leaks in our only-signed-software fortress

Hey. I've decided that I think it's important to CC this d-d: Debian has a good system of securing packages and making sure that only signed stuff comes to the user. Over time I've seen many holes in this: - packages that are just wrapper packages, download something from somewhere without doi

Re: Help (voodoo, really) needed [Re: failed i386 build of iceweasel 11.0~b1-2]

Bastian Blank, le Fri 17 Feb 2012 20:36:33 +0100, a écrit : > On Fri, Feb 17, 2012 at 07:07:40PM +0100, Samuel Thibault wrote: > > Bastian Blank, le Fri 17 Feb 2012 19:02:59 +0100, a écrit : > > > On Fri, Feb 17, 2012 at 06:59:51PM +0100, Samuel Thibault wrote: > > > > Bastian Blank, le Fri 17 Feb

Re: Multiarch file overlap summary and proposal

On Fri, Feb 17, 2012 at 19:53, Carsten Hey wrote: > * David Kalnischkies [2012-02-17 14:15 +0100]: >> You generously left out the paragraph describing how APT should >> detect that the package foo is in fact a library ... > > My impression was that you think very library centric.  All I wrote was

Re: Help (voodoo, really) needed [Re: failed i386 build of iceweasel 11.0~b1-2]

Ben Hutchings wrote: > 'Let the user choose' is almost as stupid an idea for drivers as it > is for health insurance. I.e. it is a good idea? > No-one wants to think about that, they just want their shit to work. I disagree. Choice is one of the strengths of free software. Regar

Bug#660272: ITP: sift -- predict if an amino acid substitution in a protein has phenotypic effect

Package: wnpp Severity: wishlist Owner: Laszlo Kajan * Package name: sift Version : 3.0 Upstream Author : Pauline Ng * URL : http://sift-dna.org/ * License : FHCRC NONCOMMERCIAL LICENSE Programm

Re: Help (voodoo, really) needed [Re: failed i386 build of iceweasel 11.0~b1-2]

On Fri, Feb 17, 2012 at 07:07:40PM +0100, Samuel Thibault wrote: > Bastian Blank, le Fri 17 Feb 2012 19:02:59 +0100, a écrit : > > On Fri, Feb 17, 2012 at 06:59:51PM +0100, Samuel Thibault wrote: > > > Bastian Blank, le Fri 17 Feb 2012 18:52:10 +0100, a écrit : > > > > I see this: > > > > | Provide

Re: Help (voodoo, really) needed [Re: failed i386 build of iceweasel 11.0~b1-2]

On Fri, Feb 17, 2012 at 07:41:03PM +0100, Mike Hommey wrote: > On Fri, Feb 17, 2012 at 06:08:59PM +, Ben Hutchings wrote: > > On Fri, Feb 17, 2012 at 07:00:32PM +0100, Mike Hommey wrote: > > > On Fri, Feb 17, 2012 at 06:40:28PM +0100, Samuel Thibault wrote: > > > > Mike Hommey, le Fri 17 Feb 20

Re: Multiarch file overlap summary and proposal

* David Kalnischkies [2012-02-17 17:20 +0100]: > Why would it be intuitive to add a specific value for the arch attribute with > apt-get install foo # arch |= native > but remove all values of the attribute with > apt-get remove foo# arch &= ~all-architectures > ? We had a similar discussion

Bug#660251: ITP: dh-lua -- helper script for building Lua package

Package: wnpp Severity: wishlist Owner: Enrico Tassi * Package name: dh-lua Version : 1 Upstream Author : Enrico Tassi * URL : svn+ssh://svn.debian.org/svn/pkg-lua/packages/dh-lua * License : MIT/X Programming Lang: make, shell Description : helper scri

Re: Multiarch file overlap summary and proposal

* David Kalnischkies [2012-02-17 14:15 +0100]: > You generously left out the paragraph describing how APT should > detect that the package foo is in fact a library ... My impression was that you think very library centric. All I wrote was (in other words), that we should consider non-library pack

Re: Help (voodoo, really) needed [Re: failed i386 build of iceweasel 11.0~b1-2]

On Fri, Feb 17, 2012 at 06:08:59PM +, Ben Hutchings wrote: > On Fri, Feb 17, 2012 at 07:00:32PM +0100, Mike Hommey wrote: > > On Fri, Feb 17, 2012 at 06:40:28PM +0100, Samuel Thibault wrote: > > > Mike Hommey, le Fri 17 Feb 2012 18:36:56 +0100, a écrit : > > > > On Fri, Feb 17, 2012 at 06:23:00

Re: Help (voodoo, really) needed [Re: failed i386 build of iceweasel 11.0~b1-2]

On Fri, Feb 17, 2012 at 07:12:10PM +0100, Samuel Thibault wrote: > Ben Hutchings, le Fri 17 Feb 2012 18:08:59 +, a écrit : > > Getting back to OSS, it should not be built for Linux at all as Linux > > already has perfectly good sound drivers. > > See the ITP > > http://bugs.debian.org/cgi-bin

Bug#660250: ITP: libnetdot-client-rest-perl -- RESTful API for Netdot

Package: wnpp Severity: wishlist Owner: Carlos Vicente * Package name: libnetdot-client-rest-perl Version : 1.02 Upstream Author : Carlos Vicente * URL : http://search.cpan.org/dist/Netdot-Client-REST/ * License : Artistic or GPL-1+ Programming Lang: Perl

Re: Help (voodoo, really) needed [Re: failed i386 build of iceweasel 11.0~b1-2]

Ben Hutchings, le Fri 17 Feb 2012 18:08:59 +, a écrit : > Getting back to OSS, it should not be built for Linux at all as Linux > already has perfectly good sound drivers. See the ITP http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=483856 “Many developers claim that OSS4 is now far supperio

Re: Help (voodoo, really) needed [Re: failed i386 build of iceweasel 11.0~b1-2]

On Fri, Feb 17, 2012 at 07:00:32PM +0100, Mike Hommey wrote: > On Fri, Feb 17, 2012 at 06:40:28PM +0100, Samuel Thibault wrote: > > Mike Hommey, le Fri 17 Feb 2012 18:36:56 +0100, a écrit : > > > On Fri, Feb 17, 2012 at 06:23:00PM +0100, Samuel Thibault wrote: > > > > Mike Hommey, le Fri 17 Feb 201

Re: Help (voodoo, really) needed [Re: failed i386 build of iceweasel 11.0~b1-2]

Bastian Blank, le Fri 17 Feb 2012 19:02:59 +0100, a écrit : > On Fri, Feb 17, 2012 at 06:59:51PM +0100, Samuel Thibault wrote: > > Bastian Blank, le Fri 17 Feb 2012 18:52:10 +0100, a écrit : > > > I see this: > > > | Provides: libasound2-dev, liboss-salsa-dev > > These, that's expected. > > No, th

Re: Help (voodoo, really) needed [Re: failed i386 build of iceweasel 11.0~b1-2]

Mike Hommey, le Fri 17 Feb 2012 19:00:32 +0100, a écrit : > > It *is* compatible. With an older version of the API, which used void > > there. > > So, it's compatible with an API that is older than Alsa v1.0.10rc1, > released 7 years ago. What is surprising, however, is that Alsa didn't > change

Re: Help (voodoo, really) needed [Re: failed i386 build of iceweasel 11.0~b1-2]

On Fri, Feb 17, 2012 at 06:59:51PM +0100, Samuel Thibault wrote: > Bastian Blank, le Fri 17 Feb 2012 18:52:10 +0100, a écrit : > > I see this: > > | Provides: libasound2-dev, liboss-salsa-dev > These, that's expected. No, this is not expected. libasound2-dev is a real package. > > So liboss4-sals

Re: Help (voodoo, really) needed [Re: failed i386 build of iceweasel 11.0~b1-2]

On Fri, Feb 17, 2012 at 06:40:28PM +0100, Samuel Thibault wrote: > Mike Hommey, le Fri 17 Feb 2012 18:36:56 +0100, a écrit : > > On Fri, Feb 17, 2012 at 06:23:00PM +0100, Samuel Thibault wrote: > > > Mike Hommey, le Fri 17 Feb 2012 18:09:37 +0100, a écrit : > > > > > sydney_audio_alsa.c:504:5: erro

Re: Help (voodoo, really) needed [Re: failed i386 build of iceweasel 11.0~b1-2]

Bastian Blank, le Fri 17 Feb 2012 18:52:10 +0100, a écrit : > On Fri, Feb 17, 2012 at 06:23:00PM +0100, Samuel Thibault wrote: > > Mike Hommey, le Fri 17 Feb 2012 18:09:37 +0100, a écrit : > > > > sydney_audio_alsa.c:504:5: error: void value not ignored as it ought to > > > > be > > > Would anyone

Re: Help (voodoo, really) needed [Re: failed i386 build of iceweasel 11.0~b1-2]

On Fri, Feb 17, 2012 at 06:23:00PM +0100, Samuel Thibault wrote: > Mike Hommey, le Fri 17 Feb 2012 18:09:37 +0100, a écrit : > > > sydney_audio_alsa.c:504:5: error: void value not ignored as it ought to be > > Would anyone have a clue as to what the hell is happening? > Unpacking liboss4-salsa-dev

Re: Help (voodoo, really) needed [Re: failed i386 build of iceweasel 11.0~b1-2]

Mike Hommey, le Fri 17 Feb 2012 18:36:56 +0100, a écrit : > On Fri, Feb 17, 2012 at 06:23:00PM +0100, Samuel Thibault wrote: > > Mike Hommey, le Fri 17 Feb 2012 18:09:37 +0100, a écrit : > > > > sydney_audio_alsa.c:504:5: error: void value not ignored as it ought to > > > > be > > > > > > Would a

Re: Help (voodoo, really) needed [Re: failed i386 build of iceweasel 11.0~b1-2]

On Fri, Feb 17, 2012 at 06:23:00PM +0100, Samuel Thibault wrote: > Mike Hommey, le Fri 17 Feb 2012 18:09:37 +0100, a écrit : > > > sydney_audio_alsa.c:504:5: error: void value not ignored as it ought to be > > > > Would anyone have a clue as to what the hell is happening? > > Unpacking liboss4-sa

Re: Help (voodoo, really) needed [Re: failed i386 build of iceweasel 11.0~b1-2]

Mike Hommey, le Fri 17 Feb 2012 18:09:37 +0100, a écrit : > > sydney_audio_alsa.c:504:5: error: void value not ignored as it ought to be > > Would anyone have a clue as to what the hell is happening? Unpacking liboss4-salsa-dev (from .../liboss4-salsa-dev_4.2-build2005-2_armel.deb) ... Selecting

Re: Multiarch file overlap summary and proposal

Jonathan Nieder wrote: > David Kalnischkies wrote: >> Why would it be intuitive to add a specific value for the arch attribute with >> apt-get install foo # arch |= native >> but remove all values of the attribute with >> apt-get remove foo# arch &= ~all-architectures >> ? [...] > But I real

Help (voodoo, really) needed [Re: failed i386 build of iceweasel 11.0~b1-2]

On Mon, Feb 06, 2012 at 07:14:59PM +0100, Kurt Roeckx wrote: > On Mon, Feb 06, 2012 at 09:25:19AM +0100, Mike Hommey wrote: > > On Mon, Feb 06, 2012 at 05:16:16AM +0100, Kurt Roeckx wrote: > > > On Sun, Feb 05, 2012 at 05:09:13PM +0100, Mike Hommey wrote: > > > > Hi, > > > > > > > > This build err

Re: Multiarch file overlap summary and proposal

David Kalnischkies wrote: > Why would it be intuitive to add a specific value for the arch attribute with > apt-get install foo # arch |= native > but remove all values of the attribute with > apt-get remove foo# arch &= ~all-architectures > ? > > Isn't it more intuitive to have it this way:

Re: Multiarch file overlap summary and proposal

On Fri, Feb 17, 2012 at 15:46, Jonathan Nieder wrote: > David Kalnischkies wrote: > >> You generously left out the paragraph describing how APT should >> detect that the package foo is in fact a library and not, say, a >> plugin, a dev-package, a dbg-package or a future-coinstallable binary. >> An

Re: Multiarch file overlap summary and proposal

David Kalnischkies wrote: > You generously left out the paragraph describing how APT should > detect that the package foo is in fact a library and not, say, a > plugin, a dev-package, a dbg-package or a future-coinstallable binary. > And the foo:* default would be okay and intuitive for all of tho

Re: Multiarch file overlap summary and proposal

On Thu, Feb 16, 2012 at 23:10, Carsten Hey wrote: > * David Kalnischkies [2012-02-16 03:59 +0100]: >> On Thu, Feb 16, 2012 at 00:39, Russ Allbery wrote: >> >>>   it needs to find and remove foo:* > > foo:all (or foo:any) instead of foo:* would save the need to quote it. :all is already an archit

Bug#660218: ITP: bookletimposer -- PDF imposition toolkit

Package: wnpp Owner: intrig...@debian.org Severity: wishlist * Package name: bookletimposer Version : 0.1 Upstream Author : Kjö Hansi Glaz * URL or Web page : http://kjo.herbesfolles.org/bookletimposer/ * License : GPL-3+ Description : PDF imposition toolkit pdfimp

Re: Source package names for R libraries (and Perl, Python, Java, …).

[Paul Wise, 2012-02-17] > On Thu, Feb 16, 2012 at 7:59 PM, Piotr Ożarowski wrote: > > Please don't. There are developers (like me) who prefer source package > > names to be as close as possible to upstream's name. > > As a pedantic/info level warning, you are of course free to ignore it. True. It

Re: Multiarch file overlap summary and proposal

Carsten Hey writes: > * Russ Allbery [2012-02-16 14:55 -0800]: >> Every file that differs has to be fixed in the current multi-arch plan. >> Documentation that contains its build date is going to need to be split >> out into a separate -docs package. > I doubt that ftpmaster would be happy about

Re: Multiarch file overlap summary and proposal

* Russ Allbery [2012-02-16 14:55 -0800]: > Carsten Hey writes: > > There are still files that differ that do not need to be fixed, for > > example documentation that contains it's build date. > > Every file that differs has to be fixed in the current multi-arch plan. > Documentation that contains