Bug#846329: marked as done (RFS: tsctp/0.6.3-1)

[Debian Bug Tracking System]

Your message dated Fri, 24 Mar 2017 04:26:14 +
with message-id 
and subject line closing RFS: tsctp/0.6.3-1
has caused the Debian Bug report #846329,
regarding RFS: tsctp/0.6.3-1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
846329: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=846329
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: sponsorship-requests
Severity: normal

Dear mentors,

I am looking for a sponsor for my package "tsctp"

* Package name  : tsctp
Version : 0.6.3-1
Upstream Author : Michael Tüxen 
* URL   : https://www.uni-due.de/~be0001/tsctp/
* License   : BSD
Section : net

It builds those binary packages:

 tsctp - SCTP Test Tool

To access further information about this package, please visit the following 
URL:

https://mentors.debian.net/package/tsctp


Alternatively, one can download the package with dget using this command:

 dget -x https://mentors.debian.net/debian/pool/main/t/tsctp/tsctp_0.6.3-1.dsc


signature.asc
Description: This is a digitally signed message part.
--- End Message ---
--- Begin Message ---
Package tsctp has been removed from mentors.--- End Message ---

Re: arpwatch & systemd

[Lukas Schwaighofer]

Hi,

thanks Vincent and Gianfranco for offering your advice!

On Wed, 22 Mar 2017 23:13:52 + (UTC)
Gianfranco Costamagna  wrote:
> did you consider to merge the work from Fedora?
> they already have a systemd service, and IIRC the project seems
> somewhat dead upstream, so merging their work and sending them
> patches might be beneficial for both distros. Please try to have a
> similar working tool, rather than diverging too much, specially when
> upstream is not active anymore.

Well, I had looked at systemd unit files for arpwatch using web search.
Most of the unit files I found only allow starting one instance of
arpwatch. This is also true for the unit file included in Fedora. At
least openSUSE has a systemd service file which allows launching
multiple instances of arpwatch, but it does not allow different
configurations for the individual interfaces (which our current LSB
init script is capable of).

I would like to avoid a situation where upgrading to the new version
requires writing systemd unit files, so we need to keep the ability to
have multiple instances of arpwatch which can be configured differently.


I think calling the project "somewhat dead" is an understatement after
7+ years of inactivity.  This is a long time and different distros have
accumulated different patches. There also used to be an arpwatch-ng
fork, which is now also dead.  Debian's patches introduce quite a bit
of functionality to arpwatch as well.

Now directly comparing Fedora and Debian, the arpwatch binaries are
pretty different (the introduced patches add different feature, newly
introduced arguments are conflicting, e.g. '-s', …).

While I agree that a strong cooperation between the distros, especially
for packages with dead upstream, would be mutually beneficial, it is
hard to start doing that after the packages have diverted so much.

> I don't think you want people having issues when switching from
> Fedora to Debian and vice-versa, specially with systemd configuration
> files :)

Unless we want to drop some features available using our current LSB
init script (thereby forcing some admins to write their own systemd
unit files just to keep their current arpwatch setup), I don't think
incompatibilities can be avoided.

> (as pkg-security team we might have some interests in having the
> package under our team, so you might find sponsors asking us to
> review your work!)

Good to know, I will X-Debbugs-CC pkg-security once I file an RFS bug.
Team maintenance would be really nice :) .

Regards
Lukas


pgpySc0mm2DJ8.pgp
Description: OpenPGP digital signature

Bug#832941: RFS: 4pane

[David Hart]

Dear Sean,

>>> Files in .build/ remain, and are not given in d/copyright.
>> The remaining ones are my own files. Won't they be covered by '*'?
>Oh, sorry, I assumed you hadn't written 4pane.m4.  Not so many people
>know m4, as I understand it :)

I believe you; it's not my idea of light relaxation either.

>Having read the results of your research, I suggest the following
>approach:
>- insert all the authorship info you've managed to find thus far -- no
>  reason to throw away that effort -- in the Copyright: field, not
>  Comment:.
>  In the situation where you have a list of project authors but it is
>  unlikely that they all worked on the icon file, just list them all,
>  and put "Comment: These are the authors for the upstream project from
>  which this file was obtained."
>- for the files where it is not clear, write a copyright string based on
>  the project name.  E.g. for kedit.xpm, "(C) 1999 kde-artist team"
>If this doesn't sound sane, it might be best to ask debian-legal.  But I
>think we could go ahead and upload and see what the ftp-masters think of
>my proposed solution.

Thank you for the suggestion, which sounds entirely reasonable to me. I've
updated d/copyright along those lines, and uploaded a new tarball with
Makefile.in removed.

>> Finally, my ITP has timed-out and the package removed from
>> mentors. Does this now matter?
>We don't need mentors since I am working out of your git repo.  Your ITP
>does not appear to have timed out.  If the RFS gets closed, you can just
>re-open it.

Sorry, wrong TLA; it was actually a notification about this RFS, which still
seems live.


Regards,

David Hart

dh_installdocs multiple docs with same name

[Roel van Meer]

Hi!

can I use dh_installdocs to install two files with the same name but with a  
different path in the source tree?


Say my source tree contains:
README
module/README

How would I install both files as docs?

I've thought up a way to do this: override dh_install and rename one of the  
files there, and list the new name in the docs file. But this seems overly  
complicated. Surely there is a better way?


Thanks,

Roel

Bug#858557: RFS: golang-github-klauspost-reedsolomon/1.3-1~exp1 -- Reed-Solomon Erasure Coding in Go

[Roger Shimizu]

Package: sponsorship-requests
Severity: normal
X-Debbugs-Cc: pkg-go-maintain...@lists.alioth.debian.org, fr...@debian.org,
daniel820...@gmail.com, rogershim...@gmail.com

Dear mentors,

I am looking for a sponsor for my package
"golang-github-klauspost-reedsolomon",
which is a dependency of another my package "golang-github-xtaci-kcp".

 * Package name: golang-github-klauspost-reedsolomon
   Version : 1.3-1~exp1
   Upstream Author : Klaus Post 
 * URL : https://github.com/klauspost/reedsolomon
 * License : MIT
   Section : devel

It builds those binary packages:

  golang-github-klauspost-reedsolomon-dev - Reed-Solomon Erasure Coding in
Go

To access further information about this package, please visit the
following URL:

  https://mentors.debian.net/package/golang-github-klauspost-reedsolomon

  Alternatively, one can download the package with dget using this command:

dget -x
https://mentors.debian.net/debian/pool/main/g/golang-github-klauspost-reedsolomon/golang-github-klauspost-reedsolomon_1.3-1~exp1.dsc

or you can use git-buildpackage to build:
  gbp clone --pristine-tar
https://anonscm.debian.org/git/pkg-go/packages/golang-github-klauspost-reedsolomon.git
  cd golang-github-klauspost-reedsolomon
  git checkout mentors
  mk-build-deps --root-cmd sudo --install --tool "apt-get -o
Debug::pkgProblemResolver=yes --no-install-recommends"
  gbp buildpackage -uc -us --git-ignore-branch --git-pristine-tar

I also built this package on debomatic (amd64):

http://debomatic-amd64.debian.net/distribution#experimental/golang-github-klauspost-reedsolomon/1.3-1~exp1/buildlog

Changes since the last upload:
golang-github-klauspost-reedsolomon (1.3-1~exp1) experimental;
urgency=medium

  * New upstream 1.3
  * debian/control:
- Add myself as uploader.

Cheers,
-- 
Roger Shimizu, GMT +9 Tokyo
PGP/GPG: 4096R/6C6ACD6417B3ACB1

Bug#852415: marked as done (RFS: scap-security-guide/0.1.31-1 ITP: security guides and conformity checks using SCAP standard)

[Debian Bug Tracking System]

Your message dated Thu, 23 Mar 2017 10:20:16 +
with message-id 
and subject line closing RFS: scap-security-guide/0.1.31-1 ITP: security guides 
and conformity checks using SCAP standard
has caused the Debian Bug report #853903,
regarding RFS: scap-security-guide/0.1.31-1 ITP: security guides and conformity 
checks using SCAP standard
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
853903: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=853903
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---

Package: sponsorship-requests
Severity: wishlist

Dear mentors,

I am looking for a sponsor for my package "scap-security-guide"

 Package name: scap-security-guide
 Version : 0.1.31-3
 Upstream Author : Watson Yuuma Sato (ws...@redhat.com)
 URL : 
https://www.open-scap.org/security-policies/scap-security-guide/
 License : unlicenced (see 
https://github.com/OpenSCAP/scap-security-guide/blob/master/LICENSE)

 Section : admin

It builds those binary packages:

 ssg-base   - SCAP Security guide base content and documentation
 ssg-debian8 - SCAP Guides and benchmarks targeting Debian 8
 ssg-firefox - SCAP Guides and benchmarks targeting Firefox Browser
 ssg-jre- SCAP Guides and benchmarks targeting Java Runtime 
Environment

 ssg-ubuntu1604 - SCAP Guides and benchmarks targeting Ubuntu 16.04
 ssg-webmin - SCAP Guides and benchmarks targeting Webmin

To access further information about this package, please visit the 
following URL:


https://mentors.debian.net/package/scap-security-guide

Alternatively, one can download the package with dget using this 
command:


dget -x 
https://mentors.debian.net/debian/pool/main/s/scap-security-guide/scap-security-guide_0.1.31-3.dsc


More information about scap-security-guide can be obtained from 
https://www.open-scap.org/security-policies/scap-security-guide

The repository is on https://github.com/OpenSCAP/scap-security-guide

Changes since the last upload:

* Add XCCDF benchmarks and guides for JRE and Webmin

About SCAP-security-guide:

SCAP-security-guide works with the OpenSCAP tool, which is already 
packaged in Debian.


The goal of this package is to deploy SCAP XCCDF Benchmarks and Guides 
for various targets not deployed by the OpenSCAP core package, but 
supported by the SCAP-security-guide community in which I work as 
contributor for Ubuntu, Debian and ANSSI best practices.


Using these guides/benchmarks, it is possible to validate conformity of 
Debian-based deployment against standard security policies such as ANSSI 
Best-practices, PCI-DSS, NIST SP-800... and to launch remediation 
scripts when needed. Using the OpenSCAP ecosystem, it is possible to 
manage the security policy of a complete infrastructure, when launching 
OpenSCAP tool with the above benchmarks through ssh (for e.g.) or on VM 
or docker templates.


  Regards,
   Philippe Thierry
--- End Message ---
--- Begin Message ---
Package scap-security-guide version 0.1.31-1 is in unstable now.
https://packages.qa.debian.org/scap-security-guide--- End Message ---

Bug#853903: marked as done (RFS: scap-security-guide/0.1.31-1 ITP: security guides and conformity checks using SCAP standard)

[Debian Bug Tracking System]

Your message dated Thu, 23 Mar 2017 10:20:16 +
with message-id 
and subject line closing RFS: scap-security-guide/0.1.31-1 ITP: security guides 
and conformity checks using SCAP standard
has caused the Debian Bug report #853903,
regarding RFS: scap-security-guide/0.1.31-1 ITP: security guides and conformity 
checks using SCAP standard
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
853903: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=853903
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---

Package: sponsorship-requests
Severity: wishlist

Dear mentors,

First, thanks Tobi for your message !

I've corrected Warnings and Informational from lintian. Pedantic ones are 
harder to correct :
- there is no explicit upstream changelog in sources, the 
scap-security-guide.spec is used as a changelog file. I deploy it through the 
ssg-base package
- other binary packages don't deploy this file, ssg-base being a dependency of 
all other binary pacakges
- there is not gpg check available on the github repository for uscan
- the .svn control dir is voluntary in the upsteam sources, used as a "git 
submodule" like mechanism for the Red-Hat specific documentation
- duplicated files is due to a current work on new PCIDSS derivative on which 
the RedHat team is working. When the 0.1.31 version has been released, the 
derivative was just a duplication of the PCIDSS content.


To continue this mail in a standard way... I am looking for a sponsor for my package 
"scap-security-guide"

Package name: scap-security-guide
Version : 0.1.31-6
Upstream Author : Watson Yuuma Sato (ws...@redhat.com)
URL 
:https://www.open-scap.org/security-policies/scap-security-guide/
License : unlicenced 
(seehttps://github.com/OpenSCAP/scap-security-guide/blob/master/LICENSE)
Section : admin

It builds those binary packages:

 ssg-base   - SCAP Security guide base content and documentation
 ssg-debian8 - SCAP Guides and benchmarks targeting Debian 8
 ssg-firefox - SCAP Guides and benchmarks targeting Firefox Browser
 ssg-jre- SCAP Guides and benchmarks targeting Java Runtime Environment
 ssg-rhel5  - SCAP Guides and benchmarks targeting Red-Hat Enterprise Linux 5
 ssg-rhel6  - SCAP Guides and benchmarks targeting Red-Hat Enterprise Linux 6
 ssg-rhel7  - SCAP Guides and benchmarks targeting Red-Hat Enterprise Linux 7
 ssg-ubuntu1604 - SCAP Guides and benchmarks targeting Ubuntu 16.04
 ssg-webmin - SCAP Guides and benchmarks targeting Webmin

To access further information about this package, please visit the following 
URL:

https://mentors.debian.net/package/scap-security-guide


Alternatively, one can download the package with dget using this command:

  dget -x 
https://mentors.debian.net/debian/pool/main/s/scap-security-guide/scap-security-guide_0.1.31-6.dsc

More information about scap-security-guide can be obtained 
fromhttps://www.open-scap.org/security-policies/scap-security-guide
The repository is onhttps://github.com/OpenSCAP/scap-security-guide  


Changes since the last upload:

  * Various corrections for lintian conformity. Only pedantic and experimental 
are still present.

About SCAP-security-guide:

SCAP-security-guide works with the OpenSCAP tool, which is already
packaged in Debian.

The goal of this package is to deploy SCAP XCCDF Benchmarks and Guides
for various targets not deployed by the OpenSCAP core package, but
supported by the SCAP-security-guide community in which I work as
contributor for Ubuntu, Debian and ANSSI best practices.

Using these guides/benchmarks, it is possible to validate conformity of
Debian-based deployment against standard security policies such as ANSSI
Best-practices, PCI-DSS, NIST SP-800... and to launch remediation
scripts when needed. Using the OpenSCAP ecosystem, it is possible to
manage the security policy of a complete infrastructure, when launching
OpenSCAP tool with the above benchmarks through ssh (for e.g.) or on VM
or docker templates.


 Regards,
   Philippe Thierry
--- End Message ---
--- Begin Message ---
Package scap-security-guide version 0.1.31-1 is in unstable now.
https://packages.qa.debian.org/scap-security-guide--- End Message ---

Bug#858538: RFS: fadecut/0.2.0-1

[Marco Balmer]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Package: sponsorship-requests
Severity: normal

Dear mentors,

I am looking for a sponsor for my package "fadecut"

* Package name: fadecut
  Version : 0.2.0-1
  Upstream Author : Martin Gafner, Marco Balmer
* URL : https://github.com/fadecut/fadecut
* License : GPL-3.0
  Section : sound

It builds those binary packages:

  fadecut - toolset to rip audiostreams, cut, fade in/out and tag

To access further information about this package, please visit the
following URL:

  https://mentors.debian.net/package/fadecut
  https://github.com/fadecut/fadecut/tree/debian

  Alternatively, one can download the package with dget using this
command:

dget -x
https://mentors.debian.net/debian/pool/main/f/fadecut/fadecut_0.2.0-1.dsc

Changes since the last upload:

fadecut (0.2.0-1) unstable; urgency=low

  * New 0.2.0 upstream release
  * Standards bumped to 3.9.8
  * Add pandoc to build-depends
  * Add opus-tools to depends
  * Add gzip to build-depends
  * Add mediainfo to depends and build-depends
  * Change watch-file url
  * Replace with new Vcs-Git to github url

Thank you in advance,
Marco Balmer

-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBCAAGBQJY04ulAAoJECWTbxPp/5knUPsQAJV2Rng/aH7ZkuX93cAkxBiM
t00rnfjXSic7N3CRzBhe/20ye1Mpf6a8fDHz/HzZOTunUrYVW3KX0VXHdihS7y6m
sg0H+Mj/jWQYTvAKLK4q1sSLQ8gfEhr9xHW5HT2XrSfsFTdYpDsmu4rZxFTrEoKQ
Tg4RSwRL7jVVDfgVlRpd+WVY1UrPO8H10GCuRy8sxXTMBKlpgySSWAEup5jYJ7hu
EeuXn1a0n8kCIa1FlXgslX69n0KZAAb85OQxNXi7JQG1II0qjDfcF/xzU2RNBUTP
e4BDhgVshQnHYwyABmtvpgQy39uqNhoL3912N0QcScJYEwTqUyawzBYf6scqdJWs
lP92c1Mhs+uuzDf0Vqd0P/0aTskpLiN5hcfZ98A+N/CsPWEX2e5fn8JFXrfD967J
eKV4Gc1VISunB2N/PLrvLMOGTiE2TeKHxA/5ooZMuSxWWMQ2R6vTAY5dfvvGxEHA
fOa6n7WhX6HYts5jJKdQT7vlqGq/EaQMZjOEwXstjJg1pRzrrzFtaqM9SLduLcKN
mPe8E0Z89wHxu0tDdngIJJ5XaC/XLRfq2jM/J1ztEJx7+nPEldTHPC1/eD9kwQhP
U3lBxHKF7zIkQvF7GTnsQHNJtnqi0AErf358j+qA6mpSRQeRr38M84XYI5lH7k62
ucJp/e2KTwo+WqVjwn2i
=IWnX
-END PGP SIGNATURE-