXWDYQ1qiZLZ
yPOCCppJc65YBg6qAxw1FkGO+9+w1+Ay+tB7h/LBIFoLBI0q7g9Ra9x384siXJ+o
tCmZIA5cWJ+8lKOhMuLJB9Bm7HQOEwlkk36FXIvwtbJulsQ0hpPxV8KYcNnOFel2
iQC9bkm1g7T3uyAjbewGlAOge1Iwck1ArI7hDhsTVrFkxJvjiSB5YobaHWtQUHTh
hPzJXdoEDNqLc1KHlWHgu9+CUsh5pwkTb0GRDdfMnE0okkh6bui4qlGood+Vd4bC
DNrDUUVCfSvVAYYv14RtDtBXURwrmFC8fGTaXPGL14kmUV2my3F1stnRSZ8sMo+M
M51LPzxgQlYBwpHGX9RwqL5JeEcupvrW00Km8wm0HlEd3zzr58OmfjsEX9EAeRBa
CJgel/3nk/gimyOxWHQl0V3WlWhx6bTyIIm2KDWnrKHxrZjoCPYNu9dBvinHOs4s
QiGMjhIi/XF2yQQsgagzZjDedetNOvcxrFfHJNpzdkPXDEanoGuS71pAXwgcuE6i
shChrgvv/yL7
=Rb+k
-END PGP SIGNATURE-

Accepted nodejs 10.17.0~dfsg-1 (source) into unstable

[Jérémy Lal]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Wed, 23 Oct 2019 17:53:03 +0200
Source: nodejs
Architecture: source
Version: 10.17.0~dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Javascript Maintainers 

Changed-By: Jérémy Lal 
Changes:
 nodejs (10.17.0~dfsg-1) unstable; urgency=medium
 .
   * New upstream version 10.17.0~dfsg
Checksums-Sha1:
 ec988b5b909ff65016259dc973d950373d97987f 3062 nodejs_10.17.0~dfsg-1.dsc
 33bc8956428a42a9fb4ae979d7ec51dc1cdf2e3a 17066420 
nodejs_10.17.0~dfsg.orig.tar.xz
 90f7868e4c45500d08db7c5c9e9b6103c95a3fb2 93320 
nodejs_10.17.0~dfsg-1.debian.tar.xz
 1a38a6e130c98641d939a235267114afcfc9f5ea 14164 
nodejs_10.17.0~dfsg-1_source.buildinfo
Checksums-Sha256:
 f6dacdf961357914979dbe78d878234ad1c25a6daa425fdb7af42f1886f46962 3062 
nodejs_10.17.0~dfsg-1.dsc
 34e06596aa2d655c7adfe63d95781682200897fc47fcfce070d9d05659d43922 17066420 
nodejs_10.17.0~dfsg.orig.tar.xz
 1fd06fbc1ccc087fb696d7372b85c1a6018f037911878da488f7abb06839 93320 
nodejs_10.17.0~dfsg-1.debian.tar.xz
 c4b0529c3fcdfe645045c46c88d265ea607e489d4269869ab48be6383d5a2726 14164 
nodejs_10.17.0~dfsg-1_source.buildinfo
Files:
 4b557401c0698e0ef85a50192c6afea9 3062 javascript optional 
nodejs_10.17.0~dfsg-1.dsc
 9a196a7b2f8d9362620568ac98d2be51 17066420 javascript optional 
nodejs_10.17.0~dfsg.orig.tar.xz
 1622cbee8c26e822274fe215ff749f91 93320 javascript optional 
nodejs_10.17.0~dfsg-1.debian.tar.xz
 cd8f61b6e408b71967af0ba77e4c72d1 14164 javascript optional 
nodejs_10.17.0~dfsg-1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQJGBAEBCgAwFiEEA8Tnq7iA9SQwbkgVZhHAXt0583QFAl2wd+ASHGthcG91ZXJA
bWVsaXgub3JnAAoJEGYRwF7dOfN00gIP/04THR49lFom2ysO5IeeM8hqC2DqvIea
ey4a/ME2vfPOzz++wvJKNBJ1MBkLEd0shzi93DmJKY1oMVfT79mlZFaJDHKqMD7w
64uYiZIgUk3HlBpaGLo+xAhErrJNgO8tZYy3zpFu0viijUekv+KVAGXNtyPQQ25J
iX7MfIqo0U2lEqbxmQD/thBfuyCwkccMB2ieuNgCOiqIwS3xjriWefjANWnl2krp
fk4aCJ9wMDZIlnmYCk8/yyULAxCg5BbpjDyfCBL6STycn6cgbszovRAgWO56zzLd
4FBiO7a5BhEf2rXWfbwFjsa2t5oQQTyG9yJeEvy2j1hxgBDqDePd7B0NKFMrIKE8
byUiEyFJabVfF9S/38fQiq+qsFq0SXkCsCUDbUhP1hI6KYjdu07AR1vd8Hp5hJB6
fzvZV/pLHi6cbUqbIjCPsv1mSe+4Kk+udVgDty5ttjKHOJxwY6l0H1au8jm3iK3u
2W9dYoul9cUVJG0Q3BF6BIsawVZ/d15hCGNlyPnRcRcm1s9Sev13F3SUgSz2SgJ1
3DFRW28U/RmIxzvTtyxFvQPhyk5ke5NtQadl3acDMJ/wSCyVbysl76xmkrdUy57e
1fItrovuL9Vl1Rm/02lrmWT96lMH1m3fZoN6uXv09QiqpQmU3O2NJmEe5M4K7cCV
HSfW8+uFYbSM
=woTz
-END PGP SIGNATURE-

Accepted node-gyp 6.0.0-2 (source) into unstable

[Jérémy Lal]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Mon, 21 Oct 2019 22:43:07 +0200
Source: node-gyp
Architecture: source
Version: 6.0.0-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Javascript Maintainers 

Changed-By: Jérémy Lal 
Changes:
 node-gyp (6.0.0-2) unstable; urgency=medium
 .
   * Patch to use python 2 as default
 Because gyp debian package does not support python 3 yet.
Checksums-Sha1:
 99522575a1bae17b83172ba7dffabe5de361b1a6 2065 node-gyp_6.0.0-2.dsc
 89794091fa434713751dee18729f67257ee7b67d 6944 node-gyp_6.0.0-2.debian.tar.xz
 f966d8ef4ba4286fece0a5965d31372f681d119b 6476 node-gyp_6.0.0-2_source.buildinfo
Checksums-Sha256:
 a938514064e5680457110addbc9f3e3746b61606de525f883b3df7d14e25181b 2065 
node-gyp_6.0.0-2.dsc
 248a82bc6c09b31cc87c168769195c355302b87b7a59aee5c34e24ddf134217c 6944 
node-gyp_6.0.0-2.debian.tar.xz
 b72433617eddb5dd01e324f40c69f5cea73b67acdae6c75458a8b87f2c6e055a 6476 
node-gyp_6.0.0-2_source.buildinfo
Files:
 f08ef55a4ca3bfd72f55619c34309a9a 2065 javascript optional node-gyp_6.0.0-2.dsc
 db7fd09e0a6c49d6f9fa991eafede8b0 6944 javascript optional 
node-gyp_6.0.0-2.debian.tar.xz
 739afe2b89c9f0d32ac36ec6acf6a3de 6476 javascript optional 
node-gyp_6.0.0-2_source.buildinfo

-BEGIN PGP SIGNATURE-

iQJGBAEBCgAwFiEEA8Tnq7iA9SQwbkgVZhHAXt0583QFAl2uIEkSHGthcG91ZXJA
bWVsaXgub3JnAAoJEGYRwF7dOfN0vtIP/AmVioxcLKr8fnwraUulpju68/vHKNSH
+XA4k5qVKNFbETNgPc88mfn2uZWmeM9kW21nTGncnoaptfVYO9M9tTR6pW8UuTMN
fToV8ov1hKLyC04FowhTo/i7CY3IwY8AbpHj+DNBya9pviQd4r3Hmmj6xXXeYtbO
yriT/skTWeDljxr+RTcCOj1+1Uz3mvHE0TcC8cOWxt/ejElMgWmgH/fhuM6be0dI
3vi/mBt2p98XDFSZ0J2ciSPQiU9MMf0x2QWnFl+SQ80aXmNVFENZfeYcZP/kKVUO
ANDk5WprLVA3QEfWUnOzajnlzocehgHT1BuXiA231JyMapfizbpAAutHHymzv89B
8F9LNAtaZ5+IdM/nVn6Hgg11xuhbP13RTwSYrnQMH1zIefesMOBj8GmeUiLqoqNa
fJTCls6LEdmubWKuCqqR5WllTC6Rh01e6pZpf5wIgALPdoVUHH00JBR9UKnqs1Lz
7mU6kO4/RMYbsoskGKwPzz4SmiSjRq85eFdVcDahSCcH7VPeTNznyFqRHGAekWvG
LzAHLHfJoo+sDGAN8ORUVhb9eM116K1gwTwdtIWPBsSCfwxWZXdexMY8CK/FmkHj
TjvG6jdrOJuEGy2wD8FF0Iv7IFvKHr9nrZ5zoI/rTPcGfZXjX8liqeLeejMbMdZb
WUEsvcBNlwq8
=66aE
-END PGP SIGNATURE-

Accepted node-gyp 6.0.0-1 (source) into unstable

[Jérémy Lal]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Mon, 21 Oct 2019 15:38:07 +0200
Source: node-gyp
Architecture: source
Version: 6.0.0-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Javascript Maintainers 

Changed-By: Jérémy Lal 
Closes: 932797
Changes:
 node-gyp (6.0.0-1) unstable; urgency=medium
 .
   * New upstream version 6.0.0
   * Install in /usr/share/nodejs (Closes: #932797).
   * Drop tar 3 patch
   * test using tap instead of tape
   * Patch to not depend on unavailable env-paths
   * Patch to disable test not working during debian build
Checksums-Sha1:
 be575bd4cd7067f87622609dea89c544d6943ba3 2065 node-gyp_6.0.0-1.dsc
 ac872ff4bb47094fed73f260f7bbc9197de26868 415727 node-gyp_6.0.0.orig.tar.gz
 d80f854864d536b774849e746eb835c7340ce680 6672 node-gyp_6.0.0-1.debian.tar.xz
 e3ed40dd18bc1d27665878c6fc2ac3cf75490ee9 6480 node-gyp_6.0.0-1_source.buildinfo
Checksums-Sha256:
 419545b7e907c526bc3d435a11cd5566fdabc43712c7cc3547d45351579a4677 2065 
node-gyp_6.0.0-1.dsc
 87a41fc7b8705e17d3e8361c18239aae5736883a6483b3f90c8fe2a4d1d8da51 415727 
node-gyp_6.0.0.orig.tar.gz
 6458a27850d7eee4202de42ca2c151b2ce2cfcec90aa904236b55a48939e1cef 6672 
node-gyp_6.0.0-1.debian.tar.xz
 4fce1645e19882a662d6adb04843d79b71ebc0f1192a707c28d0cb436030a102 6480 
node-gyp_6.0.0-1_source.buildinfo
Files:
 49c1637f8d9ed11214682864c8f3d49a 2065 javascript optional node-gyp_6.0.0-1.dsc
 abba43a445197d099c9fbca0c7b281d3 415727 javascript optional 
node-gyp_6.0.0.orig.tar.gz
 7b7621d2ae57814033c4d02cab072169 6672 javascript optional 
node-gyp_6.0.0-1.debian.tar.xz
 47db7e94e1aff9515671a85bb5cc5251 6480 javascript optional 
node-gyp_6.0.0-1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQJGBAEBCgAwFiEEA8Tnq7iA9SQwbkgVZhHAXt0583QFAl2tta8SHGthcG91ZXJA
bWVsaXgub3JnAAoJEGYRwF7dOfN0GUMP/0P6KpH6MJkSDXp2KWfxL8YeQzoUTX4U
5zL/uUiRaqUixyThXTtTd/9RyrfbMaEQTQUS2UKj27N1ip1vSGRrY8JOdaBQ/H4Q
jRpq6LiqkaZJ+gfCnPYN6MMAICvGJWb5/Fa/9w5lIkKzTdIa8INMuED+wCImX0+M
UfvjSatEF6U2MynQD32Ho9jWazNBVthS4D6sMBnB9VsH98RfFcMjxTyCTZ/uLaQb
zyFPQaPPQy9eKAlMJrw8+DOcE0d5rACZG9LwdbUM1mvNj9kRpgLpg1DqQmuGSwMK
AHB8qGAQeSnvDTb1sbXWAMj+RqRHsUXtPjqlJnY34zeitE/jJs01PHQEROR4gZOt
rMC8mNAaPTwKbcE358tnldKTgPkf3qJPFvexAm39JlWM2IbdHu0+9IpXaDO3IXnD
vCXHMls4IdDI+s7FhvlaUPzZuDbasoXnviGSQ9kbYrXndIcY4+1TrgmdcsTUiXLF
4x+fcP1hpPHkwV4qEItILUcjF8HpVJSY7tCgd4M90jz0iQ7O2l7GOMLhmRwXCUv3
YiIaV6s4kOXIRzKfmWXjzxFAvF/kkRY+QxuujqEkhCuXOcQ7lvmv5iMUamH5mD/0
68Tc5zsv2HRb3Y+4+tvc4g6gstThOMlUmpHm6asHf9OKoBXt9M5o/+eOX9wGRRzG
Iqct+GEzpthu
=x0Ur
-END PGP SIGNATURE-

Accepted gpaste 3.34.1-1 (source) into unstable

[Jérémy Lal]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Thu, 10 Oct 2019 19:22:20 +0200
Source: gpaste
Architecture: source
Version: 3.34.1-1
Distribution: unstable
Urgency: medium
Maintainer: Jérémy Lal 
Changed-By: Jérémy Lal 
Closes: 941729
Changes:
 gpaste (3.34.1-1) unstable; urgency=medium
 .
   [ Jérémy Lal ]
   * New upstream version 3.34.1 (Closes: #941729)
 .
   [ Jeremy Bicha ]
   * Set $XDG_RUNTIME_DIR to clean up some build log noise
Checksums-Sha1:
 2641d58e311f5de9e7af325d29b6b0c4fcc3ff4a 2617 gpaste_3.34.1-1.dsc
 22f9f00a60b043d8dfe3576cee123618767d3c31 184922 gpaste_3.34.1.orig.tar.gz
 fcf42010a7d4c466680ba2fa2c0e05c8deccc81c 7300 gpaste_3.34.1-1.debian.tar.xz
 a0213727e5ea98d78790df403b1c035c33bf1b36 18410 gpaste_3.34.1-1_source.buildinfo
Checksums-Sha256:
 21387fb57c0ccbb0b27d412118d8c3a74bd631cf70942e6b987d8a8a19e5522a 2617 
gpaste_3.34.1-1.dsc
 ba2dbdaecd1dd04c95b44c87078c104d266bfa264b926669cfd2f9684f0e0aef 184922 
gpaste_3.34.1.orig.tar.gz
 2344b5a7eef04387c42a3037095060e426928c1ced31216c795518799fe51f53 7300 
gpaste_3.34.1-1.debian.tar.xz
 9bcc5bc993e4670b4d498229d494b49d308456ac81807e61416a9d24efe1709c 18410 
gpaste_3.34.1-1_source.buildinfo
Files:
 9049f4c6a6c2b1a8678b922516ee924a 2617 gnome optional gpaste_3.34.1-1.dsc
 6c778717fd4577e53b4efccf7bca857c 184922 gnome optional 
gpaste_3.34.1.orig.tar.gz
 2309bbc1c1a85c6c7d17c44735d15695 7300 gnome optional 
gpaste_3.34.1-1.debian.tar.xz
 0c367326d5888963ce634d5c0b7b8250 18410 gnome optional 
gpaste_3.34.1-1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQJGBAEBCgAwFiEEA8Tnq7iA9SQwbkgVZhHAXt0583QFAl2faPYSHGthcG91ZXJA
bWVsaXgub3JnAAoJEGYRwF7dOfN0hlYP/1nT0jeMHkQ4dyMTvYDT7Uu8Ls0CXd9t
xHyklKWw2uSvMWG406xiIQbYR+gA6+JDC2ZqMFpqbsZqIFpdVR3SOO+lbM3av2NL
NGU8L39AJC34q5KvZTiENsc85/6ZIkyoLVxxfo7ZNOF5D32D3clMnXsNyhOCTxSB
RyRg4DGvQjlL6oEVqGhc/lOis9uYXukgKLZLGLhhGQjC4HVElmueIUYBOSeZE6Zw
KPsO1H7UDLUs+xBlFfPDNTzpqM7dLMVVlC1DROxxN1JfXEQjG9OvcwIqwoP9Jvda
slsMhQdL/yM1RF+EhCYlMwyUopMv/iK5Ai7bx2LGYutjbIqZGaKmf0EAAb6kZtQS
zcR0w9aSjBevjMp30ygxtbxS/lHNZoUowU2PzkNYfJc2xYDhY+BNM2MwFniKpLTP
8gCFjAwxWpscsUkyUYASN+7TJgRt+jeJDB1agY6SgFWjMhyjb63w2N3LtyP1FAxR
R0Ljv59fZ4PRCdf8vbcoUsALujkNmvHL00s8qkyUK4y31u3GrAih/O18+tTNAMzt
Mob/Ada+NX9/i6psFi0BzZ2sfm2AFsasUU/y+7+X3EFGEbmwf3a3IvOJHeLCAfOu
pnu76586qm+bkQsqX8870bYv1iDx3abmfM2BlQGA4fHtpoMLgZHm0vRo4eRvU3XZ
xJ83WtMsqlPH
=ig9I
-END PGP SIGNATURE-

Accepted nodejs 12.10.0~dfsg-2 (source) into experimental

[Jérémy Lal]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Mon, 16 Sep 2019 12:28:37 +0200
Source: nodejs
Architecture: source
Version: 12.10.0~dfsg-2
Distribution: experimental
Urgency: medium
Maintainer: Debian Javascript Maintainers 

Changed-By: Jérémy Lal 
Changes:
 nodejs (12.10.0~dfsg-2) experimental; urgency=medium
 .
   * test: test-npm-version fails because npm not bundled
   * ppc64 not supported: https://github.com/nodejs/node/issues/29534
Checksums-Sha1:
 67952956f53ff8cbcf01528e792f75980301ab05 3061 nodejs_12.10.0~dfsg-2.dsc
 62144825c18bd62b2843807c8b7ea742eec76ea4 96320 
nodejs_12.10.0~dfsg-2.debian.tar.xz
 b17300ed8a5194506c6136a945922b8e4f75a121 8222 
nodejs_12.10.0~dfsg-2_source.buildinfo
Checksums-Sha256:
 94646993801f5b67ba6795095bb8119e14a901816e73db51ce8628a3973fbd1f 3061 
nodejs_12.10.0~dfsg-2.dsc
 1f7fcd9a19af750aaa254b9018ccf93368a5e7c26525871817cf9772bc1ae565 96320 
nodejs_12.10.0~dfsg-2.debian.tar.xz
 3229564e9eaff217283c5eb7331c255c3b397e4fe414187793dab96ffeb08de9 8222 
nodejs_12.10.0~dfsg-2_source.buildinfo
Files:
 760e12707c764300e14723684ff94cac 3061 javascript optional 
nodejs_12.10.0~dfsg-2.dsc
 d5a6feafe52cf177dab8c39b2595580f 96320 javascript optional 
nodejs_12.10.0~dfsg-2.debian.tar.xz
 e67e5f939ff72efe18d43a5b2f4816b1 8222 javascript optional 
nodejs_12.10.0~dfsg-2_source.buildinfo

-BEGIN PGP SIGNATURE-

iQJGBAEBCgAwFiEEA8Tnq7iA9SQwbkgVZhHAXt0583QFAl1/ZPYSHGthcG91ZXJA
bWVsaXgub3JnAAoJEGYRwF7dOfN0bgsQAKV6ws+h7tLHaV28W81ywpYBBm0T5oyt
xuLhQvrYgj0+JP8ezbwRtRu9B7MWakkVcICWhAzMFxbWtSmMaF1bBbAYvzyEeLlF
Bb6kz+UNYxQAVnWBuqpCs3F4Wkxl7rFsO90U/V1xDHk7Da+pOzzQ3DQIbmCNKE4K
34wvM0nTWicUwMKQm4PPzjFWNhCOg2KWI82+K6IlaTxLTXgdbqJNw5qAw8C/siPg
DTfy9q2aQ3YOaY/6JgNU9GgXGacpoRsurqPE4Nj17OKbbKdXfj4OVNGZrDqgoJYf
izy17B9eCEut2S0jlQ2QvkqKLedc+bFCdhb/z7+ghBGnckIyVVHpXxv4gYCEyoAo
QAgOIWbdArWr74pGnXpkcl1PV9QSWsvGUyYoL59GitLOgeEbdnczYY3WsFsv48e5
0p9YM2XL25/6WZ5D0Hoy8LVV0dp1FfXgO/SSnnp9Q6+048ErudAll0POh4QMhpwN
ndx3bK38Lu+L5LVxmVT+W+sSvAqbN6yUzGoE7z6RZh19/7OGvGSLgTz7Pg6dtYXx
fD+SM9M7r0PUyKZ6yXnXO4o8QdRtmVIIQSBPXCzqCeMRY2nihJv+Lao/km24eqUI
0yfcNOFZcSp2oRYAdYXfwmnuGGt0qQZE8qPml/4bWr4RLR2+i2RgaTgZVTm+yHUS
MhXlVNR9sbRW
=m4iw
-END PGP SIGNATURE-

Accepted gpaste 3.34.0-1 (source) into experimental

[Jérémy Lal]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Thu, 12 Sep 2019 01:17:03 +0200
Source: gpaste
Architecture: source
Version: 3.34.0-1
Distribution: experimental
Urgency: medium
Maintainer: Jérémy Lal 
Changed-By: Jérémy Lal 
Changes:
 gpaste (3.34.0-1) experimental; urgency=medium
 .
   * New upstream version 3.34.0
   * Update symbols file
   * Build-Depends libmutter-5-dev
Checksums-Sha1:
 2285b08cebdbfa440d1178a05708249b7d2dc8a9 2617 gpaste_3.34.0-1.dsc
 2ec8ad7762dcd8b1338e71f52420e195b9ae6d00 181686 gpaste_3.34.0.orig.tar.gz
 5ba6c6ac7da1612faa9c0e79f69cde5f93e90a08 7160 gpaste_3.34.0-1.debian.tar.xz
 1db246f31dd9feb2d831a6983b9e15e667c6a1a2 18194 gpaste_3.34.0-1_source.buildinfo
Checksums-Sha256:
 77c29800603b32c26801356e55ee0f587b05deca4afd0f5cf863a9e4c041de40 2617 
gpaste_3.34.0-1.dsc
 532c4921b1643d748bb1c9d7acf8167d1ab5b1c8226ed0888fee752ba4260ce9 181686 
gpaste_3.34.0.orig.tar.gz
 bbbdf34c8150c2a77fa3dbeb6438c800ffb699a2cb713b34eb37dfe8600a733f 7160 
gpaste_3.34.0-1.debian.tar.xz
 7349b669e05eaa1c157885d1ca235796b49a4f43cd2354ca329e6ba6b5975a93 18194 
gpaste_3.34.0-1_source.buildinfo
Files:
 eca548ad88695a261255c5d7b042604c 2617 gnome optional gpaste_3.34.0-1.dsc
 c46cefa082ac29e12c788cef3f0a5229 181686 gnome optional 
gpaste_3.34.0.orig.tar.gz
 5e3de746dd08bff5490a0b8c7829e076 7160 gnome optional 
gpaste_3.34.0-1.debian.tar.xz
 dda55ddec922375f4cabddd5c5b5e0eb 18194 gnome optional 
gpaste_3.34.0-1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQJGBAEBCgAwFiEEA8Tnq7iA9SQwbkgVZhHAXt0583QFAl17SwMSHGthcG91ZXJA
bWVsaXgub3JnAAoJEGYRwF7dOfN0WLkQALjT4bQowFVFual/dLeGks9NRgUPb07G
rRl/IbafWeyORmZjPAqxUo/YZcH4vVOXgOALd8i6t5H62H5jbNh/oA/mKtid932B
t62byVTSSR4KulB7rKmmL/Do3wNAaKA8nbkCN//iCxRTJZ1ScE7ZcRz1phcI7Ofn
ucy+wstphaxU6zxHwTQLRZS69rihymshwh/OfQx4VqHnDAsR2rJEo75VH6P+laJe
63TYfaJK5hACs9bk9iV+YSdrLdNjvve/AgBczsgQn1gAhrh6Kx3HSlHlsHmKvQSo
PF+5ISm7SnvI71r0yQ5VmcUcnGQHhukGz+4mO/+1//QglIVtlTY6I6cJlKw5ioyk
pcFAhPc34gU2DrHzodSEVFZEACu4AnncRZB1NqBHG2zDu6sJjlYpUF1xdn5U2up9
J7b+NoIPLZ0R6Gaz9uCj0qlNglNktd4XJdK1jkw9iPlzUdub3atySv0NwQeLBZLi
rmwF6QjRhrjZ3j8b75XbUWxJlPk0CCsr5Chk8ohDbAtCdGp3T5S7wVF9QpUbs5TP
Yhxt7vN7FgKcdKEa4iXyu3xLak2/WsSlAr6EL6SgHg1Ru8WQkvpOiWIIjS3GjkOt
Go6AVbObuwctwr8Ni44tQgqDmUMEi55470nTwUbyDujTmMS/rxkhvsY7QlUFB0Ww
nSmOz1TZ1ai6
=QTMN
-END PGP SIGNATURE-

Accepted nodejs 12.10.0~dfsg-1 (source) into experimental

[Jérémy Lal]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Thu, 12 Sep 2019 01:15:23 +0200
Source: nodejs
Architecture: source
Version: 12.10.0~dfsg-1
Distribution: experimental
Urgency: medium
Maintainer: Debian Javascript Maintainers 

Changed-By: Jérémy Lal 
Closes: 934240 939001
Changes:
 nodejs (12.10.0~dfsg-1) experimental; urgency=medium
 .
   * New upstream version 12.10.0~dfsg
   * Tighten b-d pkg-js-tools (Closes: #934240)
   * Use nodepath to setup links to acorn properly
   * README: match current modules search paths (Closes:#939001)
   * copyright:
 + add rimraf paragraph
 + couple new files in v8
   * Revert upstream commit to stay compatible with uv 1.30
Checksums-Sha1:
 545a9e2664e9903237d33b513015fab73b80f142 3083 nodejs_12.10.0~dfsg-1.dsc
 3db85e96bf9110eb38664b90960f0f704ac69aec 18509016 
nodejs_12.10.0~dfsg.orig.tar.xz
 2158e5525fed63de5d00e5b903aa9b26b271af60 96304 
nodejs_12.10.0~dfsg-1.debian.tar.xz
 f4ea76c7cb3ff73384dbe9fbd76d94222aad6222 8168 
nodejs_12.10.0~dfsg-1_source.buildinfo
Checksums-Sha256:
 a4d5afcb1ed761694819b71f91997ea9e1852008cbd9c291dc6247ca4fda43f8 3083 
nodejs_12.10.0~dfsg-1.dsc
 917788ecf7e109a48327d62761e560b084f587e4f84ebd4b95b97bd2396698c5 18509016 
nodejs_12.10.0~dfsg.orig.tar.xz
 dc22e20855e9c1697be3ab5dfcdd8342069d67199658be0aaf43635dc06a8f4a 96304 
nodejs_12.10.0~dfsg-1.debian.tar.xz
 ea4e58a65340974e231944501d3827e1a277eb8becc6286fa608ac72d78fb3ec 8168 
nodejs_12.10.0~dfsg-1_source.buildinfo
Files:
 f457053169ce0c9ba5c4d9c18eb26161 3083 javascript optional 
nodejs_12.10.0~dfsg-1.dsc
 7db08f0261e06c97e8736a3c642cbec4 18509016 javascript optional 
nodejs_12.10.0~dfsg.orig.tar.xz
 7f13533906b6df8eff577cb9fcb885fb 96304 javascript optional 
nodejs_12.10.0~dfsg-1.debian.tar.xz
 c5a18eddbe943efc31a210f49daf1107 8168 javascript optional 
nodejs_12.10.0~dfsg-1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQJGBAEBCgAwFiEEA8Tnq7iA9SQwbkgVZhHAXt0583QFAl15gJsSHGthcG91ZXJA
bWVsaXgub3JnAAoJEGYRwF7dOfN0vMsQAIj8YPGbJupxcYL+WMoGQEuHHDjCLYlz
7MNwtWp91k7Ebe3O34L7SKmYllH8Qx9RmGp0lm17R4lu55sjOq6KXSjEunT4jOwW
aTvolqhMsGlEF9JclvhF9SdyxS4fRt7Jax25ce1sd3Uv+5FQb6CxR7V0+x/u8P2f
OP+2sFCLc9noZrM0Ot/9TDJWSmOKtMwLH0JcNVSKSNsedkc/W7PpOGew1vI8+nGT
9iX7jNjaax7lrDyziSWhHYH/pG36+J+U1/GQPCPXt/9C5fsS186xAZpsrUhRmKXN
M488NqjcWeINMBBVtoTB8WnSduQOxIxeHm2cV5boL9Kt2GOWqnLmT5D+xsOcPekS
p2DK+c+JzhyuhBcGZFaqsQJF33NIufmL2m4NI2wMNjeolgpXLK79wyy1aGOHvU74
xWQ3sCtaAAlVsGAHChc+MaONDYYE4O2jjBlT27vNxWFyNQHm0qsoz7FqMfl1kEEa
7XDH9Y+XIUZkANx7RTcxc2xYjw5vZIeSC5NkPx4kjFALEpTYRDg71O9O6iodPELo
lAipMG1Hz/t0VR/IEhJ44bhHEwQ1SZVmZmedAxamMyKaxJdvjjfuBl/Edx8UEk3d
Gg8ihPCrjZAIs0iY3HpubtYOFy8m79Tstg9UYS7ZYF5kwgbVDCsWpONFr4MQ1VBU
Q8BKw2TuPy3j
=VvE6
-END PGP SIGNATURE-

Accepted gpaste 3.32.0-2 (source) into unstable

[Jérémy Lal]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Thu, 12 Sep 2019 00:43:30 +0200
Source: gpaste
Architecture: source
Version: 3.32.0-2
Distribution: unstable
Urgency: medium
Maintainer: Jérémy Lal 
Changed-By: Jérémy Lal 
Changes:
 gpaste (3.32.0-2) unstable; urgency=medium
 .
   * Release to unstable
Checksums-Sha1:
 3d80ade71708cde17f685c37598c65e42b5a59c6 2617 gpaste_3.32.0-2.dsc
 c2392150b5c197d9bdb85c9ff8f0625c0ef0c16b 7132 gpaste_3.32.0-2.debian.tar.xz
 72b7a4856a74f9f31d8fe8f383e15d2014c942db 18194 gpaste_3.32.0-2_source.buildinfo
Checksums-Sha256:
 c45f506b21a14322b450f0a0e66408f27aeb18381335e96c0cfd1f0227bdcf16 2617 
gpaste_3.32.0-2.dsc
 b65dcdb12e03e4db85ae22d44aae2e0dcb98b95559a7e2bfae81aa2764bc 7132 
gpaste_3.32.0-2.debian.tar.xz
 6737b186011b6837f1dcb6a0f22214a4f1700a88f62ea49068e7e81618cfaf87 18194 
gpaste_3.32.0-2_source.buildinfo
Files:
 1e2f0b98af27c3e9531a66a598f781aa 2617 gnome optional gpaste_3.32.0-2.dsc
 3bfa334aa607d64337a8dde6a2aed274 7132 gnome optional 
gpaste_3.32.0-2.debian.tar.xz
 2f00a05e2a2ab1c1284cfae882f7346d 18194 gnome optional 
gpaste_3.32.0-2_source.buildinfo

-BEGIN PGP SIGNATURE-

iQJGBAEBCgAwFiEEA8Tnq7iA9SQwbkgVZhHAXt0583QFAl15eKMSHGthcG91ZXJA
bWVsaXgub3JnAAoJEGYRwF7dOfN0bboP+wTNCUeGDUk3Iw2Fyzme9u1iuTHxqSw5
hsfut6KMg2QGBqm4OxY7nao1GDpZAhM+fJAQI4IIY2OXufE/vk2Gh5VsyzQt6RhJ
BGoEC++gn0xdRD2D8qySp7BVNat/gkA8ht94euUk7cei6ejBxKi55HMlgSXPFvLA
8zCylFSAahRblo06NF0nw6RdKtJiyFLfNYUeQdgunUF/35NzFeOkhCXDIoXdKJiN
Ddcu8boxZrjF2abE1cmT3qzkKltpSlb8ioGKHyB36K6YerCSCCQcRAenU1vM43eO
wXD0wKOesRZRzd6IX7bE4V2YdOFL80UPkah4shwGK7r3TrlhofcA3kRzcK56k4DU
Z0u/H9Q1otze+lwftXdyqjEeDcybqnTgCuba3ktDUsSp9ikU72yUxZfBOw5t9E4f
5UtnGunENYNM/fDDhQOegE3+3Dk+ukoVbITpnVcSoZce4pjb39lYhliw4zV8fACy
YgBy5/Q1nmSiSt5y/vZHtC+INCsrrlvkT8Lgai/1ArVfFwM/ZDAPH4ZwwTvW2QFx
RygG5SPLRudZ6mhTLGcgWrRib1mEX+eC4JIv8FMDSH/3q6IkoEVZRFeFCFZv3k74
7XFUORpFkWHJJeOHj7M+Ahk5zTJzmjADb2FQrOXG+QzEwIs0M2xoeSA3v75LqiXx
EyfZ7J33HWJK
=c4XG
-END PGP SIGNATURE-

Accepted nodejs 10.16.3~dfsg-1 (source) into unstable

[Jérémy Lal]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Wed, 11 Sep 2019 10:39:30 +0200
Source: nodejs
Architecture: source
Version: 10.16.3~dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Javascript Maintainers 

Changed-By: Jérémy Lal 
Closes: 919588 934885 939001
Changes:
 nodejs (10.16.3~dfsg-1) unstable; urgency=medium
 .
   * New upstream version 10.16.3~dfsg (Closes: #934885)
   * Avoid two tests to cause a FTBFS (Closes: #919588)
   * Delete applied ssl 1.1.1 compatibility patches
   * Never run tests in parallel to avoid memory exhaustion
   * README: match current modules search paths (Closes: #939001)
   * Fix make-doc patch, simplify make using NODE_PATH
   * B-D pkg-js-tools
   * Tighten dep on libuv1 version
Checksums-Sha1:
 18dffcf2e4b08b7ac8a319953ec85c5d5d122465 3062 nodejs_10.16.3~dfsg-1.dsc
 eeae907a6f5e3d84e86a68b5f4cd705ead72ed80 17057172 
nodejs_10.16.3~dfsg.orig.tar.xz
 b9552650512dc06845c8e3d8e1eaa6b1b01a0d4a 93220 
nodejs_10.16.3~dfsg-1.debian.tar.xz
 972cfed64c9b4f12d454e5db65bc108367c1314a 8190 
nodejs_10.16.3~dfsg-1_source.buildinfo
Checksums-Sha256:
 092bc85272a4d25e79e888913c1a470f6c230e448b49c74778486a3a56a6cdb9 3062 
nodejs_10.16.3~dfsg-1.dsc
 38358e22e385ef5174e7fdf53d92081f03bf33149675bbe4aff00a22f559bf13 17057172 
nodejs_10.16.3~dfsg.orig.tar.xz
 3b175f7bd7ec8bc6c7f4a9ce9ad1011a45cce68b3ee74af9945d0d79b04a57b1 93220 
nodejs_10.16.3~dfsg-1.debian.tar.xz
 9fed752a7160dafb30a65348b17b62c35d94f5ea217ff34bc956b60736bdae5f 8190 
nodejs_10.16.3~dfsg-1_source.buildinfo
Files:
 97fb19bb03d8101062d846b985e6813e 3062 javascript optional 
nodejs_10.16.3~dfsg-1.dsc
 92bab069c0afeefa7f90cae6bf2261de 17057172 javascript optional 
nodejs_10.16.3~dfsg.orig.tar.xz
 6b8269369d41a092b5e54b3721727c7e 93220 javascript optional 
nodejs_10.16.3~dfsg-1.debian.tar.xz
 d359aff8efdbdb381c566e8c8424f4df 8190 javascript optional 
nodejs_10.16.3~dfsg-1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQJGBAEBCgAwFiEEA8Tnq7iA9SQwbkgVZhHAXt0583QFAl14svESHGthcG91ZXJA
bWVsaXgub3JnAAoJEGYRwF7dOfN0c04P/1HfXMrvpMnJmZihGg70D8ui0xnkumRx
kLDfQk9HJG97tE96LRLuDjbv4rx/+tApKUuaAL5u/4gLda0WXdrx/qI4uTHxS2JU
6nV+ymldwiInjtzDLvzq7PfzIAcHMf1OtpSChkSxM2E3ecpc/ITC/z3CjbIehtng
EUGahDPMhfwC+zwIOMu42nWNazXuVN9E3eC9lI0llEGj9hvFp3dsrRHLdhWysxZp
D0TFoOockwbq4MkmYwcHC3MxW73XP6UqSfYk3scbfvSQMe0rQJAuUwpCH3HnISAC
lnXFbaJaH1TaGSlp8MSpX7Qmn1cAIZS13H6oqvUpJlZqY9MDTsBhfOd/tTBPawAo
gMIAChcIGnE7PUtpQJ2OH8pqQNRWdBQBCh0o34UqfjZXhtceH8VnRKydQSfCV1H7
ycC1JiEP9bhLer6XrVyqKREfQlqz4olvHUxFG6LWwjkMfLtHqA32fB0DzBi4QCfe
zQuzIdbqBlDxkyht3Trc2Vr61ffKj6sZw9P9BW5craysHLXbKMjsxSnGWoqzqKAN
Rt/y/puEYjlmrJCALzH4l1W+71KvYFK/SXlAdSqpwkF9/t6bkwfYZOWLA5drVxA8
wa9lB+4tTxM2XgNfN6kjts683SOedimMzBOh35GhXFD55cnGRDsN29l8Rq1jhyKJ
x/bWGrTpMyPn
=p5TP
-END PGP SIGNATURE-

Accepted nodejs 12.8.0~dfsg-2 (source) into experimental

[Jérémy Lal]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Thu, 08 Aug 2019 14:53:09 +0200
Source: nodejs
Architecture: source
Version: 12.8.0~dfsg-2
Distribution: experimental
Urgency: medium
Maintainer: Debian Javascript Maintainers 

Changed-By: Jérémy Lal 
Closes: 934228
Changes:
 nodejs (12.8.0~dfsg-2) experimental; urgency=medium
 .
   * Fix js-yaml install path using nodepath (Closes: #934228)
   * Update make-doc.patch to avoid fetching remote changelog
Checksums-Sha1:
 1333be9cf9d68f879412fd137b53f0e9525bfd3f 3076 nodejs_12.8.0~dfsg-2.dsc
 9744bc962fa94f7c5a00332c49bf5cdbfbc07dea 94960 
nodejs_12.8.0~dfsg-2.debian.tar.xz
 1e10f41a4b4dc9ae1981ca418e4fc058ab4146e4 7926 
nodejs_12.8.0~dfsg-2_source.buildinfo
Checksums-Sha256:
 6fa417664756f811d2f0885040fee6d6a17f385a7865c02406fb6dc338109697 3076 
nodejs_12.8.0~dfsg-2.dsc
 fe123ce8ba926d749883ce46d4acc605697fb90f3d2f6870eb8dd5da8204b03b 94960 
nodejs_12.8.0~dfsg-2.debian.tar.xz
 016a5eeb5c07d12072010dea458de68636094fab6a38dd88bc380b34e6a558c1 7926 
nodejs_12.8.0~dfsg-2_source.buildinfo
Files:
 8bccc126c8dafe0e0f09f3e4d2b01dc4 3076 javascript optional 
nodejs_12.8.0~dfsg-2.dsc
 e123e3e369e6817f51a486a89e09cfc4 94960 javascript optional 
nodejs_12.8.0~dfsg-2.debian.tar.xz
 a5e2a018cc077fe57f26a133d3db747b 7926 javascript optional 
nodejs_12.8.0~dfsg-2_source.buildinfo

-BEGIN PGP SIGNATURE-

iQJGBAEBCgAwFiEEA8Tnq7iA9SQwbkgVZhHAXt0583QFAl1MG4cSHGthcG91ZXJA
bWVsaXgub3JnAAoJEGYRwF7dOfN04YkQAJUHFRmQ6rAFpJs+RMdG+uSoG/xJ7c3b
yqUQ9ekLqDJHLxKCJpoWrCiw2eWaLn/983/Ya85yawGDYVRz4O1T7ag2gSNVJiBs
jh4WPzUdk5V96j2+GMs55kMks1D9QqbWeMvi1P+OmKBMlCWx6cF//SzVvkON+2c/
dMfGXrIXvP1C6MvgCKT5Iv1DS/xY+wIOuY5hYybOx01JmLbH15XXgRX3dot1si+O
uQ2kKvgCYGpER7UC7x6nPfTnBzvIRBuZc8ybzIVm8qZME4d3Uutcco1e5Lk9r9ip
mFD67Izc9xXFeuOwIf7GDg3PQcoMqF35zoQ6hwKpbQFWnYXGxS5fs77s5pf/C24i
pJyrWhW6Z1AeRxqc8WddWZIJNfm1G+EDm6Um+h/TSkpi9EOj79ZUGmivYJWQUTlx
e3JXw9QIg8l1gHQbFkRkttYQpohxkwT/UoCn8eLcnKPIMENW1rW+iD3l5MnMbPEl
OcMDztq0ZnZ0aXPZIaoHt2tqmLUdqDCq4/anlhTH1eTeavn3Nlhq0PnF2JEsNq7l
n1SntjHaAaPslhUWGP5Xn9+anWvpEOPq3dMGPsvePqUFo10B3GH0jNiO6fSsvu2i
FDy2xmMtNPjpMDSQ5Fd+YA0u/1cdNtcsqiAhVhwo+bQ278SpMxXaJ3NOki1PzZw7
mqXoc2IegPvg
=bd2o
-END PGP SIGNATURE-

Accepted nodejs 12.8.0~dfsg-1 (source) into experimental

[Jérémy Lal]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Thu, 08 Aug 2019 12:13:21 +0200
Source: nodejs
Architecture: source
Version: 12.8.0~dfsg-1
Distribution: experimental
Urgency: medium
Maintainer: Debian Javascript Maintainers 

Changed-By: Jérémy Lal 
Closes: 933840 934207
Changes:
 nodejs (12.8.0~dfsg-1) experimental; urgency=medium
 .
   * New upstream version 12.8.0~dfsg (Closes: #934207)
   * Fix make-doc.patch (Closes: #933840)
Checksums-Sha1:
 68a3687453c0c047b67c4b995ac15585db1b8315 3062 nodejs_12.8.0~dfsg-1.dsc
 9aedcffaa17b487fcd214f704c6b910efc4f77af 18469984 
nodejs_12.8.0~dfsg.orig.tar.xz
 4cbf31d25a2ddaf7be779281767bf0f2faf714f8 94644 
nodejs_12.8.0~dfsg-1.debian.tar.xz
 7eb673c5ba29996073f1ebfd7d1ee886c773ad32 7871 
nodejs_12.8.0~dfsg-1_source.buildinfo
Checksums-Sha256:
 b7b1003220a7affed6116d92c6986591c9019e88f4867e356e785c5478c0ec70 3062 
nodejs_12.8.0~dfsg-1.dsc
 291100fdaa375a7876a1dee82f258dfd82a6f99171d0a2e8400fdf91c3e6 18469984 
nodejs_12.8.0~dfsg.orig.tar.xz
 cec567e1e72c9b496e8356cb6ad2ebc7a3263840df02d9a8c9df528f8d861c80 94644 
nodejs_12.8.0~dfsg-1.debian.tar.xz
 c3ee8011983ad559cb4ced13f3b82d1d2a5c2b7dc12efb10d7aed81e80acbc68 7871 
nodejs_12.8.0~dfsg-1_source.buildinfo
Files:
 dd60dbd0d24b508d8c1be1ec7c103d96 3062 javascript optional 
nodejs_12.8.0~dfsg-1.dsc
 66f2219b42696a186d039f8c90f8d5c3 18469984 javascript optional 
nodejs_12.8.0~dfsg.orig.tar.xz
 fb4cc2a4bdeaf0ab4c6d9064f6e62ab3 94644 javascript optional 
nodejs_12.8.0~dfsg-1.debian.tar.xz
 4ee56b2e905c277328b1f29608f375f0 7871 javascript optional 
nodejs_12.8.0~dfsg-1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQJGBAEBCgAwFiEEA8Tnq7iA9SQwbkgVZhHAXt0583QFAl1L9isSHGthcG91ZXJA
bWVsaXgub3JnAAoJEGYRwF7dOfN0V/oQAKajqlV6qeM5qJ86s6kvqxPJtjFOxxs1
AGfqo9ClLPk4TxtMDeLos/ttqrNuR40o9vtb7y22h2q79nOemcHASPnXwiYIkOUu
hppCpav1/G3a0ELrfiL8cOgZbu+/YdZLFX82ubBlYUKvtdUDNfqM0UBiEqZN8tUx
aIwDWNQeWePEyDxmCzAouxBuad5UZi8VUxDPvoDlBR4mgiiARby3l4292rXnyreP
dB3sJcbhG813TroTrcBOe0GM9SJukoEmaJ1wsIPxY8oaHRyycXs8TnnLBPRu5eRC
h0pnuzDp/PNk/yCcgkyQpwV4ubC55JXO1smRJMR7ViHPVpHlnxHqy1E32zriGZGt
h+QHQZmV4OQg/PH000oy8aH7MwNA370CPu8aeOfUwhI3Tpocxq6tQmRnceArBDmF
JvWFZzPczKG6FJ2V3QkHlgFSggQvVR6f1e4yhlS5NcaRHOksqPg/5zHGo1adzCKp
ACOUdrV/1UMLxiaeOO/YS/mqZ3wSQBal17ZJypfUz173YpTAOadXE14N2Wx7uQyK
W84xjHkIWETMdhxFO8sOmHHCt4xlrh5iTVjXSetbDUmD6Tq9q40Y80qrHgLKedOA
K1oLds2E8x+m92lSx2/TlBMPQYZBJwAXHJmDZjaCQTCOa6CVlrOiDy6ZYd3RYGqP
Ab1PoMhLKB+8
=pPB7
-END PGP SIGNATURE-

Accepted nodejs 12.7.0~dfsg-1 (source) into experimental

[Jérémy Lal]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sat, 03 Aug 2019 19:48:03 +0200
Source: nodejs
Architecture: source
Version: 12.7.0~dfsg-1
Distribution: experimental
Urgency: medium
Maintainer: Debian Javascript Maintainers 

Changed-By: Jérémy Lal 
Closes: 932991
Changes:
 nodejs (12.7.0~dfsg-1) experimental; urgency=medium
 .
   * New upstream version 12.7.0~dfsg (Closes: #932991)
   * Use shared libuv >= 1.30.1
   * Build-Depends node-debbundle-acorn >= 6.1.0~
   * Build-Depends libnghttp2-dev >= 1.39.1
   * Tighten dependency on icu >= 64.0~
   * rules: set nghttp2 lib name - upstream assumes lib prefix
   * Upstream patch to fix linking against libnode
   * Build with snapshot https://github.com/nodejs/node/issues/28675
Checksums-Sha1:
 2abe4635a936d4e0570a9ff34488bb9f00890fc5 3062 nodejs_12.7.0~dfsg-1.dsc
 3fa8b255a6da286cd391325fabc5a0eca6dcb667 18209816 
nodejs_12.7.0~dfsg.orig.tar.xz
 46d20b443d6ed21636a3a6d90962453a61a22ed5 95128 
nodejs_12.7.0~dfsg-1.debian.tar.xz
 910fb02b9f9721c0a6bedb77c2bca5759cfa9127 7852 
nodejs_12.7.0~dfsg-1_source.buildinfo
Checksums-Sha256:
 f5e6c75ec6e5e9adffeb950961906074f371749bf6ed27e85e2e1dd1e78f2032 3062 
nodejs_12.7.0~dfsg-1.dsc
 0a6946e2be78334311dc1f2783b586aed8ccfeb759c068f31275f663cba6f0f0 18209816 
nodejs_12.7.0~dfsg.orig.tar.xz
 e381975e3c44aa7473326d24eee6ed817ee44ea37700dbc06822bc5725a490eb 95128 
nodejs_12.7.0~dfsg-1.debian.tar.xz
 17d6069c15923193836f45db859a103cff17a5d8307d12d8241caf62afa03264 7852 
nodejs_12.7.0~dfsg-1_source.buildinfo
Files:
 5b31ed9d70d2db92fba1b3132d1b00c9 3062 javascript optional 
nodejs_12.7.0~dfsg-1.dsc
 64e1890a285e8f5c3068616c5a9a931a 18209816 javascript optional 
nodejs_12.7.0~dfsg.orig.tar.xz
 9ccfa8c95db80fb87a3e5593d0c25556 95128 javascript optional 
nodejs_12.7.0~dfsg-1.debian.tar.xz
 3f6d7814eb988420e57170d62469c638 7852 javascript optional 
nodejs_12.7.0~dfsg-1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQJGBAEBCgAwFiEEA8Tnq7iA9SQwbkgVZhHAXt0583QFAl1FyPkSHGthcG91ZXJA
bWVsaXgub3JnAAoJEGYRwF7dOfN03hgP/AlUkXxvMPpyTNSAtsn5LVtwH2oDlsDW
ydU7sI+PB/YvRnuLjeh36/ZpRGWdrczTYvT8vgNgWrewNWJ4T9yxAvGjAlar46ZQ
8PDmd8FWjvrnjm2WD2A/SewUv26meTN8K+g+h4arvnQMo5PpDNpOmYrwy8vSeVYQ
OXw7HMGu2uJjUMbLq7/1s2WfdHHkUTrtXrmJjPBbhLboFwllkBT/18PPAWA1cLMZ
KjMz8IabCstm1MkW+TOi7klXOYj9m/hQFiltvPunFNykqJZGZqWct4ni4a5xh8LX
fZUT1ZVJ8kmv4AvPLBCL6r85K5vhPSxvSsYhDPs4wXSFRcqwempY38C9ncii/3gG
Dp/gz20UUO0S8PNlbbNREQEgZp8PWLNHwTetkVYddY53OLHCpDRNqKjueT1imq2M
/toojdU1D8CaVgQfXfl8ZmBbOtU9WaKLBz1ANNG25YfxfJUhFP71ARzW8orcI4wz
whARhtIb26LHvB/6xA4qLbwWk68AoTmsizsGx+4K7cEy8O36ZBGcZxtR65req+UB
j35b9TVbAstjdZtIzOrHFKpHfxnqEoOm/eWqqi4BBb1wRbk7GtNOE7AVhpOEwnoH
uYTj2J0pHhQz4G50fmuudoflzSCgemyTbeqk9+UBCX0p184V/hE16ccn5iMSe3ck
rE/ChN7r4r5q
=eXeh
-END PGP SIGNATURE-

Re: Is it the job of Lintian to push an agenda?

[Jérémy Lal]

Hi,

the question
"Is it the job of Lintian to push an agenda?"
is a good question, and it would be nice to get a general answer,
separately from the technical issue about sysvinit scripts.

Jérémy

Accepted node-nan 2.14.0-1 (source) into unstable

[Jérémy Lal]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Wed, 10 Jul 2019 17:06:03 +0200
Source: node-nan
Architecture: source
Version: 2.14.0-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Javascript Maintainers 

Changed-By: Jérémy Lal 
Changes:
 node-nan (2.14.0-1) unstable; urgency=medium
 .
   [ Xavier Guimard ]
   * Add upstream/metadata
 .
   [ Jérémy Lal ]
   * New upstream version 2.14.0
   * Update changelog
   * Standards-Version 4.3.0
Checksums-Sha1:
 315eb507d2549aad2fb63c5a62d845c6775f3fe3 2198 node-nan_2.14.0-1.dsc
 402d889979984e734975d7aa84b565f07841dc54 172891 node-nan_2.14.0.orig.tar.gz
 52fe1e622abc228ef4bee4db950f7bac18abc340 5464 node-nan_2.14.0-1.debian.tar.xz
 7dd9acaeb9651273c6de6fd92fd0cef64d9146fc 10379 
node-nan_2.14.0-1_source.buildinfo
Checksums-Sha256:
 8d9b3e47bc019d3e009987a2a40aa66a4d8f60a57ad80143a692bdd9741a7fb1 2198 
node-nan_2.14.0-1.dsc
 b5ff6fd050d39219925b26de4008d6b86584b1d96147465d9a90901bc6d5566c 172891 
node-nan_2.14.0.orig.tar.gz
 b88a1a7227b9cbe231b0127a12593223bb8cda9e3ca7047b6b3839fb5130698f 5464 
node-nan_2.14.0-1.debian.tar.xz
 0a8f4fa64233084926f359c9436b07ce5fe901840e485d8379fc95b1d6b0ffb2 10379 
node-nan_2.14.0-1_source.buildinfo
Files:
 3a77b0b03aee7607bbccc6bd64a8c380 2198 javascript optional node-nan_2.14.0-1.dsc
 514a225349b7694b6ba8fb084e3a9b4f 172891 javascript optional 
node-nan_2.14.0.orig.tar.gz
 19c548135d5bf1d2912d11d1357d141e 5464 javascript optional 
node-nan_2.14.0-1.debian.tar.xz
 16d625f24ad92205b9d43b694048e4b7 10379 javascript optional 
node-nan_2.14.0-1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQJGBAEBCgAwFiEEA8Tnq7iA9SQwbkgVZhHAXt0583QFAl0mAg8SHGthcG91ZXJA
bWVsaXgub3JnAAoJEGYRwF7dOfN0jskP/jSsEIZCI+FtM99H1q0zSKjYr5zlV9t5
WwJz89Mh9tm3NE7USSJwm4QLgkSsiOCTOtvJe8/KHBVvjFor1HDz4luxoRpAflma
YjRyDn6ZZ+NznohsxRW7lXk3GKZpMNLwraq+7+dslVBXyBF8M8atBrZxHa4F4OF+
XHGCqICQOmjGGkDl9VoiMsPOAmr/jHNzgrGhkrM9wuJGriY0Avoy+u/Tm4vcqeFs
dCfKs1bJkWgBy4SO3AGj9rVaYnitPLVcjL94XV0ww9JLv2STtAY+z88nkPMRscRv
/aAo132C3jzigpAj52wB09rUbHez9wi6S8WuHwLtRhGGC9LiR12ov/Vmv8wdVYLj
fxFDzbTzlqFPzStqeZCsWZdxxbCubkIXj0yJne5F/Rp+4SpVUWwL7zzvwN5oVBtG
oT3sv619vWEefXxxv6ScSY1eec/R01jnXJqngjjqe9i6PmI+PWSIV5A8SkUHRAOO
f2RReI1HeRCp7t7Pqq6R4g6ABmUPgMmQVBSa9V9dGP8YTsc9hwbI6OuHfZBscJDJ
3Golig1wqcWqGuuAsT8Qw4p+BLkwCoG27OGio6u9Seyh525XaKdp+dFTO2nc586L
NnUgmBSbWo0yEj1qLAUXhYaN9wHsxiAG5U8qzDsJ8xM/bUA5bFpBw0x9QIkGGDPP
Yl/PzRauNIqS
=ln8r
-END PGP SIGNATURE-

Re: @debian.org mail

[Jérémy Lal]

Le mer. 5 juin 2019 à 13:26, Marc Haber  a
écrit :

> On Mon, 3 Jun 2019 10:40:26 +0200, Daniel Lange 
> wrote:
> >DSA should re-evaluate that.
> >
> >We run into more and more problems sending from @debian.org email
> >addresses as the three big players in email ratchet up their anti-spam
> >measures.
>
> This message and the following discussion has deeply saddened me.
>
> What the spammer didn't manage to do in 30 years, the antispammers
> were successful: E-Mail has become an unreliable service, not because
> of spam, but because of antispam.


I figured that the hard way (sending otp to new users by email): mostly
work,
but failures are difficult to explain to new users.
The only "safe" way would be to communicate that kind of info through sms,
but it's very expensive.

Jérémy

Re: Difficult Packaging Practices

[Jérémy Lal]

Le dim. 26 mai 2019 à 23:01, Sam Hartman  a écrit :

> > "Adrian" == Adrian Bunk  writes:
>
> Adrian> It is a problem for people making their first contributions
> Adrian> to Debian to get them into unstable. The problem here is
> Adrian> lack of sponsors willing to do proper reviews and then
> Adrian> uploads. Usually the package in question is already using
> Adrian> dh.
>
> My experience is consistent with the above.
> I can't send links because most of my conversations with people getting
> started contributing to Debian  have been that: actual conversations
> with lungs compressing air to blow out mouths.
>
> Unfortunately, I've found that it's often a combination of factors.
>
> The one first cited is  the difficulty finding a sponsor.
>

There's a gap between getting some unknown software into debian,
and getting well-known software into debian.
Some well-determined upstream develop can manage to get software
into debian, and even get it into stable, and then just quit maintaining it
!
On the other hand, when a fellow DD uploads a software it usually means
that piece is worth it. So i'm not that keen on making it easier to get any
kind
of software into debian.


> But in at least some cases it's more complex than that.
>
> for example in one case someone was talking about finding a sponsor.  I
> said that I didn't normally sponsor packages I couldn't adequately test,
> so that limited what I'd sponsor, but if the contributor could find
> something within that set I'd sponsor it.
>
> He came up with something.
> Then he said but really the hard part there was not the sponsorship, but
> the dependency problem
> Apparently upstream had forked some library already in Debian and you
> had to use the fork for the package to work.
>

It might also mean the upstream software is still maturing and not ready for
prime time.

I think it's a combination of a lot of things.  We have high standards,
> a lot of complexity, and you have to get most or all of that right to
> contribute.  You have to have a package that meets our standards.  You
> have to have a copyright file that meets our standards.


When it's hard to make upstream conform to DFSG it's either easy to fix,
or impossible to fix. So it's not that hard to deal with.


> You have to be
> able to figure out our processes.  You have to be willing to follow our
> processes.  And you eventually have to deal with the PGP mess.
>

Are you referring to the identity check ?
That mess is onto the uploader's hand.
You don't need to have your identity checked as an upstream author, and
the identity check is the best part of subscribing to a community.


> If you don't find value in the things where we have high standards,
> Debian doesn't make a lot of sense.
> If you just want to get upstream's idea of their package onto a system
> with their release schedule and their recommended dependency versions,
> there are better ways than getting a package into Debian.
>

There are even ways that are supported by software available in Debian !
(thinking of flatpak but many other ways to allow users to install software
easily).

--
Jérémy

Accepted nodejs 12.1.0~dfsg-1 (source amd64 all) into experimental, experimental

[Jérémy Lal]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Thu, 02 May 2019 11:32:28 +0200
Source: nodejs
Binary: libnode-dev libnode72 libnode72-dbgsym nodejs nodejs-dbgsym nodejs-doc
Architecture: source amd64 all
Version: 12.1.0~dfsg-1
Distribution: experimental
Urgency: medium
Maintainer: Debian Javascript Maintainers 

Changed-By: Jérémy Lal 
Description:
 libnode-dev - evented I/O for V8 javascript (development files)
 libnode72  - evented I/O for V8 javascript - runtime library
 nodejs - evented I/O for V8 javascript - runtime executable
 nodejs-doc - API documentation for Node.js, the javascript platform
Changes:
 nodejs (12.1.0~dfsg-1) experimental; urgency=medium
 .
   * New upstream version 12.1.0~dfsg
   * Unapply all openssl 1.1.1 support patches
   * Unapply silencing of buffer deprecations warnings
   * Build using embedded uv until libuv1 1.28 is available
   * Build using node-acorn >= 6, node-acorn-walk
   * Update copyright file
   * dfsg-exclude tools/lint-md.js, dependencies to rebuild it
 are not available at the moment.
Checksums-Sha1:
 5d57cf1adffea84af82b8611595266313a1d8c82 3033 nodejs_12.1.0~dfsg-1.dsc
 7f1c070f792f77db7cc64fcedd7d5282a3d1d9f7 17979072 
nodejs_12.1.0~dfsg.orig.tar.xz
 656ea8f96063e360394373d93f696bf69342 94276 
nodejs_12.1.0~dfsg-1.debian.tar.xz
 1733ea160b313e3a7de1510299adbea52a4f5ae1 429240 
libnode-dev_12.1.0~dfsg-1_amd64.deb
 b2cf72a68aa42404859bc874727841272dbe61aa 353593340 
libnode72-dbgsym_12.1.0~dfsg-1_amd64.deb
 2c8b950720722cd003cee9940e910222d1c65dd1 6962096 
libnode72_12.1.0~dfsg-1_amd64.deb
 3089fcb67fd29a025641567ebde96c1a3807db3c 595096 
nodejs-dbgsym_12.1.0~dfsg-1_amd64.deb
 a29bd47b9710185ac6d034f67c3f72271dc0ce44 1032724 
nodejs-doc_12.1.0~dfsg-1_all.deb
 458bc4a0eb857974e81c6ef4fc9e433aaeb1b28c 9051 
nodejs_12.1.0~dfsg-1_amd64.buildinfo
 beff5bb5d54538997191d00b8b95b198131df8b6 307768 nodejs_12.1.0~dfsg-1_amd64.deb
Checksums-Sha256:
 f9ec60d1730a4f836ebbb581ca95c9ec6a189222af7c9f7fbea08856bac04d87 3033 
nodejs_12.1.0~dfsg-1.dsc
 80d8bdd7681210c15e85ebc02ebbc3c57911c54d8f5de3ff85cc2ede394dad00 17979072 
nodejs_12.1.0~dfsg.orig.tar.xz
 ca1fc824762526580e808db5ed4ae3ba3abd708f1f0be9342fdc3055f5e5a028 94276 
nodejs_12.1.0~dfsg-1.debian.tar.xz
 357fc6a1e0ba693eb58578b6c8efa9ad4a8a53c98e96c566a7bc597c0eb561c1 429240 
libnode-dev_12.1.0~dfsg-1_amd64.deb
 74b94dd49c4ff5c88d0bc10b454b9c897a57449e4679603a96c6046505c3a36c 353593340 
libnode72-dbgsym_12.1.0~dfsg-1_amd64.deb
 a85a5102b7fffb9153e222cf248b41a5ee023b0adf7076895471911b9f2c3d3f 6962096 
libnode72_12.1.0~dfsg-1_amd64.deb
 0fced8be32b6ad14b9fab595877a2db230210eb085622406a13504dbfe5342b4 595096 
nodejs-dbgsym_12.1.0~dfsg-1_amd64.deb
 a83a5f00fef5ffe5c809aefd5dbb18f05e04f6f7e57ecb83aa0d872f351131dc 1032724 
nodejs-doc_12.1.0~dfsg-1_all.deb
 72b35c9d1b8a5e805af3896170c2718c539a0c06135490e73dc14a329cf7b195 9051 
nodejs_12.1.0~dfsg-1_amd64.buildinfo
 3c0d2dcfdd8de18165946f05b0d681d7888fea1f137b1ae695d0566084ca5a5f 307768 
nodejs_12.1.0~dfsg-1_amd64.deb
Files:
 ce399d3c1a32ace2d62235cd9f1dccbc 3033 javascript optional 
nodejs_12.1.0~dfsg-1.dsc
 77fb174215d93d45a8cd4745f0cc41d3 17979072 javascript optional 
nodejs_12.1.0~dfsg.orig.tar.xz
 a66b643b9c9b3586ac15e7395a4cba12 94276 javascript optional 
nodejs_12.1.0~dfsg-1.debian.tar.xz
 e5e54baa8a3710b34edfa0946068c381 429240 libdevel optional 
libnode-dev_12.1.0~dfsg-1_amd64.deb
 1adfd8eb6e4ff93155089ecf82d21630 353593340 debug optional 
libnode72-dbgsym_12.1.0~dfsg-1_amd64.deb
 b9ee3702774ebd52b5719107af84c160 6962096 libs optional 
libnode72_12.1.0~dfsg-1_amd64.deb
 72959b4a2d6be0225c80377a3347e09e 595096 debug optional 
nodejs-dbgsym_12.1.0~dfsg-1_amd64.deb
 c2220c1feb1226f04123b0e8b8391332 1032724 doc optional 
nodejs-doc_12.1.0~dfsg-1_all.deb
 abe9f58cb72f447bd07a020d7a47a1a5 9051 javascript optional 
nodejs_12.1.0~dfsg-1_amd64.buildinfo
 a0e635be68affac643bac3a6a54a3882 307768 javascript optional 
nodejs_12.1.0~dfsg-1_amd64.deb

-BEGIN PGP SIGNATURE-

iQJGBAEBCgAwFiEEA8Tnq7iA9SQwbkgVZhHAXt0583QFAlzLCz0SHGthcG91ZXJA
bWVsaXgub3JnAAoJEGYRwF7dOfN0xkIP/jhkERm9+L5T2Qpqsqg/FfDYf4ML+DG4
gPGRlE2SyaTaDVwkI8ELKs510QiMJpCWZkhypoMoVW4KYIxkDCiWK1UJjbb6N1xG
5RAu7eXVQXHqIsuxmOmUkDoZJuHDKmJH0QYuydYq5KKDOnuzZ1xZyGItju0PvS9J
BQRgZIzJEbQxzZh2UsjQSkxkWg4chEbMp7bfL6brkH/zyaKvloXTRY0H7FmRbXaJ
SVkvsjHAgz6Mx4Xzabmt5yakeTxwBPIolkVYb5gQc2asMvfC9W8Xo5cbb9HoSp4a
Dj+F5TDNgZfaKDqTewZ4jWbjOo+VGh+Bi3VntYKbfFn8/kjQAELPE2QW7CExsops
TN9hYmAuqUM8a58AIp9JlQpBAp74MvSO+lNZVtScchuB8cBSujRPCLPrQFIFuBv1
c6TEn/LVjoQyXsZy+7kbqX+uztCrz/Hr4XCgpi/KW/ui9yhut0Uty+P4GGyaFKDU
V7Q62Y2nqjA4aiU7JIaBrgWsUXZsgn+nhRZmn2YAcGf5zJwuLy40RLHKcgrua/nV
vnTSaPXY52YmXb+xDINngO23sKFD1d6OQiOJTDqIQVdwWyxEtpfU8vrO52+QopD7
ISId+mucD0Id2Hq1UfZ0+QsBMnpmjXmQpIcp5Q2/Dg7JObXh0qsWx7HP4fbF6xDl
81D0GDKMnipY
=Fm51
-END PGP SIGNATURE-

Accepted gpaste 3.32.0-1 (source) into experimental

[Jérémy Lal]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Tue, 30 Apr 2019 10:50:40 +0200
Source: gpaste
Architecture: source
Version: 3.32.0-1
Distribution: experimental
Urgency: medium
Maintainer: Jérémy Lal 
Changed-By: Jérémy Lal 
Changes:
 gpaste (3.32.0-1) experimental; urgency=medium
 .
   * New upstream version 3.32.0
   * Fix Vcs-Git url
   * Depends libmutter-4-dev
   * Fix typo in description
   * Standards-Version 4.3.0
Checksums-Sha1:
 e00da1f4b9be59bb2fc53c15709d793ff6e6f71a 2617 gpaste_3.32.0-1.dsc
 ecb359d729d3d94387d5188d479658672536b4bf 181159 gpaste_3.32.0.orig.tar.gz
 86b375c176ca6f42337c820c140e63d7794e288d 7116 gpaste_3.32.0-1.debian.tar.xz
 2381737526a4853dc38d6c3971f7becc9e4c457b 17499 gpaste_3.32.0-1_source.buildinfo
Checksums-Sha256:
 9d788ec41c9fca3866fe31401ad67f3acbfe9f66592d0b7096a5e86267424aac 2617 
gpaste_3.32.0-1.dsc
 661b44a0b0f9c1f8a56016be247189d1c99bec52cb830a85e021e78a77a277bb 181159 
gpaste_3.32.0.orig.tar.gz
 111cbf3ca627f9daa11ff056841494a288263e3e2b78acc087278155589bc884 7116 
gpaste_3.32.0-1.debian.tar.xz
 4fd140224e69347d63ae323e95033b25f567f296d3b9391d25ab32984895c39f 17499 
gpaste_3.32.0-1_source.buildinfo
Files:
 e9b208e62e4878a2da411f47fcf7b1c8 2617 gnome optional gpaste_3.32.0-1.dsc
 f753c802df7b2fccff43d220cc02afdd 181159 gnome optional 
gpaste_3.32.0.orig.tar.gz
 b10de2c6a1e1d79dc1b962bc2a722aa8 7116 gnome optional 
gpaste_3.32.0-1.debian.tar.xz
 9de4c54f12fe5302e03a9aa8824e3ee8 17499 gnome optional 
gpaste_3.32.0-1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQJGBAEBCgAwFiEEA8Tnq7iA9SQwbkgVZhHAXt0583QFAlzIDIwSHGthcG91ZXJA
bWVsaXgub3JnAAoJEGYRwF7dOfN0argQALuRUnja43HFLf/TZTilNV1RNSeBLLc4
rwmrccuorZtAi2JXh65l1r+IjSuKKA3AN33adMaDejMyAJV6aiOSwg9iB2zYKjeW
m+NhQDUwyLDLD+0nM/n1bZ83p9dWElTe19pRQLTA6ezOMcotMaQGnT7pttcvGGS0
YiiKBo4Bl2v8rlN0a8gjT4kBWv/e6oTxag72W8UfzQK3Q19Gazlvq+slPZvATktD
cXq7xQjVprBKFmvyeMs7/gWSP1I2AeQerLwkMEUMfcAfkiMe9ZsQQ5RgjrEF7NBe
E3PChxm+yiuXNcEGBErr/rKpYraIFs2a/Ddq9oV8WVOeetitWjFP9NHKTYAFtG2C
9fRlM4yjVq+m7UPFtrSyrJzNALR2UjiqMGNA1eBDE2v6SfFbrk/D+SprPg/vpzhN
5M82e6F1/wZPux1l/3oQVUOH0RibdQdiT/dPtT4fcLXPsPvKgXUrOffBYGDSZXZo
NMj3szPt5HNdAStQHLyfunDMOOA7TGrbDQagiLw48bg65QwZWIBWooM+lMrdsVaP
6Y2H3JyBmhdwzTch/OzWKoRK4OKFjOZKAZnCEsqKDfr8LJEM5ewHPZkMVrOc9Ta8
ysK0ZQuNRVONNGuLDt60Tlf6jAoNxJR9uVePODvmZW+8whEFNblrjFajd4wQLI8X
nUKiRe+eCKUI
=41cA
-END PGP SIGNATURE-

Accepted node-nan 2.13.2-1 (source) into unstable

[Jérémy Lal]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Thu, 25 Apr 2019 10:08:07 +0200
Source: node-nan
Architecture: source
Version: 2.13.2-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Javascript Maintainers 

Changed-By: Jérémy Lal 
Changes:
 node-nan (2.13.2-1) unstable; urgency=medium
 .
   * New upstream version 2.13.2
Checksums-Sha1:
 4fa5e45fef59c6bf5d75216af203b65b149da401 2198 node-nan_2.13.2-1.dsc
 c13fc4030f27100382039ecfbd9579cd3081a972 172354 node-nan_2.13.2.orig.tar.gz
 8b3508f65c04edc1489c94160d065383f4369f58 5340 node-nan_2.13.2-1.debian.tar.xz
 c1154ca9c47eee163d434ca52904a00432b05ad6 10129 
node-nan_2.13.2-1_source.buildinfo
Checksums-Sha256:
 cd5115c0cbde3a4b313c195adc363b0e5fb8f2ef97744eb1ab51ca409bb40175 2198 
node-nan_2.13.2-1.dsc
 f9d3e75d4f9420332e673b54c197ca65d422a5ec9a361ae0c36ed526644cacb5 172354 
node-nan_2.13.2.orig.tar.gz
 db514b94d75581c8c6b9a36b27aaca0f94f03fd8682f609af9c77fb78a190502 5340 
node-nan_2.13.2-1.debian.tar.xz
 d1dddeaf7d5235197555256361beb5add06ad143018e1db62e87ebd359755d0b 10129 
node-nan_2.13.2-1_source.buildinfo
Files:
 585ffb4046c2876d44b7fd8382cc3209 2198 javascript optional node-nan_2.13.2-1.dsc
 7401ba7992933ab5c51a69aa17d5407e 172354 javascript optional 
node-nan_2.13.2.orig.tar.gz
 060329cf41f3f056bd969a2f95bfe365 5340 javascript optional 
node-nan_2.13.2-1.debian.tar.xz
 a73c7975d92be0a1e881ca4581cd2833 10129 javascript optional 
node-nan_2.13.2-1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQJGBAEBCgAwFiEEA8Tnq7iA9SQwbkgVZhHAXt0583QFAlzBav0SHGthcG91ZXJA
bWVsaXgub3JnAAoJEGYRwF7dOfN0bwUP/R0gPouYew6r+l1rLK4ZYava66gdQn/I
BHd4zHeGfEqTxZ0tZY4ViPQhjZ5pqW287OpBx7jopPL5x5wFTQrUfH7uzjuN1u/F
gs7Xmu6SAIoqRUCaWfhHvTid2rzWj7VcHXqovY7c2/uwyQgwhme9KFyQOkgmq327
SSIm6UGZDgmve19chAHicQ7lg/YxxrKbHDuiOz/kwO3hUCxZfvHvhOkWvnByWihh
81FalP6nDdTNp5NeZoEznLGf45BS5GUnrJKsxXHel9We40gBPXECGbikl5Wtzg7J
9sVLBav/x9LW/aAHzRnnb+Bci6UfU+YASN3ZtfRHP+rP+eViyhyP8T7AhstcpBW8
qol99nBm7Nbi58rPpMa8qPQkRyUKs7Yp5KSJBx8tjc+gYq0wj5oRSrCIuaHFkv1I
yZhI2BmvVbd807ygrGnE183yGyPcF8VriuACki7RZP2RLCFR2S6xwG8zaU6FUpYM
kFLclYm+5J2DTwHwctTOo0ANQhzgG709+JX7SlLya+FTGLqtmUqyezN0+Nxi5cNZ
c0rExFJ3u62dY4gZKnjA1/vIFMAdo5+UUEXQZ5alzJ7CLpKl3GL5Pi+0K/v+MuWD
tUwu5e621/Toj6KtjJ2AWLaYswcZ2ILDJZZHBcbV+A60ymTSec8IK96GbrYtKO2W
e7wsDzAJQ94I
=tThG
-END PGP SIGNATURE-

Bug#927866: ITP: node-re2 -- Node.js bindings for RE2, a fast and safe regular expression engine

[Jérémy Lal]

Package: wnpp
Severity: wishlist
Owner: Jérémy Lal 

* Package name: node-re2
  Version : 1.8.4
  Upstream Author : Eugene Lazutkin  
(http://lazutkin.com/)
* URL : http://github.com/uhop/node-re2
* License : BSD-3-Clause
  Programming Lang: JavaScript
  Description : Node.js bindings for RE2, a fast and safe regular 
expression engine

This package provides bindings to a safer alternative to the native
JavaScript regular expression engine, without supporting features
that are targets for Denial-Of-Service attacks, like backreferences
and lookahead assertions.

It is particularly of interest because Regular Expression Denial of Service
plagues v8, the JavaScript engine at the core of Node.js and Chromium:

https://snyk.io/vuln/SNYK-UPSTREAM-NODE-72328
https://bugs.chromium.org/p/v8/issues/detail?id=287
https://github.com/nodejs/node/issues/9337

Accepted nodejs 10.15.2~dfsg-2 (source) into unstable

[Jérémy Lal]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Mon, 08 Apr 2019 15:06:40 +0200
Source: nodejs
Architecture: source
Version: 10.15.2~dfsg-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Javascript Maintainers 

Changed-By: Jérémy Lal 
Changes:
 nodejs (10.15.2~dfsg-2) unstable; urgency=medium
 .
   * Avoid two tests to cause a FTBFS (Closes #919588)
 + test-fs-error-messages fails with eatmydata
 + test-net-listen-after-destroying-stdin is flaky
   * gbp for debian/buster branch
Checksums-Sha1:
 b271be0e9b2e99a36d0bc53085651f2860b9ac6e 3036 nodejs_10.15.2~dfsg-2.dsc
 3796f72efca1ad2c37e45e0fc6c3abdc39ba0f3c 97460 
nodejs_10.15.2~dfsg-2.debian.tar.xz
 1fe0c1716d17146dafe34267c79fa10e67dd66ac 7632 
nodejs_10.15.2~dfsg-2_source.buildinfo
Checksums-Sha256:
 8079471b96be42536a0151f349d2f270d50b204f7e49862b291e2fbd4edea47e 3036 
nodejs_10.15.2~dfsg-2.dsc
 911d51a02db68d527f3bb0158ebfeb27b173a382a48865267c46db39ef435ac7 97460 
nodejs_10.15.2~dfsg-2.debian.tar.xz
 ac57a95d7993e28c842aab7b0d1f4517f71049c59e6df0f8f0b0965da5992dfa 7632 
nodejs_10.15.2~dfsg-2_source.buildinfo
Files:
 a0bd5f1dc4d2109ffdd346d10bb1cb2b 3036 javascript optional 
nodejs_10.15.2~dfsg-2.dsc
 2d967bfeb5d30e73400cd9fa2d98571e 97460 javascript optional 
nodejs_10.15.2~dfsg-2.debian.tar.xz
 0873e668b73bf6e0582edd7d001c92e5 7632 javascript optional 
nodejs_10.15.2~dfsg-2_source.buildinfo

-BEGIN PGP SIGNATURE-

iQJGBAEBCgAwFiEEA8Tnq7iA9SQwbkgVZhHAXt0583QFAlyzaHwSHGthcG91ZXJA
bWVsaXgub3JnAAoJEGYRwF7dOfN0Mf4P/A4xXkPVAXlM9GobZ8lL5EIdRha0ejzq
lkf5X0QTUG+6cD8NMxixjo2erFysDLqksiWk7Tw/F89CzhhYWHlS+/TJzcCDWhng
+6nl0G4d5kgnk7fkR7a//9jzz7Bj9znSGHnCmWbP35kEgd4SeIWsAIqoofOa3VUs
Mz0hgvXTcMS/q/qojVLiJM7UR3zIIYi7QneiKYjcYm6G7a3vPAoPOsx38q4iU9O0
hObCqJi7JxYayVSKv39CbzeB9QNc04pYUfHTT0C0Ue0OSWZ4gxAYNQtbhh1xXoL+
nJ0BmSvNErFMNCtR+oP0zoMEATzKQFJn6gr4wUuoQzNWzVJyntMjOi5nJH3RweiG
qEC4pRQV6LrVz7kTMrlRTqKVtCRnMEnjFY8AKkpttS6FLvRUCPAGGhr/O63XUo5B
dTgjGg1wgGKXBcFAyjWMrHmxdrHgzYjOEoU3qmSTXKmCA9Ie0ijOu3DgBSo3KjdG
5jtD6d6bWfrUUvAdILZeuRm24FpHnigi7jIgn8SNsFhhf4s0oBNw5eGqQWYYzRJr
rQkAmJMNaUFy8dG1/4/sCmcxv/GqB89lAaEgRBA8q+wjIQvzSm5AX8odJvDZytxz
M/owIMCpm+PrVuCTfV+XrJBLBcoyX5a09S88yB0KzPtO8OpSTspPpDkBmUKmo9pQ
4La2iGI02DQr
=eoUT
-END PGP SIGNATURE-

Re: is Wayland/Weston mature enough to be the default desktop choice in Buster?

[Jérémy Lal]

Le ven. 5 avr. 2019 à 17:25, Mo Zhou  a écrit :

> Hi,
>
> > I think the default should be reconsidered.
>
> I second that since I always refuse to use Wayland, due to
>
> 1. Gnome's keyboard configuration under wayland is definitely rubbish.
>I need extremely high keyboard repeat rate and short latency:
>
>  xset r rate 160 160
>
>The fastest repeat rate feels like 10 times slower than my
>preference. I didn't manage to find out the CLI way to enforce an
>extremely high key repeat rate under wayland.
>
> 2. redshift doesn't work under wayland. There seems to be no CLI
>program available for such purpose.
>

The gnome-shell version of redshift does work under wayland, but doesn't
apply to the mouse pointer.


>
> 3. I don't know whether this has been improved, but in the past
>the mouse cursor latency was very obvious.
>

4. copy/paste delays between some gtk applications (epiphany, gpaste...)

5. SDL might need SDL_VIDEODRIVER=wayland explicitely

6. some graphic cards run better under X

i guess the list goes on and on


> On Fri, Apr 05, 2019 at 04:12:22PM +0100, Jonathan Dowland wrote:
> > I was surprised to learn — by way of synaptic being autoremoved — that
> > the default desktop in Buster will be GNOME/Wayland. I personally do not
> > think that Wayland is a sensible choice for the default *yet*; and if
> > the consequence is that bugs for software that do not work properly with
> > Wayland have their severity inflated such that they are autoremoved (and
> > thus potentially removed entirely from Buster), a decision that — in
> > isolation — makes sense to me; although Synaptic is quite a high profile
> > package within Debian for this to happen.
> >
> > I think the default should be reconsidered.
> >
> > --
> >
> > ⢀⣴⠾⠻⢶⣦⠀
> > ⣾⠁⢠⠒⠀⣿⡁ Jonathan Dowland
> > ⢿⡄⠘⠷⠚⠋⠀ https://jmtd.net
> > ⠈⠳⣄ Please do not CC me, I am subscribed to the list.
>
>

Bug#924695: ITP: libnginx-mod-http-brotli-filter -- Brotli compression filter module for Nginx

[Jérémy Lal]

Package: wnpp
Severity: wishlist
Owner: Jérémy Lal 

* Package name: libnginx-mod-http-brotli-filter
  Version : 0.1.3.4.g8104036
  Upstream Author : Piotr Sikora, Eugene Kliuchnikov
* URL : https://github.com/eustas/ngx_brotli
* License : BSD-2-clause
  Programming Lang: C
  Description : Brotli compression filter module for Nginx

Brotli compression module, similar to gzip module.
.
Brotli is similar in speed with deflate but offers more dense
compression.
.
Brotli encoding is well supported by current web browsers.

I'm looking for co-maintainers in the nginx team.

Accepted nodejs 10.15.3~dfsg-1 (source) into experimental

[Jérémy Lal]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Mon, 11 Mar 2019 09:47:26 +0100
Source: nodejs
Architecture: source
Version: 10.15.3~dfsg-1
Distribution: experimental
Urgency: medium
Maintainer: Debian Javascript Maintainers 

Changed-By: Jérémy Lal 
Changes:
 nodejs (10.15.3~dfsg-1) experimental; urgency=medium
 .
   * New upstream version 10.15.3~dfsg
Checksums-Sha1:
 c30171830519ac79dd37f6d2b04433f63f984ba7 3036 nodejs_10.15.3~dfsg-1.dsc
 e8968c4ee8861be0e2e4a65b3c2ea5c5ebfff2c7 15250264 
nodejs_10.15.3~dfsg.orig.tar.xz
 4a90c3501257e787c37193c05a772949f5a8178e 97464 
nodejs_10.15.3~dfsg-1.debian.tar.xz
 ff2aee28829147a9a21472dfe0ff6f6da7012b22 7630 
nodejs_10.15.3~dfsg-1_source.buildinfo
Checksums-Sha256:
 fc5978a95dc403137d625be38c2f9b7f2bacfd002c89b9ff79c8480c1fbef017 3036 
nodejs_10.15.3~dfsg-1.dsc
 c60ef7a1b16a8d9be072a20c66b4d8fe1ddf6e63938996a8be16e2e5ce06d356 15250264 
nodejs_10.15.3~dfsg.orig.tar.xz
 ee24f5be6a69d3a827e04b9f4f2cf61d2825988de63e39cfbfaa47d63541dd40 97464 
nodejs_10.15.3~dfsg-1.debian.tar.xz
 b3dd7043f53677e45e8b595b0fff0cba806e42d78fc13846a933ae492c90d8d8 7630 
nodejs_10.15.3~dfsg-1_source.buildinfo
Files:
 5264a12ff273e35f15cb41009b525b70 3036 javascript optional 
nodejs_10.15.3~dfsg-1.dsc
 66e42b3817d82d98652ff57d562e9828 15250264 javascript optional 
nodejs_10.15.3~dfsg.orig.tar.xz
 3d861ee9580bfa8ce54e65953b38e491 97464 javascript optional 
nodejs_10.15.3~dfsg-1.debian.tar.xz
 bab90ecc812b159ee42a64e9f83a54b3 7630 javascript optional 
nodejs_10.15.3~dfsg-1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQJGBAEBCgAwFiEEA8Tnq7iA9SQwbkgVZhHAXt0583QFAlyGM9ASHGthcG91ZXJA
bWVsaXgub3JnAAoJEGYRwF7dOfN0DggQAJLDCql3K0ZNs25CGPcx8fnUWl6eEmXc
DjpntbjMcGn4xaPb1UvvIm7BE5QNUGJdT/4KtkrLAn0pb1at1NrgwHlBXxAuv0xV
zTIVnhGcKAgqW36D4W7zKV2Qzqdn9pVpF+zMvjOwcKmO9HzDDlowpXpSQrqG9hid
kwV//wKjsAb0CubtUetdOTyVJBA5fMt13b79w9jENqrjyWVVQuViPjxWruo83uoR
FBopuY2gOiNrkjO+0xH/DpVgN17zO+73Y3ljPa5OrNDjGRlu5EqpFFlPKKBEsrZt
P5bohJJcyIFY3rxtyi4kwcoaKvOQmh90DrRES00j8xngtuvgIpJp+fi9TXIxa0rG
anqr4fpjDR2QAR/YDJRmSgkSI+yVZCOJ1cRNpYHfeyR7uiH14khD2JEmjGSOzNX6
0rUs1/BP+j5G/JlLq9f6hvVOS0N8rtrP+/r3gwoUDmDnmddA2zkC/494cSSF+IGY
c22tUG9tGhHaqAe6/h5AtabQAyZpytmtGslwvhuerpNynRu3mYAXC/BSq6rLfzZW
ol+fr0WcnwCNsOLorTOKmhQImXiOtTskzDM/0LPYUTdX4EaDZRFBd6YCNjMgIEjB
bPPF5jEwIt7/hwGUArL+usjBqCy6pBFyqfEmMMPOnRY49RuCsWVbBIsOS8w1UF3D
umBsVYcCA/ja
=Ii+J
-END PGP SIGNATURE-

Accepted gyp 0.1+20180428git4d467626-3 (source) into unstable

[Jérémy Lal]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 10 Mar 2019 15:57:19 +0100
Source: gyp
Architecture: source
Version: 0.1+20180428git4d467626-3
Distribution: unstable
Urgency: medium
Maintainer: Debian Javascript Maintainers 

Changed-By: Jérémy Lal 
Closes: 899856
Changes:
 gyp (0.1+20180428git4d467626-3) unstable; urgency=medium
 .
   * Maintainer: pkg-javascript-devel (Closes: #899856)
Checksums-Sha1:
 5bf52e8078931ac817fd4e1ee91f715f7af8bd2b 2111 gyp_0.1+20180428git4d467626-3.dsc
 3f2fa17fbd6e0eca3f3a647b210c74d4e29fca37 8592 
gyp_0.1+20180428git4d467626-3.debian.tar.xz
 e0c20830ba9cef296936083093d2355975030fc8 6912 
gyp_0.1+20180428git4d467626-3_source.buildinfo
Checksums-Sha256:
 5c962745b5a356d29ceece0fd5beaa371c57a71b9830439656266ff7f00f7655 2111 
gyp_0.1+20180428git4d467626-3.dsc
 67f00a75dde202872978c7a7d9c770188943b1094f511abe198075d75e1b6dcd 8592 
gyp_0.1+20180428git4d467626-3.debian.tar.xz
 db818d9abb1c0ec3209a7b5945d605fd4e16ca3d66aa31ad422dbc67f7305ee7 6912 
gyp_0.1+20180428git4d467626-3_source.buildinfo
Files:
 aa27dee99ffe5285a7056d573c31f45c 2111 devel optional 
gyp_0.1+20180428git4d467626-3.dsc
 15b723ebf3d0b579a218be092b4f962f 8592 devel optional 
gyp_0.1+20180428git4d467626-3.debian.tar.xz
 a696e4c70d809fb5aecae4f3f16a0c74 6912 devel optional 
gyp_0.1+20180428git4d467626-3_source.buildinfo

-BEGIN PGP SIGNATURE-

iQJGBAEBCgAwFiEEA8Tnq7iA9SQwbkgVZhHAXt0583QFAlyFJhkSHGthcG91ZXJA
bWVsaXgub3JnAAoJEGYRwF7dOfN0PM0P/jMNsP8NuPTqDQcKouIAS1J04fPAJikD
uSeuu3E0u3/KYMj2eNz36I4at8CKT4H7l83zCietwYCdLn/h+8oiLo3fclMx1vEt
z7/1qeoUiM04hnToExTrRVqQgSd2hcAtxHpqbFdoS0mNdik+aPg85Vh/mqeyfINo
IE4sx21Ms09cufI28eSy/RTjXKEzuNOsAo2UeDuCds8pYOFo84KMqQzQNr/ZYSde
IJOQnNeDDxcoMYKHoYfR13tpGEJKZXHxoTSl7ZtEsTRdj+5xFuq8jbHxUg/MGXU6
Yrp1C8Di20u7KWGMw1AC4u0vTMKbkJzHR97H/kY3laR9UqOU9bdMBNG7asC2Czzz
PN1DbV29G6ZtYJg23NwUREGVg7NpT1Bt2CdyZBAsIh5HcFUEg4zXZU7gZeNQLd50
LsMl413T2ODr2h28ee8F98w84JCSZwuvYqbV12z1DEx2NVZ+8lU8eMapC0e+wVXb
q1QZQaLFUoLZznFEpRZHJsiRfrl7Xe3m5l+QWRuGQepIsWVXTZv+g5cU5XGPo36C
0LNfQHMmV5Mc//TGTx0R5XS61pr6N2QprH7GGA5ABdZtlOneiac1g6GZpTv9GjJE
8NhNQJ3UatT5hihIDBzESeEyvtSQkQI0t+AVn8U3rXa56K6eWsEcZ+z1yphPeUZD
fNrF+cUs4+44
=Lh6o
-END PGP SIGNATURE-

Accepted node-gyp 3.8.0-6 (source) into unstable

[Jérémy Lal]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Mon, 04 Mar 2019 00:51:30 +0100
Source: node-gyp
Architecture: source
Version: 3.8.0-6
Distribution: unstable
Urgency: medium
Maintainer: Debian Javascript Maintainers 

Changed-By: Jérémy Lal 
Changes:
 node-gyp (3.8.0-6) unstable; urgency=medium
 .
   * Upstream test suite depends on build-essential
Checksums-Sha1:
 b00e67fa1bd59d710ab34c8400f9bd0f419f4da7 2066 node-gyp_3.8.0-6.dsc
 0cf96d253d9df114ac5a98bf4f8489597ec89175 7468 node-gyp_3.8.0-6.debian.tar.xz
 f2e62fb1c36af8e05396cd21aaa65653fde42a27 5930 node-gyp_3.8.0-6_source.buildinfo
Checksums-Sha256:
 3147c063795273eed530e6b956e1e6b81d7969c027c3091c6ef5fdbccacb4209 2066 
node-gyp_3.8.0-6.dsc
 c67108b8f302103f38f28d442962a6290b080bebc5dd95fdef89814e9d7e6feb 7468 
node-gyp_3.8.0-6.debian.tar.xz
 c61c06c3a53d44e7a717829cf5d5e580d7754130a4316dc55d12c11d05d7db5f 5930 
node-gyp_3.8.0-6_source.buildinfo
Files:
 2434108e169b1cf8fc71c862d8826b4a 2066 javascript optional node-gyp_3.8.0-6.dsc
 98df131b1cf7861604a6835f36361690 7468 javascript optional 
node-gyp_3.8.0-6.debian.tar.xz
 81744a8bd1e37e7860a625d05bb5fb04 5930 javascript optional 
node-gyp_3.8.0-6_source.buildinfo

-BEGIN PGP SIGNATURE-

iQJGBAEBCgAwFiEEA8Tnq7iA9SQwbkgVZhHAXt0583QFAlx8aJcSHGthcG91ZXJA
bWVsaXgub3JnAAoJEGYRwF7dOfN0rG0QAKhTW5fAWRYiPnVXjWuQLO75y2sHHmR7
1DOAbBr+cv813j1PVevmHP/XLwppnWRIzF4Jx16oIfs52x0QHE7fFhHFZL5tL9qT
t1g5qxdwQEh+HFawquaHExVc/5JWRq1B43FufFZ7BhuL4adOGypLhwX05VZNu9hY
dAAKLuiF/W3ZEbmuXAuJcVkgJSaS/t229fQx7W4v0s7ruhV5mWsdZV4pke49bVPZ
gVrFYZBu+kDGgQRd6KDje36ovzN9OcddtQdYtMf0HsyXBPxrRWnr4uy2EZR1Q2xK
S89rv/b9bbW5f3V72cbvRIstitqIi8TepkZvA4nbb8L068mlZTjrXUtiEnUYw5JU
rMsaP7xZIQWRPqPjIP87U2/eHcqmLXUMJOsq1dM3YwTyPek7d7Mc5l0LV5+AvU+T
HQc7ilDWj3GiVDvlkmJN8qxTS22HLMiPGD6s0zVz0jatMY/34zu8SFoyznI3nzPr
NJuLrOPKsGpjWYaQakBOiexzbK3vAtvrSbsS28DoRhFevTl/6wAHbarD3oLHHdmK
X3X1Rw86vKzS58JeYE8lK/bkbiqNoZSgO0T1pdL7EZHI+bLL/NmXh2l9eYisBKZX
jJNavF0HS0UulsgE+ST0t3kBgTiGcqv86u9MI6Je1wq2Bek1WQoEgWiJRpUp8Tj6
3D/GA2RaRxk2
=Gazy
-END PGP SIGNATURE-

Accepted node-gyp 3.8.0-5 (source) into unstable

[Jérémy Lal]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sat, 02 Mar 2019 23:11:39 +0100
Source: node-gyp
Architecture: source
Version: 3.8.0-5
Distribution: unstable
Urgency: medium
Maintainer: Debian Javascript Maintainers 

Changed-By: Jérémy Lal 
Closes: 921625
Changes:
 node-gyp (3.8.0-5) unstable; urgency=medium
 .
   [ Mattia Rizzolo ]
   * Remove the Breaks:node-modern-syslog added in the previous
 upload: it was a workaround to avoid ci testing regression.
 .
   [ Jérémy Lal ]
   * Upstream support for node-tar 3 (Closes: #921625)
   * Drop node-fstream dependency, unneeded with tar3-compat.patch
   * Add upstream test suite to autopkgtests
Checksums-Sha1:
 8a213db43fb96671eb87c2e82186274c1861ef96 2049 node-gyp_3.8.0-5.dsc
 562fc7aebd4e26957e0fca2329e53ce6d5a0eae3 7448 node-gyp_3.8.0-5.debian.tar.xz
 99729388d6ba8e5eaffbd834c947d522ac9d5e18 5930 node-gyp_3.8.0-5_source.buildinfo
Checksums-Sha256:
 e94b7090d0b16beff3e02958a3bd474cb7c2d391651c99fe96a8282afe4e0eee 2049 
node-gyp_3.8.0-5.dsc
 a11e2c4dfda713b94cdf5af5663778c22cca88b8d4cd793123efc04797a5d696 7448 
node-gyp_3.8.0-5.debian.tar.xz
 1aab9ff50b737da7f463183658f147ed1d430ff1457711414d66318643183699 5930 
node-gyp_3.8.0-5_source.buildinfo
Files:
 5d02bae0e916835143a02f96018f5bc7 2049 javascript optional node-gyp_3.8.0-5.dsc
 db57f6c032e1625a896dec8d9900ea54 7448 javascript optional 
node-gyp_3.8.0-5.debian.tar.xz
 aa4c6e21867b90bbd2367ff2642ec535 5930 javascript optional 
node-gyp_3.8.0-5_source.buildinfo

-BEGIN PGP SIGNATURE-

iQJGBAEBCgAwFiEEA8Tnq7iA9SQwbkgVZhHAXt0583QFAlx7AHwSHGthcG91ZXJA
bWVsaXgub3JnAAoJEGYRwF7dOfN0gZwQAL4r4WI7H04ppJ44Gt5QaKywL0twkWNq
xfQ7/0Df4S+t32vVE7BMU65PFZdD1HFRZPWxTD5oFsFM/o2cr1EKHbyfsBxvObRy
jXJ/dF5ypLHk6vQqR8iO048lLp79mqUSUMqzGLKLpXYf9A7IT1ECR5rm5FLbdpYG
Tk1ib4Y5SLQUhNF3xQZHZLHYWCBvIJMz5cXJRIz22GLENwx81+XNoiyPDwSn+GAf
rCGPATUqaTBfD3IamQ71tH78LoTvnLiuaDc5JxlBmu5hyrpT0z0UIYX6seHyYjuW
7DW5Th5TlAJyN8hOszCEoYbBXJYeZmmCNKWT9jseJrqfukDFMN6by0oUy0P3d3Db
UTdUH96KezbeghGpjM3oRJXwjOdmgjDX9PJFB23mgO3s0wZKzkI7dt6JjNU/z6Q1
zhHl/eLJobMndU414bhTNiynGm78cjbuNOL/yZISgE0wAgcd7GMRM2RztNO8la2E
v50zIdfqfFqYRzQbyXTMYb2E5Zwi0FP45sJmj6BkgGKCjhoxv8iBNT2Kd9LRI9Kj
c/iNXoXLEhVT+4Aei1D3kQF5JKiFv2Ub6e7EDpN40P0j2FgdZEmiqr6TNnwRC7RW
vIfKWYRxKHGb6vrU3jbcX0nNQEZ3uyJgqbwyYxvPURqGB7sWIlXHjzK/KbmW/TRw
756JxrmxKXnM
=iW5O
-END PGP SIGNATURE-

Accepted nodejs 10.15.2~dfsg-1 (source) into unstable

[Jérémy Lal]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Thu, 28 Feb 2019 15:52:30 +0100
Source: nodejs
Architecture: source
Version: 10.15.2~dfsg-1
Distribution: unstable
Urgency: high
Maintainer: Debian Javascript Maintainers 

Changed-By: Jérémy Lal 
Changes:
 nodejs (10.15.2~dfsg-1) unstable; urgency=high
 .
   * New upstream version 10.15.2~dfsg
 Slowloris HTTP Denial of Service with keep-alive
 (CVE-2019-5737)
Checksums-Sha1:
 d0dc2534073120a1482c9a21d410f4226f16df9c 3036 nodejs_10.15.2~dfsg-1.dsc
 ace917c2545f452a9b2ccff27c99b3f9c883a0c4 15220500 
nodejs_10.15.2~dfsg.orig.tar.xz
 436f8ab3a64367ca256cbdd5c98b141fc26e4ca3 97352 
nodejs_10.15.2~dfsg-1.debian.tar.xz
 e409495047c8e55d3c2b4a8aab8dfea341db5979 7649 
nodejs_10.15.2~dfsg-1_source.buildinfo
Checksums-Sha256:
 23c09180116b1bb09e4bdd59eb5f0cf54b9d2433927159878652d2f625ab9e65 3036 
nodejs_10.15.2~dfsg-1.dsc
 effa1cd44e59d59b934f36e3340c330e83afeae11f4ef520da32bc974218595e 15220500 
nodejs_10.15.2~dfsg.orig.tar.xz
 b7dcca0cdcfbc6f354f32d6b1225a27e8af177121b37405cf409c0b702f20d0a 97352 
nodejs_10.15.2~dfsg-1.debian.tar.xz
 25e1ab1ea9482a9b9c6378b16549fd412393678e182954763a0993ee91bce8bc 7649 
nodejs_10.15.2~dfsg-1_source.buildinfo
Files:
 8883ace84de8400cf75c4a7861d350a4 3036 javascript optional 
nodejs_10.15.2~dfsg-1.dsc
 4edb1c2f3f4173b1057fc8989a19ccee 15220500 javascript optional 
nodejs_10.15.2~dfsg.orig.tar.xz
 f5ae47d92cd89310eb9c477d047e88ab 97352 javascript optional 
nodejs_10.15.2~dfsg-1.debian.tar.xz
 f7bb92a0ff1e34846c4ba886b50398b4 7649 javascript optional 
nodejs_10.15.2~dfsg-1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQJGBAEBCgAwFiEEA8Tnq7iA9SQwbkgVZhHAXt0583QFAlx4TD8SHGthcG91ZXJA
bWVsaXgub3JnAAoJEGYRwF7dOfN01nwQAKZ3cXtTzQPLd/cFCcYHb9sgJBH4zPSp
DByH+HNu3EiAiG6jq8PEdlYJFlK7Dul78H/5QvwP4r9fPCw6C2xR701d9LBqVM+8
pHLZda06cusaWcLY56h0Yy9Y961oN/bxjdO0nzj5rgtEziFCXDnJMP2dl8dJinnL
ARiLge0jfLqRwrfCe20yTEBS/TPjkL6mSPPzRwAS+699ImU/HFspHQPAl84nbUo+
2VaEcsNCfPUk7sYREk4Jtf7usdzqJFCvG3J8CbPXLvwlH7uIISzar32QH+9VA3v7
URCXhLg4B+tet1KEgOrlm9bVe5cmzCmO6fkhT1qOJI095dX8z2FDT56/r35hK713
V90ZK59+gxMKhWjMA5dasN9pX35v+SZONr1sHqFPjF/lRKX+HOwIouEnHKf+Bq8c
VgrZ6Ud/Mg7CY6uEjRGcx1aHhCvx2V0fprj0UmPnZ/xRV6REVfCtbVflrw3EV14f
pJMbZI+kUG77nWMgRxnyDecFCNg40t4s20R6ru/06431GehaWS/0ji6znLo08eif
wcjTGOuCl0kBBw/sd/htRJlAsoRT8fx64FwCn+UfG+qNHZB5aPVvjdzFm9iZuLH8
VzaM6//vYLVu+3LbrBeFRtQkkXxiaUMI+DefnofxW/qUlJPU4yiaWgvkAvHWWTqX
7KXNm41lfBCn
=Mrt2
-END PGP SIGNATURE-

freeze and security fixes

[Jérémy Lal]

Hi,

the documentations:
https://release.debian.org/buster/freeze_policy.html
https://www.debian.org/doc/manuals/developers-reference/ch05.html#bug-security

leave me unsettled about what to do during freeze w.r.t. security uploads
in testing.
(for a known and upstream-fixed CVE):
- should i just go ahead and upload to unstable ?
- should i set urgency=high ?
- should i send a debdiff and wait for ack from security team first ?

Jérémy

Re: libnode *might* need abi bump related to openssl 1.1.1 api break... or not...

[Jérémy Lal]

Le lun. 18 févr. 2019 à 21:16, Sebastian Andrzej Siewior
 a écrit :

> On 2019-02-18 11:08:30 [+0100], Jérémy Lal wrote:
> > hi !
> Hi,
>
> > It happens that that api breakage has been reverted and is merged in
> > openssl 1.1.1 stable branch:
> >
> https://github.com/openssl/openssl/commit/37857e9b5258da148e5d3699b6acdf8787417eb2
> >
> > If openssl releases this and the release goes to buster, then all is fine
> > in nodejs land.
>
> I would expect to upload 1.1.1b to unstable/testing/buster once it is
> released by upstream (I have no idea when this happens). The latest
> 1.1.0/1.0.2 was also uploaded to Stretch as part of a security upload.
>

That's February 26th for openssl 1.1.1b:
https://mta.openssl.org/pipermail/openssl-announce/2019-February/000145.html



>
> > However it's a special case that needs release team approval and
> > coordination,
> > between openssl and nodejs.
> >
> > Thanks for the feedback,
> > Jérémy
>
> Sebastian
>

libnode *might* need abi bump related to openssl 1.1.1 api break... or not...

[Jérémy Lal]

hi !

Nodejs c++ addons (modules) in buster are built using libnode-dev - a great
improvement
over previous "situation".
However upstream libnode embeds its dependencies, whereas almost all debian
libnode
dependencies are shared.
Modules authors expect a given node ABI to offer the same versions, or
versions
abi-compatible with, of these dependencies: uv, v8, openssl.
In the case of distributions, upstream acknowledged the fact distributors
were building
nodejs against shared libraries, thus the versions might now be the same,
breaking
their module ABI contract.
So upstream started working on a registry to keep track of ABI changes
mandated
by distributors conditions. It's a work-in-progress but it's due:
https://github.com/nodejs/node/blob/9adf1fbe/doc/node_module_versions.json#L6

In Debian case, the api-break comes from openssl 1.1.1 where upstream used
to
embed openssl 1.1.0:
[upstream view]
(https://github.com/nodejs/node/issues/18770#issuecomment-456918214)
[openssl discussion]
(
https://mta.openssl.org/pipermail/openssl-project/2019-January/thread.html#1204
)

It happens that that api breakage has been reverted and is merged in
openssl 1.1.1 stable branch:
https://github.com/openssl/openssl/commit/37857e9b5258da148e5d3699b6acdf8787417eb2

If openssl releases this and the release goes to buster, then all is fine
in nodejs land.

If it doesn't, debian should ship libnode65, not libnode64, to make sure
foreign node modules
will be able to know they're not installed on a compatible version of
libnode.
The change in itself is trivial (just changing the soname) and should end
up being
an automated transition.

However it's a special case that needs release team approval and
coordination,
between openssl and nodejs.

Thanks for the feedback,
Jérémy

Re: V8 depends from outdated and unmaintained libv8 with security issues

[Jérémy Lal]

Le lun. 11 févr. 2019 à 09:11, Dominique Dumont  a écrit :

> Hi
>
> On Friday, 8 February 2019 12:10:01 CET Jérémy Lal wrote:
> > > I suppose i need to ask a removal of libv8 from unstable (it's removed
> > > from testing) to
> > > be able to "take" libv8-dev. Or maybe declare a libv8-in-nodejs-dev
> > > package ?
> > > In any case i don't know if i should make a libv8-xx package (which
> would
> > > basically be
> > > symlinks to libnode).
> > > Any advice is welcome...
>
> I think the following should happen:
> * update libv8 from new upstream source. [1]
> * build nodejs for Debian using the updated libv8 packages as required by
> Debian policy [2]
>
> Rakudo packaging team faced a similar issue with moarvm [3] which includes
> a
> convenience copy of libtommath and libuv1. We had to:
> * take over and update libuv1, libtommath packages that were outdated
> * add a Files-Excluded: line in marvm's debian/copyright to remove the
> convenience copies of libuv and libtommath
> * use options provided by moarvm build tools to use system libraries
> instead
> of the convenience copy.
>

Hi Dominique,

that's what i tried to do in the first place.
However, the lack of v8 soname and abi stability across versions gave me so
much
additional work that i ended up not doing it at all, leading to v8 being
unmaintained.
The solution here is purely practical, it offers a way to get a maintained
v8 in debian,
for very low additional time cost, because nodejs 10 will be maintained up
until april 2021 [2]

[2]
https://github.com/nodejs/Release#release-schedule

Accepted nodejs 10.15.1~dfsg-5 (source) into unstable

[Jérémy Lal]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sat, 09 Feb 2019 11:55:56 +0100
Source: nodejs
Architecture: source
Version: 10.15.1~dfsg-5
Distribution: unstable
Urgency: medium
Maintainer: Debian Javascript Maintainers 

Changed-By: Jérémy Lal 
Changes:
 nodejs (10.15.1~dfsg-5) unstable; urgency=medium
 .
   * Install only headers
   * /usr/include/v8 should contain the headers directly
Checksums-Sha1:
 fb6fb4439e52e4786008fa8898696467eed6ba80 3036 nodejs_10.15.1~dfsg-5.dsc
 fa1faf5ee54c46173681439acd2c247ef401d250 97300 
nodejs_10.15.1~dfsg-5.debian.tar.xz
 e15801b343e7edc31ea6241327194f65baee33f4 7608 
nodejs_10.15.1~dfsg-5_source.buildinfo
Checksums-Sha256:
 035acdd1c3e9f4aecdebe374510276d84e10e9581fa03c7ea99b3d3b9ceb269a 3036 
nodejs_10.15.1~dfsg-5.dsc
 4417d30bd190ed5ec99f9356f5266de6ffe79bca5000cab5b2de5dc057010ef6 97300 
nodejs_10.15.1~dfsg-5.debian.tar.xz
 cbb5136f73c9a3ca83f75110275c0bf58d1e55388b6fd5e52b1d88010f58d9f8 7608 
nodejs_10.15.1~dfsg-5_source.buildinfo
Files:
 4acca75760873507f70b864665dbe15e 3036 javascript optional 
nodejs_10.15.1~dfsg-5.dsc
 c78f481710ef47765eac99401886c96d 97300 javascript optional 
nodejs_10.15.1~dfsg-5.debian.tar.xz
 d83de8e252c707076a2cd4a0cbd80143 7608 javascript optional 
nodejs_10.15.1~dfsg-5_source.buildinfo

-BEGIN PGP SIGNATURE-

iQJGBAEBCgAwFiEEA8Tnq7iA9SQwbkgVZhHAXt0583QFAlxesd4SHGthcG91ZXJA
bWVsaXgub3JnAAoJEGYRwF7dOfN0hqwP/jAK/9l7NjT6MdvCAoan1von+MDy45gW
qn2/Px3KAZF//CYQr98zwvZyef5uq/UYsrlmL8nP1GXUgeChacfvBItZ4vQE2th6
69xS6n/uHsNztwmpUeTLIHB0kOLJA37DDdax5m9eIIpGLjqyfCv6FSU1Y9zdF1YQ
pHtSZfeguKQGnqRDSnCf3hDV4ZA6epiI8TLvrX6ZcAjPHChb4yXQOlHWmfsQJm0g
kkIeeOboLoxKJN4p38XUP2vmPlAoV18mRMksQUSpk6R0PnlIkm7DAzD7VgeguWqT
/fdkTz6P63e1uBPRzgR8Clepy+Dza68JrYiwXP/tvbSSvKa2bBrToAC/Q7n0AqQj
Io3f2zLBq7SyNwOtwx0v4olAWMRjvRXTxBS5wNHgLDwvLQRqKooX2STAryUeKvnc
zVuj8QISsruQ/oisbBDnCDZjIlNMgkoIpDEvwiHDmZqCqyhoe8UImB4g8MO/SC0e
h9avCc0QJdxLkrUc+xeT1u1dgxtBeq96zDQqD0vEnKYWWgn7Hw7+i6wQVAcdiAyF
MkhFndnhmtzctfgPIMemN/JNhR+AcX8jM84gHAxfYEAkaOHzpCqi6k4xOmg1tafE
R5KQvjHSKnMuRaAs6vqLrryTeikT6oyiZ7pU3PsjkOgdHpDNTYi4SsDZFhRg2L8P
EDy1oGidfzV5
=9/Gr
-END PGP SIGNATURE-