Re: Removal of systemtap from testing
Mehdi Dogguy me...@dogguy.org writes: Systemtap seems in pretty bad shape. Its removal from testing has been requested (See #635543) and will be effective by Saturday if still not fixed. It you still care about systemtap, please step up and offer your help to fix it. Thanks for the warning. I care about systemtap. I use systemtap to debug systems for which I always have root access anyway so I don't see security problems as such a big deal. However, I can work on the build failures and if patches for security bugs are available I can apply them too. I'm currently at debconf so I'll probably miss the Saturday deadline but that's ok, it can be uploaded again. Please ping me on irc if you want to meet at debconf. -Timo -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/84vcunv96g@sauna.l.org
Re: Forw/Re: Removal of systemtap from testing
On 29/07/11 at 11:31 +1000, Nathan Scott wrote: Hi Lucas, On 28 July 2011 04:08, Lucas Nussbaum lu...@lucas-nussbaum.net wrote: ... What would help: - subscribe to systemtap email notifications on the PTS (http://packages.qa.debian.org/s/systemtap.html, see little box on the bottom left corner) and contribute to the bug mail when you receive some - go through systemtap bugs on http://bugs.debian.org/cgi-bin/pkgreport.cgi?repeatmerged=nosrc=systemtap comment on them by sending email to bugnum...@bugs.debian.org (e.g 635...@bugs.debian.org) I'm interested in systemtap, but don't have much time to spend on maintaining it currently. I don't know: I'm in a similar camp - I'd like to help but time is always the enemy. I would be interested in being part of a maintainer team though, if others are keen? I'm happy to go through the current deb packaging and update it for current systemtap and to the current deb standards version (unless someone has already started?) but I wont be able to do that by tomorrow. Hi, Please get in touch with the other systemtap maintainer (Ritesh Raj Sarraf r...@debian.org, Cced). He currently has the lock on the update of 1.6. Help is of course welcomed. Lucas -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110729064751.ga23...@xanadu.blop.info
Re: Forw/Re: Removal of systemtap from testing
On 07/29/2011 12:17 PM, Lucas Nussbaum wrote: Please get in touch with the other systemtap maintainer (Ritesh Raj Sarraf r...@debian.org, Cced). He currently has the lock on the update of 1.6. Help is of course welcomed. Yes, please. Any help is appreciated. If you'd like to co-maintain, please respond to this email. I'll add you to uploaders. The 1.6 packaging is almost done. It runs on my box. TODO: * 1.6 stripped down many things. The systemtap-client package is almost empty. The only worthy file it installs is stap-env. I'm not sure if that is still required (I use stap only on my local box). * There were a bunch of CVEs. We need to run through them to check which all are fixed in the 1.6 release. If they are not, we need to pull in those fixes. * There's also an FTBFS with newer gcc. That needs to be fixed. Frank, can you please confirm if the following CVEs are fixed in 1.6 ? https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2502 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2503 CVE-2011-1769 CVE-2011-1781 It doesn't talk about the exact systemtap version in the bug report. -- Ritesh Raj Sarraf | http://people.debian.org/~rrs Debian - The Universal Operating System signature.asc Description: OpenPGP digital signature
Re: Forw/Re: Removal of systemtap from testing
Hi, Ritesh - On Fri, Jul 29, 2011 at 01:01:54PM +0530, Ritesh Raj Sarraf wrote: [...] The 1.6 packaging is almost done. It runs on my box. Thank you very much. TODO: * 1.6 stripped down many things. The systemtap-client package is almost empty. The only worthy file it installs is stap-env. I'm not sure if that is still required (I use stap only on my local box). You can eliminate the -client subpackage entirely. That facility is built into the main stap executable now. * There were a bunch of CVEs. We need to run through them to check which all are fixed in the 1.6 release. If they are not, we need to pull in those fixes. They are. * There's also an FTBFS with newer gcc. That needs to be fixed. We're happy to pull in such patches; we'll keep an eye out here: http://anonscm.debian.org/gitweb/?p=collab-maint/systemtap.git;a=tree;f=debian/patches - FChE pgpoJylE0b9rP.pgp Description: PGP signature
Re: Forw/Re: Removal of systemtap from testing
Hi Lucas, On 28 July 2011 04:08, Lucas Nussbaum lu...@lucas-nussbaum.net wrote: ... What would help: - subscribe to systemtap email notifications on the PTS (http://packages.qa.debian.org/s/systemtap.html, see little box on the bottom left corner) and contribute to the bug mail when you receive some - go through systemtap bugs on http://bugs.debian.org/cgi-bin/pkgreport.cgi?repeatmerged=nosrc=systemtap comment on them by sending email to bugnum...@bugs.debian.org (e.g 635...@bugs.debian.org) I'm interested in systemtap, but don't have much time to spend on maintaining it currently. I don't know: I'm in a similar camp - I'd like to help but time is always the enemy. I would be interested in being part of a maintainer team though, if others are keen? I'm happy to go through the current deb packaging and update it for current systemtap and to the current deb standards version (unless someone has already started?) but I wont be able to do that by tomorrow. - how many of the current critical issues affecting the Debian package are fixed in the latest upstream version (1.5). (I expect all of them) - if that latest upstream version would work on Debian Any input on that would be very much appreciated. It works well (for non-uprobe tracing), I've used 1.5 recently on unstable, and I'd expect 1.6 to be OK there too. cheers. -- Nathan
Removal of systemtap from testing
Hello, Systemtap seems in pretty bad shape. Its removal from testing has been requested (See #635543) and will be effective by Saturday if still not fixed. It you still care about systemtap, please step up and offer your help to fix it. Regards, -- Mehdi Dogguy مهدي الدڤي http://dogguy.org/ -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4e2fdd92.7000...@dogguy.org
Forw/Re: Removal of systemtap from testing
Hi - mehdi wrote on debian-devel: Systemtap seems in pretty bad shape. Its removal from testing has been requested (See #635543) and will be effective by Saturday if still not fixed. It you still care about systemtap, please step up and offer your help to fix it. While we have no debian contributors on the team, would it help if we adopt debian build metadata within the source tree? (For what it's worth, the recent unprivileged-usage-related security problems may not affect debian, as debian kernels lack user-space probing support, so unprivileged/stapusr configurations are unlikely.) - FChE -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110727143939.ga18...@redhat.com
Re: Removal of systemtap from testing
On 07/27/2011 11:42 AM, Mehdi Dogguy wrote: Systemtap seems in pretty bad shape. Its removal from testing has been requested (See #635543) and will be effective by Saturday if still not fixed. hum, Julien already put a hint for it and it is now removed from testing. It is always possible to have it back as soon as it gets fixed. Regards, -- Mehdi Dogguy مهدي الدڤي http://dogguy.org/ -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4e304347.5050...@dogguy.org
Re: Forw/Re: Removal of systemtap from testing
On 27/07/11 at 10:39 -0400, Frank Ch. Eigler wrote: Hi - mehdi wrote on debian-devel: Systemtap seems in pretty bad shape. Its removal from testing has been requested (See #635543) and will be effective by Saturday if still not fixed. It you still care about systemtap, please step up and offer your help to fix it. While we have no debian contributors on the team, would it help if we adopt debian build metadata within the source tree? Hi, I don't think so: it's usually considered better practice to keep the debian packaging separate from the upstream sources (even if YMMV). What would help: - subscribe to systemtap email notifications on the PTS (http://packages.qa.debian.org/s/systemtap.html, see little box on the bottom left corner) and contribute to the bug mail when you receive some - go through systemtap bugs on http://bugs.debian.org/cgi-bin/pkgreport.cgi?repeatmerged=nosrc=systemtap comment on them by sending email to bugnum...@bugs.debian.org (e.g 635...@bugs.debian.org) I'm interested in systemtap, but don't have much time to spend on maintaining it currently. I don't know: - how many of the current critical issues affecting the Debian package are fixed in the latest upstream version (1.5). (I expect all of them) - if that latest upstream version would work on Debian Any input on that would be very much appreciated. If you want to dig deeper, the debian package are available from git (see links on the PTS page mentioned above). Thanks, - Lucas -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110727180819.ga5...@xanadu.blop.info
Re: Forw/Re: Removal of systemtap from testing
On 07/27/2011 11:08 AM, Lucas Nussbaum wrote: I'm interested in systemtap, but don't have much time to spend on maintaining it currently. I don't know: - how many of the current critical issues affecting the Debian package are fixed in the latest upstream version (1.5). (I expect all of them) The latest is actually 1.6, released two days ago. All known security bugs are fixed in that release. Compatibility issues should also be fixed, e.g. for the gcc 4.6 bug 625414. If for some reason you couldn't update to the latest, we can certainly help identify the patches needed. - if that latest upstream version would work on Debian It should. We strive to maintain compatibility all the way from RHEL4 (kernel 2.6.9+) to Fedora rawhide (now kernel 3.0). So as much as any older version of systemtap worked on Debian, the new should too, and we'll gladly accept bugs reporting otherwise. Josh -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4e305a8a.9010...@redhat.com