Bug#685345: RFS: pidgin-latex/1.4.5-1
Hi Elías, You wrote: > This version fix a security issue If you want that fixed in wheezy, then I suggest to - submit a bug in the bts about this security issue - upload 1.4.4-2 to mentors with a fix for that bug - ask debian-release for an unblock Regards, Bart Martens -- To UNSUBSCRIBE, email to debian-mentors-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120821055741.ge24...@master.debian.org
Bug#684679: RFS: nullmailer/1:1.11-2 (security bugfix upload request)
Hi Nick, How about the umask-touch-chmod approach we discussed via private e-mail ? That would also work for a symlink if I'm not mistaken. (This is just a suggestion. I don't mind that you and Don proceed in a different way.) Regards, Bart Martens -- To UNSUBSCRIBE, email to debian-mentors-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120821052018.gc24...@master.debian.org
Bug#678343: Copyright
The skins of tilem contain photographs of TI calculators (e.g. file ti86.skn includes a jpeg picture of a TI-86 calculator at offset 0x571). I assume TI has the copyright for the design of the calculators. Is there no copyright issue in using photographs of these products as skins for non TI software? Best regards Heinrich Schuchardt -- To UNSUBSCRIBE, email to debian-mentors-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120821003503.19...@gmx.net
Bug#684679: RFS: nullmailer/1:1.11-2 (security bugfix upload request)
On Sun, Aug 19, 2012 at 10:16:50AM -0700, Don Armstrong wrote: > If bartm is unable to upload this, I will do it. However, you need to > first check that /etc/nullmailer/remotes is a regular file, as it > would be a perfectly reasonable configuration to have replaced > /etc/nullmailer/remotes with a symlink. Secondly, you really should > only do the replacement if /etc/nullmailer/remotes is world readable; > otherwise you should assume that the administrator has modified things > (for example, running nullmailer as an entirely different user). Hi Don, You raise some valuable issues, thanks. I think that merely not replacing, chmodding or chowning the file if it already exists is a simple and safe solution which allows the sysadmin to change what she wants post-installation. This does mean that existing installations will not be protected, but I don't think that that's important enough to be worth a NEWS entry to warn the admin. Thankyou very much for your review. I've amended the package accordingly and re-uploaded to mentors, and I hope it passes muster for upload. The updated debdiff is attached (same version number, new changelog timestamp). Thankyou Nick diff -Nru nullmailer-1.11/debian/changelog nullmailer-1.11/debian/changelog --- nullmailer-1.11/debian/changelog2012-06-16 16:36:28.0 +0100 +++ nullmailer-1.11/debian/changelog2012-08-20 23:02:07.0 +0100 @@ -1,3 +1,9 @@ +nullmailer (1:1.11-2) unstable; urgency=low + + * Make 'remotes' not world-readable (Closes: #684619) + + -- Nick Leverton Mon, 20 Aug 2012 23:02:04 +0100 + nullmailer (1:1.11-1) unstable; urgency=low * New upstream release diff -Nru nullmailer-1.11/debian/postinst nullmailer-1.11/debian/postinst --- nullmailer-1.11/debian/postinst 2012-05-16 08:25:36.0 +0100 +++ nullmailer-1.11/debian/postinst 2012-08-20 23:01:04.0 +0100 @@ -24,6 +24,13 @@ fi db_get nullmailer/relayhost + # securely create nullmailer/remotes with mode 0600 + if [ ! -L /etc/nullmailer/remotes -a ! -e /etc/nullmailer/remotes ] + then + R=$( tempfile -d /etc/nullmailer -p nullm ) + chown mail:mail $R + mv $R /etc/nullmailer/remotes + fi echo "$RET" | sed -r -e ':a s/(\[[^]:]*):/\1=/; ta' \ -e 's/[[:space:]]*:[[:space:]]*/\n/g' \ -e ':b s/(\[[^]=]*)=/\1:/; tb' \
Bug#669565: RFS: gammaray/1.1.0-1 [ITP] -- Tool for examining the internals of Qt application
Hi Felix, On 20.8.2012 18:26, Felix Geyer wrote: Upstream has released version 1.2.1 in the meantime. I see, imported to our repo. I noticed that you've removed 3rdparty/qt/private in the upstream tarball. This needs to be documented in README.source and preferably "+repack" added to the upstream version number. In this case however it would be much easier to keep them in the tarball and just remove those files in debian/rules before building. I chose a similar approach, but I don't delete the files in d/rules but only move them away so that dh_clean can restore the sources into original state. Regards, Jakub -- To UNSUBSCRIBE, email to debian-mentors-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/5032a07c@ktknet.cz
Bug#684585: marked as done (RFS: lbzip2/2.2-1 - fast, multi-threaded bzip2 utility [RC])
Your message dated Mon, 20 Aug 2012 16:20:05 + with message-id and subject line closing RFS: lbzip2/2.2-1 - fast, multi-threaded bzip2 utility [RC] has caused the Debian Bug report #684585, regarding RFS: lbzip2/2.2-1 - fast, multi-threaded bzip2 utility [RC] to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 684585: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684585 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: sponsorship-requests Severity: normal Dear mentors, I am looking for a sponsor for my package "lbzip2" * Package name: lbzip2 Version : 2.2-1 Upstream Author : Mikolaj Izdebski * URL : https://github.com/kjn/lbzip2 * License : GPL-3+ Section : utils It builds those binary packages: lbzip2 - fast, multi-threaded bzip2 utility To access further information about this package, please visit the following URL: http://mentors.debian.net/package/lbzip2 Alternatively, one can download the package with dget using this command: dget -x http://mentors.debian.net/debian/pool/main/l/lbzip2/lbzip2_2.2-1.dsc More information about lbzip2 can be obtained from https://github.com/kjn/lbzip2 Changes since the last upload: * New upstream release: - limited memory allocation, closes: #645999, - improved bzip2 compatibility, closes: #582476, - fixed several other minor bugs, closes: #673378. * debian/control: - drop version requirements on autotools, - bump Standards-Version to 3.9.3. * debian/copyright: - remove comment about maintainers involved in creation of the package, - update to reflect new upstream version. * debian/rules: execute Bourne shell scripts with sh instead of perl. * debian/compat: Bump to 9. Regards, Mikolaj Izdebski --- End Message --- --- Begin Message --- Package lbzip2 version 2.2-1 is in unstable now. http://packages.qa.debian.org/lbzip2--- End Message ---
Bug#669565: RFS: gammaray/1.1.0-1 [ITP] -- Tool for examining the internals of Qt application
On 20.08.2012 14:04, Jakub Adam wrote: > Hi Felix, > > On 16.8.2012 11:04, Felix Geyer wrote: >> I noticed some issues in the copyright file: >> >> - This one is missing: >>./core/palettemodel.cpp: Copyright (C) 2010 Ariya >> Hidayat >> >> - tools/ has been moved to core/tools/ >> >> - cmake/* is missing. >>Some of those files don't have a license header. >>It would be good to check with upstream under what license they are >> released. > > I fixed what I could figure out myself, for the rest of files in cmake/ I > asked > upstream [1], missing license headers are now added in their git [2] and also > in our d/copyright. Great, thanks! Upstream has released version 1.2.1 in the meantime. I noticed that you've removed 3rdparty/qt/private in the upstream tarball. This needs to be documented in README.source and preferably "+repack" added to the upstream version number. In this case however it would be much easier to keep them in the tarball and just remove those files in debian/rules before building. Felix -- To UNSUBSCRIBE, email to debian-mentors-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/5032652f.9030...@debian.org
Re: Bug#678992: RFS: grive/0.2.0-1 [ITP #675310]
Only a reminder about this RFS. Are anybody interested on sponsor the package? Best regards El 23/07/12 18:09, José Luis Segura Lucas escribió: > I know that these are difficult times for the new packages, but a little > of charity for a new Debian maintainer, please :-P > > Best regards > > El 26/06/12 17:36, Benoît Knecht escribió: >> severity 678992 wishlist >> thanks >> >> Hi José, >> >> José Luis Segura Lucas wrote: >>> I am looking for a sponsor for my package "grive" >>> >>> * Package name: grive >>> Version : 0.1.1+20120619git27g55c0f4e-1 >>> Upstream Author : Matchman Green and Nestal Wan >>> >>> * URL : http://www.lbreda.com/grive >>> * License : GPLv2 >>>Section : net >>> >>> It builds those binary packages: >>> >>> grive - Google Drive client for GNU/Linux >> I took a look at your package: >> >> - Since you're packaging a snapshot version, you should adjust your >> watch file accordingly: >> >> Processing watchfile line for package grive... >> Newest version on remote site is 0.1.1, local version is >> 0.1.1+20120619git27g55c0f4e >> grive: remote site does not even have current version >> >> - It seems like all the source files of Grive are released under the >> GPL-2, and not GPL-2+ (according to the license headers in those >> files). You should correct that in debian/copyright, and using the >> same formulation as in the license headers seems like a good idea. >> >> The license for the debian/* files is said to be GPL-2+, but in the >> license paragraph it refers to the GPL-3. >> >> I couldn't find Matchman Green's name in any of the source files; >> are you sure they're one of the copyright holders? >> >> - debian/README.Debian should be debian/README.source, although I >> would argue it doesn't contain any useful information at the moment. >> >> - In debian/control, the Vcs-Git field is intended for the packaging, >> not the upstream repository; if you don't have a public git >> repository for the Debian packaging, remove that line. >> >> The long description could be improved; please have a look at [1]. >> >> [1] >> http://www.debian.org/doc/manuals/developers-reference/best-pkging-practices.html#bpp-pkg-desc >> >> Please run wrap-and-sort from the devscripts package to have the >> Build-Depends field wrapped and sorted (and use ">= 9" for >> debhelper). >> >> - Why do you override the hardening-no-fortify-functions lintian >> warning? If you have a good reason to do so, you should explain it >> in a comment in debian/grive.lintian-overrides. >> >> - Grive includes a test suite, but it isn't built nor run. >> >> - In the grive(1) man page, you should end each item in the >> DESCRIPTION with punctuation. >> >> Mentioning that Grive is "for GNU/Linux systems" doesn't seem very >> useful; the person reading the man page is most likely doing so from >> such a system already. >> >> Grive shouldn't be italicized (.I) in the DESCRIPTION. >> >> Please consider removing the AUTHOR section (see man-pages(7) for >> details). Also, the REPORT BUGS section should be called BUGS, but I >> think it should be removed too, as Debian users should use the >> Debian BTS anyway. >> >> Cheers, >> > -- José Luis Segura Lucas signature.asc Description: OpenPGP digital signature
Bug#683184: RFS: suckless-tools/39-1 [ITA]
* Vasudev Kamath , 2012-08-18, 22:07: get-orig-source: TMPDIR :=$(shell (mktemp --tmpdir -d suckless-tools.)) It looks like a nice hack, but... it will create a temporary directory every time debian/rules is run (not only for the get-orig-source target). Since it was with get-orig-source: target I thought like all Makefiles it should be called only when we do debian/rules get-orig-source but looks like it creates directory even when I call debian/rules clean which I don't understand why! Apparently ":=" assignments are evaluated always exactly once, regardless of whether the variable is global or target-specific. Do you have any other alternatives for this? The alternative is to use shell variables for this purpose. I find it convenient to have a separate script to create .orig.tar, and make get-orig-source just call it. -- Jakub Wilk -- To UNSUBSCRIBE, email to debian-mentors-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120820134906.ga4...@jwilk.net
Bug#669565: RFS: gammaray/1.1.0-1 [ITP] -- Tool for examining the internals of Qt application
Hi Felix, On 16.8.2012 11:04, Felix Geyer wrote: I noticed some issues in the copyright file: - This one is missing: ./core/palettemodel.cpp: Copyright (C) 2010 Ariya Hidayat - tools/ has been moved to core/tools/ - cmake/* is missing. Some of those files don't have a license header. It would be good to check with upstream under what license they are released. I fixed what I could figure out myself, for the rest of files in cmake/ I asked upstream [1], missing license headers are now added in their git [2] and also in our d/copyright. Regards, Jakub [1] https://mail.kdab.com/pipermail/gammaray-interest/2012-August/48.html [2] https://github.com/KDAB/GammaRay/commits/master -- To UNSUBSCRIBE, email to debian-mentors-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/503227c4.9030...@ktknet.cz
Re: Question about PTS
Forwarded from debian...@lists.debian.org : >> Hi, >> >> Some time ago PTS checked http://mentors.debian.net/ for new source packages >> which were waiting for a sponsor. If new version of source package available >> an appropriate item was added in todo section on package page. >> >> But now there is no such item. What happened? >> >> Regards, >> Boris >> >> PS: Also I think such information can be useful in new service: >> http://udd.debian.org/dmd.cgi >> Because some packages can wait for a sponsor during months. And this is not >> the maintainer fault that they were not uploaded yet. > > Indeed. Does mentors.debian.net provide a dump of all relevant info, > that we could easily import in UDD? > > Lucas -- To UNSUBSCRIBE, email to debian-mentors-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1810141345453...@web21f.yandex.ru
Re: RFS: policyd-weight
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Arno, > did you try to contact your previous sponsors? Could you reach Hauke? Not yet, I will try to contact them and get back to this thread if none of the previous sponsor has time for an upload. >> This version includes a little bugfix and updates standard versions from >> 3.9.2 to 3.9.3. Hence I'm looking for a sponsor for my package >> "policyd-weight" > > You don't try to get this into Testing, do you? I haven't looked at your > package yet, but this does not sound like something which is targeting > Testing at this stage. That's fine, of course, just telling you. Thanks for the RFS bug workflow hint. The severity of this upload is normal so it probably won't hit testing. It's not an RC fix. Bye, Werner -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJQMeTZAAoJECrSoAS/sh/h1jkH/1p9dLRltjbEyciwU13+qQEx SUWrod6h3fW0SZq+dzshUnMYUkzqujVefNomJQwmZTCKmTT5XCW0zKAlrwJSmNge hSet2OOk3eY0KI0JCxi0/6VLDSltyJSlQyuQrUlr1P3f3cxf3fxZhcimm73mqMaG NukbuY0aWF1bn8VpeV0ymMN3X/R8cN9D6qPS6OaA6PjC8/FlIsBE+tWh7h8SaBtS +95q/L0qvKAyrtSzLqE6QNIkoyfbtwYly71A6yN9U/4t7f0k9INpmpBBLBjWoQO7 XkdDmvkB7jUsEj/nnssORaW+KlfH+OJf7m5GHGfPWwhR6LB2Srs+/bZAVKLRAIk= =OLk+ -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-mentors-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/5031e4d9.9000...@aloah-from-hell.de
