Re: First autoremovals happen in about 8 days

[Paul Wise]

On Wed, Oct 16, 2013 at 1:51 AM, Svante Signell wrote:

> Hi, is it possible to adopt this package?

The package is not orphaned yet, so that will have to happen first:

http://www.debian.org/doc/manuals/developers-reference/pkgs.html#orphaning

When it is orphaned you can adopt it:

http://www.debian.org/doc/manuals/developers-reference/pkgs.html#adopting

> Since I'm not DM yet, I will need a sponsor for uploading later on

http://mentors.debian.net/intro-maintainers

-- 
bye,
pabs

http://wiki.debian.org/PaulWise


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/caktje6g8karfktcbthpetde2xlt8kxzxvpf0dbifstvcscj...@mail.gmail.com

Bug#726461: ITP: golang-thrift -- Go library for linking against Thrift clients

[Tonnerre LOMBARD]

Package: wnpp
Severity: wishlist
Owner: Tonnerre LOMBARD 

* Package name: golang-thrift
  Version : 0.0~git20121118
  Upstream Author : Aalok Shah 
* URL : https://github.com/pomack/thrift4go/
* License : Apache-2.0
  Programming Lang: Go
  Description : Go library for linking against Thrift clients


This package contains the library required for developing thrift
clients in the Go programming language. It contains the part of the
Thrift bindings which are always built and which are not interface
depdendent.


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/20131016001726.16671.18986.report...@phileas.roam.internetputzen.com

Re: Architectures EM64T(R) , x86-64 , ia32 , IA64 , Intel(R)64 , x86 , amd64 , amd32 , Mach64

[Neil Williams]

On Tue, 15 Oct 2013 20:56:12 +
Vadim L  wrote:

> Which packages should install for Architectures EM64T® , x86-64 ,
> ia32 , IA64 , Intel®64 , x86 , amd64 , amd32 , Mach64 ?...
> Is this architectures needs quotes ?
> 
> Tnks!!!


http://en.wikipedia.org/wiki/X86-64


-- 


Neil Williams
=
http://www.linux.codehelp.co.uk/



signature.asc
Description: PGP signature

Bug#726456: ITP: php-font-lib -- read, parse, export and make subsets of different types of font files

[David Prévot]

Package: wnpp
Severity: wishlist
Owner: David Prévot 
Control: blocks 567928 by -1
Control: blocks 718585 by 567928
Control: blocks 726167 by 567928
Control: affects -1 owncloud

* Package name: php-font-lib
  Version : 0.2.1
  Upstream Author : Fabien Ménager 
* URL : https://github.com/PhenX/php-font-lib
* License : LGPL-2.1+
  Programming Lang: PHP
  Description : read, parse, export and make subsets of different fonts

 This library can be used to:
  * Read TrueType, OpenType (with TrueType glyphs), WOFF font files
  * Extract basic info (name, style, etc)
  * Extract advanced info (horizontal metrics, glyph names, glyph
shapes, etc.)
  * Make an Adobe Font Metrics (AFM) file from a font


This library is used by the soon to come php-dompdf package, that is
used by the requested phpdocx and php-excel packages, that will be used
by the upcoming version 6 of owncloud.

Regards

David

P.-S.: Some RFP have been recently filled for the upcoming version 6 of
owncloud. They are tagged as affecting owncloud, and are thus displayed
on  (in
case you feel bored or are willing to help a little bit ;).


signature.asc
Description: Digital signature

Architectures EM64T(R) , x86-64 , ia32 , IA64 , Intel(R)64 , x86 , amd64 , amd32 , Mach64

[Vadim L]

Which packages should install for Architectures EM64T® , x86-64 , ia32 ,
IA64 , Intel®64 , x86 , amd64 , amd32 , Mach64 ?...
Is this architectures needs quotes ?

Tnks!!!

Re: how do deal with versionless mercurial software ?

[Jerome BENOIT]

Thanks !

On 15/10/13 22:32, Benjamin Drung wrote:
> On Fr, 2013-10-04 at 13:40 +0200, Dominik George wrote:
>> Vincent Lefevre  schrieb:
>>> Then, do you mean that VCS hashes are sortable?
>>
>> Of course not. One would have to do something like 0~MMDDnn
>> +git in that rare case.
>>
>> My argument for keeping the VCS hash is to ease identifying the code
>> in the package.
> 
> You could put the VCS hash as text in the changelog entry, e.g. "New
> upstream snapshot (git commit )." and just use the date as Debian
> version (0~MMDD or 0.MMDD). In case you need to release two
> upstream snapshots on the same date, you can append .2 (0~MMDD.2).
> 

I finally asked to the upstream maintainer if he could add a version string 
suffix to
his source tarball name: he did, no more tricks and everything is fine now.

Anyway, thanks a lot for all the hints and replies.

Best wishes,
Jerome


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/525daf6b.5050...@rezozer.net

Re: how do deal with versionless mercurial software ?

[Benjamin Drung]

On Fr, 2013-10-04 at 13:40 +0200, Dominik George wrote:
> Vincent Lefevre  schrieb:
> >Then, do you mean that VCS hashes are sortable?
> 
> Of course not. One would have to do something like 0~MMDDnn
> +git in that rare case.
> 
> My argument for keeping the VCS hash is to ease identifying the code
> in the package.

You could put the VCS hash as text in the changelog entry, e.g. "New
upstream snapshot (git commit )." and just use the date as Debian
version (0~MMDD or 0.MMDD). In case you need to release two
upstream snapshots on the same date, you can append .2 (0~MMDD.2).

-- 
Benjamin Drung
Debian & Ubuntu Developer


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/1381869150.2681.3.camel@erde

Re: mips64el port build failed list

[Bernd Zeimetz]

hi!

On 10/15/2013 03:59 PM, YunQiang Su wrote:
>>> The buildlog of these packages can be found in
>>>  http://vip.moonux.org/attempted/


Looking at one of my pet packages (gpsd):

dpkg-checkbuilddeps: Unmet build dependencies: pps-tools (>=
0.20120406+g0deb9c7e-2~)

but I don't see that building pps-tools failed, at least its not in the list. Am
I missing something or is there just something confused about the right order to
build packages?


Cheers,

Bernd


-- 
 Bernd ZeimetzDebian GNU/Linux Developer
 http://bzed.dehttp://www.debian.org
 GPG Fingerprint: ECA1 E3F2 8E11 2432 D485  DD95 EB36 171A 6FF9 435F


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/525d912b.30...@bzed.de

Re: mips64el port build failed list

[Javier Vasquez]

On Tue, Oct 15, 2013 at 11:06 AM, Aron Xu  wrote:
> On Wed, Oct 16, 2013 at 12:06 AM, Javier Vasquez
>  wrote:
>> On Tue, Oct 15, 2013 at 5:33 AM, YunQiang Su  wrote:
>>> We are working on the port of mips64el, and the progress is quite good.
>>
>> Are they compiled with "n64" abi, or with "n32" abi?  The arch name is
>> confusing at times.
>>
>> Thanks,
>>
>> Javier.
>>
>
> They are compiled with the n64 abi, using mips64r2 instruction set
> currently. The instruction set may be changed later (rebuild) before
> introducing it to debian-ports.org as mips64r2 is a quite "new"
> instruction to many hardware that is 64bit capable but only supports
> mips3.
>
> Regards,
> Aron Xu


Perfect for loongson-3A, and according to [1], also perfect for XLP832
and Octeon 6330, and moving forward, for future loongson CPUs and
other Hw I'd guess.  This is what I was looking for.

Thanks,

-- 
Javier.


[1]  http://lists.freebsd.org/pipermail/freebsd-mips/2012-July/002146.html


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/CALUrRGeu5_0tG5Ydr8kskGJuhTh3qLf44=AH_xzA=jxvxcc...@mail.gmail.com

Re: First autoremovals happen in about 8 days

[Svante Signell]

On Tue, 2013-10-15 at 17:34 +0100, Kevin Chadwick wrote:
> >xxxterm: bugs 718074, flagged for removal in 8.3 days
> 
> I use debian offline so it is of no consequence to me however I
> just wanted to say.
> 
> xxxterm (now xombrero) is by far my favourite browser and rediculously
> faster than any other browser whilst still being highly useful and with
> better whitelisting control (javascript, cookies) by default too. Not a
> user interface for everyone in being primarily keyboard based but
> highly functional.
> 
> In fact where firefox is almost useless on an old thinkpad, xombrero
> is quite snappy.

Hi, is it possible to adopt this package? Since I'm not DM yet, I will
need a sponsor for uploading later on, when the latest release of
xombrero is packaged.


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/1381859486.3860.51.ca...@g3620.my.own.domain

Bug#726393: Info received (Bug#726393: general: Possible malware infections in source packages)

[Scott Kitterman]

Scott Kitterman  wrote:
>Boots fine if the image is not persistent. 

Sorry. Wrong bug.


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/2fe29cdf-969b-4298-ae9f-8a986f6d0...@email.android.com

Bug#726393: Info received (Bug#726393: general: Possible malware infections in source packages)

[Scott Kitterman]

Boots fine if the image is not persistent. 


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/0c081e4b-992d-4c1e-8eb4-6b3884e5b...@email.android.com

Bug#726432: ITP: libjdom2-java -- Java API for accessing, manipulating and outputting XML data

[Emmanuel Bourg]

Package: wnpp
Severity: wishlist
Owner: Emmanuel Bourg 

* Package name: libjdom2-java
  Version : 2.0.5
  Upstream Author : Jason Hunter, Rolf Lear
* URL : http://www.jdom.org
* License : BSD
  Programming Lang: Java
  Description : Java API for accessing, manipulating and outputting
XML data

JDOM provides a solution for using XML from Java that is as simple as
Java itself.

There is no compelling reason for a Java API to manipulate XML to be
complex, tricky, unintuitive, or a pain in the neck. JDOM is both
Java-centric and Java-optimized. It behaves like Java, it uses Java
collections, it is completely natural API for current Java developers,
and it provides a low-cost entry point for using XML.

While JDOM interoperates well with existing standards such as the Simple
API for XML (SAX) and the Document Object Model (DOM), it is not an
abstraction layer or enhancement to those APIs. Rather, it provides a
robust, light-weight means of reading and writing XML data without the
complex and memory-consumptive options that current API offerings provide.

This package is a spin-off of libjdom1-java. The new 2.0 API is not
compatible with the previous one and requires a new package.


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/525d7bfc.4020...@apache.org

Re: mips64el port build failed list

[Aron Xu]

On Wed, Oct 16, 2013 at 12:06 AM, Javier Vasquez
 wrote:
> On Tue, Oct 15, 2013 at 5:33 AM, YunQiang Su  wrote:
>> We are working on the port of mips64el, and the progress is quite good.
>
> Are they compiled with "n64" abi, or with "n32" abi?  The arch name is
> confusing at times.
>
> Thanks,
>
> Javier.
>

They are compiled with the n64 abi, using mips64r2 instruction set
currently. The instruction set may be changed later (rebuild) before
introducing it to debian-ports.org as mips64r2 is a quite "new"
instruction to many hardware that is 64bit capable but only supports
mips3.

Regards,
Aron Xu


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/CAMr=8w4dnrtgru2aa6zhhsr3xw4m_8lme7wxjkxug-e9c8x...@mail.gmail.com

Re: First autoremovals happen in about 8 days

[Kevin Chadwick]

>xxxterm: bugs 718074, flagged for removal in 8.3 days

I use debian offline so it is of no consequence to me however I
just wanted to say.

xxxterm (now xombrero) is by far my favourite browser and rediculously
faster than any other browser whilst still being highly useful and with
better whitelisting control (javascript, cookies) by default too. Not a
user interface for everyone in being primarily keyboard based but
highly functional.

In fact where firefox is almost useless on an old thinkpad, xombrero
is quite snappy.

-- 
___

'Write programs that do one thing and do it well. Write programs to work
together. Write programs to handle text streams, because that is a
universal interface'

(Doug McIlroy)

In Other Words - Don't design like polkit or systemd
___


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/380101.59925...@smtp145.mail.ir2.yahoo.com

Re: mips64el port build failed list

[Javier Vasquez]

On Tue, Oct 15, 2013 at 5:33 AM, YunQiang Su  wrote:
> We are working on the port of mips64el, and the progress is quite good.

Are they compiled with "n64" abi, or with "n32" abi?  The arch name is
confusing at times.

Thanks,

Javier.


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/calurrgftjy-jajv8iyuqaesrrgohusw4za3bhalfq1i0hyq...@mail.gmail.com

Bug#726419: ITP: python-braintree -- Braintree Python library

[Alessio Treglia]

Package: wnpp
Severity: wishlist
Owner: Alessio Treglia 

* Package name: python-braintree
  Version : 2.23.0
  Upstream Author : Braintree Payment Solutions
* URL : https://www.braintreepayments.com/docs/python
* License : MIT
  Programming Lang: Python
  Description : Braintree Python library

 The Braintree library provides integration access to the Braintree
 Gateway. This module enables a web application to accept payment
 through such commercial, full-stack payments platform.


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/20131015155001.26789.75219.reportbug@glowworm-ThinkPad-L430

Bug#726415: ITP: libdata-hal-perl -- module implementing the Hypertext Application Language data format

[Lars Dɪᴇᴄᴋᴏᴡ 迪拉斯]

Package: wnpp
Owner: Lars Dɪᴇᴄᴋᴏᴡ 迪拉斯 (CPAN/PAUSE) 
Severity: wishlist
X-Debbugs-CC: debian-devel@lists.debian.org,debian-p...@lists.debian.org

* Package name: libdata-hal-perl
  Version : 1.000
  Upstream Author : Lars Dɪᴇᴄᴋᴏᴡ 
* URL : https://metacpan.org/release/Data-HAL
* License : Artistic or GPL-1+
  Programming Lang: Perl
  Description : module implementing the Hypertext Application
  Language data format

HAL is a format you can use in your hypermedia API.




signature.asc
Description: PGP signature

Bug#726414: ITP: libfailures-perl -- minimalist exception hierarchy generator

[Lars Dɪᴇᴄᴋᴏᴡ 迪拉斯]

Package: wnpp
Owner: Lars Dɪᴇᴄᴋᴏᴡ 迪拉斯 (CPAN/PAUSE) 
Severity: wishlist
X-Debbugs-CC: debian-devel@lists.debian.org,debian-p...@lists.debian.org

* Package name: libfailures-perl
  Version : 0.002
  Upstream Author : David Golden 
* URL : https://metacpan.org/release/failures
* License : Apache-2.0
  Programming Lang: Perl
  Description : minimalist exception hierarchy generator

This module lets you define an exception hierarchy quickly and simply.

Here were my design goals:

 • minimalist interface
 • 80% of features in 20% of lines of code
 • depend only on core modules (nearly achieved)
 • support hierarchical error types
 • identify errors types by name (class) not by parsing strings
 • leave (possibly expensive) trace decisions to the thrower




signature.asc
Description: PGP signature

Re: Bug#726393: general: Possible malware infections in source packages

[Thorsten Glaser]

Jarkko Palviainen  f-secure.com> writes:

> I looked into one of these, libmail-deliverystatus-bounceparser-
> perl_1.531.orig.tar.gz, and found multipart email file containing zip
> attachment. Inside this archive is a .pif file (PE32 executable for MS
Windows)
> which is detected as Win32.Worm.Mytob.EF.
> 
> This doesn't look like a false positive.

And yet, it’s totally legit: the file in question is an eMail archive
of a mail containing such virus for other platform, in order to test
against it so that the Perl script in question doesn’t exhibit any
bugs wrt. that.

> I hope that the source packages would
> be sanitized from any actual malware samples.

It’s not Malware if you’re running Debian.

bye,
//mirabilos


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/loom.20131015t172545-...@post.gmane.org

Bug#726412: ITP: liblog-any-adapter-filehandle-perl -- basic Log::Any::Adapter to forward messages to a filehandle

[Lars Dɪᴇᴄᴋᴏᴡ 迪拉斯]

Package: wnpp
Owner: Lars Dɪᴇᴄᴋᴏᴡ 迪拉斯 (CPAN/PAUSE) 
Severity: wishlist
X-Debbugs-CC: debian-devel@lists.debian.org,debian-p...@lists.debian.org

* Package name: liblog-any-adapter-filehandle-perl
  Version : 0.008
  Upstream Author : Jason Rodrigues 
* URL :
  https://metacpan.org/release/Log-Any-Adapter-FileHandle
* License : Artistic or GPL-1+
  Programming Lang: Perl
  Description : basic Log::Any::Adapter to forward messages to a
  filehandle

Log::Any::Adapter::FileHandle is a basic adapter that will simply
forward log messages to a filehandle, or any object that supports a
'print' method (IO::String, IO::Socket::INET, Plack's
$env->{psgi.errors} object, etc).

I've created it so that my scripts running under daemontools or runit
can output messages to locally defined logs. It does not timestamp
messages, that responsibility is delegated to the external log capture
mechanism.




signature.asc
Description: PGP signature

Re: mips64el port build failed list

[Paul Wise]

On Tue, Oct 15, 2013 at 7:33 PM, YunQiang Su wrote:

> We are working on the port of mips64el, and the progress is quite good.

Please add that to debian-ports.org so that maintainers can find
failed build logs linked from the PTS and work on fixing the issues.
Until you are able to add mips64el to debian-ports.org, please at
least provide the output of the dd-list command so that pro-active
maintainers can fix issues early. Do you have a machine that
maintainers can access to port their packages to mips64el?

Please add your architecture characteristics here:

https://wiki.debian.org/ArchitectureSpecificsMemo

-- 
bye,
pabs

http://wiki.debian.org/PaulWise


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/caktje6hunru4ce1mwhl9aondncpnwkqmkouup233xtyuakk...@mail.gmail.com

Re: First autoremovals happen in about 8 days

[Andreas Tille]

Hi,

On Tue, Oct 15, 2013 at 03:53:35PM +0200, Niels Thykier wrote:
> >>gwyddion: bugs 713565, flagged for removal in 8.3 days
> > 
> > Hmmm, that's really strange.  The bug report was closed
> > 
> >Sat, 29 Jun 2013 13:07:42 +0200
> > 
> > Seems something is wrong with the script.
> > 
> 
> I am more inclined to believe that you experienced one of the quirks of
> the Debian BTS.  According to the BTS, it is:
> 
> """
> Fixed in version src:gwyddion/2.28-2
> """
> 
> In the bottom of the bug log you will find:
> 
> """
> No longer marked as found in versions gwyddion/2.28-2
> """
> 
> meaning that the bug was (or, rather, used to be) marked as "fixed" in
> the same version as it was "found".  The BTS handles this by *silently
> ignoring the fixed version* and thus concluding the bug is still in
> 2.28-2.  It then hands that off to Britney and the auto-removal script,
> which will consider 2.28-2 as buggy as well.

Ahhh, I was missing this somehow.  I rebuilded the current package
2.32-2 in testing and unstable without any problem and thus closed
the bug (now hopefully for all versions).

> > rendering the BTS page.  While the first bug (#709190) is mentioned
> > the second one (#713284) is missing on the BTS page:
> > 
> >http://bugs.debian.org/cgi-bin/pkgreport.cgi?src=r-other-mott-happy
> > 
> > Any explanation for this?
> > 
> 
> Well, they are merged into each other and thus the BTS decided only to
> show one of them in the bug page.  However, both bugs appear when you
> reference then directly via [1] and [2].

Hmm, OK, I have noticed the merge.  However, the BTS behaviour seems to
be new to me.  But thinking about it it is reasonable.

Thanks for all your release team work

 Andreas.

-- 
http://fam-tille.de


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20131015144308.go23...@an3as.eu

Bug#726393: general: Possible malware infections in source packages

[Adam D. Barratt]

On 2013-10-15 11:54, Dominik George wrote:
[Jarkko Palviainen; attribution lost in quoted mail]

http://ftp.fi.debian.org/[...]


If you suspect an issue with the Debian archive, please test against
ftp.debian.org.


That's not particularly great advice. ftp.debian.org is just another 
mirror[tm]; see the "where to mirror from" section of 
http://www.debian.org/mirror/ftpmirror


Regards,

Adam


--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/d97887fdf723e27757a7885d369c9...@mail.adsl.funky-badger.org

Re: mips64el port build failed list

[YunQiang Su]

On Tue, Oct 15, 2013 at 9:53 PM, Adam D. Barratt
 wrote:
> On 2013-10-15 12:33, YunQiang Su wrote:
>>
>> http://192.168.252.248/attempted/0_attempted.txt
sorry for me, it should be
http://vip.moonux.org/attempted/0_attempted.txt
>> is the list of packages which have tried to build while failed,
>> which is so called attempted in sbuild.
>
>
> That's a private IP address, so not that helpful to others. :-) There is a
> file named "0_attempted.txt" at the other URL you mentioned:
>
>
>> The buildlog of these packages can be found in
>>  http://vip.moonux.org/attempted/
>
>
> Regards,
>
> Adam
>
>
> --
> To UNSUBSCRIBE, email to debian-mips-requ...@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmas...@lists.debian.org
> Archive:
> http://lists.debian.org/b86d78c29951c167d169655a0b898...@mail.adsl.funky-badger.org
>



-- 
YunQiang Su


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/cakcpw6wyph7smcdzmvchy6xvzal2qnrnzvowibmu8ninyfn...@mail.gmail.com

Re: First autoremovals happen in about 8 days

[Niels Thykier]

On 2013-10-15 15:35, Andreas Tille wrote:
> Hi Niels,
> 
> [sorry for the late reply I was on vac]
> 

Hi,

No worries.

> On Sun, Oct 06, 2013 at 09:52:17AM +0200, Niels Thykier wrote:
>>
>> Andreas Tille 
>>gdpc: bugs 713652, flagged for removal in 8.3 days
> 
> Fixed.
> 

Thank you,

>>gwyddion: bugs 713565, flagged for removal in 8.3 days
> 
> Hmmm, that's really strange.  The bug report was closed
> 
>Sat, 29 Jun 2013 13:07:42 +0200
> 
> Seems something is wrong with the script.
> 

I am more inclined to believe that you experienced one of the quirks of
the Debian BTS.  According to the BTS, it is:

"""
Fixed in version src:gwyddion/2.28-2
"""

In the bottom of the bug log you will find:

"""
No longer marked as found in versions gwyddion/2.28-2
"""

meaning that the bug was (or, rather, used to be) marked as "fixed" in
the same version as it was "found".  The BTS handles this by *silently
ignoring the fixed version* and thus concluding the bug is still in
2.28-2.  It then hands that off to Britney and the auto-removal script,
which will consider 2.28-2 as buggy as well.

>>praat: bugs 713597, flagged for removal in 8.3 days
> 
> We'll care about this in Debian Med team.
> 

\o/

>>r-other-mott-happy: bugs 709190,713284, flagged for removal in 8.3 days
> 
> Besides the fact that this package should actually removed from testing
> (perhaps even from Debian - the actual Uploader in our team should take
> action about this) I noticed that something seems to be wrong in
> rendering the BTS page.  While the first bug (#709190) is mentioned
> the second one (#713284) is missing on the BTS page:
> 
>http://bugs.debian.org/cgi-bin/pkgreport.cgi?src=r-other-mott-happy
> 
> Any explanation for this?
> 

Well, they are merged into each other and thus the BTS decided only to
show one of them in the bug page.  However, both bugs appear when you
reference then directly via [1] and [2].

> Kind regards
> 
>   Andreas.
> 


~Niels

[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=713284

[2] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=709190



-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/525d48df.3060...@thykier.net

Re: mips64el port build failed list

[Adam D. Barratt]

On 2013-10-15 12:33, YunQiang Su wrote:

http://192.168.252.248/attempted/0_attempted.txt
is the list of packages which have tried to build while failed,
which is so called attempted in sbuild.


That's a private IP address, so not that helpful to others. :-) There 
is a file named "0_attempted.txt" at the other URL you mentioned:



The buildlog of these packages can be found in
 http://vip.moonux.org/attempted/


Regards,

Adam


--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/b86d78c29951c167d169655a0b898...@mail.adsl.funky-badger.org

Re: First autoremovals happen in about 8 days

[Andreas Tille]

Hi Niels,

[sorry for the late reply I was on vac]

On Sun, Oct 06, 2013 at 09:52:17AM +0200, Niels Thykier wrote:
> 
> Andreas Tille 
>gdpc: bugs 713652, flagged for removal in 8.3 days

Fixed.

>gwyddion: bugs 713565, flagged for removal in 8.3 days

Hmmm, that's really strange.  The bug report was closed

   Sat, 29 Jun 2013 13:07:42 +0200

Seems something is wrong with the script.

>praat: bugs 713597, flagged for removal in 8.3 days

We'll care about this in Debian Med team.

>r-other-mott-happy: bugs 709190,713284, flagged for removal in 8.3 days

Besides the fact that this package should actually removed from testing
(perhaps even from Debian - the actual Uploader in our team should take
action about this) I noticed that something seems to be wrong in
rendering the BTS page.  While the first bug (#709190) is mentioned
the second one (#713284) is missing on the BTS page:

   http://bugs.debian.org/cgi-bin/pkgreport.cgi?src=r-other-mott-happy

Any explanation for this?

Kind regards

  Andreas.

-- 
http://fam-tille.de


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20131015133558.gi23...@an3as.eu

Bug#726405: ITP: libmateweather -- MateWeather shared library

[Vangelis Mouhtsis]

Package: wnpp
Severity: wishlist
Owner: Vangelis Mouhtsis 

* Package name: libmateweather
  Version : 1.6.1
  Upstream Author : Stefano Karapetsas 
* URL : http://mate-desktop.org
* License : LGPL
  Programming Lang: C
  Description : MateWeather shared library

  libmateweather is a library to access weather information from online
  services for numerous locations.
  .
  MATE is an intuitive and attractive desktop environment. MATE began
  as a fork of GNOME 2.


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20131015132458.4986.4177.report...@server.lan

Bug#726393: general: Possible malware infections in source packages

[Jarkko Palviainen]

On 10/15/2013 03:09 PM, Dominique Dumont wrote:

On Tuesday 15 October 2013 13:19:38 Thijs Kinkhorst wrote:

It isn't a false positive in that regard that the package *does* in fact
contain the virus sample. However, it *is* a false positive, as the
sample is there intentionally, and no virus scanner can guess the reason
why it is there. It does no harm in the location where it is, it will
not spread, so is it in fact a virus? No, it isn't.


I'm missing why the package cannot use the EICAR test virus signature for
its purposes.


In libmail-deliverystatus-bounceparser-perl case, the virus is used on the
non-regressions test which are shipped in the original tarball (and in Debian
*source* package). This virus is *not* shipped in Debian binary package.

HTH



OK, you have already closed the ticket. I was expecting to find a 
general policy of "maintainers should not allow malware from upstream" 
but apparently this not desired or the discussion belongs to somewhere else.


It doesn't really matter what is the intention; you are still allowing 
spreading malware and potentially infecting users as they are publicly 
accessible. Just fetching the source package will give you this nice 
surprise.


In most cases, samples can be replaced with EICAR or equivalent to 
trigger the expected result, or tested with unit tests and proper mocking.



--
Jarkko Palviainen
Software Engineer, Linux Team
F-Secure Corporation


--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/525d3ab6.4050...@f-secure.com

Re: Bug#726393: general: Possible malware infections in source packages

[Thijs Kinkhorst]

On Tue, October 15, 2013 14:09, Dominique Dumont wrote:
> In libmail-deliverystatus-bounceparser-perl case, the virus is used on the
> non-regressions test which are shipped in the original tarball (and in
> Debian *source* package). This virus is *not* shipped in Debian binary
> package.

I'm still not sure why the virus contained in the source could not be
replaced by the EICAR test signature.

Setting off false positive alarms masks true positives so should be
avoided as much as possible.

The EICAR test signature exists exactly for the purpose of tests. I would
consider any other virus sample shipped by Debian, beit source or binary,
a bug and I invite Jarkko to report them as such against the respective
packages, so they can be solved in coordination with their upstreams.


Cheers,
Thijs


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/feddfe6413aac40df1f273906a8e30a2.squir...@aphrodite.kinkhorst.nl

Bug#726393: marked as done (general: Possible malware infections in source packages)

[Debian Bug Tracking System]

Your message dated Tue, 15 Oct 2013 14:12:48 +0200
with message-id <201310151412.51775.hol...@layer-acht.org>
and subject line Re: Bug#726393: general: Possible malware infections in source 
packages
has caused the Debian Bug report #726393,
regarding general: Possible malware infections in source packages
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
726393: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=726393
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: general
Severity: normal

Some of the source packages were caught on a gateway anti-virus scanner while
downloading.

These are the exact downloads:

http://ftp.fi.debian.org/debian/pool/main/libm/libmime-explode-perl/libmime-
explode-perl_0.39.orig.tar.gz
http://ftp.fi.debian.org/debian/pool/main/p/pymilter/pymilter_0.9.5.orig.tar.gz
http://ftp.fi.debian.org/debian/pool/main/libm/libmail-deliverystatus-
bounceparser-perl/libmail-deliverystatus-bounceparser-perl_1.531.orig.tar.gz
http://ftp.fi.debian.org/debian/pool/main/l/linkchecker/linkchecker_7.9.orig.tar.bz2

I also uploaded the archives to virustotal.com for scanning with multiple
vendors:
https://www.virustotal.com/en/file/2403530b352c591464b96b37173031749c993967ed6e1375b6d295ef84576ac9/analysis/
https://www.virustotal.com/en/file/2edb67ca8b8831991d7ba24092829e775355e5a35aeae61cac52de0dc82b2fd5/analysis/
https://www.virustotal.com/en/file/af45514ed8ad5491c8dd1d682a5061c79f624e1789abef3f27e92bcd3653c052/analysis/
https://www.virustotal.com/en/file/7bb478a4f9512e1dfe77c658f0410d62d9af91cedc35ee7aaaff6bc9a56d7f85/analysis/

I looked into one of these, libmail-deliverystatus-bounceparser-
perl_1.531.orig.tar.gz, and found multipart email file containing zip
attachment. Inside this archive is a .pif file (PE32 executable for MS Windows)
which is detected as Win32.Worm.Mytob.EF.

This doesn't look like a false positive. I hope that the source packages would
be sanitized from any actual malware samples.



-- System Information:
Debian Release: 7.2
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
--- End Message ---
--- Begin Message ---
Hi,

On Dienstag, 15. Oktober 2013, Jarkko Palviainen wrote:
> Package: general
> Severity: normal
> 
> Some of the source packages were caught on a gateway anti-virus scanner
> while downloading.
 
This is not a general bug in Debian. It *might* be bugs in the relevant source 
packages, but AFAICS these sources include these _examples_ for a reason, thus 
closing this bug. Feel free to file individual bugs against the relevant 
packages though.


cheers,
Holger


signature.asc
Description: This is a digitally signed message part.
--- End Message ---

Re: Bug#726397: ITP: libmateweather -- MateWeather shared library

[Jonathan Dowland]

On Tue, Oct 15, 2013 at 02:46:20PM +0300, Vangelis Mouhtsis wrote:
>   This package contains the shared library for the base MATE library
>   functions.
>   .
>   A library to use for writing pagers and task lists.

You've copied-and-pasted the longdesc for libmatewnck, libmateweather
doesn't do this.

This reads better imho (for libmatewnck):

>   A library to use for writing pagers and task lists.

(adapted from libwnck-3-0)

Or for libmateweather:

>  libmateweather is a library to access weather information from online
>  services for numerous locations.

(adapted from libgweather-3-0)

I suggest you then suffix a short common paragraph descripting what MATE is
to every MATE-related package's long description. Something like

>  .
>  MATE is an intuitive and attractive desktop environment. MATE began
>  as a fork of GNOME 2.


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20131015121416.GA24126@debian

Re: Bug#726393: general: Possible malware infections in source packages

[Dominique Dumont]

On Tuesday 15 October 2013 13:19:38 Thijs Kinkhorst wrote:
> > It isn't a false positive in that regard that the package *does* in fact
> > contain the virus sample. However, it *is* a false positive, as the
> > sample is there intentionally, and no virus scanner can guess the reason
> > why it is there. It does no harm in the location where it is, it will
> > not spread, so is it in fact a virus? No, it isn't.
> 
> I'm missing why the package cannot use the EICAR test virus signature for
> its purposes.

In libmail-deliverystatus-bounceparser-perl case, the virus is used on the 
non-regressions test which are shipped in the original tarball (and in Debian 
*source* package). This virus is *not* shipped in Debian binary package.

HTH

-- 
 https://github.com/dod38fr/   -o- http://search.cpan.org/~ddumont/
http://ddumont.wordpress.com/  -o-   irc: dod at irc.debian.org


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/2288634.F14KR057Sc@ylum

Re: Bootstrappable Debian - a decision is needed, patches exist

[Ben Hutchings]

On Tue, 2013-10-15 at 08:03 +0200, Johannes Schauer wrote:
[...]
> But for that we
> need some feedback from the dpkg devs as well as a final decision of the 
> Debian
> community about which syntax to choose.
[...]

You, and the dpkg maintainers, are the ones that understand the
consequences of the different syntaxes.  Don't invite bikeshedding.

If the dpkg maintainers refuse to make a decision then you should go to
the technical committee.  Hopefully that will not be necessary.

Ben.

-- 
Ben Hutchings
Reality is just a crutch for people who can't handle science fiction.


signature.asc
Description: This is a digitally signed message part

Bug#726397: ITP: libmateweather -- MateWeather shared library

[Vangelis Mouhtsis]

Package: wnpp
Severity: wishlist
Owner: Vangelis Mouhtsis 

* Package name: libmateweather
  Version : 1.6.1
  Upstream Author : Stefano Karapetsas 
* URL : http://mate-desktop.org/
* License : LGPL
  Programming Lang: C
  Description : MATE Window Navigator Construction Kit

  This package contains the shared library for the base MATE library
  functions.
  .
  A library to use for writing pagers and task lists.


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20131015114620.4515.89520.report...@server.lan

mips64el port build failed list

[YunQiang Su]

We are working on the port of mips64el, and the progress is quite good.

We have about 11000 packages to build for this port.
About 2666 packages are not in build queue, due to lack of build-deps
About 695 packages are building or waiting or attempted
   or failed to build due to something wrong
The others are successfully built (maybe with our patches)

http://192.168.252.248/attempted/0_attempted.txt
is the list of packages which have tried to build while failed,
which is so called attempted in sbuild.

The buildlog of these packages can be found in
 http://vip.moonux.org/attempted/

The help of to fix these build is warm welcomed.

-- 
YunQiang Su


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/cakcpw6u4hxoljori3ow9efrbxga-estrlqgpybdaqi4x2jj...@mail.gmail.com

Bug#726393: general: Possible malware infections in source packages

[Thijs Kinkhorst]

On Tue, October 15, 2013 12:54, Dominik George wrote:
>> I looked into one of these, libmail-deliverystatus-bounceparser-
>> perl_1.531.orig.tar.gz, and found multipart email file containing zip
>> attachment. Inside this archive is a .pif file (PE32 executable for MS
>> Windows)
>> which is detected as Win32.Worm.Mytob.EF.
>
> Yes, and the package carries it because it needs it in its operation.
> Have you read the README file?

I have in fact read the README and it doesn't seem to mention anything
about this, it doesn't even have the word "virus" at all.

>> This doesn't look like a false positive.
>
> It isn't a false positive in that regard that the package *does* in fact
> contain the virus sample. However, it *is* a false positive, as the
> sample is there intentionally, and no virus scanner can guess the reason
> why it is there. It does no harm in the location where it is, it will
> not spread, so is it in fact a virus? No, it isn't.

I'm missing why the package cannot use the EICAR test virus signature for
its purposes.


Thijs


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/54f73ee1a529788f845b9918870d74b3.squir...@aphrodite.kinkhorst.nl

Bug#726393: general: Possible malware infections in source packages

[Scott Kitterman]

Pymilter is a false positive. 


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/fe0156c2-4f46-448c-b585-6323a1778...@email.android.com

Bug#726393: general: Possible malware infections in source packages

[Dominik George]

Hi,

I have looked into this a bit.

> Some of the source packages were caught on a gateway anti-virus scanner while
> downloading.

Using a gateway anti-virus scanner for downloads from the Debian archive
seems a bit inappropriate, well, paranoid. Checking the signed hashsums
would seem a lot better to verify the downloads; if Debian's
infrastructure were compromised so viruses could get in *and* be signed,
we and you have other problems.

> http://ftp.fi.debian.org/[...]

If you suspect an issue with the Debian archive, please test against 
ftp.debian.org.

> I looked into one of these, libmail-deliverystatus-bounceparser-
> perl_1.531.orig.tar.gz, and found multipart email file containing zip
> attachment. Inside this archive is a .pif file (PE32 executable for MS 
> Windows)
> which is detected as Win32.Worm.Mytob.EF.

Yes, and the package carries it because it needs it in its operation.
Have you read the README file?

> This doesn't look like a false positive.

It isn't a false positive in that regard that the package *does* in fact
contain the virus sample. However, it *is* a false positive, as the
sample is there intentionally, and no virus scanner can guess the reason
why it is there. It does no harm in the location where it is, it will
not spread, so is it in fact a virus? No, it isn't.

> I hope that the source packages would be sanitized from any actual
> malware samples.

If a package has to contain virus samples for its operation, then how
should anyone sanitize it?

You just found one more reason why anti-virus sucks.

(JM2C, I am not a Debian release engineer or DD.)

Cheers,
Nik

-- 
 Ein Jabber-Account, sie alle zu finden; ins Dunkel zu treiben
und ewig zu binden; im NaturalNet, wo die Schatten droh'n ;)!

PGP-Fingerprint: 3C9D 54A4 7575 C026 FB17  FD26 B79A 3C16 A0C4 F296


signature.asc
Description: Digital signature

Bug#726393: general: Possible malware infections in source packages

[Jarkko Palviainen]

Package: general
Severity: normal

Some of the source packages were caught on a gateway anti-virus scanner while
downloading.

These are the exact downloads:

http://ftp.fi.debian.org/debian/pool/main/libm/libmime-explode-perl/libmime-
explode-perl_0.39.orig.tar.gz
http://ftp.fi.debian.org/debian/pool/main/p/pymilter/pymilter_0.9.5.orig.tar.gz
http://ftp.fi.debian.org/debian/pool/main/libm/libmail-deliverystatus-
bounceparser-perl/libmail-deliverystatus-bounceparser-perl_1.531.orig.tar.gz
http://ftp.fi.debian.org/debian/pool/main/l/linkchecker/linkchecker_7.9.orig.tar.bz2

I also uploaded the archives to virustotal.com for scanning with multiple
vendors:
https://www.virustotal.com/en/file/2403530b352c591464b96b37173031749c993967ed6e1375b6d295ef84576ac9/analysis/
https://www.virustotal.com/en/file/2edb67ca8b8831991d7ba24092829e775355e5a35aeae61cac52de0dc82b2fd5/analysis/
https://www.virustotal.com/en/file/af45514ed8ad5491c8dd1d682a5061c79f624e1789abef3f27e92bcd3653c052/analysis/
https://www.virustotal.com/en/file/7bb478a4f9512e1dfe77c658f0410d62d9af91cedc35ee7aaaff6bc9a56d7f85/analysis/

I looked into one of these, libmail-deliverystatus-bounceparser-
perl_1.531.orig.tar.gz, and found multipart email file containing zip
attachment. Inside this archive is a .pif file (PE32 executable for MS Windows)
which is detected as Win32.Worm.Mytob.EF.

This doesn't look like a false positive. I hope that the source packages would
be sanitized from any actual malware samples.



-- System Information:
Debian Release: 7.2
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/20131015102815.23380.68872.report...@debian.f-secure.com

Bug#726386: ITP: pyqi -- Python framework for wrapping general commands in multiple interfaces

[Andreas Tille]

Package: wnpp
Severity: wishlist
Owner: Andreas Tille 

* Package name: pyqi
  Version : 0.2.0
  Upstream Author : BiPy Development Team 
* URL : http://bipy.github.io/pyqi/doc/
* License : BSD-like
  Programming Lang: Python
  Description : Python framework for wrapping general commands in multiple 
interfaces
 pyqi (canonically pronounced pie chee) is a Python framework designed to
 support wrapping general commands in multiple types of interfaces, including
 at the command line, HTML, and API levels.
 .
 pyqi’s only requirement is a working Python 2.7 installation.


The package is a dependency of the new version of python-biom-format and
was originally packaged by Tim Booth from BioLinux in the Debian Med VCS
where it is available at

   svn://anonscm.debian.org/debian-med/trunk/packages/pyqi/trunk/

The package is ready for upload - thanks to Tim for his initial work.

Kind regards

  Andreas.


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/20131015083205.23852.77229.report...@mail.an3as.eu

Re: Bits from the Release Team (Jessie freeze info)

[Vincent Bernat]

 ❦ 14 octobre 2013 10:19 CEST, "Thijs Kinkhorst"  :

>> As a Brit I guess I'm as surprised by people not knowing this as some US
>> folks are when I don't have plans for the 4th July. The pleasures of an
>> international project
>
> Everyone will find the 5 December milestone easy to remember; perhaps with
> the exception of those not living in the Netherlands or on the Netherlands
> Antilles.

http://what-if.xkcd.com/53/ ;-)
-- 
 /* Identify the flock of penguins.  */
2.2.16 /usr/src/linux/arch/alpha/kernel/setup.c


signature.asc
Description: PGP signature