Re: GetDeb Project
On Wed, Oct 17, 2007 at 01:45:04AM +0200, Krzysztof Lichota wrote: Scott Kitterman napisał(a): Generally I enable backports, install what I want, and the disable it again. That I think most people can do. Maybe they can, but: a) they have to know about it They have to know about GetDeb, too. b) it is very inconvenient c) you do not get updates to installed app (i.e. security fixes) This makes me curious: how do you get security fixes for a package installed from GetDeb? Ming 2007.10.17 -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: GetDeb Project
Hi João Pinto, On Sun, Oct 14, 2007 at 12:46:59PM +0100, João Pinto wrote: Hello, I am the GetDeb project founder and manager, I would like to present GetDeb, current status and planned goals. Thanks for sending this mail to the Ubuntu lists. It's apparent that GetDeb meets the need of quite some users, and it would be nice to see GetDeb and the official repository has more collabrations. Most of this thread is talking about the packages. I would like, however, to talk about something else. Current Status --- [...] One of our important accessibility factors is internationalization, 99% of the site template is translatable and already translated into more than 20 languages. The applications description is also translatable, however that is still a young and not very polished feature, at this moment we have about 1K application descriptions translated to random languages. What are these application descriptions? Are they the same as the package descriptions (i.e., the Description: field in debian/control, also shown in apt-cache show package-name. If yes, is there a way to get all the translations for a particular language? I believe many people would be interested to see them, and incorporate them into Debian and Ubuntu. Also, you can also use the existent translation work of the package descriptions from Debian [1] on GetDeb website if you want. 1. http://www.us.debian.org/intl/l10n/ddtp Internationalization: http://www.getdeb.net/languages.php A side note -- since you are using global.zh-tw.php for traditional Chinese (zh_TW in the locale notation), you probably want to use global.zh-cn.php instead of global.zh.php for simplified Chinese (zh_CN). Ming 2007.10.17 -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: You devs rock. Thanks for your work.
On Tue, 2007-10-16 at 13:21 -0400, [EMAIL PROTECTED] wrote: It's a fresh relief to see positive comments once in a while :) Thanks for your kind words. Like many occupations, this is one where doing a good job means that people don't realise you're there. This means that most of the attention gained is for negative things (Fix this for me). Chris PS: I add my own thanks. Nothing is perfect, but Ubuntu is getting better all of the time and raising the bar for other distros. That's a great achievement. -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: GetDeb Project
Scott Kitterman napisał(a): I was thinking about this some more. My objection isn't to the installation method, but to the packages. Someone earlier in the thread mentioned the benifits of the web front end that Getdeb provides. Rather than remove something like gnucash from getdeb, what really needs to happen is just pointint from the getdeb package to the Ubuntu one. In the gnucash case it would be changing: http://www.getdeb.net/download.php?release=1496fpos=0 http://www.getdeb.net/download.php?release=1496fpos=1 http://www.getdeb.net/download.php?release=1496fpos=2 with http://launchpadlibrarian.net/9958499/gnucash_2.2.1-1ubuntu4%7Efeisty1_i386.deb http://launchpadlibrarian.net/9958498/gnucash-common_2.2.1-1ubuntu4%7Efeisty1_all.deb http://launchpadlibrarian.net/9959217/gnucash-docs_2.2.0-1%7Efeisty1_all.deb The web front end could stay. This would have a number of advantages: Reduced storage and bandwidth usage for getdeb Fewer packages users have to uninstall before an upgrade Fewer issues due to unofficial package use How about something like that? I've no objections to that approach myself. I think it is a good idea, but I see 2 problems: 1. Ubuntu should provide links to debs which do not change in time or some way of automatically feeding changes to deb names to getdeb, so that updates do not require manual intervention. 2. Pure .deb packages are not signed (as far as I understand APT system). Only repos are. So the security problem stays the same. Krzysztof Lichota signature.asc Description: OpenPGP digital signature -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: GetDeb Project
Ming Hua napisał(a): On Wed, Oct 17, 2007 at 01:45:04AM +0200, Krzysztof Lichota wrote: Scott Kitterman napisał(a): Generally I enable backports, install what I want, and the disable it again. That I think most people can do. Maybe they can, but: a) they have to know about it They have to know about GetDeb, too. They have to know only the URL. For package pinning, switching repos they have to know a lot more. b) it is very inconvenient c) you do not get updates to installed app (i.e. security fixes) This makes me curious: how do you get security fixes for a package installed from GetDeb? You don't. But you should. I just drew your attention that switching backports repository on and off does not solve it either. Krzysztof Lichota signature.asc Description: OpenPGP digital signature -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: GetDeb Project
On Wednesday 17 October 2007 06:47, Krzysztof Lichota wrote: Scott Kitterman napisał(a): I was thinking about this some more. My objection isn't to the installation method, but to the packages. Someone earlier in the thread mentioned the benifits of the web front end that Getdeb provides. Rather than remove something like gnucash from getdeb, what really needs to happen is just pointint from the getdeb package to the Ubuntu one. In the gnucash case it would be changing: http://www.getdeb.net/download.php?release=1496fpos=0 http://www.getdeb.net/download.php?release=1496fpos=1 http://www.getdeb.net/download.php?release=1496fpos=2 with http://launchpadlibrarian.net/9958499/gnucash_2.2.1-1ubuntu4%7Efeisty1_i3 86.deb http://launchpadlibrarian.net/9958498/gnucash-common_2.2.1-1ubuntu4%7Efei sty1_all.deb http://launchpadlibrarian.net/9959217/gnucash-docs_2.2.0-1%7Efeisty1_all. deb The web front end could stay. This would have a number of advantages: Reduced storage and bandwidth usage for getdeb Fewer packages users have to uninstall before an upgrade Fewer issues due to unofficial package use How about something like that? I've no objections to that approach myself. I think it is a good idea, but I see 2 problems: 1. Ubuntu should provide links to debs which do not change in time or some way of automatically feeding changes to deb names to getdeb, so that updates do not require manual intervention. I'd like to be able to dget source from LP too, but it's reallly not how their system is designed, but I don't think the links actually change over time. 2. Pure .deb packages are not signed (as far as I understand APT system). Only repos are. So the security problem stays the same. I disagree. If I'm pulling a .deb from LP over https, I have a lot more confidence in that than one that's signed, but from some external site. Not ideal, but it's better. Scott K -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: GetDeb Project (Why I participate)
OK, I don't want to hijack this thread but after reading mostly negative comments I would like to say somethings about why I participate in GetDeb. A little bit of history, I stumbled upon GetDeb when I was looking for Pidgin. Back then it wasn't available in Feisty and I wanted to use the latest version. When I saw the website I got very excited about the goal to supply the latest software for Ubuntu. The main reason why I started creating packages for Getdeb was the fact it was so easy to participate. I created an updated package and within two days it was up on the site. I tend to create packages I use myself or I believe it is a great asset to Ubuntu. This is one of the reason you won't see me creating packages for games at the moment. I did check to see if I could help out creating packages for as some call it, the inside Ubuntu community. All I could find was becoming a MOTU which is a whole process and I wasn't, and I'm still not, ready for that. Not until this thread I found out that for backports it's different. I will check out the backport process and see if I could help out there as well. I won't abandon the Getdeb project, it's a great project to participate in. -- Peter van der Does GPG key: E77E8E98 IRC: Ganseki on irc.freenode.net Blog: http://blog.avirtualhome.com Jabber ID: [EMAIL PROTECTED] AIM: petervanderdoes GetDeb Package Builder http://www.getdeb.net - Software you want for Ubuntu signature.asc Description: OpenPGP digital signature -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: GetDeb Project
I disagree. If I'm pulling a .deb from LP over https, I have a lot more confidence in that than one that's signed, but from some external site. Not ideal, but it's better. Scott, if your trust is based on the URL of the download and not on the PGP signature validation, then you do not care or you do not understand what is the PGP signature role. I strongly recommend you some reading like: http://cryptnet.net/fdp/crypto/strong_distro.html http://wiki.debian.org/SecureApt Best regards, -- João Pinto IRC: Lamego @ irc.freenode.net Jabber ID: [EMAIL PROTECTED] GetDeb Project Manager - http://www.getdeb.net -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: GetDeb Project (Why I participate)
Am Mittwoch, den 17.10.2007, 09:24 -0400 schrieb Peter (Ubuntu List): I did check to see if I could help out creating packages for as some call it, the inside Ubuntu community. All I could find was becoming a MOTU which is a whole process and I wasn't, and I'm still not, ready for that. https://wiki.ubuntu.com/MOTU/Recipes/PackageUpdate https://wiki.ubuntu.com/SponsorshipProcess It's really quite easy. If you think we could improve things by speeding them up somehow or explaining the process better, please let me know - I'm happy to help out and fix it. Have a nice day, Daniel signature.asc Description: Dies ist ein digital signierter Nachrichtenteil -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: GetDeb Project (Why I participate)
Le mercredi 17 octobre 2007 à 09:24 -0400, Peter (Ubuntu List) a écrit : The main reason why I started creating packages for Getdeb was the fact it was so easy to participate. I created an updated package and within two days it was up on the site. I tend to create packages I use myself or I believe it is a great asset to Ubuntu. This is one of the reason you won't see me creating packages for games at the moment. Hi, That's a good example of something not easy to backport and I would be curious to know how you made sure that your pidgin packages was not breaking other packages using gaim (various gaim plugins, nautilus-sendto, etc). Did you provide piding variant of those with dummy transition packages, correct Conflicts informations, updated Depends? Or did you just shipped the new version without consideration for those issues? Sebastien Bacher -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: GetDeb Project (Why I participate)
Sebastien Bacher wrote: Le mercredi 17 octobre 2007 à 09:24 -0400, Peter (Ubuntu List) a écrit : The main reason why I started creating packages for Getdeb was the fact it was so easy to participate. I created an updated package and within two days it was up on the site. I tend to create packages I use myself or I believe it is a great asset to Ubuntu. This is one of the reason you won't see me creating packages for games at the moment. Hi, That's a good example of something not easy to backport and I would be curious to know how you made sure that your pidgin packages was not breaking other packages using gaim (various gaim plugins, nautilus-sendto, etc). Did you provide piding variant of those with dummy transition packages, correct Conflicts informations, updated Depends? Or did you just shipped the new version without consideration for those issues? Sebastien Bacher I didn't create the Pidgin package, so I can't really comment on that. But for the packages I created I do check them if it's really working without glitches, depends checked. I don't just ship out versions without considering those issues. And example is the updated Liferea package, they changed their way of storing the feeds to sqlite, so yes I made sure the depends included that too. I create packages with pbuilder and then test them in a chrooted default installation environment. -- Peter van der Does GPG key: E77E8E98 IRC: Ganseki on irc.freenode.net Blog: http://blog.avirtualhome.com Jabber ID: [EMAIL PROTECTED] AIM: petervanderdoes GetDeb Package Builder http://www.getdeb.net - Software you want for Ubuntu signature.asc Description: OpenPGP digital signature -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: GetDeb Project (Why I participate)
Hello, I have done the pidgin packaging. First we provided a singe package, which would not conflict with gaim, it would just provide pidgin, it could be used together with gaim. Later, we backported the package as provided on Debian. I did not had any special considerations that were not covered by Debian, I have tested the package prior to publishing, I found no issues. You can also check for issues reported by users: You can see the comments at http://www.getdeb.net/comment.php?rel_id=1462 The main issue is the -data package which needs to be installed first, gdebi will call dpkg -i and break the apt cache because the existing piding will miss it's dependencies, this is a known dpkg/gdebi limitation as noted on a previous thread on this list. Thanks Hi, That's a good example of something not easy to backport and I would be curious to know how you made sure that your pidgin packages was not breaking other packages using gaim (various gaim plugins, nautilus-sendto, etc). Did you provide piding variant of those with dummy transition packages, correct Conflicts informations, updated Depends? Or did you just shipped the new version without consideration for those issues? Sebastien Bacher -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss -- João Pinto IRC: Lamego @ irc.freenode.net Jabber ID: [EMAIL PROTECTED] GetDeb Project Manager - http://www.getdeb.net -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: GetDeb Project
On Wednesday 17 October 2007 10:15, João Pinto wrote: I disagree. If I'm pulling a .deb from LP over https, I have a lot more confidence in that than one that's signed, but from some external site. Not ideal, but it's better. Scott, if your trust is based on the URL of the download and not on the PGP signature validation, then you do not care or you do not understand what is the PGP signature role. I strongly recommend you some reading like: http://cryptnet.net/fdp/crypto/strong_distro.html http://wiki.debian.org/SecureApt The fact that you signed a package and the signature validates just means that I got what you packaged and signed. My trust in that package is no higher than my trust in you. If I download a file from LP, I know I got the file than Ubuntu developers uploaded (unless LP has been hacked, a risk I'll consider nil). Ideally the .debs off LP would be signed, but I'll take that over packages from a site that has repeatedly stated they won't meet Ubuntu packaging standards with no hesitation. Scott K -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Fwd: GetDeb Project
Hi, Am Dienstag 16 Oktober 2007 22:35:08 schrieben Sie: Hello, You can get a snapshot of the current app tables: http://www.getdeb.net/tmp/getdeb_db_16_Oct_2007.sql.gz I don't have a detailed data model documentation, here is a quick guide for the apps info: gd_app - Application info entry gd_app_version - Version record gd_app_release - Release of a specific version for a specific distro gd_app_download - Download counts per app release (distro_id is included for summary count) excellent, thanks for the snapshot! Would it also be possible to make this information available updated from time to time via GetDeb? I'm thinking of integrating this information into multidistrotools [1] in case you're wondering. Cheers, Stefan. -- [1]: http://people.debian.org/~lucas/ubuntu-versions/ (looks like it's currently broken, usually you'd see current debian versions compared to ubuntu versions) signature.asc Description: This is a digitally signed message part. -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: regular fsck runs are too disturbing
Onno Benschop wrote: I am subscribed to the list, there is no need to send this to me directly. Fair enough. I will remove you for now, but if you wish to not get such replies regularly, you should set your Reply-To: header to point to the mailing list. I have personal experience where a modern journalling file system (ext3) does *not* maintain integrity. I have now had three cases where the journal corrupted for no particular reason, causing the kernel to remount my drive read-only. A read-only and non-destructive read-write test failed to uncover any problems. My point was, and it still stands, theoretically a file-system maintains its integrity, in practice it cannot. fsck is the tool that catches the difference between theory and practice. It sounds like in your case it was the running kernel that noticed the problem ( which in all likelihood was simply an IO error that happened while the kernel tried to update the journal ), not the auto fsck at 30 mounts. In any case, such errors occur only for the VAST minority of users, so why should everyone be penalized? -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
