Processed: Re: Bug#668895: RFS: termsaver/0.1.1-1 [ITP]
Processing commands for cont...@bugs.debian.org: reassign 668895 sponsorship-requests Bug #668895 [termsaver] RFS: termsaver/0.1.1-1 [ITP] Warning: Unknown package 'termsaver' Bug reassigned from package 'termsaver' to 'sponsorship-requests'. No longer marked as found in versions 0.1.1. Ignoring request to alter fixed versions of bug #668895 to the same values previously set severity 668895 wishlist Bug #668895 [sponsorship-requests] RFS: termsaver/0.1.1-1 [ITP] Severity set to 'wishlist' from 'normal' thanks Stopping processing here. Please contact me if you need assistance. -- 668895: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668895 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-mentors-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/handler.s.c.13345646402774.transcr...@bugs.debian.org
RFS: augeas/0.10.0-0.1 [NMU]
Package: sponsorship-requests Severity: normal Dear mentors, I am looking for a sponsor for my package augeas * Package name : augeas Version : 0.10.0-0.1 Upstream Author : David Lutterkort dlut...@redhat.com et al. * URL : http://augeas.net * License : LGPL 2.1 Section : libs It builds those binary packages: augeas-dbg - Debugging symbols for libaugeas0 augeas-doc - Augeas lenses documentation augeas-lenses - Set of lenses needed by libaugeas0 to parse config files augeas-tools - Augeas command line tools libaugeas-dev - Development files for writing applications based on libaugeas0 libaugeas0 - Augeas configuration editing library and API To access further information about this package, please visit the following URL: http://mentors.debian.net/package/augeas Alternatively, one can download the package with dget using this command: dget -x http://mentors.debian.net/debian/pool/main/a/augeas/augeas_0.10.0-0.1.dsc Changes since the last upload: augeas (0.10.0-0.1) unstable; urgency=low . * Non-maintainer upload * New upstream release * Updated symbols * Added upstream patch for sudoers (Closes: #650079) * Added upstream patch for debctl (Closes: #650887) * Added upstream patch for modprobe (Closes: #641813) * Closes: #602703, #510850, #648772 (fixed early in upstream) * Fixed build-deps (build-depends-on-1-revision) Regards, Igor Pashev -- To UNSUBSCRIBE, email to debian-mentors-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CALL-Q8yCSF=pnxb+fc0x3b-sxsjotmgkt8st3e6inv6jofq...@mail.gmail.com
Re: RFS: augeas/0.10.0-0.1 [NMU]
On 04/16/2012 11:20 AM, Игорь Пашев wrote: dget -x http://mentors.debian.net/debian/pool/main/a/augeas/augeas_0.10.0-0.1.dsc Changes since the last upload: augeas (0.10.0-0.1) unstable; urgency=low . * Non-maintainer upload * New upstream release * Updated symbols * Added upstream patch for sudoers (Closes: #650079) * Added upstream patch for debctl (Closes: #650887) * Added upstream patch for modprobe (Closes: #641813) * Closes: #602703, #510850, #648772 (fixed early in upstream) What do you mean by fixed early in upstream? * Fixed build-deps (build-depends-on-1-revision) ^^^ You also added a new build-dependency. Please mention that in the changelog, the current entry suggests you only removed the -1. Did you try to contact the package maintainers? Regards, Ansgar -- To UNSUBSCRIBE, email to debian-mentors-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4f8bebe6.4050...@43-1.org
Re: RFS: augeas/0.10.0-0.1 [NMU]
16.04.2012 13:52, Ansgar Burchardt пишет: On 04/16/2012 11:20 AM, Игорь Пашев wrote: dget -x http://mentors.debian.net/debian/pool/main/a/augeas/augeas_0.10.0-0.1.dsc Changes since the last upload: augeas (0.10.0-0.1) unstable; urgency=low . * Non-maintainer upload * New upstream release * Updated symbols * Added upstream patch for sudoers (Closes: #650079) * Added upstream patch for debctl (Closes: #650887) * Added upstream patch for modprobe (Closes: #641813) * Closes: #602703, #510850, #648772 (fixed early in upstream) What do you mean by fixed early in upstream? I mean these bugs were fixed in previous versions (0.8, 0.9), but not mentioned in debian/changelog. I though never-fixed-bugs is worse than this changelog entry. * Fixed build-deps (build-depends-on-1-revision) ^^^ You also added a new build-dependency. Please mention that in the changelog, the current entry suggests you only removed the -1. Ok. Did you try to contact the package maintainers? No. I just needed newer version ASAP, so here it is, and at one I decided to review bugs and upload the new package. -- To UNSUBSCRIBE, email to debian-mentors-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4f8bf95e.9030...@gmail.com
Bug#668895: RFS: termsaver/0.1.1-1 [ITP]
Thanks again Gergely, and sorry for the trouble. I read the RFS doc, but somehow I thought I needed to adjust those for my package. What is the next step in the process? Waiting time? Or, can I do anything? Regards, -- *Braga, Bruno* www.brunobraga.net bruno.br...@gmail.com On Mon, Apr 16, 2012 at 6:23 PM, Gergely Nagy alger...@balabit.hu wrote: reassign 668895 sponsorship-requests severity 668895 wishlist thanks Bruno Braga bruno.br...@gmail.com writes: Package: termsaver Version: 0.1.1 Severity: normal When filing RFS bugs, please use the appropriate pseudo-package (sponsorship-requests), so that the report ends up getting filed at the right place, and reaches potential sponsors. For new packages, the severity should also be 'wishlist'. I have reassigned your request, and changed the severity, but in the future, please follow the guidelines of the RFS howto[1]. [1]: http://mentors.debian.net/sponsors/rfs-howto -- |8]
Re: RFS: augeas/0.10.0-0.1 [NMU]
On Mon, Apr 16, 2012 at 4:20 PM, Igor Pashev pashev.i...@gmail.com wrote: Did you try to contact the package maintainers? No. I just needed newer version ASAP, so here it is, and at one I decided to review bugs and upload the new package. Not a right way! Please contact maintainer first. -- Kartik Mistry | IRC: kart_ {0x1f1f, kartikm}.wordpress.com -- To UNSUBSCRIBE, email to debian-mentors-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/capdygeyrkffhdhvwvsky2juobodz-0ddz+ga_yjhxkjzwky...@mail.gmail.com
Re: RFS: augeas/0.10.0-0.1 [NMU]
On 04/16/2012 12:50 PM, Igor Pashev wrote: 16.04.2012 13:52, Ansgar Burchardt пишет: On 04/16/2012 11:20 AM, Игорь Пашев wrote: * Closes: #602703, #510850, #648772 (fixed early in upstream) What do you mean by fixed early in upstream? I mean these bugs were fixed in previous versions (0.8, 0.9), but not mentioned in debian/changelog. I though never-fixed-bugs is worse than this changelog entry. In this case they should not be closed via a changelog entry for the new version, but with a simple mail to the BTS. See [1] for details how to do so (please remember to include the Version: header with the first version in Debian that fixed the bug). [1] http://www.debian.org/Bugs/Developer#closing Did you try to contact the package maintainers? No. I just needed newer version ASAP, so here it is, and at one I decided to review bugs and upload the new package. Please do so first, for example by asking for the new version in the BTS. You can also include your proposed NMU diff if you want to help the maintainer. A NMU should only be done if the maintainer is busy and cannot react himself. Regards, Ansgar -- To UNSUBSCRIBE, email to debian-mentors-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4f8c048b.2080...@debian.org
Re: [opensuse-buildservice] how to create a debian watch file for tarballs hosted on the OBS.
Am Samstag, 14. April 2012, 20:01:49 schrieb Paul Elliott: How to create a watch file for a tarball found on the OBS (Open Build Service). What is a watch file? Where is it defined and what exactly is it supposed to do? ... So you create a watch file that looks like this: version=3 opts=filenamemangle=s/\?rev=.*// \ https://build.opensuse.org/package/files?package=libreoffice-converterproject=LibreOffice:Unstable \ Using build.o.o is always a bad idea for automated stuff, since we do not guarantee that the layout or URL's are not changing. https://api.opensuse.org:443/public/source/LibreOffice:Unstable/libreoffice-converter/libreoffice-converter-(\d\.\d)\.tar\.bz2\?rev=.* /public is only intended to be used by remote OBS instances. So the api is also not guaranteed and stable. I guess you want to know about source changes in some packages. Our offical api to get notified by that is notify.opensuse.org (part of hermes). http://en.opensuse.org/openSUSE:Hermes -- Adrian Schroeter SUSE Linux Products GmbH email: adr...@suse.de -- To UNSUBSCRIBE, email to debian-mentors-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4885371.ECssQUqqbv@scherben
Re: [opensuse-buildservice] how to create a debian watch file for tarballs hosted on the OBS.
Hi, On 16.04.2012 16:35, Adrian Schröter wrote: Am Samstag, 14. April 2012, 20:01:49 schrieb Paul Elliott: How to create a watch file for a tarball found on the OBS (Open Build Service). What is a watch file? Where is it defined and what exactly is it supposed to do? A watch file is a file within a Debian source package which is describing based on URL patterns where upstream release tarballs can be found and retrieved. This is useful to track upstream development and get notified if a new release was published. The file is being read by uscan(1) [1] and other Debian core services. [1] http://manpages.debian.net/cgi-bin/man.cgi?query=uscan -- with kind regards, Arno Töll IRC: daemonkeeper on Freenode/OFTC GnuPG Key-ID: 0x9D80F36D signature.asc Description: OpenPGP digital signature
Bug#669016: RFS: gyoto/0.0.1-1 [ITP] -- general relativistic ray-tracing and orbit computation
Hello, I just had a quick look at the website : We also request that Gyoto modifications, extensions or plug-ins leading to a scientific publication be made public as free software reasonably fast (within one year after publication of the scientific paper), for instance by contributing it directly to the Gyoto code base. Contributors will be listed in the relevant source files as well as in the AUTHORS file in the package. As this is a restriction on its use, this should go in debian/copyright. I also believe that it is not DFSG compliant, as it is not possible to make gyoto plugins that are both leading to a publication and for private (or commercial) use. -- Etienne Millon -- To UNSUBSCRIBE, email to debian-mentors-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120416153810.GB16996@klow
Bug#669016: RFS: gyoto/0.0.1-1 [ITP] -- general relativistic ray-tracing and orbit computation
In response to: bugs.debian.org/669016 Software homepage mentioned below: http://gyoto.obspm.fr/ Le 16/04/12 17:38, Etienne Millon a écrit : Hello, I just had a quick look at the website : We also request that Gyoto modifications, extensions or plug-ins leading to a scientific publication be made public as free software reasonably fast (within one year after publication of the scientific paper), for instance by contributing it directly to the Gyoto code base. Contributors will be listed in the relevant source files as well as in the AUTHORS file in the package. As this is a restriction on its use, this should go in debian/copyright. I also believe that it is not DFSG compliant, as it is not possible to make gyoto plugins that are both leading to a publication and for private (or commercial) use. Hi, Thanks for your interest. I'm actually upstream here too and I my intent is to remain fully DFSG-compatible: this is a request, not a requirement. We don't intend this sentence to be legally binding. We won't sue anybody for not complying with this request, it's just that it's fair to do so. Request here is the same word as used two lines above when we request a citation if a paper is published based on Gyoto computations. If this wording is not sufficiently clear, can you propose a clearer one? I'm CC:-ing -legal to get other opinions. Kind regards, Thibaut. -- To UNSUBSCRIBE, email to debian-mentors-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4f8c442a.6040...@users.sourceforge.net
Re: Bug#668881: autoconf-archive: typo in ax_with_curses: AX_MSG_ERROR - AC_MSG_ERROR
Dear mentors, i have just uploaded under mentor a new version of autoconf archive. Source package: http://mentors.debian.net/debian/pool/main/a/autoconf-archive/autoconf-archive_20120407-1.dsc It closes bugs 668881. Please review it. Bastien -- To UNSUBSCRIBE, email to debian-mentors-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/cae2spazpj3k+tar3ijs18zyrctcpvbwbgxs9nx9uj0pueya...@mail.gmail.com
Bug#669016: RFS: gyoto/0.0.1-1 [ITP] -- general relativistic ray-tracing and orbit computation
Le 16/04/12 18:09, Thibaut Paumard a écrit : In response to: bugs.debian.org/669016 Software homepage mentioned below: http://gyoto.obspm.fr/ Le 16/04/12 17:38, Etienne Millon a écrit : We also request that Gyoto modifications, extensions or plug-ins leading to a scientific publication be made public as free software reasonably fast (within one year after publication of the scientific paper), for instance by contributing it directly to the Gyoto code base. Contributors will be listed in the relevant source files as well as in the AUTHORS file in the package. I also believe that it is not DFSG compliant, as it is not possible to make gyoto plugins that are both leading to a publication and for private (or commercial) use. Besides, the fact that gyoto is GPLed in itself forbids making commercial plug-ins: http://www.gnu.org/licenses/gpl-faq.en.html#GPLAndPlugins Private plug-ins is another matter. Regards, Thibaut. -- To UNSUBSCRIBE, email to debian-mentors-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4f8c4b40.4050...@users.sourceforge.net
Re: Bug#669016: RFS: gyoto/0.0.1-1 [ITP] -- general relativistic ray-tracing and orbit computation
- AUTOMATYCZNY raport antySPAMowy -- Oprogramowanie do wykrywania spamu, dzia³aj±ce na serwerze: *** fenski.pl ***, zidentyfikowa³o ten email jako prawdopodobny spam. Oryginalna wiadomo¶æ zosta³a do³±czonado tej, aby mo¿na by³o j± przejrzeæ, zweryfikowaæ lub zablokowaæ na przysz³o¶æ. Je¿eli masz jakie¶ w±tpliwo¶ci, to kieruj je pod adres the administrator of that system Przegl±d zawarto¶ci: W dniu 16.04.2012 18:39, Thibaut Paumard pisze: Le 16/04/12 18:09, Thibaut Paumard a écrit : In response to: bugs.debian.org/669016 Software homepage mentioned below: http://gyoto.obspm.fr/ Le 16/04/12 17:38, Etienne Millon a écrit : We also request that Gyoto modifications, extensions or plug-ins leading to a scientific publication be made public as free software reasonably fast (within one year after publication of the scientific paper), for instance by contributing it directly to the Gyoto code base. Contributors will be listed in the relevant source files as well as in the AUTHORS file in the package. I also believe that it is not DFSG compliant, as it is not possible to make gyoto plugins that are both leading to a publication and for private (or commercial) use.Besides, the fact that gyoto is GPLed in itself forbids making commercial plug-ins: http://www.gnu.org/licenses/gpl-faq.en.html#GPLAndPlugins Private plug-ins is another matter. [...] Szczegó³y analizy zawarto¶ci: (5.6 zaliczonych, 5.0 wymaganych) pkt nazwa regu³y krótki opis -- --- 3.6 RCVD_IN_PBLRBL: Received via a relay in Spamhaus PBL [178.182.35.167 listed in zen.spamhaus.org] 0.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP address [178.182.35.167 listed in dnsbl.sorbs.net] 1.6 RCVD_IN_BRBL_LASTEXT RBL: RCVD_IN_BRBL_LASTEXT [178.182.35.167 listed in bb.barracudacentral.org] 0.4 RDNS_DYNAMIC Delivered to internal network by host with dynamic-looking rDNS 0.0 KHOP_DYNAMIC Relay looks like a dynamic address 0.0 HELO_MISC_IP Looking for more Dynamic IP Relays ---BeginMessage--- W dniu 16.04.2012 18:39, Thibaut Paumard pisze: Le 16/04/12 18:09, Thibaut Paumard a écrit : In response to: bugs.debian.org/669016 Software homepage mentioned below: http://gyoto.obspm.fr/ Le 16/04/12 17:38, Etienne Millon a écrit : We also request that Gyoto modifications, extensions or plug-ins leading to a scientific publication be made public as free software reasonably fast (within one year after publication of the scientific paper), for instance by contributing it directly to the Gyoto code base. Contributors will be listed in the relevant source files as well as in the AUTHORS file in the package. I also believe that it is not DFSG compliant, as it is not possible to make gyoto plugins that are both leading to a publication and for private (or commercial) use. Besides, the fact that gyoto is GPLed in itself forbids making commercial plug-ins: http://www.gnu.org/licenses/gpl-faq.en.html#GPLAndPlugins Private plug-ins is another matter. They also force you to acknowledge using it in scientific publications. I doubt it's DFSG free. regards fEnIo ---End Message---
Re: Upload to mentors.debina.net disappeared without a trace.
On Sunday, April 15, 2012 02:39:49 AM Paul Wise wrote: The FTP importer was stuck for some reason, I've restarted it, it is back now and your package was imported: http://mentors.debian.net/package/libreoffice-converter Please consider using HTTP to upload since it results in immediate feedback. The following error message shows why I don't use http: $ dput mentors *.changes Checking signature on .changes gpg: Signature made Mon 16 Apr 2012 03:35:24 PM CDT using DSA key ID 345CDD99 gpg: Good signature from Paul Elliott pelli...@blackpatchpanel.com gpg: aka Paul Elliott pelli...@io.com Good signature on /home/pelliott/develop/git/loconvert/sid/try/libreoffice-converter_3.3-2_i 386.changes. Checking signature on .dsc gpg: Signature made Mon 16 Apr 2012 03:35:12 PM CDT using DSA key ID 345CDD99 gpg: Good signature from Paul Elliott pelli...@blackpatchpanel.com gpg: aka Paul Elliott pelli...@io.com Good signature on /home/pelliott/develop/git/loconvert/sid/try/libreoffice-converter_3.3-2.d sc. Uploading to mentors (via http to mentors.debian.net): Uploading libreoffice-converter_3.3-2.dsc: done. Uploading libreoffice-converter_3.3-2.debian.tar.gz: Traceback (most recent call last): File /usr/bin/dput, line 926, in module main() File /usr/bin/dput, line 889, in main files_to_upload, debug, 0, progress=progress) File /usr/share/dput/http.py, line 103, in upload conn.endheaders() File /usr/lib/python2.7/httplib.py, line 954, in endheaders self._send_output(message_body) File /usr/lib/python2.7/httplib.py, line 814, in _send_output self.send(msg) File /usr/lib/python2.7/httplib.py, line 776, in send self.connect() File /usr/lib/python2.7/httplib.py, line 757, in connect self.timeout, self.source_address) File /usr/lib/python2.7/socket.py, line 553, in create_connection for res in getaddrinfo(host, port, 0, SOCK_STREAM): socket.gaierror: [Errno -2] Name or service not known The ftp server may be down but at least the upload works. -- Paul Elliott 1(512)837-1096 pelli...@blackpatchpanel.com PMB 181, 11900 Metric Blvd Suite J http://www.free.blackpatchpanel.com/pme/ Austin TX 78758-3117 signature.asc Description: This is a digitally signed message part.
Bug#668966: RFS: dparser-1.16-1 [ITP] -- a scannerless GLR parser generator
Please use X-Debbugs-Cc instead of regular Cc when filing bugs: http://www.debian.org/Bugs/Reporting#xcc Thanks! I don't intend to sponsor this package, but here's my review: * Markus Wanner mar...@bluegap.ch, 2012-04-16, 07:45: http://mentors.debian.net/debian/pool/main/d/dparser/dparser_1.26-1.dsc base-makefile-fixes.patch removes this line: LIBS += -lm But this is explained neither in the patch description nor in the changelog. The fix-python-makefile patch will break if Python version is longer than 3 characters. (I know, unlikely, but it still bothers me. ;P) You could query distutils directly for the build directory using the following code: python -c 'from distutils.command.build import build; from distutils.core import Distribution; b = build(Distribution()); b.finalize_options(); print b.build_platlib' More importantly, the fix-python-makefile patch violates Policy §4.6. Oh, and please don't add commented-out code, thanks. Have you forwarded the manpage-hyphen-correction patch upstream? Why priority extra? I'd use optional. I'd rather not use ${python:Provides}. See: http://lists.debian.org/20110324164804.ga5...@jwilk.net In debian/copyright, you need to either add newlines (escaped by dots) between list items or indent the whole list by an extra space. (License uses the same rules as Description in debian/control; see Policy §5.6.13 for details.) Please honour DEB_BUILD_OPTIONS=nocheck. Please honour DEB_BUILD_OPTIONS=noopt. This part of upstream makefile: ifeq ($(ARCH),x86_64) CFLAGS += -fPIC endif smells like a violation of Policy §10.2. The package fails to build in a minimal environment: python2.6 setup.py build make[2]: python2.6: Command not found make[2]: *** [all] Error 127 I see lots of make[3]: svnversion: Command not found in the build log. Is that intentional? What is debian/dparser-doc.install for? Version declared in setup.py is 1.9. Shouldn't that be 1.26? -- Jakub Wilk -- To UNSUBSCRIBE, email to debian-mentors-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120416213550.ga7...@jwilk.net
Processed: fixing up a rfs
Processing commands for cont...@bugs.debian.org: severity 668877 wishlist Bug #668877 [sponsorship-requests] RFS: libreoffice-converter/3.3-1 [ITP] Severity set to 'wishlist' from 'normal' # NEW packages should be wishlist. thanks Stopping processing here. Please contact me if you need assistance. -- 668877: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668877 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-mentors-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/handler.s.c.133461274816385.transcr...@bugs.debian.org
Re: Upload to mentors.debina.net disappeared without a trace.
On 16.04.2012 23:26, Paul Elliott wrote: Uploading libreoffice-converter_3.3-2.debian.tar.gz: Traceback (most recent call last): File /usr/bin/dput, line 926, in module ... File /usr/lib/python2.7/socket.py, line 553, in create_connection for res in getaddrinfo(host, port, 0, SOCK_STREAM): socket.gaierror: [Errno -2] Name or service not known err, as much as I like to get the blame, but /this/ is not a problem we're responsible for. Both, HTTP and FTP uploads are generally working and your problem appears to be local. The problem is either dput (although I couldn't reproduce it) or there is something broken with your network connection. -- with kind regards, Arno Töll IRC: daemonkeeper on Freenode/OFTC GnuPG Key-ID: 0x9D80F36D signature.asc Description: OpenPGP digital signature
Processed: retitle 664584 to RFS: utouch-evemu/1.0.9-1 [ITP]
Processing commands for cont...@bugs.debian.org: retitle 664584 RFS: utouch-evemu/1.0.9-1 [ITP] Bug #664584 [sponsorship-requests] RFS: utouch-evemu/1.0.8-1 [ITP] Changed Bug title to 'RFS: utouch-evemu/1.0.9-1 [ITP]' from 'RFS: utouch-evemu/1.0.8-1 [ITP]' thanks Stopping processing here. Please contact me if you need assistance. -- 664584: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=664584 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-mentors-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/handler.s.c.133462220428796.transcr...@bugs.debian.org
Dependencies for FastCGI
Hey mentors I have a question concerning one of my packages (fookebox). It currently depends on libapache2-mod-wsgi | httpd-wsgi since it's a web application that is typically called through WSGI. As requested in #667838, I now added the configuration files required to get it to run through FastCGI with python-flup. However, I am not entirely sure how to change my dependencies to indicate that this is a possibility. As I see it, one option would be to say that the package depends on either (libapache2-mod-wsgi | httpd-wsgi) or (libapache2-mod-fastcgi and python-flup). Yet a) I couldn't figure out the syntax to specify such a dependency and b) it would ignore the possibility of running FastCGI through anything other than libapache2-mod-fastcgi (there doesn't seem to be a virtual httpd-fastcgi package). Thus I figured the best way to do this is to change the current dependency into a recommendation (which would allow experienced admins to ignore it while still resulting in a working installation for people who don't care) and add libapache2-mod-fastcgi and python-flup as suggestions to indicate that they are supported and tested mechanisms. Or I could just leave that out and add a note about this possibility to README.Debian. So, before I start messing around, I was hoping that somebody might have some input on this. Any thoughts / suggestions? cheers -- Stefan Ott http://www.ott.net/ You are not Grey Squirrel? -- To UNSUBSCRIBE, email to debian-mentors-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CAOk=tpq+top22qurh5kjjwaoeaosqes+kpn7c1evfvgidzu...@mail.gmail.com
RFC: Clonewise - Detecting code reuse and embedded code copies
The Debian Package clonewise-core (currently in the mentors archive) http://mentors.debian.net/package/clonewise-core http://www.foocodechu.com/downloads/clonewise -- Clonewise is a tool for detecting code reuse in Debian packages. This is also known as detecting embedded code copies. Debian maintains a database of packages that embed code in the security tracker. Clonewise is a tool to automate and supplement the manual tracking of packages. The primary use of it is for the security team who may identify a vulnerability in a library and want to know if that library is reused and embedded in any other Debian packages. -- QUICK GUIDE You might want to install the Clonewise database instead of generating it (which can take several days when you first run Clonewise). Download it from http://www.foocodechu.com/downloads/clonewise/ Example usage to discover if the source package libpng is reused in other Debian packages is as follows: $ Clonewise -vv libpng libpng CLONED_IN_SOURCE afterstep (18.457640) MATCH png.c (5.605583) (33.00) MATCH pngtrans.c (6.409078) (57.00) MATCH pngwtran.c (6.442979) (80.00) libpng CLONED_IN_PACKAGE libafterimage-dev libpng CLONED_IN_PACKAGE afterstep libpng CLONED_IN_PACKAGE afterstep-data libpng CLONED_IN_PACKAGE libafterimage0 libpng CLONED_IN_PACKAGE afterstep-dbg libpng CLONED_IN_PACKAGE libafterstep1 libpng CLONED_IN_SOURCE fltk1.1 (44.336105) MATCH png.c (5.605583) (58.00) MATCH pngerror.c (6.442979) (57.00) MATCH pngmem.c (6.442979) (85.00) MATCH pngpread.c (6.514438) (52.00) MATCH pngrio.c (6.478071) (77.00) MATCH pngtrans.c (6.409078) (63.00) MATCH pngwtran.c (6.442979) (80.00) libpng CLONED_IN_PACKAGE fltk1.1-doc libpng CLONED_IN_PACKAGE fltk1.1-games libpng CLONED_IN_PACKAGE libfltk1.1 libpng CLONED_IN_PACKAGE libfltk1.1-dbg libpng CLONED_IN_PACKAGE libfltk1.1-dev [ snip ] So libpng is embedded in the source packages afterstep and fltk1.1. Looking at my version of the embedded-code-copies file on the security tracker, I can see that fltk1.1 is actually referenced as libfltk1.1 and has been fixed a while ago. The security tracker is meant to report the source package name, so this should probably be fixed. Clonewise otherwise ignores embedded code copies that have been fixed (according to the security tracker). I can't see afterstep in the tracker, so again, we might need to make an update. We don't know if afterstep has been patched to use a system library so we need to investigate more - like seeing if libpng is a dependency of the afterstep package. In real usage, if libpng is buggy, it's probably important to do this and check the afterstep package to see if is vulnerable to a libpng bug. The matching files have a weight and a score that represents the significance of the file in the repository and and the similarity of the file between the two packages. CLONED_IN_SOURCE are the source packages. CLONED_PACKAGE are the binary packages built from the source package. -- BUILDING THE DATABASE If you don't install clonewise-database, then the database of the package repository will probably need to be built the first time you run Clonewise. You will need to be the superuser to do this and in all likelihood it will take several days to complete. Clonewise will run Clonewise-BuildDatabase when the database has not been built. It will download the entire Debian source repository, unpack the packages and generate signatures for each package. -- CONFIGURATION FILES There are a number of configuration files in Clonewise. /var/lib/Clonewise/extensions - contains a list of filename extensions that are used to identify source code. Clonewise ignores all reuse of non program code in package contents and this is how it knows this. /var/lib/Clonewise/threshold - is the default threshold of the amount of code reuse that needs to occur before Clonewise reports it. If you get too many false positives, then increase this number. You can also override this threshold on the command line with Clonewise -C threshold. /var/lib/Clonewise/ignore-these-fixed - is a list of package pairs from the embedded-code-copies file maintained in the Debian security tracker where it has been reported that the packages in question have been modified so system wide libraries are being used and there is no embedded code in the build. /var/lib/Clonewise/ignore-these-false-positives - is a list of package pairs that should not be reported as having code reuse. This file is intended to contain known false positives. -- HELPER UTILITIES Clonewise-ParseDatabase is a program to parse Debian's embedded-code-copies file maintained in the security tracker. Probably the main use of it is to generate the content for the ignore-these-fixed