Re: debian-multimedia.org considered harmful, Was: Unofficial repositories on 'debian' domains
On 2012-03-05 16:42:50 +0100, Reinhard Tartler wrote: Friendly discussion with the maintainer of debian-multimedia.org to not replace libraries such as libavcodec and friends have failed ultimatively (BTW, that is part of the reason why we've ended up with an epoch of '4', dmo uses epoch '5'); he has repeatedly shown that is not interested in collaborating with pkg-multimedia at all. He also does not seem interested in installing libraries in a way that they do not interfere with 'official' Debian packages (e.g., by changing SONAMES, or installing in private directories, etc.). It's worse than that. Security support is non-existent, and users don't know that. An example: http://lists.debian.org/debian-user-french/2010/08/msg6.html where a user recommended flashplayer-mozilla from debian-multimedia (debian-multimedia.org), saying that it was working very well. What he didn't say (and there was no information on debian-multimedia.org either), is that this was a version with critical vulnerabilities known since June 2010: http://www.adobe.com/support/security/bulletins/apsb10-14.html -- Vincent Lefèvre vinc...@vinc17.net - Web: http://www.vinc17.net/ 100% accessible validated (X)HTML - Blog: http://www.vinc17.net/blog/ Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon) ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Re: debian-multimedia.org considered harmful, Was: Unofficial repositories on 'debian' domains
On 2012-03-08 12:35:53 +, Philipp Kern wrote: On 2012-03-08, Vincent Lefevre vinc...@vinc17.net wrote: It's worse than that. Security support is non-existent, and users don't know that. An example: [… non-free package …] Well, non-free in Debian proper doesn't have security support neither. But then I guess one could argue that users at least know that this is the case, don't they? No, the package was *not* a non-free package, it was in main. I did the remark at that time: http://lists.debian.org/debian-user-french/2010/08/msg00082.html So, again, this is really misleading for the end user. -- Vincent Lefèvre vinc...@vinc17.net - Web: http://www.vinc17.net/ 100% accessible validated (X)HTML - Blog: http://www.vinc17.net/blog/ Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon) ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Re: Unofficial repositories on 'debian' domains
Am 06.03.2012 18:34, schrieb Matt Zagrabelny: Just out of curiosity, why is it not permitted for Debian to have the libdvdcss2 package, but it is okay to have a git repo of the package? 1) I am not a lawyer, so this is only my limited legal understanding. 2) By hosting the source code we provide only a recipe, not am actual product. A binary package with a library that you can immediately load into address space would be the latter. For example, it is allowed to tell people how to build bombs, but it is not allowed to sell them. Bad example, I know... ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Re: Unofficial repositories on 'debian' domains
On Tue, Mar 6, 2012 at 8:10 AM, Fabian Greffrath fab...@greffrath.com wrote: Am 05.03.2012 21:30, schrieb Matt Zagrabelny: I mean, from what I've read in this thread, d-m.o is not cooperative with d.o regarding packages, what is the recommended way of installing that libdvdcss2? Not sure if I should reply to this on-list. $ su -c apt-get install git-buildpackage $ gbp-clone git://anonscm.debian.org/pkg-multimedia/libdvdcss.git $ cd libdvdcss $ git-buildpackage -us -uc $ su -c dpkg -i ../libdvdcss2*.deb Fabian, what do you think about writing a script that does these lines above in an automated way, and install this to /usr/share/doc/libdvdread3/install-css.sh? I guess pkg-multimedia would need to adopt libdvdread before, but I don't think Daniel would object to this. Cheers, Reinhard -- regards, Reinhard ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Re: Unofficial repositories on 'debian' domains
Am 06.03.2012 13:11, schrieb Reinhard Tartler: Not sure if I should reply to this on-list. $ su -c apt-get install git-buildpackage $ gbp-clone git://anonscm.debian.org/pkg-multimedia/libdvdcss.git $ cd libdvdcss $ git-buildpackage -us -uc $ su -c dpkg -i ../libdvdcss2*.deb Fabian, what do you think about writing a script that does these lines above in an automated way, and install this to /usr/share/doc/libdvdread3/install-css.sh? Piece of cake! ;) I guess pkg-multimedia would need to adopt libdvdread before, but I don't think Daniel would object to this. Daniel, what do you say? - Fabian ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Re: Unofficial repositories on 'debian' domains
On Tue, Mar 6, 2012 at 6:53 AM, Fabian Greffrath fab...@greffrath.com wrote: Am 06.03.2012 13:11, schrieb Reinhard Tartler: Not sure if I should reply to this on-list. $ su -c apt-get install git-buildpackage $ gbp-clone git://anonscm.debian.org/pkg-multimedia/libdvdcss.git $ cd libdvdcss $ git-buildpackage -us -uc $ su -c dpkg -i ../libdvdcss2*.deb Just out of curiosity, why is it not permitted for Debian to have the libdvdcss2 package, but it is okay to have a git repo of the package? -mz ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Fwd: Re: Unofficial repositories on 'debian' domains
This thread is from debian-devel. Would anyone here who had a lot of experience working (or dealing) with Marillat like to respond? ~ Andres -- Forwarded message -- From: Stefano Zacchiroli lea...@debian.org Date: Mar 5, 2012 2:41 AM Subject: Re: Unofficial repositories on apos;debianapos; domains To: debian-de...@lists.debian.org On Sun, Mar 04, 2012 at 10:59:39PM +, Ben Hutchings wrote: Looking at the front page of http://www.debian-multimedia.org/ today, I don't see a clear statement that it is unofficial. Agreed. I also find disturbing that the website seeks for donations without making clear that donated money do not go to the Debian Project. That is not necessarily done out of malice, of course, but it seems to live in the same uncertainty about the unofficiality of the website that you mention. But for new users and potential users, this distinction probably isn't obvious. There is a reason that Debian has pursued trademark enforcement actions against various debian.xy domains. Agreed, and I've been thinking about debian-multimedia.org since quite a while. According to our trademark policy (present and draft), the website is in violation of Debian trademark. As the website is maintained by a Debian Developer, I'm sure we don't need that specific aspect to come into some sort of amicable solution. But before getting there, the question is whether the existence of the website (and its popularity) poses problem to Debian reputation and/or to the activity of official Debian multimedia packaging. I think this is a question for the Debian Multimedia Maintainers (as in pkg-multimedia-maintainers@lists.alioth.debian.org) to answer. If they see a problem with debian-multimedia.org, we should get in touch with the website maintainers and solve the issue. And to avoid singling out debian-multimedia.org, I think this confusion could just as well happen with repositories on foo.debian.net domains. I think the situations with debian.net is quite different. *.debian.net is a namespace offered by Debian to developers that want to setup services which are not (yet) integrated in the Debian infrastructure and, as such, not yet blessed as official project services. I don't think we need to have any stricter procedure that the current one for people to setup *.debian.net entries. What we need, though, is probably to make it more clear to our users what is the difference among *.debian.net and *.debian.org services. It is something that developers know by folklore, but that I seriously doubt most of our users know. For me, the most appropriate way to do is to put a splash page at www.debian.net explaining that. If DSA agrees with that approach, I'm sure we can easily come up with a suitable splash text. While we are at it, I also think we should provide an index of *.debian.net entries on that splash page. http://wiki.debian.org/DebianNetDomains is just too prone to outdateness and incompleteness. The index can be automatically generated from LDAP and. IIRC a past chat with DSA, DSA is fine with that but is aware of privacy concerns that some of the registrant of *.debian.net entries might have. Personally, I don't think we should be worried about privacy concerns there. The debian.net is a Debian project resource and we should be ready to advertise all its entries, otherwise people should not register them in the first place. Cheers. -- Stefano Zacchiroli zack@{upsilon.cc,pps.jussieu.fr,debian.org} . o . Maître de conférences .. http://upsilon.cc/zack .. . . o Debian Project Leader... @zack on identi.ca ...o o o « the first rule of tautology club is the first rule of tautology club » ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
debian-multimedia.org considered harmful, Was: Unofficial repositories on 'debian' domains
On Mon, Mar 5, 2012 at 9:29 AM, Thijs Kinkhorst th...@debian.org wrote: But before getting there, the question is whether the existence of the website (and its popularity) poses problem to Debian reputation and/or to the activity of official Debian multimedia packaging. I think this is a question for the Debian Multimedia Maintainers (as in pkg-multimedia-maintainers@lists.alioth.debian.org) to answer. If they see a problem with debian-multimedia.org, we should get in touch with the website maintainers and solve the issue. Of course, one of the reasons debian-multimedia exists is precisely because it's unofficial: it can package things that Debian out of policy doesn't want to package. This is not something that can necessarily be solved on a packaging level. A recurring problem we have in pkg-multimedia is that debian-multimedia.org provides packages that replace both applications and libraries that we already ship with Debian. Especially for libraries, this can (and in fact, this does happen regularly) lead to crashes which are very hard to diagnose. Therefore, we have a policy to just close a bug with a very short explanation if we notice that the crash involves a package from debian-multimedia.org; everything else is absolutely not worth the trouble. Cf. also [1]. Friendly discussion with the maintainer of debian-multimedia.org to not replace libraries such as libavcodec and friends have failed ultimatively (BTW, that is part of the reason why we've ended up with an epoch of '4', dmo uses epoch '5'); he has repeatedly shown that is not interested in collaborating with pkg-multimedia at all. He also does not seem interested in installing libraries in a way that they do not interfere with 'official' Debian packages (e.g., by changing SONAMES, or installing in private directories, etc.). While debian-multimedia.org has gained a reputation of providing packages, which were desperately lacking in Debian, IMO this repository has turned into a major source of trouble and pissed users provoking flamewars in the recent past. There is still a number of remaining multimedia-related packages that we still lack in Debian, and pkg-multimedia is working on getting at least the most popular ones packaged and uploaded - help, as always, is of course very appreciated. [2] In summary, I can only advise everyone against enabling that repository on any machine. [1] http://wiki.debian.org/DebianMultimedia/FAQ [2] There are also a few additional, non-multimedia related packages, such as acroread and similar non-free stuff. If you really need those, I'd suggest to install them without enabling the repository via apt. -- regards, Reinhard ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Re: Re: Unofficial repositories on 'debian' domains
On Mon, Mar 5, 2012 at 4:08 PM, Andres Mejia amejia...@gmail.com wrote: This thread is from debian-devel. Would anyone here who had a lot of experience working (or dealing) with Marillat like to respond? I just did -- regards, Reinhard ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Re: Unofficial repositories on 'debian' domains
On Mon, Mar 5, 2012 at 6:32 PM, Matt Zagrabelny mzagr...@d.umn.edu wrote: On Mon, Mar 5, 2012 at 9:45 AM, Reinhard Tartler siret...@gmail.com wrote: On Mon, Mar 5, 2012 at 11:52 AM, Milan P. Stanic m...@arvanta.net wrote: For me d-m.o was (and still is) valuable resource. Some codecs missing in Debian packages because of the policy (I don't blame Debian for that) and in that case d-m.o is best option for me because I don't want/have time to package it from the source. Out of curiousity, what codecs do you miss in the official debian packages? libdvdcss2 This is not a codec but a software package that cracks an encryption algorithm. It has been packaged for debian proper, uploaded and got rejected by ftp-master. BTW, the reason did not involve patents, AFAIUI. As an alternative source, the libdvdread3 package used to ship a /usr/share/doc/libdvdread3/install-css.sh script, which fetched a libdvdcss2 packages from debian-unofficial.org. From a packaging and maintenance POV, that package is in a much better state. Too bad that the libdvdread maintainer removed that really handy script. This may have been mentioned elsewhere in this thread, but a wiki page under wiki.debian.org instructs users to use d-m.o as a repository to get various codecs. http://wiki.debian.org/MultimediaCodecs That package desperately needs updating. -- regards, Reinhard ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Re: Unofficial repositories on 'debian' domains
Reinhard Tartler siret...@gmail.com writes: the libdvdread maintainer removed that really handy script. Not really related but it did have a security issue: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=554772 ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Re: Unofficial repositories on 'debian' domains
On Mon, Mar 5, 2012 at 11:55 AM, Reinhard Tartler siret...@gmail.com wrote: On Mon, Mar 5, 2012 at 6:32 PM, Matt Zagrabelny mzagr...@d.umn.edu wrote: On Mon, Mar 5, 2012 at 9:45 AM, Reinhard Tartler siret...@gmail.com wrote: On Mon, Mar 5, 2012 at 11:52 AM, Milan P. Stanic m...@arvanta.net wrote: For me d-m.o was (and still is) valuable resource. Some codecs missing in Debian packages because of the policy (I don't blame Debian for that) and in that case d-m.o is best option for me because I don't want/have time to package it from the source. Out of curiousity, what codecs do you miss in the official debian packages? libdvdcss2 This is not a codec but a software package that cracks an encryption algorithm. It has been packaged for debian proper, uploaded and got rejected by ftp-master. BTW, the reason did not involve patents, AFAIUI. I understand that it is not a codec. ;) Nevertheless, it is a package that I find myself installing on just about any workstation with a DVD drive. As an alternative source, the libdvdread3 package used to ship a /usr/share/doc/libdvdread3/install-css.sh script, which fetched a libdvdcss2 packages from debian-unofficial.org. From a packaging and maintenance POV, that package is in a much better state. Too bad that the libdvdread maintainer removed that really handy script. What then is the recommended way of installing a the decryption library for DVD/CSS? I mean, from what I've read in this thread, d-m.o is not cooperative with d.o regarding packages, what is the recommended way of installing that libdvdcss2? Cheers, -mz ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers