Re: Debian on ia64 / HP Itanium servers
On Fri, Sep 16, 2022 at 12:26:02PM -0400, Jesse Dougherty wrote: > Hi, I'm Jesse.. I work for a company that sells HP hardware. We sell HP > Itanium servers. I have a user that wants to buy a few servers and have > Debian loaded on them. It's... let's say unexpected. > Can you tell me what versions of Debian are supported on ia64 / HP > Itanium server platforms? No versions of Debian supporting ia64 have security support so the answer is in practice "none". The last Debian version supporting it was wheezy, as you can see on https://www.debian.org/ports/ia64/. I wouldn't recommend using it. -- WBR, wRAR signature.asc Description: PGP signature
Re: Fwd: Are users of Debian software members of the Debian community?
On Fri, Sep 16, 2022 at 08:56:12AM -0400, Chuck Zmudzinski wrote: > > Russ does have point though in that if you don't like something in > > Debian, there are really only two things you can do to fix that > > situation for yourself: > > > > - Get involved as a contributor, and help out fixing the problems that > > exist > > - Stop using Debian, and use something else. > > Are those the only two possible ways to respond to the current > situation at Debian? As quoted above, those are he only two possible ways to *fix* the current situation. -- WBR, wRAR signature.asc Description: PGP signature
Re: How do you manage debian mails on your mailbox?
On Sun, Aug 28, 2022 at 11:07:07AM +0530, Nilesh Patra wrote: > I have used my primary email address with folder hooks to sort out mails > according to mailing lists/subjects, using folder hooks and read those folders > every once in a while (depending on how involved I am with each ML/team) That's what I do (a single address, procmail rules to put every ML into its own folder and also sort certain emails into several other folders). > - - Do you have any sensible way to cope up with so many mails from > different mailing lists and not potentially miss out on something important? I skim through all subjects in ML folders, so if that's enough to know which emails are important I shouldn't skip them. And non-ML stuff is stored separately. -- WBR, wRAR signature.asc Description: PGP signature
Re: question with the Debian Project
On Fri, Jul 29, 2022 at 05:13:38PM +0800, 桑猛 wrote: > Hello debian,I am a user of debian system and belong to the company Loongson > Zhongke. We have our own loongarch architecture. Now we want to adapt our > loongarch architecture based on debian12 or debian13. > > We would like to get the version of some packages on debian 12 and Debian 13 > to help us choose which version to use as our next system version. I don't think anyone can say what versions will trixie contain, apart from a very small number of projects with fixed release schedules. On the other hand, I don't think you would care about versions that are not released yet and so you know nothing about them anyway. As for bookworm, some people responsible may be able to give estimations but the freeze is in 6 months so many versions are not known either. You can check the current versions in testing using tracker.debian.org, packages.debian.org, rmadison or apt. -- WBR, wRAR signature.asc Description: PGP signature
Re: Debian Updates
If someone wants to answer, they should first check previous threads here started by the same person. -- WBR, wRAR signature.asc Description: PGP signature
Re: Bootloader
On Sun, Apr 17, 2022 at 11:53:04PM +0200, ontrackto...@tutanota.com wrote: > Hi, > > I have no experience in linux. > > I installed debian 11 with the bootloader. > > I can't boot up another live usb now (ie manjaro, pure). > > I can only boot up ubuntu and TAILS. > > I could boot up manjaro and pure before. > > I need to change the bootloader to allow the live usb boot. Please note that the user support mailing list is debian-user, not debian-project. -- WBR, wRAR signature.asc Description: PGP signature
Re: Chromium on Debian 11
On Sun, Apr 17, 2022 at 11:46:30AM +0200, phil995511 - wrote: > Hello, > > Chromium is on version 99 on Debian 11 Stable : No. See e.g. https://tracker.debian.org/news/1318930/accepted-chromium-10004896127-1deb11u1-source-into-stable-security-embargoed-stable-security/ > bullseye (stable) (web): navigateur web > 99.0.4844.74-1~deb11u1: amd64 arm64 armhf i386 > https://packages.debian.org/search?suite=default=all=any=fr=names=chromium You shouldn't use packages.debian.org as it doesn't know about stable-security. > Your solution of pushing browser updates first through Unstable, then > through Testing and finally pushing them to the Stable branch more than a > 1/2 month later No, that's not how it works. -- WBR, wRAR signature.asc Description: PGP signature
Re: Is Debian sending people away?
On Wed, Mar 23, 2022 at 10:34:21AM -0300, Antonio Terceiro wrote: > We have less people leaving than arriving, so at least based on this > dataset, Debian is _not_ shrinking. If you are just counting the number of DDs, which is not the same as actual activity, then it's relatively common knowledge that all GRs recorded on the website, besides several very old ones, show roughly the same number of DDs: ~1000. -- WBR, wRAR signature.asc Description: PGP signature
Re: History doesn't repeat itself, but it often rhymes
On Tue, Feb 22, 2022 at 12:29:53PM -0500, Paul Tagliamonte wrote: > Allow me, if you will, to talk a bit about something that's been on my mind > a bit over the last handful of years in Debian. I've heard a "we will discuss it and let you know in 5 years" joke about Debian before I've even started using or contributing to Debian, 10+ years ago. I don't know if this was ever different. The argument I've heard several times goes "yes, we discussed this and nothing came out of that discussion because nobody did the work, what did you expect?" or "we have a lot of ideas but not a lot of people willing to implement them". -- WBR, wRAR signature.asc Description: PGP signature
Re: Polling informally Debian Contributors
On Thu, Feb 17, 2022 at 10:02:13AM +0100, Philip Hands wrote: > I would hope to have a way of responding to any mail in our mailing > lists, preferably via something that I could bind to a keystroke in my > mail reader, without needing anyone to set up a poll in advance. > > I'd expect the service to keep a tally, but keep the identities of > voters secret. I'd also restrict the right to vote (with criteria > depending on the mailing list) to avoid people making up IDs to skew > votes, or random passers-by voting because they found a link somewhere. > > With such a service, one could gather opinions simply by saying "Please > respond to this mail via the thumbs-o-matic" and have an instant poll > with no effort. > > Also, if someone started a divisive GR discussion, instead of it > immediately starting a flame war, it might instead mostly provoke a big > thumbs down on the thumbs-o-matic, and one of the responses to the > discussion could simply mention that fact, pointing at an automatically > generated graph. That would then give the proposer the chance to > encourage their claimed silent majority to see if they can push the > figures into the positive, and if not, one could hope that the proposer > would have the sense to give up early. > > I could also imagine setting up my mail program to query the > thumbs-o-matic to help it decide how to sort or present my mail. You described Reddit, just with some very complicated integration with your mail client. -- WBR, wRAR signature.asc Description: PGP signature
Re: Emails are public on the website
On Tue, Jan 25, 2022 at 12:30:36PM +0530, Dipansh Parmar wrote: > Hello Debian team, > I'm not sure if it is the intended behavior or not but I just wanted to let > you guys know. The emails regarding Debian are public on the website and > can be found at https://lists.debian.org/debian-med/2021/05/. Please review. We know. -- WBR, wRAR signature.asc Description: PGP signature
Re: Rethink about who we (Debian) are in rapid dev cycle of deep learning
On Fri, Jan 14, 2022 at 08:23:03PM +, Free unofficial Italian translation - FUIT wrote: > I know wikipedia. I was hoping there was a forensic court expert for the > voiceprint among you. This sounds like a wrong topic for debian-project@. -- WBR, wRAR signature.asc Description: PGP signature
Re: Concerns about how the Security information is presented on Debian.org
On Wed, Dec 22, 2021 at 09:27:57AM +0100, Agata Erminia Pennisi wrote: > Thanks Andrey. So the future Debian Stable release will probably not > include Chronium if the vulnerabilities are not fixed and this will also > happen in future third party Linux distros. > > I think upstream developers (Google) will have an interest in fixing > vulnerabilities and potential exploits. They are fixed in the new upstream versions. This is a Debian problem (lack of maintainers). -- WBR, wRAR signature.asc Description: PGP signature
Re: Concerns about how the Security information is presented on Debian.org
On Wed, Dec 22, 2021 at 02:15:04AM +0100, Agata Erminia Pennisi wrote: > Dear Max, > I am a simple user. > Thank you for notifying the community of the unresolved Chromium > vulnerabilities. > You can use official channels to report vulnerabilities. Chromium being full of vulnerabilities is well-known. It's the reason it was removed from testing. Also, one could just go to https://security-tracker.debian.org/tracker/source-package/chromium to see them. -- WBR, wRAR signature.asc Description: PGP signature
Re: Name suggestions
On Mon, Nov 01, 2021 at 03:46:52PM +0100, Agata Erminia Pennisi wrote: > In order to gain popularity (and not only), early versions of Debian were > named with code-names inspired by the characters from "Toy Story". "early" -- WBR, wRAR signature.asc Description: PGP signature
Re: Debian and GG
On Fri, Apr 30, 2021 at 04:57:55PM +0200, Jonas Smedegaard wrote: > > > if i make a bug report.. but this is not a bug. this is a program > > > that im trying to promote. > > Exactly. > > Debian is not a place to promote your programs. > > Uhm, what are RFP bugs if not exactly a way for someone to promote the > existence of code projects they consider relevant to get into Debian? The main purpose of RFP bugs is to collect dust. Also, they are created from stale ITP bugs by Bart's scripts. And as far as RFP bugs are useful for finding software to package, I feel like ones about software that someone finds useful but lacks the skills to package it are much more useful than ones created by software authors. -- WBR, wRAR signature.asc Description: PGP signature
Re: Debian and GG
On Fri, Apr 30, 2021 at 12:56:31PM +, Hermann Ingjaldsson wrote: > and now there is a copyright disclaimer in the .bin. Not sure what do you mean by that, but the software still doesn';t have a license stated anywhere. > im not quite sure how to ask someone to create a package for this project > in debian. You can submit an RFP bug to the wnpp pseudopackage but that won't guarantee anything. Also, we don't package software without a license anyway. > if i make a bug report.. but this is not a bug. this is a program that im > trying to promote. Exactly. Debian is not a place to promote your programs. -- WBR, wRAR signature.asc Description: PGP signature
Re: Debian and GG
On Wed, Apr 21, 2021 at 08:54:45PM +0200, Davide Prina wrote: > I would like to suggest to use always the AGPL license, this one is the only > license that I know that let protect your free software on any actual usage > type. I would like to suggest to a) never suggest AGPL; b) read what does AGPL actually do, how is it actually different from GPL and how does it need to be applied to software; c) think how should it be applied to this particular software. -- WBR, wRAR signature.asc Description: PGP signature
Re: Debian and GG
On Wed, Apr 21, 2021 at 07:01:36PM +0800, Yao Wei (魏銘廷) wrote: > (I suspect this a spam mail...) Doesn't look like one to me. -- WBR, wRAR signature.asc Description: PGP signature
Re: Debian and GG
On Wed, Apr 21, 2021 at 08:00:05AM +, Hermann Ingjaldsson wrote: > I have developed a program that makes it easier to work in the terminal. > I have published it here: > https://openage.org/gg/ To be honest I couldn't understand from this page what does this software actually do except for displaying the folder contents, for which you could just use a much more featureful file navigator like mc (or, if one likes toys and vim integration, run `vim .`). > Would Debian be interested in including GG in the Debian system? Debian cannot include it until it has a license (and a DFSG-free one). But I also doubt Debian will benefit from including his software. -- WBR, wRAR signature.asc Description: PGP signature
Re: salsa.debian.org currently down
On Thu, Mar 18, 2021 at 10:11:45AM -0700, Jacob Lifshay wrote: > I didn't see any recent announcements and couldn't find any salsa-specific > mailing lists, so I'm posting here. Which location would I find status > announcements for salsa? https://lists.debian.org/debian-infrastructure-announce/2021/03/msg0.html -- WBR, wRAR signature.asc Description: PGP signature
Re: 3 Blue 1 Brown
On Thu, Mar 18, 2021 at 05:06:45PM +0100, to...@tuxteam.de wrote: > > *Grant Sanderson (3 Blue 1 Brown)* has released his amazing *mathematics > > visualization* software Manim (on github). Can you please add it to the > > *debian > > repository,* so it can be installed using apt? > > This is not how it works :-) > > First: I couldn't find a license for Manim. It has to have a free > license (as defined by DFSG [1]) to be considered for inclusion. https://github.com/3b1b/manim/blob/master/LICENSE.md (so MIT) > > Second: There has to be Someone [TM] who actually does the work > (package dependencies, versions, backporting of security-relevant > stuff to the stable version as long as it is maintained, etc. RFPs exist, though they usually are as useful as this initial email. > See [2], [3] for where you might meet people interested in it. > Or, perhaps, you want yourself become a Debia Developer? (You don't need to be a DD to maintain packages in Debian) -- WBR, wRAR signature.asc Description: PGP signature
Re: Keysigning in times of COVID-19
On Thu, Aug 20, 2020 at 10:05:42AM +0200, Philip Hands wrote: > If I were a sociopath contemplating sabotage in the Free Software > sphere, going to the effort of becoming a DD, even for the first time, > would be nowhere near the top of my list. Indeed, I would sabotage some upstream code directly. -- WBR, wRAR signature.asc Description: PGP signature
Re: possibly exhausted ftp-masters (Re: Do we still value contributions?
On Thu, Dec 26, 2019 at 04:29:57PM +, Holger Levsen wrote: > > Make the machine-readable copyright file mandatory. > > It is much easier to "parse" than just a bunch of copyright information. > > hear hear. (as in: what's blocking us from doing this?) I'm sure some people will orphan or RM their packages instead of writing machine-readable debian/copyright. I suspect it will be worse than mandating source format 3.0. -- WBR, wRAR signature.asc Description: PGP signature
Re: debian-private leaked on pastebin, worried
On Mon, Aug 05, 2019 at 12:51:06PM -0400, Sam Hartman wrote: > Did anyone actually bother to click on the link? > How much of debian-private (from when to when) was leaked? > If no one even bothered to look, well, that's fine too. Several initial (?) emails from 1996 or so. -- WBR, wRAR signature.asc Description: PGP signature
Re: GR proposal: mandating VcsGit and VcsBrowser for all packages, using the "gbp patches unapplied" layout, and maybe also mandating hosted on Salsa
On Wed, Jul 24, 2019 at 07:34:02PM +1000, Alexander Zangerl wrote: > >> so, why isn't it enough to recommend those things? > >Because without uniformity, we make it harder for people to contribute. > > i detest unwarranted, imposed, uniformity. i *love* consistency. we have > had consistency in the distribution for ages. we don't need uniform > workflows. > > what good can come from reducing diversity and actively probibiting > flexiblity? Other people can more reliably fix your packages. > and why do you insist on micromanaging the workflow i've got > to use? Because you are not the only one who may work on your packages. > or do you also plan to insist that your roofing contractor only uses > tools and only cuts the rafters with your preferred saw? This comparison is irrelevant. -- WBR, wRAR signature.asc Description: PGP signature
Re: GR proposal: mandating VcsGit and VcsBrowser for all packages, using the "gbp patches unapplied" layout, and maybe also mandating hosted on Salsa
On Wed, Jul 24, 2019 at 02:23:26PM +0500, Andrey Rahmatullin wrote: > > > If we're not willing to force people to use debhelper, forcing them to > > > use git and > > > salsa seems much more extreme. > > > > +1 > > > > let's first, if at all, get the mandatory use of debhelper into policy > > which is much more important. > As was recently discussed, we don't want to mandate it, but the > recommendation was added in 4.4.0. Sorry, this was specifically about dh(1), I don't remember if the discussion mentioned mandating debhelper in addition to recommending dh(1). -- WBR, wRAR signature.asc Description: PGP signature
Re: GR proposal: mandating VcsGit and VcsBrowser for all packages, using the "gbp patches unapplied" layout, and maybe also mandating hosted on Salsa
On Wed, Jul 24, 2019 at 10:49:05AM +0200, Daniel Baumann wrote: > > If we're not willing to force people to use debhelper, forcing them to use > > git and > > salsa seems much more extreme. > > +1 > > let's first, if at all, get the mandatory use of debhelper into policy > which is much more important. As was recently discussed, we don't want to mandate it, but the recommendation was added in 4.4.0. -- WBR, wRAR signature.asc Description: PGP signature
Re: GR proposal: mandating VcsGit and VcsBrowser for all packages, using the "gbp patches unapplied" layout, and maybe also mandating hosted on Salsa
On Tue, Jul 23, 2019 at 04:47:32PM -0300, Michael Banck wrote: > > This probably has been floating around for some time. IMO, enough time > > so that we start to discuss $subject. > > Why is this a GR and not a policy proposal? The policy documents the majority practices, which I think cannot be said about using Vcs-Git, let alone specific workflows and repo locations. -- WBR, wRAR signature.asc Description: PGP signature
Re: Conflicts with Buster during Stretch-backports upgrade
On Tue, Feb 12, 2019 at 12:45:47PM +, contra...@minehub.de wrote: > we are currently facing a pretty serious issue regarding the latest kernel > from stretch backports: > > miniops@mumpitz ~ $ sudo apt-cache madison linux-image-amd64 > linux-image-amd64 | 4.19+102~bpo9+1 | http://ftp.debian.org/debian > stretch-backports/main amd64 Packages > > When doing apt-get dist-upgrade there is either no outcome, or, on a fresh > installing machine, an error occurs: > > The following packages have unmet dependencies: > linux-image-amd64 : Depends: linux-image-4.19.0-0.bpo.2-amd64 but it is not > installable > E: Unable to correct problems, you have held broken packages. > > Looking at https://packages.debian.org/stretch-backports/linux-image-amd64 > (https://packages.debian.org/stretch-backports/linux-image-amd64) this > package is truly not available, but for apt-get update it seems that there is > an update. So this is strictly a stretch-backports problem unrelated to buster. According to https://backports.debian.org/Instructions/#index6h2 you should report backports bugs to debian-backpo...@lists.debian.org. -- WBR, wRAR signature.asc Description: PGP signature
Re: AH team delegation
On Tue, Jan 29, 2019 at 11:31:22AM +0100, Gerardo Ballabio wrote: > Hello, may I please ask a question: > > Does the Anti-Harassment (AH) Team have a delegation from the DPL? No AFAIK. Hence "recommendations". -- WBR, wRAR signature.asc Description: PGP signature
Re: Call for experiences of Norbert Preining
On Wed, Jan 09, 2019 at 05:03:14PM +, Ian Jackson wrote: > Very regrettably, it may become necessary to produce a fuller list of > incidents, including responses, to justify the recent DAM decision. Sorry, but such things should be collected before a decision, not after. "Please help us justify something that can't be justified with what we have" sounds silly, to say the least. > Please search your communications archives. If you have had an > adverse experience of any kind with Norbert Preining, in public or in > private, please email me. This reminded me about https://lists.debian.org/debian-project/2018/12/msg00025.html -- WBR, wRAR signature.asc Description: PGP signature
Re: On demotions to DM status.
On Mon, Jan 07, 2019 at 10:03:06PM +, Ben Hutchings wrote: > > > Does the project want to say that a DM is less trustworthy than a DD? > > Yes, obviously. Just like a DM is more trustworthy than a non-DM. > > It would be more accurate to say that a DD is more *trusted* than a DM, > and a DM is more *trusted* than a contributor who has neither status. Right. -- WBR, wRAR signature.asc Description: PGP signature
Re: Information request
On Fri, Dec 28, 2018 at 12:26:48PM +0100, Xavier wrote: > > But I also know that there is the possibility of replacing the > > repository of the oldstable version with backports, but I do not know if > > this repository makes available for debian oldstable also the latest > > version of LAMP and wordpress. > > therefore, I would like to know which is the safest version to do the > > following: > > 1 put a server in production > > 2 install the latest version of the LAMP stack > > 3 install the latest version of wordpress > > I think stable+backports could be a good solution FWIW none of apache2, mariadb-server-10.1, wordpress or php7.3 are in stretch-backports. OTOH while stable has "older" versions they are not necessarily "less secure". -- WBR, wRAR signature.asc Description: PGP signature
Re: Censorship in Debian
On Wed, Dec 26, 2018 at 05:35:38PM +0900, Charles Plessy wrote: > But concerning the demotion to Debian Maintainer (DM) status, I think > that it is sending a wrong message to the community, that DMs do not > need to hold the same standards of behaviour as Debian Developers (DDs) > do. > > Moreover, when the DM status was proposed in 2007, it was not thought as > a way of punishment for DDs. Even if one of a thousand DM has this > status because of demotion, I think that this completely changes the > balance on how this status serves our project. Instead of being a > positive way towards joining more formally, it becomes an inferior > status. I understand it as a consequence of a DD being a full member while a DM not being a full member but still having some purely packaging-related rights and not as something someone specially wanted. -- WBR, wRAR signature.asc Description: PGP signature
Re: Power-Management
On Fri, Apr 27, 2018 at 01:06:45PM +0200, Jeroen Dekkers wrote: > This post of Matthew Garrett explains the challenges of getting power > management to work correctly on Skylake: > > https://mjg59.dreamwidth.org/41713.html I wonder if it's still true. -- WBR, wRAR signature.asc Description: PGP signature
Re: Automatic downloading of non-free software by stuff in main
On Thu, Dec 07, 2017 at 11:05:38AM -0800, Diane Trout wrote: > Tracker should have a way to avoid indexing files that have been > downloaded at least from untrusted domains, and possibly all downloaded > files. > > But yes, we should have a way of indicating "trusted" domains, so users > get fewer annoying popups. > > Bonus points if we could also have forbidden domains. Then your work VM > could trust your work servers, and your personal VM should know it > should refuse them. (At least that's a mistake I feel I'm likely to > make) Hehe. I don't know how does it work in reality but the Windows way to mark downloaded files is actually to put a zone number into the attribute, and zones are that thing that theoretically distinguishes between local sites, internet sites, trusted sites etc.: https://msdn.microsoft.com/en-us/library/ms537183.aspx I'm not sure if anything really uses that. -- WBR, wRAR signature.asc Description: PGP signature
Re: Automatic downloading of non-free software by stuff in main
On Thu, Dec 07, 2017 at 12:50:06PM +, Holger Levsen wrote: > > > Ah, damnit. It supports *some* xattrs (like the security namespace), > > > but apparently not *user* xattrs. > > Good. While xattrs have some uses, this is a hidden privacy hole most users > > aren't aware of > > could you be so kind to explain that hidden hole? that would maybe help > with more people being aware… When you download a file, its original location is saved and can be retrieved. -- WBR, wRAR signature.asc Description: PGP signature
Re: Automatic downloading of non-free software by stuff in main
On Thu, Dec 07, 2017 at 11:53:50AM +0900, Mike Hommey wrote: > > Good. While xattrs have some uses, this is a hidden privacy hole most users > > aren't aware of (although /tmp/ is the filesystem least likely to be used > > forensically against you). > > Which makes the XDG thing borderline, since the only indicator that a file > has been downloaded they propose is the full url, not a boolean. Yup. Like OS X and unlike Windows. -- WBR, wRAR signature.asc Description: PGP signature
Re: Automatic downloading of non-free software by stuff in main
On Tue, Dec 05, 2017 at 12:48:36PM -0800, Diane Trout wrote: > I would love for files downloaded via a web browser or email client to > be marked as having come from the Internet. (Major bonus points if a > sync tool like nextcloud can keep files I generated labeled separate > from ones my coworkers made) > > OS X web browsers do this, and when you try to open them the OS will > prompt "this came from the internet, do you want to open it". It looks > like its implemented with a few extended attributes. [1] Windows too (implemented with NTFS alternate data streams). > Do most of our file systems have extended attributes turned on by now? I think (or at least hope) so. -- WBR, wRAR signature.asc Description: PGP signature
Re: Automatic downloading of non-free software by stuff in main
On Fri, Dec 01, 2017 at 04:10:46PM +, Ian Jackson wrote: > > > > Debian ought to be a good upstream for everyone, not just "me" > > > > (whoever me is). > > > Our users are declared our priority, our downstreams aren't. > > > > It never occurred to me that our downstreams could be considered as not > > being a part of our users. Is that a common understanding? > > I hope not! I consider all the users of all our downstreams, as users > of Debian. You are changing the topic, as initially you were talking about helping the downstream *developers* (by adding extra complexity to Debian). -- WBR, wRAR signature.asc Description: PGP signature
Re: Automatic downloading of non-free software by stuff in main
On Fri, Dec 01, 2017 at 01:53:22PM +, Ian Jackson wrote: > > > I would like to establish a way to prevent this. (There are even > > > whole Debian derivatives who have as one of their primary goals, > > > preventing this. > > > > No, those derivatives are damage. While their hearts are in the right > > place, they cause data loss and security holes by at least making people on > > Intel and AMD machines use known-buggy microcode. > > I think it's very rude to call something damage just because you > disagree with someone's political stance with respect to the software > they un on their own computer. Adam spoke about derivative users, not derivative developers, though. > Also, if you care so much about this you should probably worry about > Debian's current default approach to microcode. We do. But it will require a GR and a flamewar to fix things, most likely. > > The biggest reason for me > > Debian ought to be a good upstream for everyone, not just "me" > (whoever me is). Our users are declared our priority, our downstreams aren't. -- WBR, wRAR signature.asc Description: PGP signature
Re: Automatic downloading of non-free software by stuff in main
On Thu, Nov 30, 2017 at 01:52:18PM +, Ian Jackson wrote: > I would like to establish a way to prevent this. Why would the project do that, though? > (There are even whole Debian derivatives who have as one of their > primary goals, preventing this. Good. > We should aim for most of the changes necessary for > such derivatives to be in Debian proper, so the derivative can be > little more than a change to the default configuration.) Why? I also hope that you already have people who will do the actual work after the discussions will provide the architecture. -- WBR, wRAR signature.asc Description: PGP signature
Re: Are online services also software for Debian's rules?
On Mon, Aug 14, 2017 at 10:32:57AM -0700, Miles Fidelman wrote: > > > > Also, I don't want to move lots of software to contrib. I would much > > > > rather have it fixed by removing the support for the non-free services, > > > > or by having plugin systems that allow only the non-free-interfacing > > > > part to be in contrib. > > > I believe this would be hugely counter-productive for free software. It > > > would hurt us way more than it would hurt proprietary services. > > > > > Who's us? Developers? Distro managers? Packagers? Users? Somebody else? Yes. > And is "who gets hurt?" really the right question? Isn't it more about who > are "we" serving, > and what best serves their interests. Yes, and hurting someone in this context means not serving their interests. -- WBR, wRAR signature.asc Description: PGP signature
Re: Are online services also software for Debian's rules?
On Mon, Aug 14, 2017 at 01:07:32PM +, Dr. Bas Wijnen wrote: > > you are running this on a computer with non-free software (*). Should > > everything > > now be in contrib? > > No, I explained before that I think we should be pragmatic. We already were, before this discussion. -- WBR, wRAR signature.asc Description: PGP signature
Re: Debian packages advertising non-free services
On Tue, Aug 08, 2017 at 01:47:29AM -0400, Scott Kitterman wrote: > I think the general rule for software with a FOSS license that has no other > purpose than to interact with proprietary services is to put it in contrib. The usual example from main that gets mentioned in these discussions is ICQ/MSN clients, but now we have more examples like already mentioned s3cmd. -- WBR, wRAR signature.asc Description: PGP signature
Re: Request for official help
On Tue, Aug 01, 2017 at 06:42:41AM +0200, MENGUAL Jean-Philippe wrote: > Seems the Ian's mail was not posted on the list (I dont find it in my > inbox and in archives of the mailing list). Could someone forward me it? It was, both to you and to the list: https://lists.debian.org/debian-project/2017/07/msg00048.html (unless you mean some other email). -- WBR, wRAR signature.asc Description: PGP signature
Re: GitHub Open Source Survey 2017
On Wed, Jun 07, 2017 at 04:57:17PM +0200, Adam Borowski wrote: > I have yet to see a system vendor who issues BIOS/firmware updates at all > after 1-2 years after manufacture. If they don't sell the given piece of > hardware anymore, there's no money to be made by keeping it updated. > > And, even if they do issue such updates, they tend to be providen as Windows > executables, which is unfun if you don't even have Windows on the machine in > question. FWIW my laptops and desktop MBs are usually updated with a flash tool built into the BIOS setup interface with a file from a flash drive. But it's a small sample, and, incidentally, my desktop got a binary-file-with-a-windows-flasher "100 Series ME (Version 11.6.27.3264) Update Tool" just two days ago (I didn't flash it yet). -- WBR, wRAR signature.asc Description: PGP signature
Re: GitHub Open Source Survey 2017
On Wed, Jun 07, 2017 at 01:49:54PM +0200, Christian Seiler wrote: > > Or > > that you can sanely run x86 without at least {intel,amd64}-microcode. > > Well, on some systems you can install BIOS/UEFI updates that will > load newer microcode very early in the boot process. In that case > you really don't need the {intel-amd64}-microcode packages, and > you could potentially run just Debian main without any non-free > software on the disk. But they are generally updated less often than the Debian packages. Also, it's a good idea to think about the difference between a system with the microcode updated by UEFI and one with the microcode updated by a Debian package wrt open sourceness and such stuff. -- WBR, wRAR signature.asc Description: PGP signature
Re: should debian comment about the recent 'ransomware' malware.
On Tue, May 16, 2017 at 10:31:34AM -0300, Henrique de Moraes Holschuh wrote: > It is probably worth it to also remind users that they must also keep > track of firmware updates on Intel and AMD systems for platform-level > fixes (Intel ME, Ryzen and Kabilake microcode, usual BIOS/UEFI platform > bugs that cause severe issues with the Linux kernel). Debian cannot do > this for them. Yes, we even don't enable the repo with that critical package by default. -- WBR, wRAR signature.asc Description: PGP signature
Re: Debian Listing
On Tue, Aug 02, 2016 at 10:45:44AM +0800, Paul Wise wrote: > The mail you quoted was pretty clearly spam. I don't think so. -- WBR, wRAR signature.asc Description: PGP signature
Re: Software Freedom Conservancy needs our cash
On Tue, Dec 01, 2015 at 01:17:53PM +, Ian Jackson wrote: > Conservancy is an amazingly good thing. They are the only > organisation doing GPL enforcement for non-FSF projects. Where can I read some examples about this? -- WBR, wRAR
Re: What it means to be Debian
On Wed, Jun 17, 2015 at 08:59:51PM +0200, Bas Wijnen wrote: The above has nothing to do with beliefs. Beliefs are about people who believe that using non-free services is better for some ethical reason. Do such people exist or that's a straw man? I'm not sure if they do. Thanks. No free alternative was suggested here. Not to mention insecure and untrusted which can probably be classified as FUD That depends who you want to trust. If you don't like the NSA, you definitely shouldn't send your data to Google. Whether or not those with access are trusted is a personal issue. This, of course, is not at all related to a question of freeness and is more or less equaly applicable to any other hosted solution. The problem with services such as Google docs and YouTube is that the site owner allows the service provider to violate the privacy of the visitors. This shouldn't be a decision that the site owner is allowed to make. This, of course, has nothing to do with four freedoms or with your favorite definition of free. It is. Privacy violations do not pass the https://wiki.debian.org/DissidentTest . Services that violate privacy are by definition not free. If you are applying your freeness requirements not just to the service source code (as most people are, in my experience) then you probably need a different definition, and it's even harder to find a service complying with it. -- WBR, wRAR signature.asc Description: Digital signature
Re: What it means to be Debian
On Wed, Jun 17, 2015 at 03:59:57PM +0200, Bas Wijnen wrote: The above has nothing to do with beliefs. Beliefs are about people who believe that using non-free services is better for some ethical reason. Do such people exist or that's a straw man? So I agree with the illness statement (although I don't think illness is a good word for it): if people (believe they) need non-free software, we should try to make free alternatives better. Yes, we should, instead of preaching and scolding. None of this means we should tell people they can't use non-free software, but it may mean suggesting free alternatives (as was done in the post that started this discussion). I'll quote the relevant part of the post that started this discussion: 2. The data has to be entered in Google Docs / Google Forms. Excuse me, but weren't you saying you are reaching out to Free Software projects? I do not see why, as a Free Software contributor, I should act upon a mail that looks as close to simple spam as it can get and asks me to enter stuff into an insecure, untrusted and non-free application. No free alternative was suggested here. Not to mention insecure and untrusted which can probably be classified as FUD (as that's equally applicable to most free alternatives, I guess). The problem with services such as Google docs and YouTube is that the site owner allows the service provider to violate the privacy of the visitors. This shouldn't be a decision that the site owner is allowed to make. This, of course, has nothing to do with four freedoms or with your favorite definition of free. -- WBR, wRAR signature.asc Description: Digital signature
Re: Survey on Bug Tracking Tools
On Wed, Jun 17, 2015 at 09:07:00AM -0400, Brian Gupta wrote: I took a quick look, and maybe Lime Survey [2] might work for you? [2] - https://en.wikipedia.org/wiki/LimeSurvey ... which means one should either download the code and host their own installation just for one form or use their hosted limeservice.com thing with a complicated registration and lose all real benefits of a free tool. Also, its survey admin interface is much, much more complicated than Google Forms. -- WBR, wRAR signature.asc Description: Digital signature
Re: What it means to be Debian
On Tue, Jun 16, 2015 at 02:46:45PM +0200, Dominik George wrote: Mostly, I *personally* do not find those people authentic enough to uphold any such community standard. It's somewhat like donating to a species conservation organisation, taking the money from a purse made of crocodile skin. It's quite impossible to take it seriously. Debian isn't advertised as a distribution whose main goal is to provide 100% free something while not providing anything non-free, I think there are other projects with such advertising. So I think that such strong metaphors can't be applied to Debian. -- WBR, wRAR signature.asc Description: Digital signature
Re: What it means to be Debian
On Tue, Jun 16, 2015 at 06:24:09PM +0100, Ben Hutchings wrote: Mostly, I *personally* do not find those people authentic enough to uphold any such community standard. It's somewhat like donating to a species conservation organisation, taking the money from a purse made of crocodile skin. It's quite impossible to take it seriously. Debian isn't advertised as a distribution whose main goal is to provide 100% free something while not providing anything non-free, [...] Yeah it's such a minor goal that it's the first point of the Social Contract. I'll quote it: We will support people who create or use both free and non-free works on Debian. That is not the same as what I wrote but what I meant was we don't say things like our community must actively reject the non-free counterparts or we will not distribute, recommend, or otherwise support non-free software, as some other distributions do. -- WBR, wRAR signature.asc Description: Digital signature
Re: Being part of a community and behaving
On Thu, Nov 13, 2014 at 05:32:34PM +, Ian Jackson wrote: Could you please keep this whole mess on the mailing lists where it came from? I (and I believe others) have unsubscribed from -devel and -vote because we were fed up with the endless debate around the whole systemd issue. Please don't make us also unsubscribe from -project ? Sorry. I meant to move it to -vote, but got the wrong list. It doesn't belong on -devel. It doesn't belong to -vote either. -- WBR, wRAR signature.asc Description: Digital signature
Re: DEP-5 (copyright file format) ... gap with practice
On Mon, Sep 15, 2014 at 04:51:19PM +0200, Andreas Tille wrote: Not sure how that's a lot of work since uscan does all the magic for you. I don't use uscan to download tarballs for packages I maintain. Not to mention time required to fill in the Files-Excluded field. Just for the sake of interest: Is there any reason not to use uscan? For upstreams not using git I already have the new tarball downloaded before I start working on it. uscan just doesn't have a place in my workflows, it is necessary only when working on random packages from other people. -- WBR, wRAR signature.asc Description: Digital signature
Re: DEP-5 (copyright file format) ... gap with practice
On Mon, Sep 08, 2014 at 07:31:02PM -0400, Michael Gilbert wrote: DEP-5 as defined in http://dep.debian.net/deps/dep5/ does not have any clause allowing us to skip license entries for certain class of files. In practice, many packages lack entries for autotools generated files which come with very permissive license with mostly identical but not quite the same copyright phrases which reqire us to quote them separately. I am talking about autotools files such as: PERMISSIVE * */Makefile.in * m4/*.m4 * configure * INSTALL * aclocal.m4 GPL-2.0+ with autoconf exception * compile * depcomp * missing * py-compile * test-driver * m4/introspection.m4 * m4/intltool.m4 GPL-2.0+ with libtool exception * ltmain.sh GPL-3.0+ with autoconf exception * config.sub * config.guess MIT * install-sh You could always use the Files-Excluded field to make uscan remove those files from the upstream tarball, Too much work (at least when you are not repacking the tarball for other reasons) for absolutely no gain. -- WBR, wRAR -- To UNSUBSCRIBE, email to debian-project-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140909124044.ga20...@belkar.wrar.name
Re: DEP-5 (copyright file format) ... gap with practice
On Tue, Sep 09, 2014 at 05:40:46PM -0400, Michael Gilbert wrote: You could always use the Files-Excluded field to make uscan remove those files from the upstream tarball, Too much work (at least when you are not repacking the tarball for other reasons) for absolutely no gain. Not sure how that's a lot of work since uscan does all the magic for you. I don't use uscan to download tarballs for packages I maintain. Not to mention time required to fill in the Files-Excluded field. One benefit is less time on copyright file research/review, and People actually check licenses for autotools generated files? another clear benefit is reduced package cruft. The only thing that is reduced is the size of the orig tarball. -- WBR, wRAR -- To UNSUBSCRIBE, email to debian-project-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140910044822.gb29...@belkar.wrar.name
Re: clarify FTP master delegation?
On Wed, Mar 12, 2014 at 09:04:13AM -0700, Nikolaus Rath wrote: quick glance over debian-legal at Gmane didn't show any obvious megathreads). I don't know why gmane doesn't show it. https://lists.debian.org/debian-legal/2014/03/ -- WBR, wRAR signature.asc Description: Digital signature
Re: Proposal - preserve freedom of choice of init systems
On Sun, Mar 02, 2014 at 01:07:00PM +, Ian Jackson wrote: I understand your point. But it feels to me like an abuse of the CTs decision because it's on a related but different subject. I would prefer that it would just make a position statement that doesn't have an effect on the CTs decision. I don't think it's an abuse. That GR override clause was written by me. I specifically drew it widely precisely so that, amongst other things, a GR could answer questions that the TC has failed to answer. Surely the question is simply whether this GR is indeed on init systems. Clearly it is. Therefore the GR rider is engaged. On Sun, Mar 02, 2014 at 02:50:00PM +, Ian Jackson wrote: There is also this decision of the CTTE: The TC chooses to not pass a resolution at the current time about whether software may require specific init systems. Which doesn't have this GR rider text in it, and is on the same subject as this GR. That doesn't contradict the GR. If the GR passes we have two resolutions: 11th Feb as modified by GR: sysvinit as default, loose coupling 28th Feb we choose not to pass a resolution at the current time [ie on the 28th of February] about coupling These are not contradictory. In particular, the 28th of February resolution should not be read as vacating the 11th of February resolution's GR rider, which is what you are suggesting. Congratulations, that is a nice backdoor that nobody noticed on the code review. We hope the backdoor will be fixed ASAP, the appropriate security measures will be added and the intruder will be punished appropriately. -- WBR, wRAR signature.asc Description: Digital signature
Re: GR proposal: code of conduct
On Mon, Feb 24, 2014 at 05:00:07PM +0800, Paul Wise wrote: For IRC it's a bit more difficult, because we do not long our IRC channels by default (or at least I'm not aware we do), with the exception of meetings run with the help of meetbot. ... i.e. publicly log our IRC channels. That would be nice, the IRC channels are currently a big back-channel that hides a bunch of useful information from the wider public. One could argue that if there is information that is so useful it should be available to the general public then it should be manually polished up and published in designated places (documentation). -- WBR, wRAR -- To UNSUBSCRIBE, email to debian-project-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140225093420.ga21...@belkar.wrar.name
Re: The DM status and its recognition (was: Planned changes to Debian Maintainer uploads)
On Mon, Jun 11, 2012 at 10:59:53PM +0200, Arno Töll wrote: even more, becoming DM seems more and more understood as a suggested and advised procedure towards a full DD status. I do not think this is how the original endorsement was meant. Moreover, at least that's my impression from hanging around in Mentoring mailing lists and channels, many people (and by people I mean primarily developer not involved in sponsoring) also consider the DM status as a DD light version, advocated to people who are known as advanced packagers. I did this several times on #-mentors and I'll do it again. http://wiki.debian.org/DebianMaintainer The opening paragraphs: It is highly recommended to be a Debian Maintainer before applying to the Debian New Maintainers process to become an official Debian Developer. http://wiki.debian.org/DebianDeveloper Becoming a Debian Developer: You should be a Debian Maintainer for six months before applying to the Debian New Member Process. http://www.debian.org/devel/join/newmaint It is highly recommended that you become familiar with the role of Debian Maintainer and apply for this role before applying to become a Debian Developer. While these words do not mean DM status is needed *only* for prospective DDs, it is easy to imply that. -- WBR, wRAR signature.asc Description: Digital signature