Bug#1104244: RFS: foomuuri/0.28-1 [ITA] -- multizone bidirectional nftables firewall
Hi Niels, > Between my last email and now, the release team announced that the > Full Freeze will start in 7 days. I saw the news too. After reading freeze policy multiple times I decided to not request for unblock. Rules are rules and I unfortunately missed the deadline. New release would be very beneficial for new Foomuuri users (easier installation / configuration), but old version works too. And we always have backports. I'll contact you again after the freeze. Thanks for all the work so far.
Bug#1104244: RFS: foomuuri/0.28-1 [ITA] -- multizone bidirectional nftables firewall
Kim B. Heino: Hi Niels, 1) I have granted you commit access (developer) to https://salsa.debian.org/debian/foomuuri in case you want to move the packaging there. Thank you. I pushed the commits there and I'll remove my personal copy later. You are welcome. 2) I am ok with sponsoring your package in its current form, though I would like to confirm with you that you are okay targeting unstable. Yes, unstable should be fine. Foomuuri has very few dependencies and there are no packages that depends on Foomuuri. There are no large/disruptive changes. New upstream release 0.28 has been very stable in Fedora/EPEL. It includes very user-friendly change by merging two config sections (old configs will work as is) and that's the main reason why I would like it to get to Debian. Between my last email and now, the release team announced that the Full Freeze will start in 7 days. This means an upload today (or even last week) will require an explicit unblock from the release team - even for non-key packages with autopkgtests. Uploads have 20 days delay these days, so the new freeze policy would be in force before the migration can occur. The release team is explicit about this interaction of the delay and which policy that applies in their announcement. When I answered earlier today, as far as I knew the upload could have migrated without an unblock and with the release team announcement that understanding unfortunately turned out to not hold at all. Therefore, for the upload to make it to Trixie, it would take an approved unblock bug - that is, release team approval. Apologies if it feels like the goal post moved, and to be fair, it kind of has. For more details on the timeline/announcement, please see: https://lists.debian.org/debian-devel-announce/2025/07/msg3.html As for an unblock bug, it is a matter of filing a bug against release.debian.org (reportbug release.debian.org) and choose the unblock template. In the subject, add " (pre-approval)" in the end and CC me on it. If the RT approves, I will do the upload. After that, it is filling out the template, which is about assessing the risk, how the changes have been tested, and consequences of keeping the current version. Sorry, if that was not the news you wanted to hear, but it is unfortunately the new state of things. If the unblock request is declined, ping me a few days after the freeze and I will upload foomuuri/0.28-1 there. [...] You mention a backport upload as well. The one I can find is https://salsa.debian.org/kimheino/foomuuri/-/commits/bookworm-backports?ref_type=heads. If so, then that is currently not actionable as the version being uploaded to backports must be in testing already and 0.28 is not. If you are still aiming for this, then foomuuri must be uploaded to unstable and migrate before I can help there. Ok, understood. I'm still new to Debian maintaining... Let's get back to this when it's migrated. Ok. Lets see where we land on the upload. Best regards, Niels
Bug#1104244: RFS: foomuuri/0.28-1 [ITA] -- multizone bidirectional nftables firewall
Hi Niels, > 1) I have granted you commit access (developer) to > https://salsa.debian.org/debian/foomuuri in case you want to move > the packaging there. Thank you. I pushed the commits there and I'll remove my personal copy later. > 2) I am ok with sponsoring your package in its current form, though > I would like to confirm with you that you are okay targeting unstable. Yes, unstable should be fine. Foomuuri has very few dependencies and there are no packages that depends on Foomuuri. There are no large/disruptive changes. New upstream release 0.28 has been very stable in Fedora/EPEL. It includes very user-friendly change by merging two config sections (old configs will work as is) and that's the main reason why I would like it to get to Debian. > it will be sponsored): When you add build-dependencies for testing > only like in 2a88e1c71135d306dcb4185b8e70d00d6ed446a4, consider > tagging them with `` (such as `nftables `). This Thanks, I'll keep it in mind and fix to next release. > You mention a backport upload as well. The one I can find is > https://salsa.debian.org/kimheino/foomuuri/-/commits/bookworm-backports?ref_type=heads. > > If so, then that is currently not actionable as the version being > uploaded to backports must be in testing already and 0.28 is not. If > you are still aiming for this, then foomuuri must be uploaded to > unstable and migrate before I can help there. Ok, understood. I'm still new to Debian maintaining... Let's get back to this when it's migrated.
Bug#1104244: RFS: foomuuri/0.28-1 [ITA] -- multizone bidirectional nftables firewall
On Sat, 7 Jun 2025 10:29:41 +0300 "Kim B. Heino" wrote: Hi, It's been a month. Any progress? Hi Kim, Sorry for the long delay. Unfortunately, it seems Jeremy is currently unavailable for sponsoring given their lack of follow up on this bug. To move things along: 1) I have granted you commit access (developer) to https://salsa.debian.org/debian/foomuuri in case you want to move the packaging there. If you are not planning to move the packaging there (although, I hope you will), the `Vcs-*` fields should be updated to the repo used. 2) I am ok with sponsoring your package in its current form, though I would like to confirm with you that you are okay targeting unstable. We are in the hard freeze, so there is no guarantee that the upload will make it into testing. Particularly, the [freeze policy] has headlines such as "No large/disruptive changes" and "Be careful with new upstream releases". If the release team and you are not aligned here, `foomuuri` might end up blocked and even later removed because of the "unstable and testing must be in sync" policy unless we revert back to foomuuri/0.27 (usually in the form of 0.28-1+really0.27-1). That is the risk of uploading to unstable right now. The release team will not be open for negotiation at this point of the freeze, so any regressions or problems will likely call for an unconditional revert on this side of the release. I have limited understanding of foomuuri and also limited time to get up to speed, so it will be your call. Do we proceed with the unstable upload accepting the risk or would you rather target experimental and then we re-upload to unstable after the freeze? (If you go for experimental, please update the packaging accordingly) Additionally, one minor tweak you can consider (irrelevant to whether it will be sponsored): When you add build-dependencies for testing only like in 2a88e1c71135d306dcb4185b8e70d00d6ed446a4, consider tagging them with `` (such as `nftables `). This means rebuilds that does not run tests can skip those dependencies and as long as you use `dh_auto_test` (via `dh` in this case), the relevant build time skipping of tests are handled for you automatically. You mention a backport upload as well. The one I can find is https://salsa.debian.org/kimheino/foomuuri/-/commits/bookworm-backports?ref_type=heads. If so, then that is currently not actionable as the version being uploaded to backports must be in testing already and 0.28 is not. If you are still aiming for this, then foomuuri must be uploaded to unstable and migrate before I can help there. Alternatively, you might be able to use -backports-sloppy, but I do not know the rules of that nor do I plan on using bandwidth on learning them, so that would be a conversation with a different sponsor. Hope that was helpful. Once you have answered/handled 2), we can proceed with the upload. Best regards, Niels [freeze policy]: https://release.debian.org/testing/freeze_policy.html OpenPGP_signature.asc Description: OpenPGP digital signature
Bug#1104244: RFS: foomuuri/0.28-1 [ITA] -- multizone bidirectional nftables firewall
Control: tags -1 -moreinfo Control: tags -1 +confirmed Kim, Review of upload: 2025-06-23 09:27 For information about the tests run, see: https://wiki.debian.org/PhilWyett/DebianMentoring Summary === Looks good. Tagging as 'confirmed' Note: Not a blocker this time, but copyright changes should be reflected in the 'debian/changelog'. -- Regards Phil Donate: https://buymeacoffee.com/kathenasorg -- "I play the game for the game’s own sake" Arthur Conan Doyle - The Adventure of the Bruce-Partington Plans -- Website: https://kathenas.org Instagram: https://instagram.com/kathenasorg Internet Relay Chat (IRC): kathenas Matrix: @kathenas:matrix.org -- signature.asc Description: This is a digitally signed message part
Bug#1104244: RFS: foomuuri/0.28-1 [ITA] -- multizone bidirectional nftables firewall
On Saturday, June 21, 2025 2:56:39 AM Mountain Standard Time Kim B. Heino wrote: > > > > * Package name : foomuuri > > > > > > > > Version : 0.28-1 > > > > Upstream contact : Kim B. Heino > > > > > > > > * URL : https://github.com/FoobarOy/foomuuri > > > > * License : GPL-2+ > > > > * Vcs : https://salsa.debian.org/kimheino/foomuuri > > > > > > > > Section : net > > > > Mostly looks good. The only problem I see is that, because foomuuri > > is being back-ported to Bookworm, the systemd files cannot be > > unconditio- nally installed into /usr/lib/systemd: > > dh-sequence-movetousr needs to be retained. > > Oh, yes. That would be reverting commit 1f6243b6 in bookworm-backports > branch. Should I also revert it in sid branch? The reason for asking is > that I'm coming from Fedora world. In Fedora above revert would only be > in bookworm-backports branch, not in sid. I assume the same is true for > Debian. You can carry stable-backports specific changes/patches as long as they are documented in debian/changelog. Often this is necessary for compatibility with the dependencies that are available in stable-backports. These will be accepted as long as the changes are minimal in nature (which it sounds like this is if it is just reverting one commit). -- Soren Stoutner [email protected] signature.asc Description: This is a digitally signed message part.
Bug#1104244: RFS: foomuuri/0.28-1 [ITA] -- multizone bidirectional nftables firewall
Control: tags -1 -confirmed Control: tags -1 +moreinfo Kim, While the package is in good shape, I did spot something when I went back through the package. The copyright years in 'debian/copyright' require update. When a new upload is performed, please remove the 'moreiinfo' tag so it can be seen a new upload has been done. -- Regards Phil Donate: https://buymeacoffee.com/kathenasorg -- "I play the game for the game’s own sake" Arthur Conan Doyle - The Adventure of the Bruce-Partington Plans -- Website: https://kathenas.org Instagram: https://instagram.com/kathenasorg Internet Relay Chat (IRC): kathenas Matrix: @kathenas:matrix.org -- signature.asc Description: This is a digitally signed message part
Bug#1104244: RFS: foomuuri/0.28-1 [ITA] -- multizone bidirectional nftables firewall
> > > * Package name : foomuuri > > > Version : 0.28-1 > > > Upstream contact : Kim B. Heino > > > * URL : https://github.com/FoobarOy/foomuuri > > > * License : GPL-2+ > > > * Vcs : https://salsa.debian.org/kimheino/foomuuri > > > Section : net > > Mostly looks good. The only problem I see is that, because foomuuri > is being back-ported to Bookworm, the systemd files cannot be > unconditio- nally installed into /usr/lib/systemd: > dh-sequence-movetousr needs to be retained. Oh, yes. That would be reverting commit 1f6243b6 in bookworm-backports branch. Should I also revert it in sid branch? The reason for asking is that I'm coming from Fedora world. In Fedora above revert would only be in bookworm-backports branch, not in sid. I assume the same is true for Debian. > How do you want to proceed? Did you create the ITA bug report because > you do want to become the foomuuri package maintainer, or because it > had been orphaned and you wanted to make sure that somebody was > looking after it? My suggestion would be to create a foomuuri team > with both of us as members (despite my somewhat tardy answers over > the last month or so, I am usually more responsive :)). I can give > you commit priv's to the repo and do the uploads. I want somebody maintaining it for Debian. As there were no volunteers I decided to do it myself. So a team of us two (or more) would be the best solution. > As Phil Wyett (thanks for your tireless work on debian-mentors, btw) > pointed out earlier, Trixie is currently frozen, so the new upload > will have to wait till Trixie is released, but we can get everything > set up and ready to go once the time comes. Yes, Trixie must wait for reopen. Can it still be uploaded to bookworm-backports while waiting for Trixie?
Bug#1104244: RFS: foomuuri/0.28-1 [ITA] -- multizone bidirectional nftables firewall
On 2025-04-27, at 20:33:34 +0100, Jeremy Sowden wrote: On 2025-04-27, at 20:08:43 +0300, Kim B. Heino wrote: > Package: sponsorship-requests > Severity: normal > > Dear mentors, > > I am looking for a sponsor for my package "foomuuri": > > * Package name : foomuuri > Version : 0.28-1 > Upstream contact : Kim B. Heino > * URL : https://github.com/FoobarOy/foomuuri > * License : GPL-2+ > * Vcs : https://salsa.debian.org/kimheino/foomuuri > Section : net I'll pick this up. I'm a member of the Shorewall team and I have been informed that the Foomuuri maintainer (formerly of the SW team) has put the package up for adoption. > I created a fork because I don't have commit access to original vcs: > > https://salsa.debian.org/debian/foomuuri > > The source builds the following binary packages: > > foomuuri - multizone bidirectional nftables firewall > foomuuri-firewalld - multizone bidirectional nftables firewall - > firewalld emulation > > To access further information about this package, please visit the > following URL: > > https://mentors.debian.net/package/foomuuri/ > > Alternatively, you can download the package with 'dget' using this > command: > > dget -x > https://mentors.debian.net/debian/pool/main/f/foomuuri/foomuuri_0.28-1.dsc > > Changes since the last upload: > > foomuuri (0.28-1) unstable; urgency=medium > . > * New upstream release. > * New maintainer (Closes: #1095472) Mostly looks good. The only problem I see is that, because foomuuri is being back-ported to Bookworm, the systemd files cannot be unconditio- nally installed into /usr/lib/systemd: dh-sequence-movetousr needs to be retained. How do you want to proceed? Did you create the ITA bug report because you do want to become the foomuuri package maintainer, or because it had been orphaned and you wanted to make sure that somebody was looking after it? My suggestion would be to create a foomuuri team with both of us as members (despite my somewhat tardy answers over the last month or so, I am usually more responsive :)). I can give you commit priv's to the repo and do the uploads. As Phil Wyett (thanks for your tireless work on debian-mentors, btw) pointed out earlier, Trixie is currently frozen, so the new upload will have to wait till Trixie is released, but we can get everything set up and ready to go once the time comes. J. signature.asc Description: PGP signature
Bug#1104244: RFS: foomuuri/0.28-1 [ITA] -- multizone bidirectional nftables firewall
On 2025-06-07, at 10:29:41 +0300, Kim B. Heino wrote: It's been a month. Any progress? Apologies. The day job has been unusually busy over the last month, and I've been distracted. I will get back to you properly this week-end. Promise! :) J. signature.asc Description: PGP signature
Bug#1104244: RFS: foomuuri/0.28-1 [ITA] -- multizone bidirectional nftables firewall
On Sat, 2025-06-07 at 10:29 +0300, Kim B. Heino wrote: > Hi, > > It's been a month. Any progress? > Hi Kim, Sorry the package has yet to be DD reviewed. If this update is not a target for 13/Trixie (unblock requested from release team)[1], it will not be uploaded until 'unstable' reopens. If the update is not targeting 13/Trixie, you may wish to change the target distribution to 'experimental' at this time so upload can take place and the package be available for those wishing to test/use it. [1] Hard and Full - https://release.debian.org/trixie/freeze_policy.html#hard -- Regards Phil Donate: https://buymeacoffee.com/kathenasorg -- "I play the game for the game’s own sake" Arthur Conan Doyle - The Adventure of the Bruce-Partington Plans -- Internet Relay Chat (IRC): kathenas Website: https://kathenas.org Instagram: https://instagram.com/kathenasorg Threads: https://www.threads.net/@kathenasorg -- signature.asc Description: This is a digitally signed message part
Bug#1104244: RFS: foomuuri/0.28-1 [ITA] -- multizone bidirectional nftables firewall
Hi, It's been a month. Any progress?
Bug#1104244: RFS: foomuuri/0.28-1 [ITA] -- multizone bidirectional nftables firewall
On 2025-05-06, at 07:23:48 +0300, Kim B. Heino wrote: Have you had time to look at Foomuuri package yet? Can I help you in any way? There is also an update to bookworm-backports waiting in my repo. What is the correct procedure for it? I took a brief look at the beginning of this week. I'm planning on doing a proper review over the week-end. J. signature.asc Description: PGP signature
Bug#1104244: RFS: foomuuri/0.28-1 [ITA] -- multizone bidirectional nftables firewall
Hi Jeremy, Have you had time to look at Foomuuri package yet? Can I help you in any way? There is also an update to bookworm-backports waiting in my repo. What is the correct procedure for it?
Bug#1104244: RFS: foomuuri/0.28-1 [ITA] -- multizone bidirectional nftables firewall
On Sun, Apr 27, 2025 at 08:33:34PM +0100, Jeremy Sowden wrote: > I'll pick this up. I'm a member of the Shorewall team and I have been > informed that the Foomuuri maintainer (formerly of the SW team) has put > the package up for adoption. Thanks, Jeremy! -r
Bug#1104244: RFS: foomuuri/0.28-1 [ITA] -- multizone bidirectional nftables firewall
On 2025-04-27, at 20:08:43 +0300, Kim B. Heino wrote: Package: sponsorship-requests Severity: normal Dear mentors, I am looking for a sponsor for my package "foomuuri": * Package name : foomuuri Version : 0.28-1 Upstream contact : Kim B. Heino * URL : https://github.com/FoobarOy/foomuuri * License : GPL-2+ * Vcs : https://salsa.debian.org/kimheino/foomuuri Section : net I'll pick this up. I'm a member of the Shorewall team and I have been informed that the Foomuuri maintainer (formerly of the SW team) has put the package up for adoption. I created a fork because I don't have commit access to original vcs: https://salsa.debian.org/debian/foomuuri The source builds the following binary packages: foomuuri - multizone bidirectional nftables firewall foomuuri-firewalld - multizone bidirectional nftables firewall - firewalld emulation To access further information about this package, please visit the following URL: https://mentors.debian.net/package/foomuuri/ Alternatively, you can download the package with 'dget' using this command: dget -x https://mentors.debian.net/debian/pool/main/f/foomuuri/foomuuri_0.28-1.dsc Changes since the last upload: foomuuri (0.28-1) unstable; urgency=medium . * New upstream release. * New maintainer (Closes: #1095472) Regards, -- Kim B. Heino J. signature.asc Description: PGP signature
Bug#1104244: RFS: foomuuri/0.28-1 [ITA] -- multizone bidirectional nftables firewall
Control: tags -1 +confirmed Kim, Review of upload: 2025-04-27 17:26 For information about the tests run, see: https://wiki.debian.org/PhilWyett/DebianMentoring Test 1 (reproducibility): Information only Kim is aware of an issue and is actively working on it. Summary === As we have messaged, you are working on the reproducible builds issue. I am tagging as 'confirmed' as this test is none blocking at present. I hope a DD will pick up the package for review and sposnorship. Kim is upstream and adopting the package in Debian and I hope we can help him where we can. -- Regards Phil Donate: https://buymeacoffee.com/kathenasorg -- "I play the game for the game’s own sake" Arthur Conan Doyle - The Adventure of the Bruce-Partington Plans -- Internet Relay Chat (IRC): kathenas Website: https://kathenas.org Instagram: https://instagram.com/kathenasorg Threads: https://www.threads.net/@kathenasorg -- signature.asc Description: This is a digitally signed message part
Bug#1104244: RFS: foomuuri/0.28-1 [ITA] -- multizone bidirectional nftables firewall
Package: sponsorship-requests Severity: normal Dear mentors, I am looking for a sponsor for my package "foomuuri": * Package name : foomuuri Version : 0.28-1 Upstream contact : Kim B. Heino * URL : https://github.com/FoobarOy/foomuuri * License : GPL-2+ * Vcs : https://salsa.debian.org/kimheino/foomuuri Section : net I created a fork because I don't have commit access to original vcs: https://salsa.debian.org/debian/foomuuri The source builds the following binary packages: foomuuri - multizone bidirectional nftables firewall foomuuri-firewalld - multizone bidirectional nftables firewall - firewalld emulation To access further information about this package, please visit the following URL: https://mentors.debian.net/package/foomuuri/ Alternatively, you can download the package with 'dget' using this command: dget -x https://mentors.debian.net/debian/pool/main/f/foomuuri/foomuuri_0.28-1.dsc Changes since the last upload: foomuuri (0.28-1) unstable; urgency=medium . * New upstream release. * New maintainer (Closes: #1095472) Regards, -- Kim B. Heino
