Re: Bits from the Release Team: Cambridge sprint update

[Santiago Vila]

El 17/12/23 a las 22:40, Steven Robbins escribió:

On Saturday, December 16, 2023 12:23:46 P.M. CST Paul Gevers wrote:


Another topic we covered is the volume and purpose of our mail list
(debian-devel@lists.debian.org). We recognize that that list mostly just
mirrors BTS traffic. The BTS already archives all information, and there are
multiple ways anyone can subscribe to the Release Team bugs, so this
mirroring seems unnecessary. More importantly it inhibits the list from
being a more useful discussion channel that we like it to be. Hence, we'll
try to work with the BTS maintainers to direct the traffic away


Does that mean ceasing the "ITP" messages in debian-devel?
I'd certainly welcome that!


I think he really meant debian-release, as this was "Bits from
the Release Team" and he was talking about "Release Team bugs",
but yes, we have the same problem here in -devel, so IMHO splitting
this list would also make sense.

Thanks.

Re: mutt removed from testing while the bug was closed (fixed)

[Santiago Vila]

El 26/10/23 a las 2:11, Vincent Lefevre escribió:

This seems to be due to a bug in the BTS
[...]


Hello. This is a bug or a feature depending on how you look at it.

Reopening a bug is known to clear the version on which it was closed
(I think this normally makes sense and the cases where it does not are the
exception).

Therefore, with the knowledge that this happens, the proper way to reopen
a bug for stable (with the meaning that "there is still work to do")
would be to do this, all at once:

reopen NN
fixed NN version-where-it-was-fixed-in-unstable
thanks

(I do that from time to time, for FTBFS bugs which still happen in stable).

Thanks.

Re: add make-4.4.1 to experimental

[Santiago Vila]

El 18/3/23 a las 4:00, Ilari Jääskeläinen escribió:

There is a new upstream release available.


We already know. It's already reported (twice) in the BTS:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029106

If you absolutely need to use make 4.4.1, you can try this,
which is what I did:

- Download and uncompress the tarball from ftp.gnu.org.
- Build it with "./configure" and "make".
- Either "make install" as root or just put the make
executable in /usr/local/bin by hand.

Thanks.

Re: 32bit arch packages are built with wrong ownership due to fakeroot bug

[Santiago Vila]

El 10/2/23 a las 3:18, Johannes Schauer Marin Rodrigues escribió:

So the chgrp call in Makefile.am worked correctly and set the group owner to
"mail" but after dh_install moved mutt_dotlock from debian/tmp/ to debian/mutt/
using 'cp -a' (if I'm reading the code correctly) the group ownership
information is lost.


Ok, I agree. To clarify even more: My minor observation was not to
show how individual maintainers could fix this in their own packages
(as it's much better that this is done via NMUs in a centralized way)
but more something like "don't panic, the number of affected packages
could be smaller than we think".

Thanks a lot.

Re: 32bit arch packages are built with wrong ownership due to fakeroot bug

[Santiago Vila]

El 10/2/23 a las 3:18, Johannes Schauer Marin Rodrigues escribió:

I do not understand what makes you think that only packages using dh_fixperms
-X are affected? I think what makes the two packages that I found fail to have
correct permissions is that they both use dh_install which in turn uses 'cp -a'
which is broken under fakeroot on our 32bit architectures right now. I patched
mutt and added an 'ls -lha' in execute_before_dh_builddeb to show the problem:

$ ls -lha debian/tmp/usr/bin/mutt_dotlock debian/mutt/usr/bin/mutt_dotlock
-rwxr-sr-x 1 root root 9.6K Feb  9 22:06 debian/mutt/usr/bin/mutt_dotlock
-rwxr-sr-x 1 root mail  28K Feb  9 22:05 debian/tmp/usr/bin/mutt_dotlock

So the chgrp call in Makefile.am worked correctly and set the group owner to
"mail" but after dh_install moved mutt_dotlock from debian/tmp/ to debian/mutt/
using 'cp -a' (if I'm reading the code correctly) the group ownership
information is lost.


I mean: There are mainly two ways to ship files not root:root inside a package.

One way is to accept the special permissions/ownerships resulting from 
dh_install
and then avoid resetting them in dh_fixperms using -X or --exclude.
This is from mutt's debian/rules:

override_dh_fixperms:
dh_fixperms --exclude usr/bin/mutt_dotlock

The other way is not to care about the permissions from dh_install and set them
after dh_fixperms no matter what. This is from procmail's debian/rules:

override_dh_fixperms:
dh_fixperms
chgrp mail debian/procmail/usr/bin/procmail
chgrp mail debian/procmail/usr/bin/lockfile
chmod 6755 debian/procmail/usr/bin/procmail
chmod 2755 debian/procmail/usr/bin/lockfile

The minor observation is that packages which set permissions in the second
way which were uploaded after the first fakeroot bug was fixed seem
not to be affected:

dpkg -c procmail_3.24-1_i386.deb | grep -v root/root
-rwxr-sr-x root/mail 26292 2023-01-05 22:35 ./usr/bin/lockfile
-rwsr-sr-x root/mail112668 2023-01-05 22:35 ./usr/bin/procmail

Thanks.

Re: 32bit arch packages are built with wrong ownership due to fakeroot bug

[Santiago Vila]

El 9/2/23 a las 15:37, Johannes Schauer Marin Rodrigues escribió:

I wanted to bring fakeroot bugs #1023286 and #1030638 to the attention of a
wider audience because even though I filed these bugs,


Thanks for bringing this up!

Can you confirm if all this is correct?

- Only packages uploaded after 2022-08-07 (when glibc 2.34 hit unstable)
are potentially affected.

- Packages with "Rules-Requires-Root: no" are never affected.

- No intervention from individual maintainers is required for fixing this,
as we already have a binNMU mechanism which we already use for transitions.

- A minor observation: Only packages which use dh_fixperms with -X (or 
--exclude)
are apparently affected. Those which instead do chmod/chown after dh_fixperms
are apparently not affected, at least after the first fakeroot bug (2022-11)
was fixed.

Thanks.

Re: Consensus on closing old bugs

[Santiago Vila]

El 6/2/23 a las 11:26, Brian Thompson escribió:

I understand that the usual way to close out bug reports is having the
original author do it themselves.  What's the policy on closing bug reports
that haven't had activity in over 6 months?


Let the maintainers handle their bugs.
Old bugs should not be closed just because they are "old".

For example, I have an open bug which is 26 years old:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=5898

and I don't see any reason to close it.

Thanks.

Re: Please, minimize your build chroots

[Santiago Vila]

El 30/1/23 a las 14:05, Guillem Jover escribió:

Given the number of packages that currently declare a dependency on
tzdata (34~), the ones that seem to have the most potential to pull it
for others are language bindings such as python3-dateutil, python3-tz
ruby-tzinfo, etc, which handle timezone stuff anyway and would keep
pulling it. So I find this assertion hard to believe. And the following
points seem to be based on this fundamental assumption.


More to the point and fun fact: The dependency of ruby-tzinfo on tzdata was 
*missing*
in unstable:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026178

It was added after I reported that 21 different ruby packages failed to build
in a completely clean build environment. (Special thanks to Antonio Terceiro).

Thanks.

Re: Please, minimize your build chroots

[Santiago Vila]

El 30/1/23 a las 13:41, Santiago Vila escribió:

Note: I've downgraded the bugs in dispute to important,
so they are not RC anymore, per request of Sebastian Ramacher.


I mean: Sebastian started to downgrade them, and I've downgraded
the remaining open bugs which were not downgraded by him,
to complete the operation.

Thanks.

Re: Please, minimize your build chroots

[Santiago Vila]

El 27/1/23 a las 22:37, Adrian Bunk escribió:

Speaking as someone who is doing a lot of QA work, [...]


Note: I've downgraded the bugs in dispute to important,
so they are not RC anymore, per request of Sebastian Ramacher.

I just wanted to point out that the "it's more work for me"
argument goes both ways.

You are working on RC bugs, and that's great (I remember for example
a FTBFS bug in gettext for which you found a fix. It really helped).

I'm working on FTBFS bugs in general, including "FTBFS randomly" bugs,
which are (in general) considered important only.

So, for every FTBFS bug which is not fixed before the release because it's not 
RC,
there is double the work for me if I want to keep stable free of FTBFS bugs
in general, because the bug has to be fixed in unstable and then backported
to stable. Note that I'm talking in general, not about tzdata-related bugs.

I know that you sometimes work on backporting fixes from FTBFS bugs to stable,
so I believe you know well what I'm talking about. Note also that I'm not trying
to use this as an argument to have "more RC bugs", I just wanted you to look
at the other side.

Thanks.

Re: Please, minimize your build chroots

[Santiago Vila]

El 29/1/23 a las 9:56, Sebastian Ramacher escribió:

On 2023-01-28 15:55:05 -0800, Russ Allbery wrote:

Historically, we have not treated FTBFS bugs as falling into the category
of mass bug filing or requiring this pre-discussion.  Various folks have
been mass-filing FTBFS bugs near the release freeze for many years now and
they generally don't get a debian-devel discussion first.


I don't think that those are comparable. Rebuilds with modified base
chroots have been discussed here before filing bugs. [1] is one of the
oldest examples I was able to find.

Cheers

[1] https://lists.debian.org/debian-devel/2008/01/msg00869.html


There is a big difference between such experiment and what I do.

Policy 4.2 starts by saying this:

Source packages should specify which binary packages they require to be 
installed
or not to be installed in order to build correctly.

(I think it is because the "or not" part that Adrian thinks I'm trying to
open a can of worms. But that's not the case). Policy follows:

If build-time dependencies are specified, it must be possible to build the 
package and produce working binaries on a system with only essential and 
build-essential packages installed [...]

This is when we have a "must", in a clean chroot environment. So, there is a 
"must" to build
in a completely clean environment, but there is not a "must" to build in a 
dirty environment.

Therefore, I don't think it's fair at all to put both kind of environments in 
the same
bag by calling them both "modified build environments".

Thanks.

Re: Please, minimize your build chroots

[Santiago Vila]

El 28/1/23 a las 14:41, Ansgar escribió:

Johannes Schauer Marin Rodrigues writes:

I think the much more interesting question is in what environment we want to
build our packages in. Currently, on buildds, we build them in a chroot that
has Priority:required and build-essential because of (what I think is) a bug in
debootstrap: #837060


I would rather say: The build-essential packages are those installed by
debootstrap's buildd profile. At least that seems to be current practice
for a long time.


What you call current practice is only current debootstrap behaviour.

There are already packages in bullseye having build-depends
on tzdata, and afaik it was not me who reported them to have such
build-dependency. If current practice was really not to consider
tzdata as build-essential, as you say, somebody would have reported
those build-dependencies as a bug, because we don't use build-depends
when the package is build-essential.

I would say, therefore, that current practice all this time has really
been to report those bugs and fix them, i.e. current practice is
that tzdata is not build-essential, despite debootstrap behaviour.

Thanks.

Re: Please, minimize your build chroots

[Santiago Vila]

El 28/1/23 a las 22:18, Adrian Bunk escribió:

On Sat, Jan 28, 2023 at 09:45:14PM +0100, Santiago Vila wrote:

...
The other one: There are a bunch of packages whose unit tests rely on tzdata. 
The tzdata
package changes often during the lifetime of stable, and as a result, some 
package might
stop building from source. If we wanted to know in advance which packages might 
break after
a tzdata update, we could use the available information in the build-depends 
fields.
...


No, that won't work.

In your builds, how many percent of the packages that did have tzdata
installed during the build did not have a direct build dependency?

Looking at the dependency trees, I'd assume the vast majority of
packages where tzdata was installed during the build do not have
a direct build dependency.


I think I see your point, but my idea was not to collect packages
with tzdata in build-depends only, but those whose build-depends
make tzdata to be installed (i.e. including transitive dependencies).

I don't know if there is already a tool for that, nor how much difficult
it would be to have such a tool.

Thanks.

Re: Please, minimize your build chroots

[Santiago Vila]

El 28/1/23 a las 20:44, Sebastian Ramacher escribió:

On 2023-01-28 15:03:04 +0200, Adrian Bunk wrote:

On Sat, Jan 28, 2023 at 12:24:47PM +0100, Santiago Vila wrote:

...
* Those bugs are RC by definition and have been for a long time.
...


Please provide a pointer where a release team member has said so
explicitly in recent years.

In my experience they are usually saying that FTBFS that do not happen
on the buildds of release architectures are usually not RC.


Indeed. We require that packages are buildable on the buildds. If they
don't and they built before, they are RC buggy. For all other FTBFS
bugs, please use severity important at most.


So: What am I supposed to do when some maintainer rejects that this is a bug
at all and closes the bug? (See #1027364 for an example).

I believe Adam Borowski just does not understand the current build essential
definition. Could somebody please explain it to him? I tried and failed.

Also: What I am supposed to do when some maintainer marks the bugs as 
"unreproducible"?
I think that's completely missing the point on what's the meaning of 
unreproducible.

Thanks.

Re: Please, minimize your build chroots

[Santiago Vila]

El 28/1/23 a las 20:35, Adrian Bunk escribió:

I have so far not seen any technical arguments why removing tzdata from
the build essential set would be better for Debian than keeping it there.
Removing tzdata reduces the size of a chroot that has the build
dependencies for the hello package installed by ~ 0.5%, this size
decrease does not strike me as a sufficient reason for reducing the
build essential set.


I believe tzdata not being build-essential is useful for two reasons:

One of them: I've actually found *two* cases where the build failure
(when not having tzdata in the chroot) was due to a missing *binary* dependency
(of one of the build-depends).

The missing binary bug may not be very relevant, but it was discovered thanks
to using a minimal build environment (and reporting build failures), as a side 
effect.

The other one: There are a bunch of packages whose unit tests rely on tzdata. 
The tzdata
package changes often during the lifetime of stable, and as a result, some 
package might
stop building from source. If we wanted to know in advance which packages might 
break after
a tzdata update, we could use the available information in the build-depends 
fields.

Of course, not that I personally have plenty of time for that, but in a general 
sense, having
the information of which packages use tzdata for building is better than not 
having such information
anywhere.

As you requested, I think the above two are technical reasons, not
merely "because policy says so".

Thanks.

Re: Please, minimize your build chroots

[Santiago Vila]

El 28/1/23 a las 13:59, Adrian Bunk escribió:

Policy 4.2 also says
   Source packages should specify which binary packages they require to
   be installed or not to be installed in order to build correctly.

We are not following the "not to be installed" part,
which is the can of worms you would be opening.


No, I'm not proposing any kind of mass proliferation of build-conflicts,
and have never proposed anything of the sort.

The strawman arguments should stop. Now.

Thanks.

Re: Please, minimize your build chroots

[Santiago Vila]

El 28/1/23 a las 12:50, Andreas Henriksson escribió:

Policy is not a religion. Policy has many bugs. Policy is very outdated.


buildd is not a religion. buildd has bugs, etc.


Claiming there's no point to free software when the problem is simply
that you are using an *unsupported* setup?!?!


Unsupported by whom? What is supported or unsupported is explained in policy.
Policy says it must work. Therefore it should be supported (by fixing the bugs).


All debootstrap variants
include Priority: required packages. As you can see they do so for a
reason!


Yes, because debootstrap has a bug. So no, there is not a reason other
than debootstrap insistence that this should be fixed by downgrading
severities.


The --exclude option of debootstrap works equally well even on
Essential: yes packages.


That's a straw man. I'm not proposing anything of the sort. Policy says
packages must build when essential and build-essential packages
are installed (plus build-dependencies).


If you think people should be able to build on top of their regular
install with various packages installed and various configurations it


Another straw man. I'm not proposing anything of the sort.


If you think every packages should list just about all of the archive in
Build-Conflicts just to not pick up unwanted extra autodetected
dependencies that make the package FTBFS then I think it would be


Straw man. I'm not proposing anything like that.

Please stop.

You and others are essentially saying I should not follow policy
and release policy (when it's absolutely trivial to do so) but instead
some sloppy rule which is against policy and release policy.

That kind of coercion to NOT follow policy must stop. Seriously.

Thanks.

Re: Please, minimize your build chroots

[Santiago Vila]

El 28/1/23 a las 10:11, Vincent Bernat escribió:

On 2023-01-28 00:20, Santiago Vila wrote:

Release Policy exists as a canonical list of what should be RC and > what not, 
and it's intended to avoid stupid discussions like this one.


Extending build-essential is easier than asking many people to do pointless 
work to satisfy a set of non-existing users. It is not like we had several 
reports of people complaining they can't build a package because they are in an 
environment without tzdata. It is not OK to create problems to force many 
volunteers to do extra work.


Of course, declaring something as not a bug is easier than fixing the bug.

But there are several points to consider:

* The "extra work" is adding a single line to debian/control.
* This is not the right time for a policy change.
* I already filed all the bugs I found after building the whole of bookworm 
from source. I do not expect
there are a lot of unreported bugs right now of that type.
* Most of the bugs I reported about this are already fixed.
* Those bugs are a drop in the ocean of all FTBFS bugs which happened during 
this release cycle.
* Those bugs are RC by definition and have been for a long time.

Therefore, this discussion is absolutely pointless.

So please stop harassing me about this issue.

Thanks.

Re: Please, minimize your build chroots

[Santiago Vila]

El 27/1/23 a las 22:37, Adrian Bunk escribió:

On Fri, Dec 16, 2022 at 02:15:13AM +0100, Santiago Vila wrote:

Greetings.

I'm doing archive-wide rebuilds again.

I've just filed 21 bugs with subject "Missing build-depends on tzdata"
in bookworm (as tzdata is not build-essential).

This is of course not fun for the maintainers, but it's also not fun
for people doing QA, because those bugs could be caught earlier in the
chain, but they are not. This is extra work for everybody.


Speaking as someone who is doing a lot of QA work, for *build*
environments I would rather expand build-essential instead of doing
extra QA work that consists of manually adding build dependencies for
packages that are in practice anyway installed in all build
environments.


This is not the right time to change policy.


There are important real-world usecases where reducing the essential set
brings benefits, but for *build* essential there are not really benefits
that are worth the extra work.


That's your opinion, and I believe you are wrong. I explained the benefits
in the aborted debian-policy proposal to clarify build-essential.


I am right now looking at #1027382, and the first question is how I can
make apt remove e2fsprogs so that I can reproduce the problem - it feels
like a real waste of my QA work to "fix" something that is incredibly
hard to break.


You don't have to fix #1027382. The maintainer has.

Also, you don't have to use apt. You can use dpkg --purge inside the chroot.
Easy enough. Or you can fix the infamous debootstrap bug which is the
root of all this.


It has been practice for many years that FTBFS that do not happen on the
buildds are usually not release critical bugs, and I would appreciate if
this is followed by everyone.


Well, that's also wrong, because having the build-dependencies correct has been
in the list of RC bugs for many years as well. See below.

I would appreciate if we all followed Policy 4.2, which says packages MUST build
when the build-dependencies are installed.

In general, disputing the severity because it does not happen in the buildds
misses completely the point of what should be the goal, namely, a distribution
which may be rebuilt by everybody following documented procedures, not
a distribution which may only be rebuilt in our buildds.

The end user MUST be able to rebuild the packages. Otherwise our
free software licenses are meaningless in practice.


It is not helpful if people try to force the few people who are doing
QA work to spend their scarce QA time on fixing bugs that only happen
when building on single-core machines or in non-UTF-8 locales or without
packages that are in practice installed everywhere, by making such
issues that are not a problem on our buildds release critical bugs.


That's the wrong approach. If the end user wants to make a modification,
they can't use our buildd network.


It also opens a gigantic can of worms, since there is the even bigger
opposite problem that many packages FTBFS or are built differently
when built in an environment that differs from our buildd setup.
Adding Build-Conflicts for all such cases is not feasible in practice.


This is a straw-man. I'm not opening any can of worms.


If people want to support building without tzdata [...]> but none of these are 
critical for our releases since
none of these impact how packages are built for bookworm on our buildds.


There is a list of RC issues. It's called Release Policy, and it says this:

Packages must list any packages they require to build beyond those
that are "build-essential" in the appropriate Build-Depends: fields.
Ref: 4.2

Source: https://release.debian.org/testing/rc_policy.txt

Release Policy exists as a canonical list of what should be RC and
what not, and it's intended to avoid stupid discussions like this one.

So, according to Release Policy, your claim that a missing build-depends
is not release critical is false by definition.

Please do not spread misinformation about what is RC and what is not
when we already have a canonical list for RC issues.

Thanks.

Re: Help trying to debug an sbuild failure?

[Santiago Vila]

El 26/12/22 a las 20:29, Theodore Ts'o escribió:

I: The directory does not exist inside the chroot.


This is really a problem with schroot. I guess that this will not work either:

schroot -c the-chroot-name

This usually works when you are in your $HOME because this file:

/etc/schroot/default/fstab

has a line like this:

/home   /home   nonerw,bind 0   0

which makes a bind mount and makes /home to "exist" inside the chroot.

So the solution is to either try sbuild from a directory which is
bind-mounted like that, like $HOME, or add a new entry to fstab
with the directory you need.

Hope this helps.

Re: Please, minimize your build chroots

[Santiago Vila]

El 16/12/22 a las 18:55, Andreas Metzler escribió:

I am wondering if there is point to this or whether policy should be
changed? Is there some value in investing work in having packages
buildable without Prioriry required packages?


I'd like to apologize to Andreas for my previous answer, as I believe
there has been a misunderstanding.

There are actually two meanings for "required package". One of them
is "packages having the 'required' value in the priority field of the
control file". The other meaning is the one you quote in policy, i.e.
packages which may make your system become broken when you remove them.

I propose that we remove certain packages from chroots, packages which
currently have the priority required in the control field, because they
are not needed for building.

Whether that requires to modify the definition of required in policy,
I don't know.

I think we definitely need to decouple "the set of required packages" with
"the set of packages needed for building", because they are different
and none of them is a proper subset of the other. For example,
we already don't install a kernel or an init system in a chroot used for
building.

Thanks.

Re: Please, minimize your build chroots

[Santiago Vila]

El 16/12/22 a las 18:55, Andreas Metzler escribió:

I am wondering if there is point to this or whether policy should be
changed? Is there some value in investing work in having packages
buildable without Prioriry required packages?


Please do not misrepresent what I said.

I never proposed such thing ("without priority required packages").

I propose that we follow Policy as closely as we reasonably can,
and Policy says this:

If build-time dependencies are specified, it must be possible to build
the package and produce working binaries on a  system with only essential
and build-essential packages installed and also those required to satisfy
the build-time relationships (including any implied relationships).

This is the policy we should follow to build packages, not the paragraph
you quoted about what disaster may happen if you deinstall a required package
in a general sense.

Certainly uninstalling tzdata does not prevent you from installing it again
using dpkg and apt.

Maybe the paragraph you quoted have to be reworded, yes, but that was not
the purpose of my initial email.

Thanks.

Re: Please, minimize your build chroots

[Santiago Vila]

El 16/12/22 a las 4:39, Johannes Schauer Marin Rodrigues escribió:

I think truly fixing this problem is a bit more tricky because most build tools
like the sbuild schroot backend require apt being installed in the chroot. As
of today, the sbuild schroot backend is unable to function with a chroot that
doesn't contain apt. I don't think it's conceptually possible to fix the
schroot backend to work with chroots without apt because schroot (for good
reason) doesn't give you root anywhere but inside the chroot.


You are right. My email should not be interpreted as "let's fix
this once and forever" but more than "let's see how much of this
we can fix easily, and how much of it would need more work".

In my experience, both "tzdata" and "mount" may be removed without trouble.

Then there is "e2fsprogs", which apt seems to treat as if it were
an essential package:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=826587

This sort-of breaks sbuild when using an ordinary chroot (not overlayfs),
because after building a package needing e2fsprogs, it may not be removed
and it's kept in the chroot.

I think apt authors did not think that apt is used by sbuild to
build packages. Here we would need some interface like SUDO_FORCE_REMOVE=yes,
or maybe just stop doing anything at all with the Important:yes flag.

Thanks.

Please, minimize your build chroots

[Santiago Vila]

Greetings.

I'm doing archive-wide rebuilds again.

I've just filed 21 bugs with subject "Missing build-depends on tzdata"
in bookworm (as tzdata is not build-essential).


This is of course not fun for the maintainers, but it's also not fun
for people doing QA, because those bugs could be caught earlier in the
chain, but they are not. This is extra work for everybody.

(Similar bugs are even sliding into stable releases, I plan to report
a few of them against bullseye after 11.6 this Saturday, as bullseye
is the currently supported stable release).

Because people accept the default by debootrap "as is", chroots used
to build packages include packages which are neither essential nor
build-essential, like tzdata, mount or e2fsprogs.

I can think of two solutions for this:

A) Either debootstrap, when using buildd profile, installs only
essential and build-essential packages.

or

B) debootstrap keeps installing all required packages in the buildd profile,
no matter if they are really build-essential or not, but those who
are not build-essential should have their priority downgraded to "important"
by ftpmaster.

This problem was already reported here:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=837060

and apparently we have not decided yet if we are going to do A or B,
or maybe some other thing. I don't really care how it's fixed, but I
believe it's about time that we sync practice with policy, because
currently we are doing this in a quite suboptimal way.


In the meantime: If you want to help QA and have any kind of chroot used
for any kind of QA (say, ci.debian.org or reproducible-builds, or even
your personal chroots), please try to minimize the packages there,
do not merely accept debootstrap default behaviour.


Thanks.

Accepted gettext 0.19.8.1-10 (source) into unstable

[Santiago Vila]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Wed, 20 Nov 2019 23:07:20 +0100
Source: gettext
Architecture: source
Version: 0.19.8.1-10
Distribution: unstable
Urgency: medium
Maintainer: Santiago Vila 
Changed-By: Santiago Vila 
Changes:
 gettext (0.19.8.1-10) unstable; urgency=medium
 .
   * Make short descriptions more consistent.
   * Use https for both Homepage and upstream URL in copyright file.
   * Really drop libgettextlib.so and libgettextsrc.so (this was already
 the intent but it was not working after the move to multiarch).
   * Use wildcards in lintian overrides (also multiarch).
   * Specify licenses for libasprintf (LGPL2.1+) and libgettextpo (GPL3+)
 in the copyright file.
Checksums-Sha1:
 5ad3c3e01a6520761dc0118c29fffd72bfb22021 2016 gettext_0.19.8.1-10.dsc
 109aae80ca5440ba766b39cf708685f340d40e04 32988 
gettext_0.19.8.1-10.debian.tar.xz
 40ec153e06024d701d2063fafa5c9ab851771cf4 8616 
gettext_0.19.8.1-10_source.buildinfo
Checksums-Sha256:
 487e52a70c2489b3222e193505a9967d60b0ca1da7fa25fafcea7d6feb29420c 2016 
gettext_0.19.8.1-10.dsc
 d7bdc2e06400725b5f00eece3996efdf2a6f2ef137c9135e02db4190ae33977e 32988 
gettext_0.19.8.1-10.debian.tar.xz
 0427235a2f41a6818f694c767976c20a5aceb2ffc9c166f615900f28870b544e 8616 
gettext_0.19.8.1-10_source.buildinfo
Files:
 090a6cddc06e261f5eb22c18fbfe0d6e 2016 devel optional gettext_0.19.8.1-10.dsc
 0f6450cc49236dfe4a7032375d01dab5 32988 devel optional 
gettext_0.19.8.1-10.debian.tar.xz
 ce01ab1d0c3429ec57eb94823fa62e0d 8616 devel optional 
gettext_0.19.8.1-10_source.buildinfo

-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEE1Uw7+v+wQt44LaXXQc5/C58bizIFAl3VvJUACgkQQc5/C58b
izIXxgf9Fr4V5M3VkwN40YwJp2YpMxBHiz6hpGdiPLZqiYvQFhLy8Rxzzxsh5SyN
o9yjEyrBL1fetiMz5i91u3gca9tsIxSUkaJ2jrX9CirExPyD9+qZbuUJHyMirBAY
AwiyWIP03mZUxBK2GF5gmW0MV5SLTVbMl+C/MVd7Y8xLbqR7RbmB9T/H+EyaewP0
o7oIvmhpga+XhjA8jyK8tRB3gHzlnHgYfLospTyCr4oxIPtk8HKvYtrz2ukW5EuJ
fOj0dmexJ78sl3mdv3aqG6nvs2th3e1pTadsa/RJ2+cTj5P0+cIHyol687nEawhB
YUJ8fOAMqYyNC8Zwv3fb/JIR9gnMkQ==
=FiC0
-END PGP SIGNATURE-

Accepted m4 1.4.18-4 (source) into unstable

[Santiago Vila]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sun, 03 Nov 2019 13:35:14 +0100
Source: m4
Architecture: source
Version: 1.4.18-4
Distribution: unstable
Urgency: medium
Maintainer: Santiago Vila 
Changed-By: Santiago Vila 
Changes:
 m4 (1.4.18-4) unstable; urgency=medium
 .
   * Move texinfo from Build-Depends-Indep to Build-Depends.
Checksums-Sha1:
 5030c5f5ec25e44a3b27f6efaac2a507d5c613e7 1638 m4_1.4.18-4.dsc
 dcaaf95cd35d674a33342ebff8060e18c4091a5b 17240 m4_1.4.18-4.debian.tar.xz
 0975ac0433dd3939bab9b7ce42b76024774b 5101 m4_1.4.18-4_source.buildinfo
Checksums-Sha256:
 11925f50e25f93d6b9a72336e7b9fd0de72a813d5d5f3204ecc3996f9ca3bbde 1638 
m4_1.4.18-4.dsc
 6543f074d5a3eed4ee7984f8a147c58e005c88254dfcf5bc3778c60b9ed07efd 17240 
m4_1.4.18-4.debian.tar.xz
 522405529c1cca592c8063cd150b979e051ca8e1f8c47d789f270e601e2bd898 5101 
m4_1.4.18-4_source.buildinfo
Files:
 0471832d405aeccb8c0a986946029e0f 1638 interpreters optional m4_1.4.18-4.dsc
 d77b08ccc28f9c5148ab7aee3562c5f7 17240 interpreters optional 
m4_1.4.18-4.debian.tar.xz
 17d12cae0547a6c490417d2a43dd8c3b 5101 interpreters optional 
m4_1.4.18-4_source.buildinfo

-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEE1Uw7+v+wQt44LaXXQc5/C58bizIFAl2+yikACgkQQc5/C58b
izJpEwf9G/LkIBW5ya/bx1UJy1wNLWqREBEaN9LrfmkyQaYY55aFO3qlU5PB/A2g
UTcAU4J4vRXEHLFLmtgP1ZIAZbx8WLxflrZw5PXqv+i1bzGRqIOKL1jWRdKb+0iG
+jMqCWlJfTlF+fXQ6edk+bepwMUvlVBipwpiFttjurWPbr40Pbz1dyo8kI36FIGB
G0+EHpRG+wXrW/vWiC6wTEvr7RVQ92z4r9GvuDup/bqx8teL1XKARAr58k+QS0cr
YfGcm0RKEPy3OObWHZLshKU6CXythj3bT3mar2ck12xfQ7vgJQ82tunqdTYQ6+cy
1okB4bt88qXopN5i9PPkI2GvYWJSUA==
=u1cG
-END PGP SIGNATURE-

Accepted recode 3.6-24 (source) into unstable

[Santiago Vila]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sun, 03 Nov 2019 12:34:42 +0100
Source: recode
Architecture: source
Version: 3.6-24
Distribution: unstable
Urgency: medium
Maintainer: Santiago Vila 
Changed-By: Santiago Vila 
Changes:
 recode (3.6-24) unstable; urgency=medium
 .
   * Add documentencoding to texi file to fix a FTBFS problem.
Checksums-Sha1:
 a4cade6d4568e976afcbc12bcdbdeaaa720c04d2 1482 recode_3.6-24.dsc
 e6b99927d80d0b7f42875f5195d102db9d079d55 192908 recode_3.6-24.debian.tar.xz
 45a1c61a7b93bd5a8545bf7a4e53cd8090ed61d5 5114 recode_3.6-24_source.buildinfo
Checksums-Sha256:
 5f57f6939ec43a7a9cb5f60beea0bdafa5ffd74ba67e90a5f3012bbc1d466a52 1482 
recode_3.6-24.dsc
 ce0df1d37fdfbf2cfe7920da8d0dc41f02171bcd93e6a70fe00c0f6d457a03fd 192908 
recode_3.6-24.debian.tar.xz
 e0c769b9979ba3daf1a87cdb53dc5336442d854b087d58a4432226c9c2c95855 5114 
recode_3.6-24_source.buildinfo
Files:
 4523cabf8d53e28897ad90cb0f542783 1482 text optional recode_3.6-24.dsc
 0d300948d0f66eae4cc7996a2d9e67b7 192908 text optional 
recode_3.6-24.debian.tar.xz
 3361d15ff7b2fd2911da7d131b05d6a0 5114 text optional 
recode_3.6-24_source.buildinfo

-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEE1Uw7+v+wQt44LaXXQc5/C58bizIFAl2+u7sACgkQQc5/C58b
izKWSAf/SQzgeeOm2Sjruy2A+ALevNr9z9jKs4lXt+ZmEncN9C9eBaY/0oXJ1fn5
waEo072QoD/vO6HSbztLzZYHHoryPP0XFTtAbPIZAQxNOOXFAq5RfnpqXe09jmxj
tIg1vK+QMtxwPec0IW63DTFjOPAf25OcgOgrJQNf0L8z/EMGRk+TkWAj+EdHdWvf
LoHrAoDB/703z9YEjDikVg0Dy1bzaNM1uWSFidy7FQacKn2FRgWfXrmN993N3FHM
iO8dSA3sh9AmqtE0KP+pR5v601k94jdIWK5BQMlAhLMFD6H0fNSPiEJM42P0sDEB
IsDYCOJZJWzMuLV2K0/ZxJRLUI+D+w==
=l3tS
-END PGP SIGNATURE-

Accepted m4 1.4.18-3 (source) into unstable

[Santiago Vila]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sun, 03 Nov 2019 12:33:42 +0100
Source: m4
Architecture: source
Version: 1.4.18-3
Distribution: unstable
Urgency: medium
Maintainer: Santiago Vila 
Changed-By: Santiago Vila 
Changes:
 m4 (1.4.18-3) unstable; urgency=medium
 .
   * Add documentencoding to texi file to fix a FTBFS problem.
   * Add signature for the upstream tarball.
Checksums-Sha1:
 e148c4b9283ababd61c725b80b8d6a501666e552 1658 m4_1.4.18-3.dsc
 228604686ca23f42e48b98930babeb5d217f1899 1207688 m4_1.4.18.orig.tar.xz
 cc43a1c5110f92616b452213823bfa9af08c11ca 521 m4_1.4.18.orig.tar.xz.asc
 3620f041bf6535cc23c0768dfdfa8efb153edcf0 17224 m4_1.4.18-3.debian.tar.xz
 dfe3391d0a9bbebce7e8f3a99d69fe9742be23a0 4840 m4_1.4.18-3_source.buildinfo
Checksums-Sha256:
 f3c7b657f323f62acaf4f678fc5496915881227ede5e7b0462d7631335e93386 1658 
m4_1.4.18-3.dsc
 f2c1e86ca0a404ff281631bdc8377638992744b175afb806e25871a24a934e07 1207688 
m4_1.4.18.orig.tar.xz
 a2a9fff657e65ff25a8f3734f484dbd3ede8f8290786af71626de367dcd74267 521 
m4_1.4.18.orig.tar.xz.asc
 9c139abcb7367c7936e328170c4b04ef5daeb3308dfe2784fa550053bb4a73d5 17224 
m4_1.4.18-3.debian.tar.xz
 f9f75fb51814f7fca6b3c4dece0545f34a69b61e4ff664948322f245b115 4840 
m4_1.4.18-3_source.buildinfo
Files:
 1059084c7473335e6b80f002e876cc7a 1658 interpreters optional m4_1.4.18-3.dsc
 730bb15d96fffe47e148d1e09235af82 1207688 interpreters optional 
m4_1.4.18.orig.tar.xz
 f76adf70081ae99d5d7cf57a64dda469 521 interpreters optional 
m4_1.4.18.orig.tar.xz.asc
 ad8f9ef557668ee6672bdcc8e823 17224 interpreters optional 
m4_1.4.18-3.debian.tar.xz
 1c2f9d50dc2a849ec4253752b2a467e6 4840 interpreters optional 
m4_1.4.18-3_source.buildinfo

-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEE1Uw7+v+wQt44LaXXQc5/C58bizIFAl2+vDIACgkQQc5/C58b
izIcHwf+Lj4xtID4Y3n7n1E8hV52YMxEm8tkBMBHntIB5lZ3Yj2lVmQDANEBqJwV
9EsVrMk83+icvC3imWEa7L3iZMKQZdKFMY1EeuVA4x/wN7ONDgAjoED4INZSeFDU
xtxDc5NGbrncIjb5087AKYcR4OFLn4OGZ1O5J4pNdJoQNPo7YqdTOxt5IAx3TVM6
088e7qUGtvAh6JPFXibT5Ztook0zhQRk1+QBaXpY8bkLizOFPP01DaZ7Lhn4VbFu
P7EIu+rTuOt1HZQ60VLK8z42GBv9ExR3AEFSBeuNY3IJ5rSLFILu8qctHcQy4qWR
iMeUXZQ7uQk12mIpkDMPeWWSef4voA==
=JlAy
-END PGP SIGNATURE-

Accepted dialog 1.3-20190808-1 (source) into unstable

[Santiago Vila]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Tue, 27 Aug 2019 18:32:54 +0200
Source: dialog
Architecture: source
Version: 1.3-20190808-1
Distribution: unstable
Urgency: low
Maintainer: Santiago Vila 
Changed-By: Santiago Vila 
Closes: 930775
Changes:
 dialog (1.3-20190808-1) unstable; urgency=low
 .
   * New upstream release.
   * Fixed in upstream version 1.3-20190724:
   - Reduce the chance that dialog exits on a SIGWINCH. Closes: #930775.
Checksums-Sha1:
 874a8c7c8221b14d57636a5fce2e6848d99515e8 1688 dialog_1.3-20190808-1.dsc
 2c1e8564570b463770dd83474a77300622f1e640 537376 dialog_1.3-20190808.orig.tar.gz
 39da9747350f7f7a4b8a11f214d7cd22c1571310 265 
dialog_1.3-20190808.orig.tar.gz.asc
 e6257c3fd3e5c4c139bfecb87b081de42725b42d 11816 
dialog_1.3-20190808-1.debian.tar.xz
 5caf2529de16ad5e748377c33c5b72d852582aaa 4068 
dialog_1.3-20190808-1_source.buildinfo
Checksums-Sha256:
 a0234ffc68c53a574f484602eb47b01433ede2cdcfa6182c7fdb98ee25abd920 1688 
dialog_1.3-20190808-1.dsc
 886e12f2cf3df36cde65f32f6ae52bc598eb2599a611b1d8ce5dfdea599e47e2 537376 
dialog_1.3-20190808.orig.tar.gz
 09012228d90990cc17608b175ecc9a5ff94ea4edf94287beb09a1a913ce7eecb 265 
dialog_1.3-20190808.orig.tar.gz.asc
 d08bbdfbbd2019ca48bf49dddb652022c25accbcb819771f22bfa81e31b1236f 11816 
dialog_1.3-20190808-1.debian.tar.xz
 9be1fd2140eea5dc7cecd9220246a26f6558ef709a1e8287eb0fc6b06a1ec6a4 4068 
dialog_1.3-20190808-1_source.buildinfo
Files:
 3e6a10c4f154f9c413f02cdd5a2f6cf3 1688 misc optional dialog_1.3-20190808-1.dsc
 f48b597251a26c522002736652e0300c 537376 misc optional 
dialog_1.3-20190808.orig.tar.gz
 c69e5d537e36b84f48983493f72aab57 265 misc optional 
dialog_1.3-20190808.orig.tar.gz.asc
 578c9cb21af6288977602e4c2e316cad 11816 misc optional 
dialog_1.3-20190808-1.debian.tar.xz
 37dd0293cc159dd0047b2bebaed0d3a3 4068 misc optional 
dialog_1.3-20190808-1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEE1Uw7+v+wQt44LaXXQc5/C58bizIFAl1lW3QACgkQQc5/C58b
izJwSQf+IrkNF9Kews0+RbcbH6Dt6Szhu6Q3AUcCf4/VJW4DvLGCb+z0zwSL3fYV
/wpuWazGGnUmYqFBt5RV4kdZ625GshFokBbIWQE0ByMvUIRjSQBXxiC7fo5mw8Pv
GsfGNOM8ouBPJOyk33QWbYTnVFcjG3BHkL+eSmCISQQH6238XAyStSPN8Kieamna
3Iu+8pYWI6yK5HfT74DrwlxNwJbOZJbEH1hy6/fxTyDnBzztVj27AjcNX6z17ogp
4Jh1f6/7c2UOvLzbOxA0NDPQzqWtNuPtyS2692/ylvvBSAt5ZJjhw05W51zDXA2t
2A5hN1m1jAar2/pMujLliLnMAdNGPQ==
=t4w2
-END PGP SIGNATURE-

Accepted unzip 6.0-25 (source) into unstable

[Santiago Vila]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sat, 27 Jul 2019 18:01:36 +0200
Source: unzip
Architecture: source
Version: 6.0-25
Distribution: unstable
Urgency: medium
Maintainer: Santiago Vila 
Changed-By: Santiago Vila 
Closes: 932404
Changes:
 unzip (6.0-25) unstable; urgency=medium
 .
   * Apply one more patch by Mark Adler:
   - Do not raise a zip bomb alert for a misplaced central directory.
 This should allow Firefox to build again. Closes: #932404.
 Reported by Peter Green. Hopefully CVE-2019-13232 is fixed now.
Checksums-Sha1:
 c8fbc00e91740c6884bcb3df8d27d52e55a0d718 1344 unzip_6.0-25.dsc
 9744036cf499e4917c1663192e984bce8b8bc537 23096 unzip_6.0-25.debian.tar.xz
 42fa05f3e02c0b3853cf2c502401ad3bc53cd37e 4775 unzip_6.0-25_source.buildinfo
Checksums-Sha256:
 ed68c01c7adf04f1599760975facac5a6164351baa2e5035a5239905f14108bb 1344 
unzip_6.0-25.dsc
 0783e4d11d755cb43904e3f59a60dbb92ee9c6b08ac54d86bc61f9848216f37b 23096 
unzip_6.0-25.debian.tar.xz
 c57edb1fbf73bae53412a5899d4f9f01d23d3b143e5a2626507846f2f7159f95 4775 
unzip_6.0-25_source.buildinfo
Files:
 57fd7b0cb9fcf089472c04a26082c854 1344 utils optional unzip_6.0-25.dsc
 c2f30c89ed6fbf2e6a16906fe24cacb9 23096 utils optional 
unzip_6.0-25.debian.tar.xz
 598be231f6c01170ea59a1bc7679d3e7 4775 utils optional 
unzip_6.0-25_source.buildinfo

-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEE1Uw7+v+wQt44LaXXQc5/C58bizIFAl08duEACgkQQc5/C58b
izLJLwf/QmcLS/aXF1RJP1v1C+18P2SW3XvDrqQqi8xpo42spjtd459mNxn0s9qA
YKcflfqpXCow6bPZI0Nk7iYQhUlITihzxFy7hyb/xpenrcpf+9DHSgcHK6di8TFu
Bw23IkN2BzZj4K771He47c1aoUhrazyrVEkFu363c88JtXNjmmX6prod15YCvc8k
P0YiZPZnTQB82QkVV2oOq+JrHxPQkW+qJbFa2Udg7rAfoIWzeG+pUx6HoAktsdxg
ZdcIF3HWo0c5zuchejixecnQ0ayeLeRh4N/sJcyvK6Kt4lxE6UilQApA86TQo3zK
PbGspER8STEgFzBaJqv7j87urN80Gw==
=5hSs
-END PGP SIGNATURE-

Accepted unzip 6.0-24 (source) into unstable

[Santiago Vila]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Thu, 11 Jul 2019 18:03:34 +0200
Source: unzip
Architecture: source
Version: 6.0-24
Distribution: unstable
Urgency: medium
Maintainer: Santiago Vila 
Changed-By: Santiago Vila 
Closes: 931433
Changes:
 unzip (6.0-24) unstable; urgency=medium
 .
   * Apply two patches by Mark Adler:
   - Fix bug in undefer_input() that misplaced the input state.
   - Detect and reject a zip bomb using overlapped entries. Closes: #931433.
 Bug discovered by David Fifield. For reference, this is CVE-2019-13232.
Checksums-Sha1:
 95b393f68128c8d0b6392f9c46068f0421745636 1344 unzip_6.0-24.dsc
 4eb6b4a97af769ef197f7889050ba80d0f8d4aae 22064 unzip_6.0-24.debian.tar.xz
 9f26f7bd3524b70a7ead460c7f2bb762f0ed7fe2 4862 unzip_6.0-24_source.buildinfo
Checksums-Sha256:
 c2ae3430e7f80e3393ce654f8964a9b47a0510791f2f34e4b09d565457f62af8 1344 
unzip_6.0-24.dsc
 f11f6c939275201f52afb578e6625e470cd372c2e55e35e3f361d245b47c4961 22064 
unzip_6.0-24.debian.tar.xz
 9b4963ebf7789c4e99a0310db1a5bfa67d62201d0fad32bcc2435753ae2dec8a 4862 
unzip_6.0-24_source.buildinfo
Files:
 17529631e8f7c70ccb18256e24550ec4 1344 utils optional unzip_6.0-24.dsc
 6311cf07e568328d7c85483de8cb8bf9 22064 utils optional 
unzip_6.0-24.debian.tar.xz
 b86fb35651ff11ee559c31f1ca28f664 4862 utils optional 
unzip_6.0-24_source.buildinfo

-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEE1Uw7+v+wQt44LaXXQc5/C58bizIFAl0nXloACgkQQc5/C58b
izLHGQf8D+gHv+sk+tQS5KGByTtcTs8Z06L9ZhWiHW0DOVFdalzeYZdO9F+VjZrX
iWNGwRUeFAkHvFQPnry09WLFgG+YhZvJlyA1b0bryZEyMt93XLkrhMPT54g+pbdY
i7oXsZogEFnS5pcmMN9TTr7UTwx76Go0GqeN/rA/RKoDor1wmtjHKFP4BcjwkBjv
1fWU+V5m/cib4/UI5QnaL90xAtRNcCQQELEDkPrsWHRX7f8/EKG4mSlgU92Sulm9
2lqj+AlZBm7BmAxBawa3deR9z/SXTswueFMdKy2ry9ij6GgCWpDMJy/kXn8e4W9s
0obpZbFXFI4cbPChe9WfOD0iovuuuQ==
=cKhs
-END PGP SIGNATURE-

Accepted base-files 11 (source) into unstable

[Santiago Vila]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Tue, 09 Jul 2019 12:05:50 +0200
Source: base-files
Architecture: source
Version: 11
Distribution: unstable
Urgency: medium
Maintainer: Santiago Vila 
Changed-By: Santiago Vila 
Closes: 930654
Changes:
 base-files (11) unstable; urgency=medium
 .
   * Change issue, issue.net, debian_version and os-release to read
 "bullseye/sid".
   * Drop VERSION, VERSION_ID and CODENAME from os-release.
   * Make "mesg n" silent in default /root/.profile. Closes: #930654.
Checksums-Sha1:
 9893c16cdebb45d50aa9725498a5d918fedb5ecc 1063 base-files_11.dsc
 d4d663fc2877084362fb2297337be05684869b00 65368 base-files_11.tar.xz
 27d3abfbf7bf57143a3f29eb86595a2ef5f83ef3 4609 base-files_11_source.buildinfo
Checksums-Sha256:
 8c3da5c6c17db756e8369ccdef4c706ed3e71d5480ca50fec3fe451073e3d94d 1063 
base-files_11.dsc
 cf610763b6fc4e7f6c066fd6bed1d580f6b0fd9e1f91c26a18900117a3d5622e 65368 
base-files_11.tar.xz
 bbc2372bfea7ea396bc336c882e3e3f4e2e92a2a0792aef9ff88d029579ea3ef 4609 
base-files_11_source.buildinfo
Files:
 4dd94da40f3d5dbd0c94cbb0a56a50c6 1063 admin required base-files_11.dsc
 8c49791ff61c865c69742b9a80aacb0e 65368 admin required base-files_11.tar.xz
 8a9217224a48c4841ba7c784b4a080e8 4609 admin required 
base-files_11_source.buildinfo

-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEE1Uw7+v+wQt44LaXXQc5/C58bizIFAl0kacwACgkQQc5/C58b
izK7wAgAn7sgFTqv653z+03KMy8tsYFyiPuR6knNDuuD7PhajNaUAMa0ouTANCNT
tBG+fcbjyup28sMsoIrIA40xWoQntgPGR0a4zeKS1tCOnXwJjPsYWqAilZdoQzdP
NEMGuziv1oOZhEnYM9GX9WF7lP2oaX/hYleg9DN1Eo0UNG1holnhNy9/hLKOrPO7
w+F6/Mn939j7vzZy337mlszOiBWNpfrbdPjIRteGBWjTQjwGb0M1Cc9OzfSY3oMW
GU5+HKzfbQMucGf0si2DjIdvSjID9rN9BWtDiwJTJVSnC8trYv/nZ9wLfsu1AK1R
KdzQ0WwB2dGA9QK9gKFN9Vlewr9Mwg==
=WxnQ
-END PGP SIGNATURE-

Accepted unzip 6.0-23 (source) into unstable

[Santiago Vila]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Wed, 29 May 2019 00:24:08 +0200
Source: unzip
Architecture: source
Version: 6.0-23
Distribution: unstable
Urgency: medium
Maintainer: Santiago Vila 
Changed-By: Santiago Vila 
Closes: 929502
Changes:
 unzip (6.0-23) unstable; urgency=medium
 .
   * Fix lame code in fileio.c which parsed 64-bit values incorrectly.
 Thanks to David Fifield for the report. Closes: #929502.
Checksums-Sha1:
 2ddd7aaa43e7d85d2eb5973c6c1e6057abdc0d5d 1344 unzip_6.0-23.dsc
 bfa002893a88c003e0bffef7a1481307a3e7db9a 18408 unzip_6.0-23.debian.tar.xz
 e7a701f58e832e41dde3ff4301a116120991b4d1 4623 unzip_6.0-23_source.buildinfo
Checksums-Sha256:
 c9a17016a58a61bdc89e6c27cb620e01d6811cb2e5da0118f6e53134fea25826 1344 
unzip_6.0-23.dsc
 c8b5d256aca6b24b36e92270856b6947401bd4107c883b78a6fcf8afec6f54aa 18408 
unzip_6.0-23.debian.tar.xz
 38af0472a9953322f0f09c771d0787e419e5ef53f850261d80c5dbcd176becaf 4623 
unzip_6.0-23_source.buildinfo
Files:
 2297703ab482fde76cc113607fbf3594 1344 utils optional unzip_6.0-23.dsc
 5963e41e24db366a8302b7332b38b223 18408 utils optional 
unzip_6.0-23.debian.tar.xz
 9c20fc03dbce805f1f00880b83774dbf 4623 utils optional 
unzip_6.0-23_source.buildinfo

-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEE1Uw7+v+wQt44LaXXQc5/C58bizIFAlztteYACgkQQc5/C58b
izJmiAf7BGbtd/D6mWPnojlBznY54JUZX3lHJlntppNfwBdU24Bc80ak1takuUhi
gB4XEPnJd8KpJtgJt0VzaUbMmxoowuwE8zcUsDTmIXTNge7cJuq9pYsZoUvgkb1Q
+jJGA2PsLJGar/yAWzbqRLZUmoAXq7Sf31WLBl8KmF4VzmXRrPk5E9nYzNSg25kd
BsC7teQryDgRjTuptdrq8WH6lxGDQIrBUBz6326NCk1Tv1ZxE1nv0NeOtLHUnOXa
L5UZluQib4NNSrjXMudAB4ag9vhDsEpRYYvCuTATWLcuRj5TT3kS3fwP3wsgxnfS
QYPpkijzUpRQ0Hue5jmtxGXnGJhhgg==
=5wZo
-END PGP SIGNATURE-

Accepted hello-traditional 2.10-5 (source) into unstable

[Santiago Vila]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Wed, 15 May 2019 12:49:00 +0200
Source: hello-traditional
Architecture: source
Version: 2.10-5
Distribution: unstable
Urgency: medium
Maintainer: Santiago Vila 
Changed-By: Santiago Vila 
Changes:
 hello-traditional (2.10-5) unstable; urgency=medium
 .
   * Use "Rules-Requires-Root: binary-targets" instead.
Checksums-Sha1:
 cb31213a9f3bc8af3ff643b25c6d3ebf847b526e 1405 hello-traditional_2.10-5.dsc
 9c3ac31f42be91eee4ab4006bb3c944b5fbd8930 7028 
hello-traditional_2.10-5.debian.tar.xz
 f363f0792aa1e252a45f92f018e4d6ce10c08371 3694 
hello-traditional_2.10-5_source.buildinfo
Checksums-Sha256:
 f8e3b95a3154c229b28bfb5efbb37ebd05591fcfc79c3fb5daef037e45f3743d 1405 
hello-traditional_2.10-5.dsc
 455bf5b187b14dc8cdbf141e2e4084387678edbfc254ae62071267753b5ed4e1 7028 
hello-traditional_2.10-5.debian.tar.xz
 f36e7020a39b1cbdec3973942a5de4c9d615729dae29aed616c33b46cab7de4e 3694 
hello-traditional_2.10-5_source.buildinfo
Files:
 99894eef90c2adc9e7bd0aaeac02345c 1405 devel optional 
hello-traditional_2.10-5.dsc
 1dbb55f972cc45355f4fb65c566c9aff 7028 devel optional 
hello-traditional_2.10-5.debian.tar.xz
 c67af5d9e91b695166944d28e496fc46 3694 devel optional 
hello-traditional_2.10-5_source.buildinfo

-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEE1Uw7+v+wQt44LaXXQc5/C58bizIFAlzb87AACgkQQc5/C58b
izJPkQgAksn9q4SJKruG860OSvXgVmW2oWQ1sfu3XgcKgn2Z2Gerf8zOMSFD3LpA
bs52xLdaKPq7ASyEtKk8gtEd2F9F81Siv5BcMthQs74lFbMjb9xthq135C8wXnBJ
PJh/b84f97rLyg0//5iwEYhzrD72nOo03Q42w4mp4lFc0C70iwE1wTFW/RqGrHM2
RfA4HmkbiSFaKCYyFzvoExLQnDysY5JmEDq3YwIsm+9h3CuyNxGE4K1W7eNlqrGR
jJ4Xkqcsm5qW0VvV76iZtdMddI8Hmhyr2vesCuso/3EPG0Lc4dK0sUGZT2uUn23Y
ZeuRuKE0lDsFX9E1edMTCiJ6sSakdQ==
=ZQWN
-END PGP SIGNATURE-

Accepted hello-traditional 2.10-4 (source) into unstable

[Santiago Vila]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Wed, 15 May 2019 11:15:20 +0200
Source: hello-traditional
Architecture: source
Version: 2.10-4
Distribution: unstable
Urgency: medium
Maintainer: Santiago Vila 
Changed-By: Santiago Vila 
Changes:
 hello-traditional (2.10-4) unstable; urgency=medium
 .
   * Change priority from extra to optional.
   * Standards-Version: 4.3.0.
   * Rules-Requires-Root: no
Checksums-Sha1:
 576dfba93c3493e118c3220e185c499b806cf07c 1405 hello-traditional_2.10-4.dsc
 cdda54fd4477fdb1b2320a1983106018f588e5ec 7008 
hello-traditional_2.10-4.debian.tar.xz
 5761971af77e41fa7e7894ac96fdab999d04c0c3 3694 
hello-traditional_2.10-4_source.buildinfo
Checksums-Sha256:
 9a4f5cec380faa41d1466c3df2ae57d1cba9fcb37ba40de3b39ac4241f9aba93 1405 
hello-traditional_2.10-4.dsc
 b813e6edd62027be3bbb0621f33aa4cf613e2ecefc2b2197ed82eac7beeff235 7008 
hello-traditional_2.10-4.debian.tar.xz
 ac0f5a0524015a95a16c737591631236defa517876ce31b9825543311a54f0e8 3694 
hello-traditional_2.10-4_source.buildinfo
Files:
 3e99aa828952bdf942cc8b390c215580 1405 devel optional 
hello-traditional_2.10-4.dsc
 1207d43074e89e6dcaa94a4b6f34fdfd 7008 devel optional 
hello-traditional_2.10-4.debian.tar.xz
 40e56a1a65769aa504f23d919b458589 3694 devel optional 
hello-traditional_2.10-4_source.buildinfo

-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEE1Uw7+v+wQt44LaXXQc5/C58bizIFAlzb2ckACgkQQc5/C58b
izIXUggAo0hSCMu0PW0A/Py8T3CwkSGODQvaAfKkeRssUU59IxPbe0UdEQ6+R9Xl
BwZlgiv3dpjO7epdUBOpSt+A0I2dqpLuJXJrD1LbFl7JM/UQJCoh33w11RyuK2py
d0NlIxD0pROdSOjlWEBPFg1GD89FfxRoEC6NBOQGDeXxT8XvT4aSAE4Wb4TiKiKV
19vf7bVMiMWETaQVVhlWAURqzVDANpHyW2jlKJtXCl/h5euPoC0g2PtoOXx8WD8q
zD4U798BHLd0EyJob4Y31tt7VQFbHqRR3KtWgNIo7ITmuPM3wCU8Rs8ro3RdnKsW
EsIDM5Bm5pshuQNmMnDIUUlThomQUQ==
=wlMI
-END PGP SIGNATURE-

Accepted base-files 10.3 (source) into unstable

[Santiago Vila]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Mon, 13 May 2019 22:25:32 +0200
Source: base-files
Architecture: source
Version: 10.3
Distribution: unstable
Urgency: medium
Maintainer: Santiago Vila 
Changed-By: Santiago Vila 
Closes: 928172
Changes:
 base-files (10.3) unstable; urgency=medium
 .
   * Add Breaks: debian-security-support (<< 2019.04.25). Closes: #928172.
 This is the first version of debian-security-support which does not break
 when /etc/debian_version contains a string in the form "10.x".
Checksums-Sha1:
 6747fd4e8a015293a1839d1dee2906f335ba95a6 1071 base-files_10.3.dsc
 cac4881011840af93e3c0f42745867359fda07c7 65252 base-files_10.3.tar.xz
 980d247ccf08c3ba5b91e839725f4285967f59ab 4649 base-files_10.3_source.buildinfo
Checksums-Sha256:
 3a417a628dcdefbcfd287234582b6b01efee1f5815b2a822393fe35cb181d0ea 1071 
base-files_10.3.dsc
 732b93d5d44ada6418a623fa2ace5a184decfacdbe214c05a10ab70938517542 65252 
base-files_10.3.tar.xz
 f08e11e8dde2dc9d49159c3d372b12125b90b218abd5a92daa8d83b8d1fd165b 4649 
base-files_10.3_source.buildinfo
Files:
 0602b87863d7d199e259cc57c9f1b381 1071 admin required base-files_10.3.dsc
 f1198f586f930a2bfd66e4281696714d 65252 admin required base-files_10.3.tar.xz
 7d858b7767d74df648b7e57a772e1b80 4649 admin required 
base-files_10.3_source.buildinfo

-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEE1Uw7+v+wQt44LaXXQc5/C58bizIFAlzZ064ACgkQQc5/C58b
izK2rgf/QKr/wBkAdV37aN6pLPZe68EipmibnQjjlGUFNOvtrTC8Um+MeTwypocE
nLqyVYs2XncQIeU1DXnGJH3Y4x/JLNGPuunsjfLwbHVO7HrqzUrIx4FZCTRRg06Y
N2NUj1+PfqTJ+dV7xuhR5PV935qGACQqSZsSabfdFN6faXa6v1bj2dedorvbnQOV
lpcz9+DuD+MK0eySw5NmJNd6U02yhUy6s1VwtqFLatN6ek9T4VTBX4fbxLy0u880
HYIRHzuPEJpQ+EIqnxkkEhaT5WzXYsnoVtDg3G6D13eAsDCbnDqcYjhlv5UzxcOh
EtiUb46WOt0SvYI58xvVopw+q/ESAw==
=a0z9
-END PGP SIGNATURE-

Accepted hello 2.10-2 (source) into unstable

[Santiago Vila]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Mon, 13 May 2019 20:06:50 +0200
Source: hello
Architecture: source
Version: 2.10-2
Distribution: unstable
Urgency: medium
Maintainer: Santiago Vila 
Changed-By: Santiago Vila 
Closes: 928887
Changes:
 hello (2.10-2) unstable; urgency=medium
 .
   * Fix version skew. Closes: #928887.
   * Drop debian/compat and use new syntax to specify compat level.
   * Standards-Version: 4.3.0 (no changes for this).
   * Rules-Requires-Root: no
Checksums-Sha1:
 347b6037551adcfb155c27377f15d9d862f92f76 1335 hello_2.10-2.dsc
 a35d97bd364670b045cdd86d446e71b171e915cc 6132 hello_2.10-2.debian.tar.xz
 bc78d7415011e2a146ec4029617eb75de8c28675 4632 hello_2.10-2_source.buildinfo
Checksums-Sha256:
 409ec8c61539d8233a3b27f3450b9d6c2397be8adeaebb3bccbca7b608723190 1335 
hello_2.10-2.dsc
 811ad0255495279fc98dc75f4460da1722f5c1030740cb52638cb80d0fdb24f0 6132 
hello_2.10-2.debian.tar.xz
 8dfdc7a7d8d2a5205803dfba796e31d746efde20cce9a0632821c27831273533 4632 
hello_2.10-2_source.buildinfo
Files:
 83013cf13d9e408e0f6d875dc9e2d41a 1335 devel optional hello_2.10-2.dsc
 e522e61c27eb0401c86321b9d8e137ae 6132 devel optional hello_2.10-2.debian.tar.xz
 cec88c6a95a7cc08f4a65a6d951ff207 4632 devel optional 
hello_2.10-2_source.buildinfo

-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEE1Uw7+v+wQt44LaXXQc5/C58bizIFAlzZsmUACgkQQc5/C58b
izIAIwf/U9fkMu9o58qufgI6DlJ/oFkxiY8siH29BM+xQ5zRQiBiOT/pPWiDJoCF
vQJaFg13wboAhukq90CF5tML1txnT5DNI2hdmWB3W1zfk14vicDTnnjImt33l3iw
MhosoJls/3vc/mltVSa2Us1QFnAsxhyldhxxXBr/+QXzn4lDY8nJap08jh7qBtAS
CeJAN1NBVHo8e1FPTeqvniQZDxn7GPw/pVIUtRfcMsszmGP3uj1hQ7xxB7QzYJAs
XbpRN4/iCllaOakzmynCxusrE2j0qZVey1jFXr+tD6W2uexn9wOwnOIMbfcw09DX
Q6Vtounwrl5+7fH7mXiCQVe5OiyUsA==
=DFpJ
-END PGP SIGNATURE-

Re: fixing debian-security-support upgrades from stretch (for good)

[Santiago Vila]

On Mon, May 13, 2019 at 11:32:36AM +, Holger Levsen wrote:
> hi,
> 
> so there is "#928172 debian-security-support: fails to upgrade from 'testing':
> dpkg: error: error executing hook" which happens when base-files is upgraded
> before debian-security-support (but doesnt happen if d-s-s is upgraded 
> first...)
> 
> So I think this can only be fixed properly (=without asking people to
> upgrade to the latest stretch pointrelease but instead allowing upgrades
> to buster from *any* stretch pointrelease) by adding a "pre-depends:
> debian-security-support (>= 2019.04.25)" to base-files in buster.

Please no, this would make debian-security-support essential de-facto.

We should allow debian-security-support to propagate to testing first.

Then I can just add a Breaks: debian-security-support (<= version-in-stretch)
in base-files.

Please tell me what's wrong with that.

Thanks.

Accepted base-files 10.2 (source) into unstable

[Santiago Vila]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Fri, 19 Apr 2019 13:05:00 +0200
Source: base-files
Binary: base-files
Architecture: source
Version: 10.2
Distribution: unstable
Urgency: medium
Maintainer: Santiago Vila 
Changed-By: Santiago Vila 
Description:
 base-files - Debian base system miscellaneous files
Closes: 829245
Changes:
 base-files (10.2) unstable; urgency=medium
 .
   * Release candidate for buster as stable:
   - Use "10" as version in /etc/issue and /etc/issue.net.
 (never expected to change after buster is released)
   - Use 10.0 as version in /etc/debian_version.
 (expected to change at every point release)
   - Change PRETTY_NAME in /usr/lib/os-release, adding 10 as version number
 and "(buster)" as codename. Add also VERSION_ID and VERSION.
 (never expected to change)
   - Add VERSION_CODENAME to os-release. Closes: #829245. This is optional
 according to the specs but some people find it useful. Please note that
 for now this is only expected to be present on stable releases.
   - Update README (buster -> bullseye).
Checksums-Sha1:
 bd070072150db3920b7c1b2a47c1185a978b 1071 base-files_10.2.dsc
 2eaeca758c4ba310e1ee634ed1f53425e3fafd0a 65224 base-files_10.2.tar.xz
 2d4aa4823178e1c416efc394a614d3cd385e55f8 5264 base-files_10.2_source.buildinfo
Checksums-Sha256:
 376f8d595f294b9746078d220eb2f81a45b1f0f81250ad89dbfb552823734154 1071 
base-files_10.2.dsc
 b8e6658af42c3114154b412337858f5633d5651601e3cbf633024153e57dedde 65224 
base-files_10.2.tar.xz
 a9e2b0aed69f5d63042b8f6e98e775f5859248a01a57ef4af234a19845d4cd94 5264 
base-files_10.2_source.buildinfo
Files:
 8b5a5b9aa1a99b93c4522e2bb36931b0 1071 admin required base-files_10.2.dsc
 c2703c945ff58972739e9d455cb27695 65224 admin required base-files_10.2.tar.xz
 8bd580dd5270fde1ccf5eb46e8dbc7d8 5264 admin required 
base-files_10.2_source.buildinfo

-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEE1Uw7+v+wQt44LaXXQc5/C58bizIFAly5sXcACgkQQc5/C58b
izK57Qf+Jfu47LmuOKD3ljHNIQhwpTtq1j5Ba4US9NLjX+WHDaQ3Xzcdp8h52ZYu
qqYrY5WFzQr9YmjTZOTQIBmnWKzLfWLl8E79Y6MvC85zoR8/tmc99NRdyifFxH8N
rb3xxMeFvESXTX4J6Bcgj86s4fFLOD6jynouzMR3D5+wOLcTm5rmgXV5AdJmIRgC
9Ir2qc470Osq1twvV9r3XjxucWGHF0zFq1mUfVbZXXoq9lw0ArGMtFvMDI2MqJx2
PDKcKHEeO1QjNraFdTJF9KCY+fOw6qB9H2BQh+169XVa1jk4UGgDqXMrbO1q2Ocd
jmkWx86J/2/esqYskTfwPyfKDuUKNA==
=EXJo
-END PGP SIGNATURE-

Accepted diffutils 1:3.7-3 (source) into unstable

[Santiago Vila]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Mon, 08 Apr 2019 14:04:00 +0200
Source: diffutils
Binary: diffutils diffutils-doc
Architecture: source
Version: 1:3.7-3
Distribution: unstable
Urgency: medium
Maintainer: Santiago Vila 
Changed-By: Santiago Vila 
Description:
 diffutils  - File comparison utilities
 diffutils-doc - Documentation for GNU diffutils in HTML format
Closes: 922552
Changes:
 diffutils (1:3.7-3) unstable; urgency=medium
 .
   * Disable tests/colors completely for buster. Closes: #922552.
Checksums-Sha1:
 dbd2869bbd13091992744e98e41ba9793ceae01e 1453 diffutils_3.7-3.dsc
 02389d1db18a75645827b852b44506c68640b1ed 6 diffutils_3.7-3.debian.tar.xz
 ce44c24d68974294213763381ac6e4e512f099c2 5546 diffutils_3.7-3_source.buildinfo
Checksums-Sha256:
 99dee94cec05454a65a9cb542bea1720dbd4c511d13f9784c9e3741e76a9b9ba 1453 
diffutils_3.7-3.dsc
 a455228f12283b5f3c0165db4ab9b12071adc37fb9dd50dcb5e1b8851c524f1f 6 
diffutils_3.7-3.debian.tar.xz
 770a7b7c73a838f748a4e398ea5f45aae649f73fa60ee579e30426ce7e2e4494 5546 
diffutils_3.7-3_source.buildinfo
Files:
 84bb960d406cb54643014826f6b5efd1 1453 utils required diffutils_3.7-3.dsc
 72e7df439fff4cd0da47883d112e46a4 6 utils required 
diffutils_3.7-3.debian.tar.xz
 b603dd094976949a93d3af2340ce1a8b 5546 utils required 
diffutils_3.7-3_source.buildinfo

-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEE1Uw7+v+wQt44LaXXQc5/C58bizIFAlyrON8ACgkQQc5/C58b
izIXjgf+PvBwkTkJkdRY+xa59h+QZ/rVjZ2ZKkERWgL4njpX9+jNvjtUF72SDqlR
XupT7UnUyGgAtFYSLY9jp/OJwHcrftpcRMcczxI/E96A/XDvXVW+JH5sXBVcZYJx
H0r5zLnmLxnpOFsFXgDx/rMXi/igjRlr3qe0CRh9Z7ss5AcuJCZaRfIOMZKLiTRz
1ozPU0HNIF4vEW7M9ph52nDEDyngjWdvw/xyu9BTfD/sHIwF27uKGcT8d2Ie1AiA
oGJW++g6DdqeovAJFOZ0e1CzpuvXIwSy7CwcKFOiabWqyx/knKTUHBVkjCt0szYQ
Sk06fqJ4fzIC2mbJJV3dC/+J/kuqFg==
=m5NV
-END PGP SIGNATURE-

Accepted diffutils 1:3.7-2 (source) into unstable

[Santiago Vila]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Mon, 18 Feb 2019 14:03:30 +0100
Source: diffutils
Architecture: source
Version: 1:3.7-2
Distribution: unstable
Urgency: low
Maintainer: Santiago Vila 
Changed-By: Santiago Vila 
Closes: 922552
Changes:
 diffutils (1:3.7-2) unstable; urgency=low
 .
   * Increase sleeping time from 1 to 5 seconds in tests/colors for ppc64el.
 Closes: #922552 (hopefully).
Checksums-Sha1:
 348780deb4cb1388645a592ff38c2882e63fdf59 1453 diffutils_3.7-2.dsc
 c139bae9bf9eccb75f2a6efbb1c7fcdf603e1474 10956 diffutils_3.7-2.debian.tar.xz
 95679e061205f394f17fa73bb5bb4c1b4a197101 4860 diffutils_3.7-2_source.buildinfo
Checksums-Sha256:
 9c698a8dd86f76d57c4a18cd5364d0aff7798c6c32e4f350df02d2f63681776b 1453 
diffutils_3.7-2.dsc
 61cd7a77d4b1cdaf6549cb4db63e0f78bccd7a602a0b869bab67cf6b124dd140 10956 
diffutils_3.7-2.debian.tar.xz
 da5db9dc2ba8927b2e093cb1600ecb8b5540eebf4167cd22a691b861834fac84 4860 
diffutils_3.7-2_source.buildinfo
Files:
 052838f00c9dde4a3953b2f71a364486 1453 utils required diffutils_3.7-2.dsc
 bfebf14649717aa8e5a1fe41ade57d87 10956 utils required 
diffutils_3.7-2.debian.tar.xz
 b907a255ef849abe7a3b275b9432bc8c 4860 utils required 
diffutils_3.7-2_source.buildinfo

-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEE1Uw7+v+wQt44LaXXQc5/C58bizIFAlxqrUAACgkQQc5/C58b
izJInQf/V4LQpaaWe5J/bmdK/46UdexEfOxW5WRZijPByMa4rtTJ9RrG+0V/c8X8
jWx2pL9q/PAS+tnsgF4MOtJdxy8U2C/Bgd9j5RBjP7pZ+W5y4XqxH+rPxuTyVlNy
vfPl24zvIu0IamMKO+qheV1WdlTj7r4s18VQdWSNF/ZGKfL22VWlZeHYHCrzzo+g
OkrEQGw3cgn9tPQ1Cq7ZLQoBYwOIzoibD5uPM5q4oasyCi6x63MOpHYWMJYDVR6I
tpR+qwnKoaigMvracwtulWeNrCwELTgVhxeVoRyDm+zRnS0qlTnAYsT/XOm9pLI0
LZ0+b5voq6toLGXDb0kbGqENFaNosA==
=Tvz6
-END PGP SIGNATURE-

Accepted diffutils 1:3.7-1 (source) into unstable

[Santiago Vila]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sun, 17 Feb 2019 23:50:00 +0100
Source: diffutils
Architecture: source
Version: 1:3.7-1
Distribution: unstable
Urgency: low
Maintainer: Santiago Vila 
Changed-By: Santiago Vila 
Changes:
 diffutils (1:3.7-1) unstable; urgency=low
 .
   * New upstream release, fixes a memory problem and makes
 diff --color compatible with less -R. See NEWS for details.
   * Rules-Requires-Root: no
Checksums-Sha1:
 e110097f12484040682b13812916f937137ee0be 1453 diffutils_3.7-1.dsc
 ad4e0a05ee2e7f5529db6cb84474f45e086e609b 1448828 diffutils_3.7.orig.tar.xz
 a808618f253316b95ff21cc5f4bc9c632f03172b 10904 diffutils_3.7-1.debian.tar.xz
 8fc8667827d2ee4aae348ab0af5f1fd79ba9de4a 4860 diffutils_3.7-1_source.buildinfo
Checksums-Sha256:
 bc15c20678129457552e01d9a7ae318f5353f867c6cc74d66677b9daa77c8739 1453 
diffutils_3.7-1.dsc
 b3a7a6221c3dc916085f0d205abf6b8e1ba443d4dd965118da364a1dc1cb3a26 1448828 
diffutils_3.7.orig.tar.xz
 4e6d4a2983ac316edeef411f86379ef71ab399fe62596a670a17ac25f0c8d68b 10904 
diffutils_3.7-1.debian.tar.xz
 8a984426e3336bcd82194660d921bb0c9113ceab1c3cde45ebb2789ff42f9ea4 4860 
diffutils_3.7-1_source.buildinfo
Files:
 caedaf0fca829522a61d750648b27e81 1453 utils required diffutils_3.7-1.dsc
 4824adc0e95dbbf11dfbdfaad6a1e461 1448828 utils required 
diffutils_3.7.orig.tar.xz
 47556e019772eaf4438d536b888b906d 10904 utils required 
diffutils_3.7-1.debian.tar.xz
 8e1c48b96c62d54b2da51abe9784575a 4860 utils required 
diffutils_3.7-1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEE1Uw7+v+wQt44LaXXQc5/C58bizIFAlxp7QsACgkQQc5/C58b
izJ8awf7BOEdunMJUyz/qjbaj77X1B5cshzTSRDIlZwRAjm0x8lvhMV4uDGgA1sx
LESmUl+tMxh5k1jcmy7EnFNPC5VE6zDrzlonwdwF4OJfzHfmKfgx0Dey1avP8JOK
Gu4bMmQyBG2IZh/VBHK7sLauX0stUdVyeDWs6TtLK6rPaPu8t/8KPX65341Q+wk4
MoMj/narMrF1Cd2uMC/0pstM3Oo/kY6+zrbZpNveou7xaOyK72iZBRO0Sk68KVDH
+EIP0HgjFXUusHJ5aGLffyK+1XlblpSjgDdWkfSg8Xr4uEbheO/7M37zzTY7Vyc6
v/jccfqbyFH4TuEXZeIK7EIMCy39pA==
=vZXJ
-END PGP SIGNATURE-

Accepted dialog 1.3-20190211-1 (source) into unstable

[Santiago Vila]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sun, 17 Feb 2019 23:44:16 +0100
Source: dialog
Architecture: source
Version: 1.3-20190211-1
Distribution: unstable
Urgency: low
Maintainer: Santiago Vila 
Changed-By: Santiago Vila 
Changes:
 dialog (1.3-20190211-1) unstable; urgency=low
 .
   * New upstream release (misc fixes).
Checksums-Sha1:
 31fe7ba74f7c3e9ffca24df0e1854998389f 1426 dialog_1.3-20190211-1.dsc
 f355cc10949a19e5f5838bf226d581ee9a552344 534749 dialog_1.3-20190211.orig.tar.gz
 e33544dc90863593e23639ec7858ef916a6f0f49 11756 
dialog_1.3-20190211-1.debian.tar.xz
 40466230902d8bfc92b4e791c35f36279dbaa68d 3962 
dialog_1.3-20190211-1_source.buildinfo
Checksums-Sha256:
 2f9100c7ef246dde5d3cef159769dec71abe9d2c37f745019109ec1551b3432b 1426 
dialog_1.3-20190211-1.dsc
 49c0e289d77dcd7806f67056c54f36a96826a9b73a53fb0ffda1ffa6f25ea0d3 534749 
dialog_1.3-20190211.orig.tar.gz
 d643a633e573eb13dd09bd247ca690518155a64baa3fdaecb1223d3da67c0892 11756 
dialog_1.3-20190211-1.debian.tar.xz
 f4a59d1eac15633935940bc6eb3544f833f0fa07993b31da3106d36339aa4a32 3962 
dialog_1.3-20190211-1_source.buildinfo
Files:
 1580b6a982ee5f053d045376a089ff57 1426 misc optional dialog_1.3-20190211-1.dsc
 27d05caef648e8e02d0908a59951d44c 534749 misc optional 
dialog_1.3-20190211.orig.tar.gz
 cdf58a93020937cf7af19352f3028934 11756 misc optional 
dialog_1.3-20190211-1.debian.tar.xz
 a27ced807cbb508adfe3eac729e1d123 3962 misc optional 
dialog_1.3-20190211-1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEE1Uw7+v+wQt44LaXXQc5/C58bizIFAlxp5vgACgkQQc5/C58b
izJP0ggAjYV5/HrVT40RzHb26VDVVGS10lH57q5hxTkmoP7g+FdtCElaUaug9BIe
Sy566iw6JXMKrn4JG29NusaD1aXA4XlYVTd/MkmDByl1UXqSF7ZSi2dzzuRJZLJi
MnPOub8Z9fMs5lCthBZuZm+GkPRU6yDsl9RUttBoXY3SVDlgZWYzzO91Mum9Fmau
Qs/Dm1yOqy6I5ebnmH3b2jDjFxdZ7H6Etqgjl1bWJOIjkN03OUjxB04mTRZ9QpRu
frwrxyrrQ5Uo6dAECTzTmK4stFHhYILz5f8/UDLLH4iiJi+kiwea44p6s89V8Sx6
vVLPVPazkEoIX2IHgohD4l+xBsDDUA==
=2un6
-END PGP SIGNATURE-

Accepted unzip 6.0-22 (source) into unstable

[Santiago Vila]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sat, 09 Feb 2019 18:12:00 +0100
Source: unzip
Architecture: source
Version: 6.0-22
Distribution: unstable
Urgency: medium
Maintainer: Santiago Vila 
Changed-By: Santiago Vila 
Closes: 889838
Changes:
 unzip (6.0-22) unstable; urgency=medium
 .
   * Fix buffer overflow in password protected ZIP archives. Closes: #889838.
 Patch borrowed from SUSE. For reference, this is CVE-2018-135.
   * Rules-Requires-Root: no.
Checksums-Sha1:
 4af9e076ed0b3abd5ddee18fa8e3f8639bb7418b 1344 unzip_6.0-22.dsc
 a59b77b7e3b6e5dbcb32a19df6656d506797c68b 18212 unzip_6.0-22.debian.tar.xz
 9b0c7e461ad5e1cd86d79f2e77027b93ac817393 4596 unzip_6.0-22_source.buildinfo
Checksums-Sha256:
 22cf3115ada5ad5e9c232d8bc39e4452a1891f75e64e95053f696e80938e94c7 1344 
unzip_6.0-22.dsc
 f3c80c1e3917d59cb2fe72f0431159c919f2df7fc96f5b539c91cc96fc02ecfa 18212 
unzip_6.0-22.debian.tar.xz
 f496b07f19f427e49ec022bc41ff19676c41b887282f78d8b2ea775b1a137b95 4596 
unzip_6.0-22_source.buildinfo
Files:
 281e654f5bc5080f32d30db38b18bfcb 1344 utils optional unzip_6.0-22.dsc
 a0c128f25ad6e13e86f625a782af54f2 18212 utils optional 
unzip_6.0-22.debian.tar.xz
 e8f0a6c647d374e378e632e4a7258674 4596 utils optional 
unzip_6.0-22_source.buildinfo

-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEE1Uw7+v+wQt44LaXXQc5/C58bizIFAlxfCv0ACgkQQc5/C58b
izKPXAf9FtLg1hC8niRdE9y6PYPmKXX5RJXUALb7Hh8EpBAd+uCOKVogGqeGetsZ
T3ky1rmG/ONE/6IyuOU3ADV1a08W+vw2Hn8am5uu2/l503wcZriJ3pQOSYzusfQ7
6cpq3l6N2ITQW85UDUy76zPGXOW1jzPISgYs3T+OAulHTqSx5+lIZn3g/o5tXBmf
x2qjy59UjCFlpAxqdmwFMfupru3Bjs2mpx57gxf30kY4zDm95LxRXwVGxxqkc6rZ
ZffkNmXeHlQNP+WbCDJEegTYO8tltUDvBF/IrO1QfSXz6I5lZJ6y65pUmZ2iLTE6
kYVJ+9PINe0ZVerOjxLPkjcEl6N6fA==
=QpIB
-END PGP SIGNATURE-

Accepted indent 2.2.12-1 (source) into unstable

[Santiago Vila]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sun, 27 Jan 2019 22:35:20 +0100
Source: indent
Architecture: source
Version: 2.2.12-1
Distribution: unstable
Urgency: low
Maintainer: Santiago Vila 
Changed-By: Santiago Vila 
Closes: 228112 349065 487517 657461 726105 865677 916199
Changes:
 indent (2.2.12-1) unstable; urgency=low
 .
   * New upstream release. Closes: #916199.
 This is now maintained upstream by Andrej Shadura.
   * Drop all debian/patches/*, not required anymore.
   * Should fix '*' in function declaration. Closes: #228112.
   * Should fix double const after C++ function declaration. Closes: #349065.
   * Should improve support for gettext macros. Closes: #487517.
   * New option --fix-nested-comments. Closes: #657461.
   * Should not change !! to ! ! anymore when using -linux. Closes: #726105.
   * Should now cross-build. Closes: #865677.
   * Rules-Requires-Root: no.
Checksums-Sha1:
 36783e19c275da879687c9f2d8844c4d57402f64 1390 indent_2.2.12-1.dsc
 eecb3d7e78516d846af70e7bc86aabac9b92399c 620280 indent_2.2.12.orig.tar.xz
 d280f8b35975b8df52cd391411559234b5b97de7 5948 indent_2.2.12-1.debian.tar.xz
 9ae2b38a123edf27551aa324e0c184acab82ea84 4896 indent_2.2.12-1_source.buildinfo
Checksums-Sha256:
 e802796b98203d047d819685801bd970b20a6525836b35c5a9fd119eb7cf176d 1390 
indent_2.2.12-1.dsc
 b745a5dfc68f86a483d7f96dc1cda7aafd1e78ecba3c7d8ad304709e91e1defb 620280 
indent_2.2.12.orig.tar.xz
 d3ac4770ff8a0de2497a44c2a2d3e57521efb748620793bf531499565c50c5ea 5948 
indent_2.2.12-1.debian.tar.xz
 d62fde0178001f6517549001f78abba0c64d9a4c2bede1056b123610c9ed529e 4896 
indent_2.2.12-1_source.buildinfo
Files:
 235cbcac6f3c8e67d8c2ddf55ee33a3e 1390 devel optional indent_2.2.12-1.dsc
 9cba859a8b1958baa2e3dce1dadb37db 620280 devel optional 
indent_2.2.12.orig.tar.xz
 85039d044a9c085d5a506ff9ad66dd74 5948 devel optional 
indent_2.2.12-1.debian.tar.xz
 aa435f822003c88ec252181c36d9a3af 4896 devel optional 
indent_2.2.12-1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEE1Uw7+v+wQt44LaXXQc5/C58bizIFAlxOKC4ACgkQQc5/C58b
izL00wf/Zm/3/RhTtw5rZ6s+9YDbDRoqBmbY2v1a06rWF0+rFRLHpGm1mKgwKwOf
/VNSkobY+7a/SNda/rzWgHdDT+ekcAXh4VBc3UiG51BNOl9RTjauupDgLnccEVUt
mepPmLP2btWupN1mSAaHy1HIySV3miQbQYFMLo9/QlcO3eVu7ZPpFP5jy76iLqLT
pUYIDuw/4MCoUcAun//CF/KHshpONhCi1nx5Pa9rFsEidtlH1QIPalQUmvgvbnpQ
kqVLrcPR9TnpCPIniySTrfeAu53I3LSUkAgFtH9P2QHIQgMRCJSwEfCox3ZROaEL
x0lVS45qFVrvIqoPBXjVU3c1yXBVBQ==
=lz9b
-END PGP SIGNATURE-

Accepted icon 9.4.3-7 (source) into unstable

[Santiago Vila]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Tue, 11 Dec 2018 22:14:40 +0100
Source: icon
Binary: icont iconx icon-ipl
Architecture: source
Version: 9.4.3-7
Distribution: unstable
Urgency: medium
Maintainer: Debian QA Group 
Changed-By: Santiago Vila 
Description:
 icon-ipl   - Libraries for Icon, a high-level programming language
 icont  - Interpreter for Icon, a high-level programming language
 iconx  - Executor for Icon, a high-level programming language
Closes: 915334
Changes:
 icon (9.4.3-7) unstable; urgency=medium
 .
   * QA upload.
   * Fix FTBFS with glibc 2.28. Closes: #915334.
Checksums-Sha1:
 0dfd05d304a6fd57667d6adea85d6fe76943e2fe 1392 icon_9.4.3-7.dsc
 e0b9d4e0ed7db6769d210d866882eab4f6036c09 8696 icon_9.4.3-7.debian.tar.xz
 45710f49cdead4c8d0136c419fc7e736034d45b3 4293 icon_9.4.3-7_source.buildinfo
Checksums-Sha256:
 f5507a33c1f78188efe72deb38a27aa59042cdc6f294ddab8251d675ae4f12db 1392 
icon_9.4.3-7.dsc
 61bbf281dbf4fa1b358f91da0b68b35ccfdbacabdc95c3ce0911c109eca301ed 8696 
icon_9.4.3-7.debian.tar.xz
 29a26a35110c8b945ec380c869bccee37569c1d36232eaddeb2710c2292f391d 4293 
icon_9.4.3-7_source.buildinfo
Files:
 6c96d94392d311004df8812667763c25 1392 devel optional icon_9.4.3-7.dsc
 5b36202b12bf9d39444c19397359c5a5 8696 devel optional icon_9.4.3-7.debian.tar.xz
 6c2de8345e8ae63d1b83b5e7ff5041dc 4293 devel optional 
icon_9.4.3-7_source.buildinfo

-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEE1Uw7+v+wQt44LaXXQc5/C58bizIFAlwQKRwACgkQQc5/C58b
izLwmAf9F27+XADbOvC7wTLQUkchVE165OYTuxCqXqs5+sqTviHhbsHtfxFIXvcS
eEMgFxbk8GkhKnsTXPhFheE31DWQYIz0UmVlNUSf2Vf3H8VUFjUTk7pLvMpAq0Wc
v9k6V/U6axLYJYBv+flcjfJpwWjwBoEZL1HBXHLN/d4qYXRFk3NrDkyU1c7FvZ3Y
nG1/um8G5UwEGAFMKsSjQVhQ+LfeqA1tk26yrnYUEjjJG4gy2qU2G9qPT8jvhF35
qP5a5KXcoMXFkFY31/JHvRRdsTfAr3iQZHy6t+8wRJWy1flbhZjeSjh/UiLX2IBD
/qahn7M7AH//BhL9VCHaKCRO9rQ58A==
=qIMj
-END PGP SIGNATURE-

Accepted sharutils 1:4.15.2-4 (source) into unstable

[Santiago Vila]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sat, 01 Dec 2018 15:48:20 +0100
Source: sharutils
Binary: sharutils sharutils-doc
Architecture: source
Version: 1:4.15.2-4
Distribution: unstable
Urgency: medium
Maintainer: Santiago Vila 
Changed-By: Santiago Vila 
Description:
 sharutils  - shar, unshar, uuencode, uudecode
 sharutils-doc - Documentation for GNU sharutils
Closes: 915173
Changes:
 sharutils (1:4.15.2-4) unstable; urgency=medium
 .
   * Fix FTBFS with glibc 2.28. Closes: #915173.
   * Rules-Requires-Root: no.
Checksums-Sha1:
 162f9edae7efa4568967cb8ee34821849a84cfbe 1466 sharutils_4.15.2-4.dsc
 7a09f9a2b430b1fd4a65817ded031805d998496c 8856 sharutils_4.15.2-4.debian.tar.xz
 a6bf4adb50ad4c9e4ffee571bd907d03a1de1fe5 4913 
sharutils_4.15.2-4_source.buildinfo
Checksums-Sha256:
 de9a225fbcbed0a73848ca1d2a8dbc36beebdfb1af66739c9f4aa99ee90d8e22 1466 
sharutils_4.15.2-4.dsc
 7e892e96169dbd3288f64eac9fa5cac223fafc38a8a56623336d0f38fb1f1248 8856 
sharutils_4.15.2-4.debian.tar.xz
 99312301ecd6a6f82a8b73516bea65e85b878f5fd77f093f6e9eab70efb1a326 4913 
sharutils_4.15.2-4_source.buildinfo
Files:
 ce03672c94403e3c6c1e447ed6a04073 1466 utils optional sharutils_4.15.2-4.dsc
 e8c1aa9e0f9dc8fb589ff174b4fc6c53 8856 utils optional 
sharutils_4.15.2-4.debian.tar.xz
 1247d6702e4543b5b442daa79ca4fb30 4913 utils optional 
sharutils_4.15.2-4_source.buildinfo

-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEE1Uw7+v+wQt44LaXXQc5/C58bizIFAlwCn2IACgkQQc5/C58b
izLJ4gf/cm+juqZR3E/OG5aWlIeLGxT9MhuOpeKIgzUAPST0n45h07/v3MgVvrHo
s0AAXmPTtjW7HmV/ZBgYZYQOCmHeDJihD0UH6B1PdXbRf5EbiOjdUjGfuEJkzacV
fjMun4OxuDS4fpTIAeAA8XypJRycd4uAJ1/MOuNJHqT8Nnyue5aparq84tZ2ut3U
Q5XXm5gOQCGAtIVbBDUbQDdBNvmmdrPk0X7DLG/CzsUJq8LIyxY+3aNmCsEx26gi
hy7P9fzoaOVXdk7tY2ThXXdHIPfGS3PhtdeeRZGIoqK8g1mXhdq5amx+y2EEPhvD
AQzPuF+mZfygK97Uy832jPWbUcawWw==
=Daxg
-END PGP SIGNATURE-

Accepted m4 1.4.18-2 (source) into unstable

[Santiago Vila]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sat, 01 Dec 2018 15:46:54 +0100
Source: m4
Binary: m4 m4-doc
Architecture: source
Version: 1.4.18-2
Distribution: unstable
Urgency: medium
Maintainer: Santiago Vila 
Changed-By: Santiago Vila 
Description:
 m4 - macro processing language
 m4-doc - Documentation for GNU m4
Closes: 915152
Changes:
 m4 (1.4.18-2) unstable; urgency=medium
 .
   * Fix FTBFS with glibc 2.28. Closes: #915152.
   * Rules-Requires-Root: no.
Checksums-Sha1:
 2421d7fd5bc561464f555e7d8943244907d16551 1426 m4_1.4.18-2.dsc
 d1ffe7863857b76f55e5ef6b4ddb2d18c5944a99 17032 m4_1.4.18-2.debian.tar.xz
 35a1e143dd3fe9644d9b85aa82fb8fb71659a306 4638 m4_1.4.18-2_source.buildinfo
Checksums-Sha256:
 93dda06744f90619c4666515c9b5bc51aa584519c16cafd1e74aaa3733628c1b 1426 
m4_1.4.18-2.dsc
 73718bae96a2f63f0ed38c614ea081074914698207e73450da571461af1c58ec 17032 
m4_1.4.18-2.debian.tar.xz
 5078762a58f3fe760c015fb4e3b2efad0014f4c8886923e34f08599acb442e25 4638 
m4_1.4.18-2_source.buildinfo
Files:
 4c49b1711bd13a00d3d3a44cf266efac 1426 interpreters optional m4_1.4.18-2.dsc
 eb772ad9380c989c53c5ac938ee058eb 17032 interpreters optional 
m4_1.4.18-2.debian.tar.xz
 02561fa782a66fd0fd1903adfccb75ca 4638 interpreters optional 
m4_1.4.18-2_source.buildinfo

-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEE1Uw7+v+wQt44LaXXQc5/C58bizIFAlwCnwQACgkQQc5/C58b
izLiqgf/Y+jOUxKzFAMVOAZ+ij34/S5vSO8iRr/DLz6KbXgqZmRsvJn9C0l0aEJu
ImlnfXZhcLdh02IwWGL+T4MmpIUQTDZ0y8gjgWc51KTGYyDY0r8zK2I0rTEEc4EO
ks/YresPvqmMXrKFEasJMuyMahGNC4BU6H9nY6DcbqRfHwTiSvh3F0GAs8qnNigm
hgR9RowwfzKMBXu61PiWtYm4NoOVUlQ1FynWbw/9Hbngk237Wj2B0rmqhm1W4VEa
2rQDXwI+ENKBjtf+1ecyqkidDNhRr5uEU4rKLS+6BBCM+K1qt2t+muUmEoLm39n7
k6xcbIZctxSDB+RUnIDOKO2Ga+hh9g==
=ioj7
-END PGP SIGNATURE-

Accepted gettext 0.19.8.1-9 (source) into unstable

[Santiago Vila]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sat, 10 Nov 2018 18:34:46 +0100
Source: gettext
Binary: gettext-base gettext gettext-el gettext-doc autopoint libgettextpo0 
libasprintf0v5 libgettextpo-dev libasprintf-dev
Architecture: source
Version: 0.19.8.1-9
Distribution: unstable
Urgency: medium
Maintainer: Santiago Vila 
Changed-By: Santiago Vila 
Description:
 autopoint  - The autopoint program from GNU gettext
 gettext- GNU Internationalization utilities
 gettext-base - GNU Internationalization utilities for the base system
 gettext-doc - Documentation for GNU gettext
 gettext-el - Emacs po-mode for editing gettext .po files
 libasprintf-dev - GNU Internationalization library development files
 libasprintf0v5 - GNU library to use fprintf and friends in C++
 libgettextpo-dev - GNU Internationalization library development files
 libgettextpo0 - GNU Internationalization library
Closes: 913173
Changes:
 gettext (0.19.8.1-9) unstable; urgency=medium
 .
   * Fix double-free problem with *.po file input. Closes: #913173.
 Patch extracted from upstream git where it was fixed by Daiki Ueno.
 For reference, this is CVE-2018-18751.
   * Add bison to Build-Depends, required by the above.
Checksums-Sha1:
 a6fce80e66c025aac4102898fe53b92ae11db50a 2011 gettext_0.19.8.1-9.dsc
 a798fb0408739e36b09a8f93af6c630bb29d1578 32792 gettext_0.19.8.1-9.debian.tar.xz
 586a7c4c807f82e0b23819d8da24fcd69ca52d95 10751 
gettext_0.19.8.1-9_source.buildinfo
Checksums-Sha256:
 1854346197e167b6ac7eaa3cc0630cbfcad4b47c21980f045ee5c82fe37f9593 2011 
gettext_0.19.8.1-9.dsc
 646bee2ac7de6d6c8e64a612a03abaf9dab116671ec258199671894e90faf73e 32792 
gettext_0.19.8.1-9.debian.tar.xz
 1d7fa6627642a4b8cf510bccf7b9ed389246f59b5657bc4f5132ffc692d88042 10751 
gettext_0.19.8.1-9_source.buildinfo
Files:
 fefbe58f8c469eefb833d30aac4dc9be 2011 devel optional gettext_0.19.8.1-9.dsc
 8e8190d1de59901c5064e4d01dc76c56 32792 devel optional 
gettext_0.19.8.1-9.debian.tar.xz
 7234ef96b70f2c5345743f8a669249fc 10751 devel optional 
gettext_0.19.8.1-9_source.buildinfo

-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEE1Uw7+v+wQt44LaXXQc5/C58bizIFAlvnFzAACgkQQc5/C58b
izIJgAf9FH8FfEnKEdbDAOScxzm3Bq3gATuCjnkr7t0phMH8U5wEjVVajfNm4brB
2JRcM3kv6RTv28ATt6ADuYGcm7JodYbTthiTEwHArUqg4/kLT9mV1b9ddEWVcvq3
T6Z/iSHkg0YpYW5LsYPOvElGUxXbWYsmEidngxbFAcuFXhQ8+/KMO09yk1sJKjU/
jfQMghOxgvkON+X0488dAwL6lSwYzOyysf7dk/esZ1FC3fmS++rhPDKt+tj5dEo3
ASbB0taUS32VhWqLx71Cw0RGAbLZEgMSC/PykvJk/OV3Lbt20KqF1ujWugitjzSR
VD8zOj7Vwtkwg+cczsK6SE4T/lFWaA==
=mDy5
-END PGP SIGNATURE-

Accepted dialog 1.3-20181022-1 (source) into unstable

[Santiago Vila]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sun, 28 Oct 2018 22:30:24 +0100
Source: dialog
Binary: dialog
Architecture: source
Version: 1.3-20181022-1
Distribution: unstable
Urgency: medium
Maintainer: Santiago Vila 
Changed-By: Santiago Vila 
Description:
 dialog - Displays user-friendly dialog boxes from shell scripts
Closes: 865840 867536
Changes:
 dialog (1.3-20181022-1) unstable; urgency=medium
 .
   * New upstream release.
   * Bugs fixed in the previous upstream release 1.3-20180621:
   - Improve handling of SIGWINCH for several widgets. Closes: #865840.
   - Improve documentation of the various whitespace-filtering options,
 to show which take precedence. Closes: #867536.
   * Add menubox11 to examples directory.
Checksums-Sha1:
 aad360a399ce7911e43092dc237ba2739bf147ac 1426 dialog_1.3-20181022-1.dsc
 06064ded4519c9a31e56f098f19651deb611f791 531815 dialog_1.3-20181022.orig.tar.gz
 978b07a28f282f1e204e366cdda0cde15af1411d 11744 
dialog_1.3-20181022-1.debian.tar.xz
 fe03d9739d3e65b486bc16c4476051a918493dfc 4156 
dialog_1.3-20181022-1_source.buildinfo
Checksums-Sha256:
 fa3002e469c7a76dce0f4f0c17b27d8fc4c5579876e87d3fcb415bcc74b5a050 1426 
dialog_1.3-20181022-1.dsc
 d5f9282e701c52e1ae3784ebb33a1ba57202436832688c511414136fcb0dcdb3 531815 
dialog_1.3-20181022.orig.tar.gz
 ebc28a59b93fccdd17a01e2894e551f381a0710fe84fe40b7a4a697295ff3c88 11744 
dialog_1.3-20181022-1.debian.tar.xz
 000fb0d780fa1c730d9935c44c32560eacbeff0c0dced42a68da27d76e6700e2 4156 
dialog_1.3-20181022-1_source.buildinfo
Files:
 458a16e7377cfede37d986cb5fb85ebc 1426 misc optional dialog_1.3-20181022-1.dsc
 274da782d8c08e1bed96a653a3d610bd 531815 misc optional 
dialog_1.3-20181022.orig.tar.gz
 12238657723cd9e394e7a5afd5adf0f9 11744 misc optional 
dialog_1.3-20181022-1.debian.tar.xz
 23d76bff8e671f1c8ebda56a568f4a10 4156 misc optional 
dialog_1.3-20181022-1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEE1Uw7+v+wQt44LaXXQc5/C58bizIFAlvWMewACgkQQc5/C58b
izKokwgAg0MNfmsMZRyV9Wktpy60z2zhMghPNVrjG3CBMY7qyroy0YB6U/ItCMmt
W1IMuBVGoHgh+9zhJm8qq9Mm2WVnt4lsizdVPsaKyv1rly46qdZ+/Iu42hoVX+OZ
94ioqEuBAxPuiRXMvcE9kdQdm/UJYrt9Xn2v8dY26h1SYof23rBcVPqVZfsj/0wg
DWvRg7J80I4p0aug8oHCto8sD97DBm0HBWcRVZuMLfx+1JR1TywP9qeT/GNU3vky
7SB2yj3AqOrapDKiRM15WMOVzz/yJj/c0izghjvf9jLzJPvZu2i5CRF9c8feqt9a
QMeqRi1EBthF830e9d301yN7RfU7TQ==
=p+gb
-END PGP SIGNATURE-

Accepted gettext 0.19.8.1-8 (source) into unstable

[Santiago Vila]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sat, 06 Oct 2018 14:00:40 +0200
Source: gettext
Binary: gettext-base gettext gettext-el gettext-doc autopoint libgettextpo0 
libasprintf0v5 libgettextpo-dev libasprintf-dev
Architecture: source
Version: 0.19.8.1-8
Distribution: unstable
Urgency: medium
Maintainer: Santiago Vila 
Changed-By: Santiago Vila 
Description:
 autopoint  - The autopoint program from GNU gettext
 gettext- GNU Internationalization utilities
 gettext-base - GNU Internationalization utilities for the base system
 gettext-doc - Documentation for GNU gettext
 gettext-el - Emacs po-mode for editing gettext .po files
 libasprintf-dev - GNU Internationalization library development files
 libasprintf0v5 - GNU library to use fprintf and friends in C++
 libgettextpo-dev - GNU Internationalization library development files
 libgettextpo0 - GNU Internationalization library
Closes: 910246
Changes:
 gettext (0.19.8.1-8) unstable; urgency=medium
 .
   * Fix FTBFS with Java 11, by applying Java related patches from
 upstream git (gnulib). Thanks to Emmanuel Bourg 
 for the report and Bruno Haible  for the fix.
 Closes: #910246.
Checksums-Sha1:
 1a020db9c54e92bd9d5d805a91be197129d42bf3 2004 gettext_0.19.8.1-8.dsc
 8e590ae71c33c9bdfdd0088824cc43f85e440888 32124 gettext_0.19.8.1-8.debian.tar.xz
 2787b15d9142c008855a7d15a99b1467968e09ae 4844 
gettext_0.19.8.1-8_source.buildinfo
Checksums-Sha256:
 fd0ce700b95f42a012590078484302fc992e0e3f2c8e9c4d4e8c73b4eeb79ddb 2004 
gettext_0.19.8.1-8.dsc
 3a456ac4c5c8b068c3372eb81bbf3e0d58d94d76cbebe7d02d056d115b0f93a6 32124 
gettext_0.19.8.1-8.debian.tar.xz
 b989bb986c7aa5a109f247a8efd27c476c4c13c6eb6ef72ba4b76359e393a0f1 4844 
gettext_0.19.8.1-8_source.buildinfo
Files:
 aa84cb60b3a34eb206b25696477e5a08 2004 devel optional gettext_0.19.8.1-8.dsc
 5bd2fd40869562eef9bf3b2bca6492f0 32124 devel optional 
gettext_0.19.8.1-8.debian.tar.xz
 f1cf3096db019dcd55838acf82227b05 4844 devel optional 
gettext_0.19.8.1-8_source.buildinfo

-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEE1Uw7+v+wQt44LaXXQc5/C58bizIFAlu4qzoACgkQQc5/C58b
izKcJwf/aS70XJtmItZrj+oqgCCd/NeCvHzib6qAEZwmT5d2HHYxjmaDtqAUh17G
WHLHShUhyIhpexRqr174NBbIITTq8SRZUEMlNvqY/BQDDHkX990faaNX0iwz1xS8
Bhf360+CFecgWqbw8QvHKlK1J+B15gLPq2t+Zy0GpOaQmzmqk+5ZjsgtU7Q5ycW0
D3Lwk5GnbCbFLYc88kjgkRSARfjoIod/R/hGUnh/domCf/LhUEhANIGc5ftU9Qh6
QfpiYj7SdrmgEyiaSzU1cUg/Rk/WUILeGmnbaWljx13+zvN2JUh8cLi3O2/cYdgY
ROUZIKjnVUBhc4My97nUUxYaQx2KKA==
=k/Mg
-END PGP SIGNATURE-

Accepted gettext 0.19.8.1-7 (source) into unstable

[Santiago Vila]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sun, 12 Aug 2018 22:00:10 +0200
Source: gettext
Binary: gettext-base gettext gettext-el gettext-doc autopoint libgettextpo0 
libasprintf0v5 libgettextpo-dev libasprintf-dev
Architecture: source
Version: 0.19.8.1-7
Distribution: unstable
Urgency: medium
Maintainer: Santiago Vila 
Changed-By: Santiago Vila 
Description:
 autopoint  - The autopoint program from GNU gettext
 gettext- GNU Internationalization utilities
 gettext-base - GNU Internationalization utilities for the base system
 gettext-doc - Documentation for GNU gettext
 gettext-el - Emacs po-mode for editing gettext .po files
 libasprintf-dev - GNU Internationalization library development files
 libasprintf0v5 - GNU library to use fprintf and friends in C++
 libgettextpo-dev - GNU Internationalization library development files
 libgettextpo0 - GNU Internationalization library
Changes:
 gettext (0.19.8.1-7) unstable; urgency=medium
 .
   * Use dh_autoreconf to regenerate autoconf stuff. New automake
 version 1.16 in buster makes gettext to FTBFS because we are
 modifying m4 files and the orig.tar.gz was created with 1.15.
   * Update versioned build-dependency on debhelper accordingly.
   * Disable libtoolize for the above to work.
   * Rules-Requires-Root: no.
Checksums-Sha1:
 2eb418b668585613e054e6974892c786a4b6ea16 2004 gettext_0.19.8.1-7.dsc
 c24f672237842f921e257416db382d4cdc6674fd 31064 gettext_0.19.8.1-7.debian.tar.xz
 a547d6886d2d45d50fc64cc67765699beb95f8be 11106 
gettext_0.19.8.1-7_source.buildinfo
Checksums-Sha256:
 6c26264f2d456a0182e6806c3571cf196817820a22d79b95455a50c3b03b796e 2004 
gettext_0.19.8.1-7.dsc
 d495e316273440e39675c74f503927fb932cc251e22157be825520d53bc37fd1 31064 
gettext_0.19.8.1-7.debian.tar.xz
 65a8bc4edb8ddf37b502a50383e40b44a7540bf593730315d7c4cfb60a5d70e4 11106 
gettext_0.19.8.1-7_source.buildinfo
Files:
 5aec7eaee8f8ae94e876e2bd5f05498d 2004 devel optional gettext_0.19.8.1-7.dsc
 1461df5e22571932d2c38e2e14457ef8 31064 devel optional 
gettext_0.19.8.1-7.debian.tar.xz
 dfdc19095720ebe6b5b49f1ec2acd5fe 11106 devel optional 
gettext_0.19.8.1-7_source.buildinfo

-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEE1Uw7+v+wQt44LaXXQc5/C58bizIFAltwkvoACgkQQc5/C58b
izJQiAgAmYupiEgNs/EQC0EQdq5vmb+rAuzW2xcOUCmklJUfglkLkxzwSsYH4PwE
FolcN6tusMDEP5GmdPejmDatgEACdVZuPdRrryR/BM8dAtPuxrDW29N8bQ2BxllX
jZYHyA97gJXRwWUMZHC1kclPCC3UrNtYjMjVp7Cm/oXYMgEwDNcNKhKiGmaeWuHx
IojRPJKGRE3hE/wXNCC/hHDx8TesC+wSwjtgpj0nMrH48Z9khj/CQea6jMR7Fkak
d7eVkom2wWUJMDpyq7xDoW3hD4KPv0oa1no1n5r4xRE9C/PoOEB9VB5TkXHItBIH
PiInOIJoYrbLpNSeWeDkmpldinMFRA==
=vTXX
-END PGP SIGNATURE-

Accepted gettext 0.19.8.1-6 (source) into unstable

[Santiago Vila]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sat, 24 Mar 2018 19:32:04 +0100
Source: gettext
Binary: gettext-base gettext gettext-el gettext-doc autopoint libgettextpo0 
libasprintf0v5 libgettextpo-dev libasprintf-dev
Architecture: source
Version: 0.19.8.1-6
Distribution: unstable
Urgency: medium
Maintainer: Santiago Vila <sanv...@debian.org>
Changed-By: Santiago Vila <sanv...@debian.org>
Description:
 autopoint  - The autopoint program from GNU gettext
 gettext- GNU Internationalization utilities
 gettext-base - GNU Internationalization utilities for the base system
 gettext-doc - Documentation for GNU gettext
 gettext-el - Emacs po-mode for editing gettext .po files
 libasprintf-dev - GNU Internationalization library development files
 libasprintf0v5 - GNU library to use fprintf and friends in C++
 libgettextpo-dev - GNU Internationalization library development files
 libgettextpo0 - GNU Internationalization library
Closes: 892733
Changes:
 gettext (0.19.8.1-6) unstable; urgency=medium
 .
   * Apply all Java 9 related patches from upstream git instead
 of the patch from openSUSE. This fixes gettext FTBFS bug
 in a different way and also fixes msgfmt. Closes: #892733.
 Thanks a lot to Bruno Haible.
Checksums-Sha1:
 010bd0a2a9cad823e919b23d1cc3bfaa82e97fe9 1995 gettext_0.19.8.1-6.dsc
 35b2f19e4e68d9fac0a1a934b88860b78bd09d08 30924 gettext_0.19.8.1-6.debian.tar.xz
 e628e6d4d707416a9e6da439ddcfe458ab30e6a6 11186 
gettext_0.19.8.1-6_source.buildinfo
Checksums-Sha256:
 4b6441dd278649a818875a2920ff0ef613a3188a2eb3af5e69f04ceb84b5f145 1995 
gettext_0.19.8.1-6.dsc
 73ab07535720566d2ea523f3e5a4d046d10fd34ddf3482ee4fa30f6ba17d1932 30924 
gettext_0.19.8.1-6.debian.tar.xz
 7a5167f46e82cf5b70ae496a1dd68423362bb4eaa6b8f161bb22f0fd4d2560a6 11186 
gettext_0.19.8.1-6_source.buildinfo
Files:
 fe91b5697274b21507469d8b6ab84b3b 1995 devel optional gettext_0.19.8.1-6.dsc
 4701274261241425ebae070d854f3c22 30924 devel optional 
gettext_0.19.8.1-6.debian.tar.xz
 561bf8683e80a6b0e394e9ba1e91fe1c 11186 devel optional 
gettext_0.19.8.1-6_source.buildinfo

-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEE1Uw7+v+wQt44LaXXQc5/C58bizIFAlq2nJ8ACgkQQc5/C58b
izL0wggAiSZKIdQKPZ681YKR5YcCaaOZDRcpFzfebcyMLdElhplUNNPhkcHHX8Z4
Wrl1y/Z1ZKrCLgcnpTpicUQbOIVKy7ZgLbbHHaBQDM7x5m/eIS8nK1I8dH3s/lzv
Etr7ts+TbDy1pDAP+qB1dr+SXiPBFp/ZnKFPvIt2zRKFvZDHqK8Te25DeYQyz1Xg
5BT+Os7z5Ko3Yb72uTyCuv/s8kAIZfKaevut75MPE80GKKCo+MNFDWe066b0XmQt
7NBw7+hVxxSRNTaKGrc9Yr8Z0ExQv21t5Xr96oaHFkdvfy1GWLnUlleSaJgsFDvQ
7IU8jdOFz1YvakSNyrfjkqfsMhO7xA==
=JDk/
-END PGP SIGNATURE-

Accepted gettext 0.19.8.1-5 (source) into unstable

[Santiago Vila]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sat, 24 Mar 2018 12:24:50 +0100
Source: gettext
Binary: gettext-base gettext gettext-el gettext-doc autopoint libgettextpo0 
libasprintf0v5 libgettextpo-dev libasprintf-dev
Architecture: source
Version: 0.19.8.1-5
Distribution: unstable
Urgency: medium
Maintainer: Santiago Vila <sanv...@debian.org>
Changed-By: Santiago Vila <sanv...@debian.org>
Description:
 autopoint  - The autopoint program from GNU gettext
 gettext- GNU Internationalization utilities
 gettext-base - GNU Internationalization utilities for the base system
 gettext-doc - Documentation for GNU gettext
 gettext-el - Emacs po-mode for editing gettext .po files
 libasprintf-dev - GNU Internationalization library development files
 libasprintf0v5 - GNU library to use fprintf and friends in C++
 libgettextpo-dev - GNU Internationalization library development files
 libgettextpo0 - GNU Internationalization library
Closes: 876498 882284 891347 893064 893739
Changes:
 gettext (0.19.8.1-5) unstable; urgency=medium
 .
   * Fix heap corruption in msgunfmt. Patch from Bruno Haible taken from
 upstream git. Thanks to Jakub Wilk. Closes: #876498.
   * Recommend lynx instead on lynx-cur.
 Thanks to Axel Beckert for the report. Closes: #882284.
   * Stop xgettext() from crashing when run with --its=FILE option.
 Patch taken from git. Thanks to Gunnar Hjalmarsson. Closes: #891347.
   * Support "nojava" instead of "stage1" in DEB_BUILD_PROFILES.
 Thanks to Manuel Fernández Montecelo. Closes: #893064.
   * Build with OpenJDK 9. Patch from Tiago Stürmer Daitx, adapted
 from openSUSE. Thanks a lot. Closes: #893739.
   * Move libgettextsrc, libgettextlib, and preloadable_libintl
 to multiarch directory as done on Ubuntu.
   * Use https in Bug-Debian field of Debian patches.
Checksums-Sha1:
 13d7edffed58138a649804862c1460e30b903b84 1995 gettext_0.19.8.1-5.dsc
 b6ffb3f38be67806dd96df4460f205a080b7cefc 26732 gettext_0.19.8.1-5.debian.tar.xz
 ba9a77f2884ca32ce4be9dc76a7a51eef7e51068 11186 
gettext_0.19.8.1-5_source.buildinfo
Checksums-Sha256:
 5b47bcd62556fe82c029489045a3c82bbd7a1189622e59f9c72c4d2674cfc680 1995 
gettext_0.19.8.1-5.dsc
 0f3b2940947ac87c365aa21ffc211b88b056e2be9043f306b0e3e4eb2b2221f5 26732 
gettext_0.19.8.1-5.debian.tar.xz
 995d95aeccabcc46a074786fd3c67af6dd6a4aa42e91dca4fc969d2160d363ce 11186 
gettext_0.19.8.1-5_source.buildinfo
Files:
 6a003046c69b22c0d39c754de1c5b85a 1995 devel optional gettext_0.19.8.1-5.dsc
 7653b182e029f75d87cfa4eed3f7a75e 26732 devel optional 
gettext_0.19.8.1-5.debian.tar.xz
 3482ae9105133a49a89445e09434fafc 11186 devel optional 
gettext_0.19.8.1-5_source.buildinfo

-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEE1Uw7+v+wQt44LaXXQc5/C58bizIFAlq2OlwACgkQQc5/C58b
izIrnAf/bHJ/0GbTlxV0CnuQcRiK6W2tfEmSi4CDdc2rzPAIewJREnIbvWAx0PMS
PHkU5W2bcD/yA9KBAtBn42Pnv5XCxKc/HhNrwC7oC0HwAQjCDfugmFRxOxlfY+o5
sdaHRHDN8ZLT8YW5kC7Tnj5met5S1KvjYE7UMS5oWvjkZ+UX3EUFybFJP2KDDwqg
k4PK6+Y59fMK1Zvqc/JKy7+SvyGLyM4AJ7eAt+iUrHeYkHPlons1QpRqXqDZ21c4
TlG5evUv7Y5I9sC8zRGwohZUdUKjrdWr6og8pKdyAU3IctpIsqk4BJKx5GaFWP2S
URLY55aX5/MBSlc+GTftxBxsSRjJlw==
=2Hoa
-END PGP SIGNATURE-

Accepted sharutils 1:4.15.2-3 (source) into unstable

[Santiago Vila]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Tue, 20 Mar 2018 01:09:02 +0100
Source: sharutils
Binary: sharutils sharutils-doc
Architecture: source
Version: 1:4.15.2-3
Distribution: unstable
Urgency: medium
Maintainer: Santiago Vila <sanv...@debian.org>
Changed-By: Santiago Vila <sanv...@debian.org>
Description:
 sharutils  - shar, unshar, uuencode, uudecode
 sharutils-doc - Documentation for GNU sharutils
Closes: 893525
Changes:
 sharutils (1:4.15.2-3) unstable; urgency=medium
 .
   * Apply patch from Petr Pisar to fix heap buffer overflow in unshar.
 This is CVE-2018-197. Closes: #893525.
Checksums-Sha1:
 9aa6ff13e320b0f2afb1af87cf6ea97e60fc4363 1466 sharutils_4.15.2-3.dsc
 0ccde1b63f13c1da583deacaccd9e93a4097c399 7776 sharutils_4.15.2-3.debian.tar.xz
 103ae770f83a747b4008d80d99d77bd17f177348 5498 
sharutils_4.15.2-3_source.buildinfo
Checksums-Sha256:
 b40450f5e5ea6f55684e30a04316a4fa1bbf78d19a4d8ee51bd42c648d49ff2b 1466 
sharutils_4.15.2-3.dsc
 0dbdc08ebe2b274dabbbecc2df1bcb83ef9a2db94a954e43b85afcc6c4ef9efc 7776 
sharutils_4.15.2-3.debian.tar.xz
 cecaa271a3ba2084bc9166099df9347e4c24719f4503b9e75ffdbbb86927a934 5498 
sharutils_4.15.2-3_source.buildinfo
Files:
 28cf1c79b19d630f14988eb65c29fc76 1466 utils optional sharutils_4.15.2-3.dsc
 6da9ccfdda13389cfdeb044cd9e37238 7776 utils optional 
sharutils_4.15.2-3.debian.tar.xz
 beb55139090e48d19ec8aa405b1c62f8 5498 utils optional 
sharutils_4.15.2-3_source.buildinfo

-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEE1Uw7+v+wQt44LaXXQc5/C58bizIFAlqwUa4ACgkQQc5/C58b
izLw/Qf/RtxYjGSWFxNe79Klg3iSa0He2ZPouL5J8iPXDjYDEWzpsJfKyUnCzjyM
Ms++ED97j/qZuNYeVfvCxJlELjCr3TyDZH3ZVakKCSTbQbpJGVOQwJfTtbi/ZVSQ
qldFZWK7Ju//WLaN8acyZgm3ca3MLjiserFXnlgY6KHljivly8tOvsRO0AbxkCvo
RJsSqGVGmpPqc9VegzfJy3GsMf3X7mfb9FDVKksXNIyJgOFIanWaSL4D0S8HftWb
Pn68o5RxYjQGSWnLV88xTtd9eE35qQb95/ijmFYZ8EIY9Zb7utVmlVnuYt5p4m0V
zbtBiV/3170gru952pIuWA20Zz+YGw==
=7PLB
-END PGP SIGNATURE-

Accepted base-files 10.1 (source) into unstable

[Santiago Vila]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sun, 14 Jan 2018 00:36:34 +0100
Source: base-files
Binary: base-files
Architecture: source
Version: 10.1
Distribution: unstable
Urgency: medium
Maintainer: Santiago Vila <sanv...@debian.org>
Changed-By: Santiago Vila <sanv...@debian.org>
Description:
 base-files - Debian base system miscellaneous files
Closes: 859649 882628 886901
Changes:
 base-files (10.1) unstable; urgency=medium
 .
   * Add CC0-1.0 to common-licenses. Closes: #859649, #882628.
 Source: https://creativecommons.org/publicdomain/zero/1.0/legalcode.txt.
   * Simplify debian/rules a little bit by dropping install target
 and using override_dh_auto_install instead. Closes: #886901.
 Package should now build from source again in every supported way.
 Thanks to Daniel Schepler for the report and to Niels Thykier for
 clarifying the true nature of this bug.
   * Do not create /etc/staff-group-for-usr-local on new installs anymore.
 Do not create it on upgrades either, as we don't support upgrades
 skipping stable releases, and even less skipping several releases.
   * Standards-Version: 4.1.3.
Checksums-Sha1:
 7bc683faa0cea2c728c96ddbfe04df372f8e63ff 1071 base-files_10.1.dsc
 65a05e235a5816904710b8ba61db9a08e5e72a30 65064 base-files_10.1.tar.xz
 e9274f20eaa689ad7b4797f2b0ca62dc48340e40 4628 base-files_10.1_source.buildinfo
Checksums-Sha256:
 993f58ec810722bf0210e06e351d58f1a316827b0995ffd03edbd2c3dc406130 1071 
base-files_10.1.dsc
 368d2c32572802838de1151be45e8964669d3901429856bee06d219f125801d3 65064 
base-files_10.1.tar.xz
 b22e02cd60dcb26256bb22ae4e4e3d788ea7890796b14953afbe1d7d08d0a8bf 4628 
base-files_10.1_source.buildinfo
Files:
 39684914a9eba28e643944ee89cc9a49 1071 admin required base-files_10.1.dsc
 aadc54a121b2dfbc7d784212aa3b4b78 65064 admin required base-files_10.1.tar.xz
 7abf6a04b862e9f10d0bd081259bf487 4628 admin required 
base-files_10.1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEE1Uw7+v+wQt44LaXXQc5/C58bizIFAlpanSQACgkQQc5/C58b
izJQXggAkaZPdgjMRD1G+kpoya58Rp2VA9q2M0sM3BjXMflclvSiUBkQAu4YfvBs
+CMTBEt64R+oX25tnGYOf+2/0/CHPKZxJUxE+oOteav718CksnbseKAGQHMui0jl
441YVSTJEN8sgx4teYcQvSxeNC+AX3+QCL0eODFyrbfCiUxuIrOumG1FDVf6rchX
9knj5Do6/yXUsRCWzlBO+9ZBhwfKrR4vOzL+42NdaqqaSKR8VjQILt8TrtMaSfKN
IoM601lvNzivzrzBW1wN3SZzwVIKgfk+jsoF+TJfSTxTIsdNI6mdZ5BzXoOzIB+M
bm/Ph67YxKmPBASD1x/fEwAF6g2O9Q==
=FVHS
-END PGP SIGNATURE-

Accepted dialog 1.3-20171209-1 (source) into unstable

[Santiago Vila]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sun, 17 Dec 2017 20:20:16 +0100
Source: dialog
Binary: dialog
Architecture: source
Version: 1.3-20171209-1
Distribution: unstable
Urgency: medium
Maintainer: Santiago Vila <sanv...@debian.org>
Changed-By: Santiago Vila <sanv...@debian.org>
Description:
 dialog - Displays user-friendly dialog boxes from shell scripts
Changes:
 dialog (1.3-20171209-1) unstable; urgency=medium
 .
   * New upstream release.
Checksums-Sha1:
 f0630a935e62baea90ee5c46c4cc0e11368b9dbd 1426 dialog_1.3-20171209-1.dsc
 ee0b829be362ae531932f9d2719df177f7c13508 511503 dialog_1.3-20171209.orig.tar.gz
 1892a9cbdc8cd39032c0dad876701e11835bae55 11620 
dialog_1.3-20171209-1.debian.tar.xz
 87c16b90f256cb268c878e5a094c822d3f130629 4330 
dialog_1.3-20171209-1_source.buildinfo
Checksums-Sha256:
 b9465b57a67a22fb28b80e55790a35492453c367c1656f6a77d5e38b0ee640b1 1426 
dialog_1.3-20171209-1.dsc
 20139442119e2eff5c35236e8e5e313c901539008d9cccf8c8ab3851b41267e6 511503 
dialog_1.3-20171209.orig.tar.gz
 de8a1d7bcc4059ee2d56e77e0c97209fd92b0251fdd721f19d37774eac9a043e 11620 
dialog_1.3-20171209-1.debian.tar.xz
 296ad1334a3b90e45b624d2a76bf332a29286dd45dae0a2653c779bfdc4e1547 4330 
dialog_1.3-20171209-1_source.buildinfo
Files:
 8943769e875d4680c0a1426e64fb2461 1426 misc optional dialog_1.3-20171209-1.dsc
 f66f28beca900b54f5fc90fdcce93508 511503 misc optional 
dialog_1.3-20171209.orig.tar.gz
 0f55306d3db9f1b09f09abb37426323d 11620 misc optional 
dialog_1.3-20171209-1.debian.tar.xz
 d9c9347141c9572899dfb2fc816b0456 4330 misc optional 
dialog_1.3-20171209-1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEE1Uw7+v+wQt44LaXXQc5/C58bizIFAlo2xc8ACgkQQc5/C58b
izK//Qf9EvbP9Vfw7EMYCnNvl4UZCgHK/lezPNiyWQR6GMrJcL0UPN/k3J6Hb9Rc
LOXdm4GN9Ug64PlC5ZfyJ2qeuSIFmgR72Uj/uqQNNhW0esN6FrDOZtchUE1ahgTN
L1H7MvQ7HubvMlbStU4Q1PBa0yWIkVR2/v4i65hUtqlOJqknCz0nUjkPzTZT2nTM
DjxSajvEbRcXXTY/iLxlCA7ZX+ZDejmwEHeHcr9fClvH45GUIGmMwSiX3MZPU6PN
8Dk0T0iVOHp5392dYES+PHoBHNNbUzTdS9UKopuvKrfbugnpk+YmTC8u5lcX9S82
/5O/kNhjvzqd/2OCbbH4g1WqU6YEvw==
=YXXJ
-END PGP SIGNATURE-

Accepted procmail 3.22-26 (source) into unstable

[Santiago Vila]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Thu, 16 Nov 2017 23:42:36 +0100
Source: procmail
Binary: procmail
Architecture: source
Version: 3.22-26
Distribution: unstable
Urgency: medium
Maintainer: Santiago Vila <sanv...@debian.org>
Changed-By: Santiago Vila <sanv...@debian.org>
Description:
 procmail   - Versatile e-mail processor
Closes: 876511
Changes:
 procmail (3.22-26) unstable; urgency=medium
 .
   * Fix buffer overflow in loadbuf(). Closes: #876511.
 Reported by Jakub Wilk using American Fuzzy Lop.
 For reference, this is CVE-2017-16844.
Checksums-Sha1:
 c0d1d7fd5b2b09f2df4c33dca5878304459ce040 1320 procmail_3.22-26.dsc
 e3bc9065f6d2aa7f230ed0b380ab9c103ce56da7 20152 procmail_3.22-26.debian.tar.xz
 a19b9bfeea58d5e1b5a12429189508ab499488ce 3857 procmail_3.22-26_source.buildinfo
Checksums-Sha256:
 aa1d2edc716c28ce8547b49c36acc745eb4f0a1db1f1d362233a8c81060a3518 1320 
procmail_3.22-26.dsc
 f1b9d15277013f2ae300a73a51417efc4eaf283f3629986dc8470cdab11f9fb3 20152 
procmail_3.22-26.debian.tar.xz
 95ad70de092dbdd008a81afa52280703a22046e1f01e381d622b3ea4f2ce7988 3857 
procmail_3.22-26_source.buildinfo
Files:
 cbcdaa0ff0c9f576dc496bf4054e4a12 1320 mail standard procmail_3.22-26.dsc
 56b2ef59dade568b6e5e9ca4e618fec7 20152 mail standard 
procmail_3.22-26.debian.tar.xz
 07d414301b40a88bc9d7de067c323bf9 3857 mail standard 
procmail_3.22-26_source.buildinfo

-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEE1Uw7+v+wQt44LaXXQc5/C58bizIFAloOF7cACgkQQc5/C58b
izLmygf9HMG7e8ObDBlFQcFiMqvL+beeTlma62DpolkqbZlSkkfvrG7ZzBa/KWI1
6agCAM08EbZT97MiUvFJIDkoVwjMxpWzVgoUMQ3cEQLZNmIBi9a/sOPuzhriHCuf
zCo5S/qPYHa3XfXsnJLBCf1RKvK/4UPJXEnH2doKjjqKcg07MNsHaJA5LN+Y44+W
JI0yTIYTqfVZpxIlg5fiVML+SGVYQHfG6WSFUJFQLY8fDLgLeu4jkWxnqiET/r8k
T7EhU+49XilLO1P3zC6QaVIJyAvjDPOlnRbJyuS0Uc+1Nav89q+awp5xdGEfyxjt
lv50jxOkwWDLur1jXMVVYcZyWUbftg==
=HqOO
-END PGP SIGNATURE-

Accepted gettext 0.19.8.1-4 (source) into unstable

[Santiago Vila]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Tue, 22 Aug 2017 03:20:24 +0200
Source: gettext
Binary: gettext-base gettext gettext-el gettext-doc autopoint libgettextpo0 
libasprintf0v5 libgettextpo-dev libasprintf-dev
Architecture: source
Version: 0.19.8.1-4
Distribution: unstable
Urgency: medium
Maintainer: Santiago Vila <sanv...@debian.org>
Changed-By: Santiago Vila <sanv...@debian.org>
Description:
 autopoint  - The autopoint program from GNU gettext
 gettext- GNU Internationalization utilities
 gettext-base - GNU Internationalization utilities for the base system
 gettext-doc - Documentation for GNU gettext
 gettext-el - Emacs po-mode for editing gettext .po files
 libasprintf-dev - GNU Internationalization library development files
 libasprintf0v5 - GNU library to use fprintf and friends in C++
 libgettextpo-dev - GNU Internationalization library development files
 libgettextpo0 - GNU Internationalization library
Closes: 872869
Changes:
 gettext (0.19.8.1-4) unstable; urgency=medium
 .
   * Avoid extraneous NUL bytes in .mo files. Closes: #872869.
 Patch based on commit 2bad4d89684303fe884410ab0ae53770df6a6093
 by Bruno Haible. Reported by Jakub Wilk. Thanks a lot.
Checksums-Sha1:
 666ee5cc0e566f02f645e061c61bfd7b3d9e2a94 1975 gettext_0.19.8.1-4.dsc
 05b590c181bb0b1dbcc50512821cb59ed687933e 23848 gettext_0.19.8.1-4.debian.tar.xz
 3ee8d6ec243d3f6fc8b27f136bb8e33128ad2ea4 10169 
gettext_0.19.8.1-4_source.buildinfo
Checksums-Sha256:
 538d9cf5f9927f9ac863b8395b496f919a7e2cdf53b2c952adc813b1f6ef0693 1975 
gettext_0.19.8.1-4.dsc
 5b33bdaa4c2b2e1062aac8ad793941612b5cc2a6342a7cae303ea6d2e440137f 23848 
gettext_0.19.8.1-4.debian.tar.xz
 1b817bc870800839f1ca7b810f6657826a8d5990ffd7a772a4f1a843b9ab7d67 10169 
gettext_0.19.8.1-4_source.buildinfo
Files:
 3e2ed7c8b6dbbf0879904bcb80713558 1975 devel optional gettext_0.19.8.1-4.dsc
 a87303627ee96b8c239188d434460edb 23848 devel optional 
gettext_0.19.8.1-4.debian.tar.xz
 fae410f45b25450ec3537ea83ba5d107 10169 devel optional 
gettext_0.19.8.1-4_source.buildinfo

-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEE1Uw7+v+wQt44LaXXQc5/C58bizIFAlmbilUACgkQQc5/C58b
izJKmwf9HwdrXjwY60h/jpVH8MMRzezuE6o6fq23fgJBdZQKwdkHUOzc5+G0x5cU
b7V2iIDQJWX7H3bWO9epIMciFo1UcJ2SHIt5KI/9zJ8kXCtHKl3+Kby1M0H2OX0O
Fl015aTViOQl49b3J+EeYqVXdnRXVecVvrRV3bLou1Rfz682yqnV+GW2yHGH+4rB
Gf4X/EXBFnVRETt764Yf5Eokt9NOTIOZ8dvNZJzAMUHVuL9KBbH69NS2KGjiqdxc
sA4yDoPL0WdPFaIegXjPaJpw0t6ekmGyNgAFjrA07e+OTUgGuFfg0R9pw5Vd0bSW
Gl1B2KVmrqFUXSdj0VGKg4Cuh4y+yA==
=1j1f
-END PGP SIGNATURE-

Accepted gettext 0.19.8.1-3 (source) into unstable

[Santiago Vila]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sun, 20 Aug 2017 22:50:10 +0200
Source: gettext
Binary: gettext-base gettext gettext-el gettext-doc autopoint libgettextpo0 
libasprintf0v5 libgettextpo-dev libasprintf-dev
Architecture: source
Version: 0.19.8.1-3
Distribution: unstable
Urgency: medium
Maintainer: Santiago Vila <sanv...@debian.org>
Changed-By: Santiago Vila <sanv...@debian.org>
Description:
 autopoint  - The autopoint program from GNU gettext
 gettext- GNU Internationalization utilities
 gettext-base - GNU Internationalization utilities for the base system
 gettext-doc - Documentation for GNU gettext
 gettext-el - Emacs po-mode for editing gettext .po files
 libasprintf-dev - GNU Internationalization library development files
 libasprintf0v5 - GNU library to use fprintf and friends in C++
 libgettextpo-dev - GNU Internationalization library development files
 libgettextpo0 - GNU Internationalization library
Closes: 792687 825436 871271
Changes:
 gettext (0.19.8.1-3) unstable; urgency=medium
 .
   * Add g++ (>= 4:7) to Build-Depends to ensure it's built with GCC 7.
   * Update shlibs file for libasprintf0v5. Closes: #871271.
   * msgfmt: Remove POT-Creation-Date field from the header in the output.
 Taken from upstream commit d13f165b83701dffc14f7151419e0c00c00c0d1b.
 Should help reproducible builds. Closes: #792687, #825436.
   * Drop spurious spaces/tabs in the changelog.
   * Activate ldconfig via triggers.
   * Build against libunistring2.
   * Rename patches to *.patch.
Checksums-Sha1:
 6ec2a03aef19705cf329571d8e24baf4e1a3 1975 gettext_0.19.8.1-3.dsc
 8e4445cfd19c3fa198e4bae6124dd4d3a698404a 23624 gettext_0.19.8.1-3.debian.tar.xz
 6d93070abf93e5db4529f733bdbe90111b887f0a 10169 
gettext_0.19.8.1-3_source.buildinfo
Checksums-Sha256:
 bc622d43e47f9df367856d184166495edaebbf894a03e0a9a3a05e2b7f655b64 1975 
gettext_0.19.8.1-3.dsc
 cbe851fd83714512df590e3155c91e3f33037c881c13f4e056a44bb131e463c0 23624 
gettext_0.19.8.1-3.debian.tar.xz
 e300d90a66848cbcda29655d1639d15bec22398f3f3b91ce432f05a0a5f5a836 10169 
gettext_0.19.8.1-3_source.buildinfo
Files:
 5ab0ae38f36c9c356dc573f463050b45 1975 devel optional gettext_0.19.8.1-3.dsc
 74469034164910abee9835b3d8bff267 23624 devel optional 
gettext_0.19.8.1-3.debian.tar.xz
 7d52ce253c75e3786b1834f366784cf1 10169 devel optional 
gettext_0.19.8.1-3_source.buildinfo

-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEE1Uw7+v+wQt44LaXXQc5/C58bizIFAlmZ9lIACgkQQc5/C58b
izKX6Af+Kinl/z/dEqpQGXIG5BRppRwcCUqdtY20aErOFofmkj/0qFwjzMrly0u2
QWJMmbTKMuO689oZJYHojOvFodzRqOu3/KlGw+ge/ehkOGz0Swv80fVV/I3MtAkw
12n1NFogXTDCnvL4NlcWrIhLyhemPfzX/+6179r2sS2QjAvOFqJ+goF19WD1xhxl
3dSmev+eomySHN6iNGN67uNts7/tf76rgbUoZPf2J0WDNNE6Eanlg5jQfp7r6JwT
nmwwk5matF90/iSETqPcjVGKl9rUHY/IRc52sVqruPh22C9uVwEUTWM3zCNq86K4
KjlUEGccIgKQNz5RfItYk3b+00oGMQ==
=Do+B
-END PGP SIGNATURE-

Accepted diffutils 1:3.6-1 (source) into unstable

[Santiago Vila]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Fri, 04 Aug 2017 23:20:16 +0200
Source: diffutils
Binary: diffutils diffutils-doc
Architecture: source
Version: 1:3.6-1
Distribution: unstable
Urgency: medium
Maintainer: Santiago Vila <sanv...@debian.org>
Changed-By: Santiago Vila <sanv...@debian.org>
Description:
 diffutils  - File comparison utilities
 diffutils-doc - Documentation for GNU diffutils in HTML format
Closes: 853373
Changes:
 diffutils (1:3.6-1) unstable; urgency=medium
 .
   * New upstream release.
   * Should now build with GCC 7. Closes: #853373.
Checksums-Sha1:
 e7395d8a0795b63b487c54d39e4d74ed0dcb633c 1453 diffutils_3.6-1.dsc
 1287a553868b808ebfff3790a5cdc6fdf7cb2886 1398296 diffutils_3.6.orig.tar.xz
 3f2d282d6d9b2f1f6ed2e49cd82a9a20a324d5e2 10808 diffutils_3.6-1.debian.tar.xz
 44761547a18d927942e8ef9f664a1bfc98206cb1 4844 diffutils_3.6-1_source.buildinfo
Checksums-Sha256:
 26fe7690b45748dc92cee6af224192e78db2ac574e16ae0aeb8ed6a472c883cd 1453 
diffutils_3.6-1.dsc
 d621e8bdd4b573918c8145f7ae61817d1be9deb4c8d2328a65cea8e11d783bd6 1398296 
diffutils_3.6.orig.tar.xz
 f6ab546a134bde18a87ca8e3c98919680e79d81a65a24801ae06ef69b33f24d8 10808 
diffutils_3.6-1.debian.tar.xz
 2a59f2afac7706e456528d005edf1c8bb89fadd989e44067a007a45d6610ed5b 4844 
diffutils_3.6-1_source.buildinfo
Files:
 a8b31aceef69fd3f2849e93c197f7933 1453 utils required diffutils_3.6-1.dsc
 07cf286672ced26fba54cd0313bdc071 1398296 utils required 
diffutils_3.6.orig.tar.xz
 8b80e52b911df2ba2651419e59528156 10808 utils required 
diffutils_3.6-1.debian.tar.xz
 0ed22c814d3022dbf4505f626a57e2c3 4844 utils required 
diffutils_3.6-1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEE1Uw7+v+wQt44LaXXQc5/C58bizIFAlmE5tEACgkQQc5/C58b
izJBrwf/alLbabISL40TUIdibliN2pOhu/CmIl1MKq6N4CFJjadw1lUSJRyfHHUW
3tnkCsDxLr35WmWQHjoAhQY7M0pqXVvXqbZTQ/8EUSAoA237i0T9z+nDt7PUGCLp
wNhca30nPtVJkL+sx7dh8w78rVpx8sdXuEnfrzLEz5B5f0jSn8S6E/EHcCKzr0Ai
ugehE9p6zjlB2rknvT7JXFX8hdny9vQev21x3bBWcXB2owV6TmfLZJbAnrUz71V4
q1wLY6qwCIQzhItnx8+C6um/cDsK9v5P/qhmxJEm/fMHwalcg7EmbgKbTYygZqEU
3eI27OUhpSCcLm8NaU4RcoTTW2UrTw==
=qWlv
-END PGP SIGNATURE-

Accepted base-files 10 (source) into unstable

[Santiago Vila]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Mon, 26 Jun 2017 00:19:42 +0200
Source: base-files
Binary: base-files
Architecture: source
Version: 10
Distribution: unstable
Urgency: medium
Maintainer: Santiago Vila <sanv...@debian.org>
Changed-By: Santiago Vila <sanv...@debian.org>
Description:
 base-files - Debian base system miscellaneous files
Changes:
 base-files (10) unstable; urgency=medium
 .
   * Change issue, issue.net, debian_version and os-release to read
 "buster/sid", and drop VERSION and VERSION_ID from os-release.
   * Fix typo in changelog for version 9.
Checksums-Sha1:
 fb08b44b1d3cdf296ef13ae2f77f9e946ea9d544 1063 base-files_10.dsc
 6191da5934e38edfdd9347e63b6b48c161a36a2b 62872 base-files_10.tar.xz
 51b873d9ee59df18ba2f71fbf7f502b28e06a42a 4711 base-files_10_source.buildinfo
Checksums-Sha256:
 9e0e1f9fa67c55c552e053c340327f2d6c366b882fab74197170b03caefac488 1063 
base-files_10.dsc
 11a1f87511c26be242ad549b6d1262aed9c6a7eb2dd3a005d2e49bf41c445b83 62872 
base-files_10.tar.xz
 c67abbb1d3acbdeb11238f6d516cd6af55cd5e3f8030bdca2004217fdecdbf62 4711 
base-files_10_source.buildinfo
Files:
 2b112a000b59756485b726141ea346be 1063 admin required base-files_10.dsc
 33d2eb9cc10344d85d657985c13b33ea 62872 admin required base-files_10.tar.xz
 f1c79a2697384f4fba0724e0887aa104 4711 admin required 
base-files_10_source.buildinfo

-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEE1Uw7+v+wQt44LaXXQc5/C58bizIFAllQOHcACgkQQc5/C58b
izII7wf/cxDT3WEnMVr09P8Y5Yt/zK4j0bp7X3BbKvU51ZmLQtYQOaRUQmdlzc6h
zS4azUHbbKgS4lfgVpw+M4XtnvmLSkrP6DtkdnQEWLtrRYbiJOSqsEobaEnbD3Uy
C8H8KS/b3NPQtijx111EAdOHWe2K45TZIp13GkJaA5rXVItVThnv0zga3G45IVnC
ZrsTdmUv5CBKGarGLtwrwTXeTgn9G8bh7BRfy/uVqG2BsxLYqG578efPzWPFQwcF
4xaWDjpdFdHfHXBccRKnnp0Okl4qXSq1KkYS39b+Y1uaatw3GQKseJzjCKjrRwOT
CAuP3OarumcuoBpo3+2eM2DS1EhRVw==
=g3xO
-END PGP SIGNATURE-

Accepted base-files 9.9 (source) into unstable

[Santiago Vila]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Tue, 04 Apr 2017 18:00:30 +0200
Source: base-files
Binary: base-files
Architecture: source
Version: 9.9
Distribution: unstable
Urgency: medium
Maintainer: Santiago Vila <sanv...@debian.org>
Changed-By: Santiago Vila <sanv...@debian.org>
Description:
 base-files - Debian base system miscellaneous files
Closes: 849835 859124
Changes:
 base-files (9.9) unstable; urgency=medium
 .
   * Add MPL-1.1 and MPL-2.0 to common-licenses. Closes: #849835.
 License texts taken from https://www.mozilla.org/en-US/MPL/.
   * Add a default /etc/update-motd.d/10-uname script to
 recover the traditional motd behaviour. Closes: #859124.
Checksums-Sha1:
 f823abfeb039fcff8bce7af2d20c8331e9b74c7b 1067 base-files_9.9.dsc
 8586c56059e4a7910097488db5cbb6b93dd8b5a0 62840 base-files_9.9.tar.xz
 21efb3121eaa7be5e772528aeb8c00f20b44f384 4878 base-files_9.9_source.buildinfo
Checksums-Sha256:
 4ae5728880b81789ae95f0aca8f630d51c4b894e00c4b0e8bfc7c3ebabb595d1 1067 
base-files_9.9.dsc
 c941e091eea9d2949b6ed3b8d37ea1d086b50b10d564103d52fafcd129ac1931 62840 
base-files_9.9.tar.xz
 f3dd6545eb369436002bda06ccb7f250f89ba1995739e535679f1b13ab9c6824 4878 
base-files_9.9_source.buildinfo
Files:
 dbc6ad2cb1f97c60bb4fae9e85660f5a 1067 admin required base-files_9.9.dsc
 470e6e988d8d87c0362d6e86caeb1097 62840 admin required base-files_9.9.tar.xz
 429509a88933ec23925d8a4ba947a4ae 4878 admin required 
base-files_9.9_source.buildinfo

-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEE1Uw7+v+wQt44LaXXQc5/C58bizIFAljjzewACgkQQc5/C58b
izK2Wwf9E16/ZJDFH6kdstz9Agy+UQqGcLmPk5/KkF5Wz+rGzvZtYlN8NjJnJ5A0
rF0FIFsAbkuuSZPVLKoQueEbO5VkLXE5qhBSL9z/Q1bBmJ2QumoSkB77CR572iJH
6iRYzUMIumjoO8veBKyGyqROohcV+rIZKkmtoGx6sY8ZBLe+4xpmBUq76cQ48Gt0
XW1e0c6d1yQhArFE/mJ79oqjoQqANhhMIsRGwss/HhwDemeW5vot3bhf51IsqJ6t
OR0iyKj0vPUyvdJ0dcADpUSjEj0A3Kvlzc1dWpDUlsH3edIUTuGPXCIEhfSpmxID
o1Cv7h+ui7epF+uB3qNHSU5X4h2XsA==
=R/Nw
-END PGP SIGNATURE-

Re: systemd, ntp, kernel and hwclock

[Santiago Vila]

On Mon, Feb 27, 2017 at 05:59:53PM +0100, Daniel Pocock wrote:

> Can anybody make any suggestions or add anything to the wiki?

My old Mac Mini had a crazy clock and ntp was not enough to sanitize it.
I fixed it by using adjtimex in addition to ntp.

As an example, my clock was off by 2890 parts per million, so I used
this in /etc/default/adjtimex:

TICK=10028
FREQ=5898240
# 28 * 100 + 5898240 / 65536 = 2890 ppm

This used to work very well, but OTOH I had my computer always on, so
I'm not sure it the cases are similar.

Thanks.

Re: Help requested: Packages which FTBFS randomly

[Santiago Vila]

On Tue, Feb 21, 2017 at 09:36:58PM +0100, Vincent Bernat wrote:

> Accomodating for all build environments is a slippery slope. What if I
> use a 128MB host with 64GB of swap? Timing-related tests will start to
> fail. Is it Debian job to fix all the test suites? Should I be able to
> build packages on a system not supporting ACL? On a kernel not
> supporting users? On a grsec kernel? With a low ulimit value for the
> number of opened files or on the stack size? On a chroot on an Android
> phone? On the Windows Subsystem for Linux?

I don't really have a problem with multi-core being the only supported
build setup in some distant future, but if such thing ever happens, it
should be because Debian decides it, either the Release Managers at
the start of a release cycle (not at the end), or the Debian
Developers as a whole by way of a General Resolution.

The current scenario where some maintainers think they have the power
to decide about this on their own for their own packages is not
acceptable at all.

Having said that, there are practical reasons why we should keep
support for single-CPU build systems, for example, you can split the
work better if you have a build farm and you can save real money.

Also, the number of packages that we have to fix to support this is
still extremely small, and most of them have been fixed as they have
been reported. The number of packages in stretch which are not
buildable on a single-CPU system may be counted with the fingers of
just one hand.

Nothing to do with the number of problems that would arise if you use
a 128MB host with 64GB of swap or any of the really weird things you
mention. Really, building with a single CPU is not a sin, and people
should not be punished for doing so.

Thanks.

Re: Help requested: Packages which FTBFS randomly

[Santiago Vila]

On Mon, Feb 20, 2017 at 09:22:35PM +, Ian Jackson wrote:

> If you do not get good answers, please take this to the TC.[1]

Thanks a lot for your support, Ian.

What kind of question do you think I could make to the TC?

Maybe this one for a start?:

 Should building Debian source packages on a single-CPU machine be
 supported at the same level as building on a multi-core machine, to
 the point that a FTBFS bug on a single-CPU machine should be serious
 regardless of what happens on buildd.debian.org? (The RM can still
 stretch-ignore if they wish).

Do we really need a ruling from the TC regarding this?

Thanks.

Re: aren't unreliable tests worse than none? (Re: Help requested: Packages which FTBFS randomly)

[Santiago Vila]

On Mon, Feb 20, 2017 at 06:46:25PM +, Holger Levsen wrote:
> On Mon, Feb 20, 2017 at 10:29:28AM -0800, Russ Allbery wrote:
> > The point is that they don't randomly fail in the sense that they don't
> > fail n% of the time when run in any possible build environment.

We don't really know. Some FTBFS-randomly bugs *are* that way indeed:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838828

In that one, unless you cheat with the random seed, the probability of
failure is mathematically guaranteed.

> …but point taken, not all FTBFS bugs are RC(!) as
> <20170220152410.3mkm5tebg5i2y...@perpetual.pseudorandom.co.uk> nicely
> explained and whose explainations where mostly ignored by Santiago in his
> reply…

I agree that not all FTBFS bugs are RC, but I reject the idea that we
can take buildd.debian.org as the only and single criteria to decide
about RC-ness as some people seem to do.

This will make bugs not RC "because my computer is too slow" or
"because my computer is too fast" or "because my computer is already
running the kernel of stretch", or "because I didn't installed this
package which is no longer essential", none of which I consider
acceptable reasons to downgrade a FTBFS bug.

Thanks.

Re: aren't unreliable tests worse than none? (Re: Help requested: Packages which FTBFS randomly)

[Santiago Vila]

On Mon, Feb 20, 2017 at 06:10:23PM +0100, Vincent Bernat wrote:
>  ❦ 20 février 2017 13:44 GMT, Holger Levsen  :
> 
> >> As a rule of thumb, upstream usually knows better than me which tests
> >> are important. Tests are quite important for the packager to know if
> >> they didn't make an obvious mistake when updating a package (e.g new
> >> dependency missing, something easy to miss by testing manually). Test
> >> are quite important in a team as you may have to update the package
> >> while knowing little about it (e.g adding a security patch).
> >
> > I get why tests are useful. I just think unreliable tests do more harm then
> > good. (Mostly because this leads to ignoring those tests completely. BTDT.)
> 
> We are speaking of tests that succeed reliably on the packager's own builder.

We are also speaking of tests which are well known to be unreliable
under certain circumstances but the maintainer refuses to acknowledge
it or does not care at all.

The rygel bug comes to mind (#841098). Again, because "it does not
happen in buildd.debian.org", except that it was not even true in this
case and it actually happened in buildd.debian.org.

Thanks.

Re: Help requested: Packages which FTBFS randomly

[Santiago Vila]

On Mon, Feb 20, 2017 at 03:24:10PM +, Simon McVittie wrote:
> On Mon, 20 Feb 2017 at 10:41:49 +0100, Santiago Vila wrote:
> > You are somehow trying to equate RC-ness with "it FTBFS in 
> > buildd.debian.org".
> 
> No, I'm saying that a sufficiently repeatable FTBFS on buildd.debian.org
> is effectively release-critical whether Policy says it is or not,

Well, I don't really understand the "whether" part, considering that
Release Policy already says that packages must autobuild without failure.

> because if we can't build the package, we can't release it (or can't
> release security updates for it later, or both).

That's the problem, the excessively pragmatical approach to
buildability. For the release, we seem to care only about *our*
ability to build the package, but: What about the user's ability to
rebuild the package?

We don't just ship binary packages. We ship source packages that the
user might want to modify and rebuild (outside buildd.debian.org).

Consider an extreme case: What would happen if we can build the
package but nobody else could?

The package would have an implicit "build-depends: buildd.debian.org"
and it would be effectively non-free, as nobody else could rebuild it.

However, I can imagine some maintainers that would happily downgrade
the FTBFS bug below serious "because it builds ok in buildd.debian.org".

I don't think that's what we want.

Thanks.

Re: Help requested: Packages which FTBFS randomly

[Santiago Vila]

On Mon, Feb 20, 2017 at 11:33:23AM +, Ghislain Vaillant wrote:

> I share the same feelings towards a similar intermittent FTBFS with
> src:python-qtpy (#8544936). I admit I have no clue what is going on,
> neither does upstream, nor does the reporter (Santiago).

That would be #854496. It also fails here:

https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/python-qtpy.html

Believe me, this is also frustrating for me. If you absolutely need a
machine to reproduce this, contact me privately.

Thanks.

Re: Help requested: Packages which FTBFS randomly

[Santiago Vila]

On Mon, Feb 20, 2017 at 08:30:04AM +, Simon McVittie wrote:
> Debian is an operating system, not an academic exercise. If a package
> builds successfully reliably enough on buildds, porterboxes, and
> developers' hardware or VMs that we can prepare security updates and
> other urgent patches for it in a reasonable time, then it's close
> enough.
> 
> Conversely, packages that don't work on Debian's buildds are likely to
> be de facto unreleasable, even if they work fine on less problematic
> hardware[1] or in "more realistic" build environments[2].
>
> [...]
>
> [2] 
> https://wiki.debian.org/qa.debian.org/FTBFS#A2017-01-29_tzdata_and_lsb-base_no_longer_installed_in_build_chroots

You are somehow trying to equate RC-ness with "it FTBFS in buildd.debian.org".

While that may be close to the truth, it is not the truth itself.

And the couterexample has been provided by yourself: Bugs about tzdata
and lsb-base were declared RC by a Release Manager well before they
were removed from buildds (thanks to Lucas Nussbaum).

Does this mean we were doing an "academic exercise"?

No, we were following the common rules that we have set for ourselves
regarding build-essential and build-depends, and those rules do not
(and should not) depend on a particular build daemon failing or not.

Thanks.

Re: Help requested: Packages which FTBFS randomly

[Santiago Vila]

On Mon, Feb 20, 2017 at 01:57:52AM +0100, Adam Borowski wrote:

> * single-CPU machines have gone the way of the dodo.  Even the crummiest
>   machine I could find while dumpster-diving looking for a non-sse3 one
>   already has HT and builds your examples successfully.  Same for ARM SoCs
>   -- my RPi1 is kaputt, and anything newer has multiple cores.  This, I'd
>   say it's a waste of time to care about _building_ on single CPU.

Sure, single-CPU machines are extremely difficult to find these days,
but *only* as physical machines.

If you were to make a derived distro, let's say, using different build
flags, and wanted to build all packages, you would probably not buy a
new computer for that, you would rent virtual machines instead.

And those are single-CPU if they are small enough. Building on
multi-core is anti-economic, because a multi-core machine usually
cost twice or four times the price of a single-CPU machine.

"But they take half or a quarter of the time", you will say. Well,
maybe, or maybe not. Some packages benefit from parallelism and some
do not. I've checked that 97% of all packages in stretch may be built
with only 1 GB of RAM. Using a bigger machine is usually a waste of resources.

So yes, single-CPU machines are still very common these days, except
that they are not whole computers anymore, and lots of people use them
every day. Considering them to be unupported "because all physycal
machines are multi-core these days" would be quite silly.

Thanks.

Re: Help requested: Packages which FTBFS randomly

[Santiago Vila]

On Mon, Feb 20, 2017 at 12:05:42AM +0100, Vincent Bernat wrote:
> More and more packages come with test suites to help developers and
> packagers ensure things are working as expected. It would be great if
> test suites didn't have failures of their own but it's better to have
> them and it's understandable that most packagers don't want to blindly
> disable them.

Well, I don't advocate for doing anything "blindly", I just expect
individual tests to be disabled when it's abundantly clear that they
are wrongly designed.

> Your chosen build environment is not common and fixing build failures
> for uncommon environment may seem a waste of the "Debian-allocated time"
> for some people (including me).

Wait a moment. How we do define "common" when applied to a "build
environment"? Number of packages built? Number of people building with
such build environment? What if somebody has a build environment and
builds packages 100 times as often as it's done on buildd.debian.org?
Does such build environment becomes "common" then? I think it should.

I would say, for example, that the build environment used by Lucas
Nussbaum in his archive rebuilds, or the one in reproducible builds
could easily be more "common" than buildd.debian.org, considering
that the same packages are built over and over again.

My own autobuilders take 7-10 days to build all packages, and they are
running all the time. For Arch:all packages I build them a lot more
often than buildd.debian.org, who only build them once when the
maintainer uploads them, or even zero times when the maintainer does
not upload in source-only form.

> The policy doesn't state that a package
> must build when there is not enough disk space or memory.

It would not be reasonable to have a policy for that. Each package
needs what it needs. I think you are comparing apples and oranges here.

> Maybe it would be far simpler to allow packages to fail to build
> if there is not enough CPUs.

The mere concept of "not enough CPUs" is just flawed and wrong.

This is basic Computer Science: Everything you can do with two or more
CPUs, you can do it as well with only one CPU (even if slower).

Thanks.

Re: Help requested: Packages which FTBFS randomly

[Santiago Vila]

On Sun, Feb 19, 2017 at 06:27:16PM +0100, Christoph Biedl wrote:
> Ian Jackson wrote...
>
> > If there is to be a failure probability threshold I would set it at
> > 10^-4 or so.  After all, computer time is cheap.
> 
> To determine 10^-4 with some accurance you'd have to rebuild that
> package 2 times. This is an amount where computer time isn't cheap
> any longer.

The figure by Ian is very ambitious indeed, but so much that maybe
it's not very realistic.

I fully agree with the underlying idea, however: If we can measure the
failure rate, then it means it already fails too often to be acceptable.

Anybody who tries to build all Debian source packages will find that
the number of packages that fail to build is a random variable,
sometimes it will be 3, sometimes it will be 5, etc.

A nice goal regarding reliability would be that the expected value for
this random variable (the number of failing packages) should be closer
to 0 than to 1 (when you try to build once every single package).

For that to happen, the around 50 packages which FTBFS randomly should
do so less than 1% of the time (I'm assuming here that all the others
"never" fail to build).

I think this is feasible, but only if we start not allowing
(i.e. making RC) things that we seem to be currently allowing.


BTW: Could anybody tell me when exactly "FTBFS on a single-CPU machine"
stopped being serious and RC? Did such thing ever happened?

I'm pretty sure that I was already a DD when such thing could have
happened, but right now I can't remember it.

(See #848063 for why I'm asking this).

Thanks.

Re: Help requested: Packages which FTBFS randomly

[Santiago Vila]

On Fri, Feb 17, 2017 at 06:59:00PM +, Niels Thykier wrote:
> Santiago Vila:
> > On Fri, Feb 17, 2017 at 06:23:00AM +, Niels Thykier wrote:
> > 
> >> Santiago already brought it up in #844264.  I believe my answer in
> >> comment 70 is still relevant (other than I incorrectly used "after the
> >> freeze" when I meant "after the release").
> > 
> > Well, but when I said "Ok, will do" in Bug #844264, it was a reply to
> > your request to postpone this after the freeze, not after the release.
> > 
> 
> I obviously wrote the wrong thing

Actually, it was not obvious for me at all, this is what you wrote:

>  But I do not think we have capacity for that talk right now in the
>  release team (between an incomplete openssl transition and the BTS
>  breaking causing britney to migrate tons of packages despite RC
>  bugs).

You mentioned here two things: openssl transition and the BTS glitch
that made buggy packages to propagate to testing. Those were the
"issues of the day" at the time, and are now mostly in the past.

This, and the fact that no other Release Manager fixed your mistake,
is the reason why I believed you meant "freeze" when you wrote "freeze".

> and I am sorry for creating that misunderstanding.

Ok, but please let us face the consequences: I downgraded all those
bugs to important because I expected you, Release Managers, to give
some guidelines about how to handle them *before* the release.

If this is not going to happen, I'll have to raise those bugs to
serious again, following your own guideline (see Message #35 from
Julien Cristau) that the bugs are serious as a general rule (because
no other guideline was given so far).

If we really want to skip this issue for stretch, then we should use
stretch-ignore, not severity important.

Do I have your permission to use stretch-ignore here?

[ I would do that on any FTBFS-randomly bug present or future, except
  those packages failing more than 50% of the time, because IMO that
  would be completely absurd ].

Thanks.

Re: Help requested: Packages which FTBFS randomly

[Santiago Vila]

On Fri, Feb 17, 2017 at 06:23:00AM +, Niels Thykier wrote:

> Santiago already brought it up in #844264.  I believe my answer in
> comment 70 is still relevant (other than I incorrectly used "after the
> freeze" when I meant "after the release").

Well, but when I said "Ok, will do" in Bug #844264, it was a reply to
your request to postpone this after the freeze, not after the release.

I definitely don't think we should do absolutely nothing in stretch
about this, so I'll continue to ask for help here in -devel:

Let's consider only the most blatant cases, the ones at the top of the
list I posted before.

Can anyone here reproduce any of the following *two* bugs?
(Using sbuild in a single-CPU machine)

837067  1.000   libsecret
848063  0.990   ri-li

If we could only fix those two for stretch, we will be proudly able to
say, when released as stable, that no package in stretch does fail to
build more than 50% of the time (in a single-CPU machine).

Then we could think of thresholds lower than 50% for buster, but at
least we would avoid the Schrödinger paradox in stretch.

Thanks.

Re: Help requested: Packages which FTBFS randomly

[Santiago Vila]

On Wed, Feb 15, 2017 at 03:02:23PM -0500, Jeremy Bicha wrote:
> On Wed, Feb 15, 2017 at 2:36 PM, Santiago Vila <sanv...@unex.es> wrote:
> > Allowing packages to fail 50% of the time is interpreting Release
> > Policy in a somewhat twisted way.
> 
> Except that your build system is far more limited than the average
> system used to build packages in 2017.

If you know for sure that any of the bugs above happen because of me
not using enough RAM, you are welcome to prove it.
(in the nnn...@bugs.debian.org address, please).

But if you talk about number of CPUs or CPU speed, that's a completely
different issue.

Building a package is like following an algorithm. It may take less or
more time, but it always has to finish. For this reason, "your CPU is
too slow to build my package" is always a very poor excuse, and I hope
you are not trying to set a minimum CPU speed to build packages.

Thanks.

Re: Help requested: Packages which FTBFS randomly

[Santiago Vila]

On Wed, Feb 15, 2017 at 08:38:17PM +0100, Bernd Zeimetz wrote:
> Hi,
> 
> > The following packages FTBFS for me randomly. First column is the bug
> > number, second column is the estimated probability of failure in my
> > build environment, which is described here:
> > 
> > https://people.debian.org/~sanvila/my-building-environment.txt
> 
> 
> did you try to diff the build output? Did the packages fail with the
> same error running the same command?
> Are there other differences in the output?

I was busy reporting bugs and there were so many of them that I had
little time to debug them myself. That's why I'm asking for help.
I can't do this alone anymore.

The build logs are out there, just take a look at the bugs themselves.

Thanks.

Re: Help requested: Packages which FTBFS randomly

[Santiago Vila]

On Wed, Feb 15, 2017 at 08:05:51PM +0100, Thibaut Paumard wrote:
> Dear Santiago,
> 
> Le 15/02/2017 à 18:26, Santiago Vila a écrit :
> > Hello.
> > 
> > The following packages FTBFS for me randomly. First column is the bug
> > number, second column is the estimated probability of failure in my
> > build environment, which is described here:
> > 
> > https://people.debian.org/~sanvila/my-building-environment.txt
> > 
> > Before I ask the Release Managers that they make the bugs at the top
> > of this list serious again
> 
> If you do that, please at the same time ask the release team to mark
> them stretch-ignore,

No, that's not the plan. Please read Bug #844264 for details.

Those bugs are already (currently) being stretch-ignored, because I
downgraded them all to important *temporarily*.

But the idea is to *not* ignore them if they fail more than a certain
threshold (to be determined by the Release Managers).

Upgrading to serious and marking them with stretch-ignore would be
quite pointless. Certainly, I did not bother to report all those FTBFS
bugs so that they are ignored.

The bugs are FTBFS bugs. Ideally, all those bugs would be serious and
we would use the stretch-ignore tag as an exception, precisely when
the package does not fail "often enough".

> unless you are sure the test failures indicate a
> real serious bug in the package.

I am sure that Release Policy says "packages must autobuild from
source and without failure".

Allowing packages to fail 50% of the time is interpreting Release
Policy in a somewhat twisted way.

Thanks.

Help requested: Packages which FTBFS randomly

[Santiago Vila]

Hello.

The following packages FTBFS for me randomly. First column is the bug
number, second column is the estimated probability of failure in my
build environment, which is described here:

https://people.debian.org/~sanvila/my-building-environment.txt

Before I ask the Release Managers that they make the bugs at the top
of this list serious again (using some kind of threshold, as discussed
in Bug #844264), I would appreciate if somebody else could double check
that those packages have indeed very flaky tests (or buggy Makefiles,
in some cases).

[ Please report any findings to the nnn...@bugs.debian.org address ].

While I agree that none of those individual bugs is more important
than a bug of "FTBFS-always" type, some packages have a failure ratio
so high that if we accepted that they "build from source" with such a
high failure rate, they would effectively honor policy if we had it
reversed, as in "packages must *not* build from source". I call this
"the FTBFS-randomly Schrödinger paradox".

This is, however, not an invitation for the Release Managers to set
50% of failure rate as the threshold, that would be probably the worst
possible interpretation of "Packages must build from source" (which is
already Release Policy).

The current list:

837067  1.000   libsecret
848063  0.990   ri-li
850282  0.820   influxdb (this one is already serious, thanks Adrian)
854686  0.556   fabric
854494  0.457   execnet
834686  0.440   ruby-httpclient
843038  0.400   elki
842244  0.390   congress
850506  0.327   acorn
850507  0.300   golang-github-tideland-golib
846771  0.292   python-traits
851722  0.288   django-pipeline
842836  0.250   golang-github-mxk-go-flowrate
854496  0.248   python-qtpy
844088  0.230   conversant-disruptor
848055  0.230   golang-github-go-chef-chef
834962  0.210   ruby-diaspora-vines
849217  0.185   jruby
839444  0.183   libgda5
850201  0.160   tendermint-go-flowrate
848054  0.150   debci
853056  0.145   txfixtures
854495  0.143   node-merge-stream
843052  0.140   libterm-filter-perl
852642  0.125   scoop
834959  0.120   golang-goleveldb
850414  0.110   ruby-ftw
832865  0.100   telepathy-python

[ The remaining packages that FTBFS randomly for me do so less than
  10% of the time, but in either case all the figures are approximate ]

Thanks.

Accepted eterm 0.9.6-5 (source) into unstable

[Santiago Vila]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sun, 29 Jan 2017 19:02:04 +0100
Source: eterm
Binary: eterm
Architecture: source
Version: 0.9.6-5
Distribution: unstable
Urgency: medium
Maintainer: Debian QA Group <packa...@qa.debian.org>
Changed-By: Santiago Vila <sanv...@debian.org>
Description:
 eterm  - Enlightened Terminal Emulator
Closes: 728813
Changes:
 eterm (0.9.6-5) unstable; urgency=medium
 .
   * QA upload.
   * Rename all patches to have .patch ending.
   * Fix Esetroot on PseudoColor visual. Closes: #728813.
 Thanks to Kevin Ryde for the patch.
Checksums-Sha1:
 6bde450f8715f9e6bac658edbcbe163f7abf0114 1514 eterm_0.9.6-5.dsc
 428f18ca6f203bb802935f4f0533c66ad872493f 12688 eterm_0.9.6-5.debian.tar.xz
 fdc3798f535122661dd655c0fa398a43f8d6461f 7375 eterm_0.9.6-5_source.buildinfo
Checksums-Sha256:
 41dead9a0c7af7aa2a19105408755f2dc8db2758aa1c7042f5f0a1176aee9030 1514 
eterm_0.9.6-5.dsc
 9815b7fd021ca4eb24e58d1896d8aa17d4f2cdbc2b040c5852e2992a943a3fed 12688 
eterm_0.9.6-5.debian.tar.xz
 ad5a4c006d98ead12693708707e29749c5e8f96e13719538ea76bfa49458ec75 7375 
eterm_0.9.6-5_source.buildinfo
Files:
 08a4f6741b91644a286539ac08b8fbf0 1514 x11 optional eterm_0.9.6-5.dsc
 b8030b7e2bee6007d73433d191fcc5cd 12688 x11 optional eterm_0.9.6-5.debian.tar.xz
 9612c21dad347fb45bf629181278425e 7375 x11 optional 
eterm_0.9.6-5_source.buildinfo

-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEE1Uw7+v+wQt44LaXXQc5/C58bizIFAliOLlcACgkQQc5/C58b
izLfQQf9HWvtrIoCUz7+otMBs+D2CjcwdXJgmYC+z1L2jEngO3Tuuibrd+a/+mAv
Y813y47b1Ygyt0FYsSx/M5gSWxnnM4PrPmw3VpEQmWHJreDvd8fzswmMZg8RlRs/
mL4EwvCSbXBh5n+/70Om1CRdqdLiPnwmUP5FwyZdDfaJkVX6py01WWM2qXs2sw4V
KYW6mhOWqWzQIITv296U7VbhDol8sCtVQ6q1FCB5RjbxrhtMPcISQUmRudt7wWLo
KvTF2Ec817MbVD2DDL78DeWYBcw2PHgCezVWJiondmxdCTAPEaGMPQ8UhkPT5xBa
pWmYR7zJ2KvxajarYJMiq60OWOzqcw==
=xHf0
-END PGP SIGNATURE-

Accepted gettext 0.19.8.1-2 (source) into unstable

[Santiago Vila]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Mon, 23 Jan 2017 23:11:50 +0100
Source: gettext
Binary: gettext-base gettext gettext-el gettext-doc autopoint libgettextpo0 
libasprintf0v5 libgettextpo-dev libasprintf-dev
Architecture: source
Version: 0.19.8.1-2
Distribution: unstable
Urgency: medium
Maintainer: Santiago Vila <sanv...@debian.org>
Changed-By: Santiago Vila <sanv...@debian.org>
Description:
 autopoint  - The autopoint program from GNU gettext
 gettext- GNU Internationalization utilities
 gettext-base - GNU Internationalization utilities for the base system
 gettext-doc - Documentation for GNU gettext
 gettext-el - Emacs po-mode for editing gettext .po files
 libasprintf-dev - GNU Internationalization library development files
 libasprintf0v5 - GNU library to use fprintf and friends in C++
 libgettextpo-dev - GNU Internationalization library development files
 libgettextpo0 - GNU Internationalization library
Closes: 833894 846932
Changes:
 gettext (0.19.8.1-2) unstable; urgency=medium
 .
   * Use debhelper more.
   * Try to support cross-builds. Closes: #833894.
   * Disable OpenMP support on m68k and sh4. Closes: #846932.
Checksums-Sha1:
 c277141a4c5b0f9d2905fe8de3cb43163d25a493 1961 gettext_0.19.8.1-2.dsc
 c77519db9fccb1a1acf8453d5f6cff82315dc962 21780 gettext_0.19.8.1-2.debian.tar.xz
Checksums-Sha256:
 675a97c8057b053f4749970da3663db3d8966b18f684c5c40598e349b1b2cc36 1961 
gettext_0.19.8.1-2.dsc
 c597fe09241247727d91f2c3c2f657880372d830fc6fd824a79859c3a765f35b 21780 
gettext_0.19.8.1-2.debian.tar.xz
Files:
 718231d2c268b8ca5166dd28c28af1c1 1961 devel optional gettext_0.19.8.1-2.dsc
 200014cc3804bfdd6889be30223e474a 21780 devel optional 
gettext_0.19.8.1-2.debian.tar.xz

-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEE1Uw7+v+wQt44LaXXQc5/C58bizIFAliGgBkACgkQQc5/C58b
izLAnQf/YqgrcAbL+tTRLhbFYQHw+HoYuhiWZXkFq+hD0qsJ3pRYMH2LEujtA0Tz
msO+NNNm+89k9/SZ++na5MstgIjOiuf5GdJUwN0u4AQnHX8D1u6P7r/tcdbtgu6+
a1e3SMrl63HXVQN3SfyyiS8wnwV7cwdOnsZMlFmHTccCKRzxtDSAqPzEjw1+Vm+l
fxpQtU5KC+dtSfQ4lhHB/EWhnqNEA80ybG98Mh4UtzILHCn4ctAxD8WZrfsH5G+f
qO8wqmAaZf7WIKy1U1hDFZ9hiSh4yHFcpQbSRu5sMBlmsDBz6wunasSmbIcLGWxF
7FeUccS8EHSrNemo/OyhLEYLw+tobQ==
=RR+F
-END PGP SIGNATURE-

Re: Auto reject if autopkgtest of reverse dependencies fail or cause FTBFS

[Santiago Vila]

On Mon, Jan 16, 2017 at 05:45:19PM -0800, Russ Allbery wrote:

> > Well, maybe what it's excessively aggressive or questionable is to run
> > the tests at build time and making the package build as a whole to fail
> > when any test fails.
> 
> *blink*.
> 
> I'm quite surprised that you would advocate not failing a build if tests
> fail during the package build?  I think that would be an awful way to
> proceed.  My packages have test suites for a reason.  I do not want
> packages to appear to successfully build if their tests are failing.  That
> may mean that the resulting binaries are nonfunctional or even dangerous.

Not exactly. I'm not advocating not failing a build if tests fail
as a general rule.

In this context, I refer specifically to flaky tests. What I call
questionable is keeping a flaky test making the build to fail when the
test fails so much that it's clearly a wrongly designed test.

Or, alternatively, if the test fail a lot and it's correctly designed,
it is questionable not to consider the bug as RC.

Thanks.

Re: Auto reject if autopkgtest of reverse dependencies fail or cause FTBFS

[Santiago Vila]

On Mon, Jan 16, 2017 at 11:45:42PM +0100, Markus Koschany wrote:

> No, this is not current practice. But you are obviously trying to force
> it this way by all means necessary. Nobody asks you from refraining to
> report those kind of bugs but what I and other people are seriously
> questioning is your handling of severity levels.

Sorry, no. You downgraded "missing build-depends"-type bugs several
times, and somebody else had to tell you that they were RC.

Example: gnupg. You did not believe that gnupg was not essential and
argued and argued and argued until a Release Manager told you clearly
that missing build-depends are RC.

There was also a missing build-conflicts bug that you downgraded and
somebody else had to tell you that it was wrong as well.

So it's not me who is handling severities wrong.

> You always assume RC
> severity even when it is proven that the package works and builds fine
> for the majority of people.

No. I assume RC when it is a FTBFS bug and I can reproduce it in
several different computers.

There is no such thing as a "majority of people" when your single and
only source for "buildability" is buildd.debian.org.

A successful build in buildd.debian.org means *nothing*.

Buildds may have packages installed which are not build-essential.

Buildds may be running jessie while I am already running stretch.

Etc.

> You don't care what maintainers think about
> the issue. Many people, me included, get annoyed and then resolve this
> "issue" by disabling the responsible test and focus on more pressing
> matters. There is nothing wrong with tests per se which try to catch
> _real life_ issues though.

Sorry, it is not responsible at all to have a flaky test make the
whole build to fail.

If you get annoyed by flaky tests making the build to fail, do not let
the test to make the build to fail, but don't blame me for the annoyance
that the test fails.

Thanks.

Re: Auto reject if autopkgtest of reverse dependencies fail or cause FTBFS

[Santiago Vila]

On Mon, Jan 16, 2017 at 12:02:32PM -0800, Russ Allbery wrote:
> Santiago Vila <sanv...@unex.es> writes:
> 
> > Should I ask the Technical Committee to rule out that FTBFS bugs are RC,
> > even if they did not happen in buildd.debian.org yet?
> 
> This seems excessively aggressive.

No, really it's not. It's already current practice:

https://bugs.debian.org/cgi-bin/pkgreport.cgi?include=subject%3AFTBFS;submitter=lamby%40debian.org
https://bugs.debian.org/cgi-bin/pkgreport.cgi?include=subject%3AFTBFS;submitter=lucas%40debian.org
https://bugs.debian.org/cgi-bin/pkgreport.cgi?include=subject%3AFTBFS;submitter=sanvila%40debian.org

Are you suggesting that we should refrain from reporting FTBFS bugs as
serious unless we have a build log from buildd.debian.org in our hands?

I'm sure you are not, but I've seen people downgrade bugs "because
they do not happen in buildd.debian.org" and at the same time nobody
of them realize what would happen if we followed such silly
(and wrong) rule in a consistent way.

> I've had FTBFS bugs in my packages
> that were due to specific configurations for archive mass rebuilds that
> were not reproducible on buildds, and while those are certainly bugs that
> I wanted to fix, I think making them RC is questionable.

Well, maybe what it's excessively aggressive or questionable is to run
the tests at build time and making the package build as a whole
to fail when any test fails.

I have the feeling that this autopkgtest things should be used (among
other things) to de-couple package builds from package testing.

Then people who test that packages build ok would have one thing less
to worry about.

> [...]
> 
> Remember, making a bug RC says that we're going to remove the package from
> the archive if the bug isn't fixed.  Suppose either of those had been
> reported near the release freeze and I was, say, in the hospital or
> something and simply couldn't look at them.  Would the appropriate
> reaction to either of the above bugs be to remove the software from the
> release?

No, the appropriate reaction would be to disable the failing tests via
NMU until the maintainer exits the hospital and can investigate.

Thanks.

Re: Auto reject if autopkgtest of reverse dependencies fail or cause FTBFS

[Santiago Vila]

On Mon, Jan 16, 2017 at 12:17:48PM +0100, Ole Streicher wrote:
> Santiago Vila <sanv...@unex.es> writes:
> > On Mon, Jan 16, 2017 at 10:24:59AM +0100, Ole Streicher wrote:
> >
> >> IMO, we should trust the maintainer and their decisions until there is
> >> no experience that it doesn't work. Which means: keep the maintainer
> >> fully responsible on the package, including the ability to lower
> >> severity of a CI test or any other bug. Only if we experience that this
> >> doesn't work, we need other measures.
> >
> > Well, it does not work:
> >
> > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=843038#10
> > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=841098#78
> 
> This comes out of different interpretations of whether builds that
> sometimes fail (but often not) are RC buggy. You know that also I have a
> different opinion here.
> 
> So, if you really want to have your interpretation to be the commonly
> accepted one, you should discuss it here and see whether you reach a
> common acceptance with your interpretation.

I think it should be the other way around, because Release Policy
already says "Packages must autobuild from source" and it does
not say anything about failure thresholds.

In fact, I've seen maintainers downgrading FTBFS bugs that happen more
than 50% of the time.

With the lax interpretation, we could have policy reversed, as in
"packages must not build from source", and the package
would still be policy compliant!

Schrödinger paradox! Packages are simultaneosly compliant with Release
Policy and with the reverse of Relese Policy!

This is why I can't trust (all) maintainers to do the right thing
regarding random FTBFS failures.

So, if you people are considering to put a piuparts-like blocking to
testing migration, please consider what will happen when the failure
happens randomly.

BTW: Your idea of an automatic RC bug would be a good start indeed,
and it's probably the least we should do.

Thanks.

Re: Auto reject if autopkgtest of reverse dependencies fail or cause FTBFS

[Santiago Vila]

On Mon, Jan 16, 2017 at 10:24:59AM +0100, Ole Streicher wrote:

> IMO, we should trust the maintainer and their decisions until there is
> no experience that it doesn't work. Which means: keep the maintainer
> fully responsible on the package, including the ability to lower
> severity of a CI test or any other bug. Only if we experience that this
> doesn't work, we need other measures.

Well, it does not work:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=843038#10
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=841098#78

Thanks.

Re: Auto reject if autopkgtest of reverse dependencies fail or cause FTBFS

[Santiago Vila]

On Mon, Jan 16, 2017 at 10:38:42AM +0200, Lars Wirzenius wrote:

> Picture this: a cocktail party. Many people mingling around, dressed
> up and engaging in smalltalk, sipping colourful drinks. A new couple
> arrives and is immediately surrounded by old fiends. "Hi, Jack and
> Joan, how are you? How is that lovely offspring of yours?" The couple
> look down, and their faces get a careful, blank expression. "It's not
> good. We don't know what we did wrong. We're so ashamed. We don't know
> how such a thing could happen. We thought we were such good parents."
> A shocked silence fall on the group, in the middle of the hubbub of
> the greater party. "You see, our child, our child..." Jack sobs and
> can't get the words out, so Joan takes a deep breath and speaks. "Our
> child wrote a test that fails randomly, and released it." One by one
> their friends leave the group, quietly, and without speaking a single
> harsh syllable. But for months, they had to wait for an invitation to
> a new party.

LOL, but I don't see a lot of social exclusion here:

https://bugs.debian.org/cgi-bin/pkgreport.cgi?users=sanv...@debian.org;tag=ftbfs-randomly

Sometimes I've seen maintainers downgrade FTBFS bugs to "wishlist"!

Surely I will not invite those maintainers to a party, but they are
still maintaining Debian packages.

Should I ask the Technical Committee to rule out that FTBFS bugs are RC,
even if they did not happen in buildd.debian.org yet?

Thanks.

Accepted base-files 9.8 (source) into unstable

[Santiago Vila]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sun, 15 Jan 2017 23:00:02 +0100
Source: base-files
Binary: base-files
Architecture: source
Version: 9.8
Distribution: unstable
Urgency: medium
Maintainer: Santiago Vila <sanv...@debian.org>
Changed-By: Santiago Vila <sanv...@debian.org>
Description:
 base-files - Debian base system miscellaneous files
Changes:
 base-files (9.8) unstable; urgency=medium
 .
   * Release candidate for stretch as stable:
   - Use "9" as version in /etc/issue and /etc/issue.net.
 (never expected to change after stretch is released)
   - Use 9.0 as version in /etc/debian_version.
 (expected to change at every point release)
   - Change PRETTY_NAME in /usr/lib/os-release, adding 9 as version number
 and "(stretch)" as codename. Add also VERSION_ID and VERSION.
 (never expected to change)
   - Update README (stretch -> buster).
   * Standards-Version: 3.9.8 (no special changes for this).
Checksums-Sha1:
 e411e087d8944edf4373386d9634bd690bddcd02 1067 base-files_9.8.dsc
 c929295694f20f674ae3733c1f22ca9ac58dec82 53604 base-files_9.8.tar.xz
Checksums-Sha256:
 c9cf7016ec5f4e067ad98b968af5649b191c64766b2875d0f4ca91e01f87d1eb 1067 
base-files_9.8.dsc
 43c7fb8725aa24b7e564139030c1f8c0d4066b4bc896124b30fca5d82fc1ec3f 53604 
base-files_9.8.tar.xz
Files:
 61eb96ca44593466537cfc420a7ae5ce 1067 admin required base-files_9.8.dsc
 095410598f62800613bf61d27e16a7f3 53604 admin required base-files_9.8.tar.xz

-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEE1Uw7+v+wQt44LaXXQc5/C58bizIFAlh78bYACgkQQc5/C58b
izJw+Af+MeDXOqtTxXiJVLZd+UQo8VSp/YrHxsnCl6ct1MMB1WgnH+cqDs6XJh1s
Tr2QXQ2RgTyVWQ18J7jFdK34+lYH6lAR2VMJhvqWsmrbwdO2nwyz3yXf7aA4IwGf
oPxbFGDWZ7GSMbmI2i/aK849IuwDaMFCcPYpMW8hQKmWFYQTmWVHBBcZmOHICumi
sprXPssU16sHTdgBmajSHFfYZn5zU44F8rF/7dnR/0hBmSWTNL865IluGGXBi7Fq
T1sZD3dNQtLPxAoDTVWrNlc1xpfJv+1UtzyuBTHke9xQ/mlFonKY7sLcftlEpf/f
hbf9fgDx1FPew/HVEWGUy7T6i2xVCQ==
=gDhr
-END PGP SIGNATURE-

Accepted crafty 23.4-7 (source) into unstable

[Santiago Vila]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Wed, 11 Jan 2017 20:02:00 +0100
Source: crafty
Binary: crafty
Architecture: source
Version: 23.4-7
Distribution: unstable
Urgency: medium
Maintainer: Debian QA Group <packa...@qa.debian.org>
Changed-By: Santiago Vila <sanv...@debian.org>
Description:
 crafty - state-of-the-art chess engine, compatible with xboard
Closes: 850979
Changes:
 crafty (23.4-7) unstable; urgency=medium
 .
   * QA upload.
   * Raise debhelper compat level to 9.
   * Drop README.source. Package is in "3.0 (quilt)" format.
   * Package is orphaned (Bug #835321), set Maintainer to "Debian QA Group".
   * Do not generate CPU specific code. Should fix "Illegal instruction" on
 some Pentium 4 CPUs. Closes: #850979.
   * Drop emacs local variables from the changelog.
   * Drop spurious spaces in several files.
Checksums-Sha1:
 35550d2842da226e01333ee6ef2b1d99a1f69137 1362 crafty_23.4-7.dsc
 d269d9bcaa31e42d1136e2e96bfd041060e37bda 48632 crafty_23.4-7.debian.tar.xz
Checksums-Sha256:
 0a949a912e7e11087062c296ec345c089c95e98e6b25a2f5b6e97e5858e98652 1362 
crafty_23.4-7.dsc
 e13cf22cd12771848c8e7b231cda5cd3d7300d0f2c0479a454a430079cd9cb6b 48632 
crafty_23.4-7.debian.tar.xz
Files:
 d5ce69db4e5d4743e4c12ffa28c2984d 1362 non-free/games optional crafty_23.4-7.dsc
 1204b27393620a91a15fd0556049 48632 non-free/games optional 
crafty_23.4-7.debian.tar.xz

-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEE1Uw7+v+wQt44LaXXQc5/C58bizIFAlh2gjAACgkQQc5/C58b
izJ5/Af/fg6FDO8aleLBksA/G3HCUCajY6/RZgSjiVuHDXRXRRwnhLZDEd5TJp64
OgRgw+gcAX36rpFWawAd0QdFr2IqhE/ozZu1J9O3ODEEq+OCmljjHUikZvx9upMo
aWnhi9+1GEiggY2Yry+kVpyZ5ekfS8zSPw09hkRevWPg8wQcIARKYwwL5UQiImVt
L6UmeOJI1h6A1mPMd36CehBKaPFYH9mP+03T/l9Bg/Ke9mJevEQkTzS9iV4mXokZ
HNX56uX/DpJQ6Ek2J9+D3WP+VF0mcyROc2EpG/iHG1U7c/lUKNfkBdGQMym1LzWv
fyclQhYl3ikuH32ZMRX6hoBbHw3zjw==
=1JFe
-END PGP SIGNATURE-

Accepted fbzx 3.1.0-1 (source) into unstable

[Santiago Vila]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Tue, 10 Jan 2017 21:06:54 +0100
Source: fbzx
Binary: fbzx
Architecture: source
Version: 3.1.0-1
Distribution: unstable
Urgency: medium
Maintainer: Santiago Vila <sanv...@debian.org>
Changed-By: Santiago Vila <sanv...@debian.org>
Description:
 fbzx   - ZX Spectrum emulator
Changes:
 fbzx (3.1.0-1) unstable; urgency=medium
 .
   * New upstream release.
   * Drop 02-do-not-fiddle-with-spectrum-roms, define NOROMS=1 instead.
   * Rename single patch to 01-do-not-install-yet-another-GPL-copy.patch.
   * Standards-Version: 3.9.8 (no special changes for this).
Checksums-Sha1:
 5d8f2379432eeeafc6dda66952548def549f2792 1447 fbzx_3.1.0-1.dsc
 ab6be96e0d1a1ea388af4485ea742fcc4fd5a130 188572 fbzx_3.1.0.orig.tar.xz
 f1da7d07462fbcc02303597a3742faac3ebdabbb 2460 fbzx_3.1.0-1.debian.tar.xz
Checksums-Sha256:
 e267e69845790e20ec71da132931ccf9a341dd786fd25d80723881f5363ed4fb 1447 
fbzx_3.1.0-1.dsc
 8277cd10b38dcbe965f8fe8d91cd0f72253abc41976e7bb6d6690bbe25993c3f 188572 
fbzx_3.1.0.orig.tar.xz
 3de3f1ad1ddc1f39aba14b5f6cc998f91ad1dd1ce33a88fa44f4d6373f63a9bb 2460 
fbzx_3.1.0-1.debian.tar.xz
Files:
 5f17e243ca78bc3056e3d2b23cb6d53a 1447 contrib/otherosfs optional 
fbzx_3.1.0-1.dsc
 60be6d8b0bdb10729737fe2af2f96fa6 188572 contrib/otherosfs optional 
fbzx_3.1.0.orig.tar.xz
 b5536081d9718c8a9d3a2ebfec47d4da 2460 contrib/otherosfs optional 
fbzx_3.1.0-1.debian.tar.xz

-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEE1Uw7+v+wQt44LaXXQc5/C58bizIFAlh1Py4ACgkQQc5/C58b
izLZmggAjoadqNfLrVFQ5pOrxeeu/ugbLM8woCwMoQq9BCZWQMbVtlZaHqeO4XP+
MDxnyIeOKJfoKr8EQJKgx4cN6FkYfv3HnKYrKW1vkO9fXbLddfYKJ8pDIyYeEGFW
BFfgiF0Z8tQRhhAAKUGLI+nuVC6MTWiqjYS+nVvgmbi2NBTfpBNa5AboxD8BcnBP
0QBKUBCV2sQwJglBKE+UiFXu+2L/v1O+GgFcNjFiATqe29kniNPUrD/PjzOpcWZp
8M6aUidS3wJ7baTDxHr0XhGMt8BElowH/PW4qVC28u6pa97GZzAS+3EGkVGnhamm
4X3LUR1j1OcsT2IdiwN0/8iXX3z88g==
=todI
-END PGP SIGNATURE-

Accepted sfront 0.99-2 (source) into unstable

[Santiago Vila]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Tue, 10 Jan 2017 18:36:26 +0100
Source: sfront
Binary: sfront
Architecture: source
Version: 0.99-2
Distribution: unstable
Urgency: medium
Maintainer: Santiago Vila <sanv...@debian.org>
Changed-By: Santiago Vila <sanv...@debian.org>
Description:
 sfront - MPEG 4 Structured Audio decoder
Changes:
 sfront (0.99-2) unstable; urgency=medium
 .
   * Switch to dh.
   * Standards-Version: 3.9.8 (no special changes for this).
Checksums-Sha1:
 6478640cb834e0382974647bc37742685a68b8b1 1353 sfront_0.99-2.dsc
 82cecbde0f18c92e4e8f024ea9e819ade8c0f15c 5356 sfront_0.99-2.debian.tar.xz
Checksums-Sha256:
 3603294a7258d82f04470f906c24d28c4b876df02afcbbce8708577f9bcc18ce 1353 
sfront_0.99-2.dsc
 fd00d28e3b1588535db0c87d7bc3d15efe1c87337ec0a731c4de1ef057600bcd 5356 
sfront_0.99-2.debian.tar.xz
Files:
 d65f4ae57a4d049ce42a1c5c70413e13 1353 sound optional sfront_0.99-2.dsc
 038802d3d8a28b6321427c4b738032e9 5356 sound optional 
sfront_0.99-2.debian.tar.xz

-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEE1Uw7+v+wQt44LaXXQc5/C58bizIFAlh1HtwACgkQQc5/C58b
izJkDwf9EN2ZO3GdzsgrKU55aWcg6as6uc5H4cJWDPd8vIo5hE284hHeV9m03bE8
uF0Yqwi9+5pn+B3zo3REhiq63OqcraDNC4zmMF27dB3DwQFWMgRFSANXfWnQq2nc
gyZMsKMURgKeDQ9NH+32riHg2GA2Mg2dOlEAGDodAX5v4R/otZarIVXnOBz7iDT/
KLMGg87R/0xo5BftKRLOrAFJl50TEyqn6vRgNIgU3jeZ9UZKiATCuoQTqZisdVPm
mUqoLACEEJ2XvU1LPGbr9mIqN80Jwk+4MimQOuMtwjlJF4sg2zn+6kYqLoJPdCm2
u0yRhG+O/Z+k5aCdxbum9kMUWYXzJA==
=3Ezk
-END PGP SIGNATURE-

Accepted indent 2.2.11-5 (source) into unstable

[Santiago Vila]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Tue, 10 Jan 2017 17:50:20 +0100
Source: indent
Binary: indent indent-doc
Architecture: source
Version: 2.2.11-5
Distribution: unstable
Urgency: medium
Maintainer: Santiago Vila <sanv...@debian.org>
Changed-By: Santiago Vila <sanv...@debian.org>
Description:
 indent - C language source code formatting program
 indent-doc - Documentation for GNU indent
Changes:
 indent (2.2.11-5) unstable; urgency=medium
 .
   * Drop 99-config-guess-config-sub, no longer needed when using dh
 and a recent enough debhelper.
   * Rename remaining patches to end with .patch.
   * Add "Suggests: indent-doc" to indent, for those who prefer
 documentation in HTML format.
   * Split override_dh_installdocs into -indep and -arch.
   * Rename override_dh_link to override_dh_link-indep.
   * Standards-Version: 3.9.8 (no special changes for this).
Checksums-Sha1:
 f57f76385d1365ed0cf26f561667d7487212c361 1390 indent_2.2.11-5.dsc
 7546771747eeb03502d958bfd1592ac35056118b 6540 indent_2.2.11-5.debian.tar.xz
Checksums-Sha256:
 0299e659ca66456cab6969860003d59f35195b47f671166baa40959f4dcf2317 1390 
indent_2.2.11-5.dsc
 74accb95981a28b823f9b3d582b4a01daa3500fd0bf2596218f99db4a1a950e1 6540 
indent_2.2.11-5.debian.tar.xz
Files:
 e9e44bd47947fff6abf21cc53f439406 1390 devel optional indent_2.2.11-5.dsc
 7e6893cd73af79ad9668a7a0931925ea 6540 devel optional 
indent_2.2.11-5.debian.tar.xz

-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEE1Uw7+v+wQt44LaXXQc5/C58bizIFAlh1ESMACgkQQc5/C58b
izJdxgf+Of9IibO7ZUCIiJN/bIpVajEn3Cx/WywZHcajMymXjSF3/xLoe7GGj79Y
bzw1ltyNcC1Zt+kDtb+lIVv0OqHC3hajc4/lSgtbhKxDexGQ5nKqpjoJ3PN6MRu/
1I8WQrfFSMpb9yFr1gkYiRmRW9NwEhfQs7p0PdrlDvkqi1lMKEWY7nnLlruU6y3B
CpK+CuhAefAjnyxhF4gO1gZDaTmwOaa1DulCAdfpguI6FtuH8h62sehYHM1YGOTf
rV1Hp1sUokTK+M1mZHpcWOcGdeH0VF09NckncKQ7vmbyHboZ9VtSXwkmV/GQO4YA
RArmzHxnxu8tBQp+0otm7MBysMWYdw==
=K3SB
-END PGP SIGNATURE-

Accepted diffutils 1:3.5-3 (source) into unstable

[Santiago Vila]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Mon, 09 Jan 2017 23:55:10 +0100
Source: diffutils
Binary: diffutils diffutils-doc
Architecture: source
Version: 1:3.5-3
Distribution: unstable
Urgency: medium
Maintainer: Santiago Vila <sanv...@debian.org>
Changed-By: Santiago Vila <sanv...@debian.org>
Description:
 diffutils  - File comparison utilities
 diffutils-doc - Documentation for GNU diffutils in HTML format
Changes:
 diffutils (1:3.5-3) unstable; urgency=medium
 .
   * Add "sleep 1" to tests/colors after opening a fifo
 to avoid a race condition which makes the test to fail
 often on the ppc64el architecture. Thanks to Christoph Biedl.
Checksums-Sha1:
 4e43b8a7bded5ccda1021859c4760f38cd736284 1453 diffutils_3.5-3.dsc
 596336dda17956eff77be7096017ccf7c4393832 10796 diffutils_3.5-3.debian.tar.xz
Checksums-Sha256:
 8b8e4d9d48ab35fd2c5759a3d0854e7d85c33b3fa09a185c20865793090feff9 1453 
diffutils_3.5-3.dsc
 5c8464482951de1dcf3c1c53643cd7d0939cd8f7568a7ef84982d368c5cb6695 10796 
diffutils_3.5-3.debian.tar.xz
Files:
 734b0f9545ba54bbda7ada32d8202a06 1453 utils required diffutils_3.5-3.dsc
 7885ce0ba2d41768ff47c2e44639eccf 10796 utils required 
diffutils_3.5-3.debian.tar.xz

-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEE1Uw7+v+wQt44LaXXQc5/C58bizIFAlh0FTgACgkQQc5/C58b
izLY+Af9H3w/h/bPzEBWqm+gmzT2wYfCmFtII4lRMUyfYaMLb6o0iAIjbPPdFA68
D8nYkZ5WdbBDDbfpkG6HgSk4OARJ0JbE2x3k7JL14HGql+aykQbvTiDBSPVJI0Hp
+K3ApsaWshPsMEH0zDhh90O0pFRQ3QeTvPIiWYdHv5QoYARf7X5rJRnR3NL7lLty
71Hqka7KhSejQ2hRudDL3Jo+2+KmaI0gL0NKC+SzmSA7k+JzcbP5CstbA4I6K9aG
sAwapv1K8V4f2FVpwZARsI0fIlIdsM7lq0Hiz6y84F8uG6t8tiY2XggwTtHnHKDS
F2501nszGP/i1fEc1/25jACQFTa+zw==
=YQqi
-END PGP SIGNATURE-

Accepted sharutils 1:4.15.2-2 (source) into unstable

[Santiago Vila]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sun, 08 Jan 2017 22:53:02 +0100
Source: sharutils
Binary: sharutils sharutils-doc
Architecture: source
Version: 1:4.15.2-2
Distribution: unstable
Urgency: medium
Maintainer: Santiago Vila <sanv...@debian.org>
Changed-By: Santiago Vila <sanv...@debian.org>
Description:
 sharutils  - shar, unshar, uuencode, uudecode
 sharutils-doc - Documentation for GNU sharutils
Changes:
 sharutils (1:4.15.2-2) unstable; urgency=medium
 .
   * Drop debian/patches/99-config-guess-config-sub, not really needed
 when using dh and a recent enough debhelper.
   * Add "Suggests: sharutils-doc" to sharutils, for those who prefer
 documentation in HTML format.
   * Split override_dh_installdocs into -indep and -arch.
   * Standards-Version: 3.9.8 (no special changes for this).
   * Add the key of Bruce Korb as debian/upstream/signing-key.asc.
   * Add a watch file.
Checksums-Sha1:
 ff4e188f3590b46f9909d692a397810d77bf6ee0 1466 sharutils_4.15.2-2.dsc
 9f4e2f2a4ede4fdefd130e7d6bd0f2711c3f9460 7412 sharutils_4.15.2-2.debian.tar.xz
Checksums-Sha256:
 99391e1a6a10a610eae498513156661b0c7f5b2cfeb2843faf9841d343025244 1466 
sharutils_4.15.2-2.dsc
 920eafbbefe24011b0957201941963d223a0ca388b16d1077e426735a069d20e 7412 
sharutils_4.15.2-2.debian.tar.xz
Files:
 000e9e709bccb451fdcd08e1e1fbdab8 1466 utils optional sharutils_4.15.2-2.dsc
 b5470292b8b75bcef657be333706e6f8 7412 utils optional 
sharutils_4.15.2-2.debian.tar.xz

-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEE1Uw7+v+wQt44LaXXQc5/C58bizIFAlhytQ4ACgkQQc5/C58b
izIsXAf8DMhE8qqyJg1TUkjceDhjLe8ZcVqPBZ567O37vEKt0V+22ZbYpk6V2wkW
NpduQq8wquvqjui+oTXiA2aUkNS4yuosc6Iggqz7wPErSN/D+up5jPow3xiko2PS
TL0ZTDsXEOOg97yBfMPSF2vypVq7b/xSIMU3iEkLPkPpP0ZXQV0WsPcPflIrV6Vr
n6K74am4VAQhVkC8GDWwgw3uPmulEQc1i8Dcnm3Y8DVynAjJiqEiNdk38PKsrcrd
STLW0Uk6GnHzrY9CE8LGHcoGbfv+7zw6tZZ74ubSYCZRsFyttTZf5dXhiqjOgpAM
r370R4L7ufHZBrEFxDUvEsvZZ0LoNg==
=2sCE
-END PGP SIGNATURE-

Accepted original-awk 2012-12-20-6 (source) into unstable

[Santiago Vila]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sun, 08 Jan 2017 18:47:44 +0100
Source: original-awk
Binary: original-awk
Architecture: source
Version: 2012-12-20-6
Distribution: unstable
Urgency: medium
Maintainer: Santiago Vila <sanv...@debian.org>
Changed-By: Santiago Vila <sanv...@debian.org>
Description:
 original-awk - The original awk described in "The AWK Programming Language"
Changes:
 original-awk (2012-12-20-6) unstable; urgency=medium
 .
   * Rename all patches to end with .patch.
   * Standards-Version: 3.9.8 (no special changes for this).
Checksums-Sha1:
 6de62cba289f9ad6ac2db2d959db30b9ea428bef 1455 original-awk_2012-12-20-6.dsc
 0b18b7184ae770588a624666c2eb911aec775d8e 4196 
original-awk_2012-12-20-6.debian.tar.xz
Checksums-Sha256:
 6318c1237f3918d7735928f4742f8738cda6d76d71edef8d0c43ff0ffa8c7713 1455 
original-awk_2012-12-20-6.dsc
 e51ed5f2357f5bf74c46784893c57105e28e63f2aed41b36b2a87dc5691b9b43 4196 
original-awk_2012-12-20-6.debian.tar.xz
Files:
 8d3c6413728a7b7050f35d5c7792c145 1455 interpreters optional 
original-awk_2012-12-20-6.dsc
 c4b54429d5592fb8e9a31f38b7e4901d 4196 interpreters optional 
original-awk_2012-12-20-6.debian.tar.xz

-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEE1Uw7+v+wQt44LaXXQc5/C58bizIFAlhyfGQACgkQQc5/C58b
izLFXAf/UsO4hOPvD3mWQJ23z/mDsM0PlHaaLWRxbjiS3JyV9KozrkbIpIVhULep
1yJjxG+eaN4uUPmmg+EjUGzOsKrjxzCMvfXHYuIXz0Zo9LwnlfoqmpfcbopSLp9+
Kqtc3dTjtWyPvyJ+BWC8m4KfLkwVqDrE2YRVZjN8MYwCZegac6fOaJw7i/DmQnx0
yCq7dGlTuliL5sHQ9rpO6bZ7VxFBBQ+P4skMxBJ9QYVXJGAa6KfDk3yhchpFq3C4
2l/1fnhnrmrWf6HstVtTzT7QdXFh8aZkBQjk8PEbwaZMmcuFswMikwps33QExM7H
V+YUsn8PSRh7gjKDGs0h2iVu+XPD+A==
=IKvq
-END PGP SIGNATURE-

Accepted wdiff 1.2.2-2 (source) into unstable

[Santiago Vila]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sun, 08 Jan 2017 18:16:40 +0100
Source: wdiff
Binary: wdiff wdiff-doc
Architecture: source
Version: 1.2.2-2
Distribution: unstable
Urgency: medium
Maintainer: Santiago Vila <sanv...@debian.org>
Changed-By: Santiago Vila <sanv...@debian.org>
Description:
 wdiff  - Compares two files word by word
 wdiff-doc  - Documentation for GNU wdiff
Changes:
 wdiff (1.2.2-2) unstable; urgency=medium
 .
   * Drop debian/patches/99-config-guess-config-sub, not really needed
 when using dh and a recent enough debhelper.
   * Add "Suggests: wdiff-doc" to wdiff, for those who prefer
 documentation in HTML format.
   * Split override_dh_installdocs into -indep and -arch.
   * Add the key of Martin von Gagern as debian/upstream/signing-key.asc and
 modify the watch file accordingly.
   * Standards-Version: 3.9.8 (no special changes for this).
Checksums-Sha1:
 6e58f612eba25ad17f78aea4151ed3e9d88c0548 1428 wdiff_1.2.2-2.dsc
 433c298b33ee3f8721d8cfee130586383a23dc50 10008 wdiff_1.2.2-2.debian.tar.xz
Checksums-Sha256:
 51ee76efd304ee3e813f97fea1fda0c177ad5203d90471deeae2288a5ce53a18 1428 
wdiff_1.2.2-2.dsc
 b0cfd8576554e8e39eed1f7a3d54b87ca10df67cfb42f1dd44ea6cf1917451c4 10008 
wdiff_1.2.2-2.debian.tar.xz
Files:
 0bcc4a660a54dbae4a589eab2b77da50 1428 text optional wdiff_1.2.2-2.dsc
 c405e9b20a805b91027996aaeee7ca90 10008 text optional 
wdiff_1.2.2-2.debian.tar.xz

-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEE1Uw7+v+wQt44LaXXQc5/C58bizIFAlhydCoACgkQQc5/C58b
izKobQf+IYzLGUP455OdvAnpyk/ZoijNNknLabtXYhRVee23qZlzi5HES1Z+XKlc
8R4QZe0+2Ohpl0xEaoozCUagIQnmhUredw/xeRxZ70HhYzR0lS/+ctbgG1v9VHcp
bjmY/IYnyHDavdR47Qch9/GQl9djuJVoe0t5Er7AL6S6VSRsBH01lSCDoQEPlZMG
L8nSFrjJSpQkOc7Uh+jpQnJsXS9lPZXNMQNYM14ufANtCzB8xrnjS4Gx6h74ZBN4
2WatbV5zz9U3SH+g+lrtayeBKIcJB4a8yG9c8/E9iRf/Epw/v22Usy1YB1NGAkmC
VMthnV10zBnFfKSOnKx0BDkqOccfJg==
=zFil
-END PGP SIGNATURE-

Accepted diffutils 1:3.5-2 (source) into unstable

[Santiago Vila]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sun, 08 Jan 2017 18:25:42 +0100
Source: diffutils
Binary: diffutils diffutils-doc
Architecture: source
Version: 1:3.5-2
Distribution: unstable
Urgency: medium
Maintainer: Santiago Vila <sanv...@debian.org>
Changed-By: Santiago Vila <sanv...@debian.org>
Description:
 diffutils  - File comparison utilities
 diffutils-doc - Documentation for GNU diffutils in HTML format
Changes:
 diffutils (1:3.5-2) unstable; urgency=medium
 .
   * Split override_dh_installdocs into -indep and -arch.
   * Standards-Version: 3.9.8 (no special changes for this).
Checksums-Sha1:
 7e99ecd6b47195f1a3ab67ca16e1b876776dbc8f 1453 diffutils_3.5-2.dsc
 bbd079ce82e3d9b70ccdd9afdf4293efdd7f6939 10464 diffutils_3.5-2.debian.tar.xz
Checksums-Sha256:
 771793a604ccee1ca7436b4fcf22583dd64425a8a9f54db2537a35dbeab6f13c 1453 
diffutils_3.5-2.dsc
 c57b9d00898f3e79ade88ecd4c3536a18974e461cab3ea25e97c0f3386e21fc0 10464 
diffutils_3.5-2.debian.tar.xz
Files:
 a5a246f89f64e3a090665ea1ddca347a 1453 utils required diffutils_3.5-2.dsc
 e3b4b15949ea783b51e0e4aa1e4e8c2a 10464 utils required 
diffutils_3.5-2.debian.tar.xz

-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEE1Uw7+v+wQt44LaXXQc5/C58bizIFAlhydyoACgkQQc5/C58b
izIX9gf+IXvIh8wrcUtHGtin+zTw1YZjuOSMWf+Venu3RKNIozP1NvSQTEMBawuN
gH9DetdErOH0eNybCS63SYWLGhiorDkIy6vlku02yWdLPze+ALmhTIMJRJfQGArV
r1dCdyddqV+GOKx8r+6amiHty2kevddvS/DhO06WmYySvZA5bbXhMPWwCNb6Wd69
SvA6Q423Jay9LrdUHufd4OsFxSFFFNZJsKLMLpcmcPOHNCrGjB4o+EFQWz4ss6oI
iZuVI1kRQosON2aXu1Ehjxqj3LJftRpCOh6DfitfsAA5A95JO8C6hSrAerxwqDC1
peINkusDx8Bk2X2QFVSLZ5ezgxWMUA==
=k8Rd
-END PGP SIGNATURE-

Accepted mpegdemux 0.1.4-4 (source) into unstable

[Santiago Vila]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sun, 08 Jan 2017 17:38:22 +0100
Source: mpegdemux
Binary: mpegdemux
Architecture: source
Version: 0.1.4-4
Distribution: unstable
Urgency: medium
Maintainer: Santiago Vila <sanv...@debian.org>
Changed-By: Santiago Vila <sanv...@debian.org>
Description:
 mpegdemux  - MPEG1/2 system stream demultiplexer
Changes:
 mpegdemux (0.1.4-4) unstable; urgency=medium
 .
   * Rename patch to 01-do-not-remove-configure-on-make-distclean.patch.
   * Standards-Version: 3.9.8 (no special changes for this).
Checksums-Sha1:
 bba0e06f133398d9e8bc18911a2d6aa19e80d0e9 1365 mpegdemux_0.1.4-4.dsc
 152572f413a1d347f98912120702a067d9721945 2116 mpegdemux_0.1.4-4.debian.tar.xz
Checksums-Sha256:
 ae19e23ea98f4456605020bf748d39309793ab5cca04d5950abeaeac60d22802 1365 
mpegdemux_0.1.4-4.dsc
 0c085178afd753aa99b36d4688238162a8ded3ee74386142862398ad5f80fd44 2116 
mpegdemux_0.1.4-4.debian.tar.xz
Files:
 60771a067b44cc6fa6df1113eab474fd 1365 sound optional mpegdemux_0.1.4-4.dsc
 4aad6c3bcfe6b6beb2bfa5884de3495c 2116 sound optional 
mpegdemux_0.1.4-4.debian.tar.xz

-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEE1Uw7+v+wQt44LaXXQc5/C58bizIFAlhybC0ACgkQQc5/C58b
izLFogf+I8dejg9vpNmciBQ1JHtkWFebzQqVvNVUyGH72H+s/M1nyybZGib5PRNl
GM0oqFFLeYu47zlhmKaH5rGjvOH/f+s/wFy5BM0tHlMRGf+Q/ZMcxOJXn+v3AEVm
F7hE3XeDbK1VdELMS3S7XqxIZ/yDYU2T2oC7JxnDS+tRip5SWD9lY+nax8rf4PFm
us3PkdZmpllAOMvddVlo7YGsqpNG2n41Hx5z/a5jp2Bq9ohqCa8W7xILkV9yYDYD
urQNWbKdkiIXM6GThrRxp5qbyF4l0E5v8yYk8vKG5SidKkbZQQWb50BGmzU/anh9
xEqD3tJQg8z7qk8Bcc7n5YGCg4JjBg==
=cKKp
-END PGP SIGNATURE-

Re: unattended-upgrades by default

[Santiago Vila]

On Fri, Jan 06, 2017 at 02:29:12PM -0800, Nikolaus Rath wrote:
> On Jan 06 2017, Santiago Vila <sanv...@unex.es> wrote:
> > If we want to be the Universal OS, we can't assume that any time
> > (not chosen by the user) is ok to do an upgrade.
> 
> If we want to be the Universal OS, we can't assume that users will
> explicitly trigger an install of security upgrades either. Nor can we
> assume that running without security updates is acceptable.
> 
> What now?

Now we can't be the Universal OS, no matter what we do :-)

Thanks.