Accepted refmac-dictionary 5.41-2 (source) into unstable

[Debian FTP Masters]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Mon, 27 Apr 2020 01:26:29 -0400
Source: refmac-dictionary
Architecture: source
Version: 5.41-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Science Maintainers 

Changed-By: Andrius Merkys 
Changes:
 refmac-dictionary (5.41-2) unstable; urgency=medium
 .
   * Bumping debhelper-compat (no changes).
   * Adding 'Rules-Requires-Root: no'.
   * Adding Debian Science as Maintainer, as originally intended.
   * Adding 'Multi-Arch: foreign'.
   * Switching to HTTPS in debian/watch.
   * Updating debian/copyright.
   * Bumping Standards-Version (no changes).
Checksums-Sha1:
 de175440474253642ab94c221260da9f76d392c3 2108 refmac-dictionary_5.41-2.dsc
 298b20f0d5633e33d319388e3fdb99140f62ce2c 1756 
refmac-dictionary_5.41-2.debian.tar.xz
 0f3f07d2f834040e722a2ff06ffc7314bf9fd3ad 6383 
refmac-dictionary_5.41-2_source.buildinfo
Checksums-Sha256:
 472376adc167666184f0fe426ca12b5b005b4cb16e4aeadaed9e4be35cf07f4f 2108 
refmac-dictionary_5.41-2.dsc
 c00abffb26c0690d9c9ab74ca44eeb8dff5f51c8302fb74bd8db8cf3e0fd899f 1756 
refmac-dictionary_5.41-2.debian.tar.xz
 39867f0f37530b071e9891b378b341eafe45649caef688fede4ec421c082abcd 6383 
refmac-dictionary_5.41-2_source.buildinfo
Files:
 ad2a3c5378231a53787d5e6d26ff7133 2108 science optional 
refmac-dictionary_5.41-2.dsc
 2bdec94834e03a5cc58fcde855960f41 1756 science optional 
refmac-dictionary_5.41-2.debian.tar.xz
 27f9052d86d0cff2b1f20a5b4d9b32e2 6383 science optional 
refmac-dictionary_5.41-2_source.buildinfo

-BEGIN PGP SIGNATURE-

iQJGBAEBCgAwFiEEdyKS9veshfrgQdQe5fQ/nCc08ocFAl6mbfgSHG1lcmt5c0Bk
ZWJpYW4ub3JnAAoJEOX0P5wnNPKHKc0P/2wxV1nODN2FYrYTDu56xentvFW/uUCa
gCqls6bmtd8yYT6HQk+VkbJwcO++tTfYo/5N4ls2102bAOWzYRfJLDhGvFOwjfMg
SJH/Q2In2FKSaN4gavnA5io5mzuGsI8zzH530gXVC0HG+0Q+QbcTCgBXrhL/ei91
xZDQx33CFV/qs0VM/mC1RNkjSnDv7dz+OhR7ZwcDh8pQkiKNPdNjQ1io75fG6B2s
OU4R2h+BwSE7gczNtLZSynchh4UBK9XssZPqu9e9fiPD74w0/YXU1MFn1D1ZIt4J
HcOg0mh0H6rCsugfoSp/bibZrztiAwtiE4XKZzVIDlNfXmYTAIxXuV+WQwycxhCd
5FyfYKbYZTb/x5mGGGYuxEQ9oKdzvoZT5b/zoSfX0/84MvhHlPIkQHnfodlglvlV
7drE+ttnzOAk1OBpJdM/A8JTjLage5HT/7Mj/LEBAF4wrGZjEyWDFUVxSjzK2dTc
aJbPZYUQ9leTUY8DGEDmy571+CLLqRJuSXayOxbzBksbRBtEShvKL7EY8fyzKuqk
iXKGk8+x/dmE6PXbuY8mcULI/ywloGv41bzbK/R28NFKSfJ3jryq8mlFj0boUc7L
7o6Krx3Sich/Wx7Ta304FGWHw8HCKSr5f013FHVi+3D8beLh2kiGexregTrxSKGL
HHUt4ajqt4Ri
=IVjV
-END PGP SIGNATURE-

Accepted debian-edu-config 2.11.23 (source) into unstable

[Debian FTP Masters]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Mon, 27 Apr 2020 07:18:20 +0200
Source: debian-edu-config
Architecture: source
Version: 2.11.23
Distribution: unstable
Urgency: medium
Maintainer: Debian Edu Developers 
Changed-By: Holger Levsen 
Changes:
 debian-edu-config (2.11.23) unstable; urgency=medium
 .
   [ Wolfgang Schweer ]
   * Cope with recent bind9 package changes (bind9 -> named at various places) 
to
 fix initial LDAP setup during installation and other broken configuration
 scripts and files.
 - ldap-tools/ldap-debian-edu-install
 - cf3/cf.bind
 - etc/resolvconf/update.d/bind-debian-edu
 - share/debian-edu-config/tools/edu-ltsp-install
   * Adjust testsuite components to reflect LTSP, Icinga2 and PXE installation
 related changes:
 - testsuite/{icinga,ldap-client,pxeinstall}
   * Adjust testsuite/samba to check if Samba is fully functional.
   * Adjust share/debian-edu-config/tools/install-task-pkgs now that the 
Cinnamon
 desktop environment is also supported.
Checksums-Sha1:
 ff07f31b7b0877f950ce255f14c2414cecd2ed81 1923 debian-edu-config_2.11.23.dsc
 64ccfb806950e6372a4871752f4c90dbb9604bdf 343784 
debian-edu-config_2.11.23.tar.xz
 99c4883a38e48372f82780680e4625a72b171757 5326 
debian-edu-config_2.11.23_source.buildinfo
Checksums-Sha256:
 2d0175e7f50b4a6d9591cfd643e287bca986e00ea3f7da53cabdb212fbf4a238 1923 
debian-edu-config_2.11.23.dsc
 ec7c4e5f502f667af2830fd8456ad4966aaafa2ffd798041a0f083d97931d91b 343784 
debian-edu-config_2.11.23.tar.xz
 df10095c060427cafcaabb68fba246e1fb007f24e8c2833c59b275d1a4527abe 5326 
debian-edu-config_2.11.23_source.buildinfo
Files:
 c0a1eaa24627fa36bb6a5b07b5e0c121 1923 misc optional 
debian-edu-config_2.11.23.dsc
 8e368306830373fc34dd2599e86760e2 343784 misc optional 
debian-edu-config_2.11.23.tar.xz
 191664526aa6a1fab093ac65961fc6c3 5326 misc optional 
debian-edu-config_2.11.23_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEuL9UE3sJ01zwJv6dCRq4VgaaqhwFAl6ma0sACgkQCRq4Vgaa
qhxcRhAAoGjxPxrcylGH0UXBQ9qoDjnh9g8mQNYGoVkjrG8rsrxZBIOvKTM5ZXit
N0sCYq0emzbNKQBs9iE+VfcHsitO/ypvI548pEOP4Jf2dRezYb5cxbRWj2jiq+yp
BsciTzETw6IVDXVspO3tTYQYC8K6645+lSmYUYMD+a+qSMgFzA4nnBNTS4MFtLtB
f4L29Gy7ySPhEW+kY5BcaOvtwR3nOK2pcjI1KOgoMiRn+w2A1ttECbY9861WWpt+
9HzwkTv+QqbeRImaKzpDo+ZO/zFsNzGFTMXsLKIr5JorPw/ZD+3f6mKCpzVcRWd5
2PQZpoNw2rP6uFMcWGncyc+Bo2l6oFzNpLX9F4yRuBgUORkeUhEMUeXojVGIhmJC
src0ny/GuW71QVzz8ZE8qMZL7YASGNrD09Df7lLrPttZui+/N3GhI0m7K6t7+Ki6
GJszttzePopdq9m0KZV5e8yGdQoRY2XEjJJBxDe+yznuJNGs8WPN8lnr39WtoIMD
RUi9UvMFAPvF3ZgLyYlhavcEatPD7iLa1nnVXbjWEROfQSXMfuiFf8wc9TV/OP1E
2NFHLGlJNmVWmjaXPR0+VG9SJCJRWlJY9Fko+JGWb4VZyMDMBM/4jtdp1/WQUqC4
VMzv5x7UWUjPlF48gJljitl03us1ltPJR1WQ+1PNrc0ypAf4bQ8=
=diqe
-END PGP SIGNATURE-

Accepted can-utils 2020.02.04-2 (source) into unstable

[Debian FTP Masters]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Mon, 27 Apr 2020 08:15:57 +0300
Source: can-utils
Architecture: source
Version: 2020.02.04-2
Distribution: unstable
Urgency: medium
Maintainer: Alexander GQ Gerasiov 
Changed-By: Alexander GQ Gerasiov 
Closes: 956530
Changes:
 can-utils (2020.02.04-2) unstable; urgency=medium
 .
   * Add debian/patches/0001-Rename-j-to-j1939-1.patch (Closes: #956530).
Checksums-Sha1:
 34e1ee63cb9b7f610d971d9b342154a323a78dba 1575 can-utils_2020.02.04-2.dsc
 1216c9f807cc5ad79ba724d1a66889210aa3b62b 29512 
can-utils_2020.02.04-2.debian.tar.xz
 43c08f66a7ddcc9b8a759005468fbd987a28ef46 5257 
can-utils_2020.02.04-2_source.buildinfo
Checksums-Sha256:
 516992edc71244c7b0a76a95509b5656352ede60b6c61f8c0c72599ca9c35186 1575 
can-utils_2020.02.04-2.dsc
 74384607dcd21e9fb03e562c085d8182767d52f4b4fd45fa40bb5c007473457f 29512 
can-utils_2020.02.04-2.debian.tar.xz
 e00a4debe035b77c0d08e8dcae5e14450029a2af9fe9fe59a18b99ed1de4e241 5257 
can-utils_2020.02.04-2_source.buildinfo
Files:
 ffa46e8a6bf4bbcfbcfd11e69b823772 1575 net optional can-utils_2020.02.04-2.dsc
 115ff99457901050f8adeb9c8ca6ae51 29512 net optional 
can-utils_2020.02.04-2.debian.tar.xz
 bc96168f50a2e1f62b34115565faeeb7 5257 net optional 
can-utils_2020.02.04-2_source.buildinfo

-BEGIN PGP SIGNATURE-

iQFCBAEBCgAsFiEEBLWdkN98wqvNSbrqyofp6CqsM/EFAl6mas8OHGdxQGRlYmlh
bi5vcmcACgkQyofp6CqsM/Ebsgf/eg6o/yZTH/J44RqDTOjxtQdhcJKHr76cELZ/
budDD31Zw1f2ODm1AeUWhueozatqLpfHThPtTRw2pOgjDIBYWVR4eoY1MPcVUwvC
6PpGLDP+cd3Tu3FrFE+2svQiRO5maTc3/cmCrY9aRFmuWcirVXKDRyFZaKqkSCfe
1vZls/nezgFExo7ar5+fqi+js/u6iyNlKvTXmoPJoltwC1+cftU3urNNtCOGFgeJ
j4g9+uBvwgXh8c7FJKHgsKsJF00NAmToBajGpiKlx8JwZWFrDmoGP1u+EoIm2nsO
+IJdXa4UUTZTqpCHqvpjXSdCPrPUWYi0hwDMtYWBnSFC+S4Kjw==
=aiuq
-END PGP SIGNATURE-

Accepted asciidoc 9.0.0~rc2-1 (source) into unstable

[Debian FTP Masters]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 26 Apr 2020 19:54:51 -0700
Source: asciidoc
Architecture: source
Version: 9.0.0~rc2-1
Distribution: unstable
Urgency: medium
Maintainer: Joseph Herlant 
Changed-By: Joseph Herlant 
Closes: 956729
Changes:
 asciidoc (9.0.0~rc2-1) unstable; urgency=medium
 .
   * New upstream version 9.0.0~rc2
   * New dependency: add xsltproc to asciidoc-base (Closes: #956729)
   * Remove patch integrated upstream and refresh the rest of the patches
   * Re-disable tests for now as not working.
   * d/control: Bump standards to 4.5.0
Checksums-Sha1:
 b7c4e588b1dbc78fc0f6d6c685214cd39fb6f5f7 2356 asciidoc_9.0.0~rc2-1.dsc
 78504c718cba9d46f7fb5449fafa00b333203aba 1267401 asciidoc_9.0.0~rc2.orig.tar.gz
 f3e430d2a96007f1e159a920a4399988e0208c26 13080 
asciidoc_9.0.0~rc2-1.debian.tar.xz
 6183951b79f737ddc03b8e659d10d8e5191eb75c 5866 
asciidoc_9.0.0~rc2-1_source.buildinfo
Checksums-Sha256:
 cd095da689f7463aaea0465fb0c796671b1f9ca47b54c7f4f8524041ae88fa6a 2356 
asciidoc_9.0.0~rc2-1.dsc
 57b03b8dd2aa1cb1c50be51a27948897d6a19ce6c846ebc07d02b6967257b3f5 1267401 
asciidoc_9.0.0~rc2.orig.tar.gz
 a4d0d4d16935678c51686e23cdfc5a88b52cde2100789c8802fe7b056f45b042 13080 
asciidoc_9.0.0~rc2-1.debian.tar.xz
 f579338bd81508d31b7466dac3bc0c69f57770a96ea94705aa9b8709364e4e98 5866 
asciidoc_9.0.0~rc2-1_source.buildinfo
Files:
 ef21709b5de3271142d98d7ad9c8c986 2356 text optional asciidoc_9.0.0~rc2-1.dsc
 bfc7f12383a84b9890c6320771749021 1267401 text optional 
asciidoc_9.0.0~rc2.orig.tar.gz
 cbe4974db26084beb67ba66c4360c4df 13080 text optional 
asciidoc_9.0.0~rc2-1.debian.tar.xz
 b80b18b6e26946b4495fc1085de567a4 5866 text optional 
asciidoc_9.0.0~rc2-1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQJKBAEBCgA0FiEE6CPaER4i14V+HYZYY/eACiPXslIFAl6mYrgWHGFlcm9zdGl0
Y2hAZGViaWFuLm9yZwAKCRBj94AKI9eyUuSsD/9R1zI/D+ZFdXJoN0BVzYT7x4zj
B/XeIagNA5SQoSZbI1Ybc+28FKQHu4a15cUiXqpG8KMpENxu/ddGUulb4tUVTBsz
Ny20zXIxea9aLFr86fTRc8eJ5CmVj1fAX/kT5orNDU7C+7o0qEsWZuvYdpk/1yqZ
MXRY4dLreRvNirPFyfTeD6qt/sfzxXy2lezJyyJiIlycQrP9nLBumkQeWH3wUvee
Sw4HCqWU3juWVQYBDNu1b8tnEYfkPiN5K9g8jg1LTemmtUTdSQvPAs6HvYnCJwPN
ua7XkVxPaaBgncY2O09UrCq9m/y23467N9OwHCkvanRzLHuhOpn47sIcQbboUDJL
zQGdE1Qgh8F2TrdnwmFdFGr5LFk1tgmrNO9IyjmHR0vUvFAYVTRBhxOAplRB2EKm
5wmXPzuYCoXA7dzZv3E0L2tLZZTDFu86hIFiab3xO4aG370c9MVTrcJew92Kv+IJ
R3HRFhoVGU4W2ztRmjle5RxLbSkSM95hFCFoj064EqSbOajJ5ddqi/gBiIrulgyq
HW3nOSDz2tjrVY1d8pQ2hIaLja1eWoQUwXCRA150ivZmb0wYzQ2O6zpChFWEsY24
eBmRmSYUcgQQdnItUxdsV6zGmK6O7fDjcFEtm7YteLQJaiZymKRD2FChSPzD1jEm
JRYgFqZhyqYMuiLj+A==
=hmnZ
-END PGP SIGNATURE-

Re: Salsa update: no more "-guest" and more

[Vincent Bernat]

 ❦ 26 avril 2020 15:04 -07, Russ Allbery:

>> This is not how this is implemented. I am using GitHub and GitLab with
>> 2FA enabled and I am rarely asked to enter any token. Once you get
>> authenticated on a device, it remains for a long time.
>
> Pretty much every time I go to salsa.debian.org, I have to log back in
> again.  The "long time" seems subjectively to be a week or two (or maybe a
> month).  Am I doing something wrong?

You are right. I don't have this issue on hosted gitlab.com, but maybe
it's because I work with it everyday. I have just enabled 2FA on Salsa.
I'll see if you also have to reenter 2FA each time.
-- 
Truth is the most valuable thing we have -- so let us economize it.
-- Mark Twain


signature.asc
Description: PGP signature

Accepted notcurses 1.3.3+dfsg.1-1 (source) into unstable

[Debian FTP Masters]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sun, 26 Apr 2020 21:28:21 -0400
Source: notcurses
Architecture: source
Version: 1.3.3+dfsg.1-1
Distribution: unstable
Urgency: medium
Maintainer: Nick Black 
Changed-By: Nick Black 
Changes:
 notcurses (1.3.3+dfsg.1-1) unstable; urgency=medium
 .
   * Explicitly supply -DUSE_MULTIMEDIA=ffmpeg to CMake
   * Add libqrcodegen-dev build-dependency
Checksums-Sha1:
 ef4cf2dc87f18340d95d9373b72fdc6d1cd97291 2659 notcurses_1.3.3+dfsg.1-1.dsc
 7f7690916c6033aef261d0d100de92770c38bd9e 6015004 
notcurses_1.3.3+dfsg.1.orig.tar.xz
 f18a138d9de2ad5ca34519e9667d4772c5e64337 10840 
notcurses_1.3.3+dfsg.1-1.debian.tar.xz
 5b09ebeaaefc3870837fec743d08ceb70ddf5ee6 13206 
notcurses_1.3.3+dfsg.1-1_amd64.buildinfo
Checksums-Sha256:
 c6d43403dcd84b192fd316fcbac872842435350b9c34d3ae7c3822ddc58ef267 2659 
notcurses_1.3.3+dfsg.1-1.dsc
 b81692696eddda717a0214dc28bb0a4ec3a00a95795b985f0b29240695deebb1 6015004 
notcurses_1.3.3+dfsg.1.orig.tar.xz
 318d6e028b36e8b7eabf3bd371d18fdb25a32be496644f01d8cb0e9eb391e07a 10840 
notcurses_1.3.3+dfsg.1-1.debian.tar.xz
 d6c1e9fb13e8c074c0bf7c84a14760eea3f964e5adf6adb7530b34d34d9d826f 13206 
notcurses_1.3.3+dfsg.1-1_amd64.buildinfo
Files:
 2666bfcaa8cc734cbd96505f6f0a5062 2659 libs optional 
notcurses_1.3.3+dfsg.1-1.dsc
 f86aebef66ac61fc924bfcc7d12f8bb6 6015004 libs optional 
notcurses_1.3.3+dfsg.1.orig.tar.xz
 29e2a357cf8815f90cc2db4a3c13ab6e 10840 libs optional 
notcurses_1.3.3+dfsg.1-1.debian.tar.xz
 14b1a181a69ba39415a5ba8d60f7d024 13206 libs optional 
notcurses_1.3.3+dfsg.1-1_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEE3z2W7rOCeCDzAmZcAYF6sKr2za4FAl6mR9gACgkQAYF6sKr2
za6Vbg/8DgYWqSFGZU5+z6CS02XMt/k7ujPZToCTFcbPgSBzZz1HcHUF47/0nmKq
zzgDVExyba6UffoHl/t9WqEbdrHasnXNpsEU5t/q7sIQfYcN/ICnWgDpqX8E4FHe
Ikk2RW07DA7wJOvcrf1K97OCDZlAIO9q3lQ+1/myy1r/EBIN0TO1M6eK6eAa1exS
ftZVYgdtJTn7D+2eeUdZr+x5yB6rcdPoLN6OS62lFaNzG7QXTbxx3ErWZYCf+IHc
LlBddogg0hvUSxZ7MtuwL91FCO16S2abcU1l/f4EwsbQaLs8HWTR5JerbgpLEm8o
yEW9Qz/xZ5+NPElP6KG/VlbcL+LyJkn6fDdnH5U6MyxQlufE/J2rzIQ8Gugf+40r
nxicSXIDoP5YEysbQXj1sRL+S6EtqxvZRF7BG8LJOzkMUJfRbwVEaZCLSBafuCmb
4gR2J6ms67q5BvEqgJUplJco1fVL6fEeeJArqzcbN5fZhD6DmOacARUYZYsYdoMu
sZUexbP+FRwnyNTm5KmWWD1wMMXGXndGJp2+GUAPGiUkPHs7/Wdldcq+Xu0CYbLc
nw9UamNXuIxSYRmUTqAsx1U/yy2I0V/B1UCmcDzZ/j26m/aDGWVF5YkS6Dn6uiXp
3PUkK7isUVPQmQ4pDSAQFOnzkw3WEcwKejXlx8w2+QaLkJRG/Qg=
=Xs+0
-END PGP SIGNATURE-

Accepted python-graphviz 0.14-1 (source) into unstable

[Debian FTP Masters]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Mon, 27 Apr 2020 10:26:35 +0900
Source: python-graphviz
Architecture: source
Version: 0.14-1
Distribution: unstable
Urgency: medium
Maintainer: Diane Trout 
Changed-By: TANIGUCHI Takaki 
Changes:
 python-graphviz (0.14-1) unstable; urgency=medium
 .
   [ Ondřej Nový ]
   * Convert git repository from git-dpm to gbp layout
   * Use debhelper-compat instead of debian/compat.
 .
   [ TANIGUCHI Takaki ]
   * Team upload.
   * New upstream version 0.14
   * d/rules: remove test log
   * Bump Standards-Version to 4.5.0
   * Bump debhelper from old 11 to 12.
   * Set upstream metadata fields: Bug-Database, Bug-Submit, Repository,
 Repository-Browse.
Checksums-Sha1:
 7bf1b88186c29fb27d5669896eb42fc80f52505b 2395 python-graphviz_0.14-1.dsc
 d4abbb3ab7813eab6061858f2af056b69f533974 156631 
python-graphviz_0.14.orig.tar.gz
 a536cf255a4901515383e6c09acf6b3b49228a99 3148 
python-graphviz_0.14-1.debian.tar.xz
 b82e6288328d10fbdcc1b4d9fdd28aa4c92d645d 8794 
python-graphviz_0.14-1_source.buildinfo
Checksums-Sha256:
 7e0c1ebc99f49ce992417924b19cd5468e2e127230c736b9531c2389bd4f4dd8 2395 
python-graphviz_0.14-1.dsc
 c2331d559f5850a1b354d282a3dbb76d91e6ed4dc9dae3ada0f27832d733fd6d 156631 
python-graphviz_0.14.orig.tar.gz
 457ff091bb1e6288241f84cb5ae481ca10181708c4c4d495d87a1227c5f239a2 3148 
python-graphviz_0.14-1.debian.tar.xz
 f5e63b3af65623de5003294cd3a08fbdb6f5a420a0949862864801e755585f0b 8794 
python-graphviz_0.14-1_source.buildinfo
Files:
 047285196358e00176579f519cc7afc0 2395 python optional 
python-graphviz_0.14-1.dsc
 911b10bdc422f50071ca6d59144a65a6 156631 python optional 
python-graphviz_0.14.orig.tar.gz
 a9a103053a65272141c11431c6aa510e 3148 python optional 
python-graphviz_0.14-1.debian.tar.xz
 183b3f495baa0e2d30f6d006e92aaa1d 8794 python optional 
python-graphviz_0.14-1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQJGBAEBCAAwFiEE0kq/0SfNJVahPGx5zBSfbCil4lcFAl6mNRQSHHRha2FraUBk
ZWJpYW4ub3JnAAoJEMwUn2wopeJXH3AQAJLu1YZ0klV8wBPfQbPtbuaJN+C8Vodv
LrnXXFebjcPsfRj4mj2Uo4jyI00TNlaU0d2bCgH/KFMYV5mF0vLar7jMeG0FDtMv
bnEyFNBA/6wMmOzIgNf1w++PfO1jw+FMQ/znHPoJJbl98dtVHhIYT9OM3uHw4tMw
MhV1aZSD7V/mME2IdreYvOlIux1Htng61ADDA5xtPB+jiwbSCrAQcbfmIfz+y8/+
/vL+jCcswdLdQvIRfjo3ZEF9ria0h9uxstJOCgJs30Ak+m3ptmCT7PFdxRDA62kd
kgESRzoCRzPx/u+VXG7if6EEkdOIQZGyRCRjPde0wAiR8gytB0eN1aaG2Ct8qaHT
cC6VfA7qdwdv6GOMWfYgJi9KBes/WNLigFxryRLtgCPeMFGCn2HgzEXEsOtUzJfb
8uEtvnZyrZNJ/HMjUQpTY6wrVgSA26mIAi+dqJeZUe/Ac048mCrvPRMVwCRbNSrY
1ha580zJeaYM5oc7SzheBK+oauPLTtvrdXPtu05WZQK95l2Mq5Vn3ECviHHvnLiq
Tu6RXxsmbdYcjfdC/TO5VdLhVSJeW3VLEHCn9ndZR5PQpZUyK3bJtHtrBgMdZyeT
s1ftUWwkS3X5eeKfPVmbaPFa3fzYz50SVPPrqFgoUCwsLWjMgiMcSwzo+a4KARpN
XtTbmJmIGNDA
=F28I
-END PGP SIGNATURE-

Accepted xfce4-whiskermenu-plugin 2.4.4-1 (source) into unstable

[Debian FTP Masters]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA384

Format: 1.8
Date: Sun, 26 Apr 2020 18:37:06 -0400
Source: xfce4-whiskermenu-plugin
Architecture: source
Version: 2.4.4-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Xfce Maintainers 
Changed-By: Unit 193 
Changes:
 xfce4-whiskermenu-plugin (2.4.4-1) unstable; urgency=medium
 .
   * Team upload.
   * New upstream version 2.4.4
Checksums-Sha1:
 b4462446161c1ac88f2c70b15d177112233e438c 2262 
xfce4-whiskermenu-plugin_2.4.4-1.dsc
 637c2c3a4729b99896b337edd267ffb14bf9f7bd 172157 
xfce4-whiskermenu-plugin_2.4.4.orig.tar.bz2
 d2fd20c5a7cf6551a82db3c3a7e4a08e8507ac13 3524 
xfce4-whiskermenu-plugin_2.4.4-1.debian.tar.xz
 17c1cd6b9b4c7797b9458f339514ecda726e23a7 15039 
xfce4-whiskermenu-plugin_2.4.4-1_amd64.buildinfo
Checksums-Sha256:
 b424f76e85b463650de6d78435acc0840625f0f2cb997ac63a921231055da19f 2262 
xfce4-whiskermenu-plugin_2.4.4-1.dsc
 624acf6d46484bb35608a76424579571423e2aefa6579f6e444f5cfb5342ff9a 172157 
xfce4-whiskermenu-plugin_2.4.4.orig.tar.bz2
 3e0a42d255363b6ea4d95bdcfd003cb172336b1a97e7febf3c051e5c1259f260 3524 
xfce4-whiskermenu-plugin_2.4.4-1.debian.tar.xz
 5b722b23ed794b426126241e7428a0301730c23fb270f155104d5e6696d651c9 15039 
xfce4-whiskermenu-plugin_2.4.4-1_amd64.buildinfo
Files:
 7ba77d6889cb40884c3c0c4c152b5319 2262 xfce optional 
xfce4-whiskermenu-plugin_2.4.4-1.dsc
 7f6faf5ae5ca276d073798a3ff8b0e5b 172157 xfce optional 
xfce4-whiskermenu-plugin_2.4.4.orig.tar.bz2
 d16eef62f3c3073e5ff5dd578315542e 3524 xfce optional 
xfce4-whiskermenu-plugin_2.4.4-1.debian.tar.xz
 7eea912348dd9ae809f4297109cc8b5d 15039 xfce optional 
xfce4-whiskermenu-plugin_2.4.4-1_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCQAdFiEEjbPlhoZdK0orGFpcUAHhsJqjdEsFAl6mI4YACgkQUAHhsJqj
dEtHihAAjyRXdfGdHr/mUrzLf0PurTfwzEZ0EEhjc11EyDAKBmo2GvCYukzZ1gb+
4Nfe4orEdxpdxM0axt+MciqssARgn5aExnm0GXeuHPkTXRQHBPRbbjUJ0cAXOxcM
vtktNH1DeNop0iyQtvKEnBjrW+F/sa+Pnoxk5P5brjf7Bdj3cS5GYEd8qEoawLvS
Gu5PS8B6CNEDAqZhZ5Yo4uO03tPtRxk4/dBtp66lKO7qt9/akYQe3psRBKD6Sb+d
ETAjTIxsRXeXNHFEvhYumBgBpFU5A174Oxm6xJASOI30RO8m7BqKPQKLpDTj5Emf
yqTDR8S9V0mi1iy0YgXh+qsls7YQk2h+K8HnpZZERFWMEcDO/IJR1ircNCfBUUKJ
LdGoYR7KKvR/0TAIvhSRBABprW1ZpmUqvgCrE20uOtDiTiY7v8aNUerCPRa4NMPG
4Mqj0T6TQ7aZ3MpnP9VXrPgijREKMmA5XpVHkUdcBXwUsMm0mgfs6oxXJb2PGYAm
nKHBmzK48ETG4PsQdPOydzw5z1CMkaAe4UJd94w55diSxIDZW4ihAvJERUq2nHDs
sHyjIgT0YT7DdUF9Sj7ToBWqee63yYR0D7JtXnb4fWxv90EzOQU2fOc9GOZ+5lSv
qBnvrSNNwb/N7xH2aUKD7uyQKyOFhSfn492tPemCXyY4z5GER9s=
=f6HS
-END PGP SIGNATURE-

Re: Salsa update: no more "-guest" and more

[Paride Legovini]

Thomas Goirand wrote on 27/04/2020:
> On 4/27/20 12:18 AM, Paride Legovini wrote:
>> It's still one static shared secret you need to enter every time. If it
>> gets stolen, because your browser or your computer is compromised, or in
>> a MITM attack where the attacker gained access to a valid certificate
>> for salsa.debian.org [1,2], your account is gone. It gets much, much
>> more difficult with 2FA.
> 
> You're mixing many things here, so let's debunk one by one.

Well, I gave you two examples.

> 1/ If my browser or computer is compromised, then it's game over anyways.

This is true if you get *fully* compromised, but you could be affected
by a very narrow vulnerability which causes e.g. some browser memory to
leak under very specific conditions, requiring a carefully crafted
attack. If you happen to be affected by this kind of vulnerability
(spectre?) the game is far from over.

> 2/ If what the attacker is trying to get access to your account (and
> eventually later, change the 2FA / password couple), then having 2FA
> doesn't help against MITM.

An active MITM attack is way more complicated than just sniffing and
storing traffic for later analysis. Changing the 2FA or password is not
a great strategy, as you would immediately realize what's going on.
Silently gaining access to an account allows to act when the conditions
are the best from the attacker's point of view.

> 3/ I don't enter anything, my password manager does it for me (so it
> doesn't go into the clipboard). Now, X-Window could be hacked, but that
> really means we're in case 1.

My point is that *something* enters a password in a web form. In this
case it doesn't really matter if this is done by a program or by you
pressing keys on a keyboard.

Anyway, I have no doubt your way of managing passwords is excellent, but
I hope I've been able to show that "2FA will add nothing in my case" is
not true.

Paride

Re: Salsa update: no more "-guest" and more

[Russ Allbery]

Russ Allbery  writes:

> That's effectively what a password manager simulates, albeit trading off
> local secure storage for convenience while limiting the strong passwords
> someone has to memorize to one.  I would argue that the only functional
> difference between a properly-configured password manager and using TLS
> client certificates is that password managers have better UI.  (Which is
> important!)

On re-reading this (which I should have done before sending it rather than
afterwards), I left out some context that made this statement look too
sweeping.  I meant that a password manager with random passwords and
client TLS certificates look similar in their security properties for a
user: you enter a password to unlock a secure store and then some opaque
blob in that secure store is used to authenticate.

Obviously, passwords (assuming no special crypto magic) are effectively
bearer tokens whereas TLS client certificates use asymmetric crypto, so
TLS client certificates are better than password managers for all the
normal reasons why asymmetric crypto is better than bearer tokens (defense
against man-in-the-middle eavesdropping, primarily).  My very rough
understanding of PAKE schemes (which may well be wrong) is that they
effectively turn passwords into asymmetric crypto, thus bringing them
closer to TLS certs except with a fairly weak asymmetric key.

-- 
Russ Allbery (r...@debian.org)  

Re: Salsa update: no more "-guest" and more

[Russ Allbery]

Thomas Goirand  writes:

> Now, if you want something safer, maybe we could implement something
> that involves crypto a smarter way, like SQRL, so we avoid storing any
> password in Salsa, even hashed:
> https://www.grc.com/sqrl/sqrl.htm

I don't know anything about SQRL (and am too lazy to try to digest the
PDFs on that web site), but I'll assume that this shares with PAKE schemes
the requirement that the client do crypto.  PAKE has always looked like a
good idea up until one starts trying to tackle the problem of deploying
clients everywhere you need them, at which point it usually ends up
looking easier to just use TLS client certificates.

I realize the advantage of a PAKE-style scheme is that you don't need to
store a security artifact on a person's computer, just get them to enter
in a password, but personally I consider passwords to be a bug rather than
a feature.  We're already at the point where remembering a strong password
is too difficult for the average person.  I think it's more likely that
computer security will evolve towards using passwords only as
physical-presence-only PINs to unlock local secure storage, rather than
making an attempt to improve passwords as a network protocol.

That's effectively what a password manager simulates, albeit trading off
local secure storage for convenience while limiting the strong passwords
someone has to memorize to one.  I would argue that the only functional
difference between a properly-configured password manager and using TLS
client certificates is that password managers have better UI.  (Which is
important!)

> Because seriously, I'm more concerned with Salsa itself being hacked,
> and the password db of *all accounts* being stolen, or the Salsa SSO
> provider being hacked, rather than having a *single* idiot user falling
> into a phishing trap.

GitLab uses bcrypt (although with no pepper, at least that [1] mentions,
which is a shame), so if you're using randomly-generated passwords with a
password manager, I'm not sure why you're worried about theft of the
password database.  It would be a problem for people using weak passwords,
but doesn't that go back to your argument that we can assume Salsa users
will generally follow good practices?

[1] https://docs.gitlab.com/ee/security/password_storage.html

The Salsa SSO provider being hacked is would allow the attacker to
impersonate anyone to anything protected by Salsa, but that's obviously
still true with SQRL, so it seems unrelated to the question of password
storage.

-- 
Russ Allbery (r...@debian.org)  

Accepted xml2rfc 2.44.0-1 (source) into unstable

[Debian FTP Masters]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 26 Apr 2020 19:35:37 -0400
Source: xml2rfc
Architecture: source
Version: 2.44.0-1
Distribution: unstable
Urgency: medium
Maintainer: Daniel Kahn Gillmor 
Changed-By: Scott Kitterman 
Changes:
 xml2rfc (2.44.0-1) unstable; urgency=medium
 .
   * New upstream release
Checksums-Sha1:
 5981e9a33ccad911819c270247c84cb55eea3014 2534 xml2rfc_2.44.0-1.dsc
 ad66b5a760f2bc3951be6959b03102253cf4d363 3922543 xml2rfc_2.44.0.orig.tar.gz
 d54a3e23da60c5190fb91e4730bbfb8562bae0ce 801 xml2rfc_2.44.0.orig.tar.gz.asc
 668e772b71ec9ded45812a653d3e50a80cdd7c7a 18304 xml2rfc_2.44.0-1.debian.tar.xz
 9de26e7172ad1939ce2470763a8a5b27aa6b45c9 6916 xml2rfc_2.44.0-1_source.buildinfo
Checksums-Sha256:
 729308d514a6ee45578021b2b2cd92560c5d5ff10123eabde306ecde6b1814c7 2534 
xml2rfc_2.44.0-1.dsc
 e6631aa2699942f387705e9fb624655b99f43abd87091bc94a3f6b82f2aabb4e 3922543 
xml2rfc_2.44.0.orig.tar.gz
 1a28ee8438fbc92207ac0d68ee4cd476b098121f6daae922b64597001035e89b 801 
xml2rfc_2.44.0.orig.tar.gz.asc
 bbfef18b42b5c5b0007a73637d183c17b1b5615ed4c230e5d988fe42561222e2 18304 
xml2rfc_2.44.0-1.debian.tar.xz
 c3d0df7aa7435003ab2901938a52bf4c26dd89e5d82b9fb91a2e2d6b9b156c37 6916 
xml2rfc_2.44.0-1_source.buildinfo
Files:
 5cc20e10cd50ed4bce15a14a46cd86e0 2534 non-free/text optional 
xml2rfc_2.44.0-1.dsc
 0930e5e2c74adc71e659d19b53e0746c 3922543 non-free/text optional 
xml2rfc_2.44.0.orig.tar.gz
 6003add03b86b9d5f6afe30345164568 801 non-free/text optional 
xml2rfc_2.44.0.orig.tar.gz.asc
 1c1d067c764222cca18fb6c5f625f5d4 18304 non-free/text optional 
xml2rfc_2.44.0-1.debian.tar.xz
 99c74d3060091803c5260684ada062b3 6916 non-free/text optional 
xml2rfc_2.44.0-1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEE53Kb/76FQA/u7iOxeNfe+5rVmvEFAl6mG4YACgkQeNfe+5rV
mvERJA//aH6koIp5nuGIvo4ZMxaD5se19ZH5fIYYu4V4T0V/pZDA/Jesrrjic2HD
15iTcNXc3Jt/Fcs73oW0myDfiiMqswobjC0N4Yy9vSmTxopLw6RgyezW1SQ4RtTd
mzGyS1+AJTgX7m7B3K/6HOzmbb4c/OzPWjrWhGtSa/knqvlxz6uPRA9lxXVNwMuA
v4G2jt1Y6SeslYPXHNnBaTcgxsz2TqP1s7t5ZtGIfhb72aw8l+gNn6Uxak7mL3oR
oG9rai3nuBMBuDORwQLL2akAznzwBp8A/a9sBPsb0QM1VThWi4aSB9Hzg7Nva0E3
V7L7AXY0VIPxjEzBQTXshALnS3XV7PLFKCrPCWTcCnsVSJJg7nlPX12DWeD2Vfty
HdIG+ehI+a/VgK66sZLJ1O0J4kXiXqdo1BJU3ykB/PGiD4joalMmszCgj+iTVL5b
6+qpAMBleb+S+iZ7TFPR2TF6ZKMiQ56UKBGc0UEssFb12sZn50R7CPPCxRlKEsde
h3E9CRYwvK5b7olClNfL546xlQIq0XAjHdmajIbXmZQLdSF69B9IV3+J4Nob88mC
11BsW6u5volcq5UIgzGx7+SAV8qgcoL+ERfuw6JsnS4oLZt1tBHGHPDqdnofJ/jI
e7lUwZudS+0ZF+XNwDxRxZyeQnaVymtvxgwufipSDfq4ktrKPqI=
=wpZX
-END PGP SIGNATURE-

Accepted ncbi-blast+ 2.10.0-1 (source) into unstable

[Debian FTP Masters]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sun, 26 Apr 2020 19:38:13 -0400
Source: ncbi-blast+
Architecture: source
Version: 2.10.0-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Med Packaging Team 

Changed-By: Aaron M. Ucko 
Closes: 957581
Changes:
 ncbi-blast+ (2.10.0-1) unstable; urgency=medium
 .
   * New upstream release.
   * debian/patches:
 - Formally refresh.  (A few files needed straightforward manual
   intervention.)
 - support_gcc10: New, for formal support of GCC 10+.  (Closes: #957581.)
 - run_perl_directly: New, to streamline update_blastdb(.pl)'s #! line.
   * debian/rules:
 - override_dh_clean: Clean up new generated artifacts: fakehome/ and
   c++/include/common/ncbi_revision.h.
 - override_dh_install-arch: Install new cleanup-blastdb-volumes script
   without its upstream .py suffix.
 - Stop directly injecting -Wl,--as-needed into LDFLAGS, but keep
   DEB_LDFLAGS_MAINT_APPEND for the sake of backports, along with a
   comment that they can't rely on GCC 9+.
   * Add salsa-ci file (routine-update)
   * Wrap long lines in changelog entries: 2.2.25-6.
Checksums-Sha1:
 d30f168038c692162c3a627440a8294069dd9120 2329 ncbi-blast+_2.10.0-1.dsc
 20f283b84973c43b2f2cba2c8bda7cccd4bc3a2b 25547460 
ncbi-blast+_2.10.0.orig.tar.gz
 7abcc724e551bc985e2def5a24ec2b42c3ce6175 32404 
ncbi-blast+_2.10.0-1.debian.tar.xz
 2c8dc9c874e5f48cc49ad758064eebf597fde421 6154 
ncbi-blast+_2.10.0-1_source.buildinfo
Checksums-Sha256:
 13474787e01952a3e0d41d6f9e30aa2af1d3abe72f3c55fcdcf94523ce61fa26 2329 
ncbi-blast+_2.10.0-1.dsc
 3acdd9cec01c4f43e56aeaf89049cb8f8013d60b9c1705eced10166967f1d926 25547460 
ncbi-blast+_2.10.0.orig.tar.gz
 34c558c3c10937bd7b337a902b9a09d97bd44dd2d32d710eb24f870ee284cf99 32404 
ncbi-blast+_2.10.0-1.debian.tar.xz
 7841f3c91d3df09f9e53450f7f8f2f27beca3ec7d9088165bf805f24e33abc5d 6154 
ncbi-blast+_2.10.0-1_source.buildinfo
Files:
 70faef7f9b51ec1fcc7f479e1086ef8b 2329 science optional ncbi-blast+_2.10.0-1.dsc
 0be82e26787579c5d14517af63502197 25547460 science optional 
ncbi-blast+_2.10.0.orig.tar.gz
 b3bae31c0a509c4806e1dc0cf525a0bc 32404 science optional 
ncbi-blast+_2.10.0-1.debian.tar.xz
 5046be70fd00049989c5a69cfd633a7c 6154 science optional 
ncbi-blast+_2.10.0-1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQJEBAEBCAAuFiEEfDq5z9IwvTDdAJxZHnCRsfFKZKIFAl6mG9IQHHVja29AZGVi
aWFuLm9yZwAKCRAecJGx8Upkou5KD/kBiP6gQLVKY5LdHbyB0Ay2GS7/SjE+2GuX
u01J0LaU1O2gwXlMc9mC5t0vuP85QJsQcfBHJ09WDJLf6omWSv5mp1UJC2XbZE7D
1FhhjhVkZjLFirq3ZTVZKL0VjmyP2RWRryMcyVWNSgaZ2HIEZJSrOXXD1BUd1sBP
mvzuShSTvYdmZhmc3KIgaj7dQN7uKMB3UwPFeRx96mHYvjFDUEf+alHvVHYowPzP
eZclW4kpXVpEHwGkaDzng3jEY3isjIG8Xd7cOAHYB2D+XENPTJgqOgjYGD2nDF3C
tnqEdDvnkVy7EFKv39EosWajDlPxjjU+zAwUCXetgRQjANfsKzmIAnRG1dThad5q
QAZ/8YE3M4LOPtFtJGkDIzUQO4SS7u5aQFx7X8fdrmRY/5Gb1ZMqwhPTI/Ip3fju
O9vwfoiFjjt7edb/2SFQf0d9/9h0IYNT41raacosdHqFclBD9CRZfpe7eq2cvb1u
jEChmmiWYhaKxlRDzAEXZO14fmyUMPSRWlNaxmEM3oOQ0jmLmPdICLclcMfN/jAF
q/56jrbZMd+hbFR52BCNhgdHBVXRQc5covPleYU7z/0Y7MjCItm50R8YiN1KX3DB
fd2LkVXdoQelCifYOFr+Vj1Knx6DZBZMyJT0KAt0DLjcSgtz/Hf5re2hEYkk89Bs
JMZP+seZVA==
=QAhL
-END PGP SIGNATURE-

Accepted growl-for-linux 0.8.5-7 (source) into unstable

[Debian FTP Masters]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Mon, 27 Apr 2020 08:31:13 +0900
Source: growl-for-linux
Architecture: source
Version: 0.8.5-7
Distribution: unstable
Urgency: medium
Maintainer: Kentaro Hayashi 
Changed-By: Kentaro Hayashi 
Closes: 955899
Changes:
 growl-for-linux (0.8.5-7) unstable; urgency=medium
 .
   * debian/patches/use-gdbus-instead-of-dbus-glib.patch
 Fix Depends on deprecated dbus-glib (Closes: #955899)
Checksums-Sha1:
 f59d2d2807f1b0dd57f40db1174258fd81dfd9c0 2359 growl-for-linux_0.8.5-7.dsc
 106879c7251701bdbe15e1cefab30682e9c45d0a 11816 
growl-for-linux_0.8.5-7.debian.tar.xz
 8057e73a88e93be6975a41f2fb2a7895a6ef1540 11286 
growl-for-linux_0.8.5-7_source.buildinfo
Checksums-Sha256:
 59a2982c818332d977539b5b4f136a56fe6366fedbcd5f3fffcfb7ce092afec2 2359 
growl-for-linux_0.8.5-7.dsc
 7f978f940f87d5437594533f0a519f2bb7b9f6a76b5ce36584359a7e52ee6be5 11816 
growl-for-linux_0.8.5-7.debian.tar.xz
 8e87d62ed182012ace7dccac1a35a135b677ade067198e9cff6474475f452dad 11286 
growl-for-linux_0.8.5-7_source.buildinfo
Files:
 181b14539f280a84666d3dcd8aedb4a1 2359 gnome optional 
growl-for-linux_0.8.5-7.dsc
 3bb0fa3a06df5efebc2175de3aa57f17 11816 gnome optional 
growl-for-linux_0.8.5-7.debian.tar.xz
 365bd613f253bd8540415f4643340f49 11286 gnome optional 
growl-for-linux_0.8.5-7_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEEcZ6y2T2+nE0h+6Bk9/t1xWbtIOMFAl6mHQEACgkQ9/t1xWbt
IOOlihAAoc2I4vd0WEsLow5qHIxXVWgc3dxVosB8KYQ2CTk1ICmcVFC6auUyTEyB
8bA23xuL2SmRGio5whZPJN8ttTYji/rMDPHSJRJRmIvjUZAAnC+tHdY/6QjUEIjG
VX+SBXVTmjaM6wFLbcEJv9z1TmprQICjKelThwFkMAVeDODF3enRdkvO7MNaEyIU
3UV+FhcCl+rpmhkg/eehUiQo+xI8yrndpMiVrOZwoj2KQR2L7GLeczUgdekFnqAc
+FPk1415fiaPvRV2zoXcEY2NExEQs0h2sIzKlgVOJThpdns/8Npsj7zXa5Avt33m
RmgGS/LyEpuyVNSQHP0i4jEZ59cbneIxL14+zHtU2/wpn1Xd7olfAQnplQH0VDM5
8z33fOP2RK3/0JpWJ+noMKUioIPC2AemFJGauqyA6dWfiPUkFfMoB5aEOkrzAOyJ
ARAtPHigl1onHq1ltKuG8bw1xcEKRRgXcwDmE85Wd7XiQMq7dENYEW3NmriT/uUt
9ijqqhSq7iLK9l+E/YX2N0oXdjtuSQoGb9KUbi8rZ6U6qQhSwMFmsymo7WnZo8Md
o+oEQ9VqsQFvfwht2sUKa/A+KK2jA47942SWNbTD50wuaRhJiRBAimXAljefelkn
mtBU5Q1Jy6jsKfei2/4C+gmCfoLta8fN8lqIB4a+0KPER/8o7KI=
=Xcv6
-END PGP SIGNATURE-

Re: Salsa update: no more "-guest" and more

[Thomas Goirand]

On 4/27/20 12:18 AM, Paride Legovini wrote:
> It's still one static shared secret you need to enter every time. If it
> gets stolen, because your browser or your computer is compromised, or in
> a MITM attack where the attacker gained access to a valid certificate
> for salsa.debian.org [1,2], your account is gone. It gets much, much
> more difficult with 2FA.

You're mixing many things here, so let's debunk one by one.

1/ If my browser or computer is compromised, then it's game over anyways.

2/ If what the attacker is trying to get access to your account (and
eventually later, change the 2FA / password couple), then having 2FA
doesn't help against MITM.

3/ I don't enter anything, my password manager does it for me (so it
doesn't go into the clipboard). Now, X-Window could be hacked, but that
really means we're in case 1.

> The amount of annoyance added by the GitLab 2FA is extremely limited,
> and implements *the* standard for web 2FA (webauthn). Personally I'd
> like to see it required to get the DD status on salsa, or at least to
> all whole Debian team.
> 
> In general, we are switching from the cumbersome client certificate
> approach of sso.debian.org to plain passwords. This doesn't sound right
> to me. I think that with the tools we already have 2FA is as near as we
> can get to the sweet spot of usability vs. security.

What I hate here, is that we're switching from a "each person gets to
keep its own secret safe and we trust him to do so" (ie: case of client
side certs) to "we trust the centralized database of password, and we
just hope it never gets hacked". I have serious doubts the choice is the
correct one. I would prefer to risk that one or 2 person gets hacked,
rather than the full password db / SSO provider.

Cheers,

Thomas Goirand (zigo)

Accepted pocl 1.5-3 (source) into unstable

[Debian FTP Masters]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Mon, 27 Apr 2020 00:46:54 +0200
Source: pocl
Architecture: source
Version: 1.5-3
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenCL Maintainers 
Changed-By: Andreas Beckmann 
Closes: 958700
Changes:
 pocl (1.5-3) unstable; urgency=medium
 .
   * Update symbols file.
   * Cherry-pick upstream commit 90fdec99 to avoid unwanted dependency on
 symbols from libOpenCL.so.1.  (Closes: #958700)
Checksums-Sha1:
 c407968cd159d0e56afdf3845e5c256cbe6af15d 2369 pocl_1.5-3.dsc
 1da356b376c36cf519b5d9b721d733d54d4cd11a 23968 pocl_1.5-3.debian.tar.xz
 4943c5e8d8e90f604814a5af27b5fdeb61c10f99 8001 pocl_1.5-3_source.buildinfo
Checksums-Sha256:
 dfae613ad58c321f290ebd98146fb579c30426f2a4a2e19cb067556beb6ace52 2369 
pocl_1.5-3.dsc
 c4907f6b187002c402e75ac3328f4e3e120235229023d907abe2d37fc30952aa 23968 
pocl_1.5-3.debian.tar.xz
 c3e8d69877cac1f4864a845b24df86432fb7468734b757e47b30341021b3a0d4 8001 
pocl_1.5-3_source.buildinfo
Files:
 5108f2079383e7f59aa2682c61a79ac8 2369 libs optional pocl_1.5-3.dsc
 e3bac1dc596419bbf886664dfd653ef9 23968 libs optional pocl_1.5-3.debian.tar.xz
 5d0495e7250166775f4e2cbadfc78118 8001 libs optional pocl_1.5-3_source.buildinfo

-BEGIN PGP SIGNATURE-

iQJEBAEBCAAuFiEE6/MKMKjZxjvaRMaUX7M/k1np7QgFAl6mEScQHGFuYmVAZGVi
aWFuLm9yZwAKCRBfsz+TWentCNvhD/0Qrs9wWK8DLW83kUQi4dhS0WPtzMCiz0ya
cjVE+WoduTORIofeqvxultf4ezIS6rVVrQcgjv3rGzTNy14oUSh1dy6l4a11fdtj
uwtq3zgoiocYfMObpDSMYNKM54voGw4g5C9Rr4mICzu+HiZRxZj2QR8HQvyFyzzv
szeaqe1ELYqqyAz2yCwKaqbgM/5GokCwVzFIUKigo1nwqyfof+xEqzMW1+v0i3vd
aCwC42I7w8sqpeuGJML9V7bdTNDr2uawXHlbTNQD5iNFzyoDY/RTH9iE9Q9reFnD
dxo41ZTyp8zgv+nciKqogBLY+jO0Rw5rVUGf65Db4BpPDtDLN0cQNiF/bf/3amdk
VCV+iU3AcaceNjJGAN4dpnkBvVT1exom3huXm9jk/0a9diIaZNi/cUBTPZormGUA
y1j+r5JRhpR1b7A5OmTZhjH5K0eisqi2hX900kRJOpmOlFB0/qunUtq1Zolw0d2W
+yboGe8mNGmXpMLu16i2Eb6MR3ELMkzsoB6uWz3xe4QzXiwovGjZNaNxamprgEyA
YLzVIgw/xi1IbLl5Ymxu5rkvsoRS1MGveZVhiNuZlsiNbONN7i50H4qVJTibnaP1
vjhl3cLkgtH9wzRi6i0Dp97IRfCdOLjTIqzzk0luPHVDLTAnD2jOaYn11K7d9yWT
JZw5FjfK3A==
=bbBC
-END PGP SIGNATURE-

Re: Salsa update: no more "-guest" and more

[Thomas Goirand]

On 4/26/20 8:34 PM, Bernd Zeimetz wrote:
> 
> 
> On 4/26/20 12:41 AM, Thomas Goirand wrote:
>> On 4/25/20 11:14 PM, Bernd Zeimetz wrote:
>>> Actually I think 2FA should be enforced for everybody.
>>> Even debian.org related passwords might get lost.
>>
>> I use strong password, stored with keepassxc, with the password db
>> encrypted using the HMAC of my yubikey. In what way is this not safe
>> enough already? 2FA will add nothing in my case, just more annoyance.
> 
> And then somebody sends you a phishing mail and you enter your password
> into salsa.debiana.org...

Nice try but ... I use the "Append Domain" plugin in Firefox, so that
Keepasxc can auto-type passwords if they match the URL of the site I'm
visiting, to what Keepassxc has in its database. So nice try, but your
phishing example doesn't work on me. :P

On 4/26/20 9:04 PM, Bernd Zeimetz wrote:
> So you have a browser integrated password manager and consider it
> secure? Interesting...

This wasn't addressed to me, but I'll reply anyways...

No, I don't use *any* browser integration. I just use the window title
of my browser with the "append domain" plugin to differentiate domains,
and the auto-type feature of Keepassxc. Yes, it's probably possible to
hack into the window title with Javascript, though I still consider it
kind of safer.

Now, if you want to go this way, we can go even further, and I can
miss-quote you to have fun:

"So, you use a browser and consider it secure?"

Because at the end, that's how far it goes... :)

> And if it doesn't happen to you, it happens to somebody else.

I very much advise everyone to use the same setup I have so that what
you describe cannot happen. But that's not the idea. The idea is that
everyone must be taken as accountable for keeping his/her password safe.
Someone not using a password manager should be using 2FA indeed, but
please don't *enforce* it. It makes me think about these stupid sites
that ask me to use upper case, special char, numbers, etc. when really,
I'm generating all of my passwords with OpenSSL. Don't try to know
better than I do please...

> Or you or
> somebody else has to use a more public or work computer for whatever reason.

I don't enter passwords on computers who aren't mine. Never. Ever...

Though that's not the point. You're applying the same pattern again:
you're giving example of idiots doing stupid things, and because of
these idiots, you want to enforce a security which doesn't help on every
case. Some people will always fall into traps, 2FA or not.

Did you ever realize that it's possible to defeat 2FA with phishing,
simply by asking the user to enter the 2FA code, and reuse that to
immediately login fraudulently?

> There are more ways to loose a password than you seem to be able to
> think of.

There are more idiots than you may think of (warning: entertaining!!!):
https://www.youtube.com/watch?v=opRMrEfAIiI
https://www.youtube.com/watch?v=UzvPP6_LRHc

:)

Now, if you want something safer, maybe we could implement something
that involves crypto a smarter way, like SQRL, so we avoid storing any
password in Salsa, even hashed:
https://www.grc.com/sqrl/sqrl.htm

Because seriously, I'm more concerned with Salsa itself being hacked,
and the password db of *all accounts* being stolen, or the Salsa SSO
provider being hacked, rather than having a *single* idiot user falling
into a phishing trap.

Cheers,

Thomas Goirand (zigo)

Accepted k4dirstat 3.2.1-1 (source) into unstable

[Debian FTP Masters]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Mon, 20 Apr 2020 12:33:35 +0200
Source: k4dirstat
Architecture: source
Version: 3.2.1-1
Distribution: unstable
Urgency: medium
Maintainer: Jerome Robert 
Changed-By: Jerome Robert 
Closes: 950322 950323
Changes:
 k4dirstat (3.2.1-1) unstable; urgency=medium
 .
   [ Pino Toscano ]
   * Use the kf5 dh addon instead of kde (closes: #950323)
 .
   [ Jerome Robert ]
   * Bump the debhelper compatibility to >= 12 (closes: #950322)
   * Update upstream URL
   * New upstream version 3.2.1
 - Fix crashes on startup in some certain KIO related circumstances
   (LP: #1873637)
Checksums-Sha1:
 d21b649a4cc24b1dd84080395ab159562f5877ea 1998 k4dirstat_3.2.1-1.dsc
 61fc045ee202ec0df87ec7e3fc3f4720d94849ca 220868 k4dirstat_3.2.1.orig.tar.bz2
 7159b87d7f5dc410345123accb76cbc952816d1c 2968 k4dirstat_3.2.1-1.debian.tar.xz
 d521822f836267db1e69a65441482a19ace00b00 15013 
k4dirstat_3.2.1-1_source.buildinfo
Checksums-Sha256:
 092ffe1f98ed5e09d8afb1ceafdf1f852fcc0be49f983a192d41e700d2f3e57a 1998 
k4dirstat_3.2.1-1.dsc
 9b099befba138ec93ca5d1a186c601fd17b69edf8636253031de5b35580e1bd0 220868 
k4dirstat_3.2.1.orig.tar.bz2
 dc77ba3fc18810ff0752fd2b2e4544982858ed3eb2e876895dc547951db81c45 2968 
k4dirstat_3.2.1-1.debian.tar.xz
 e6d651f11268e313d06709f0317f685f29822bd066bbdb8e46e85a30eda0ec50 15013 
k4dirstat_3.2.1-1_source.buildinfo
Files:
 76fd28a5a567528dae3e0892165a0ea4 1998 misc optional k4dirstat_3.2.1-1.dsc
 b9ec264961a24a922f80d168ee4fa23b 220868 misc optional 
k4dirstat_3.2.1.orig.tar.bz2
 376267692819e49109dbf97150f5f6c7 2968 misc optional 
k4dirstat_3.2.1-1.debian.tar.xz
 5c46550faa0ba9b948d75bbcfe19b37b 15013 misc optional 
k4dirstat_3.2.1-1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQJDBAEBCAAtFiEEy89k8fa3rclNjyokyeVeL63I9LkFAl6mE+YPHHNtckBkZWJp
YW4ub3JnAAoJEMnlXi+tyPS587sP/RhDpe7RlTBqqhBJAC/u9ITP28k4r05Jx1mm
vuVRDjTzFU/cuDOybvu4WWhzIPfW2WcvIGC+9W1NGx57ZH/FophM90YZ/F1Q3dWP
ctF7ywE3ZPblwmUCBehBo6IKtC1k0RW+1mTE2cNZmm/C0S3LDAq/pWEaMPDDsZvy
081FId2V8PjqF4JtFw1KCJ5Uc9ZR/N1YEx/DIQjP1O3IrpYz1HeoDsAGYnmM5pxa
RAhmJHRegkjbHL3pFXLYdWacaGjhiVTpVsqI9bGFyOnsSy4pR7rxt2F4k5Xp05LV
I1DTj8eqzB+iE8uEO2UK8KwzD1QM98cvv0Kf5bPrfj7Fh4utLqW3KbY89HSR9wpz
1Uh42uk3aORmFAAYgydLi18mf3r2VBl83VOLDh4dkxnUJgatZkogc7rjIllCQWNq
OiPrDiS2Nxo1Ngvyoki+B40qC8itWuajLTgUN0hqBSnkihU8tC1AI4m1RfesrwAR
3EBiZ71bBOxk2lKyqexeKQ1SHepofXpnA8MY/AwydL2lSujZeXXc5wBKkdjqudeN
9NFBXW6ArXmgllO+pc0ocVIX1/9/b6mwv3obDZACY+WgQqPuyOTN4JsR4z6kLTb6
8Pp91cnYYux3zx4Z4JpEKTx0yBWWcy7S7Nof8uugLzIPr0idaCptmhVYPEhmT2zF
q7aKVDe8
=lzxf
-END PGP SIGNATURE-

Accepted tomcat9 9.0.34-1 (source) into unstable

[Debian FTP Masters]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Mon, 27 Apr 2020 00:36:59 +0200
Source: tomcat9
Architecture: source
Version: 9.0.34-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers 

Changed-By: Emmanuel Bourg 
Changes:
 tomcat9 (9.0.34-1) unstable; urgency=medium
 .
   * New upstream release
 - Refreshed the patches
   * Depend on libeclipse-jdt-core-java (>= 3.18.0)
   * Switch to debhelper level 12
Checksums-Sha1:
 9b16571117bc34a1ad4194f920ebe46dba2c008c 2737 tomcat9_9.0.34-1.dsc
 211ddab1be65f3d1c09b73f89c1992cafd018013 3874604 tomcat9_9.0.34.orig.tar.xz
 bafa7dfd266ac79a5a985c6507c43e61a23c8b16 33316 tomcat9_9.0.34-1.debian.tar.xz
 8fe65e7cc7063edf842b14df7384a30167420e91 12191 
tomcat9_9.0.34-1_source.buildinfo
Checksums-Sha256:
 ece49b0327f31698be433e95be26fb01c3a983b2bdd8c9c22ecb6786aa9a2243 2737 
tomcat9_9.0.34-1.dsc
 c600fd271e88140a9f70f9a2868fbd562e28b0b77f49ce0a8f987eef70b53a7c 3874604 
tomcat9_9.0.34.orig.tar.xz
 e3982b5bf0687a14021993f76a6cd7ba955be996d083a7cb141d2664fd93 33316 
tomcat9_9.0.34-1.debian.tar.xz
 7abe133db4fcd9bbaf8bbd645dcc77ccc79cc8bd9ff5f09f5fbba7a75faf2f97 12191 
tomcat9_9.0.34-1_source.buildinfo
Files:
 63490d0d2aa905417cfa915a0aba65fc 2737 java optional tomcat9_9.0.34-1.dsc
 d7c365830c39b4431adeafa7a387cb88 3874604 java optional 
tomcat9_9.0.34.orig.tar.xz
 a8ac04127b546a244643cf4284a0c7a4 33316 java optional 
tomcat9_9.0.34-1.debian.tar.xz
 1fd128c3064d8851014ff7f0850c4159 12191 java optional 
tomcat9_9.0.34-1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQJGBAEBCgAwFiEEuM5N4hCA3PkD4WxA9RPEGeS50KwFAl6mDUYSHGVib3VyZ0Bh
cGFjaGUub3JnAAoJEPUTxBnkudCsN0IP/1zops/ppFs/c7ggQKapZQPA2IQLA45G
qoQ+b/w73W7WaBZsIvLRaFGYkP+Zc11PDq/d3U6fEeag60etKo2kmOsEHalTCiV4
BpIydDtChgA9uWb2cavZL8mF/+FEB9+2DdRQ501Mnk0tc1FH9kkwLk9Fx9oDwvvv
qRmyobiYuAA+rdGFMs0YvYjd5cSdqf1LI4R5uIdhd/AgDx04kcazj0l3Zy1QjJKk
+9gcKTTbihlVrD1rguC3es1OkDebP09ukAFqxvx0yzmUvBj8OUQs1rcnyE/XbnJ2
s3NxI0UQVVbtJc0wvRBrdY8k7smhXT0bRXajSZ2uS9fKCzMIJ+owjwcXPxyTCx5R
SpCIP5X/Z+GbCpPD4U3lwim99iaidVI8QwCsS9iuOg4tv/R+xe+KATvzrxLPl2T/
7lRL70uXCwFj077jJT8z8Qfi3T2uvrnKiRg1xPhdfVYlqLEoh3Xc5pdztINv5dDn
yD0lCL4puKr9QsOcc+tijoJZ7vG3KEMVoPFkZVH3pnis7Hv+Pkx08rSjZ0W/4fI6
RMUu+RBGTrOIhwpn/WItIN5+zudLrDd32+Y6uEognwTztg2PKv0A3trhKOI5oaZN
VGinAFVg80PloQFciYm2xA7BO+m7aispCjPtZbBwoofgHBlXfyF903p6gAo6FdrT
lp9/4pY4l8Vp
=w/a6
-END PGP SIGNATURE-

Accepted nova 2:21.0.0~rc1-3 (source) into experimental

[Debian FTP Masters]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sat, 25 Apr 2020 20:23:35 +0200
Source: nova
Architecture: source
Version: 2:21.0.0~rc1-3
Distribution: experimental
Urgency: medium
Maintainer: Debian OpenStack 
Changed-By: Thomas Goirand 
Changes:
 nova (2:21.0.0~rc1-3) experimental; urgency=medium
 .
   * Add cgroup-tools as depends for nova-compute to allow Cinder QoS.
   * Correctly install systemd .service units.
Checksums-Sha1:
 bf0886b9fdc51347c0be5fbf969545ea4e35427a 5193 nova_21.0.0~rc1-3.dsc
 aa2a2be25fd5f2b0cd04ee3eb2eafff1d332fb77 58688 nova_21.0.0~rc1-3.debian.tar.xz
 4ab72b93a0edc1bc39b88bb156e4966f473fcab8 22472 
nova_21.0.0~rc1-3_amd64.buildinfo
Checksums-Sha256:
 1ad0f12a70ec9033845f26b672d83cd49862b1a44da630dc2082ce4b6b492b01 5193 
nova_21.0.0~rc1-3.dsc
 1f34c846b54339eaeb7d18c70c4bda18876e240511d339e53b8115e8ffa0c164 58688 
nova_21.0.0~rc1-3.debian.tar.xz
 8770f0a96c2bf78543413b2122fa48f53381024969dc31596218028f3e888620 22472 
nova_21.0.0~rc1-3_amd64.buildinfo
Files:
 f3781d56c740b9357d02ed656c18af30 5193 net optional nova_21.0.0~rc1-3.dsc
 efd4bc158b38cb2d443de1b5298013ba 58688 net optional 
nova_21.0.0~rc1-3.debian.tar.xz
 e02a0b570af95c4579edbe8285a38e61 22472 net optional 
nova_21.0.0~rc1-3_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEEoLGp81CJVhMOekJc1BatFaxrQ/4FAl6mDDEACgkQ1BatFaxr
Q/7gORAAhFObs3PIUmGxUQvTAamNmCN9j2LBGTDi8DwsMQO7qXd7vS/sgbEJ7lb5
neAgyua4jsCFq8kA18CTsOrjS6hAKDuGyeTG6WN0/kXdB4bFHOo6x/YvYMdhjdam
8vebq6oJL8Zcp+Ufq5GgGb8OkCupiTGw9fyxkGOUs1ngeRx0Ksf+KRGjs9IhaOCj
McC3ko9b2pdR8CVjWrXx4jsdaoNKQP1sDt8oaP0xKMfWIScgfMXMhLXamr29x7Ba
fNMfNZAx4yXRRsaAPej8f4aVaM+gZXtbWRQvw8dQpzWn69UWReE430XfyOX/sfz9
dKp0FTzX9yDrbAZg0oXiROHFcJKfR+8TDlfHSSvNcY+QeqsPwMuuTsQ+JpD//3u6
iRuwccEq8pqoBDTExFjnM71cxOCJ46UP63tzB9Xrvlt/kWAmzYHfGQcfs1KL7zVW
ZZG1eW7pMTzNTP/KWottj4dEv2rCHcjGWv2Azs+euQ676W5oQTSu6QfL8yXdP941
+Be1W7HN3TOB1K0TCk78q1e/VlhNDjS7HTiMYxJ/0r75OZb3p18GmmFRsKMqRyJE
0S57v1SvGPR7nbTPwPEXWqXH6Nfk4enrYAEjOLNKLmI6qaCfeKgjL7FKfuKP4qwx
qcuS+Zx3sY6Kak55fGrUaQ3k2lk1N+GC/3Z2uLQ946v5A4Hj0F4=
=Z3Sw
-END PGP SIGNATURE-

Accepted equinox-p2 4.15-1 (source) into unstable

[Debian FTP Masters]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Mon, 27 Apr 2020 00:25:19 +0200
Source: equinox-p2
Architecture: source
Version: 4.15-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers 

Changed-By: Emmanuel Bourg 
Changes:
 equinox-p2 (4.15-1) unstable; urgency=medium
 .
   * New upstream release
   * Standards-Version updated to 4.5.0
   * Switch to debhelper level 12
Checksums-Sha1:
 3fb02dfe0ad0b99ca0464977daaf59cc3b2909dd 5101 equinox-p2_4.15-1.dsc
 f0a2d852e55885756c1b98a4e6f0b6f5bca4ae80 1512684 equinox-p2_4.15.orig.tar.xz
 d071c49dde21fd9c8f5445d4e73fcdad8212cfbe 9380 equinox-p2_4.15-1.debian.tar.xz
 82ee506af190d1900131a9fa7288a3a0406acdba 12336 
equinox-p2_4.15-1_source.buildinfo
Checksums-Sha256:
 cf8195d80230cc2730b56c6cfb7065c829f0d1b955029fc44b9a931f49fc48f9 5101 
equinox-p2_4.15-1.dsc
 0f55fad5301ebabf481bbc8e533c65a65f7d84d9280ee882a8796c6cab88c81f 1512684 
equinox-p2_4.15.orig.tar.xz
 5664afe52e802aaa02d53826bd5ed91d50a6cba653145991db6b5d5c852d50e8 9380 
equinox-p2_4.15-1.debian.tar.xz
 3307842fc90f8ebc4509ec461c1e139257ae25fae8841aacac6ead6e93191e88 12336 
equinox-p2_4.15-1_source.buildinfo
Files:
 4d50eca569e084fc31a54d7e0fad22fa 5101 java optional equinox-p2_4.15-1.dsc
 097a4d6b9b4a403eb06cb2798c889c40 1512684 java optional 
equinox-p2_4.15.orig.tar.xz
 0219379a242ace2da9f4f84180783a85 9380 java optional 
equinox-p2_4.15-1.debian.tar.xz
 9b04c985e6c17d20e4243d050c4ec125 12336 java optional 
equinox-p2_4.15-1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQJGBAEBCgAwFiEEuM5N4hCA3PkD4WxA9RPEGeS50KwFAl6mCmESHGVib3VyZ0Bh
cGFjaGUub3JnAAoJEPUTxBnkudCsBCsP/ivmMHYxvryz9HRD12joW3RVDyr+lwbw
vGcMOMKPQHSjSdFdAhMiLdnw197BbiEWPkyLpb6Vt5gCzKedn4lh8sG8XIKCuQYl
SYGOhgOYjFdZiE5HCT6201+qJbkYRxV15OP7snvsPpFNFlNe0W0qEvzxPy7+DTWl
dU2aXxDLbeKE3299pwAptf0SBk6BaCz/LfnkM/H85eF9ewIeziweajrQ1j3zAadI
zdAuqnZR2MhQOP3VtvUb8Ud10mRPMInJT3tk4zw08OnUdSRr2YIyHfBbHXl/3lNu
vkAmjeg1PQHHAEiHbKmrBKsE766y69gbz4vqd/ejch3fkldoXGW7rIPgfug7tOMu
1O67YJUG254ekzag3ug/ZJbZg+YL/dTjvXM7LUfjZ8wLuzqp+3tjM28XavJJ3ykB
ZgVWZo/gt61C3/z2Gl1L48Bg345ZixSZbGrEWmAdiUa6sqkiaLCc02MOnZfDM6ij
qR/KWYkcsKXQZ0GBIyF3jjBYXkK84bpR+gGx1n3nSpBkaJrpRPCpFjaoivN1nPM0
2XcSrIPBm0yJw9J6eONCS+R/GXxrmp470RrN8TbxTY52fUwRhqeckyTzqUAfwxlq
jV1uwFOh1cAYGe5fCEBovg0LDGdx+itUkO2MhcxFJl7tTz9b0o79sGmAT8UgsbFk
fIf4QxMlL+1n
=Qb3T
-END PGP SIGNATURE-

Re: Salsa update: no more "-guest" and more

[Russ Allbery]

Paride Legovini  writes:

> It's still one static shared secret you need to enter every time. If it
> gets stolen, because your browser or your computer is compromised, or in
> a MITM attack where the attacker gained access to a valid certificate
> for salsa.debian.org [1,2], your account is gone. It gets much, much
> more difficult with 2FA.

If we're concerned about CA attacks on debian.org servers, it's worth
noting that (a) most of us run Debian for obvious reasons, and (b) the
entire *point* of Debian is to safely and securely put configuration onto
all of our machines, which together mean that implementing certificate
pinning for our own infrastructure is entirely doable.

-- 
Russ Allbery (r...@debian.org)  

Accepted construct 2.10.56-1 (source) into unstable

[Debian FTP Masters]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sun, 26 Apr 2020 22:45:17 +0200
Source: construct
Architecture: source
Version: 2.10.56-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Python Modules Team 

Changed-By: Henry-Nicolas Tourneur 
Closes: 880113 943656
Changes:
 construct (2.10.56-1) unstable; urgency=medium
 .
   * New upstream release; Closes: #943656
   * Updated debian/copyright to add new maintainer name
   * Updated debian/watch file
   * Added debian/salsa-ci.yml file
   * Added debian/tests/control autopkg test case with pytest
   * Added dependency on runamel.yaml
   * Set maintainer to DPMT and updated VCS fields (Closes: #880113)
Checksums-Sha1:
 a25b18f06d92acb0297ea5b83d9180b36d2bf84c 2406 construct_2.10.56-1.dsc
 2cea3ac3247a98ad9d890926075ecc2b66100b4a 1184110 construct_2.10.56.orig.tar.gz
 1422a506a7f41caf9aaf969ec3c7dfb939277f1f 3324 construct_2.10.56-1.debian.tar.xz
Checksums-Sha256:
 d91a63fccbeb987d84ebdd2edcdd56c841913af036bf6d7b18d55c17bf39b979 2406 
construct_2.10.56-1.dsc
 7fa228d6547e3a2cbf1af7afbce5a11ae0b2b83d5f4a941ad0cf8c0eefc7665d 1184110 
construct_2.10.56.orig.tar.gz
 bd943a528639d35e74c2be938ee7c16b41817decfd4cb78ae565de12231348a7 3324 
construct_2.10.56-1.debian.tar.xz
Files:
 0023fd591eb32d5070b34ec26f367700 2406 python optional construct_2.10.56-1.dsc
 4057539b57f234d4fc39bf417eafd350 1184110 python optional 
construct_2.10.56.orig.tar.gz
 b31865487a9694fde777e56acd26ac83 3324 python optional 
construct_2.10.56-1.debian.tar.xz

-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEElFhU6KL81LF4wVq58sulx4+9g+EFAl6mBzAACgkQ8sulx4+9
g+EdjQ//TQRQxeEEyj6MR2LEe18DhYTFqk8g6PZ2SR9MJPdBIgcNov7b+550nHTo
UdU76hMicsqRa74qnscIF96elWEiTeKHLQG0BDyiFoPP8NjUJAhQOMqkusTRXtpR
BeUf01veV0EjsCI+VFKSQTAYONkKEnRBLuPQgHK1CqensBrc8mQlnIfl4irjdsmx
wKAwX1aXtqOVwjdEv7IkERQ32eSZPwniTj9c/7k2j1ZutDXObaAh6VPGXkuueMtw
RnFAEqpnC3VIv6ku3RjmLtl+4py+vwCKFOxL0yH/vxglqMB3+TCbaxHYsNFAZ+87
V8TiIieTYGaGIhdLtbgigo71oVSTCrsYha3lv4NnI35W3u49ijwIEV1hbBDUDMb8
g1nccSiaIXYAvPK1RyW2L3YNTke89uHZU+pbpe4x89DxppEL7jMUlasmaGlXBiCr
2Y/8KhmvgrytecokhQOGdgyRiBuuJ3KOd8rzJmBzweNeE+fYKStkb7Kb5XivG/Zi
d2BpTjyuT/HkP1w9CQgTU5zd7OUvBtsmcNq0dl0KaaP740h28JrvAQUO/WoKjqP3
Ax97MVCJjOKeDwrgIEaK23MMsrwQmgbUJmacp2UIqBz+/HSHI0/gsF8BR6SajP6U
PVtMFg0/iRik9BjyADYICVyLjKJwrKHMT4q/EUS1tQTeZ2o37Ds=
=dvs3
-END PGP SIGNATURE-

Accepted tellico 3.3-2 (source) into unstable

[Debian FTP Masters]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 26 Apr 2020 23:59:29 +0200
Source: tellico
Architecture: source
Version: 3.3-2
Distribution: unstable
Urgency: medium
Maintainer: Debian KDE Extras Team 
Changed-By: Pino Toscano 
Changes:
 tellico (3.3-2) unstable; urgency=medium
 .
   * Backport upstream commit ab305dd0d8b720c8e01dae8a66f6527442fb73f1 to fix
 the ISO 5426 decoder on architectures where char is unsigned; patch
 upstream_Account-for-QByteArray-at-returning-char-not-uchar.patch.
Checksums-Sha1:
 d4f0a2efff094c856ca16bf7878502f57361169f 2770 tellico_3.3-2.dsc
 83486d57b6accd7b8a101ec8c02f879c00c1f015 16396 tellico_3.3-2.debian.tar.xz
 b3b2b3e4aaf38e5d27f33a6755c14d94eb921db3 21710 tellico_3.3-2_source.buildinfo
Checksums-Sha256:
 d9f33772fd41b49594969c470bd2b0549e6c9544ab8d0336452fc3e6282a430b 2770 
tellico_3.3-2.dsc
 d4dafddc0ec85ee448645289d5e8d4ecfe05b06f9a4787974c8ffc1f6a9545cf 16396 
tellico_3.3-2.debian.tar.xz
 57ae62722557236fe9ff6d6157c5f57d3337a9015ff9a19c4d34319327bcf0ac 21710 
tellico_3.3-2_source.buildinfo
Files:
 83e576aae5a6001796a7f3d8e21d4611 2770 kde optional tellico_3.3-2.dsc
 506d8ae3e4caf7d8e16e5768d55b6f2f 16396 kde optional tellico_3.3-2.debian.tar.xz
 97e724720328ebb2682747f549f09262 21710 kde optional 
tellico_3.3-2_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEXyqfuC+mweEHcAcHLRkciEOxP00FAl6mBI0ACgkQLRkciEOx
P02E6RAAsFVn1uPmzvouZTpG1PPI4y4JEKZ0m7cm7RkfULgtslAJYbgDSAgYqPpA
2e9nZs0tW50/udkVliq2V8GXyMOOszhf1HoyzJsSMQdPcfQq8jHWtgq7V8YoI7YK
7c3LlJq5ewMx3eX80WXcx9J59AlXoF4FiwcUSF7Uh1g0VyntFyynPKGJugLIe5yB
geu8KyeHL3DI/of7t30ktlt8szlmafV5K7UnulAWpHV2gCMJVnNCJ3S8wTwcPh3q
tQusgLKCQeVn25B563PgyetIoFEYGWaV0z3Rn0wZP/mBlfWqr5FD7+Gh6gSvmwRQ
59o0wNSkNi3Ztcoe2QxTylup2XoZ+ao5vHQmGqq0pJLYdlAUX2jwqjAnq9mQj305
t0HejASmOmXm26HQhibNiR1zY+XsDk9SVqB6lBu6PGsnfRmFp87ajrRZ/3xz9R+h
ANzWq1+4cM3x6J7HiZHNWfH0C/Muwbn1U7TGDeoQJlnEiG/bbeloC1EKC4I6qqYo
ltZdSI+bAsDaN0X3R5qcnO8jN12ZziTplK05+6g7tERWuyu5Kxyv0oG9FBOsbm2Y
bOyzzFA14Uymnjf/rHEGlP5FO91Cs4wTXlrLB2SKIi1/3W1B4eEyTcggM6BErLzY
KDHOp/ijeHUhhj43ke3959Q3FHnf6YJGLlfTonEBm5xrBcgBYNE=
=t7f4
-END PGP SIGNATURE-

Re: Salsa update: no more "-guest" and more

[Paride Legovini]

Thomas Goirand wrote on 26/04/2020:
> On 4/25/20 11:14 PM, Bernd Zeimetz wrote:
>> Actually I think 2FA should be enforced for everybody.
>> Even debian.org related passwords might get lost.
> 
> I use strong password, stored with keepassxc, with the password db
> encrypted using the HMAC of my yubikey. In what way is this not safe
> enough already? 2FA will add nothing in my case, just more annoyance.

It's still one static shared secret you need to enter every time. If it
gets stolen, because your browser or your computer is compromised, or in
a MITM attack where the attacker gained access to a valid certificate
for salsa.debian.org [1,2], your account is gone. It gets much, much
more difficult with 2FA.

The amount of annoyance added by the GitLab 2FA is extremely limited,
and implements *the* standard for web 2FA (webauthn). Personally I'd
like to see it required to get the DD status on salsa, or at least to
all whole Debian team.

In general, we are switching from the cumbersome client certificate
approach of sso.debian.org to plain passwords. This doesn't sound right
to me. I think that with the tools we already have 2FA is as near as we
can get to the sweet spot of usability vs. security.

Paride

[1] https://en.wikipedia.org/wiki/Certificate_authority#CA_compromise
[2] https://en.wikipedia.org/wiki/Kazakhstan_man-in-the-middle_attack,
mostly to say that state backed attacks to the CA trust model do exist.

Re: Salsa update: no more "-guest" and more

[Sean Whitton]

Hello,

On Sun 26 Apr 2020 at 10:53PM +02, Vincent Bernat wrote:

>  ❦ 26 avril 2020 20:29 +00, Jeremy Stanley:
>
>> You're already seeing quite a few folks responding that being
>> required to use an additional application or device each time they
>> authenticate would be an inconvenience to them. This is a signal. I
>> personally wouldn't enjoy being prompted to activate my TOTP client
>> software every time I invoke `git push` so I can understand the
>> resistance to your proposal.
>
> This is not how this is implemented. I am using GitHub and GitLab with
> 2FA enabled and I am rarely asked to enter any token. Once you get
> authenticated on a device, it remains for a long time. The model threat
> is to prevent someone stealing your password through
> phishing/spying/guessing to login into your account. SSH keys being
> asymmetrical, they are not covered by this.

It is worth knowing that with GitLab 2FA you can request reset codes so
long as you have control over an SSH key registered to the account:


This limits the categories of attack that GitLab's 2FA can protect you
against -- e.g. laptop compromise.

-- 
Sean Whitton


signature.asc
Description: PGP signature

Re: Salsa update: no more "-guest" and more

[Michael Biebl]

Am 26.04.2020 um 23:47 schrieb Paride Legovini:
> 
> Another good one with builtin backup functionality is Aegis [1,2]. It's
> GPLv3 and available via f-droid.
> 

Thanks, haven't heard of it before but looks interesting.

Michael

-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?



signature.asc
Description: OpenPGP digital signature

Re: Salsa update: no more "-guest" and more

[Russ Allbery]

Vincent Bernat  writes:

> This is not how this is implemented. I am using GitHub and GitLab with
> 2FA enabled and I am rarely asked to enter any token. Once you get
> authenticated on a device, it remains for a long time.

Pretty much every time I go to salsa.debian.org, I have to log back in
again.  The "long time" seems subjectively to be a week or two (or maybe a
month).  Am I doing something wrong?

What you say is true of GitHub for me.

-- 
Russ Allbery (r...@debian.org)  

Accepted ruby-prof 1.3.1-2 (source) into unstable

[Debian FTP Masters]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sun, 26 Apr 2020 18:45:06 -0300
Source: ruby-prof
Architecture: source
Version: 1.3.1-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Ruby Extras Maintainers 

Changed-By: Antonio Terceiro 
Closes: 861676
Changes:
 ruby-prof (1.3.1-2) unstable; urgency=medium
 .
   * Team upload.
   * Drop links to JS/font files in /usr/share/doc (Closes: #861676)
   * Add trivial autopkgtest to test the binary works
   * Build-Depend no gem2deb 1.1.
 That version contains a fix that makes the ruby-prof binary actually
 work.
Checksums-Sha1:
 f292657a4fa7bfb889680c05f2617860a377bfbb 2025 ruby-prof_1.3.1-2.dsc
 da1c0c50de6ac5ea757eed0bedfa92c3d3a003f8 7464 ruby-prof_1.3.1-2.debian.tar.xz
 9487170218029dc6ec04b5732516ba36b5148c51 8904 ruby-prof_1.3.1-2_amd64.buildinfo
Checksums-Sha256:
 726786c2593a48d175227c38dea1082126544923d81f4b0408aaa48714911785 2025 
ruby-prof_1.3.1-2.dsc
 7027354ddf3e1bebef92e7eae0bea1b1efb9069034d037011544ee18a34f1cc6 7464 
ruby-prof_1.3.1-2.debian.tar.xz
 e7e690c458da20ca24e715594b21e49e0da4ec754ec65ba83e6538a346c6f007 8904 
ruby-prof_1.3.1-2_amd64.buildinfo
Files:
 c7f87c3a06348aee1c12f77633fec160 2025 ruby optional ruby-prof_1.3.1-2.dsc
 72a5872eed12fee33550c921ce34a3c6 7464 ruby optional 
ruby-prof_1.3.1-2.debian.tar.xz
 17e8a80e6d8a4c6f286a1a1a00a66ca0 8904 ruby optional 
ruby-prof_1.3.1-2_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEEst7mYDbECCn80PEM/A2xu81GC94FAl6mAusACgkQ/A2xu81G
C944Lw//Vlfod0+K+VA7FlWgrYqf5E5AQRhIbgHO5NekTUbP9JAhZTLh0nDdI1dL
03HC8brHrAzc0r73sxB6uC5IV6QOVmiQVrzuPWahzysxdXVd1ZH/KWR8htz41cgK
fWbfakh8sHIpv+6ZALawsDVY8Fa0ESHSON5DUxFV8X0x4dbiqcbwF6Kmt4z4Iec7
tPzN7/Qpb+3Js4BHGfU0ww0Meni3An/1hd5sBdQ3UX4RaQpAqUrvRfxR8d6Hb+Fv
QkvuEz9UBAg3K37KT8UG9m4NB38BpOYdAzi1GCZAMZWlXPoU5MfCa0qHGWIm90qJ
4o7UjSO3xVFvZAa8wjALSyTkSuJeoVOKpsI3k75cFaJDsAvuYUtbsgpH2gEzziF6
kje0CpRis2uZrbKweti1lTsKeYa26PwF0WN/RTBR7TrstrPDQAxFJfEgYYZucqt3
ZNzUeV1K0amrSuKLDARKjxuj5HRrmLSQLjr2RKrXasHCwpqbPaS1YoOqiAWDHPhJ
ZrY+75KGWagE7c80RsxDCelk6nI6j5chtqrknitXJFTErpdA8J830MOCijk37Zlt
Nw/2IQdpMPAng7sVB1goIz24/qUoAenXCmvNOHj8zuZqYI1XBIoMUf7IiqSfpH0M
BsXpqegKJXZ9qWiSHkDGgULGqObfsHF9y7nJZnRh53U9ZkjKtyQ=
=w+bb
-END PGP SIGNATURE-

Accepted eclipse-jdt-core 4.15-1 (source) into unstable

[Debian FTP Masters]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 26 Apr 2020 23:52:04 +0200
Source: eclipse-jdt-core
Architecture: source
Version: 4.15-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers 

Changed-By: Emmanuel Bourg 
Changes:
 eclipse-jdt-core (4.15-1) unstable; urgency=medium
 .
   * New upstream release
   * Standards-Version updated to 4.5.0
   * Switch to debhelper level 12
Checksums-Sha1:
 8e388ec5c43b1232c8becce29882d86d52970701 2852 eclipse-jdt-core_4.15-1.dsc
 0e1611ad4b9aa2915c0dbceb29f92d248f05a371 7110920 
eclipse-jdt-core_4.15.orig.tar.xz
 780886701f18ad53c2a9c0f64614fd6ad3ca114e 8820 
eclipse-jdt-core_4.15-1.debian.tar.xz
 077e5f44ccf3d28d81674da2e3a9cddcb0370644 9123 
eclipse-jdt-core_4.15-1_source.buildinfo
Checksums-Sha256:
 6ad968dac430d20d88e09941ded618c7e6734e1013d68d3d481c683c7c111922 2852 
eclipse-jdt-core_4.15-1.dsc
 64ef9b365a3bd4bceddd3087a2fa8842d61d3b9751e71ae25d41bda7673d0619 7110920 
eclipse-jdt-core_4.15.orig.tar.xz
 b4a876bb853e0e196ae4b9984c3a2722bf5af42727f30258b5f28e9259b9a798 8820 
eclipse-jdt-core_4.15-1.debian.tar.xz
 0ad6aef65ed59037b4c3146b7b609f08a87c32ba79986c1f0b1b6794ae01d0d7 9123 
eclipse-jdt-core_4.15-1_source.buildinfo
Files:
 0520ab2b6ca3f9135e53da2de598664e 2852 java optional eclipse-jdt-core_4.15-1.dsc
 df9cb98ac6ecda7d00a4984a5621a4f3 7110920 java optional 
eclipse-jdt-core_4.15.orig.tar.xz
 6f17187a23b35d9467e59b4b19273538 8820 java optional 
eclipse-jdt-core_4.15-1.debian.tar.xz
 22e2ac9178365300dab9c569e246480c 9123 java optional 
eclipse-jdt-core_4.15-1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQJGBAEBCgAwFiEEuM5N4hCA3PkD4WxA9RPEGeS50KwFAl6mAqQSHGVib3VyZ0Bh
cGFjaGUub3JnAAoJEPUTxBnkudCsqCIQAI4HUoe4a32GvZ2wk4yjLgPL9O2zcI9h
36lPZa3d6bJbtPZhCwd5TIAzp6FF4CqRPBVUC8/OzZXG2JYqxpWK+ltV0oVe/M08
SmsjXbh9VpnoOpYqvcYfPP0xhVXWQCKYJbJkKLY/mKgv4VCl5FG1OmrP5OyoDtTf
GWiOGeAyD0Ba4xeZC3vzv4s9jzQi9y9YOtwvcdRHlnekk4z5Tcxj0McNcbn/vjnX
Ba8aOEg4P4Q/7RLrBQadPIuRG64dD58MWgobl+Trreg+cD4Qu4x/L2X7/YxPXRDo
oHc8sCFa3xqVxldlaTt/To4V/7qeywOv7nggri1hQfQe6Lz6xvLZp9NtBQ50Izxl
abY4plQEssFEzHiM7LP3r5AgnKWmxzNKJRxYQxVTqUvcRG6Inec9USUzW5Lt/RM1
fHt53waDvzi1RMGTTcoNy0f2MXwo3vvwnfIf8WBQ/2d/p6h3khFwgyBy6xR/Savo
a/YJyRiq0n+8tK4FUUmDtF1iDrm6OyiBTtUnHuj1fh+pxwGzr+BMffXzvZp8lulX
i9pENCk5ETBn3grqP8ZjGjuOkIA/luJeuqdyVAgx97Rfh4f5cYuFJVbNs+zbUI4C
PqsSMiAbSsL4/uJ237f9DP+8m3Zhmpc1p+FcPSsiw4FmFBg4sK7oGZKd0t+1msVV
W/vAqwXrSs72
=CRSA
-END PGP SIGNATURE-

Accepted nautilus 3.36.2-2 (source) into unstable

[Debian FTP Masters]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 26 Apr 2020 17:46:49 -0400
Source: nautilus
Architecture: source
Version: 3.36.2-2
Distribution: unstable
Urgency: medium
Maintainer: Debian GNOME Maintainers 

Changed-By: Jeremy Bicha 
Changes:
 nautilus (3.36.2-2) unstable; urgency=medium
 .
   * New upstream release
   * Bump debhelper-compat to 13
   * Build-Depend on dh-sequence-gir and dh-sequence-gnome
   * Drop backported patch applied in new release
Checksums-Sha1:
 ff67c4b648c88289fac0c3c6310638a294803f3e 3110 nautilus_3.36.2-2.dsc
 83cfbc666b55c8a9de4c1c1c57a43b5963c217dc 3201748 nautilus_3.36.2.orig.tar.xz
 76f8acb8d7240fb0b3fb78e67cf279e571073aec 24412 nautilus_3.36.2-2.debian.tar.xz
 2bb38b0b63401b94d010f2752feca2e6efc75adf 21292 
nautilus_3.36.2-2_source.buildinfo
Checksums-Sha256:
 8bbf688d5cf27d2e2062452a6a3f58cc94d9a1fc3ffed2ee11ae155750312636 3110 
nautilus_3.36.2-2.dsc
 26673c9599502452cf299358729be8b554066a9b670d89b24e245160d15776fa 3201748 
nautilus_3.36.2.orig.tar.xz
 f49b25dccd6a835d46122898932b1216ff33b644d8cad167fc2082dc99a774d5 24412 
nautilus_3.36.2-2.debian.tar.xz
 a81e89bc6d508e4d8e3e1850cd854f63d527c43e1e815b29d1cdd7cdcc891cc7 21292 
nautilus_3.36.2-2_source.buildinfo
Files:
 ef42c45fce12bbac8eca6b6efe60472a 3110 gnome optional nautilus_3.36.2-2.dsc
 232e60565be545d4aca737f6a89514c9 3201748 gnome optional 
nautilus_3.36.2.orig.tar.xz
 0c1a56fc317d66122c0b670b4cced537 24412 gnome optional 
nautilus_3.36.2-2.debian.tar.xz
 43b9c76cc7f65cb9ae1ca2b5ced20ff8 21292 gnome optional 
nautilus_3.36.2-2_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEETQvhLw5HdtiqzpaW5mx3Wuv+bH0FAl6mAi4ACgkQ5mx3Wuv+
bH2M/g/9HxJD03K7Vw9egtB5R5bWnwtKukp8xQ3/naawgh+tow1tIoqwcx+k9Dsv
ugeuvxJrwt0hpLovITsR4WcFetLjj/3VbmvkUgqPz2eFpphh5TQTwPKoiSSUvezw
ClSThagnQWV0kMIW60PLfru5k2ijcQFOQxu7SjZjNdA0onBWifDr/wsZXkZuceYq
LvStqQittojI7pvQEgNbM8/9NceUhG9Sb7Cybe6+QhpvOywhr/MqAtTnDMpWJVRx
1Ktk06CXC1eotjCGRNDAVDUruayGPfyXNukCvkyDK9RH3PyqsDKlRs/sjRrhk/+O
utj25PEIhhe+u+NWj7+SUZZB2rQVyTxLgYBON87I1wGDwWQ9sQ9CsL8PGvhXk840
PZePYJ72KQX67VkuaQLxgOwejYANFKqIVQsyBL6LjS/nvyZqNyBdpcEJgKYwRpLn
1MgPM5EG3ltzEAcujFUKIHsi9/EDIvICHz43Fp6uIS5mLkWrH7tUz/pM9TN/yqQS
7o8wbpL8GIRdY8rw7KTco80+1X7YXkEHqFVxhCxYrK1MA/a8cNZZcV8Np3uGCiEJ
3iWKrwewlM0s3pW0oqyHnJmuB/fvpaVtwsNMUq20bKOFlcprNL3F+grrectdZryG
yKYfql6x1eJBeZw1dLFb352UNvwDLWcYY3k+j8qyxcu3ZGAu0z4=
=7qdj
-END PGP SIGNATURE-

Accepted eclipse-platform-ua 4.15-1 (source) into unstable

[Debian FTP Masters]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 26 Apr 2020 23:41:48 +0200
Source: eclipse-platform-ua
Architecture: source
Version: 4.15-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers 

Changed-By: Emmanuel Bourg 
Changes:
 eclipse-platform-ua (4.15-1) unstable; urgency=medium
 .
   * New upstream release
   * Standards-Version updated to 4.5.0
Checksums-Sha1:
 e32bea114bb69c8ff020bc8859bfaae3c09a8ab4 2335 eclipse-platform-ua_4.15-1.dsc
 bf5b182dab3d38ff0acae011de2e0b44748b5f25 4619316 
eclipse-platform-ua_4.15.orig.tar.xz
 fa6723f720d487c7f0c8c6e52f5937c7c34c9be0 13424 
eclipse-platform-ua_4.15-1.debian.tar.xz
 1a51340feeddba8b7d7fbee42a62ae04b055ef44 8992 
eclipse-platform-ua_4.15-1_source.buildinfo
Checksums-Sha256:
 0cf0aad3d4ba915a059b9231bae2ec5930f42602fde2a12fd86492fdf26950e2 2335 
eclipse-platform-ua_4.15-1.dsc
 d8599218ba4d4fb129c1030bda67c0a1f9afd3d2ce5a75ad6b1c98249107e799 4619316 
eclipse-platform-ua_4.15.orig.tar.xz
 4b53563cc737b606ab8b218c96faf9c576e68cc3aec7ddd4e789b6c70f43e1ed 13424 
eclipse-platform-ua_4.15-1.debian.tar.xz
 8be501fca400afae6ef11dde4be2b54e8a77279550aa25c293fb8061d2014023 8992 
eclipse-platform-ua_4.15-1_source.buildinfo
Files:
 28310af6dce7227c762004b45d726411 2335 java optional 
eclipse-platform-ua_4.15-1.dsc
 a8f7b6c57fcb9d063b17a87089d5f1c0 4619316 java optional 
eclipse-platform-ua_4.15.orig.tar.xz
 d81974bab788c3b63b72869d3d70c2e2 13424 java optional 
eclipse-platform-ua_4.15-1.debian.tar.xz
 e135a501d86cec6106ffb6631b130fc4 8992 java optional 
eclipse-platform-ua_4.15-1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQJGBAEBCgAwFiEEuM5N4hCA3PkD4WxA9RPEGeS50KwFAl6mALQSHGVib3VyZ0Bh
cGFjaGUub3JnAAoJEPUTxBnkudCsriMP/0qdHBk+6Rm0MJoHkROtIPHhtHhXIi+n
usmhKJu37PDvpG9a+WLeOeg4UTUYiXul7SkObGwraIdU1A8/JUlkfQKytukgGPlu
08hVVMmLsNIrrqU7B8HoX+7s5HJCTBF9J9bD6HverWmFU/IxATu+6NpUAF0BIvnH
48zRYmF32qv500BLocV/56loioJoG6w8CakaEEtvtftl0HbeHFpzcnq14I3JS0Ix
U77s59A9+b5dVdy97GBl8t7sK2N9lC1YoCtlZZFE6RoWCUX1rxMcG+Yw9WZFm2C/
mhdtZWylqPIBuz/IgO02EoKOckPJan85pf5sByXASKxJy/NXj4mP3N8bWnCeLW2A
rj0+nEocLMTfH8If/DlUZy4o3RcZ+GxlX7JB6ydJtWshLYegVcrW9XSByCoGRarR
4pQuA9rNxpkdRWN5qDGvGk5V8ZWu9m7x9Ugt4BhheEKGu+bPixUzm7w2ViOa6hiD
TD4FBHoDoinKHz7DDHbHn7Bx06fDxacvHf2tlHbfD9iLh0W9N7resabxoRfedn+n
40X9vjuo8j5joT0eUpSdqw4Uo8KLcYgf/YixyHPjxlcHlP5gx0viEetnP5I+Mx2/
25b+Og7lc8lFu6uiyWGTwL2uQj/L0B2zVmnmXGV7KFDVd/Z3lSk20fc3DC5uhEo2
mlgt+RmbTNCQ
=5MQk
-END PGP SIGNATURE-

Re: Salsa update: no more "-guest" and more

[Russ Allbery]

Mattia Rizzolo  writes:

> Since I sometimes I don't really know my passwords, I suppose at that
> point the "something I know" instead of being the actual password is the
> GPG passphrase used to decrypt the file that actually contains the
> password, but it's still 2fa.

By equivalent logic, a GnuPG-encrypted password manager containing long,
randomly-generated passwords is also 2FA, without adding the TOTP element,
since you need both your passphrase to unlock it and a copy of the
password manager store.  (The reality is that counting factors has
limitations as a measure of security, and it breaks down here.)

The main benefit of adding a TOTP authentication element is that a
successful phishing attack without a local compromise of your laptop has
to use your credentials immediately and only gets to log in once, as
opposed to being able to store your credentials and use them at any time
in the future.  This is real benefit, although I'm not sure it's worth the
hassle for everyone.  The drawback of adding a second factor (account
lockout) is real and worth considering as well, although less of a worry
for Debian Developers and Maintainers with GnuPG keys in the keyring since
we can use GnuPG signatures as an account recovery mechanism.

If you want a good second factor, a physically separate Webauthn device is
superior to any OTP scheme (and also provides much stronger phishing
protection), but it does require buying and tracking a physical object,
and since that object can break or be lost, also storing backup codes
somewhere safe.

-- 
Russ Allbery (r...@debian.org)  

Accepted evolution-data-server 3.36.2-1 (source) into unstable

[Debian FTP Masters]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 26 Apr 2020 17:36:00 -0400
Source: evolution-data-server
Architecture: source
Version: 3.36.2-1
Distribution: unstable
Urgency: medium
Maintainer: Debian GNOME Maintainers 

Changed-By: Jeremy Bicha 
Changes:
 evolution-data-server (3.36.2-1) unstable; urgency=medium
 .
   * New upstream release
   * Drop backported patches applied in new release
   * Drop obsolete dh_strip dbgsym migration rule
   * Bump debhelper-compat to 13
Checksums-Sha1:
 c8049bb7ff723d87e13e361b1c1ab25b2dcc8415 5295 
evolution-data-server_3.36.2-1.dsc
 1c7dd570b473a75281789d8b91ee3939417886d3 4631984 
evolution-data-server_3.36.2.orig.tar.xz
 763476e74579373248d0adc9285690bf7cbfc525 53316 
evolution-data-server_3.36.2-1.debian.tar.xz
 2f20bcff2d8981533181cdf7a4602e19134b9bb4 23210 
evolution-data-server_3.36.2-1_source.buildinfo
Checksums-Sha256:
 cb7a710e444231dce2f5ac288e6e8a6482885089d9955761eac3a09041842905 5295 
evolution-data-server_3.36.2-1.dsc
 98e274cfec16cee6a4b3b9c7897f6e1136d00e4f31a0d66214925abbac76e97b 4631984 
evolution-data-server_3.36.2.orig.tar.xz
 fd3f65b650aecfdc030ce5e98375d99b39b43658186c01dd1268cc9f9744e6e2 53316 
evolution-data-server_3.36.2-1.debian.tar.xz
 c725f18273b7c52e106b1b9ed6f81c476b72e3c2acba265318a7db2b540747a9 23210 
evolution-data-server_3.36.2-1_source.buildinfo
Files:
 70c6f62d8d4b6e89557739457dd90c1b 5295 gnome optional 
evolution-data-server_3.36.2-1.dsc
 0d09eb9bdc50930d7057c8d8a34bbe7a 4631984 gnome optional 
evolution-data-server_3.36.2.orig.tar.xz
 04d6e67e7a33bb1549002f591febdeb4 53316 gnome optional 
evolution-data-server_3.36.2-1.debian.tar.xz
 83c1b05308744ce20d4cde95d7742910 23210 gnome optional 
evolution-data-server_3.36.2-1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEETQvhLw5HdtiqzpaW5mx3Wuv+bH0FAl6l/1wACgkQ5mx3Wuv+
bH2inA/+OOKB1KvL6uNGthU8slIaanXXpNCRRm+78/RcqIQk/f6OM0tJvYJ0m4oC
2n99+nwOFJBxNnaC7gK4Ym+kVKXjJIKEvpb+893/WIGjrVEMgVMcfxtZeZr5rgCL
D7fZWCdfRfjc4Wsj2GrIzyzy+4U5xRKb5KVeEaChpTMgi5NE925kxFI5tyesuhsI
/dqGCqte10LlR90lJB460xXj6EaldY44cI9b6d5yXDo826ixrFvMzfme8q5sAbuL
q5JCGOkqkc9BZ2c75Ef8n1bLIjCSyL3sFrL4TdaLfgnNBVjP7/XZ0KyEDA3CoDEW
le2VuO9HQuNPB1V/hUX1k1LsxUB7IW7wPDrLKgTvLVTDo4nsdKOxo/CKqzJPqzOc
W5trqf3iZPAngH2xlsqTxy5d8XbtEgc4h9v4dHAcjvQv1rOhikUqRj5/976OpMFl
ns4c2lrSh+bSK400Bk5+nZIj6MqrIkVxvq8hCFKujnhxL1qzOSfYk4oDzGOIWG8I
pZrg6uDGF5d8mUwQkQHtuC8pz4khzAG3JLHXk6bKpz9SGj775xluiBgxZOc4/+wQ
q9M+awITSR47EyczaDp63NXUy0apqCgdEcbOFEYULJjrSbBOym+YTIcHnYEN5dB9
+OawTu3Ydfsa6afIYhV4eCQt+Md6xvs4RtffipRlqEwgurtd7dA=
=w1Gu
-END PGP SIGNATURE-

Accepted eclipse-platform-team 4.15-1 (source) into unstable

[Debian FTP Masters]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 26 Apr 2020 23:30:05 +0200
Source: eclipse-platform-team
Architecture: source
Version: 4.15-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers 

Changed-By: Emmanuel Bourg 
Changes:
 eclipse-platform-team (4.15-1) unstable; urgency=medium
 .
   * New upstream release
 - Refreshed the patch
   * Standards-Version updated to 4.5.0
Checksums-Sha1:
 2a4bcb2cbcf026924621edbc797f602782229b80 3387 eclipse-platform-team_4.15-1.dsc
 b00176261ccd008daca326c6b2456c18e095a23d 4541052 
eclipse-platform-team_4.15.orig.tar.xz
 7091e410bc17c1a19ee23d3c5fab3606a0f5fa98 8084 
eclipse-platform-team_4.15-1.debian.tar.xz
 2d5894fe60a0c82aac86d2f2ce39e67857348109 11210 
eclipse-platform-team_4.15-1_source.buildinfo
Checksums-Sha256:
 98bd2d5ab3d7e1645d23a378031d8392a84c6f8703b3443e833c1efbe1efe9b6 3387 
eclipse-platform-team_4.15-1.dsc
 8d9fd8bb84fb80cc62b4f7a3e478fad770cf66bc3184934c80146382ee819903 4541052 
eclipse-platform-team_4.15.orig.tar.xz
 ee29e8ea6561af4bc701447cbabd3e71b308c2f033433793beb916137b7d3bc3 8084 
eclipse-platform-team_4.15-1.debian.tar.xz
 4ea849d95bad94e5d7eadd53501134d084b3d9a28b4bce6c6cbca96fc3c973be 11210 
eclipse-platform-team_4.15-1_source.buildinfo
Files:
 2c064cdcab35f86de748252283c0ea16 3387 java optional 
eclipse-platform-team_4.15-1.dsc
 dd6c815067ea8ed4ec7a89afa1241b06 4541052 java optional 
eclipse-platform-team_4.15.orig.tar.xz
 543f5aa702c4195f08abcf35577f0168 8084 java optional 
eclipse-platform-team_4.15-1.debian.tar.xz
 1f02941d859e71da99f693490b3fce8a 11210 java optional 
eclipse-platform-team_4.15-1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQJGBAEBCgAwFiEEuM5N4hCA3PkD4WxA9RPEGeS50KwFAl6l/XcSHGVib3VyZ0Bh
cGFjaGUub3JnAAoJEPUTxBnkudCsLW4P/2InsTkpNU3QHWLJYiMqp213tLaDzlzz
4Y7s7PbT0G9pEPtxTrFBUiXdURBKn/118QTmD/qjTRd3LFECUB5kbs3po2d/1c7j
dZVzy7yhE/lSuiML1r8QNrfVW89Y4bS45eaMtU/hslEYVzC4LYoEkyJvopgehOgA
tu3E8VLpBPeRHQ6T9L2QT6ZsHX7sPHjGVM4EFpPQ5SajrNEqSNKtkCjGsAKMexTp
KJWri1svy2rRARyEvaGcCtGJ+jT1OeFWyvilMZ01553FzYZao03DpDctWRQH/yjz
t/bmA4zSsARIxfBi1Ax3dvCmi8SMIBbVKrQZRtNtC6A/kdDn+d3vk7uL8SU17z4y
WYHwOZRx0o9IO+dRkMFSb86EnXRN5aCudDc1qjsBwtT8q8fi1aXg830TcMyiF7n6
Xsy1jtQ7afUGpsZ6cchEDpciY3fEG2KblSM77mxg33np3Po24wIvIvrPlMx+92Jm
jOCuOUf+f7K59EhS5LpqISHO+zuILHgS4Z1PFkkoFOOySvUuvGnGSC/gLLmAP3YW
oLMkEXNeQ3Uqhye7tOw8AH9gbLLeBRCF1VS2b+uc9aG7e4TQoxt0tYpHvlb/NZBR
fLfq79pbNAWv+8LdDifCedjy3UQP8ZeCF82RKcjI8EUEKvkb+DVAF7r7bB5uTym5
/WNLfZxxOsUl
=/R9v
-END PGP SIGNATURE-

Accepted nodejs 12.16.2~dfsg-2 (source) into experimental

[Debian FTP Masters]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 26 Apr 2020 23:28:38 +0200
Source: nodejs
Architecture: source
Version: 12.16.2~dfsg-2
Distribution: experimental
Urgency: medium
Maintainer: Debian Javascript Maintainers 

Changed-By: Jérémy Lal 
Changes:
 nodejs (12.16.2~dfsg-2) experimental; urgency=medium
 .
   * Fix arch all build: skip tests, make install
Checksums-Sha1:
 cddebf21de9ae911face59fa5fd8a8f789e2f0f3 3103 nodejs_12.16.2~dfsg-2.dsc
 0e1773ae0f3b6a493a425d01d2bf85b14e533188 129256 
nodejs_12.16.2~dfsg-2.debian.tar.xz
 1d459ce1ac53615881b8ffdfc53a3d54db8ca298 13963 
nodejs_12.16.2~dfsg-2_source.buildinfo
Checksums-Sha256:
 8b2b957509d88796e95f0f71aa14ae795492918d9f5b56e687f4b1b0dc31ba6b 3103 
nodejs_12.16.2~dfsg-2.dsc
 42b5b568cbb0258c9b213a03d0d4cfcbb779e60171cf7c61d4e809486af981d8 129256 
nodejs_12.16.2~dfsg-2.debian.tar.xz
 75fdaab0c00f72666aad9ddec46a6f3f0c448e952b00407b8dbe9f3c5dc9968c 13963 
nodejs_12.16.2~dfsg-2_source.buildinfo
Files:
 a58963789d5358cdf3f93dbaf1b12cee 3103 javascript optional 
nodejs_12.16.2~dfsg-2.dsc
 f7a6dfc1a28275cf66bd347d59296b2b 129256 javascript optional 
nodejs_12.16.2~dfsg-2.debian.tar.xz
 7d51709404298d59a5c30235f4c43d33 13963 javascript optional 
nodejs_12.16.2~dfsg-2_source.buildinfo

-BEGIN PGP SIGNATURE-

iQJGBAEBCgAwFiEEA8Tnq7iA9SQwbkgVZhHAXt0583QFAl6l/SQSHGthcG91ZXJA
bWVsaXgub3JnAAoJEGYRwF7dOfN0LTUP/2EBbLPHRImpySi3b9CujeZFLc6wZ7cD
GCBsSmQRFrFWA6EJ03YqL0NZ/swgNHtSXhcwZI0tSuZOlvGqr69wD0bCQog4gO0K
5hs6vOmRwMmEZnJRNP7igDit2qDbdca4ucb+eflIOcGU+XmGn5wB255nWQdjB9os
Crgi1eNj/3JFYj/9z6ybMFO/e38EzCL6c0K3TfjvzabRNfLju22BVyjz7lAbK3di
G6WLfkyFjxO7WYfOcMroKS2bWDVgGQX6OMOBZcwW5Yb60M/c/9FZ+VybPsYhAw4/
M49+DHhT+B4bHIT4V4lQEJSg1DXcDsqwUl9FFvmSrK4Q7TOnwp2XPi+76u6zu/kd
harQD+caPyh1dCwDChnuwdzQoArz5Xih5B5afS6DaG/dd9RwgjyoZy2oaYuRsol0
tlv4l7KCMDPhXenQn9y8BXFTZqVAmlhhOG6mnQ5lC4c8qhKLXZdR/vuO9a9qdY21
JSExeqi3w6n1w7COMHW47ls8Dtz74JCm+xk5QfhtGrM2qCMgjz7cOrPn1dQ1mURJ
UioPos33f5xlA+UjZ8P+F0Ldd22b83Qs2YNB0jIspX0HnWQ39JmDYdgwudervSZd
0FsdnojU+1TzFbxJvvHnbrJL30KyMx/eBGZ2uyXaLf4u2mvMRwVCb+SPjesYZhPB
0datJ9bPs4bo
=Unef
-END PGP SIGNATURE-

Re: Salsa update: no more "-guest" and more

[Paride Legovini]

Michael Biebl wrote on 26/04/2020:
> Am 26.04.20 um 14:36 schrieb Mattia Rizzolo:
>> On Sun, Apr 26, 2020 at 02:07:54PM +0200, Bernd Zeimetz wrote:
>>> There are even cli tools that do the same stuff. I'd guess there is at 
>>> least one on Debian.
>>
>> Indeed, after I first lost a phone, and a second one broke, leaving me
>> with a quite huge pain to recover my accounts, I started using
> 
> On Android I switched from Google Authenticator to andOTP [1] because it
> has builtin backup functionality and being open source is a nice bonus.

Another good one with builtin backup functionality is Aegis [1,2]. It's
GPLv3 and available via f-droid.

[1] https://getaegis.app/
[2] https://github.com/beemdevelopment/Aegis

Paride

Accepted golang-github-satta-ifplugo 0.0~git20191008.ec0007a-1 (source) into unstable

[Debian FTP Masters]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sun, 26 Apr 2020 23:08:39 +0200
Source: golang-github-satta-ifplugo
Architecture: source
Version: 0.0~git20191008.ec0007a-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Go Packaging Team 

Changed-By: Sascha Steinbiss 
Changes:
 golang-github-satta-ifplugo (0.0~git20191008.ec0007a-1) unstable; 
urgency=medium
 .
   * New upstream version.
 Also addresses #957811 due to upstream removal of affected code.
   * Use debhelper-compat 12.
   * Bump Standards-Version.
   * Remove obsolete dependency on libdaemon-dev.
   * Clean up trailing whitespace.
   * Remove unused Files-Excluded from d/changelog.
Checksums-Sha1:
 3a9eaa10ef24400592ff016889f559f64dcf05ab 2427 
golang-github-satta-ifplugo_0.0~git20191008.ec0007a-1.dsc
 ee051a9f1e3a5dd51c9f1432be078125ff681497 23672 
golang-github-satta-ifplugo_0.0~git20191008.ec0007a.orig.tar.xz
 dfd5882d42f39a592bb06fc5e25876f6d5fe0e1c 2548 
golang-github-satta-ifplugo_0.0~git20191008.ec0007a-1.debian.tar.xz
 73f1188e798fac5b531b7d9b98e7ce68f3fbf498 6668 
golang-github-satta-ifplugo_0.0~git20191008.ec0007a-1_amd64.buildinfo
Checksums-Sha256:
 203ee71ab5c18e9e7849758e4cdcf0e5445c662a50bbd9a7e5a4a443031c66f5 2427 
golang-github-satta-ifplugo_0.0~git20191008.ec0007a-1.dsc
 f1a81fbd728aa53778123976da70b6e5b0bc9df005b9642b27cf63fdc4c2b32f 23672 
golang-github-satta-ifplugo_0.0~git20191008.ec0007a.orig.tar.xz
 cb6921c9e0b3bf4a657b6194cb4fe305986ed56246863060b01529e8f8f6e03c 2548 
golang-github-satta-ifplugo_0.0~git20191008.ec0007a-1.debian.tar.xz
 89e81877be5c86128c1993ea4004b435b1915668c6ec249844b52a83be93782b 6668 
golang-github-satta-ifplugo_0.0~git20191008.ec0007a-1_amd64.buildinfo
Files:
 20b8f5a0c2fd1efbdd856382e8e44e16 2427 devel optional 
golang-github-satta-ifplugo_0.0~git20191008.ec0007a-1.dsc
 83f179f3091f9b4acad9431ef24c368d 23672 devel optional 
golang-github-satta-ifplugo_0.0~git20191008.ec0007a.orig.tar.xz
 fbebb7172a060953d2cbd2d7db98ae70 2548 devel optional 
golang-github-satta-ifplugo_0.0~git20191008.ec0007a-1.debian.tar.xz
 14836df26be8fd110e51ccd521469fb8 6668 devel optional 
golang-github-satta-ifplugo_0.0~git20191008.ec0007a-1_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEEWzS6WqtVB+kDQm6F6NN64vCfSHIFAl6l+nEACgkQ6NN64vCf
SHIQKQ/+Mxj7Tu3NBL2qsis4+gUhy2gV4AERtVtl2wGYbL/660RWL2VFtbl7UKlm
yMDubdV+eLZI10/T9pspoOXMOecRviZLlAHJfhzGapiE3Vr3YdbhM2/aq6lsiQDh
wyNZxRYh6Q07v2oXwTlSnshGwUd1q9Go9B2xr6JLfFbE59uiiT9en7sdEJP29wKz
v/aC1at16+4us7qFPguMUchrNthO3ACxlfgQ65iW71GM1IfqHA+E/QQVZMNEL/qk
FXr0JVydfJmr8o5Pd88/QvVvPYN1g/Kd4ViuxLuRc4X1NhK2DGAyW/3XeUZU6pUY
uxHuQFa0QQMyr612avfEz+SglzlnIZvnZGz8IW3LSWjmk/UDMo2cbfPW1xffJdlD
enNnTyBdCKBwch6ef41a7/QVYUgleDcd6OmrfnXYp/6fGk2fgT0A3FtOwjvCf+4M
+OalMHJTGUI1WFeDsRApGcU8jvgAlYyQLkbDopALopBYZs2BsjleUjKF6XegvvN4
Qainc/lex63T6Emm+RoncBcy5aTDoD7zf3A3Qx+Cxyyo+nMOpHQ4xBHNOK+SN+On
tZIws+5nhp3H9GC+IeccBPIEZLiiwupBzsc2AGYl+76XBcm/kbE9nXm+uUUWP3i1
rr7eiw1QMrBhduTZYlwVn++KGLRKsc0pcbVxVlPu61GHF0A5TJg=
=WYAc
-END PGP SIGNATURE-

Accepted dconf-editor 3.36.2-1 (source) into unstable

[Debian FTP Masters]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 26 Apr 2020 17:16:50 -0400
Source: dconf-editor
Architecture: source
Version: 3.36.2-1
Distribution: unstable
Urgency: medium
Maintainer: Debian GNOME Maintainers 

Changed-By: Jeremy Bicha 
Changes:
 dconf-editor (3.36.2-1) unstable; urgency=medium
 .
   * New upstream release
   * Bump debhelper-compat to 13
Checksums-Sha1:
 05d8c65a53750af23c72403b12c19781ebbedaf5 2131 dconf-editor_3.36.2-1.dsc
 ac69530a49837fe2509e9c742d423eedd3a9811b 583156 dconf-editor_3.36.2.orig.tar.xz
 763908e750ba1ba62821098a3d0c361f5094c7e8 3380 
dconf-editor_3.36.2-1.debian.tar.xz
 4dadecd0da05da65d1780dd309098813f00d6490 17908 
dconf-editor_3.36.2-1_source.buildinfo
Checksums-Sha256:
 1dc57c057588c35c539ace47fad8ec172a8a839ab235c5ead6269b7d6d1bf166 2131 
dconf-editor_3.36.2-1.dsc
 edcec8867f018589125f177407760c64252fe5122daac5905223d6b3e1c7 583156 
dconf-editor_3.36.2.orig.tar.xz
 d7b1ad89061c36a795175f033c4836fd91026e858b51bc92eb109f52a1609aef 3380 
dconf-editor_3.36.2-1.debian.tar.xz
 1e686043239110a31fc9d7ed7bc7c302c920726a71c159a361fcca3d8d20a04d 17908 
dconf-editor_3.36.2-1_source.buildinfo
Files:
 a8bde5d1d9d08ac2fe3f7fb98a2795c6 2131 utils optional dconf-editor_3.36.2-1.dsc
 78bd905ed3c770a00c850d8cffec88a4 583156 utils optional 
dconf-editor_3.36.2.orig.tar.xz
 d0e9847ab5ec7c727c61be586d5de719 3380 utils optional 
dconf-editor_3.36.2-1.debian.tar.xz
 41884ceb9fffaa3f477f287d89fa1616 17908 utils optional 
dconf-editor_3.36.2-1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEETQvhLw5HdtiqzpaW5mx3Wuv+bH0FAl6l+mAACgkQ5mx3Wuv+
bH393w//UINM9D4ByyELUxn5yoKYtev8vOLVXhMJ4McEIgyAiDszV0RuDaWe2KeR
pEasSBDst4C6afWyJuOKqnPfYt+X4zjDSr5EKru6gI4KlDaU2t/4yiDtCGQPcOiG
wYan0kpusXUSHjf/17ZGh4nMwGEWu58fmH2brj8fY8xaloamDlbSGw3LLY1MKbWw
UF9h8PhkLLJq/1p8xewRggl8ko53lxB9W9EuFCeFTw3lliDV9PkJX87Nr1N6Lkh5
HUQvAdAP5lGh1RxN8S/Un93Uxun0I0Zj3k1Bq6TcmaBK4wf1MOYwOKzSrATFAkl1
Wl4zFX8y6ylHS+Bd428vqKqPYYwj8e0U4NxBlTeZpbB6sxRGc+uZoz2v1TKsL5ko
xpsjjAcB5Pd/PprJDHzHLQdmjXAWZU02/Al/PHe0QWhDtvn0p5CJRm2xc4D7vJsd
I7V7XDxMoZYI9SSQAD2uS3nyB9iToNA8S1nwrJjaK19rSbyGGOPUoPMK5hJYFC0s
ElSeirSSUNd9aCf0oqGc+aDKckTP+y+7DZLVaLVTU/v5hLj4KmrhXbBm88W4zN7X
iM2E3mY8qTaWOe2n6PxU6EMcz/xmi8WmTqcz4EVyJ3vKf15hSe7CoVCRtpDGOuug
KjeetAUSlncNzEzDtVMKjGHE0FGEGc6D1ru8FS9CehJPvbpqoDE=
=d+QX
-END PGP SIGNATURE-

Accepted devhelp 3.36.2-1 (source) into unstable

[Debian FTP Masters]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 26 Apr 2020 17:14:13 -0400
Source: devhelp
Architecture: source
Version: 3.36.2-1
Distribution: unstable
Urgency: medium
Maintainer: Debian GNOME Maintainers 

Changed-By: Jeremy Bicha 
Changes:
 devhelp (3.36.2-1) unstable; urgency=medium
 .
   * New upstream release
   * Bump debhelper-compat to 13
Checksums-Sha1:
 71dffa6241fd399e58643bb0b3bd88529a11c3bd 2588 devhelp_3.36.2-1.dsc
 ff2a4c1d2a70cc74481a7566c948a1e7cd1837ab 302996 devhelp_3.36.2.orig.tar.xz
 61709c0f39554e4174bfa7c6315846e13a4a199e 16964 devhelp_3.36.2-1.debian.tar.xz
 d0a91e4a6a21b4d2102497476d50acb01d9cf0e0 19840 
devhelp_3.36.2-1_source.buildinfo
Checksums-Sha256:
 83af7b8f97d4802d2c321110a9419840a29c4dd26c1886ba5f69226a27a417d8 2588 
devhelp_3.36.2-1.dsc
 8b5a84319efbb2ef1bc4022ee3ed2d6678794eba2dfa993e50e03d6e7b930c5e 302996 
devhelp_3.36.2.orig.tar.xz
 aafebf15fe6c76d8336ddf8fd70a2c123d9934b6f1f3ad37301a2595e483db8d 16964 
devhelp_3.36.2-1.debian.tar.xz
 3f87a680a5b60ad61e4df2328838ccfd4c43999a803189b67525024195defd40 19840 
devhelp_3.36.2-1_source.buildinfo
Files:
 b2d892adf6539da48b5f926a78b5d8f1 2588 devel optional devhelp_3.36.2-1.dsc
 18c2cb689da880eb2c8936335bd7c1cd 302996 devel optional 
devhelp_3.36.2.orig.tar.xz
 6892d67f398c447e17ecfb4aeb616e7f 16964 devel optional 
devhelp_3.36.2-1.debian.tar.xz
 c26532a438449fc2d4cde3819ea1dc3c 19840 devel optional 
devhelp_3.36.2-1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEETQvhLw5HdtiqzpaW5mx3Wuv+bH0FAl6l+dQACgkQ5mx3Wuv+
bH0sOA//fHJ9pDJGb1ZkHUHH3LmX0Kg127gW9rRsDzVXEgTzeIuwT+WtIA6ERHFd
bRAYyW8zKJk7/uMp5e4AWgoDINKEV33XbAEhnbfofZPS0bG0Aiwb2MUZFVmAJWb/
pso/wrvWLwLA7Qbh84ovCOFyoQk+y6BqM+EVhOf2gp+ApO+8lIl9ehA6T7XNEetA
O7+E9oo4oPypU0wBOPdWCOlj7075GvPIcKxS0bPqJ8hGY+Hd8+7Y7M42kQcqSyP5
aGOvmSm5EwKRa3NN7ajkP7y4XtCj6b0e/rfA25YMmnKgdf+0VAXk1GJ/iLI47L8U
4uXGaWLX76nm++alWn8wy0/Zg2ZX/FwaWQS3xFNH/2bKDEQ1BobXNtAa/iS0Jhky
XdDhKxVI4khSQF1sj3A23kIx8e42jaaeWhdwEbpmGXhcM7BgejW0UAdEEa/Sil5h
uajK3sdemFMV3E7tOVDvwJpywWyeSEbX5yE1pLiA+op+ncihiwCJ2ufqufaVVAc0
u24mYrkBvCiixT0xh1ROcZOv47oF0Vsn9H2NhTIkZRv4GURNeOSri2lZjS/9nmjw
Bn1uatANiSa6HgWcvLjP7Wj1q7D2dOvB/APdxo7goTB8bTawcNb5Y39aI1scgqcM
PZ6uCOj2854qBOmTPmW9lZehs5IabHMX09wuHIhceqFT/zwCni8=
=v/Se
-END PGP SIGNATURE-

Accepted gnome-getting-started-docs 3.36.2-1 (source) into unstable

[Debian FTP Masters]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 26 Apr 2020 17:06:42 -0400
Source: gnome-getting-started-docs
Architecture: source
Version: 3.36.2-1
Distribution: unstable
Urgency: medium
Maintainer: Debian GNOME Maintainers 

Changed-By: Jeremy Bicha 
Changes:
 gnome-getting-started-docs (3.36.2-1) unstable; urgency=medium
 .
   * New upstream release
   * Build-Depend on dh-sequence-gnome instead of gnome-pkg-tools
   * Bump debhelper-comapt to 13
Checksums-Sha1:
 00d4856c12c3e5f3a0f1d377c80dfc46cb6df495 2238 
gnome-getting-started-docs_3.36.2-1.dsc
 e2798e3fdd697b8bcf78c04a549f5896c0256e10 81799372 
gnome-getting-started-docs_3.36.2.orig.tar.xz
 d8634a7b3b5701dbce28eb41873805c96713f1c7 11616 
gnome-getting-started-docs_3.36.2-1.debian.tar.xz
 35adef7c662efc9c71f8f8def9c10f625ddd4e74 10876 
gnome-getting-started-docs_3.36.2-1_source.buildinfo
Checksums-Sha256:
 3a4073fae9f2327f3bb4eca90e54341370e2ec6515f9c30a06e177188de23418 2238 
gnome-getting-started-docs_3.36.2-1.dsc
 0494b8913a946b6450536e120c154abd29238ebba2f52734592b1f645e521dc6 81799372 
gnome-getting-started-docs_3.36.2.orig.tar.xz
 f28cc434a174d6c4c4f00c8118290e1660f5606882f52ac94ecb7bf82a8298b1 11616 
gnome-getting-started-docs_3.36.2-1.debian.tar.xz
 3af8c0efd51a4cd2be78e93a33dabe00c6d847b88acff2059760f992738c7dc6 10876 
gnome-getting-started-docs_3.36.2-1_source.buildinfo
Files:
 db1762b2c7344a1ebe1e5c0ae27ee100 2238 doc optional 
gnome-getting-started-docs_3.36.2-1.dsc
 ffc8b86c4108b523f54403ff130d4100 81799372 doc optional 
gnome-getting-started-docs_3.36.2.orig.tar.xz
 6d7dd357a2bc6ac050205e1f673f3eeb 11616 doc optional 
gnome-getting-started-docs_3.36.2-1.debian.tar.xz
 5b603bcc0f978a520013e3225aaf4477 10876 doc optional 
gnome-getting-started-docs_3.36.2-1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEETQvhLw5HdtiqzpaW5mx3Wuv+bH0FAl6l+J8ACgkQ5mx3Wuv+
bH1CWA//eleO8B7eDgiHyh1nZ3PSzOntLDnWT670hPaeS/eOOvZpghTi6R6tNw83
SFc4n+poWWc9o9WYV9YYUgbQCkJXe5+oMKH2HukAmHvT6+oc0KYzcRAMuww5MANM
H/QEezljR6RA5Leo7uq1nFcNEcspxnazi1ZpHSsD5ljcYX5qkinXAuhXvba7KCCh
+52L7uvtidXFrANO11GILGL6vLNdgy82sB4950yGURL+4hUCKhS3uQnc81Cz38Uk
z3q7o9s2pjdGzzAMaDHC9vJOBWXFs75NyGtatlmrRbkwAy9ISX76J+GzRHnj8KuE
IMCGuU6dp7QYt4qVkFJE2j12WtEzKMHpHwkdXuWltffIx8sGIrY0R1HmNJEofs6v
dp5ec2lzXJdhvdM6vgM1EkzkKcTy1xaYT3ocR0lN+sCEMsVrqWQhbtGlFR6NuF3o
3OmJfIxOwfRlqigSnVSKfe7KTSaN3lwNsNPHhYJxleE6Wsm+7brsgSUWe5rS2kE8
Ydz4tRu4IQwNpJxJ48BzG3cSDPuXN6Smq02dp+FEXmvJLSzgsc8vaopm6LrQ0dY1
IcCLQTl3PkQbd9t5nSAcoYTx6Dp7PudYiWhM0D03ec3yikBaEArJfLPs9JSCeD0A
8w+OloKYqkMy9s745AzN87XIBam0i72pvf2nTy6B+IlpQHSp17U=
=61Ph
-END PGP SIGNATURE-

Accepted gnome-user-docs 3.36.2-1 (source) into unstable

[Debian FTP Masters]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 26 Apr 2020 16:50:41 -0400
Source: gnome-user-docs
Architecture: source
Version: 3.36.2-1
Distribution: unstable
Urgency: medium
Maintainer: Debian GNOME Maintainers 

Changed-By: Jeremy Bicha 
Changes:
 gnome-user-docs (3.36.2-1) unstable; urgency=medium
 .
   * New upstream release
   * Bump debhelper-compat to 13
Checksums-Sha1:
 4bfc53cfb3fd75d3f0b64cf4d5a3fe5b075dee05 2125 gnome-user-docs_3.36.2-1.dsc
 7dc4e1306d82adce7b78fe54adcabf55b579123a 10568116 
gnome-user-docs_3.36.2.orig.tar.xz
 2c31bd2cb974c932c23154b0deb8f5fb99770556 5480 
gnome-user-docs_3.36.2-1.debian.tar.xz
 e730d527ef5e71c1c420f7fbf92603f164bec0bc 10646 
gnome-user-docs_3.36.2-1_source.buildinfo
Checksums-Sha256:
 b07f66ddd2c802feaae759d3f20b902ff26581e610cb51b8b378c28929c961d9 2125 
gnome-user-docs_3.36.2-1.dsc
 198fe4c836775a5dc2543a6a520dfb0ac5bf292cdcb358a57c86f35f705e9958 10568116 
gnome-user-docs_3.36.2.orig.tar.xz
 b2d78c626fc85b8d63585dbbd86e14efca40bce4c06616f2206b41f1089ba82b 5480 
gnome-user-docs_3.36.2-1.debian.tar.xz
 db1eef3a577d0612873e82d2c2a9b0482c58e510b8b081b0061d7fcc123b2366 10646 
gnome-user-docs_3.36.2-1_source.buildinfo
Files:
 691ec6b5de6dd185ac1f02f31bddfb6c 2125 doc optional gnome-user-docs_3.36.2-1.dsc
 ab35a6a17183d39748b1b3762ac23f14 10568116 doc optional 
gnome-user-docs_3.36.2.orig.tar.xz
 c6840fecb64e087598f3126f70f8d2d2 5480 doc optional 
gnome-user-docs_3.36.2-1.debian.tar.xz
 aa0aa459fb4c3fd4fce25ca9ff077472 10646 doc optional 
gnome-user-docs_3.36.2-1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEETQvhLw5HdtiqzpaW5mx3Wuv+bH0FAl6l9VYACgkQ5mx3Wuv+
bH1cig//e3mN6eiiVcpdM9uiyAZgBjFRbQrGOTBfs7pIcznd2gw3FkhltHY5B7HI
zy5oS4WFz4kRzKK2+8Aq1x7qGpG4Wy/qeegKLdatmI89G+3SkQhOTciMGgRyb2V0
lvQjLm6D/HVgwnYZAi4sV+dpkQkHbTVmQ0RSsGW0DTrhxydV2gr49wOVXbs1UA9h
ZaQgW36T7svYQG2IY+l5h5TSaZp1pWpnJTw0AjoFTgL/nJv/IWw1YENsGwdEWqnr
GUpt3brxU2a82ZftNOUgq5QvltxoC/oBaT9ElvhR2xCfhyjTHuXgQ5UpOuJW/E49
nQKo4HKi2InSNf1/6ByDcxeTkRmjt6UCoR20VfzHdAb2JVpwthsfxEuO/0ofKt+u
qSYK/pQ3Y/UrD/8BuTy3gLXsC8/MOWlUTa0m46oFaXYyWpO6Zw5Fd9/LSmZRcwMe
Q3j1/+pCNiH8pSycJLXG/YKcd/Ox3W17DcDWvw44Qz0G43/IodCOJAJYO8nYjlOR
4bNw0xNyOpqH4Zzt3w7grwAUOVgdcbYx2rRukp/QKAfkhdYqhwiKxa09z1nvSI1v
MgcMHYL+Ei0oxBKqxRxQVdZmDHjSrVB4DKEv7iKbGCvpgocFeW1HuWRgOqsjDY7V
3M0DBdrz64lDIHf+oWyb+5x2ZAdn8Bp4ihiTZSBymbiVvPYo0qA=
=Gtmx
-END PGP SIGNATURE-

Accepted hercules 3.13-2 (source) into unstable

[Debian FTP Masters]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sun, 26 Apr 2020 22:23:02 +0200
Source: hercules
Architecture: source
Version: 3.13-2
Distribution: sid
Urgency: medium
Maintainer: Philipp Kern 
Changed-By: Philipp Kern 
Changes:
 hercules (3.13-2) unstable; urgency=medium
 .
   * Convert to source format 3.0 (quilt).
   * Update to debhelper compat level 11.
Checksums-Sha1:
 9406713745c1aefaaf9475c631cd333d214f73a9 1532 hercules_3.13-2.dsc
 81a4f34b804d418fb54f24d5308b96caf54ac0b9 18680 hercules_3.13-2.debian.tar.xz
 cebe8bda090a55696670bb521b261a601098f813 5733 hercules_3.13-2_amd64.buildinfo
Checksums-Sha256:
 ea28fc223cf1a4e18e912ce46a5e9bd648acfe88d5f775dbef78df6f819105e8 1532 
hercules_3.13-2.dsc
 72d6130580e158881ec217e2c4081606c0d15d69fd03eb91f56aac676f5b4b1d 18680 
hercules_3.13-2.debian.tar.xz
 dafd8f410d611929847e66067f9d2e4a5f7cc15461f2a7004579164b0450620a 5733 
hercules_3.13-2_amd64.buildinfo
Files:
 a58d53a73eac8422248f79802933a370 1532 otherosfs optional hercules_3.13-2.dsc
 d4dad4bc6b3ae15473d864e4b399dc78 18680 otherosfs optional 
hercules_3.13-2.debian.tar.xz
 0537c6d6feae51dac559331ab86c95f0 5733 otherosfs optional 
hercules_3.13-2_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQFFBAEBCAAvFiEEPzuChCNsw7gPxr3/RG4lRTXQVuwFAl6l8v8RHHBrZXJuQGRl
Ymlhbi5vcmcACgkQRG4lRTXQVuw4kwf/ecBfH5IrNYTLza/nDKvnKMWZvQo4nIHc
CP7iV8pQdi4jf2/XFLm2Hn4F/jCZ1at4LMpFVXoCdrpfWZMmJCU2aNo9W4kbaYUf
YYH4WBXff+XwqT8jgsYZZMkjRZJEED3k0+9geV76CnwKH03HEzMD0BtoLBMGN837
Lh+54QCBJoXOsmxNI6NZVlbap50oOCX2KrGMS2bTG0kyem/t3iT4fQ/cl77baN7S
mAu45S2tv/PHB3sMU94K8IGv7it6fIjirHmFtblxx++WCdaVpvxbvummDkTfP9ZU
Mr0zltvk7o0eWX3J5Z184sBe6TmjzBi+9l2+MN69SGbnS6UGJ6XOiQ==
=0Lbb
-END PGP SIGNATURE-

Accepted speech-dispatcher 0.9.1-5 (source) into unstable

[Debian FTP Masters]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 26 Apr 2020 21:45:17 +0200
Source: speech-dispatcher
Binary: cl-speech-dispatcher libspeechd-dev libspeechd2 libspeechd2-dbgsym 
python3-speechd speech-dispatcher speech-dispatcher-audio-plugins 
speech-dispatcher-audio-plugins-dbgsym speech-dispatcher-cicero 
speech-dispatcher-cicero-dbgsym speech-dispatcher-dbgsym 
speech-dispatcher-doc-cs speech-dispatcher-espeak 
speech-dispatcher-espeak-dbgsym speech-dispatcher-espeak-ng 
speech-dispatcher-espeak-ng-dbgsym speech-dispatcher-festival 
speech-dispatcher-festival-dbgsym speech-dispatcher-flite 
speech-dispatcher-flite-dbgsym
Architecture: source
Version: 0.9.1-5
Distribution: unstable
Urgency: medium
Maintainer: Debian TTS Team 
Changed-By: Samuel Thibault 
Description:
 cl-speech-dispatcher - Common Lisp interface to Speech Dispatcher
 libspeechd-dev - Speech Dispatcher: Development libraries and header files
 libspeechd2 - Speech Dispatcher: Shared libraries
 python3-speechd - Python interface to Speech Dispatcher
 speech-dispatcher - Common interface to speech synthesizers
 speech-dispatcher-audio-plugins - Speech Dispatcher: Audio output plugins
 speech-dispatcher-cicero - Speech Dispatcher: Cicero output module
 speech-dispatcher-doc-cs - Speech Dispatcher documentation in Czech
 speech-dispatcher-espeak - Speech Dispatcher: Espeak output module
 speech-dispatcher-espeak-ng - Speech Dispatcher: Espeak-ng output module
 speech-dispatcher-festival - Festival support for Speech Dispatcher
 speech-dispatcher-flite - Speech Dispatcher: Flite output module
Closes: 957830
Changes:
 speech-dispatcher (0.9.1-5) unstable; urgency=medium
 .
   * patches/no-common: Cherry-pick upstream fix for build with gcc-10
 (Closes: Bug#957830).
   * patches/pulseaudio-latency: Fix default pulseaudio latency which triggers
 pulseaudio scratchy output.
   * NEWS.Debian: Rename to NEWS for debhelper to find it.
   * control: Update alioth list domain.
Checksums-Sha1:
 5ea468725c7f839749cf30fcb40af35541976cce 3224 speech-dispatcher_0.9.1-5.dsc
 4991f6d2d539b82810c7ac58df6bf086696e4324 28392 
speech-dispatcher_0.9.1-5.debian.tar.xz
Checksums-Sha256:
 1e77bf22bccf45a68b062bb5be99fd6402c01b0b660ee12b20b08002bd775bc4 3224 
speech-dispatcher_0.9.1-5.dsc
 a823f57327fb36bac2caa775637c653bd1c533ef6fabddf0f2a62452e808125e 28392 
speech-dispatcher_0.9.1-5.debian.tar.xz
Files:
 d5e91ba4be192ea72ce82b9462760e16 3224 sound optional 
speech-dispatcher_0.9.1-5.dsc
 f3b19774b89e62d64acad35cec9a02fc 28392 sound optional 
speech-dispatcher_0.9.1-5.debian.tar.xz

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEXtnoVvfWxur1EWehjTXDVXILuv0FAl6l9B0ACgkQjTXDVXIL
uv3ncg//V25sNDaz3arvwJBpNlBrqSeuoYoiB4dNNsRj3fJ/YQ4d8dIF7M2kXkVf
AgeX2bSojKHALcHlAu+1u1cPYC5Qh4lWal0ZghQ4q0/nKz2/xT5Pc0ui+pDEcEuz
v1096FisuPSk1KqZ1gyKU+yK/wEQGceQqxlnWxDGogL/3yXKSNo7gpUHlXN/7lGc
LJe1jcLgLMTT/3MexIYBFtG1hU4MoBFU2RjFss8WUzAQ86cwR9T0/96WIL2Aa8vr
fLXzKJbPTQI+Nz4S9s+ah+kTK12YjbmBbZw8RhAAg+jlCIvK8YJFpiTCRFuuTLud
AlGhtBYcfdCoDcjdkMJmZ7M0/dy4n4e43POgL/3tgXV1RrBQovd1js4PZLofLx0o
ZidRqLpNc64DYMlvJYL8qKeZa9Bn6/Xyr4zLCSR7uEP0t2/yle0xapyiJ4nBQoCI
5VemY9Y6s8C05sBKbSNUQYPq/xt3q411+XdyJ3GQGoIHwh8SUD+08dYP2WI9wBlq
001tXr1DOmvW0eXAWCQK1s3ju4kCYBdP01vAaoMd4gYALOOckLdc3ah9hlzzeW6Q
QgIVkYFjB8b2MDarRSCoHwE/Ct4sIgV24geuNJNT7WStMM69DrP3KL2k8lxrYnSu
hKMOCFeq7YICxOWkxULbAnwMgZhHn7RpUNA3LZ4V3m1VWTExxpw=
=lW61
-END PGP SIGNATURE-

Re: Salsa update: no more "-guest" and more

[Vincent Bernat]

 ❦ 26 avril 2020 20:29 +00, Jeremy Stanley:

> You're already seeing quite a few folks responding that being
> required to use an additional application or device each time they
> authenticate would be an inconvenience to them. This is a signal. I
> personally wouldn't enjoy being prompted to activate my TOTP client
> software every time I invoke `git push` so I can understand the
> resistance to your proposal.

This is not how this is implemented. I am using GitHub and GitLab with
2FA enabled and I am rarely asked to enter any token. Once you get
authenticated on a device, it remains for a long time. The model threat
is to prevent someone stealing your password through
phishing/spying/guessing to login into your account. SSH keys being
asymmetrical, they are not covered by this.
-- 
10.0 times 0.1 is hardly ever 1.0.
- The Elements of Programming Style (Kernighan & Plauger)


signature.asc
Description: PGP signature

Accepted golang-github-howeyc-gopass 0.0~git20190910.7cb4b85+dfsg.1-1 (source) into unstable

[Debian FTP Masters]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 26 Apr 2020 16:00:00 -0400
Source: golang-github-howeyc-gopass
Architecture: source
Version: 0.0~git20190910.7cb4b85+dfsg.1-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Go Packaging Team 

Changed-By: Taowa Munene-Tardif 
Changes:
 golang-github-howeyc-gopass (0.0~git20190910.7cb4b85+dfsg.1-1) unstable; 
urgency=medium
 .
   [ Taowa Munene-Tardif ]
   * Team upload.
   * Updated package to latest commit available on GitHub.
   * Added upstream contact info to d/copyright.
   * Added the default Go AutoPkgTest.
   * Set Rules-Requires-Root.
   * Made the package description more useful.
   * Dropped debian/watch, the author is clearly not planning a release.
 .
   [ Jelmer Vernooij (via the Debian Janitor) ]
   * Updated standards-version, declaring compliance with 4.5.0.
   * Updated d/copyright to use HTTPS.
   * Added upstream metadata.
Checksums-Sha1:
 9d2b0281dd5006eeb2571dbca2941521d501991c 2598 
golang-github-howeyc-gopass_0.0~git20190910.7cb4b85+dfsg.1-1.dsc
 3c8e9d4bf8e8842195ddc66be582b1dda89bbaf3 4376 
golang-github-howeyc-gopass_0.0~git20190910.7cb4b85+dfsg.1.orig.tar.gz
 a2627ace7b3eac7677ddcc2ca9200ddd6fee2089 2776 
golang-github-howeyc-gopass_0.0~git20190910.7cb4b85+dfsg.1-1.debian.tar.xz
 b902d50427b5dbd8314494acd21126317dfbbda3 6381 
golang-github-howeyc-gopass_0.0~git20190910.7cb4b85+dfsg.1-1_amd64.buildinfo
Checksums-Sha256:
 c4b8920892f62e28cd0b868caf01484c23747b32a96ad94590d81b859d7c6ab0 2598 
golang-github-howeyc-gopass_0.0~git20190910.7cb4b85+dfsg.1-1.dsc
 8b1028ee6a83c43105826079c9f6f6d38f533ea1eee381ba7ea11fe27bdfb537 4376 
golang-github-howeyc-gopass_0.0~git20190910.7cb4b85+dfsg.1.orig.tar.gz
 79f3d9d864dabbe97ae834c49f3920178a726cfb1765501b0a8cb9adffbfc49c 2776 
golang-github-howeyc-gopass_0.0~git20190910.7cb4b85+dfsg.1-1.debian.tar.xz
 1d75dc4d16edfa3248967b6cb04c417b8a0e777e740395d53ca3d952ecdd9812 6381 
golang-github-howeyc-gopass_0.0~git20190910.7cb4b85+dfsg.1-1_amd64.buildinfo
Files:
 20624ec0dafebb48a93789d6492ae985 2598 devel optional 
golang-github-howeyc-gopass_0.0~git20190910.7cb4b85+dfsg.1-1.dsc
 25fd769c631a92f3f7a4b78a47a42c48 4376 devel optional 
golang-github-howeyc-gopass_0.0~git20190910.7cb4b85+dfsg.1.orig.tar.gz
 13c34c97be30638fa42f070e6cc3ea45 2776 devel optional 
golang-github-howeyc-gopass_0.0~git20190910.7cb4b85+dfsg.1-1.debian.tar.xz
 04a684d5d5943fba673fbc7aacf6313c 6381 devel optional 
golang-github-howeyc-gopass_0.0~git20190910.7cb4b85+dfsg.1-1_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQKqBAEBCgCUFiEEYveV1JOn7SmlGhxBnX5VYE2Rn4MFAl6l8V9fFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
Rjc5NUQ0OTNBN0VEMjlBNTFBMUM0MTlEN0U1NTYwNEQ5MTlGODMWHGhsaWViZXJt
YW5AZGViaWFuLm9yZwAKCRCdflVgTZGfg+k8D/98+MWWywGw5nM8mN+oGGieUMBn
dQByvfPNPksxkDVjcOhmPtoPJ5wA1oG+nvyAYg2s6qV474UQvkqxNRqBzUPlvzQJ
hiiyGwPcG9kChJnXfA3/9bN00kyPxgg0lZKNoBpX2KzFTtTSBw71I3KQdzqIKQH0
oNI0vLfVxjMXLn6GYXeZoOniMDGanH7+nyasf9dx612LIz2uuqzexRDUUSHBpE66
VCR5/N1WH6bIJTgf05AgJ2g0cIW4VDFMzDWnQZ6zpvPKJRDezx9kE9P9km4I80IL
anCqD7M568tVBerTaT4zXFna7FufQML20dnz2njvRGUg1ROEl/JknPFdYuISO1ve
sSMnKZHx2ucsvppcgO/c1Zw3yLfnGx36n0bHpJbWGjz1/qc5NefIFYiANLhYhrDG
E9cywx/MLPN6AJM6BbcrMuLzhkvs9p36quYBvWFD7S2caEmXIC4U8EGV6Q2eyiLp
wcbMgzvtX1aeNjnlj0QxYA3qLnWiG3AUyrzLF4e/YaafEkUTvCMV1ZJNT2ed3zqp
CNNcA0/S2V0/QNkku9s6LTAX9EWITCFhaOiJyuI3o8jihPJCw6oDGf6QCMgBLejl
rJhypXva/i+ZVUKoaj8xBBRklw9WvOuU7Qcfv/lWRCOjw9cywBuC8L9SZXi0P9jw
9EwLUUTvnesjv35qOQ==
=6a1S
-END PGP SIGNATURE-

Accepted logbook 1.5.3-4 (source) into unstable

[Debian FTP Masters]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 26 Apr 2020 21:57:14 +0200
Source: logbook
Architecture: source
Version: 1.5.3-4
Distribution: unstable
Urgency: medium
Maintainer: Agustin Henze 
Changed-By: Iñaki Malerba 
Closes: 954151
Changes:
 logbook (1.5.3-4) unstable; urgency=medium
 .
   * Remove pip install call from autopkgtest. (Closes: #954151)
   * Fix d/watch URL.
Checksums-Sha1:
 afaa8f38b6fb3d609a6558604b41207efc96b82f 2242 logbook_1.5.3-4.dsc
 020211cba985f85d0a3252878553357f79c7d544 52924 logbook_1.5.3-4.debian.tar.xz
 348b157c33f6a3d61883cd4e28c4699298aae271 7135 logbook_1.5.3-4_source.buildinfo
Checksums-Sha256:
 3a504ae488f88aa36b093d9707d21f6ab5b1b60ab99b23f425b521ad93d2fcc1 2242 
logbook_1.5.3-4.dsc
 7819eab75b9488b7fd1c90f598c23149621c51772a8f6d3a7cbf7a41e5afc16a 52924 
logbook_1.5.3-4.debian.tar.xz
 aa5c6a9405fc390467906b17cb6cf4750c11637c84906c7ce0b90e0461a8a732 7135 
logbook_1.5.3-4_source.buildinfo
Files:
 c2960ef49273a40a19362fc23fad203b 2242 python optional logbook_1.5.3-4.dsc
 721b09734e1bb4368b16eb80cfd43ad3 52924 python optional 
logbook_1.5.3-4.debian.tar.xz
 bf33a9d897cd2294ceed618aacb22b32 7135 python optional 
logbook_1.5.3-4_source.buildinfo

-BEGIN PGP SIGNATURE-

iQJIBAEBCgAyFiEE1ebJmvu2M+JYt+af57yRVE86UxsFAl6l8QsUHGluYWtpQG1h
bGVyYmEuc3BhY2UACgkQ57yRVE86Uxv1Rw/9HebU0WbI0rCRSMb6SBKzjcgQZLiE
RQ2MrnYREr6XmYF57NjgfLwBo+vn5n2GGxME3tG1tgdfWO3yrvYGgndKlicLWdsy
BmTLiWwNHFvk/+l8xD2AXuFPfy8mHfstrFJ0NKecgOTW76SPSCmD3t0gkb260Lj+
HTvKS/UQPmlbHBxZ9118TqrD3ksxvPAUBuCndHL4GeawbGPnqG1H/UMPSP4zxxZt
GUTmFs3Hfpc2kYqWtZhK1syWfNDj1pGxNql63fxoJHxh6lVePFidaAjiK8CsuoVz
1s6930mUv4RxtMrwJa3iDaKm/+az4a1o0ABONkk2KPcVmYULm5IZbjERpO9MSzme
v8RyNQgeeHDoXuX9kcPIi28pn2MJlzE70PAfMXJVrmIjjGEgF8RQLv9kdfNi7VYZ
HdIIA3J35mOwv8TZDoLkk7mP1/1yNgKDFKP8bQSWbd1vpYC4CKkdCUenjBnEd5Gy
DM+1sIirjERbUE4C2u6yu0fmo59IlBwKbFZFbazbvowFYk2sM5bsbpS/vC0ip/TF
D2Y/0+KPe78XmoksK7xS2TVRuwcYS4hgMdRVWxPyfl/6xNJYQMofNcKtXGA+KjgJ
lXGn96kcHy4P0e+Har5BIwm7jb5JohmlTc16gVmdSTp+2TCeUpwHEmoFkej9zsdh
B3XzPRIQ7ZHHclk=
=peLn
-END PGP SIGNATURE-

Accepted python-icecream 2.0.0-1 (source) into unstable

[Debian FTP Masters]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 26 Apr 2020 21:59:25 +0200
Source: python-icecream
Architecture: source
Version: 2.0.0-1
Distribution: unstable
Urgency: medium
Maintainer: Iñaki Malerba 
Changed-By: Iñaki Malerba 
Changes:
 python-icecream (2.0.0-1) unstable; urgency=medium
 .
   [ Iñaki Malerba ]
   * New upstream version 2.0.0
   * Disable autopkgtest on build.
   * Run autopkgtest tests against all available python3 versions.
Checksums-Sha1:
 0496561e1bd8d5ff438b1bd4022fc99c63352b1f 1979 python-icecream_2.0.0-1.dsc
 9d80cb3cb826896c6f1b47323ed63804b44fa13a 15905 
python-icecream_2.0.0.orig.tar.gz
 9e0bd47f489adefc8347f8fff5902c79134a2cff 2436 
python-icecream_2.0.0-1.debian.tar.xz
 8d87666709f7baf8bea209a89515aac8c7c6f239 6023 
python-icecream_2.0.0-1_source.buildinfo
Checksums-Sha256:
 54c6f36179ff1d03a531a86cf13ab55304dcb24c99b370f39d8d55b7923ae05f 1979 
python-icecream_2.0.0-1.dsc
 1b7d7b5acea7345d98046a78afbcb4cddb0245493fe15e22a29ac686a43dd60a 15905 
python-icecream_2.0.0.orig.tar.gz
 ae84200d54e09a7f305cd04011199e5e33a2d1a2873d7117d33535739643a3ec 2436 
python-icecream_2.0.0-1.debian.tar.xz
 19efca7a7f44edb19f153f98bf370dd71ff417acd3626b2975c4d5664c204de2 6023 
python-icecream_2.0.0-1_source.buildinfo
Files:
 7b079388843cb17991880be08d3f7b95 1979 python optional 
python-icecream_2.0.0-1.dsc
 eac96ac786e9954b30c41c4a104c29f7 15905 python optional 
python-icecream_2.0.0.orig.tar.gz
 dff77c47332b2ff45360ec8084d40524 2436 python optional 
python-icecream_2.0.0-1.debian.tar.xz
 335f2c87b53d6223afdc162813a48082 6023 python optional 
python-icecream_2.0.0-1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQJIBAEBCgAyFiEE1ebJmvu2M+JYt+af57yRVE86UxsFAl6l8K8UHGluYWtpQG1h
bGVyYmEuc3BhY2UACgkQ57yRVE86UxtF5Q/+KLiltpzXnn8wEGpXsLGkx4hVmD6O
A6qH/m830K4xPRS9Ru1TJkrDhooaWX8CasovUV04T3k9Zn6pbaWmvhS0w/Lk3As+
wHsQPIlFrWdsk4aZR6Fa3uL5FuUH/SJt/vhPbffj63S2H5E14fxEkG5qPGH9Qj8E
VRHe3ZxRSi7p/eng5HVQVqBnLH3AGmmYd+QNmh79xSf9zYsMuZN0xFKg69+D+N9E
tO0Kec92xFXMkRBiXZDPrbjSttK8dEd3gK/z2gkg/zUrNU+lLj81agnzQNMP1MlP
ubziMMQWMJIo1CCcCDQRdE9hZehkiegkc5mHc58WF4Ynfg/y5JhNQm8wC1xbZVb0
XG912AhbCmFaZ9Vj8dn0FfeKC5yFVuEQb5nKsgOScdaMoliGSVii8CCfSEK7EG6a
HOSZHlNEyGypVZITo+yyjwI3ykcq049LZMkEHTXuXjdOd+eQok1fLIYY9lfgYpAG
dWaOHIpBfjDdK1O0gEnlcKPbb9gsOj+muwa4hJhcK8CX2wideFdS5dUcyWYYKiyd
qNkOwWppqkeQViWlkJBuVV8VXd1ADNkpZNDHpN0+it9pPNjGSXQ0wPT/MClvlqGJ
R2Vj8GucYN9MvBX/4sfBJQu5twSo7LEKm24OgJeF2/r0mQL94NREEzsLRvKLAk0l
rnhS7LQ9n/+oocI=
=L/N6
-END PGP SIGNATURE-

Accepted dbab 1.3.3-2 (source) into unstable

[Debian FTP Masters]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 26 Apr 2020 16:00:37 -0400
Source: dbab
Architecture: source
Version: 1.3.3-2
Distribution: unstable
Urgency: low
Maintainer: Tong Sun 
Changed-By: Tong Sun 
Changes:
 dbab (1.3.3-2) unstable; urgency=low
 .
   * Debian maintenance release
   * not to override debian-watch-does-not-check-gpg-signature
   * fix debian/copyright problems
   * fix "source: out-of-date-standards-version" problem
Checksums-Sha1:
 edcfa401de469cea6a032220023e69ed6a6ac5e4 1919 dbab_1.3.3-2.dsc
 954b35f796e738f6d87fdb25b6d0f3f4b99fb7d1 17167 dbab_1.3.3.orig.tar.gz
 a0310a38adf1d5b7ab7074a4b392394fef67f6c2 5904 dbab_1.3.3-2.debian.tar.xz
 f8793da86cf322662faa386b815c1fac18062b29 6242 dbab_1.3.3-2_source.buildinfo
Checksums-Sha256:
 bdb98ae348283fd88b8f80e289e552d9e57fd285cc8049c8cfac7af265dd5995 1919 
dbab_1.3.3-2.dsc
 3473f27b9d6755a449a8eac4bcafa834879b088714bbfd9365764c813f2e813c 17167 
dbab_1.3.3.orig.tar.gz
 7d07fbbf23075cfa4a2cfeb0a69515533f761068eccbf187d4836564adea224d 5904 
dbab_1.3.3-2.debian.tar.xz
 6f2e20bb2342d49fa6d9717d6c97bb29bc835e8cceebaf055e64f512a6540c01 6242 
dbab_1.3.3-2_source.buildinfo
Files:
 cb4037d4849b9c472b3b510a2fe312c0 1919 net optional dbab_1.3.3-2.dsc
 b7f46b71dce4ad2740e8e98dcc939e32 17167 net optional dbab_1.3.3.orig.tar.gz
 5bdabd55097945574143882a24d34b58 5904 net optional dbab_1.3.3-2.debian.tar.xz
 b64821c176ec273f0f17e5308b4656f2 6242 net optional 
dbab_1.3.3-2_source.buildinfo

-BEGIN PGP SIGNATURE-

iQJVBAEBCgA/FiEEp3mFrXK0ygjYxb95iF/aszH+2DQFAl6l7M8hHHN1bnRvbmcw
MDFAdXNlcnMuc291cmNlZm9yZ2UubmV0AAoJEIhf2rMx/tg0iYIP/1pbQDLfjRHL
Egcsg6/TRErbp4oxenUGKh+6eCJkE2cvxoN/94eNqcDFzvRpyq02Bw0QJMetcZIR
KuXAb62gnf2YSUy5QfL+ks5M34UBIfGZlOsCcvFhX/9Myld8V/0y0vSiAg9eBmdt
+w0pgwMRi4mF6hanVlatyuvaXb27v2eY+Qhy1+mvjGoZwu5HU9CdBpEve4viLi5x
akiQrJvCOet1KW7ZYHdneX+AASCaLRrpYVT3QOkrLoC+mwmOEacuSSLYaINMrBDd
+6LlHN79EKJj34OUBi2YrljT2SIxvdsj90nouwRMLXP+B4QrigWswcRfiMrkJfEK
jObc9h+VsNnrTtLZwh2q69S3tC8bDqlIemPrwHXfHd8SbFRMh7JIRoovYn2kW9uE
dRG3d1NXARdw2qgyd+rbksuMGQ+2ne8r4R1Fq3pVWa312HWNWVa0AYjithjB1tML
BrFSHSgEEa24b2xUxoMjtg6CF12AV0pQ9f/BBytJ19VEB5BI5ZpkajD/2XViImIf
602zbmkjPeMcJdn7be0n90n1ykvsS757td6BE/lBTNKJZuriGDG6sH4lA1JcHWE3
33InEvfxKiPOJdLOMHuzbrH9I4ym1C5vloNQyYk4XaNehD3ZOwY8c6I15s0Tuc0l
QTykgD/qpQhkdqjO3dRTPNjy1an3O46J
=RcOT
-END PGP SIGNATURE-

Accepted fai 5.9.4 (source) into unstable

[Debian FTP Masters]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sun, 26 Apr 2020 22:08:56 +0200
Source: fai
Architecture: source
Version: 5.9.4
Distribution: unstable
Urgency: low
Maintainer: Thomas Lange 
Changed-By: Thomas Lange 
Closes: 956364
Changes:
 fai (5.9.4) unstable; urgency=low
 .
   [ Emmanuel Kasper ]
   * control: add dependency procps
 .
   [ Andrew Bezella ]
   * fai: initialize final_exit_code variable
 .
   [ Thomas Lange ]
   * etc/NFSROOT: add class DEBIAN_, Closes: #956364
   * add support for Ubuntu focal 20.04
   * fai-make-nfsroot: fix dracut warning
   * mk-basefile: add bullseye, focal
   * 30-interface: also try altname of network interface
   * add ubuuntu focal support
Checksums-Sha1:
 200d55b8fa29322c2f8b11356342b5ea920430e4 1939 fai_5.9.4.dsc
 f9535259dc4b69c0596b531bc3584f8f449a94bc 285932 fai_5.9.4.tar.xz
 09669980f3a4705c50c78ca8132813ee8d692ec9 13019 fai_5.9.4_amd64.buildinfo
Checksums-Sha256:
 7688e275e9b3b0b1f52bcdca109e8dd7a81e32734018686f5284d99451541535 1939 
fai_5.9.4.dsc
 ac074cc0674e653a1d69726e061248b81914bd9dbece21d0ffea72c9e689636c 285932 
fai_5.9.4.tar.xz
 e705a7e4b515553ce10f48a501ce08451113c9424a23aa50551986b1841bc4cd 13019 
fai_5.9.4_amd64.buildinfo
Files:
 0065b62e91dcb8b9b90473e5cda2fe2c 1939 admin optional fai_5.9.4.dsc
 07cb31e7acefb9de43198c8a34a97c89 285932 admin optional fai_5.9.4.tar.xz
 0d9e002f0f7edef4969b8dce22a21dd1 13019 admin optional fai_5.9.4_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQJFBAEBCAAvFiEEsR7jJz9rLetSjJPaK/jZ/gdLzeQFAl6l69URHGxhbmdlQGRl
Ymlhbi5vcmcACgkQK/jZ/gdLzeT6Qg//TT8dy9akwXF/AtA0w6USGf023MsS4gDv
kNR2JF+eUXd6qnaFKcCcT0ec7guSL0gotqt2as5aZJ+pnYP9zmePr83U7P/1Qrha
t5coxWbaBH5qFIjkUhnBsb0di3PrWnCs1G0J8qnuei3BfjwIBiDwdlv/L1KbA/Xk
hMtwFzXbJrwannbAagjKZn/4Ld6T+SW1mOKes8qUh/NxzT990j41ouGaiwNniq+z
NgLqcPSUINIULaPHP2pBBq9rP8wXRRjIcO1nl0unZSyiIJAyZLVxKqVawjm36SqL
xyT/8OSOeBbNVdSHBdajbNGkptQzebEmNI4wWAJzI6rp5EVmL28bQMiePZVzXmef
tMNFBDVXRg14CQ2wcM338Ub3LYzDmMWmTq1TtlfEDG3zC4FvonM2dVZ6JfDTmB7E
p0HQbVp/o1HRcjRMxePm+x30PxdWoiEXaupKdAa2+2pYMawNBSA4IwvOqyRCe+bW
rbla0rGySs7BcndfAxX3ISUHzj+1xI/0aIwz336BaE2tcI2Yf8Bpfn4j0XL0Wvhc
RosUYuraaeujpYC3vTRPR8rp/4+tWJrW7edYpD6jl+lwaSqeYXyfpQCe5PGJAz6L
YnOIEsMf9qKxqkBacl2FEvN38DeFKzs+y+U4mbktTNOPlHrNZAIcvITG/fe+dMrU
EsCONkmdJ00=
=SH9x
-END PGP SIGNATURE-

Re: Salsa update: no more "-guest" and more

[Jeremy Stanley]

On 2020-04-26 21:02:34 +0200 (+0200), Bernd Zeimetz wrote:
> On 4/26/20 8:30 PM, Bastian Blank wrote:
> > On Sat, Apr 25, 2020 at 11:14:39PM +0200, Bernd Zeimetz wrote:
> >> Actually I think 2FA should be enforced for everybody.
> > 
> > No, we don't enforce 2FA for everybody.  And I don't consider it
> > appropriate to raise the option.
> 
> Could you explain why?
> 
> There is nothing bad on an extra bit of security.

Actually, there is. "Security" is always a balance of inconvenience.
Add too many "extra bits of security" and your users will decide
that working around your security model is easier than adhering to
it, undermining the robustness of the system as a whole. The classic
(pre-password-manager) example was systems requiring complex
passwords leading to users writing them on slips of paper and
sticking them to the edges of their serial terminals.

You're already seeing quite a few folks responding that being
required to use an additional application or device each time they
authenticate would be an inconvenience to them. This is a signal. I
personally wouldn't enjoy being prompted to activate my TOTP client
software every time I invoke `git push` so I can understand the
resistance to your proposal.
-- 
Jeremy Stanley


signature.asc
Description: PGP signature

Accepted django-auth-ldap 2.1.1-1 (source) into unstable

[Debian FTP Masters]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 26 Apr 2020 21:48:35 +0200
Source: django-auth-ldap
Architecture: source
Version: 2.1.1-1
Distribution: unstable
Urgency: low
Maintainer: Debian Python Modules Team 

Changed-By: Michael Fladischer 
Changes:
 django-auth-ldap (2.1.1-1) unstable; urgency=low
 .
   * New upstream release.
   * Refresh patches.
   * Bump Standards-Version to 4.5.0.
   * Remove debian/upstream-signing-key.pgp from include-binaries, no
 longer used.
   * Remove unused Files-Excluded from debian/copyright.
Checksums-Sha1:
 469342a9840bddd8179f7832ac50042470eac188 1993 django-auth-ldap_2.1.1-1.dsc
 7cfe16f70baa69db8c59fdff326caeb13317007d 51260 
django-auth-ldap_2.1.1.orig.tar.gz
 f658974b27999085a725fcb6272c4c6198fb2273 5952 
django-auth-ldap_2.1.1-1.debian.tar.xz
 1b0357bb6f951d8c00b2c274a229e3e58dbfc900 9030 
django-auth-ldap_2.1.1-1_amd64.buildinfo
Checksums-Sha256:
 9eadd34a3f371497bdae1b3d2cafcd2ee3ae7eb4337648bf4c5e3b0d35191823 1993 
django-auth-ldap_2.1.1-1.dsc
 fabbbc35a5d28ce6a12e3f6309229d82bfe6a410391914938593e4b96ce42ec8 51260 
django-auth-ldap_2.1.1.orig.tar.gz
 490a896e06b1841a8f3d436b2cbdde9fa9d2dfb063e99d769b6c38e8361989ea 5952 
django-auth-ldap_2.1.1-1.debian.tar.xz
 401698175a5a1f23241120afea8bba71d1dbbf6d831aba20cdc1a2153c490daf 9030 
django-auth-ldap_2.1.1-1_amd64.buildinfo
Files:
 cbc9265f3090e1d0afd67f9667b5d3b8 1993 python optional 
django-auth-ldap_2.1.1-1.dsc
 e2b2b25a1b38d3e79afd450dc2604881 51260 python optional 
django-auth-ldap_2.1.1.orig.tar.gz
 14c9c85656b4c87190e44046ab380cdd 5952 python optional 
django-auth-ldap_2.1.1-1.debian.tar.xz
 8af818579817969bb099e6e47b523bf4 9030 python optional 
django-auth-ldap_2.1.1-1_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQEzBAEBCgAdFiEEqVSlRXW87UkkCnJc/9PIi5l90WoFAl6l57wACgkQ/9PIi5l9
0WpssAf+MO6rkYz8Nkf/0ke22AeEqDXJ7pYm0XVJvRwJXBWp95UdqeqXrfPmQopl
XkwZk3JZc842HpwnSVUgG+HGVC7YSWtRkAfWwuyRJMFHosXMiCyRH2gwmRHglcTa
pW/ERtjx++Gbl4zm7Buln3eoPKNdHuFdwFLTgdJOcsrH8nW/PUGqU6jpJp4SjDGS
gpshTE5z6DWIrAVmcQLBcFM1ink99faEUZ0fYH027jdP2FNybulo1fR+lnNgDTY/
s4oc9Xm1jxPp8wC4aHcYgFtgSD4bqf117/ePI+wxx+vTB4/UDZmouelUYKAeM7Va
eQ1ch6jrf+tb4FhBfHHMPtbg/xDhIQ==
=cgA2
-END PGP SIGNATURE-

Accepted tmux 3.1-1 (source) into unstable

[Debian FTP Masters]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 26 Apr 2020 21:14:52 +0200
Source: tmux
Architecture: source
Version: 3.1-1
Distribution: unstable
Urgency: medium
Maintainer: Romain Francoise 
Changed-By: Romain Francoise 
Changes:
 tmux (3.1-1) unstable; urgency=medium
 .
   * New upstream release (with no code changes compared to RC4).
   * debian/rules: Remove LDFLAGS settings for --as-needed, no longer
 required in bullseye.
 .
 tmux (3.1~rc4-1) experimental; urgency=medium
 .
   * New upstream release candidate.
 .
 tmux (3.1~rc3-1) experimental; urgency=medium
 .
   * New upstream release candidate.
 .
 tmux (3.1~rc2-1) experimental; urgency=medium
 .
   * New upstream release candidate.
 .
 tmux (3.1~rc1-1) experimental; urgency=medium
 .
   * New upstream release candidate.
   * Bump Standards-Version to 4.5.0.
Checksums-Sha1:
 780fdbffef3a178f08447b54c268eb8055d43b94 1909 tmux_3.1-1.dsc
 d064abf115417b1a280a092620907b72972b5bcc 561086 tmux_3.1.orig.tar.gz
 90d652091014ae43efccf104507f51ff1b756d23 12740 tmux_3.1-1.debian.tar.xz
 225a6fe76a69e5abe7da1f7892ab8c7431ee6be4 5969 tmux_3.1-1_source.buildinfo
Checksums-Sha256:
 0e1466d809078f5a326414047ff5cd5e3979eaf1771041d5dddba3369a2f0740 1909 
tmux_3.1-1.dsc
 979bf38db2c36193de49149aaea5c540d18e01ccc27cf76e2aff5606bd186722 561086 
tmux_3.1.orig.tar.gz
 78e3c87a7b48b1650d49ed5a9301c9d60e31850199e17a701586be0da7b73f9b 12740 
tmux_3.1-1.debian.tar.xz
 cfd3b7d501863a82982b2ae518a8ec9fa68463192fb0a04968523389629d36a8 5969 
tmux_3.1-1_source.buildinfo
Files:
 187a556f411b0b784752efcba93e7d30 1909 admin optional tmux_3.1-1.dsc
 76c3ef9d40d2c1ade7a6cd7993b549ac 561086 admin optional tmux_3.1.orig.tar.gz
 3b2189becb818675804ad1a26d9765c4 12740 admin optional tmux_3.1-1.debian.tar.xz
 3a932aa796fc795f2bbcd7d81d57ea7f 5969 admin optional 
tmux_3.1-1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEvjSXQsqYfs1+d+QtrRX0NfBfli0FAl6l4e4ACgkQrRX0NfBf
li3s5w/9FnuYGfayY0Aauhd6PhhdytSCxer9r8rS5QHdtCVVlyiA43WwSMLtX4+/
TPfgTm/l9SwyhmJKBbaMlxanfemT00oUJQC0G0hzUDcmYtPyf9EhphmtAKSvy44h
tkbrPnxad4xUuGhefvgh8TJMZDoHt2kCprvT0RDPdgNnz1OvlGB33OgCYY6IB7qm
1ftTrihYTaPC6LrwHe/S3n6RqiFGxBq+h7MtzhRXTNXAcHgyfRHsg5VkDl5oGVB8
KSuBUeL/raz1TZjIKUbW5BO7mAbRzSWVnzeytPkgzDhx/TG0DOGOANLm3DybTsRn
o8x41Htx6IwaE9nqb/mTbxEe0ZXdPNknkxWIUg7kxG+7DxzJjdYHvky2fzzampQz
VVctS582eJ2v1RnoJcMA8yUkqClGp6g0xqC2J73aaCZd/q38qs9HqwJR1wIUyfhC
0ROVDwIYkQFcC6Ys41w5nRnLTFmTY+71lXza+r7HxftMNPZjEECAsJUnEAl1WgCc
HYOlI0PQLv/v/4pglZFA0vMzrkSc7mJ1Hixls/W6craDE1mBkNVVida4lC4FJ6H8
lyE2/aPaxOTukJl8tOqR46Obd++rkAwrxmOLy+5v2P+v/gigIV4wdG+D/MXyBws6
k9S2HPWDsOT0LcDnnTP+5MKPYHFXQo9qmuKLXRV2VHzeduReOF4=
=lyKr
-END PGP SIGNATURE-

Accepted speech-dispatcher-contrib 0.10.0~rc3-1 (amd64 i386 source) into experimental

[Debian FTP Masters]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 26 Apr 2020 21:28:37 +0200
Binary: speech-dispatcher-baratinoo speech-dispatcher-baratinoo-dbgsym 
speech-dispatcher-ibmtts speech-dispatcher-ibmtts-dbgsym speech-dispatcher-kali 
speech-dispatcher-kali-dbgsym speech-dispatcher-pico 
speech-dispatcher-pico-dbgsym
Source: speech-dispatcher-contrib
Architecture: amd64 i386 source
Version: 0.10.0~rc3-1
Distribution: experimental
Urgency: medium
Maintainer: Debian TTS Team 
Changed-By: Samuel Thibault 
Description: 
 speech-dispatcher-baratinoo - Speech Dispatcher: Baratinoo (VoxyGen) output 
module
 speech-dispatcher-ibmtts - Speech Dispatcher: IBM TTS output module
 speech-dispatcher-kali - Speech Dispatcher: Kali output module
 speech-dispatcher-pico - Speech Dispatcher: Pico output module
Changes:
 speech-dispatcher-contrib (0.10.0~rc3-1) experimental; urgency=medium
 .
   * New upstream pre-release.
Checksums-Sha1: 
 efd61970ecd04225f90285f119584f9d6449eb8a 2788 
speech-dispatcher-contrib_0.10.0~rc3-1.dsc
 079087c9075151db598ae19207014a103576aca5 4265472 
speech-dispatcher-contrib_0.10.0~rc3.orig.tar.gz
 b9336a96a63b684493bf08a1b58f677ee8183d31 23516 
speech-dispatcher-contrib_0.10.0~rc3-1.debian.tar.xz
 23047fa0cda3e6fcd125fc701222b96d2c9f8e4e 138076 
speech-dispatcher-baratinoo-dbgsym_0.10.0~rc3-1_amd64.deb
 f2cf87e9675d3b050c4f8d316f995e02ad661825 54884 
speech-dispatcher-baratinoo_0.10.0~rc3-1_amd64.deb
 ed162d3f36d5c3079405d97f24cf30ce9f0548b9 11067 
speech-dispatcher-contrib_0.10.0~rc3-1_amd64.buildinfo
 00b9db849a6aeaa141574ed139447fc028fd06a3 104732 
speech-dispatcher-kali-dbgsym_0.10.0~rc3-1_amd64.deb
 95220d3f00e6559d0783cacff823f8a74ce48806 42932 
speech-dispatcher-kali_0.10.0~rc3-1_amd64.deb
 6781b42826ba9e51a4e3c0b02c434fdc4d29f034 96832 
speech-dispatcher-pico-dbgsym_0.10.0~rc3-1_amd64.deb
 9480b50d223c128af66c95fc208a82a48e196998 43940 
speech-dispatcher-pico_0.10.0~rc3-1_amd64.deb
 af1de924c6b49367915e2e8271bb7866c5ef72f7 141120 
speech-dispatcher-baratinoo-dbgsym_0.10.0~rc3-1_i386.deb
 ca24d15f3a37dec5178bc8bf7ce13657149e0b91 57408 
speech-dispatcher-baratinoo_0.10.0~rc3-1_i386.deb
 ff3be3705833250bcbc15c2a9058435ba9b1db36 10693 
speech-dispatcher-contrib_0.10.0~rc3-1_i386.buildinfo
 e6e2f47d89797e867987c466dbbf0f14f0ee08bc 157472 
speech-dispatcher-ibmtts-dbgsym_0.10.0~rc3-1_i386.deb
 1a8f8e55194a5090edea3859de36ae6e5796b0ae 61236 
speech-dispatcher-ibmtts_0.10.0~rc3-1_i386.deb
 3b35f3bc64e40c6bf36aecb7fa8d344f48b3ae73 105000 
speech-dispatcher-kali-dbgsym_0.10.0~rc3-1_i386.deb
 617d6f833d18097b48e79c1441ccedb752a73a16 45012 
speech-dispatcher-kali_0.10.0~rc3-1_i386.deb
 1bb24f3f7cfc9a41b7cd33b5ddeb0dbd907f7062 96948 
speech-dispatcher-pico-dbgsym_0.10.0~rc3-1_i386.deb
 bab952cd04721655246d2ad2be9a32d4bb7ec2f0 46332 
speech-dispatcher-pico_0.10.0~rc3-1_i386.deb
Checksums-Sha256: 
 ccc39c8ef83d2d537e1c950d6af3baa843d798968dc90cd83a9ca7433bbdec75 2788 
speech-dispatcher-contrib_0.10.0~rc3-1.dsc
 90910812116c6d15945b81f6717101fb3410bc766fc3366cb3d049ffa160fef9 4265472 
speech-dispatcher-contrib_0.10.0~rc3.orig.tar.gz
 ed25bf7ac66d2202d4b9c87943286bb242a713b5aecd90f88a360d88a489ec17 23516 
speech-dispatcher-contrib_0.10.0~rc3-1.debian.tar.xz
 ab3e4dc6ec10dd30c868387fa77e675e53079ce8f6313e3089345ea7e3cff91c 138076 
speech-dispatcher-baratinoo-dbgsym_0.10.0~rc3-1_amd64.deb
 d5bdc0d755f021314ea9989e5e71ebb794db9dd928eef4d1e1cff62f1e97e580 54884 
speech-dispatcher-baratinoo_0.10.0~rc3-1_amd64.deb
 8a1e4c764c3f0163a147898a1d3890821dbcbef12b6dfd5b21c0856aacec5367 11067 
speech-dispatcher-contrib_0.10.0~rc3-1_amd64.buildinfo
 895bb59f1353ef44a032f5f2bb52b3179e98a255ec9d27f86186f4fba7da26a0 104732 
speech-dispatcher-kali-dbgsym_0.10.0~rc3-1_amd64.deb
 c753f28ec5c20ade1c844518cd4a3cdc995295b38588a2cb1b50cda6f09cbe3a 42932 
speech-dispatcher-kali_0.10.0~rc3-1_amd64.deb
 99dd4039514c658ca2d71f239284b3e6bd56833828a4b54e1e6b01feafc70b77 96832 
speech-dispatcher-pico-dbgsym_0.10.0~rc3-1_amd64.deb
 0b20350f896c8a208005d25b0f8d1b20c089fc060d44e792ecc1bdfc104c76b3 43940 
speech-dispatcher-pico_0.10.0~rc3-1_amd64.deb
 395d6541c91ee12c5c320592ec4156269ef8c0c69b4d88747af388379ccf6ad3 141120 
speech-dispatcher-baratinoo-dbgsym_0.10.0~rc3-1_i386.deb
 14b04ba99c41c0769eda7d26db9ba95aea312127e50bbd0a4690b5b03b09e790 57408 
speech-dispatcher-baratinoo_0.10.0~rc3-1_i386.deb
 d1ca389052c98ba36c58a79de507d0775eda70221576df406507f8bb81eaaa28 10693 
speech-dispatcher-contrib_0.10.0~rc3-1_i386.buildinfo
 f7a4351323e3a716d0923d300c1cd50230b4e95672ff0f471ab5fae5ca0267de 157472 
speech-dispatcher-ibmtts-dbgsym_0.10.0~rc3-1_i386.deb
 050678755f2f428f2fc64a39de77c373b562082680c9a8aa93a0221fab5b2e54 61236 
speech-dispatcher-ibmtts_0.10.0~rc3-1_i386.deb
 2c1210d79908588f1173557e32ec52c8e7ff856fdabd78f9b396805d5a7e68e0 105000 
speech-dispatcher-kali-dbgsym_0.10.0~rc3-1_i386.deb
 5edd6c3a047071c1942f5230667591fc4a57720055eb410533ffcf9f4ed1cddc 45012 
speech-dispatcher-kali_0.10.0~rc3-1_i386.deb
 

Accepted nodejs 12.16.2~dfsg-1 (source) into experimental

[Debian FTP Masters]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 26 Apr 2020 21:38:16 +0200
Source: nodejs
Architecture: source
Version: 12.16.2~dfsg-1
Distribution: experimental
Urgency: medium
Maintainer: Debian Javascript Maintainers 

Changed-By: Jérémy Lal 
Closes: 952629
Changes:
 nodejs (12.16.2~dfsg-1) experimental; urgency=medium
 .
   [ Xavier Guimard ]
   * Add upstream/metadata
   * Disable test-release-npm test
   * Switch to dh, Bump debhelper compatibility level to 12
   * New upstream version 12.16.1~dfsg
   * Refresh patches
 .
   [ Olivier Tilloy ]
   * Fix building architecture-independent doc package
 (Closes: #952629)
 .
   [ Jérémy Lal ]
   * Revert "Override any source-is-missing - workaround pattern issues"
   * Simplify and tighten lintian overrides
   * make-doc: drop tools/doc/node_modules target
   * Exclude brotli from deps, use system-installed one
   * Remove brotli from copyright
   * watch xz
   * New upstream version 12.16.2~dfsg
Checksums-Sha1:
 016ef1a60d97243435ba436ea6051fb3493b26ca 3103 nodejs_12.16.2~dfsg-1.dsc
 93ddb7f4074a06a1786d96c04041e61075b85601 18060916 
nodejs_12.16.2~dfsg.orig.tar.xz
 200228bebd9a4b3e64717f89e3c44c9dec781a24 129240 
nodejs_12.16.2~dfsg-1.debian.tar.xz
 5dabe3369912f0aa80e461c1cb7701ab291829d4 13963 
nodejs_12.16.2~dfsg-1_source.buildinfo
Checksums-Sha256:
 994e6d04c5e3f4f68c69632f1d93c1f94ae5decfa7f5fce12036342a70a10c78 3103 
nodejs_12.16.2~dfsg-1.dsc
 338dd76e90374dca1bc4b63ab3cdc7018251e45919a7377cc4551af5538413de 18060916 
nodejs_12.16.2~dfsg.orig.tar.xz
 987df17b54f4145c96f3adb7e1d77a0780f3486dc92c1a12a8f5905a22636e16 129240 
nodejs_12.16.2~dfsg-1.debian.tar.xz
 3df8fb9fc9fa744a4eeea9788be3df36b6352f5af3accc0cec5945dfcad93845 13963 
nodejs_12.16.2~dfsg-1_source.buildinfo
Files:
 466fff593aef2b6d914840357d07dcb8 3103 javascript optional 
nodejs_12.16.2~dfsg-1.dsc
 09c6cad537d6aab056ae711031d4051d 18060916 javascript optional 
nodejs_12.16.2~dfsg.orig.tar.xz
 10122881a59e5a5933e63480ce408b08 129240 javascript optional 
nodejs_12.16.2~dfsg-1.debian.tar.xz
 acdbe75f86e507735cc52060b3bfe870 13963 javascript optional 
nodejs_12.16.2~dfsg-1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQJGBAEBCgAwFiEEA8Tnq7iA9SQwbkgVZhHAXt0583QFAl6l458SHGthcG91ZXJA
bWVsaXgub3JnAAoJEGYRwF7dOfN0/DsP/icRHevC290yNbIq4L/g3nLaDbklPyxG
rI3LHv96glKsuUyr3Fbi5qyMpms31l9EwRXn10rwzZfTbmiI9z/V6EZ2vCF8W9dD
kFeRlSD8cREGnfGNFW94C/+DjYQtjt0DcoXXKjcs8yqr4+PXiuC3EhZkEMg9EwQO
7gAusq3YRPbKg7GQ6kI74wl4gh18gvXmD9hOCzyrEeJfKhvV0dpplpw6UyoxYO1S
6DX5JqrruOINAX3v0Tjm773kiVofZP6EfBGos63M/4UUH9dAudotrHQGbv7XwE4b
sM/Txy4sk4RWavcmmXG0iNZJR6RqjCAwZhL4eza9s213utJ8tswkwyi86Q09uhnk
2ktWsFes91wBnpNU2XyDPgZybZycdoMKQVG8c7zPtdtk+/6zFokBpYz3XHcOspDc
U9ElyM2Gwgbi6yUsy+tU0EZxUUFGgDqBdSm5olRImzxnteBYLjcs8K5PuGmbex3e
1+j2vxG4ciic+mpmvu6v/no+hkmSNaRitXeUw2WfrFe+/7HRIOMiC5M0AxlZ+984
1+LZ1NDvPTlPRFLkqz6SK1VCPLidWzIgi3/2JOoD1RugAiNj8SEC2SctxvgkW5xs
fJo4S86ySrG+OeI705SLnVec8lWrQow2hrLaJEizNwMKNR/W4woPB8kYu4GMitT6
8GXsbqV+iRrf
=ATCz
-END PGP SIGNATURE-

Accepted speech-dispatcher 0.10.0~rc3-1 (source) into experimental

[Debian FTP Masters]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 26 Apr 2020 21:28:37 +0200
Source: speech-dispatcher
Binary: cl-speech-dispatcher libspeechd-dev libspeechd2 libspeechd2-dbgsym 
python3-speechd speech-dispatcher speech-dispatcher-audio-plugins 
speech-dispatcher-audio-plugins-dbgsym speech-dispatcher-cicero 
speech-dispatcher-cicero-dbgsym speech-dispatcher-dbgsym 
speech-dispatcher-doc-cs speech-dispatcher-espeak 
speech-dispatcher-espeak-dbgsym speech-dispatcher-espeak-ng 
speech-dispatcher-espeak-ng-dbgsym speech-dispatcher-festival 
speech-dispatcher-festival-dbgsym speech-dispatcher-flite 
speech-dispatcher-flite-dbgsym
Architecture: source
Version: 0.10.0~rc3-1
Distribution: experimental
Urgency: medium
Maintainer: Debian TTS Team 
Changed-By: Samuel Thibault 
Description:
 cl-speech-dispatcher - Common Lisp interface to Speech Dispatcher
 libspeechd-dev - Speech Dispatcher: Development libraries and header files
 libspeechd2 - Speech Dispatcher: Shared libraries
 python3-speechd - Python interface to Speech Dispatcher
 speech-dispatcher - Common interface to speech synthesizers
 speech-dispatcher-audio-plugins - Speech Dispatcher: Audio output plugins
 speech-dispatcher-cicero - Speech Dispatcher: Cicero output module
 speech-dispatcher-doc-cs - Speech Dispatcher documentation in Czech
 speech-dispatcher-espeak - Speech Dispatcher: Espeak output module
 speech-dispatcher-espeak-ng - Speech Dispatcher: Espeak-ng output module
 speech-dispatcher-festival - Festival support for Speech Dispatcher
 speech-dispatcher-flite - Speech Dispatcher: Flite output module
Changes:
 speech-dispatcher (0.10.0~rc3-1) experimental; urgency=medium
 .
   * New upstream pre-release.
Checksums-Sha1:
 74754fc369da2884f0a194aace71d042b45c1421 3265 
speech-dispatcher_0.10.0~rc3-1.dsc
 079087c9075151db598ae19207014a103576aca5 4265472 
speech-dispatcher_0.10.0~rc3.orig.tar.gz
 e9c8a4149d2d186e2a22232673735eddf6ef2935 23492 
speech-dispatcher_0.10.0~rc3-1.debian.tar.xz
Checksums-Sha256:
 d9bbb498d0c66bb18865694f4e32ac1dab3d0fe18a106a09be2950f5a7cc8f88 3265 
speech-dispatcher_0.10.0~rc3-1.dsc
 90910812116c6d15945b81f6717101fb3410bc766fc3366cb3d049ffa160fef9 4265472 
speech-dispatcher_0.10.0~rc3.orig.tar.gz
 894515e48715052a6c761d1867de3558abc793e1af5ecbd42ae4216fd79b66e9 23492 
speech-dispatcher_0.10.0~rc3-1.debian.tar.xz
Files:
 b1399cda0dcdce838a5dceb53f628ac4 3265 sound optional 
speech-dispatcher_0.10.0~rc3-1.dsc
 edeb1b8d9086cf7b49fd852e523f971f 4265472 sound optional 
speech-dispatcher_0.10.0~rc3.orig.tar.gz
 21d1a7f1f762be7bb2391370100a0af0 23492 sound optional 
speech-dispatcher_0.10.0~rc3-1.debian.tar.xz

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEXtnoVvfWxur1EWehjTXDVXILuv0FAl6l4oAACgkQjTXDVXIL
uv1UFRAAg7S9RjZpB1RwuMGZmCivbMDAdTiWaqt+baS6vKqB2E1tfc9BpqP0ABZE
gu/U06AUk8qvwQ9Ql3p10EzCnRn/ebp4ajOYht2EgqO74M3xp+Sw39HwT6pg+doT
slMjkDTh1nalGcN4vMh1MWzklJK6ZgTQW9OiOY4IB0ReHpVGbeymtJveJKWIbhoX
og+zeqPSz/aa7WdvNJz/rASpGL6iorst57H1jBthJl7OGmj8LS4AwmpBK65Nbfce
5iS8LL+oYIO0w8IdzERnEjjrC4iE32i8pWsHZLeBhWpUH4HXpKIXZzUjJlFZlhMc
HDlODSrL34hGlLHK6FYKpk/F3GDVS72opssyvtF0L4kdTZ6kmWoNzTe4T0rmXdZK
bb1xnqCFR8lxnbOzGWPxRKnpSbSlpZK0ZmxF9u9GYfP8Na/f60CkIJI7i+WdIJJk
upwgxzcJUgspqBhL0ONyxTYFUMpHERXvrDCQq2utvcAvagcFL41p6UWcUNxc9cnu
EC/MBpDIbKGSg2V5nM+MF7b9TOr1XPWRaTBXzkAhknYJwt7SScSTHRtG/OONQQy5
a2ZaI7pcq7vdRqGJngACBGit2QtFJllTFWM6T0P4kip3zdsJeSabWKDtjc6wz5gP
gEYAxOkC3Ao/j2RShVFoNZUJPGhHJcyFuAMK9gYi5E5ohvHruH8=
=BJ5j
-END PGP SIGNATURE-

Accepted python-coverage-test-runner 1.13.1-4 (source) into unstable

[Debian FTP Masters]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 26 Apr 2020 13:10:00 -0300
Source: python-coverage-test-runner
Architecture: source
Version: 1.13.1-4
Distribution: unstable
Urgency: medium
Maintainer: Debian QA Group 
Changed-By: Jair Reis 
Changes:
 python-coverage-test-runner (1.13.1-4) unstable; urgency=medium
 .
   * QA upload.
   * Using new DH level format.Consequently:
   - debian/compat: removed.
   - debian/control: changed from 'debhelper >= 9'to
 'debhelper-compat = 12' in Build-Depends field.
   * debian/control:
   - Added 'Rules-Requires-Root: no' in source stanza.
   - Bumped Standards-Version to 4.5.0.
   * debian/copyright:
   - Added an email address to upstream.
   - Added the block debian/*.
Checksums-Sha1:
 84e2702bdb785d2b132519ff5e35acf519ae10e9 1942 
python-coverage-test-runner_1.13.1-4.dsc
 e13bc8d1c48cfce637539f2f70a87e17e0c0f748 2492 
python-coverage-test-runner_1.13.1-4.debian.tar.xz
 407e7abda8c2df598b094c95ad2af9cffea31c7f 6050 
python-coverage-test-runner_1.13.1-4_source.buildinfo
Checksums-Sha256:
 b7bb2727be52ae7143afaa61ee6c4ae3fc6fa627eb2c4d3969fe69c31355be8b 1942 
python-coverage-test-runner_1.13.1-4.dsc
 b85c0498df76c6f35057250a2dc2de5b9f63f839691a75c95fe2bdd8bc142852 2492 
python-coverage-test-runner_1.13.1-4.debian.tar.xz
 770ebf20a4cc5ee90c49019968cfa21901c62ce5ba5b083d17bd28478c4140ab 6050 
python-coverage-test-runner_1.13.1-4_source.buildinfo
Files:
 47f9b989460873a81a662d889bfbdfbe 1942 python optional 
python-coverage-test-runner_1.13.1-4.dsc
 7f07f802b72fe21a91bae19ee84be750 2492 python optional 
python-coverage-test-runner_1.13.1-4.debian.tar.xz
 db86c32d2da01ab0d4e5e8643c6d98ae 6050 python optional 
python-coverage-test-runner_1.13.1-4_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEENX3LDuyVoBrrofDS3mO5xwTr6e8FAl6l30EACgkQ3mO5xwTr
6e9DoA//YvfjOciL3u5h91fv6dWy9yYa0TfPsCP77UdLiQ1MzEr2l+xcUS2uDKfB
7wOlDEWWvTWYOdVEjMV+FiLMs4YrTU6JOZU6X9wZVjKPMwQDOJo4C9cLHfbwQlHc
HIrwVFK8W7xSDxDfzXyrEa0Jkft13Ev9RP5NdH95mkfH9a1VR283kmHcSJR/uSrT
7jmRg+oWjWgwI+Or0JDNChp4tQ1XjtRuNiaU6pm6b7w+BJAHRo9h9WZjBmBbLeFS
pu/8w1+9qGXlBpNhPpd5XE2hXOAe2CjlOJ/5R13m5uzj0FKSl2sNBvoyk4Giqa9r
KjNay6VVTdgmDFw3ShbpGFi7ASdFjHxn3n3GaiPsBoBi+uURNyfrFFPN9N0UBrFt
Pc2LTnxW4cWR9mvSJD354xBMDZ7M8jB9CXiCAUFWHD4qxy0w87IjLT5KS/X93A7Y
yxmZHSro+Dy2Zqfa0vubaQPP3YAvQjA3WsZ+EBrT4sj63We66PZH/bNRdqLbaR+L
PrpxKysMxu0pvcswjiTqky/8u9z560+NDIXPOMHlYSOzGyJmsYz7D/1VCO0iNY4k
Rwev0VHjVKGjAhIRpuxj//GlrxR5E/htWE7zW7uauPbRluJSUVJGcqPF0OQcwnGH
LgIHicIROZniDGA6Ju+ykbd6r2/A7TTMqBRk+uDO16MkRwR+vJA=
=NPEF
-END PGP SIGNATURE-

Accepted python-django-otp 0.9.0-1 (source) into unstable

[Debian FTP Masters]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 26 Apr 2020 20:55:44 +0200
Source: python-django-otp
Architecture: source
Version: 0.9.0-1
Distribution: unstable
Urgency: low
Maintainer: Debian Python Modules Team 

Changed-By: Michael Fladischer 
Changes:
 python-django-otp (0.9.0-1) unstable; urgency=low
 .
   * New upstream release.
   * Drop 0002-Call-django.setup-to-initialize-app-registry.patch, fixed
 upstream.
   * Refresh patches.
Checksums-Sha1:
 cf8ee3336076e7664cf0f582f5a62ff99d4ff9f6 1902 python-django-otp_0.9.0-1.dsc
 fcf75948b49d30f0d6a3ad39f2ce08ff7ad062dd 60204 
python-django-otp_0.9.0.orig.tar.gz
 5c9afea9345521e81a37a6e0937fa5dcb55b3af4 11132 
python-django-otp_0.9.0-1.debian.tar.xz
 8e0b014727f9d39bfeb5930c105dba239c69ad94 8150 
python-django-otp_0.9.0-1_amd64.buildinfo
Checksums-Sha256:
 6f94124705daa3f8689532e83826bc5131fbd59dd4c7f2b711030c6dd6b6dcf1 1902 
python-django-otp_0.9.0-1.dsc
 d085a82b19ba1a7e3cecfd1ef5117b9afae89dcee435bdb007675104ad5430e9 60204 
python-django-otp_0.9.0.orig.tar.gz
 e5136417fd8a8631335325dd0ead8ca375fa76d187090ee673ab7663ffcb6835 11132 
python-django-otp_0.9.0-1.debian.tar.xz
 22d226ed224769f45eca4349a908a9aee121814e98805c0006f566225cb1ccd6 8150 
python-django-otp_0.9.0-1_amd64.buildinfo
Files:
 a52e6ab9416b3d37ae20c30089f286a4 1902 python optional 
python-django-otp_0.9.0-1.dsc
 20127287bcec320741332c339a8cf227 60204 python optional 
python-django-otp_0.9.0.orig.tar.gz
 b3126e21dc06e056d8c98a827d927260 11132 python optional 
python-django-otp_0.9.0-1.debian.tar.xz
 a27c3a6713e96ec03b5940cc3cdca28e 8150 python optional 
python-django-otp_0.9.0-1_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQEzBAEBCgAdFiEEqVSlRXW87UkkCnJc/9PIi5l90WoFAl6l28wACgkQ/9PIi5l9
0WoMdQf+PnXjRyHFcpEb566B6OeIG2SbqF7/ex6mKDWG5cuL9Cr1Q+Aiyi5jU7Jr
HhZAoqbHMqOyWu15TuN66CZkorIPCxQtzDPSoKnXwkq7s8thfvu0liQicl/WLPee
K/ZsGaD5l3GXkoo0T7hcSqauSDBcwL1/MGVKggdOfPONt9N46x2xbT+FslNwk7dS
kc+IxaN7W0008a34n7+Eni8bSwiWqzeSXqzFJmbSyWhAx1KrssXUSwUYvQ1hPkkR
6I0oeg23Z14Pbem3gX3F7ktXFRjBfsxmHCUFyHn2nVotaqrRSdWlsiepIGblXeRe
6uAbR4Z8qrq04flinrnGqLaCwLg8tA==
=SYQU
-END PGP SIGNATURE-

Accepted rust-serde 1.0.106-1 (source) into unstable

[Debian FTP Masters]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 26 Apr 2020 21:05:17 +0200
Source: rust-serde
Architecture: source
Version: 1.0.106-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Rust Maintainers 

Changed-By: Wolfgang Silbermayr 
Changes:
 rust-serde (1.0.106-1) unstable; urgency=medium
 .
   * Package serde 1.0.106 from crates.io using debcargo 2.4.3
Checksums-Sha1:
 e47c068c6de4449ec32c8099b05ee0cf6fb415c3 2314 rust-serde_1.0.106-1.dsc
 91912f8a0aee9539a0d37e980631f114ebcf41b4 73343 rust-serde_1.0.106.orig.tar.gz
 a3bf47cfbf6ef11320f931bd5a7b923b53ac6cc1 3220 
rust-serde_1.0.106-1.debian.tar.xz
 cf26a75050b35bcce2469f7410bbd297b6e5b88c 7204 
rust-serde_1.0.106-1_source.buildinfo
Checksums-Sha256:
 f1af103dce111ac2e3c2352fbf72b47568b8a150baef40c75b566cf58e493003 2314 
rust-serde_1.0.106-1.dsc
 36df6ac6412072f67cf767ebbde4133a5b2e88e76dc6187fa7104cd16f783399 73343 
rust-serde_1.0.106.orig.tar.gz
 59240c54a370dfc7889ff81c1bf2836cba346014114f6cfc1e7c0175a766359b 3220 
rust-serde_1.0.106-1.debian.tar.xz
 e545a34dfcea016f4b606e0d837e1fcc4c7b761ae9f3d374d851f96a1ffa763d 7204 
rust-serde_1.0.106-1_source.buildinfo
Files:
 bda8d2682cf6d9b17f87e6bd1300dcbc 2314 rust optional rust-serde_1.0.106-1.dsc
 8a7c05593e1e832532890458ac3a60ef 73343 rust optional 
rust-serde_1.0.106.orig.tar.gz
 cc59e3f69bd73c122b5750f17d0c178e 3220 rust optional 
rust-serde_1.0.106-1.debian.tar.xz
 8fff49bf9cc78b43173340426a255aa9 7204 rust optional 
rust-serde_1.0.106-1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQJLBAEBCgA1FiEEhWSUk7LYy5Yue0UiITeAY1BXOwQFAl6l23YXHHdvbGZnYW5n
QHNpbGJlcm1heXIuYXQACgkQITeAY1BXOwRsMQ/9FH8piqIRJZxEPJs5FUFoJJCI
bfM1tBaJKncygcXyLX8V6h2PZUtr/mUZy1B+F73dIA6N3SgZQ3F9/x37oGCCyuC8
JcSf04dID3gMpRSjvnxs5KHXegs51LbtBzAJlvcbPlsZhucw+wntjYt8f9Yq1hrx
D+j+XDh5zE5qShb9T/17c7pzp90FCcZDTcPkSjZI78Tr9e4RgLgx6OsndcnXG4aP
zhn/hjNOD9pSURkDZipcFAVP4ThWh9aglPPHheym9f2adlyeYIDyzbkvZfZx4Cy9
jSmVz5PNEvtguncJSsSS2MJDLzFTq6iy92BcyBYEV3eRFGyCOH/qubBZWQWJBe/+
4ZwcAO2xq06DPSHwd8lTtSo1KdvJpJHu8QAHOh0FTc5zZoXqJYQ1ZNyj6+fOb5wl
rErjT4ib84aDUNuqCuIENnSnxNyDG4Kg4tDxpuEGK9U9R/jnpCL8fwQHKknx4wrk
5UnS6l6w9GTyqs4UmGgbAfxFOPiUUmvvc8gHDiVCq2iY1k6CvQ+69uKmUlG7cp/I
Dpybphh9TFcZ562YPMYFPAXXHDUicFVVJjceVYdEp3e8O3+AZbh+fa9g24/WkpLt
Lp26FAAd25isrYID6xBTGEBuYkma2IEbij+GGGWTm+EnoBNl3D4uteSH/TbBB+0e
ze85ceBCPFvURQXivRU=
=slWS
-END PGP SIGNATURE-

Accepted rust-serde-derive 1.0.106-1 (source) into unstable

[Debian FTP Masters]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 26 Apr 2020 20:55:02 +0200
Source: rust-serde-derive
Architecture: source
Version: 1.0.106-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Rust Maintainers 

Changed-By: Wolfgang Silbermayr 
Changes:
 rust-serde-derive (1.0.106-1) unstable; urgency=medium
 .
   * Package serde_derive 1.0.106 from crates.io using debcargo 2.4.3
Checksums-Sha1:
 356b67af8a57a11f9ef81f56423cde1d18d4fa3b 2473 rust-serde-derive_1.0.106-1.dsc
 def218e31333042132ecfe015967959dd3667f9b 49719 
rust-serde-derive_1.0.106.orig.tar.gz
 adab2e3f816d8c8ed1ec735540cc46b449ba7b41 3016 
rust-serde-derive_1.0.106-1.debian.tar.xz
 1c3d0cb6a1c2f4e1a435e7dccbcad3de342bd52c 7517 
rust-serde-derive_1.0.106-1_source.buildinfo
Checksums-Sha256:
 b7742f6e3e4abcb232be15af7984b0570afc714ce45a0e691d52cc1b27358fc1 2473 
rust-serde-derive_1.0.106-1.dsc
 9e549e3abf4fb8621bd1609f11dfc9f5e50320802273b12f3811a67e6716ea6c 49719 
rust-serde-derive_1.0.106.orig.tar.gz
 306cda644ebe375dc57e0b173761bf819f9b0cbcccf922a283eec0d02a13b506 3016 
rust-serde-derive_1.0.106-1.debian.tar.xz
 78a6dcd9b65b7a1ff079c68c5659c65c7feba462e02df1e28a6e2ce6b607be26 7517 
rust-serde-derive_1.0.106-1_source.buildinfo
Files:
 aefb6b923be76e1a1912276bf3456bcf 2473 rust optional 
rust-serde-derive_1.0.106-1.dsc
 37b637cdf95bd10407f23d46d486b15a 49719 rust optional 
rust-serde-derive_1.0.106.orig.tar.gz
 172030212483b3bef577a322a3b3e4cc 3016 rust optional 
rust-serde-derive_1.0.106-1.debian.tar.xz
 e152db3f8006b4112c3d0958e2d9ab63 7517 rust optional 
rust-serde-derive_1.0.106-1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQJLBAEBCgA1FiEEhWSUk7LYy5Yue0UiITeAY1BXOwQFAl6l2Q8XHHdvbGZnYW5n
QHNpbGJlcm1heXIuYXQACgkQITeAY1BXOwQY+BAAxXbuGzcq79wBmLOSt54BeVov
YA0eEHCC5kVZjQhZJ9wGjWFyViBt7gmDU5LuoUAw+ABpzt8FT8YG/zQRRwIKnH3y
bCJSPpysnil3qRcOE08TnI1Cn8DSv97jg1ILgViWDxrE1DxGUF39OG9eqVGVYxX5
jV0/V3Rbs/EPLdhIgf34Mm7phZOpV6iKVKlem3Nc4f4A7S0BkxgeB0t3csnyowzC
hguteiw29gcLPPJ3l6+HGzyPWUOdko5Ofwnby+QHEk3AXZ/lK5tWRP9tYxwNjQr1
sN+XQ6Wu+1nS2Bxl0pkugnKRRfwNUmevwgaounGMqvqUrH7cT3vN9B4pWOxV4nxg
laT3/Jk8OzLD/dLQTRrLXWiwhvvIhvWg4ehO4CI3cJQPGcm6jBabUJv3XluQgSlL
BQVEe2BIxi+EpLMoOGobbN4/Nx3COLzKYyqlvxkKJbeScOtDRV5kwckMdrftoVjV
Im4cbI4W53rT+80oX+iI75RPTyXt9i25nB3JSFwDZMbRjgjeiGJpLCClG8YOdo0M
Qs2394u0LGLozgyugSOrdfqx6dtzjc4obxfgv10e8WxoLLfEJ8BJubNLeg6BCt88
D31Yl0OgccV1BG383EcV5qMSKAbrbXHiYAYi8S191bas9h63zrnWzOWI1TB48xkz
IF4pKDeZO2RgWOnSgvo=
=YIGK
-END PGP SIGNATURE-

Accepted ifenslave 2.10 (source) into unstable

[Debian FTP Masters]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sun, 26 Apr 2020 21:09:15 +0200
Source: ifenslave
Architecture: source
Version: 2.10
Distribution: unstable
Urgency: medium
Maintainer: Guus Sliepen 
Changed-By: Guus Sliepen 
Closes: 878601 914308 926881
Changes:
 ifenslave (2.10) unstable; urgency=medium
 .
   * Drop the transitional ifenslave-2.6 packages. Closes: #878601
   * Update Vcs-* links to point to Salsa.
   * Add support for tlb_dynamic_lb: Closes: #926881
   * Remove the ifenslave binary, use iproute2 instead.
   * Fix typo in bonding example. Closes: #914308
   * Bump Standards-Version.
   * Remove debian/compat, use Build-Depends: debhelper-compat instead.
   * Set Rules-Requires-Root: no.
Checksums-Sha1:
 a3fa62fbbc60bdfd33978a257262b73798bef018 1554 ifenslave_2.10.dsc
 d025dabadcb57de3312c55a03e2341d1e1402075 11924 ifenslave_2.10.tar.xz
 fd1a02567725a0ce45fcb7965b80832e0f074234 6655 ifenslave_2.10_source.buildinfo
Checksums-Sha256:
 28c04076628df6a5088cb85f194aec57cc8a8759971f6c819fec0ab27aefbb21 1554 
ifenslave_2.10.dsc
 a52c788d098464d2a908384790d7bdac53c4c16fc15a4e6fd78ae9ea492e033d 11924 
ifenslave_2.10.tar.xz
 920684f90853fc5885e10e346da21bc7c8808964b09d9576535ba08c7bb63251 6655 
ifenslave_2.10_source.buildinfo
Files:
 15dbcaf24290ba5f8dbe2ac6674ed650 1554 net optional ifenslave_2.10.dsc
 7d4a7b12d833455e1f89093a9943c64d 11924 net optional ifenslave_2.10.tar.xz
 396910789eab123751b15e7cf6382e11 6655 net optional 
ifenslave_2.10_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEETRt3lsA+CDGZG91CP0kN64ce+foFAl6l3JEACgkQP0kN64ce
+fo7eg/+Ib9vdgYj8aaUXzfc98E2rqNnP10W88I4Lp0UK0z7ialGhsj8bgo81HfE
g6P8FLXxj3c7wl88aa9j5/wkVzd8uxk666Z+Cu+YqOHTYJZHF+4nUQSrQszEJqiW
1Xdfk02D+bhfFG3vvLoRhHdVjCaGt02St9ejyLUaNqgj4w2k7urew+Dy6YSeOPrM
R7ruMc3qgKBiuUklbViWDb5/QgTmvDqYhyiLDjPclKhIDD8A7hRhY061kuQuu9SU
BXIwQa0eb6fYr/yPH1tVFLr1n853j5xuHt+muoOlM4mVGkVoxC/2uIO0jkjz73bh
ShNMtTo3bo13Vt2O2mm6GLPNdOq277/I/6/82SIu7y9G69Zhqtt5ELxIO5Pz729s
h2Zxm734K7mijjaMRaTzN2ZyjUhqaWkcKeAdJZzBCV/HavblJh2BOUphEOI17kB2
TY3kJIZJgYsmqZ6h3gve5necRfSMMtRx8SPO+TnCwmaqyXvXCyi8cB3Nc3eg2jpQ
BQWeSsNKMBVexPhWw7cKvQ4OB2ZZ5Zj4Yt/wUmx+qge+nzyzeKO/Yo/jh9ZhSHmT
ibT2Ldk27YTEjNPqX8kPNeN1paXjjgne443HDh86Ks7rq2Ip4hwRYWBoXr32b2zL
rsAPCE3kw1GjR1zO93chYVZO+RNNQHO6Dm5AJ83FujMgWkMJ6iA=
=L9pJ
-END PGP SIGNATURE-

Accepted brutespray 1.6.8-1 (source) into unstable

[Debian FTP Masters]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 26 Apr 2020 17:15:08 +0200
Source: brutespray
Architecture: source
Version: 1.6.8-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Security Tools 
Changed-By: Stephane Neveu 
Changes:
 brutespray (1.6.8-1) unstable; urgency=medium
 .
   * New upstream version 1.6.8
   * Bump to standards-version version 4.5.0
   * Add Rules-Requires-Root: no
   * Update Uploaders field to match changelog
   * Add Autopkgtest
Checksums-Sha1:
 67dea63c1a844d2779ef860d7b3ffabd6c1ad996 1991 brutespray_1.6.8-1.dsc
 eb7046e6560f9cee5dc78d1786a65db7d0e4d229 10280 brutespray_1.6.8.orig.tar.gz
 2219d3876fb25d470b0dd87772d461dc35d0e065 3520 brutespray_1.6.8-1.debian.tar.xz
 889a921d8bce847e76a2a27d1752490a250c99a9 7389 
brutespray_1.6.8-1_amd64.buildinfo
Checksums-Sha256:
 4d25a1dff34d0ca530dd9b927444e25221530fd2bb9955152157238784a78094 1991 
brutespray_1.6.8-1.dsc
 42eb56b500d80262d2f6bb2a812abe6b4a360606ae8785dbae8f237e6970b377 10280 
brutespray_1.6.8.orig.tar.gz
 b66ec919c008eba5386397cacf2a063c797327f73abc8b53b0c019c406fb56fa 3520 
brutespray_1.6.8-1.debian.tar.xz
 28e8c6abfdb2753c44d5e67f3ec427bf5d1d5f92e417b44add212196a2a0a567 7389 
brutespray_1.6.8-1_amd64.buildinfo
Files:
 9054c951c7a02bfe646245f82bc1b46e 1991 net optional brutespray_1.6.8-1.dsc
 995be179dfc4fc2ee8fce29dbeb6956a 10280 net optional 
brutespray_1.6.8.orig.tar.gz
 d4cea5de7f654248cbf2f730430b7741 3520 net optional 
brutespray_1.6.8-1.debian.tar.xz
 3e33262a670966fb769806044f9e4574 7389 net optional 
brutespray_1.6.8-1_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEBdtqg34QX0sdAsVfu6n6rcz7RwcFAl6l1WQACgkQu6n6rcz7
RwdBZxAAhaJhpLBe64GZN7YvUDAHOl+Of8dddmrefl4U6SLF+rfUrSvokAfglRLi
jZltAG+5kneCghv92ZbQ5r8cqbwawy4Kt/XLLRp9ss1Yzau7qua2Fk1t3rUwDch7
dAcGYq+MsqIMPB5F5AWV9Ya3hEJ3DTWu51EdnV2Nsg9LPEmFog+T4oJD37VhFivm
9yGF2BIUYGComgDjXhnMgfefmlUdj6MrsGfprIqYCvnpKSKjcKX+DmSuMg/loq+N
5pp7ctNmR65tHcle7FW72vvA/mRGH1XJNe53LGHOXKhFJcUxUk3BpVfNrNzbzgBW
VO0MXIPlHperFZgY8CZ4x8Z83lFD3M6I5/oQpi5O+41gOn4nrRlPavzVj2n780wp
r85vP3+ieHnb+MCqZt2ruVmx/RrdEC//qjpsQ0jc88XSdzeFrWp4zSQuXiCwd2d3
7BofBfeda3pdRa1mP0z1kwIl3D2j2Y4m6G8Isxsqw31njUuRFYEBjWlLzdNK0c1i
17BSN8ldOFU+0KXVcpv1QJlfmUdEkWJw1pdU30DGmJViGY4c9XzpoAdLjOSPjvy6
is/qhUu6CZ0K1rOe67oidNwPCKpe9M1EV8YqGthrvTpc1Yo2ZpurS5oA9noVKPTd
y5Her9OlrGwbMEJ6zV/2Z2I4/IRasdaVvBnkdtyxTT/6lEtktyU=
=BvtB
-END PGP SIGNATURE-

Re: Salsa update: no more "-guest" and more

[Bernd Zeimetz]

On 4/26/20 8:46 PM, Johannes Schauer wrote:
> Quoting Bernd Zeimetz (2020-04-26 20:34:12)
>> On 4/26/20 12:41 AM, Thomas Goirand wrote:
>>> On 4/25/20 11:14 PM, Bernd Zeimetz wrote:
 Actually I think 2FA should be enforced for everybody.
 Even debian.org related passwords might get lost.
>>> I use strong password, stored with keepassxc, with the password db
>>> encrypted using the HMAC of my yubikey. In what way is this not safe enough
>>> already? 2FA will add nothing in my case, just more annoyance.
>> And then somebody sends you a phishing mail and you enter your password into
>> salsa.debiana.org...
> 
> This cannot happen with a password manager that keeps track of the domain for
> which it stores the passwords.

So you have a browser integrated password manager and consider it secure?
Interesting...


>> And if it doesn't happen to you, it happens to somebody else. Or you or
>> somebody else has to use a more public or work computer for whatever reason.
> 
> this means, that if 2FA would be made mandatory, people like me without a
> smartphone would not be able to use other computers than their private ones
> anymore.

As discussed before, you don't need a smartphone.


-- 
 Bernd ZeimetzDebian GNU/Linux Developer
 http://bzed.dehttp://www.debian.org
 GPG Fingerprint: ECA1 E3F2 8E11 2432 D485  DD95 EB36 171A 6FF9 435F

Accepted meson 0.54.1-1 (source) into unstable

[Debian FTP Masters]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sun, 26 Apr 2020 12:10:21 +0300
Source: meson
Architecture: source
Version: 0.54.1-1
Distribution: unstable
Urgency: medium
Maintainer: Jussi Pakkanen 
Changed-By: Jussi Pakkanen 
Changes:
 meson (0.54.1-1) unstable; urgency=medium
 .
   * New upstream release.
Checksums-Sha1:
 51c2eb05b6350636ed673099448f403891ed64e3 3433 meson_0.54.1-1.dsc
 ed781e5e8f4c5f0c0e6d65acbc945039761807b8 1687532 meson_0.54.1.orig.tar.gz
 e97e4828dcab441b0ae9e3c68da54bdd6e453fb8 13672 meson_0.54.1-1.debian.tar.xz
 05a72efda1907f03899be270f592d90a6fdc4cf7 33810 meson_0.54.1-1_source.buildinfo
Checksums-Sha256:
 1a582254c9efe70c623097cd50b77eb8cbdf1d50ddae87192ca1ec04fffc9cc1 3433 
meson_0.54.1-1.dsc
 2f76fb4572762be13ee479292610091b4509af5788bcceb391fe222bcd0296dc 1687532 
meson_0.54.1.orig.tar.gz
 9d165f0419172cbfa641707d59660ff1c3b96c01d083460e9fe30e7913a71ab8 13672 
meson_0.54.1-1.debian.tar.xz
 1a95a69011931eff4d891991221fc759f4de2c81841f0f15e472cc8dea0327ed 33810 
meson_0.54.1-1_source.buildinfo
Files:
 0346210acb7efff6b4c17faffcfe3e41 3433 devel optional meson_0.54.1-1.dsc
 1624d083535ec188adad71ba46d770b3 1687532 devel optional 
meson_0.54.1.orig.tar.gz
 0bc062b6ab3894d562886ac2d69f5c51 13672 devel optional 
meson_0.54.1-1.debian.tar.xz
 f6848273ab052fef19516d65fdf7a49a 33810 devel optional 
meson_0.54.1-1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEEPbRrVe+lnUDmIyFI0U7xXa/hE0cFAl6l2NoACgkQ0U7xXa/h
E0eW/xAAwo2sRFJm3wILFxKElOGJG4ZUZGRHjRpH0HN/5zBt3GJ4S1o2JivenV51
cowp5w40Pr8hJ6jM+bCxjtqftaV+aZEaiPlX53P3oPRFQYucy2VrAKeMdjxpwhnd
EPRHBlGSD7cC8GcXP5oB4WTJD+anW6IblhAHePRgosSljy+gZ/tf6pQ0W2NVf8a1
HCrvevP4KNv4/hreiQZ10IyqxqmEfInC7HuTin6Vc8WYI0lScPJe/ASrYvunl477
pNE0471L88OGhfCxVPP7+OFrmJWQ2X/7UChgrCtXAFzxyC22TgynmxX8vM4gFsLb
6HfLQb5co7HgjUBiZIjtzekkCP01qh25Ms7y7P3LsIjWQULQBXov+SBDV4CAsq2Z
tcwy+Zi/HkyJ1ONOch8jyXAINnxs3pgfIRj3j/eVMqEermhI6aRetWCyp/xL8MXx
g/j07QzJlzRHBZwD4In7UtsPiVGJktWj7XjTjF8I0tuLC4dk/SxqmgaOLgKvp0aP
OlmQMVF/MFR0JXrfZjfc3G0m2vkjUs3qqvjn9Fw1MzoIXF44OBWoHuoW6+xlZfZW
F577lWEj+MqGGuZ7ujyy5H961Fxqyg3JcJWfEQde+fOxh5rfcQYs2QWbhGeZP2WX
xau3iMBzbUZifKndPDMuf7qMiwb6UFqgDsTBg/OvESHW0tzO7rg=
=a9ys
-END PGP SIGNATURE-

Accepted eas4tbsync 1.14-2~exp1 (source all) into experimental

[Debian FTP Masters]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 26 Apr 2020 20:49:35 +0200
Source: eas4tbsync
Binary: webext-eas4tbsync
Architecture: source all
Version: 1.14-2~exp1
Distribution: experimental
Urgency: medium
Maintainer: Debian Mozilla Extension Maintainers 

Changed-By: Mechtilde Stehmann 
Description:
 webext-eas4tbsync - Provide Exchange ActiveSync (EAS v2.5 & v14.0) 
synchronization ca
Changes:
 eas4tbsync (1.14-2~exp1) experimental; urgency=medium
 .
   * [d5e4038] Adapt using TB>=76
Checksums-Sha1:
 859a5c179dce192064ce985f54e9b6cf334649f3 1992 eas4tbsync_1.14-2~exp1.dsc
 2f31a5c8d96df96c502197a8e94f13edc3a5e276 8892 
eas4tbsync_1.14-2~exp1.debian.tar.xz
 915e9c574d281b455218d55977f4b58d6b6f4d85 5507 
eas4tbsync_1.14-2~exp1_amd64.buildinfo
 d5aa18cad4deee2cc8de74776f765ce8ab5871fd 351872 
webext-eas4tbsync_1.14-2~exp1_all.deb
Checksums-Sha256:
 214c8de9886dd29eb956baef27f12bf0c5bbafda08c78bcc416bce39a358e2fb 1992 
eas4tbsync_1.14-2~exp1.dsc
 fa1c501e75b8cd931996ff4eb6db0b1c9a8e7d18c4ff57cb6a1753f01007f9af 8892 
eas4tbsync_1.14-2~exp1.debian.tar.xz
 0f58a54a5f200ae3b54592e9ff0dd2378257f21a18ec3a29653efac425ba0036 5507 
eas4tbsync_1.14-2~exp1_amd64.buildinfo
 0c358b27a56d574b2a494b455895978de991104e8582146146d966fbdffbb62b 351872 
webext-eas4tbsync_1.14-2~exp1_all.deb
Files:
 c93367e887669afed22a8fc4e3c2e1ff 1992 mail optional eas4tbsync_1.14-2~exp1.dsc
 d73e3705924e3d88aca3434c94ba429d 8892 mail optional 
eas4tbsync_1.14-2~exp1.debian.tar.xz
 e3eb67487ba87c4477db29a2562a1a8a 5507 mail optional 
eas4tbsync_1.14-2~exp1_amd64.buildinfo
 6dd6cde58c8872a3a84ba0859fd8275b 351872 mail optional 
webext-eas4tbsync_1.14-2~exp1_all.deb

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEE8ON/Pch6SZgomTnn8od7uhQarX8FAl6l2K8ACgkQ8od7uhQa
rX9UBA/8CuXsleJMgKVcGj5hTD0A1S37R5yNW+0V5ORM8Td4rby7J/b+0qVGtCUt
khyw48sJ0c0WC9psqzpmfk+Dh1W7HJzL0KPT5xtlxQLagcpgy5/1nmt8UxolOjkV
ti5+io+ZYwez6Lwpk8c19Q+PzXpoVgF4di0C7eTO6pjvmfzIP8Wd0+rnHvEBZP8z
IW5bY2S6M3TfnRy6Fd3EZSqxL5AJAC710esAeaj+jR8PoQ7+gaYqIk73pMCeJOYs
pf08dRepb+2la628k9YeEOw9X5p5GKf7wsUGqKv8ebM8iBotKaoYWao50lYoylMg
hmGiG/iiaf8HWTMd3HHTlWkXzD8WMXhkcUiTWrNUxm+qJFGFG4MyksxQ4m25W8Zr
5PXD9EfsqfFjIRHfWkjL9Ww1abBMTpLde54GpBrVSDQySikZ/5q/Gwzb8QbRzUwp
ghlgV+euNSTUZdfTHfb2sa4ontSqcVCBq+n++T0LPEDFlTUK1P4exC+1u9M5/BXc
JP8WmCHDb5XP6Wmy3C0zQNJ1B9i6wwy8Aohe3pRDcAAEIQuVOW4qKqyEIgHmMIIg
ZqEdXc1c/1dGp+OPYKKO0dBbS5lydr/7S0Sb8/G0c/ucyGWmgln5L0od+x7qBbwf
Y1VSRv612z6Db30iC3dLDdg/GBv6825mi2a1wlalcfKgmrXoPg8=
=6p1x
-END PGP SIGNATURE-

Re: Salsa update: no more "-guest" and more

[Bernd Zeimetz]

On 4/26/20 8:30 PM, Bastian Blank wrote:
> On Sat, Apr 25, 2020 at 11:14:39PM +0200, Bernd Zeimetz wrote:
>> Actually I think 2FA should be enforced for everybody.
> 
> No, we don't enforce 2FA for everybody.  And I don't consider it
> appropriate to raise the option.

Could you explain why?

There is nothing bad on an extra bit of security.



-- 
 Bernd ZeimetzDebian GNU/Linux Developer
 http://bzed.dehttp://www.debian.org
 GPG Fingerprint: ECA1 E3F2 8E11 2432 D485  DD95 EB36 171A 6FF9 435F

Accepted node-mqtt 3.0.0-3 (source) into unstable

[Debian FTP Masters]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Mon, 27 Apr 2020 02:23:57 +0800
Source: node-mqtt
Architecture: source
Version: 3.0.0-3
Distribution: unstable
Urgency: low
Maintainer: Debian Javascript Maintainers 

Changed-By: Ying-Chun Liu (PaulLiu) 
Closes: 958382
Changes:
 node-mqtt (3.0.0-3) unstable; urgency=low
 .
   [ Ying-Chun Liu (PaulLiu)  ]
   * Make the build reproducible (Closes: #958382)
 - Thanks to "Chris Lamb" 
Checksums-Sha1:
 dd5fb5a0b22db048e3e5353328bac8169765e85c 2654 node-mqtt_3.0.0-3.dsc
 688719c77163a111fe40c7696ee767328881f630 6080 node-mqtt_3.0.0-3.debian.tar.xz
 192a9a8bf9fedb49c4f95d25257ecfa68d2083b9 17703 
node-mqtt_3.0.0-3_source.buildinfo
Checksums-Sha256:
 402015e6b58c28ea51dd58c044c8b8724e29a2dd0216b7155ac6b656a70c5377 2654 
node-mqtt_3.0.0-3.dsc
 a6f222fd1394c32fe75a388829345355d4dc668b5eb38a1b8c019a4e23de8e06 6080 
node-mqtt_3.0.0-3.debian.tar.xz
 1251761b6b476e5dd14c921bb0ed4f314e395b0b8e54fe5b3198444f1ce02f5c 17703 
node-mqtt_3.0.0-3_source.buildinfo
Files:
 4adda74590c44acb7611716f18a224e7 2654 javascript optional node-mqtt_3.0.0-3.dsc
 89eb43cf26967378f5d4917a87a06f65 6080 javascript optional 
node-mqtt_3.0.0-3.debian.tar.xz
 6f4d7cbace4fc2592bbdbe43fb1648e7 17703 javascript optional 
node-mqtt_3.0.0-3_source.buildinfo

-BEGIN PGP SIGNATURE-

iQJHBAEBCgAxFiEEo2h49GQQhoFgDLZIRBc/oT0FiIgFAl6l0nMTHHBhdWxsaXVA
ZGViaWFuLm9yZwAKCRBEFz+hPQWIiJfdD/9qV4v9KZ0OShU1vtnXjgQ+SxAVN4Ko
zIDSgX+XxvzyOTHq3aWLybZyUMOGVjw4jJJcH/FR7fCvg1+mNEneT3antzvcsQ21
28wIgFsMagoap5SP64HVjrUUrNVgxYPMNatlgfOAlGhQzjTmtS7Y8PLV7l6aTdGq
EkHjLiJijXWkd0vdzOm7klYPsU0FN+bdjk7OO71ncBcpNmDGSOR6jI70Ydb1n0uE
8KzyyZLYuLw7phosLRn3Ifornj043u6o/c2PIH4EygP+JRftntAlRFpzLMjf6zXV
8VCZCl7bI4abFGubTI1loyxO/qubc517bmA3yNnnMNVa+WYRUhaw4R2vT5xorOLB
gqRa2ZyG2/Tba+lX1KrP025N5tII362G6US8Lt+5vAwfqIjnFyV9RkXLnNtkhjC0
8Zi5sOmiXojfj5KugxFGxar/uWQ1VR4N6u0mJpf8JeEztiyLKuLOvYhAPJS7vJMQ
edPrHXtKI137/KSP0Zc5BJBxJy3Ur6ukvf2oKs2/Isf6JbnLAg8KUGGni395TuP4
JKncmlVKltLMD5ZfpBP26PUe2suvlBp4BZMbSI2XLppY3GzbOq9tHZwFP+jB0Jl9
wzcknGc1WhBYhgh6JmrRMD4prJZfJThwRLrtIo0XeTAPebYtDPPYT7FVrpGT+pWv
g2XVZwOPwoJmgg==
=2hXb
-END PGP SIGNATURE-

Accepted taglib 1.11.1+dfsg.1-2 (source) into unstable

[Debian FTP Masters]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 26 Apr 2020 13:55:26 -0400
Source: taglib
Architecture: source
Version: 1.11.1+dfsg.1-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Multimedia Maintainers 
Changed-By: Boyuan Yang 
Closes: 915281
Changes:
 taglib (1.11.1+dfsg.1-2) unstable; urgency=medium
 .
   * debian/symbols: Refresh symbols again using buildd logs.
   * debian/patches: Add patch to fix corruption on
 handling ogg files. (Closes: #915281, upstream issue 775)
Checksums-Sha1:
 3968bf8c0266f0999b2cfac55115af6cafb32042 2347 taglib_1.11.1+dfsg.1-2.dsc
 9aef362b78c08233dd6ea10534e6370f923f8246 35412 
taglib_1.11.1+dfsg.1-2.debian.tar.xz
 7467b953c00fd224b491b5aa6c8c60a0838f5a2b 10746 
taglib_1.11.1+dfsg.1-2_amd64.buildinfo
Checksums-Sha256:
 4bc4c15b93317d662ce7b6e1cfcc7c77da1e3e4af61334f0814fc4a3b09457ea 2347 
taglib_1.11.1+dfsg.1-2.dsc
 24fe89aac3cdc449a80e288624941db980da0ac6d3dd21a892769836bab4d44e 35412 
taglib_1.11.1+dfsg.1-2.debian.tar.xz
 fad10dd4a6e95ccd7c5cde0fe4554deafd734dbaae70632db40b6b77dad7e748 10746 
taglib_1.11.1+dfsg.1-2_amd64.buildinfo
Files:
 08e8952b62956459615397b3d3f4d495 2347 libs optional taglib_1.11.1+dfsg.1-2.dsc
 6be4c27239e88903a86e396e6a6d2757 35412 libs optional 
taglib_1.11.1+dfsg.1-2.debian.tar.xz
 bdac57d416e25fb9537fbd0fdaeda5b1 10746 libs optional 
taglib_1.11.1+dfsg.1-2_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEfncpR22H1vEdkazLwpPntGGCWs4FAl6lzYMACgkQwpPntGGC
Ws4Tvw/+PS9YjzdU4S8gs/uOavWSOKT0yGE0UFSQtK/nR1POIalYHoBYnxwFinvD
TJrphqDAkKLbNLDYQotCnue39CIasYvI2i8a0n/Zd3ZNO2KH9+kp5iy5F8GPlbO+
xG9G7RjZ/It9+qPd3oDeRpQx/BhjCh/jejjl+UV9tlCT9d5upLdY/dbfl+FyfGWt
zyeVpDidwydOMyXHrM0aBQmZpqEZ4Zc2uyGVzaKmJH09RomWdecv83MHhH5ymjkE
i0fW/yY09mvucxrBH8f2qZfATtYM3FK2DdY4J3JqZ6oyStrf9WOe6aa0D/3C303R
U8MARiw35ZNNOVKO7qgmmfpAs/qY01Y/2l+z55PQuZKylP6Hh+xg4PPs5M8cfWdf
SgvppUGVvZkTLPutVyBTA4WT8atofnD5qYAIssHYSyIzxKoILdwLM8f76dZXfRdF
HsqedqVYm1Jmi8Gb6maTdGbV0u0VDizm6PY1iN3XKDsfp/RHYv46BohogDLPit0O
HbjdiIH8XqK/MiMjeBENFso++bwIR1ZMMqT83uvrS6XlvrrUHV9mcKST0B23z6de
GENlzwTxcLqGy57sNQjlXsTUmJ6xOLDtvjgEwKf/YsjFU6nRAXaX+5wz4DpgGZ6o
V4gdqQaB3sljss4JaRpGWe0tfdwM2H+CtfsozgjVs3LQdlU/TSI=
=t2Z/
-END PGP SIGNATURE-

Accepted dav4tbsync 1.9-2~exp1 (source all) into experimental

[Debian FTP Masters]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 26 Apr 2020 20:16:20 +0200
Source: dav4tbsync
Binary: webext-dav4tbsync
Architecture: source all
Version: 1.9-2~exp1
Distribution: experimental
Urgency: medium
Maintainer: Debian Mozilla Extension Maintainers 

Changed-By: Mechtilde Stehmann 
Description:
 webext-dav4tbsync - Provide CalDAV & CardDAV for TbSync
Changes:
 dav4tbsync (1.9-2~exp1) experimental; urgency=medium
 .
   * [1d04328] Changed maintainer email in d/control to avoid lintian warning
   * [276c091] Adapt for using TB >=76
Checksums-Sha1:
 bd143c0e864520606217ca38ed26807b957184e4 1985 dav4tbsync_1.9-2~exp1.dsc
 8e5aabc6e5c1add2c1776a54326b2c603cce440a 9208 
dav4tbsync_1.9-2~exp1.debian.tar.xz
 921d2a78c89af8db5e02351c281704110504bf6e 5499 
dav4tbsync_1.9-2~exp1_amd64.buildinfo
 a2426be3967bfc2cad47f51607a248af2897b8f0 125048 
webext-dav4tbsync_1.9-2~exp1_all.deb
Checksums-Sha256:
 8fd59f60da1d4e79259a20d4dab42b08747de70d4cac72974d4a39a0059dc303 1985 
dav4tbsync_1.9-2~exp1.dsc
 7969b49f84b57b142bb28d316bbdda9630cf46010983442060b61f44563c295a 9208 
dav4tbsync_1.9-2~exp1.debian.tar.xz
 64fa1ed2d15e3d3a2bb602c2a0ea03a78332366e0e0edbe6190295ee1078bc6b 5499 
dav4tbsync_1.9-2~exp1_amd64.buildinfo
 c42728f2de70b2d09efa2ab872494dcdd3141a5e49576446b668051c3b0e0195 125048 
webext-dav4tbsync_1.9-2~exp1_all.deb
Files:
 1098959327cff9d05fd7b00e965f78f1 1985 mail optional dav4tbsync_1.9-2~exp1.dsc
 450d67b06cde046cbac6ae3ec2df2955 9208 mail optional 
dav4tbsync_1.9-2~exp1.debian.tar.xz
 401f51189b51a2fb9869c6eff649b067 5499 mail optional 
dav4tbsync_1.9-2~exp1_amd64.buildinfo
 cc66af9f2cfabb74ba3471ac31bcef2a 125048 mail optional 
webext-dav4tbsync_1.9-2~exp1_all.deb

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEE8ON/Pch6SZgomTnn8od7uhQarX8FAl6l0TgACgkQ8od7uhQa
rX8SlQ//c/sBoHichwLwLHdJ7MJffb7zJLpgaGZ/8X08ACjSlBFrl5SwKshYx/In
1cKSGTaQHDoDQaN882yTn/aSNnzed8PsFYlbD+VmiLQ51+V7YZHnl7xBMQUwNGkK
2lsNht7bvnTdWpG8J6gJf5mhHjZO0+vtmYtmaibRKZ7yzk9b4adfUW8RKvVhHbtI
7jsmEKCW+VWa0CiFOoTOBzCjrXC6Za6cH1r7XgAnHdzlZAQrlPHBgsrv92R62MKb
s6MM7fzGY/MpEFS2QpORA1pVH6zZLZVp1YRIRxHRKd/RLsb0rtSucWHjlMPBjU3q
68TMHxY7xiPTKLKtkmfn8eXY3/VIFFB0b+oTIQwjKZ5dVFvPdxRpEOSOHVtEZqT6
zkhD6rmQaTbPhkMxg/U/AfQAERNGN1Se7mFclLrHtKobgUhVWOa6Fh24yaqvd9oc
xraZmWQEm0TEBaKsiGra1JCPS2gAlJ23tdIV82ai6/Lhr31DicrwzB78KsbxUXXT
mrXJ5BH/JE/jH59iFC/wGBHGdo/Ym17fgcHnvXSrIlKxhA27o0DLRmsNil3r8zai
EXaCl3IGdz5BPJKInn4nK0dRtCiTxh7ZwroGPSYWukScfM7cxVumo7qEvwgq5CRV
PCBVVWjkri1D6zEIliKj7nbz0g+GtbaZ8Sc/VTSGrkZXKNk8AbM=
=eD0q
-END PGP SIGNATURE-

Accepted django-oauth-toolkit 1.3.2-1 (source) into unstable

[Debian FTP Masters]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 26 Apr 2020 20:26:29 +0200
Source: django-oauth-toolkit
Architecture: source
Version: 1.3.2-1
Distribution: unstable
Urgency: low
Maintainer: Debian Python Modules Team 

Changed-By: Michael Fladischer 
Changes:
 django-oauth-toolkit (1.3.2-1) unstable; urgency=low
 .
   * New upstream release.
   * Refresh patches.
Checksums-Sha1:
 5fcdf29266aa8e9a38b53135327ce5faecc839bf 2035 django-oauth-toolkit_1.3.2-1.dsc
 e3786af00dc9c9588a1ef2018acbe1865c6d8398 95133 
django-oauth-toolkit_1.3.2.orig.tar.gz
 4502782e60880c2b87e1a3bf33b9bc323fc1e748 4424 
django-oauth-toolkit_1.3.2-1.debian.tar.xz
 98a6731ed2ece11beb49300ef3b67d21e470c438 8030 
django-oauth-toolkit_1.3.2-1_amd64.buildinfo
Checksums-Sha256:
 1078e1af8d93accaa6fa71c70ccb8ff865f291e01e1703a519217e64be14aa4e 2035 
django-oauth-toolkit_1.3.2-1.dsc
 db144c21d85e4831a2339a2c0562963f9b4e68dcebfe1bc6b5e4355a92b9add6 95133 
django-oauth-toolkit_1.3.2.orig.tar.gz
 6a5f27a0fac332d8178926933e2ae3277273416c563728ee47b4ad242f186330 4424 
django-oauth-toolkit_1.3.2-1.debian.tar.xz
 8fd938b928261282dfdb1738d144f2f57c682c48f3b03331dc46f117ca4f6847 8030 
django-oauth-toolkit_1.3.2-1_amd64.buildinfo
Files:
 e96c33963fc769120306afd15157a550 2035 python optional 
django-oauth-toolkit_1.3.2-1.dsc
 782af72c3c28a1cc136cb08401ab1e65 95133 python optional 
django-oauth-toolkit_1.3.2.orig.tar.gz
 5eb396d5bce122c9d0e67b3d18b1b17d 4424 python optional 
django-oauth-toolkit_1.3.2-1.debian.tar.xz
 6ebca368825cc731c0bbe5e0c948bf2c 8030 python optional 
django-oauth-toolkit_1.3.2-1_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQEzBAEBCgAdFiEEqVSlRXW87UkkCnJc/9PIi5l90WoFAl6l1HIACgkQ/9PIi5l9
0WpyoAf9HbMZSypbKnKSEH5KF+CFYNtn2jBhOui/LLnYpG+yQaSdEGoiMuc8ZubW
XPDAFdv7AzdrIu0six+VuPldKIEioPLaakaMZii4Zc1d6RdmTGPy760I2noFBRVQ
Ls8VPm7rsSuR87xutXvRGJ/QmerCm3tX9gQDYrxbZgaQfLsSCxF86ucXeRm/1eaF
jDwKPF0n2BEJzysivbN/44L0Y0TJJum3FNKAq7djGd09/mtwPQmXGMYU+LMCjwaR
ztKaI2RPOuWVjm9PCSfpF3AKTbDgybpyJza7HE6zilnyDdayFqHIanJX0BBJyNUm
nKbvxnrZRJKhvi8ou2HeqmQuF5js5w==
=nvh2
-END PGP SIGNATURE-

Re: Salsa update: no more "-guest" and more

[Bastian Blank]

On Sat, Apr 25, 2020 at 11:14:39PM +0200, Bernd Zeimetz wrote:
> Actually I think 2FA should be enforced for everybody.

No, we don't enforce 2FA for everybody.  And I don't consider it
appropriate to raise the option.

However, you may choose to enforce 2FA for all users of your groups.

Regards,
Bastian

-- 
It is necessary to have purpose.
-- Alice #1, "I, Mudd", stardate 4513.3

Re: Salsa update: no more "-guest" and more

[Johannes Schauer]

Quoting Bernd Zeimetz (2020-04-26 20:34:12)
> On 4/26/20 12:41 AM, Thomas Goirand wrote:
> > On 4/25/20 11:14 PM, Bernd Zeimetz wrote:
> >> Actually I think 2FA should be enforced for everybody.
> >> Even debian.org related passwords might get lost.
> > I use strong password, stored with keepassxc, with the password db
> > encrypted using the HMAC of my yubikey. In what way is this not safe enough
> > already? 2FA will add nothing in my case, just more annoyance.
> And then somebody sends you a phishing mail and you enter your password into
> salsa.debiana.org...

This cannot happen with a password manager that keeps track of the domain for
which it stores the passwords.

> And if it doesn't happen to you, it happens to somebody else. Or you or
> somebody else has to use a more public or work computer for whatever reason.

this means, that if 2FA would be made mandatory, people like me without a
smartphone would not be able to use other computers than their private ones
anymore.

signature.asc
Description: signature

Re: Salsa update: no more "-guest" and more

[Bernd Zeimetz]

On 4/26/20 12:31 AM, Gard Spreemann wrote:

> Right, but what's the threat model here? For some of us, losing the
> Salsa password is essentially only possible if we have had our PGP
> dongle or offline private key backup compromised. In this case, the
> attacker can sign uploads to the archive anyway, which is arguably more
> serious than a compromised Salsa account.

It might not be you, it might be somebody else. Not everybody is doing that.

Also: even you wouldn't be the first one to click on a fake link to
salsa.debiana.org or a similar site. Targeted attacks are nothing
uncommon and it is very likely that they succeed, at least with some of
the users.


-- 
 Bernd ZeimetzDebian GNU/Linux Developer
 http://bzed.dehttp://www.debian.org
 GPG Fingerprint: ECA1 E3F2 8E11 2432 D485  DD95 EB36 171A 6FF9 435F

Re: Salsa update: no more "-guest" and more

[Bernd Zeimetz]

On 4/26/20 2:40 PM, Michael Biebl wrote:
> Am 26.04.20 um 14:36 schrieb Mattia Rizzolo:
>> On Sun, Apr 26, 2020 at 02:07:54PM +0200, Bernd Zeimetz wrote:
>>> There are even cli tools that do the same stuff. I'd guess there is at 
>>> least one on Debian.
>>
>> Indeed, after I first lost a phone, and a second one broke, leaving me
>> with a quite huge pain to recover my accounts, I started using
> 
> On Android I switched from Google Authenticator to andOTP [1] because it
> has builtin backup functionality and being open source is a nice bonus.

Nice, thanks, I was looking for a tool like that!



-- 
 Bernd ZeimetzDebian GNU/Linux Developer
 http://bzed.dehttp://www.debian.org
 GPG Fingerprint: ECA1 E3F2 8E11 2432 D485  DD95 EB36 171A 6FF9 435F

Re: Salsa update: no more "-guest" and more

[Bernd Zeimetz]

On 4/26/20 12:41 AM, Thomas Goirand wrote:
> On 4/25/20 11:14 PM, Bernd Zeimetz wrote:
>> Actually I think 2FA should be enforced for everybody.
>> Even debian.org related passwords might get lost.
> 
> I use strong password, stored with keepassxc, with the password db
> encrypted using the HMAC of my yubikey. In what way is this not safe
> enough already? 2FA will add nothing in my case, just more annoyance.

And then somebody sends you a phishing mail and you enter your password
into salsa.debiana.org...

And if it doesn't happen to you, it happens to somebody else. Or you or
somebody else has to use a more public or work computer for whatever reason.

There are more ways to loose a password than you seem to be able to
think of.



Bernd


-- 
 Bernd ZeimetzDebian GNU/Linux Developer
 http://bzed.dehttp://www.debian.org
 GPG Fingerprint: ECA1 E3F2 8E11 2432 D485  DD95 EB36 171A 6FF9 435F

Accepted tbsync 2.11-2~exp1 (source all) into experimental

[Debian FTP Masters]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 26 Apr 2020 19:55:04 +0200
Source: tbsync
Binary: webext-tbsync
Architecture: source all
Version: 2.11-2~exp1
Distribution: experimental
Urgency: medium
Maintainer: Debian Mozilla Extension Maintainers 

Changed-By: Mechtilde Stehmann 
Description:
 webext-tbsync - Thunderbird/Lightning Add-On to support MS Exchange Calendar 
etc.
Changes:
 tbsync (2.11-2~exp1) experimental; urgency=medium
 .
   [ Mechtilde Stehmann ]
   * [760cf22] Changed maintainer email in d/control to avoid lintian warning
   * [744a80c] Removed lightning from dependency for TB >=76
   * [701c8fd] Adapt versions of dependencies
Checksums-Sha1:
 498b4d10d93729dd622ff7d51689698c653e9cb2 1942 tbsync_2.11-2~exp1.dsc
 2bbc04793f9b7f9ac6dc7930f77b3aa3aaa29ccf 9160 tbsync_2.11-2~exp1.debian.tar.xz
 4835532b7c731b484a10422ca08e24361a062c1a 5471 
tbsync_2.11-2~exp1_amd64.buildinfo
 24658ad0bdf9c955b6449e1e119f2880b8290e12 934332 
webext-tbsync_2.11-2~exp1_all.deb
Checksums-Sha256:
 0ce754f67753ed51db6f14f81bffb35ef43bc6252562685e700178de82d428ea 1942 
tbsync_2.11-2~exp1.dsc
 2ff1cd4dc0eeecc91207c9c4e2badbc44c0abf011d32eece448fdc19ac1ae165 9160 
tbsync_2.11-2~exp1.debian.tar.xz
 7a1cfbd89da76499c2cdc1499f2fb003f1b50353a5b9dc7a398253188ee7d905 5471 
tbsync_2.11-2~exp1_amd64.buildinfo
 3576de27347e9ab5cdcfb4d36ba9b437eaa07eafe3799ff2c26bc7f04260014e 934332 
webext-tbsync_2.11-2~exp1_all.deb
Files:
 2b36bfadcc234d204138be3587c5b082 1942 mail optional tbsync_2.11-2~exp1.dsc
 25d2a96c13fa61093c67e230a8b03e93 9160 mail optional 
tbsync_2.11-2~exp1.debian.tar.xz
 002ce11e0c535e64de56a33cf2883f76 5471 mail optional 
tbsync_2.11-2~exp1_amd64.buildinfo
 94a4e728c280531fc60fd610011f35ae 934332 mail optional 
webext-tbsync_2.11-2~exp1_all.deb

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEE8ON/Pch6SZgomTnn8od7uhQarX8FAl6lzBIACgkQ8od7uhQa
rX84Fw/+KWqMgu3Rf8sOxE2Y+X6GNzRVJpzF/CD7t2inQr21C2dr1ubD/YVoX9LO
yQGK/CKsU46s9uopGJEBJKYEfL7Vj9avy0shMtgc5LbgE0yhwaGCftXx8MSEeShb
6GubthC+aKC/OlNOsQFtDx704iXekzSFoEovBfsplUnjFGlo17njb/JdTtdzrhmJ
X3qytGWvaJBX1vsHbzcnulp54VoEZo4wlXKP1ZRUjgDlbXmDYvn/H4M77MhHkqh6
Vgto8xh3Cx6FYTZLTP9I67iYws6ndfSZyOm/22U/+5uUkfD7XFjXruBgKcuMy7hU
gUeRHtJJhql/kZZzTi+geDYS756i3yVzRDOz53OdWYQhZvznpblUDiHqnfVGHo5c
dTwa7TorjvzBjp0eE+eJUmcZ8SYNJwBlZFHeC69eqwKjTNXvPBTt4w2UrxLronK8
uetdve7VhElB2v5OdMyvPAYa92tIzf8t8OUCjFvx8vDLHOQkcg0BoKnDf0/Ilm7B
k7PofPzSH75bhmzLLHenpA8AKB2C3lYyqgat8GY2HliLGCkkcLxBdKZED+cbIqI+
WV5Z+eZhmC8UhsvT2QCvDjYIQuppUkZVTWP20VFHPLz1Xh9ToV5GQBYVMyf52nrU
3Yr5CZWhSSSbGb1QLy9CUl8Tn6TVHi2+/lG/roO5B7AeYE3rc/E=
=8E4l
-END PGP SIGNATURE-

Accepted choose-mirror 2.105 (source) into unstable

[Debian FTP Masters]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 26 Apr 2020 20:04:00 +0200
Source: choose-mirror
Architecture: source
Version: 2.105
Distribution: unstable
Urgency: medium
Maintainer: Debian Install System Team 
Changed-By: Julien Cristau 
Changes:
 choose-mirror (2.105) unstable; urgency=medium
 .
   * Update Mirrors.masterlist.  Hopefully for the last time today.
Checksums-Sha1:
 1ade0c91bda23d56e0017929b8ad76ffdb173310 1860 choose-mirror_2.105.dsc
 924316311f1127afe45c09181e360f53ed3f8c61 187048 choose-mirror_2.105.tar.xz
Checksums-Sha256:
 47a47143f3c36ca373043e334ce7447fffd45ac0af3427fb51a48fcd7b74902a 1860 
choose-mirror_2.105.dsc
 f91c8c383674d5fbe959364be24f1aec0987174baacc6e452b3b971f500a1a78 187048 
choose-mirror_2.105.tar.xz
Files:
 0d38563c232180b3ab9f99ef6b0685fc 1860 debian-installer optional 
choose-mirror_2.105.dsc
 ceaea9ea18d248c6e662112f189de3b1 187048 debian-installer optional 
choose-mirror_2.105.tar.xz

-BEGIN PGP SIGNATURE-

iQJIBAEBCgAyFiEEVXgdqzTmGgnvuIvhnbAjVVb4z60FAl6lzZQUHGpjcmlzdGF1
QGRlYmlhbi5vcmcACgkQnbAjVVb4z62x1xAAsmRKRSlf5y004+NAacCd0JlVrY8b
i1k/rf5fxcQ7DEms2DwnvaEpuBErGnUCOIfGtyCyQ9YBoP/dyzvZJO4rkUTYaBLa
QwcnQK+ppamzS+lb4H50R0aVji3slX6S4D8/19oRteFoYkkchS/gUUkgvwrQ5fpI
rcBz6bzkC61bXss3sJstUnsynb+W+4X5zumlsB9xfC3F6/HbXMvb8i++Z3Bp+Tly
+xe+5VUQapi8M39jEPfuqWERpVR9WnGdQ4BNLV/zuNsbXImwMkU6oewpJfGZo3kq
1KcVVGHJi7BPf+97A89CTsgGQ60Drh2uzxpeTJZdXZ7GRLTr7MLdY9mQKNPosRKZ
JIFwBZrhyMMPcGlglggOf4zk3KagI2qNhOL49/++HPTo+XiWBqykD+Su1pRgXtVf
aPFdHt1FYLOr3C/zKu3rJUrBv5fwaoYc+WT4lZTcZxA799x3PJxUFQXUo7z8PVsh
kXGIiC+Y4jnVo0RLbHxysyESfMYgzDFA5QoSF9iQ1ghs+ZmHiSR3zEZPiRIJknKi
pVG2KWJBtWXhmjDzO0l16GBgPCOxpfW4AZnaQaynY73cjA1JsDdSES2mIpjoE2k9
Ecy4i4D7zYwPgDbI41UXcsBnR53FhAOTSOKregWuBj79e38ljWq4MWSezSVQt9cD
vxOQGWC9yFGJP4Y=
=sIC0
-END PGP SIGNATURE-

Accepted choose-mirror 2.104 (source) into unstable

[Debian FTP Masters]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 26 Apr 2020 19:57:18 +0200
Source: choose-mirror
Architecture: source
Version: 2.104
Distribution: unstable
Urgency: medium
Maintainer: Debian Install System Team 
Changed-By: Julien Cristau 
Changes:
 choose-mirror (2.104) unstable; urgency=medium
 .
   * Update Mirrors.masterlist, once more with feeling.
Checksums-Sha1:
 72059390c5f1072f6d4540e749a2de32c1d51a06 1860 choose-mirror_2.104.dsc
 fe6bfa6af35600c111c3e5f3b29705d074de6d11 187072 choose-mirror_2.104.tar.xz
Checksums-Sha256:
 f7217433c4425a5baeccee29fdad039a5ad490f50f2808ffbd8a54a5d4ce3fe5 1860 
choose-mirror_2.104.dsc
 9f39a20a861230f1e2d492f9657fe92ef28c85dada820ae946717d3600d728db 187072 
choose-mirror_2.104.tar.xz
Files:
 4aa351241e487ffd7a19c8d1f8c99bd5 1860 debian-installer optional 
choose-mirror_2.104.dsc
 5bc59025bd8060c85f2b66e6ad9c411e 187072 debian-installer optional 
choose-mirror_2.104.tar.xz

-BEGIN PGP SIGNATURE-

iQJIBAEBCgAyFiEEVXgdqzTmGgnvuIvhnbAjVVb4z60FAl6ly+oUHGpjcmlzdGF1
QGRlYmlhbi5vcmcACgkQnbAjVVb4z62bbA//UZnEhQjKGkOiGkcRpkQAhGDK8720
xKi9vqxizTjjWIWIpIIO8WXR5SpyuWoYuG+avL56Fe7/6YQajMpZXo2MuxD2XKYt
IU5VJnkkKw82mGTo0h/Eg9C60MRqBOiWbJmPSikruVUA4i8I+lN+YhG65Gd2/jxy
CLTbnVmTnUCRch5akgHVnHL4lPqeiVARaOII0pS3i11OBCPVfxvMId52cOgjQW7Y
DeX0GS277PzUyVOzlGd20ljZOmSnzyFdFepLfAMpaBe8eaSJwxppXudUGBRaMb0K
Wwug7AyefkRedgzrSezuleBSIePujlkgrz7H8TeGfOr8Cj1t6mlElcHJ4Az+ST4D
C0dspboPCy5MzEjAa11Xcp90Qepemc9X0J1TWuQeNzPC65ozETFzHeef/E/m0uge
f+ylXsxwIAeIMoeRnWPHE06C8l8VV+syau98Dn9A3w1JitLq1lewDHSH6ol2JMZG
VkkNqc7aeBHmuFZOaTtEcQnp5G2UZWWZVAeuqwg6DZ8qp/gUrJFt35v4LjsVtQ6i
DtGlc1RHro7O7SWF5G9NlrGOHyvYIsUkojYmXWgbgYllUAN6CqN/6/3Iba/QUMM6
JDX+ho+N71ZqNA3CbtVR/H6SOwEjv3AXOIwWbq0fq61sKpmQtD8A6hVutaVLE9OK
i0KoCO0Ixbt+GpQ=
=5Su7
-END PGP SIGNATURE-

Re: Salsa update: no more "-guest" and more

[Bernd Zeimetz]

On 4/26/20 7:12 PM, Sean Whitton wrote:

> In such a case, though, haven't you essentially turned it back into one
> factor authentication (the single factor being your laptop)?

Still better than losing a single password in whatever way in the
internet. Targeted phishing attacks for example.

-- 
 Bernd ZeimetzDebian GNU/Linux Developer
 http://bzed.dehttp://www.debian.org
 GPG Fingerprint: ECA1 E3F2 8E11 2432 D485  DD95 EB36 171A 6FF9 435F

Re: Salsa update: no more "-guest" and more

[Xavier]

Le 26/04/2020 à 14:07, Bernd Zeimetz a écrit :
> Hi,
> 
> Google Authenticator is a software-based authenticator by Google that
> implements two-step verification services using the Time-based One-time
> Password Algorithm (TOTP; specified in RFC 6238) and HMAC-based One-time
> Password algorithm (HOTP; specified in RFC 4226), for authenticating
> users of software applications.

I used FreeOTP+ for years, like GoogleAuthenticator and free

Accepted yapet 2.4-1 (source) into unstable

[Debian FTP Masters]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 26 Apr 2020 19:39:35 +0200
Source: yapet
Architecture: source
Version: 2.4-1
Distribution: unstable
Urgency: medium
Maintainer: Salvatore Bonaccorso 
Changed-By: Salvatore Bonaccorso 
Closes: 958008
Changes:
 yapet (2.4-1) unstable; urgency=medium
 .
   [ Salsa Pipeline ]
   * Update salsa CI pipeline
 .
   [ Salvatore Bonaccorso ]
   * debian/watch: Update URL to match new download location
   * Update copyright years for debian/* packaging files
   * Bump Debhelper compat level to 13
   * Declare compliance with Debian policy 4.5.0
   * New upstream version 2.4
 - Fixes FTBFS with GCC-10 (Closes: #958008)
   * Refresh "Avoid remote fonts to avoid privacy breach" patch for context
 changes in 2.4
Checksums-Sha1: 
 3f81ba8543d45c97faef1908ba97708c9f2bbfa2 2032 yapet_2.4-1.dsc
 fe5c4bbbd6a2bd0e681b78a2b6c0c012a2a95efc 998036 yapet_2.4.orig.tar.xz
 40810d2ad842ae4fd5f7d85f5b0d857f25ee376a 6592 yapet_2.4-1.debian.tar.xz
Checksums-Sha256: 
 215fc68ee3f8e583e7c4862c9b41388b56c92c09616d420cf0ebb5af281a5fa5 2032 
yapet_2.4-1.dsc
 0e4e459a53e5f854613ea4206528c79c6e48f13b4d415072d54bb19dae6c 998036 
yapet_2.4.orig.tar.xz
 ec0b9a29104ed4158462b86c2b7131d1d8ff7c2d77bedaaa94e0d583c43a3751 6592 
yapet_2.4-1.debian.tar.xz
Files: 
 db028e2146e9cc2bc380026c8999168d 2032 utils optional yapet_2.4-1.dsc
 756e6535e88ca5972d529b447219f6f9 998036 utils optional yapet_2.4.orig.tar.xz
 493a931515b416956033a99bfbecd55d 6592 utils optional yapet_2.4-1.debian.tar.xz

-BEGIN PGP SIGNATURE-

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl6lyL9fFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EjBUP/j4a2EI0KdMfaaBt/m4SPt3Yh3K2goV5
4KYZDdn3ZG2Yv9q9Lkpyl6EuSgHZLVSNfb9tdPqWRu4iqkJtujmiJmVF/vK5JgB4
aI7OORRBCGAQOUffBPUwHHGF+mSgOdcHnaRMSBuw1Qs2Z4P9SAyVw3zni0F5/KPM
R4XEeQtkS5NaqVwaIZWQMoiNy/m+nqoqolwRCIirrW6svbdJGNA1ltTBo7tWbea4
fC5dOYqRUf64AIGHx5oJTXctvRFkOKWi3G0djDU089wwVtc/cyutofry9ExnOuvS
wGJ1i6OjyaQdvdGKqJlTQC8pKqC7JsI8XyDYvk8qsbyow90X9z8yWgld0YqXK0md
6ZaRliPyZzjRf3pJJFwAXNlU6xF+XtgV/HrsjFMCAwdQPO0zYwIWbmyWhqDE5Hl/
oZPbirbXcUekM9QinLJtxIjTkCguFn/IYwBeLsPD+reqnVkgXZEUzMiIcL9lPPgL
0uq35ZxEIZqlOQwZn4GqAwfFTtBn6hWFB7pBBNB84ddAMmhNLGb7APGyF8fbwIwK
UuWuPr5q6JVkFAgzCg9JZQ6VmPH2VNaV5ngqViwf7Lse3J2a5wIuRonmuhQHlc1y
K7mcU++zkziyyiZipNf0C0TsVifIHP9J9Y0e07azb/yrbsBUsIlo4A6+HM3moAf1
338RPZmErt9v
=yVjw
-END PGP SIGNATURE-

Accepted choose-mirror 2.103 (source) into unstable

[Debian FTP Masters]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 26 Apr 2020 19:52:18 +0200
Source: choose-mirror
Architecture: source
Version: 2.103
Distribution: unstable
Urgency: medium
Maintainer: Debian Install System Team 
Changed-By: Julien Cristau 
Changes:
 choose-mirror (2.103) unstable; urgency=medium
 .
   * Update Mirrors.masterlist, with fixed architecture lists.
Checksums-Sha1:
 6a04452b50970437ef6f127f270338aa51ff2ba1 1860 choose-mirror_2.103.dsc
 2742ee41a9abf6b347dd38d19ada1c663f4b03d1 187084 choose-mirror_2.103.tar.xz
Checksums-Sha256:
 2946433bccfac40c0ea9f187c4f0b50f64fd7983c41a8fcb8b1282e323c32cc7 1860 
choose-mirror_2.103.dsc
 b1a477a958d01418dc17ed17c93c2d51fcdc20c1669d71510c6e0a1c4e588546 187084 
choose-mirror_2.103.tar.xz
Files:
 ba3c533dc6961daa316a99d6171b8cf3 1860 debian-installer optional 
choose-mirror_2.103.dsc
 b65c90189c38bb624d7418821c69f694 187084 debian-installer optional 
choose-mirror_2.103.tar.xz

-BEGIN PGP SIGNATURE-

iQJIBAEBCgAyFiEEVXgdqzTmGgnvuIvhnbAjVVb4z60FAl6lyoAUHGpjcmlzdGF1
QGRlYmlhbi5vcmcACgkQnbAjVVb4z61GBg/8C4i/fzEVRPgp3k0YYlQra5eThVi6
y/wENKmldgkLur70+mTLt4GwZIHtX62vEmbCIW/VtmSsH7BxkNzQVUcDkG2YFyPd
UmxipLAlwiPkILYmWdt1cNciGKw7W1iYM6iFSrg8nyeOm6RmzR+9e6Q4L0eMm5/C
bQtBAW74mDCXQA7xY6gSpK7PnLxbwbco60NvitJHJnBrelnmpeeo8QqqcQDGaP+Q
rUT9gTLa8ss743ws3GydkB2WguxZyTMnuVNIQXHSkRPcazpgs092fHy//3t3hx10
YYcMYGmT0VqaQzYD/SYvL7NMoUyIhsP5jwRjDfWljt/2bbcxtuurYJXsKT5dZP3H
IHEOOYnsMk9cTg6vd3VbQUAzEY1vx/xMqmp4R7y5xCGIhyQ3mCRUwVXWblKW+S7Q
yQritbpU9R0Agv3xxurOscR62xPugh6Fp4Sa6DZ5fUa/zfWNgEEjvymFx8zkD2SL
XBz6ci0oY3pMFrBhi1EcI/qHzrWu4cIFBJ8W+D4T5KR78KUNEuKotV4JdzqONCd7
z9hL84s/q7gsJIZJ5BBxoHvVUqW2VZr9x0Vz7XNnM8XVJNE4rFrrIItOulsBmu/r
D6akP+TSxHsW6fIX+vClNQVGOo4jDpBmQzJ1J/oAgmHPZGCmI1PN3FJT1d74R+Rs
+NB6nYQBMA2XwsQ=
=lpuq
-END PGP SIGNATURE-

Accepted arm-trusted-firmware 2.3-1 (source) into unstable

[Debian FTP Masters]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 26 Apr 2020 10:34:37 -0700
Source: arm-trusted-firmware
Architecture: source
Version: 2.3-1
Distribution: unstable
Urgency: medium
Maintainer: Vagrant Cascadian 
Changed-By: Vagrant Cascadian 
Changes:
 arm-trusted-firmware (2.3-1) unstable; urgency=medium
 .
   * New upstream release.
   * debian/copyright: Update for new upstream version.
   * debian/upstream: Add upstream signing key.
Checksums-Sha1:
 543536ecdabc9638f0382db1294974eb1255e4b8 1433 arm-trusted-firmware_2.3-1.dsc
 a01b8b478c737b25a6a4ef52ed1b3e2c526f5dcd 4322726 
arm-trusted-firmware_2.3.orig.tar.gz
 be2013de3ef435c633d1aad9d448d8595fac00e3 6492 
arm-trusted-firmware_2.3-1.debian.tar.xz
 afd3e06c79c816f417304554d3db5827f4101a9a 5332 
arm-trusted-firmware_2.3-1_arm64.buildinfo
Checksums-Sha256:
 e61b5f93a457726bdddbe782476ca0fe781e3e59701325cd5e037496104ace53 1433 
arm-trusted-firmware_2.3-1.dsc
 37f917922bcef181164908c470a2f941006791c0113d738c498d39d95d543b21 4322726 
arm-trusted-firmware_2.3.orig.tar.gz
 7cc3cfbabb155bb11da30a6f4048fb63e85440f63e63a6a4150d44510f19bd6e 6492 
arm-trusted-firmware_2.3-1.debian.tar.xz
 cb61b762c040df0210cb50fe940dda0b2410dd55b075badd6ccc8e760e24b9ed 5332 
arm-trusted-firmware_2.3-1_arm64.buildinfo
Files:
 1387cc16fbc0c0a6b799295941572102 1433 admin optional 
arm-trusted-firmware_2.3-1.dsc
 628a32a3c3b3f0c567d1ea6ee5582807 4322726 admin optional 
arm-trusted-firmware_2.3.orig.tar.gz
 dbbed7d2417c54b9c2dac09e8ebd4fa3 6492 admin optional 
arm-trusted-firmware_2.3-1.debian.tar.xz
 41297eb1a70538f9b4a56b059afdb3ef 5332 admin optional 
arm-trusted-firmware_2.3-1_arm64.buildinfo

-BEGIN PGP SIGNATURE-

iIkEARYKADEWIQRlgHNhO/zFx+LkXUXcUY/If5cWqgUCXqXKBhMcdmFncmFudEBk
ZWJpYW4ub3JnAAoJENxRj8h/lxaq0ugA/1FYx6XWq2EXypElx0Mx/1WVRVFJ6wIZ
6t4ApLY48mRWAQCZQC9qWtuRr/SZYQIoMtXmuKf9t2y6c7wPsc3Ws5SaDg==
=T8Qz
-END PGP SIGNATURE-

Accepted mate-hud 19.10.1-2 (source all) into unstable, unstable

[Debian FTP Masters]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Wed, 25 Mar 2020 09:32:24 +0100
Source: mate-hud
Binary: mate-hud
Architecture: source all
Version: 19.10.1-2
Distribution: unstable
Urgency: medium
Maintainer: Debian+Ubuntu Debian MATE Packaging Team 

Changed-By: Mike Gabriel 
Description:
 mate-hud   - Run menubar commands, much like the Unity 7 HUD
Changes:
 mate-hud (19.10.1-2) unstable; urgency=medium
 .
   * debian/copyright:
 + Correctly reference additional Expat licensing for the mate-hud
   file. Thanks to Sean Whitton for spotting this.
Checksums-Sha1:
 b7a2f9a678fcf88a1300fe775157de1d8320bd31 2085 mate-hud_19.10.1-2.dsc
 ba2eb4281cc80052d6abf12bf6fe6616b58d3414 18411 mate-hud_19.10.1.orig.tar.gz
 9f9daf1bc30d81587b69a90dbddae3776d50f3d9 3552 mate-hud_19.10.1-2.debian.tar.xz
 468b705d5b7115695a28edd47ef93719a707cba7 13084 mate-hud_19.10.1-2_all.deb
 4d520bacd2ce170863df075b23b30b96168c474a 6948 
mate-hud_19.10.1-2_amd64.buildinfo
Checksums-Sha256:
 0398115ae8ecc2071708610f832f93ad60041139b5d7a3d35606416d39a5ee4b 2085 
mate-hud_19.10.1-2.dsc
 1f3395f7355b0649b0db443489f2e19502f20d81a99d0f88c5e1cffbfe3a9e66 18411 
mate-hud_19.10.1.orig.tar.gz
 0c2c40c0a52119843e7306362a24a081301c2aae2dc494de0a295c7e1571ca23 3552 
mate-hud_19.10.1-2.debian.tar.xz
 1e3b98104b528144610a6eb8ce4624af1bdda303f9ba609ae670a144cf2d89f8 13084 
mate-hud_19.10.1-2_all.deb
 e95cd11b2268606efb06c8f26040c404861089fe95a961dd416be9317a60b1a6 6948 
mate-hud_19.10.1-2_amd64.buildinfo
Files:
 49b17e9c9b3c1438e0b7f5d491d309fe 2085 x11 optional mate-hud_19.10.1-2.dsc
 602bf804b0715e446a6f41d8a7e34dd2 18411 x11 optional 
mate-hud_19.10.1.orig.tar.gz
 b31c50b2da35e89553445cd8c518679e 3552 x11 optional 
mate-hud_19.10.1-2.debian.tar.xz
 4c9e618fd135498035f407297556aa72 13084 x11 optional mate-hud_19.10.1-2_all.deb
 57ee7a5a05f4db547a4e62fb7f1478e4 6948 x11 optional 
mate-hud_19.10.1-2_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQJJBAEBCAAzFiEEm/uu6GwKpf+/IgeCmvRrMCV3GzEFAl59r+EVHHN1bndlYXZl
ckBkZWJpYW4ub3JnAAoJEJr0azAldxsxKIIQAIuzAzfX7MNcvWZWYHjbY1tQQsma
8ep319Z8HHaA11ooDwg0VM1nA7sg6nSBjA7X4w1QQBa2DNGug7BX7VMII2QnlsGY
62LW0XC+RNFezyJBijjV8HhpY325pORSYToGjRaTfo8u/Lg2OZVj34Yhk2umcPJH
wszRkU4UgvhNZZost+SMBwgjkMJ185fHoGzqu0TvoLIkWG+bPnQbG0RJ8WqWQ7B3
6PymNRiiHPFT8E3hdyIlQNGuMDhTKLuCjFEWgLAhxZOqQPg6gpaUfgAK8U+ImbDz
KUAlXv2m3QeA88cXO/uEJpKRV4x3eG1Fe30Gnx5GKgxpi6l0u8OszON7AeKiZdIy
jCgJw74KXuWKyKhtJBjcn/VCVNZSLYXT1/f7wJw3wdvESNXuqXDmmq0y0GTISQ+W
0OAe+MDqCkYV1Ekab1T+OL+LzTZBOAaE+FH+bX2v0GJSuab6/+6Q1yC1Nm+bROwM
taR5xdELJm37Ovz2+qu9+Sqwec/RXbHZcgjijYEw0DPyks6K+yf/YllM3qnN8LTz
F/nTjClNSv5SJBK6o+BEdQWWSsqCALG0nsoLJEBYCsQMaMv6jT8yWhsZTUlJUwjw
ZEutroNC3B9v3z1lSOcQTo5ITVHQAG9efbm5aLx94myiL72CdurKzCEXPyVaUsv+
vzNVwaa7rLxtuzbg
=Vyvy
-END PGP SIGNATURE-

Bug#958919: ITP: mpsolve -- multiprecision polynomial solver

[Doug Torrance]

Package: wnpp
Severity: wishlist
Owner: Doug Torrance 

* Package name: mpsolve
  Version : 3.1.8
  Upstream Author : Leonardo Robol 
* URL : https://numpi.dm.unipi.it/software/mpsolve
* License : GPL
  Programming Lang: C
  Description : multiprecision polynomial solver

MPSolve stands for Multiprecision Polynomial SOLVEr. It is a software that
aims to provide an easy to use (hopefully) universal blackbox for solving
polynomials and secular equations.

Among its features you can find:

* Arbitrary precision approximation.
* Guaranteed inclusion radii for the results.
* Exploiting of polynomial structures: it can take advantage of sparsity as
  well as coefficients in a particular domain (i.e. integers or rationals).
* It can be specialized for specific classes of polynomials. As an example,
  see the roots of the Mandelbrot polynomial of degree 2.097.151 computed in
  about 10 days on a dual Xeon server.

I am interested in packaging mpsolve as it will be a dependency for
Macaulay2, a computer algebra system I eventually intend to package
(see #439888).

I will be packaging mpsolve under the umbrella of the Debian Science Team.

Accepted choose-mirror 2.102 (source) into unstable

[Debian FTP Masters]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 26 Apr 2020 19:32:28 +0200
Source: choose-mirror
Architecture: source
Version: 2.102
Distribution: unstable
Urgency: medium
Maintainer: Debian Install System Team 
Changed-By: Julien Cristau 
Changes:
 choose-mirror (2.102) unstable; urgency=medium
 .
   * Update Mirrors.masterlist.
 .
   [ Updated translations ]
   * Dutch (nl.po) by Frans Spiesschaert
Checksums-Sha1:
 d98ede8dbd358e2b60765d692cf6798ed2083967 1860 choose-mirror_2.102.dsc
 ddbfde7e857546e4ca54cc7d8286641bf6b59fb4 187088 choose-mirror_2.102.tar.xz
Checksums-Sha256:
 b0ea9e76b2ba7df8288a690ebf835ddfbdb9113371836cc1ea11fe0ae5e01caf 1860 
choose-mirror_2.102.dsc
 90c93e7cff4229f94df46d0fbd9b8edb634aa02af0b2ffded72e722b1186e87c 187088 
choose-mirror_2.102.tar.xz
Files:
 651932180c22d0c955a28d56965430a8 1860 debian-installer optional 
choose-mirror_2.102.dsc
 f0d34ce94401339953fd61bacf63b82b 187088 debian-installer optional 
choose-mirror_2.102.tar.xz

-BEGIN PGP SIGNATURE-

iQJIBAEBCgAyFiEEVXgdqzTmGgnvuIvhnbAjVVb4z60FAl6lxlQUHGpjcmlzdGF1
QGRlYmlhbi5vcmcACgkQnbAjVVb4z629oA/7BfsRkBVAUz9drL+DI97vhmN29BYU
U2/80Dhv3xEBoQ0gV8CwxRWk+bpVvT10fiSxKWW0zfrlb9Uk1ZajmN2097V0wYDa
ljkzcDjyUNcB2sABdovYXQ8uZSadMXu+3QC3tMMAfCaEh13bmq3AQGvTyg6PkxFc
1lwtY0/XrJFerSOu4X92x881Azxem8SXsk28KvfMEhBBFlCXeFX6aD3H2xOLagpE
Opj8MsM0fALMZXIQdkTrkvXYv+QAnRFS4lLLLGO7VSjrfZgAjy5ex3LE2zAj7JTy
8lPC9Ui4Db2V9t22M/r3AKA8/Qr1l6oudxGHyiFPsMMOhiLauWHTIGorX3+WQN5b
+5H5uT5bTLvs60Af75GzDFrYkrjCGMH0aIjsKx617nX/TOlKU/LgIqho5ZwTUH3/
cFFBjP5PzAVkA/oOjWDPripHi9yVwSgvLjt8Mp5CI0AnMhpgFSKmazxtK+gWoN0d
gGFdXDqluvM2VPOPr5IHBGgFlV0ztMp8JqcmksE7jccSSBgA+vV1o6juZfFFPn6W
rTF0qvd/I5jKGIUcL9/PyjcmVT24w62NZvumNUCgfqMrnlzM+DGN3bseX0eZqQAc
sRNsh40SnfwsMDH5QQQNmAEAj2XrjRdjHhjGIewDf9y2rgm3+4rdWfsF9tNVYr1+
qa1POC2jv19qwBE=
=BXvo
-END PGP SIGNATURE-

Accepted runc 1.0.0~rc10+dfsg2-1 (source) into unstable

[Debian FTP Masters]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Mon, 27 Apr 2020 00:57:29 +0800
Source: runc
Architecture: source
Version: 1.0.0~rc10+dfsg2-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Go Packaging Team 
Changed-By: Shengjing Zhu 
Closes: 958866
Changes:
 runc (1.0.0~rc10+dfsg2-1) unstable; urgency=medium
 .
   * Team upload.
   * Add golang-github-mrunalp-fileutils-dev to Depends
   * Unvendor github.com/cilium/ebpf
   * Remove vendor/github.com/coreos/pkg from Files-Excluded.
 No longer present in upstream tarball
   * Add golang-github-cilium-ebpf-dev to Build-Depends
   * Add /usr/bin/runc symlink (Closes: #958866)
   * Add missing Depends in -dev package.
 Also remove golang-golang-x-tools from Build-Depends
 Since it's only used in previous vendor library.
   * Update maintainer address to team+pkg...@tracker.debian.org
   * Exclude contrib/cmd when building.
 The command recvtty has no real usage
   * Add runc bash-completion script
   * Add lintian overrides for manpage-without-executable
   * Add Rules-Requires-Root
Checksums-Sha1:
 edc8be1ff46f9221447f972311d4c2b622c216b6 2377 runc_1.0.0~rc10+dfsg2-1.dsc
 5a525436f711cd074558a7f33693126cc2b358f6 211292 
runc_1.0.0~rc10+dfsg2.orig.tar.xz
 3374af44b2d911ebc8cba7666d8ce5acf8da7dfe 7460 
runc_1.0.0~rc10+dfsg2-1.debian.tar.xz
 32ae25f113717b5d14bb5c61eded4126c643056e 7881 
runc_1.0.0~rc10+dfsg2-1_amd64.buildinfo
Checksums-Sha256:
 a825b4b6881b436a4e6a8c21e2eb5c7b9cb9611c1c03d27e16404c77dc4095ef 2377 
runc_1.0.0~rc10+dfsg2-1.dsc
 40bc3820532d61e1334bee7616a94ecb4a9f082b557f25b3b1044424a324ae34 211292 
runc_1.0.0~rc10+dfsg2.orig.tar.xz
 72c3277eca4aefbd426d1bf33fd7d3cafd6feceedbe891c5b2589a2aa6d42e6b 7460 
runc_1.0.0~rc10+dfsg2-1.debian.tar.xz
 6914c62c722d1b2466fe98612baa1b37baf42efa6e58bf4c2c074c52211c89b6 7881 
runc_1.0.0~rc10+dfsg2-1_amd64.buildinfo
Files:
 626fdeaa4c80dc75abfe7c31cc96b2f4 2377 devel optional 
runc_1.0.0~rc10+dfsg2-1.dsc
 5f18382b28e040f4b43bad7174f473cf 211292 devel optional 
runc_1.0.0~rc10+dfsg2.orig.tar.xz
 29536c637fd6ea9e657794a37c1f63ab 7460 devel optional 
runc_1.0.0~rc10+dfsg2-1.debian.tar.xz
 509b05b9072431f569e0e2c198d513ac 7881 devel optional 
runc_1.0.0~rc10+dfsg2-1_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iIYEARYIAC4WIQTiXc95jUQrjt9HgU3EhUo4GOCwFgUCXqW+YxAcemhzakBkZWJp
YW4ub3JnAAoJEMSFSjgY4LAWj34BAJs9onI3GqNzjdkQOF8XhFTDc6wa9KFx2Ebk
68aBOeUEAQDY1DsrmEkyeqhrdB64TUCrDcEvD2g11Co88xm3t4UrBg==
=5goW
-END PGP SIGNATURE-

Re: Salsa update: no more "-guest" and more

[Mattia Rizzolo]

On Sun, Apr 26, 2020 at 10:12:41AM -0700, Sean Whitton wrote:
> On Sun 26 Apr 2020 at 02:36PM +02, Mattia Rizzolo wrote:
> > On Sun, Apr 26, 2020 at 02:07:54PM +0200, Bernd Zeimetz wrote:
> >> There are even cli tools that do the same stuff. I'd guess there is at 
> >> least one on Debian.
> > Indeed, after I first lost a phone, and a second one broke, leaving me
> > with a quite huge pain to recover my accounts, I started using
> > `oathtool` to manage the TOTP and HOTP codes, which is in Debian, and I
> > store the secret hash needed to generate the codes with `pass`.
> >
> > That said, for the only website where I need HOTP (Ubuntu SSO), I stored
> > that thing in the HOTP spot of my yubikey, and for everything else they
> > also support U2F so I likewise use my yubikey for those as well.
> 
> In such a case, though, haven't you essentially turned it back into one
> factor authentication (the single factor being your laptop)?

It's still two factor: something I know (password) and something I have
(my yubikey).

Since I sometimes I don't really know my passwords, I suppose at that
point the "something I know" instead of being the actual password is the
GPG passphrase used to decrypt the file that actually contains the
password, but it's still 2fa.
Still I wouldn't consider that to be tied to my laptop (the password
storage does live in my laptop, but it's encrypted AND duplicated
elsewhere).


-- 
regards,
Mattia Rizzolo

GPG Key: 66AE 2B4A FCCF 3F52 DA18  4D18 4B04 3FCD B944 4540  .''`.
More about me:  https://mapreri.org : :'  :
Launchpad user: https://launchpad.net/~mapreri  `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia  `-


signature.asc
Description: PGP signature

Re: Salsa update: no more "-guest" and more

[Sean Whitton]

Hello,

On Sun 26 Apr 2020 at 02:36PM +02, Mattia Rizzolo wrote:

> On Sun, Apr 26, 2020 at 02:07:54PM +0200, Bernd Zeimetz wrote:
>> There are even cli tools that do the same stuff. I'd guess there is at least 
>> one on Debian.
>
> Indeed, after I first lost a phone, and a second one broke, leaving me
> with a quite huge pain to recover my accounts, I started using
> `oathtool` to manage the TOTP and HOTP codes, which is in Debian, and I
> store the secret hash needed to generate the codes with `pass`.
>
> That said, for the only website where I need HOTP (Ubuntu SSO), I stored
> that thing in the HOTP spot of my yubikey, and for everything else they
> also support U2F so I likewise use my yubikey for those as well.

In such a case, though, haven't you essentially turned it back into one
factor authentication (the single factor being your laptop)?

-- 
Sean Whitton


signature.asc
Description: PGP signature

Accepted debian-edu-doc 2.11.5 (source) into unstable

[Debian FTP Masters]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 26 Apr 2020 18:50:04 +0200
Source: debian-edu-doc
Architecture: source
Version: 2.11.5
Distribution: unstable
Urgency: medium
Maintainer: Debian Edu Developers 
Changed-By: Holger Levsen 
Changes:
 debian-edu-doc (2.11.5) unstable; urgency=medium
 .
   * Update Debian Edu Bullseye manual from the wiki.
   * Update Debian Edu Buster manual from the wiki.
   * Update Debian Edu ITIL manual from the wiki.
   * Update Audacity manual from the wiki.
   * Update Rosegarden manual from the wiki.
   * Update debian/copyright from the wikis.
 .
   [ Translation updates ]
   * Bullseye manual:
 - Chinese (Simplified): Ma Yong
 - Polish: Michal Biesiada
 - Norwegian Bokmål: Allan Nordhøy and Petter Reinholdtsen
 - German: Wolfgang Schweer
 - Dutch: Frans Spiesschaert
   * Buster manual:
 - Chinese (Simplified): Ma Yong
 - Polish: Michal Biesiada
 - Norwegian Bokmål: Allan Nordhøy and Petter Reinholdtsen
 - Japanese: hoxp18
 - German: Wolfgang Schweer
 - Dutch: Frans Spiesschaert
   * ITIL manual:
 - Chinese (Simplified): Ma Yong
 - Norwegian Bokmål: Petter Reinholdtsen
   * Audacity manual:
 - Chinese (Simplified): Ma Yong
 - Portuguese (Portugal): José Vieira
 - Polish: Michal Biesiada
 - Portuguese (Brazil): Carvalho de Araújo
 - Norwegian Bokmål: Petter Reinholdtsen
   * Rosegarden manual:
 - Polish: Michal Biesiada
 - Norwegian Bokmål: Petter Reinholdtsen
Checksums-Sha1:
 e6950978f1ff586bdf658662f9d24a71707bcf35 2740 debian-edu-doc_2.11.5.dsc
 1816b9adf38a6eb10335fd4144bd98b54f04c17a 23829104 debian-edu-doc_2.11.5.tar.xz
 06d2e0e411604e3f66fad7fb9f8bb38e82b88d3e 5472 
debian-edu-doc_2.11.5_source.buildinfo
Checksums-Sha256:
 fff4a8f6082d44812c7be9a11621daa340bcd98f8b28123de6f5472736824af3 2740 
debian-edu-doc_2.11.5.dsc
 91b872b88a6993a8d602cfefbaa9c66023a2c6e931d1aa404302db5ee4250744 23829104 
debian-edu-doc_2.11.5.tar.xz
 1e588ecea941fb76f3ea8fdbbc4adfc1fb4e6222c2a3839519132c932dfee7e7 5472 
debian-edu-doc_2.11.5_source.buildinfo
Files:
 027e1b0629bcd505f1df5195b2b980a6 2740 doc optional debian-edu-doc_2.11.5.dsc
 b447b32eb5b6d59fcb8ef6b827e200e4 23829104 doc optional 
debian-edu-doc_2.11.5.tar.xz
 c9943697cf6b51f06c0ec2563375216b 5472 doc optional 
debian-edu-doc_2.11.5_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEuL9UE3sJ01zwJv6dCRq4VgaaqhwFAl6lvCoACgkQCRq4Vgaa
qhzEEQ//TURMYud/fN047z9lNdBNfiINQbt8RaaRGr4rAMGNQgowcjWxQilSKT6P
LUEALdq9A9YuQJBCDMyhZXItLemn/fx6QSp0MplPUuDHjewI9zDfuDii3VB8yOtO
S1p/vlkbfLgByuNYkR18vv5i2fLgaWWUDIjVZSUy08PGe9IQZ7WYu+0jJ3YWu+Ut
IByol89Mh9Kdmod7Cy7xrgbbVGEWS/Mt6V+RbevJjqCb7j9wZbb7B8UDr9iDUbCz
PpvoGPSCaGfulnWEvdS/J3Za0Kx89pClvoqxnByCU42LjN5MksK33+sceBZ9Z+w9
fYTGWRIcwpCjN5aD158hU3NdZWnZgIby9LEP31mHBhtgjJaMF/ZqH/dD4+U2qhBQ
okDqwHxjtyUf3EtYZqkNJ5TSx21A8Fmu0/U9h3SYm0loehfLimPjRyj+zoaKIGfG
+0RV1DJZoiLednrJqaO19Lyc+8GovxosEY4+7WEyEt+yi6bag4jCYYjIBQ6z6soi
K0SZp00LMz5qm6NZ+sTJVL3JG956SWdjcNN5Lonh7qQnjhF27bnbRQ1NhgElxPm4
a7GrQbRb+HFOdPuD2NyGKc5EndOcBHtQ2jy95FoUFwTRQTnJz1uzzZTvQOyCiEuJ
2PfuGTr7zDUZbulPMifd0rHmGI41VpKhsuwXwuyO3KG3YZxzJnM=
=aUNX
-END PGP SIGNATURE-

Accepted developers-reference 11.0.11 (source) into unstable

[Debian FTP Masters]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 26 Apr 2020 18:44:02 +0200
Source: developers-reference
Architecture: source
Version: 11.0.11
Distribution: unstable
Urgency: medium
Maintainer: Developers Reference Maintainers 
Changed-By: Holger Levsen 
Closes: 955094 956818
Changes:
 developers-reference (11.0.11) unstable; urgency=medium
 .
   [ Paul Wise ]
   * l10n.rst: replace ddtp2.debian.net with ddtp.debian.org.
 .
   [ Jochen Sprickerhof ]
   * Fix build with Sphinx 2.4. Closes: #955094.
   * ressources.rst: fix Freenode FAQ links.
 .
   [ Judit Foglszinger ]
   * pkgs.rst: add footnote clarifying removability of packages from the upload
 queue. Closes: #956818.
 .
   [ Kentaro Hayashi ]
   * (ja) tools.po: resolve fuzzy in debiandoc-sgml.
 .
   [ Holger Levsen ]
   * Update all .po files for changed strings in the English original.
Checksums-Sha1:
 b127955a2485274c7e81a0be4c0b2ba3c1fb951e 2421 developers-reference_11.0.11.dsc
 b38e3cb7ff58f701582b8b256c8642469e831eaa 547560 
developers-reference_11.0.11.tar.xz
 6ae482d87c3a06cd7707b2eab9b9424bb558073d 5461 
developers-reference_11.0.11_source.buildinfo
Checksums-Sha256:
 e2cd22440cfc5fdc7a143dcd500112301894e3fe2d76753f9481887d3b267ff8 2421 
developers-reference_11.0.11.dsc
 cd6a72c6d37e9b2c0a77c145700c1d3342d9db2f27668f41daea8317a3e16d88 547560 
developers-reference_11.0.11.tar.xz
 bce8a6bb047697e45f098cdf8684ef6c07c3ec87d90b92a6c2c965462b2bde32 5461 
developers-reference_11.0.11_source.buildinfo
Files:
 eeb215d5ccad53af7fbb18743fb68c52 2421 doc optional 
developers-reference_11.0.11.dsc
 99cb178470c3f86ba2491e2afa4e32d0 547560 doc optional 
developers-reference_11.0.11.tar.xz
 8e20efe48e669106d06f49417b3534ef 5461 doc optional 
developers-reference_11.0.11_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEuL9UE3sJ01zwJv6dCRq4VgaaqhwFAl6luxgACgkQCRq4Vgaa
qhxE5A/+Jvrhk3lYOS/apqwklG8gmMRBfmNxflQ0L7f/9E9zavldc3+fxkCxNV+m
InF7I7a6ajvlvrZPdMQfPyGQR9RT0WW3Fzc1SFDk+h8M0P/+29hd19kK08SPYEO9
5GeNy5r5nmLaR0H5zJjefi6wBBGqsP4GtxKkyYjpJaHIQbaLiIqmUDOCFueAmc63
cPoKJ79jGWbB3tSkZH7ay+2wp+C5vX57ub5O19Yxn1R/mK6J6zumSM0pO3ZEm4s1
hpZeDB5zGR1Pwwi/4Lb/LYR590VTgLPRym1WEe4PfDndvKRcR2XgDsmh+K4aoyca
00/FpJFEYX5b8/vkJgSdO9cCEvvGhsWY+5NVPBQ1rkloz9hNZFeefrCAaJh36obC
AipTfJFjV4yBLf8efP/hQKGinNufweJ9oZHsunY4q2WdC8pWks6xg0oPbv/QPU+Z
7nHCpIdTPRbybe6/ZY9KEgtYGbezM1wIrvAu4u+3mFtCf7suYUU07kzYk2bw+EDM
UI3Lj4s6JglKZTHaIZSBUais8lzR/nd72WIbqJRPIX0cJHCqCa8P44dYZ62vihqg
Nu1vRjzfSNSV1XkXY4BVuyVUvxzFkiNLYKUr55ctGEoj+niPad1zRfn92iV0fPb0
wCmNIcJz9JKa9wh0haykzx1Jpuyu+UjXs3QxBk81Pc4lnqBH938=
=61If
-END PGP SIGNATURE-

Accepted maxflow 3.0.5-3 (source) into unstable

[Debian FTP Masters]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sun, 26 Apr 2020 18:32:17 +0200
Source: maxflow
Architecture: source
Version: 3.0.5-3
Distribution: unstable
Urgency: medium
Maintainer: Debian Med Packaging Team 
Changed-By: Gert Wollny 
Changes:
 maxflow (3.0.5-3) unstable; urgency=medium
 .
   [ Steffen Moeller ]
   * d/u/metadata: yamllint
 .
   [ Gert Wollny ]
   * cme fix dpkg
   * d/control: Fix mailing list
Checksums-Sha1:
 4f43abd2666a12a6b86ce1613264076b673eba04 1962 maxflow_3.0.5-3.dsc
 6423692043be5468c0a3d5ccabcb48ffb108731a 2916 maxflow_3.0.5-3.debian.tar.xz
 2761993bf76e5fca563eb580746561942e90d8c9 7694 maxflow_3.0.5-3_source.buildinfo
Checksums-Sha256:
 29e3e03cf1937a5c2b36099f7c8b389841627cfc65d1230a757ff9b097b98ccc 1962 
maxflow_3.0.5-3.dsc
 9a3d36f6a3389f38c553598605751502ece29f2ab81bf3fe1ec5c5b672d30c54 2916 
maxflow_3.0.5-3.debian.tar.xz
 8230008b44cfabf05031df80d74a93168fcd59e1531dc9695280eaaa585c28be 7694 
maxflow_3.0.5-3_source.buildinfo
Files:
 630c24b6b03a977a8d00a1f8caf8cc5c 1962 science optional maxflow_3.0.5-3.dsc
 e305c19e500c93f39007feef8402 2916 science optional 
maxflow_3.0.5-3.debian.tar.xz
 18fa043efe2476f7d145b9746d2f2c5d 7694 science optional 
maxflow_3.0.5-3_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEELtRZww6NuKjZPKd6l/LU/KCfME4FAl6lt7gACgkQl/LU/KCf
ME5V3g/7BY1dDns/d1lAc+acc8R39bNX3a3Q7kKWaI5mXSJeoLG6nL06W+aMtRyW
Eobv/9DGwKlupPZ8pX/IQZ0RFlf+yC/8AMzCZ+RmNmQ8daJU+j9eZkEtXOKsqBKf
uvI9Wvxsdpz+xzCKh4Qsw78uypJZvlPPRige7z+qxcb/JG60Vu836BmfN6inI408
lwv709RJ0FzMSuE9FZDe1Fae92kwHXS9jeBBniykQdrBprQXlqp6Bdxt9rFMRAxn
3CZrt+DkxYlk2Ghhb8iqJ1wcMZVbJTGGbAAR3WV8pENShFlUuDtHDWYiXKF+FecV
pDfEiBEo9BZVjRf8WLYaoHInRRHTFnd8AKR6662THF39ZlcrnFFJSl6MuzviiyTX
yqnoD4mepgh1PDYiWCDeVk0vli4ZyrnbOBPTWuB4aK9Nfb/q2Otq3Fr7TQTm8hnA
RKoC1tAzQ2L1v/j3f5Nlvw6udHz6TeJS2cqfjXiP0rGPXon2FUY6GU7Q/9U8bl86
DSPlG7DA/fbY+t0hBbNhv/Vf4kfDFpOcJIZDALvNIap/Zb1kbPd4gyi/PPTdGhIZ
UuMoKUXqtT6eo/0oKjxDFmtpc9kJwPY/3LSe4wRF5JnAyRh6ZwIS6LZNjKWpFAiQ
y4ph+TcIw+jTx4P5G/PMNnY2+VtdWjVvyQjJ3UENFNN2Cz1yd3s=
=2ZGX
-END PGP SIGNATURE-

Accepted rakudo 2020.02.1-1 (source) into unstable

[Debian FTP Masters]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 26 Apr 2020 17:50:54 +0200
Source: rakudo
Architecture: source
Version: 2020.02.1-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Rakudo Maintainers 
Changed-By: Dominique Dumont 
Changes:
 rakudo (2020.02.1-1) unstable; urgency=medium
 .
   * New upstream version 2020.02.1
   * control: update moarvm-dev and nqp dep versions (cme)
   * control: declare compliance with policy 4.5.0
   * use new style of debhelper dependency
   * remove convenience copy of nqp-configure
   * refreshed copyright file with cme
   * rules:
 * invoke raku instead of perl6
 * install perl6 files in /usr/lib/perl6
   * lintian: allow rpath in perl6 rakudo exe
   * watch: use release'd file
   * watch: verify tarball signature after download
   * replace samcv key with Alexander Kiryuhin's
   * add patch from upstream to fix installation of rakudo in /usr/lib/perl6
   * rules:
 * use rakudo-m to get compiler-id
 * disable perf tests as suggested upstream
   * rakudo-helper.pl:
 * vendor dir is in /usr/lib
 * installed without template
 * use autodie to trap system() errors
 * use more widely Path::Tiny
   * postrm: cleanup old vendor dir
Checksums-Sha1:
 342b5c265e5edaa11d4ba86a2a2b608d7bac83b7 2404 rakudo_2020.02.1-1.dsc
 e924058d3856afb8832b42e05434db9248948267 4779469 rakudo_2020.02.1.orig.tar.gz
 413f1577ea1c04315364839e59ee8fc38cb135b6 21880 rakudo_2020.02.1-1.debian.tar.xz
 6fec86a174ded5b48e9ef62f08c8bc5521ad51ce 6526 
rakudo_2020.02.1-1_source.buildinfo
Checksums-Sha256:
 469e412a9aa6bba5c8c7642e95f44221a0192b0f3ed43fe475ad694c6c39d631 2404 
rakudo_2020.02.1-1.dsc
 7bb27366c0fe7dfd4c5bd616903208a6d63d71f420d14ec0ffa661ca1c8ecae1 4779469 
rakudo_2020.02.1.orig.tar.gz
 a5fe077fc902428e951147f5d798b4a8625f48c6572a962c9e1964505b91cad2 21880 
rakudo_2020.02.1-1.debian.tar.xz
 27190bbb9e6648ee20d897fb7eb33c6826310426ebb955d350f69d0120706c81 6526 
rakudo_2020.02.1-1_source.buildinfo
Files:
 1836980bacb0f718dd399317b6790844 2404 interpreters optional 
rakudo_2020.02.1-1.dsc
 49da46f14d286172f50a6b173c4863eb 4779469 interpreters optional 
rakudo_2020.02.1.orig.tar.gz
 2d2388e45b853ae93b3556f56b2df42d 21880 interpreters optional 
rakudo_2020.02.1-1.debian.tar.xz
 859b2cebf19529007caa74c1dffb8d4f 6526 interpreters optional 
rakudo_2020.02.1-1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEn3I5/LZk8Qsz6dwDwx9P2UmrK2wFAl6ls1IACgkQwx9P2Umr
K2w8ehAAgbzGY+O1OowQ9Ro468nEqPa+z2pbatoQWNskrvgs6JN+Nl9VX1MvOH7N
egH8EsS/zsc4pIGeMlGbviFAvrto/NbCKsD7BNwjFIyCRmFVMJ+305ip965phavA
TmYPUiW4hBRtZgl+hRfW4tKI/hfbwUxUW7IrJI6cdFAD7JkUymZluNQJzxHhZd4T
6wUb2yWP6pQEKl0BvAtfcLJ2baz9YDpPjqjhT8SSZk7rt0zoXPWKnl+CPANRveBI
gE1HSASfFU0FsapynY7/gD7X7xtULkECE+B6F1Bzu1wIfX6cGD6NxmyyHORnCzun
CUjX5r9aFqapocd0adqWmVAx2oN1qavSTxGSnacoKSBW5VlLId09TBHtyAAuSxGD
zGZz0t/pabl7HAQe6Sll3gRnYa9mYJMS8nZHSEqZ/5fn8ero0z3KNMM4chNbbZLy
T0MImZssXXCht2g3DN2XEvLJ8wTeuSBGxYN44M1lAHMTPH1pDBnulAgFP9leP1R9
sgwn16SwyRWR97njxGEh2ewCpSxpZdHKMwnKbw4QNW0iFvgZAHXC6QMezbwAxAhZ
egpDm2bb5j6BeY9jCvNNX66hstg1SjXfzyXdcyoXnLYE3TTQb8T2mhAfIILVP7z9
5dwleMKC3AH5I4YREryHEMURNTsz+zP5YuoGOdu6TRB8P+9a0Dc=
=VGUe
-END PGP SIGNATURE-

Accepted moarvm 2020.02.1+dfsg-1 (source) into unstable

[Debian FTP Masters]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 26 Apr 2020 17:26:28 +0200
Source: moarvm
Architecture: source
Version: 2020.02.1+dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Rakudo Maintainers 
Changed-By: Dominique Dumont 
Changes:
 moarvm (2020.02.1+dfsg-1) unstable; urgency=medium
 .
   * New upstream version 2020.02.1+dfsg
   * replace samcv key with Alexander Kiryuhin's
   * copyright: exclude 3rdparty/libatomicops
   * refreshed copyright
   * remove ftbs.patch (applied upstream)
   * control: declare compliance with policy 4.5.0
Checksums-Sha1:
 32216b0927dd06587c932f43125266d4498330ca 2553 moarvm_2020.02.1+dfsg-1.dsc
 b781b83ccfefb010f2367e2e492047bd6a870b4e 1834928 
moarvm_2020.02.1+dfsg.orig.tar.xz
 29119cdf86fa5a213f9cb790ae6c84d07b198102 18188 
moarvm_2020.02.1+dfsg-1.debian.tar.xz
 12a6f38b0d9a4e3ad8d30453150df8994a491c6e 6307 
moarvm_2020.02.1+dfsg-1_source.buildinfo
Checksums-Sha256:
 5a88fe2038063e5a1ee5514d48b52e604ac7131f25bc8e74aeb0d84d49ca0f55 2553 
moarvm_2020.02.1+dfsg-1.dsc
 0ac37daca2c3fd989de754fd6d35c3e5a9d3e62ada05512d49cbd9813c5f062c 1834928 
moarvm_2020.02.1+dfsg.orig.tar.xz
 d462ac2552624cd05a724ad062d7cb180b6518c3b7f5b1afdf7dcca2177abcaf 18188 
moarvm_2020.02.1+dfsg-1.debian.tar.xz
 485c5e22272eb698f54651eab20fe443b7e12621c25721c323988cdcf0cdfa78 6307 
moarvm_2020.02.1+dfsg-1_source.buildinfo
Files:
 ab1e9600524b8cd23a1c992261bf50de 2553 interpreters optional 
moarvm_2020.02.1+dfsg-1.dsc
 7911528cc2117d13067153ebd075e968 1834928 interpreters optional 
moarvm_2020.02.1+dfsg.orig.tar.xz
 628720a0ee595e608bc34cbe86eadbba 18188 interpreters optional 
moarvm_2020.02.1+dfsg-1.debian.tar.xz
 df4c9b8e174e9d5cdbbbdfe5350fd99c 6307 interpreters optional 
moarvm_2020.02.1+dfsg-1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEn3I5/LZk8Qsz6dwDwx9P2UmrK2wFAl6lsxYACgkQwx9P2Umr
K2wZCBAAkzepEmv7Q4QgwUKfvDyPGH+hKBXNofpi5cyx5wYerrXGOkqsgMspvGNd
CGcFwfGB6LkS75jJDjaN7F17obZ+o2e8YRz/vlqKELs5LKy8JwHmqNP9NfOZd584
XC48WeGKoc5bhvy221Er82SByh5Bzz/A8dnE4dq5p6RG02GrgPaT0Sn3nfMQTDQn
ABXuBsStW76V8S2E8R5aTPT9iepemn89NntsJGV1QJZ1hH3yv/AmU7trJBnc9E5a
KIWcE1NhWAaFBMtHXLlQiy/3HD8Rdp0CcEeHwnbZF0Ulpd9sEpXgF+pkkfcMnWN2
Lg5uZh0bKw5GbgTk5ZWSyvJKF/iLQo9mHMcS3YUPAArKGwB0Mj0RpSDARbtCjOwS
YiCCk9NeUqsQz9dNKYn41VjnakNG9/HqtqWDadIGW7aT11qF/Kloijti8zmHb9ME
4sui6d5Ab1I9KExHXNmBN4KPtrhYLLg7ZDD5Bx23xkM1/TKAZJrTSFW6EyW93Du5
x+opSAkOUC0amBl6eVtpJZkBZ0GB7xZkwO3qN0J+3pXZKfmuiCfEwKYKC+XAqMgk
uLnrGjBkH5iCfBvm2vSoJNbOs1SikFODcT3fi+SnwmJAoCaW3cjYfzA9sMn98myG
cVlKrEPRETUFg0LOQ4KU0kltj3vx0dWhtOcxywlSDouDhSJzThk=
=aeb/
-END PGP SIGNATURE-

Accepted nqp 2020.02.1+dfsg-1 (source) into unstable

[Debian FTP Masters]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 26 Apr 2020 17:29:03 +0200
Source: nqp
Architecture: source
Version: 2020.02.1+dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Rakudo Maintainers 
Changed-By: Dominique Dumont 
Changes:
 nqp (2020.02.1+dfsg-1) unstable; urgency=medium
 .
   * New upstream version 2020.01+dfsg
   * control:
 * update moarvm-dev dep versions
 * declare compliance with policy 4.5.0
 * add ${shlibs:Depends}
   * use new debhelper-compat dependency
   * remove obsolete overrides from fill.copyright.blanks.yml
   * refreshed debian/copyright with cme
   * use 3rdparty/nqp-configure released in upstream tarball:
 * watch: use "release" tarballs from github
 * copyright: allow import of 3rdparty/nqp-configure
 * remove convenience copy of nqp-configure
   * add nqp.lintian-overrides
   * watch: change perl6 to Raku on github url
   * watch: verify tarball signature after download
   * replace samcv key with Alexander Kiryuhin's
   * add patch to fix nqp build (from upstream)
Checksums-Sha1:
 73d16bd0b349362c5ae5851bbcb13ea09e76adf6 2387 nqp_2020.02.1+dfsg-1.dsc
 3c6101fdce6522e63463a82378af43d962a68bc5 1037140 nqp_2020.02.1+dfsg.orig.tar.xz
 ef1e490b4cffe02d043dd4f808192b7bad8ce579 17344 
nqp_2020.02.1+dfsg-1.debian.tar.xz
 40d4bb1570b7fd71a61579192f7f25b94023a0b3 6498 
nqp_2020.02.1+dfsg-1_source.buildinfo
Checksums-Sha256:
 b6719576951ab77b2063f8a463adad72cb9ee7843af22c58ce39aeb39c577ba5 2387 
nqp_2020.02.1+dfsg-1.dsc
 e298ae05ae5a389e97023cb1f2502b287f90af22c020671bd92fe66889c3043a 1037140 
nqp_2020.02.1+dfsg.orig.tar.xz
 258e4e8de220f63e24e7f79f970f4cb4c981190724c1bf3cf18d2a8603a53987 17344 
nqp_2020.02.1+dfsg-1.debian.tar.xz
 17c3f9e5f440fb5f36f0450157c25e6f9057be71e8af8faa74e215daffd8b761 6498 
nqp_2020.02.1+dfsg-1_source.buildinfo
Files:
 cd6f6c7666f8984b0b6df330884b0ee7 2387 interpreters optional 
nqp_2020.02.1+dfsg-1.dsc
 2f380ddc7e08f2834df3226f8ccbfe70 1037140 interpreters optional 
nqp_2020.02.1+dfsg.orig.tar.xz
 3688297d2d7fe86284c47de0cdad124d 17344 interpreters optional 
nqp_2020.02.1+dfsg-1.debian.tar.xz
 27edaf00ddff8ff2f16733da342f8384 6498 interpreters optional 
nqp_2020.02.1+dfsg-1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEn3I5/LZk8Qsz6dwDwx9P2UmrK2wFAl6lrZgACgkQwx9P2Umr
K2xzGw//YvuESCiB3zwtGz2/qDN2AoNyUACPPJjOlFZ+SadGanG66diXxPsq9qth
H2puo5kbPCcPDPRHqLUhrRRHGZLYNkuzaEgveSI1CMdljQnqPs0M5PsFFd0Tro8/
diOQhiX5QCJAomkXhgMNa4RNfuIh6lFrcKTGt+HZlQiY47Nm9lCT9i3v5k+Ehr2J
DD4sR2bfb4ZwhPBq7BFTCqXcre0G/v2QYwwIylZlhShRZfNXC3cEjPvYQFvSut8V
6YSlb35sMC4Vvivdu/dG6dP6F1IDVMyLPdNyT/gBIZzprsii9xgpBEta1iAcAogn
WjCm1VJoijL8Xzl/tt2EF01sJlOSXkjOgVxgfDlm8iIgCTb7sXOd5A3O2FMK6m96
4XN0hcAK/SP/WPaR5C+3uqqgH/bhnpmW9G0fnorwQKGlRFeKlZUwG0XZIQJoK9Y0
RctDaBCCNHl9/Ak9pgeLlfkLDR6jcMiwWQiFwDaFrfKgqzcqwmhg3myyxOyluTUz
5esMPaKsLpTEwkhyFtep8nWQgqXtAt0j2D8CFNIN3j/loQsRPBGkB4J1eUv8Yj0Q
tnQV8VR1yb31ree5OZKDHnL9z618fA1DWet5KNnn5xbRprXcU1IWcxWAn4z+MlmJ
usQXfcFhQ0DZL4fpUnbTj0zoDHYMKufNkMKIeZQsuDo/2bv5OHU=
=WvSd
-END PGP SIGNATURE-

Accepted castxml 0.3.3-3 (source) into unstable

[Debian FTP Masters]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sun, 26 Apr 2020 16:59:36 +0200
Source: castxml
Architecture: source
Version: 0.3.3-3
Distribution: unstable
Urgency: medium
Maintainer: Steve M. Robbins 
Changed-By: Gert Wollny 
Changes:
 castxml (0.3.3-3) unstable; urgency=medium
 .
   * d/p/0004: Disable failing MSVC test
Checksums-Sha1:
 3ee95fa97b5244b8fc526d7be90755a1aa53c45d 1921 castxml_0.3.3-3.dsc
 b2fb4937fbe190c1cc9a9fce023174e2136c5700 4832 castxml_0.3.3-3.debian.tar.xz
 0c477960069b3a0589269e3733b1e2e53424bfe9 8590 castxml_0.3.3-3_source.buildinfo
Checksums-Sha256:
 65c9fca5f504ba5b6f67efa90d8b335487f9a44df629f2dec73bfcb752729e15 1921 
castxml_0.3.3-3.dsc
 dce21e13374b0d04138107a74b46badeba22b2cdd177c4e6de9544e46ce177f9 4832 
castxml_0.3.3-3.debian.tar.xz
 44b6c5510023e84b569907841e1cce1bf6d4d9710be583e29c6865397eae4ed8 8590 
castxml_0.3.3-3_source.buildinfo
Files:
 29f66550041968df5badbd7de436daca 1921 devel optional castxml_0.3.3-3.dsc
 585de1c1699aff437c5321e967513dad 4832 devel optional 
castxml_0.3.3-3.debian.tar.xz
 3af31c1a3cb9ba2c4e67a5744b43d062 8590 devel optional 
castxml_0.3.3-3_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEELtRZww6NuKjZPKd6l/LU/KCfME4FAl6lsmsACgkQl/LU/KCf
ME7EnBAAk1qLNOA2TuiTFPdc7Kk5XT/3nPjI5gHeIcCR0kWPlwuOVTZ9ZvJBbhqP
DLanzquXXbewo6TY/uq4wWbgERFQpvQP8OuPApAGH+uhee+gNAf3sv8Fk9EUWtTQ
YH5uvmV+Yvojrv8QKMbGWdlSkJyEYBtL1h3GV1G+jceblv19WnOLSr+SxiJ951WN
T6vR++2oQSqg0n6BoHnG9Q82IAn3kY5hDJuIw+D0ivsci3RbP5BI2KHoVYo4BofY
ttMKRywDvhJV6eKWVnHyzM+SqdJpHNTf4wLjpXVVjI6fEKUSw0aCVM8DZ/XV4cik
+dcYBr5l1Lv/7J0xHXCNUtrICCk8/2aarUVKbFcsj7v2KqjYtM4AuuVQttSQnsnA
5dCS19uAKVH9+TcPa7XRNBqejYEraQQKdqqAtjx3Yy1VXQhgga1MxO0yhZR0voaE
rDHMqWX/4taLq+9/HeQ1rI3OU/RUA8egzY4zDNlu3caIAE9aurqOZP/Rwyw6I1om
PvNMAEDEmdc7zxpyFE2Xyxg4l9ZxtTXhndl4p47PdijXWsal0x97bNYO1TZuYXEO
hwd+R5rFnR0uXy3I+/tO9gVsln4KkeRrBLPvQLoAYABq66lZGECWqFrg9KiHdXcp
BYa3LUNexB0Bz1oGnlQgaHv81kMVWh0qaJZ5HcK9TiNAz0bR+uU=
=7Ppz
-END PGP SIGNATURE-

Accepted ifscheme 1.7-6 (source) into unstable

[Debian FTP Masters]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sun, 26 Apr 2020 18:09:14 +0200
Source: ifscheme
Architecture: source
Version: 1.7-6
Distribution: unstable
Urgency: medium
Maintainer: Guus Sliepen 
Changed-By: Guus Sliepen 
Closes: 958603
Changes:
 ifscheme (1.7-6) unstable; urgency=medium
 .
   * Bump Standards-Version.
   * Remove debian/compat, Build-Depends on debhelper-compat instead.
   * Remove Build-Depends on dh-systemd. Closes: #958603
   * Add Rules-Requires-Root: no.
   * Set Priority: optional.
   * Add Pre-Depends: {$misc:Pre-Depends}.
Checksums-Sha1:
 20524af4c2f469ce9f616fa5481bc64f1af8f76f 1644 ifscheme_1.7-6.dsc
 455026d6853ba561f1d24ccd55cc4cadad9f81e5 5680 ifscheme_1.7-6.debian.tar.xz
 038c59dd9d04690ded4d68d579cee47a56b2a2e5 6654 ifscheme_1.7-6_source.buildinfo
Checksums-Sha256:
 ab24fa14f411887cb42437d54ccd5d5277a0057ecafea77e29a6963054be99c6 1644 
ifscheme_1.7-6.dsc
 6c28445e8d5d48ae8c1def0b4293a81cfd85a55804ad4c5c1647b2c19548855f 5680 
ifscheme_1.7-6.debian.tar.xz
 c1014d1a14c025848cc11227d64d816764869739ac38703316c9f9f84b8b76b3 6654 
ifscheme_1.7-6_source.buildinfo
Files:
 72e17e7d57068ff30cc585727e3e48d8 1644 net optional ifscheme_1.7-6.dsc
 e8f33fde4ac40db5adcf9586e3cb782f 5680 net optional ifscheme_1.7-6.debian.tar.xz
 5704414e3063ce678ecb5bc363abfaa7 6654 net optional 
ifscheme_1.7-6_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEETRt3lsA+CDGZG91CP0kN64ce+foFAl6lsjQACgkQP0kN64ce
+frImw/6AzqmmYP+535gsH/AsORwmXIZgxO9gZJuxYvBJ9c5Rfp2o/CoCqUeJpXd
OZxJEgTGBYt/2VRWikC4zj+1ukeEmWhcjtaetZKJnGBhDiXFqeMy6gAPJxVhbOd5
//NyUUzvSVuFR/6O2a8VUIk5at4yabalk9Qu221CibHRHnFWJFow5uGiRtCo9Civ
/MW+lMe4x0c3/ucTNqToJUvydF6Cq967sjFb4EO/l7CtUjfzQpydRo5Ev7p0cJvG
4ePtXQvRtd+iP6w9g8veId63/VUUb22c1HUYUU6yVowGPBbMgesVEUQ/nubuUxL+
yWkeWbHFbTI/xUva1ur55nd2ItDMls2Pk7gva380MnJz5LbsSavYc2K0FFeamqMj
ldaTOMZZjZiEAHA7uWoBDXtypRZwvazQrlgZKhKcgWWe00Ac45SsMwi0s4XZUenG
8czjcHcsVEKVkt7q4CgOB3FDZ2dn/XHCZFQObQINK2M6hTMnYDbR5SZ/nkjzed87
ly1oV2+HKBA7LSjGzzY4d4aCRDSHs9DI/omm1we2okTPOWd8v6zcXvcbVPF4K2cK
UJANUHH68HZvfbfB60AtARd6eegjt8vnWw0QJsevCpxHJWLxDA8VfHyTPtEPiS2r
FHpoosZpP/DSIm8D6IT4w7axtFY4APKyl9b91fwBwCA+znof2a0=
=fYiL
-END PGP SIGNATURE-

Accepted libdc1394 2.2.6-2 (source) into unstable

[Debian FTP Masters]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sun, 26 Apr 2020 17:39:00 +0200
Source: libdc1394
Architecture: source
Version: 2.2.6-2
Distribution: unstable
Urgency: medium
Maintainer: Guus Sliepen 
Changed-By: Guus Sliepen 
Changes:
 libdc1394 (2.2.6-2) unstable; urgency=medium
 .
   * Bump Standards-Version and debhelper-compat level.
Checksums-Sha1:
 8c08bd4ffae6d3eabe64153602b49d323b8a1739 2126 libdc1394_2.2.6-2.dsc
 1e1d4db9abe37f02eb9444591d39ad4e74d3b033 6204 libdc1394_2.2.6-2.debian.tar.xz
 533a7645f29983e0a674f818f6b091169c99d10c 8 
libdc1394_2.2.6-2_source.buildinfo
Checksums-Sha256:
 3c80af84a6c09a94f5034d7d6f923cf933a6548815ddaca00c7151b5029cf0d9 2126 
libdc1394_2.2.6-2.dsc
 5797cdcfee815fc349437fa70796e2bd8342963d3c2853b3cd570bfa3e052d62 6204 
libdc1394_2.2.6-2.debian.tar.xz
 306d379fbe6d22c320b7e43fad438b6d5e16436c5bc773f2d2f005f6b6957fc7 8 
libdc1394_2.2.6-2_source.buildinfo
Files:
 f1dbb55e49a65ae1c74e6db95f416c9c 2126 libs optional libdc1394_2.2.6-2.dsc
 f8bff4db5d7fb51ad45bcd0d8c15e906 6204 libs optional 
libdc1394_2.2.6-2.debian.tar.xz
 99f5e43d1ab364bc16be1048495de7c5 8 libs optional 
libdc1394_2.2.6-2_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEETRt3lsA+CDGZG91CP0kN64ce+foFAl6lqx4ACgkQP0kN64ce
+foA2Q/6A/LoP0tMSyCER5bTP9SRoq2oJzbZuLTsaRgKiOVQ7RjMO7v4yfDmV1AC
lSc94VWmeFqYpYNfkgVP6AudR7YCgxxWdnt4I+97xBJilD/eN0p215NtXrKStrw7
gQnXgU2bUkwrm8IiOI4C71o9JVEb5TGqGyrJBapPtgfGI8it6jnGXC/wGgNMHTBl
KKyuqmk060ujGWqTnnnIrszgEd1tDv+lnliImGhOCxtcZEm1n3+BIUIGXLlI7LXt
2Bx4tvcGV06hecMQB4+JDT3LjCT03eCtpgKZe0HmHPSuOauGZ9KFAGEyawHVlNE7
sx19HR9ERxfQW3Nn4C44MKUAU/gGi1nueNtN/jA5Z0JscT41B+oORavaEhZ7mtec
4T/wUYZxBx4yC1LGK3bPlDOfo9yx3008AI9VoTVJdDmD54C8NdksJwvaPPlCvsXd
/dTFjIheaNFMaLNSPEkHQj4C7G6bYOQVvYIRfeRs+PSgrX+ZaR9csifmOCPMnt83
s+YMqa9nuspebkFgLCDpRyCqZT3uwhxmmJtzWJz+Y+QG3xQjCUTtcvxjPvlISR+r
B+lNTN5Md7Ec0YjVxcFKaX+dy9o2chbXu1tc4/zxSlC7l/c8Sdgvoms9zlXr5pov
o8/B+QgJE8gbdbmTZi3Am5ByYCU8TWrnV3jy96b/Dr3Z2glq87g=
=G9j5
-END PGP SIGNATURE-

Accepted libraw1394 2.1.2-2 (source) into unstable

[Debian FTP Masters]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sun, 26 Apr 2020 17:29:40 +0200
Source: libraw1394
Architecture: source
Version: 2.1.2-2
Distribution: unstable
Urgency: medium
Maintainer: Guus Sliepen 
Changed-By: Guus Sliepen 
Closes: 955787
Changes:
 libraw1394 (2.1.2-2) unstable; urgency=medium
 .
   * Bump Standards-Version.
   * Remove debian/compat, Build-Depend on debhelper-compat instead.
   * Add Rules-Requires-Root: no.
   * Clean up .install and .doc files.
   * Don't install libraw1394.la. Closes: #955787
Checksums-Sha1:
 f78c2b893a81f283b50c1cb8c8bf724ee5cb31ff 1994 libraw1394_2.1.2-2.dsc
 93e811746cc756e2ec08526685e6af2241e2d5fd 6740 libraw1394_2.1.2-2.debian.tar.xz
 2f6f24dfc1bd592d0db96002cb682a35df2945f5 6801 
libraw1394_2.1.2-2_source.buildinfo
Checksums-Sha256:
 682c04e351576bb77c6992af4994ed6f20e5ce5b70035a0f8774a1e613654578 1994 
libraw1394_2.1.2-2.dsc
 8797ae8f8fd47971ba248e313533006dbb878dba17f239a9b8d42e471d678a77 6740 
libraw1394_2.1.2-2.debian.tar.xz
 be72ba43493c41ccdd0a3e30b43f19fb30822fa560c5990094d34ebaee760f75 6801 
libraw1394_2.1.2-2_source.buildinfo
Files:
 681eeeb6bd63cd6f3b27d1f7af39af60 1994 libs optional libraw1394_2.1.2-2.dsc
 f25fd2d6e2ad801208643ca3ad047512 6740 libs optional 
libraw1394_2.1.2-2.debian.tar.xz
 21ccbd92a3f07e6b93beafe971b2b668 6801 libs optional 
libraw1394_2.1.2-2_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEETRt3lsA+CDGZG91CP0kN64ce+foFAl6lqdsACgkQP0kN64ce
+foXqA/+LerFHWl5K4bbG0NgHB/+uAb0Tvihjuxw+w5EWqLcsM5dWLonnVmuz9KM
K8Rub4uZ9CTGcGYBW1NMsDkkEYSeUw6C5XnoAK3IHvD1c/6Ccx6KTvQzE4X7bylZ
S8FhLK2Hvf23ooBigjamzKlBFRtXFlskSL6lzW/JuYhwoumCH5A+OjkO0d5MSYYf
eutQMJz9n3oaXcEKzp5mVPrjlz0iOn6jELOloLypZ/d0jVT6tL7MHEXdzqD5CMYz
JPZAQyQOGlKdao8TH+juiCZcO3ZTMQ131MloW7TM/Fl2q99ERW7O7K/MkrIpnkot
hB6KhF6HqyhdblUSWsyWR5UM8BPahY1TLRK3RegHXllGL5dNQzHg/Y9vcMJPeK+S
ImkX16pWN37eGl7Mr4+FFO5dFa1dnhPGqip9WCQJ3p9yPtudUUXazjcmhsHrlXn7
xhbTnnU6Iks+wirAuqHsYlGdrcr6poQ5vkG9uNzI/hHQwNh8IaaPn4/cKORk+Hly
9CT7VMYs6aPPn1IPHicOgpvK6wNppiR67UzrKj+ggGQ5XnQbfIkpvijc07BH4QBM
saBQbKB2hYrUDY3GXq8K9vigjQCbA5Di4+Yd1DeLblmjtudLFYatIR9RfGFs5fxG
KHINt4gs4Q261IV2rwpqSs2Q0ybu8FT4zosgVpIKijZQvw7XteE=
=XQsA
-END PGP SIGNATURE-

Accepted vim-pathogen 2.4-5 (source) into unstable

[Debian FTP Masters]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sun, 26 Apr 2020 17:29:06 +0200
Source: vim-pathogen
Architecture: source
Version: 2.4-5
Distribution: unstable
Urgency: medium
Maintainer: Andrea Capriotti 
Changed-By: Andrea Capriotti 
Changes:
 vim-pathogen (2.4-5) unstable; urgency=medium
 .
   * d/control: Remove useless dependencies.
Checksums-Sha1:
 f47fcc16dd3a0b2584c9bf3b555edc0185b97c6a 1871 vim-pathogen_2.4-5.dsc
 5f961ac9065ad960b1aeb5a052c05d3abac1fc3e 4576 vim-pathogen_2.4-5.debian.tar.xz
 3426bcd507f9bba448033db3b8c288b2e498cd09 5608 
vim-pathogen_2.4-5_source.buildinfo
Checksums-Sha256:
 49fe5567fab2f5f41ec2d3cfc1b98183050fde5515795575b06c2840031437c3 1871 
vim-pathogen_2.4-5.dsc
 2b4e70e254fb5a50f15dec887502a8e3f5b0d79b9720c29f966316d23450aee4 4576 
vim-pathogen_2.4-5.debian.tar.xz
 94101103f1c1772cefd7a1301cab14df2e93a62f11d7ca9e2b77478f0510887c 5608 
vim-pathogen_2.4-5_source.buildinfo
Files:
 530daeb938cdced2ca9de6cecffc7e25 1871 editors optional vim-pathogen_2.4-5.dsc
 b67f4d8394087ab79d000f80223ba7a3 4576 editors optional 
vim-pathogen_2.4-5.debian.tar.xz
 2b13f053de301f21ff3fab9ce74a4de7 5608 editors optional 
vim-pathogen_2.4-5_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEEGvhvgTlGG2tOSvezC6/u7+lpvVQFAl6lqSQACgkQC6/u7+lp
vVSCpA/+N8rRo90WEOtmP93+H2382E3SeWq0Kc7o8gRzAal7iEqTDMTs1LKfSTcf
/+4Lldi1zTd2sA3IkGoMXDXlY9+tVcsZLKRibUzbKWyhvzvY8YJGCsG9QymGU8yQ
IbC7yX7cyM/xQx9gwycS8Ne2e7fRey7ou58A2tJWe4BlC4a1Frez9ChRhp+Q2Zg0
XR5CksaHRUHQj3cdAd6ATY/Shko8tXAbgRgHAzodnfHlFl9kY1foBHc9z03YLJmM
Zaxi73j0/ePXgSNwVbTXTymR5tHSyiLwWQP6eFvVP27QghHdfYQkj/j6dByG9xLH
FF50W3D9Y8mj+ks3gUqiqlke+Zw2VefI+D3cIFtH/+ulAeKja+qBm2BsgQngttiT
0wQLsgWTVhYBTe/64MPfz3v0Ou748GmJ/eUKniQHufyJ8NRDZImNPJmnGjq9wgXk
ohNG76BEwCpwHLYKZ3wRrBQW23QScKlUCtT6bxOc5wA+LP/TmZ78PSsj4KY1nlSa
Wa2mHkluXlh67kAztkLg3hUdLreqpt5pXHaNAagNBUUmGy95wCsK+y7f46465vLy
ci3aSwnz0PV8HTzTx5LqjHuh1I3O1ZRKTyGTo9U9Jr+Ctatoyan5hHdVjkgf35eU
mnXZaO3TKCy6IH3a8007L6eWOkbqmVXnl5g68+c/Q6hMrHcYo7U=
=FSTK
-END PGP SIGNATURE-