Bug#1030119: Bug#1018260: openssh-server: fills the log with "deprecated reading of user environment enabled"
On Tue, 31 Jan 2023 10:52:54 + Colin Watson wrote: > There's now > https://salsa.debian.org/ssh-team/openssh/-/merge_requests/21 for this, > but as noted there I have documentation concerns about simply removing > this. Copying my comments from there: > At a bare minimum, this needs an entry in debian/NEWS. But I'd go > further: I think this should be documented in Debian's release notes > (repository at https://salsa.debian.org/ddp-team/release-notes) for a > release before we make this change. That won't inform everyone, but > it should reduce the number of people caught unawares by this. Any > other practical ideas for informing affected users would be welcome. > Was there an update on this bug against release-notes: the MR against openssh at https://salsa.debian.org/ssh-team/openssh/-/merge_requests/21/diffs doesnt seem to be merged - has this been parked? Based on the text in that MR , but if I i used this feature i would want to know: - can this prevent me logging in? (eg if i am doing the upgrade over ssh) - will it drop my ssh connection (release-notes does iirc advise upgrading inside tmux or screen) - what do i do if i need the settings in pam-envionment - can i add them to ssh_config? (I assume re-enabling a deprecated setting is not a good thing to recommend in release-notes) (and should i do so before or after upgrading?) The release notes could say something like: ssh no longer reads ~/.pam-environment The ssh package, which allows secure login to remote systems, no longer reads the user's ~/.pam_environment file by default. See for details. If you used this feature, you should move variables set in ~/.pam_environment file to ~/.ssh/ssh_config before upgrading . (should there be something about the pam deprecation itself?)
Bug#1012174: Inconsistent advice wrt security archive
On Tue, 31 May 2022 16:13:27 +0100 Brian Potkin wrote: > On Tue 31 May 2022 at 14:58:00 +0200, Julien Cristau wrote: > > On Tue, May 31, 2022 at 02:26:39PM +0200, David Prévot wrote: > > > The [errata] advises one to use > > > > > > deb http://security.debian.org/debian-security bullseye-security main > > > contrib non-free > > > > > > while the [release-notes] advises > > > > > > deb https://deb.debian.org/debian-security bullseye-security main > > > contrib > > > errata: https://www.debian.org/releases/stable/errata#security > > > release-notes: > > > https://www.debian.org/releases/stable/amd64/release-notes/ch-information#security-archive > > > > > The release-notes version is preferred, as far as scheme and hostname. > > There appears to be a consensus in favour of https. For example: > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992692#37 In release-notes the only http:// i could find was in en/upgrading.dbk (apart from inside xmlns markup) https://salsa.debian.org/ddp-team/release-notes/-/merge_requests/160 has just been submitted to update this to https I dont think the 'errata' page above is in the release-notes repository (?)
Bug#992345:
package: release-notes # disk space tags 992345 + patch # usrmerge tags 992116 + patch # both patches are in salsa MRs
Bug#992113: release-notes: Initial availability of Bazel build system in Debian
On Wed, 11 Aug 2021 15:28:12 -0400 Olek Wojnar wrote: > If possible, please include the following in section 2.2 (What's new in the > distribution?) of the release notes for the following architectures: > amd64, arm64, ppc64el, s390x, ppc64, riscv64 Is this perhaps an old bug that should be closed - bullseye seems to have a bazel-bootstrap package, so not sure there is anything needed for bookworm? > 2.2.x Initial availability of the Bazel build system > The [Bazel](https://bazel.build/) build system is available in Debian > starting with this release. This is a bootstrap variant that will not include > local versions of the extended Bazel ecosystem. However, the current package > **does** provide identical functionality to core upstream Bazel, with the > advantage of convenient Debian package management for the installation. While > building Debian packages is not currently recommended, any software that > supports Bazel builds should build normally using this Debian-native Bazel > package. This includes build-time downloads of required dependencies. > > The [Debian Bazel Team](https://salsa.debian.org/bazel-team/meta) is working > to package an extensible version of Bazel for future Debian releases. This > extensible version will allow additional components of the Bazel ecosystem to > be included as native Debian packages. More importantly, this version will > allow Debian packages to be built using Bazel. Contributions to the team are > welcome!
Processed: Re: Bug#1030040: release-notes: usrmerge and dist-upgrade
Processing control commands: > tags -1 + patch Bug #1030040 [release-notes] release-notes: usrmerge and dist-upgrade Added tag(s) patch. -- 1030040: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030040 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1030040: release-notes: usrmerge and dist-upgrade
control: tags -1 + patch (In case of duplication, just wanted to ensure the BTS had a link to this MR (which covers this and the other bug about usrmerge): https://salsa.debian.org/ddp-team/release-notes/-/merge_requests/155
Bug#1034248: release-notes: Document that GTK4 apps are not accessible with screen reader
On Thu, 27 Apr 2023 22:19:53 +0200 Holger Wansing wrote: > Hi Paul, > > Paul Gevers wrote (Thu, 27 Apr 2023 22:10:16 +0200): > > > > + If you depend on a screen reader and want to upgrade to , > > we suggest > > + that you install a desktop like MATE instead of GNOME. > > > > I guess our recommendation also holds for new installs. So maybe leave > > out the "and want to upgrade to bookworm" part? I think this should be very high up - first in the file, rather than at the end - seems like this is going to be a really big issue for some people. Perhaps at least tell them how to switch to mate (eg: what package to install - is it mate-desktop or is mate-desktop-environment needed for accessibility - i assume the latter is better?) And can we clarify "much less accessible" mean - doesnt work at all or something less worrying? (i couldnt find anything aimed at users on this) also - is a switch to mate rally all that is needed - would you not also need to switch away from every GTK4 app as well?, or do apps under mate revert to GTK3 again? Especially i would want to know: does Orca work under Mate? do any settings copy across? (i found a page on debian's wiki but it's not very illuminating - hopefully because it all just works!) Is it all screen readers (2nd para) or just orca? Some minor word changes and markup suggestions: (I wasnt sure if i have described GTK3/4 right - is it better to say version 4 of GTK for example?) GNOME has reduced accessibility support for screen readers Many GNOME apps have switched from the GTK3 graphics toolkit to GTK4. Sadly, this has made many apps much less usable with screen readers such as Orca. If you depend on a screen reader you should consider switching to a different desktop such as https://mate-desktop.org;>Mate, which has better accessibility support. You can do this by installing the mate-desktop-environment package. Information about how to use Orca under Mate is available at https://wiki.debian.org/Accessibility/Orca#MATE;>here. Ideally someone who is affected by this would comment too - im sure there are lots of questions that wouldnt occur to me that should be included here.
Bug#1028149: bookworm: ntp has been replaced by ntpsec
control: tags -1 + patch thanks > On Sat, Apr 15, 2023 at 04:31:45PM +0100, Richard Lewis wrote: > > if no-one else does, i can draft some text that says > > - ntp is dropped (do we know why?). > > I think the main reason is very slow upstream development with a large > number of known unfixed security issues. > > > ntpsec is a direct replacement, > > but there is also chrony > > openntpd is another NTP client that I think should be recommended. > (Not as a server though.) proposed text is at https://salsa.debian.org/ddp-team/release-notes/-/merge_requests/156 (i included openntpd as an alternative but didn't try and explain the differences - didn't think it was easy to do so clearly!)
Processed: Re: Bug#1028149: bookworm: ntp has been replaced by ntpsec
Processing control commands: > tags -1 + patch Bug #1028149 [release-notes] bookworm: ntp has been replaced by ntpsec Added tag(s) patch. -- 1028149: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1028149 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#992345:
control: tags + patch thanks This one, on free space needed is hopefully addressed by https://salsa.debian.org/ddp-team/release-notes/-/merge_requests/159
Bug#992116: release-notes: Add breakage from merged-/usr-via-aliased-dirs
control: tags + patch thanks Think this is covered by https://salsa.debian.org/ddp-team/release-notes/-/merge_requests/155
Bug#1033675: release-notes: apt-key improves system security with 3rd party sources
On Wed, 29 Mar 2023 22:58:35 +0200 Rainer Dorsch wrote: > according to > https://linuxnews.de/2021/04/10/debian-11-repositories-aus-3-hand-ohne-apt-key-einbinden/ > Debian 12 supports and requires a safer way to import keys for 3rd > party repos. If that is the case, I suggest to add this to the release notes, > since it is a nice security enhancement feature. hi this sounds interesting - i can help develop some text, but you will need me more info on what the new feature is: the webpage you link to is in german, but the title says debian 11, and the first links is to a wiki page giving instructions for 'stretch or later'. The bit about writing 'signed-by' in sources.list has been available since, i think, buster so is there actually a new feature for debian 12?
Bug#1035336: release-notes: libgdal-perl dropped in Bookworm
Package: release-notes Severity: normal The ubiquitous geospatial GDAL library dropped the XS-based Perl binding, almost one year ago. As a consequence the Perl binding is not more directly supported at upstream level and developers/users that need a Perl support for GDAL must migrate to the FFI interface provided by Geo::GDAL::FFI package, available on CPAN. As a direct consequence, Bookworm is missing a Perl binding for GDAL (libgdal-perl in Bullseye and previous Debian releases). A wiki page is available at https://wiki.debian.org/BookwormGdalPerl to help users to start migration to the new interface.