Re: Validating tarballs against git repositories

On 30/03/24 20:43, Iustin Pop wrote: On 2024-03-30 11:47:56, Luca Boccassi wrote: On Sat, 30 Mar 2024 at 09:57, Iustin Pop wrote: Give me good Salsa support for autopkgtest + lintian + piuparts, and easy support (so that I just have to toggle one checkbox), and I'm happy. Or even better,

Re: Some t64 libraries already in testing; I'm confused

On 2024-03-31 06:54 +0200, Andreas Metzler wrote: > On 2024-03-30 Julian Gilbey wrote: >> My very limited understanding of this major transition was that the >> t64 libraries are being held in unstable until (almost) everything is >> ready, at which point there will be a coordinated migration

Re: Validating tarballs against git repositories

On 2024-03-30 12:19 +0100, Simon Josefsson wrote: > Gioele Barabucci writes: > >> Just as an example, bootstrapping coreutils currently requires >> bootstrapping at least 68 other packages, including libx11-6 [1]. If >> coreutils supported [2], the transitive closure of its >> Build-Depends

Re: xz backdoor

On Sun, Mar 31, 2024 at 12:05:54PM +0500, Andrey Rakhmatullin wrote: > On Sat, Mar 30, 2024 at 11:22:33PM -0300, Santiago Ruano Rincón wrote: > > As others have said, the best solution is to relay on HSW for handling > > the cryptographic material. > Aren't these answers to different questions? >

Re: xz backdoor

Le dim. 31 mars 2024 à 10:17, Sirius a écrit : > Reduction of complexity is IMHO always worthwhile as it would open the > door for more people being able to step up as maintainers (taking into > account that volunteers right this minute might not be overly welcome and > when they are, they should

Accepted ell 0.64-1 (source amd64) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sat, 30 Mar 2024 13:03:54 +0100 Source: ell Binary: libell-dev libell0 libell0-dbgsym Architecture: source amd64 Version: 0.64-1 Distribution: unstable Urgency: medium Maintainer: Nobuhiro Iwamatsu Changed-By: Jonas Smedegaard

Accepted cookietool 2.5-7 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sat, 30 Mar 2024 18:11:52 +0100 Source: cookietool Architecture: source Version: 2.5-7 Distribution: unstable Urgency: medium Maintainer: Debian Games Team Changed-By: Alexandre Detiste Changes: cookietool (2.5-7) unstable;

Accepted cpuid 20240324-1 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 31 Mar 2024 14:33:16 +0500 Source: cpuid Architecture: source Version: 20240324-1 Distribution: unstable Urgency: medium Maintainer: Andrey Rakhmatullin Changed-By: Andrey Rakhmatullin Changes: cpuid (20240324-1) unstable;

Accepted newlib 4.4.0.20231231-3 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sat, 30 Mar 2024 13:03:01 +0100 Source: newlib Architecture: source Version: 4.4.0.20231231-3 Distribution: unstable Urgency: medium Maintainer: Debian GCC Maintainers Changed-By: Matthias Klose Closes: 1066964 Changes: newlib

Accepted node-axios 1.6.8+dfsg-2 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 31 Mar 2024 07:16:19 +0400 Source: node-axios Architecture: source Version: 1.6.8+dfsg-2 Distribution: unstable Urgency: medium Maintainer: Debian Javascript Maintainers Changed-By: Yadd Changes: node-axios (1.6.8+dfsg-2)

Accepted orthanc-python 4.1+ds-3 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sat, 30 Mar 2024 14:06:27 +0100 Source: orthanc-python Architecture: source Version: 4.1+ds-3 Distribution: unstable Urgency: medium Maintainer: Debian Med Packaging Team Changed-By: Sebastien Jodogne Closes: 1062404 Changes:

Accepted php-font-lib 0.5.6-1 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sat, 30 Mar 2024 13:52:13 +0100 Source: php-font-lib Architecture: source Version: 0.5.6-1 Distribution: unstable Urgency: medium Maintainer: Debian PHP PEAR Maintainers Changed-By: William Desportes Changes: php-font-lib

Accepted prosody-modules 0.0~hg20240330.70fa3f8de249+dfsg-1 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Sat, 30 Mar 2024 16:49:19 + Source: prosody-modules Architecture: source Version: 0.0~hg20240330.70fa3f8de249+dfsg-1 Distribution: unstable Urgency: medium Maintainer: Debian XMPP Maintainers Changed-By: Martin Changes:

Accepted with-editor 3.3.2-1 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Tue, 26 Dec 2023 17:15:04 +0100 Source: with-editor Architecture: source Version: 3.3.2-1 Distribution: unstable Urgency: medium Maintainer: Debian Emacsen Team Changed-By: Aymeric Agon-Rambosson Changes: with-editor (3.3.2-1)

Accepted webassets 3:2.0-0.1 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sat, 30 Mar 2024 16:51:47 +0100 Source: webassets Architecture: source Version: 3:2.0-0.1 Distribution: unstable Urgency: medium Maintainer: Agustin Henze Changed-By: Alexandre Detiste Changes: webassets (3:2.0-0.1) unstable;

Re: Validating tarballs against git repositories

On 2024-03-31 08:03:40, Gioele Barabucci wrote: > On 30/03/24 20:43, Iustin Pop wrote: > > On 2024-03-30 11:47:56, Luca Boccassi wrote: > > > On Sat, 30 Mar 2024 at 09:57, Iustin Pop wrote: > > > > Give me good Salsa support for autopkgtest + lintian + piuparts, and > > > > easy support (so that

Re: xz backdoor

On Sun, Mar 31, 2024 at 12:13:30PM +0200, Alexandre Detiste wrote: > Le dim. 31 mars 2024 à 10:17, Sirius a écrit : > > Reduction of complexity is IMHO always worthwhile as it would open the > > door for more people being able to step up as maintainers (taking into > > account that volunteers

Re: Git and SHA1 collisions

On Sun, Mar 31, 2024 at 10:27:05AM +0200, Simon Josefsson wrote: > Gioele Barabucci writes: > > > But pulling a successful collision attack is not a trivial task. For > > instance, the xz attacker did not have all that was required to carry > > it out (for example they had no direct access to

Accepted libwacom 2.10.0-2 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 31 Mar 2024 13:29:48 +0300 Source: libwacom Built-For-Profiles: noudeb Architecture: source Version: 2.10.0-2 Distribution: unstable Urgency: medium Maintainer: Timo Aaltonen Changed-By: Timo Aaltonen Changes: libwacom

Accepted openssh 1:9.7p1-3 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Sun, 31 Mar 2024 11:55:38 +0100 Source: openssh Architecture: source Version: 1:9.7p1-3 Distribution: unstable Urgency: medium Maintainer: Debian OpenSSH Maintainers Changed-By: Colin Watson Closes: 1067243 Changes: openssh

Accepted python-fusepy 3.0.1-5 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Sun, 31 Mar 2024 12:32:20 +0200 Source: python-fusepy Architecture: source Version: 3.0.1-5 Distribution: unstable Urgency: medium Maintainer: Sascha Steinbiss Changed-By: Sascha Steinbiss Closes: 1068121 Changes: python-fusepy

Accepted libreoffice 4:24.2.2-3 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 31 Mar 2024 12:25:17 +0200 Source: libreoffice Architecture: source Version: 4:24.2.2-3 Distribution: unstable Urgency: medium Maintainer: Debian LibreOffice Maintainers Changed-By: Rene Engelhard Changes: libreoffice

Re: xz backdoor

Wookey wrote on 31/03/2024 at 04:34:00+0200: > On 2024-03-30 20:52 +0100, Ansgar  wrote: >> Yubikeys, Nitrokeys, GNUK, OpenPGP smartcards and similar devices. >> Possibly also TPM modules in computers. >> >> These can usually be used for both OpenPGP and SSH keys. > > Slightly off-topic, but a

Re: xz backdoor

Hello, Iustin Pop wrote on 31/03/2024 at 13:13:27+0200: > On 2024-03-31 10:47:57, Luca Boccassi wrote: >> On Sun, 31 Mar 2024 at 08:39, Bastian Blank wrote: >> > >> > On Sun, Mar 31, 2024 at 12:05:54PM +0500, Andrey Rakhmatullin wrote: >> > > On Sat, Mar 30, 2024 at 11:22:33PM -0300, Santiago

Re: Validating tarballs against git repositories

On 29/03/24 at 23:29 -0700, Russ Allbery wrote: > Antonio Russo writes: > > But, I will definitely concede that, had I seen a commit that changed > > that line in the m4, there's a good chance my eyes would have glazed > > over it. > > This is why I am somewhat skeptical that forcing everything

Re: xz backdoor

On Sun, Mar 31, 2024 at 03:07:53AM +0100, Colin Watson wrote: > On Sun, Mar 31, 2024 at 04:14:13AM +0300, Adrian Bunk wrote: > > The timing of the 5.6.0 release might have been to make it into the > > upcoming Ubuntu LTS, it didn't miss it by much. > > It didn't miss it at all, even. Ubuntu has

Re: Some t64 libraries already in testing; I'm confused

On 2024-03-31 Andreas Metzler wrote: > On 2024-03-31 Sven Joachim wrote: [...] >> Unfortunately the other four are not similar, but rather lacked a build >> dependency on dpkg-dev (>= 1.22.5) which would have prevented their >> migration to testing. Testing users on armel and armhf should avoid

Re: xz backdoor

On 2024-03-31 04:22, Santiago Ruano Rincón wrote: > I don't see the real benefit. > > As others have said, the best solution is to relay on HSW for handling > the cryptographic material. That's extremely important (which is why I use a HSM) but that "just" prevents exfiltration of the keys. An

Accepted libarchive 3.7.2-2 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sat, 30 Mar 2024 20:11:06 +0200 Source: libarchive Architecture: source Version: 3.7.2-2 Distribution: unstable Urgency: medium Maintainer: Peter Pentchev Changed-By: Peter Pentchev Closes: 1068047 Changes: libarchive (3.7.2-2)

Accepted libbusiness-isbn-data-perl 20240323.001-1 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 31 Mar 2024 00:59:36 +0100 Source: libbusiness-isbn-data-perl Architecture: source Version: 20240323.001-1 Distribution: unstable Urgency: medium Maintainer: Debian Perl Group Changed-By: gregor herrmann Changes:

Accepted libfile-copy-recursive-reduced-perl 0.008-1 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 31 Mar 2024 00:29:27 +0100 Source: libfile-copy-recursive-reduced-perl Architecture: source Version: 0.008-1 Distribution: unstable Urgency: medium Maintainer: Debian Perl Group Changed-By: gregor herrmann Changes:

Accepted iwd 2.17-1 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sat, 30 Mar 2024 13:54:04 +0100 Source: iwd Architecture: source Version: 2.17-1 Distribution: unstable Urgency: medium Maintainer: Jonas Smedegaard Changed-By: Jonas Smedegaard Changes: iwd (2.17-1) unstable; urgency=medium .

Accepted libcrypt-smime-perl 0.30-1 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 31 Mar 2024 00:50:25 +0100 Source: libcrypt-smime-perl Architecture: source Version: 0.30-1 Distribution: unstable Urgency: medium Maintainer: Debian Perl Group Changed-By: gregor herrmann Changes: libcrypt-smime-perl

Accepted libcatalyst-manual-perl 5.9013-1 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 31 Mar 2024 00:54:50 +0100 Source: libcatalyst-manual-perl Architecture: source Version: 5.9013-1 Distribution: unstable Urgency: medium Maintainer: Debian Perl Group Changed-By: gregor herrmann Changes:

Accepted importlab 0.8.1-2 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sat, 30 Mar 2024 21:29:14 -0300 Source: importlab Architecture: source Version: 0.8.1-2 Distribution: unstable Urgency: medium Maintainer: Debian Python Team Changed-By: Emmanuel Arias Changes: importlab (0.8.1-2) unstable;

Accepted mom 0.6.4-0.1 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sat, 30 Mar 2024 13:34:45 +0100 Source: mom Architecture: source Version: 0.6.4-0.1 Distribution: unstable Urgency: medium Maintainer: Dmitry Smirnov Changed-By: Alexandre Detiste Closes: 1014781 1018413 Changes: mom (0.6.4-0.1)

Accepted liburi-perl 5.28-1 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sat, 30 Mar 2024 23:56:42 +0100 Source: liburi-perl Architecture: source Version: 5.28-1 Distribution: unstable Urgency: medium Maintainer: Debian Perl Group Changed-By: gregor herrmann Changes: liburi-perl (5.28-1) unstable;

Accepted magit-forge-el 0.3.2+git20231227.1.299bbaa-1 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 01 Jan 2024 22:29:34 +0100 Source: magit-forge-el Architecture: source Version: 0.3.2+git20231227.1.299bbaa-1 Distribution: unstable Urgency: medium Maintainer: Debian Emacsen team Changed-By: Aymeric Agon-Rambosson Changes:

Accepted python-llfuse 1.4.1+dfsg-3 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Sun, 31 Mar 2024 10:46:48 +0200 Source: python-llfuse Built-For-Profiles: noudeb Architecture: source Version: 1.4.1+dfsg-3 Distribution: unstable Urgency: medium Maintainer: Nikolaus Rath Changed-By: Sebastian Ramacher Closes:

Re: xz backdoor

On 2024-03-31 10:47:57, Luca Boccassi wrote: > On Sun, 31 Mar 2024 at 08:39, Bastian Blank wrote: > > > > On Sun, Mar 31, 2024 at 12:05:54PM +0500, Andrey Rakhmatullin wrote: > > > On Sat, Mar 30, 2024 at 11:22:33PM -0300, Santiago Ruano Rincón wrote: > > > > As others have said, the best

Re: Seeking a small group to package Apache Arrow (was: Bug#970021: RFP: apache-arrow -- cross-language development platform for in-memory analytics)

Hi Diane, On Sat, Mar 30, 2024 at 08:59:39PM -0700, Diane Trout wrote: > Hi Julian, > > On Sat, 2024-03-30 at 20:22 +, Julian Gilbey wrote: > > Lovely to hear from you, and oh wow, that's amazing, thank you! > > > > I can't speak for anyone else, but I suggest that pushing your > > updates

Re: xz backdoor

On 31 March 2024 12:39:55 CEST, Johannes Schauer Marin Rodrigues wrote: > >Another example is when I wanted to run a GUI program inside an unshared chroot >environment. Wayland does not seem to be happy about that and I didn't find a >way to test my GUI application successfully. But maybe my

Bug#1068131: ITP: bootterm -- simple terminal to ease connections with SBCs

Package: wnpp Severity: wishlist Owner: Faidon Liambotis X-Debbugs-Cc: debian-devel@lists.debian.org * Package name: bootterm Version : 0.4+git2023013 Upstream Contact: Willy Tarreau * URL : https://github.com/wtarreau/bootterm * License : Expat Programming

Accepted cciss-vol-status 1.12a-3 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 31 Mar 2024 17:19:31 +0200 Source: cciss-vol-status Architecture: source Version: 1.12a-3 Distribution: unstable Urgency: medium Maintainer: Debian QA Group Changed-By: Chris Hofstaedtler Changes: cciss-vol-status (1.12a-3)

Re: xz backdoor

On Sun, Mar 31, 2024 at 09:53:06AM -0300, Carlos Henrique Lima Melara wrote: > Hi, > > On Sun, Mar 31, 2024 at 02:31:37PM +0200, Pierre-Elliott Bécue wrote: > > > I would also be happy if it helps my fellow DDs to try making an article > > about some basic crypto concepts regarding PGP, RSA et

Accepted prometheus 2.45.4+ds-2 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 31 Mar 2024 15:56:05 + Source: prometheus Architecture: source Version: 2.45.4+ds-2 Distribution: unstable Urgency: medium Maintainer: Debian Go Packaging Team Changed-By: Daniel Swarbrick Changes: prometheus

Accepted xonsh 0.15.1+dfsg-1 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 31 Mar 2024 12:30:13 -0400 Source: xonsh Architecture: source Version: 0.15.1+dfsg-1 Distribution: unstable Urgency: medium Maintainer: Debian Python Team Changed-By: Stefano Rivera Closes: 1063989 Changes: xonsh

Re: Validating tarballs against git repositories

Luca Boccassi writes: > On Sat, 30 Mar 2024 at 15:44, Russ Allbery wrote: >> Luca Boccassi writes: >>> In the end, massaged tarballs were needed to avoid rerunning >>> autoconfery on twelve thousands different proprietary and >>> non-proprietary Unix variants, back in the day. In 2024, we do

Accepted racket 8.12+dfsg1-9 (source) into experimental

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Sun, 31 Mar 2024 13:55:19 -0300 Source: racket Architecture: source Version: 8.12+dfsg1-9 Distribution: experimental Urgency: medium Maintainer: David Bremner Changed-By: David Bremner Changes: racket (8.12+dfsg1-9)

Accepted gweled 1.0~beta1-1 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 31 Mar 2024 19:12:20 +0200 Source: gweled Architecture: source Version: 1.0~beta1-1 Distribution: unstable Urgency: medium Maintainer: Debian Games Team Changed-By: Stephen Kitt Changes: gweled (1.0~beta1-1) unstable;

Accepted cinnamon-translations 6.0.2-2 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sat, 30 Mar 2024 11:14:57 +0100 Source: cinnamon-translations Architecture: source Version: 6.0.2-2 Distribution: unstable Urgency: medium Maintainer: Debian Cinnamon Team Changed-By: Fabio Fantoni Changes: cinnamon-translations

Accepted cinnamon-desktop 6.0.0-2 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sat, 30 Mar 2024 13:14:48 +0100 Source: cinnamon-desktop Architecture: source Version: 6.0.0-2 Distribution: unstable Urgency: medium Maintainer: Debian Cinnamon Team Changed-By: Fabio Fantoni Changes: cinnamon-desktop (6.0.0-2)

Accepted phosh 0.37.0-2 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Sun, 31 Mar 2024 11:34:35 +0200 Source: phosh Architecture: source Version: 0.37.0-2 Distribution: unstable Urgency: medium Maintainer: DebianOnMobile Maintainers Changed-By: Guido Günther Changes: phosh (0.37.0-2) unstable;

Accepted hickle 5.0.3-1 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 31 Mar 2024 17:41:38 +0100 Source: hickle Architecture: source Version: 5.0.3-1 Distribution: unstable Urgency: medium Maintainer: Debian Python Team Changed-By: Edward Betts Changes: hickle (5.0.3-1) unstable;

Accepted mp3check 0.8.7-5 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Sun, 31 Mar 2024 15:23:44 +0200 Source: mp3check Architecture: source Version: 0.8.7-5 Distribution: unstable Urgency: medium Maintainer: Joachim Reichel Changed-By: Joachim Reichel Closes: 1067879 Changes: mp3check (0.8.7-5)

Re: xz backdoor

On Sun, Mar 31, 2024 at 09:35:09AM +0200, Bastian Blank wrote: > On Sat, Mar 30, 2024 at 08:15:10PM +, Colin Watson wrote: > > On Sat, Mar 30, 2024 at 05:12:17PM +0100, Sirius wrote: > > > I have seen discussion about shifting away from the whole auto(re)conf > > > tooling to CMake or Meson

Accepted python-pipx 1.5.0-1 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 31 Mar 2024 12:45:12 -0400 Source: python-pipx Architecture: source Version: 1.5.0-1 Distribution: unstable Urgency: medium Maintainer: Debian Python Team Changed-By: Stefano Rivera Closes: 1055321 Changes: python-pipx

Accepted normalize-audio 0.7.7-18 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Sun, 31 Mar 2024 18:33:17 +0200 Source: normalize-audio Architecture: source Version: 0.7.7-18 Distribution: unstable Urgency: medium Maintainer: Joachim Reichel Changed-By: Joachim Reichel Closes: 1067880 Changes:

Accepted grandorgue 3.14.0-1 (source) into experimental

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 31 Mar 2024 19:00:46 +0200 Source: grandorgue Architecture: source Version: 3.14.0-1 Distribution: experimental Urgency: medium Maintainer: Sébastien Villemot Changed-By: Sébastien Villemot Changes: grandorgue (3.14.0-1)

Re: Validating tarballs against git repositories

On Sat, Mar 30, 2024 at 11:55:04AM +, Luca Boccassi wrote: >... > In the end, massaged tarballs were needed to avoid rerunning > autoconfery on twelve thousands different proprietary and > non-proprietary Unix variants, back in the day. In 2024, we do > dh_autoreconf by default so it's all

Accepted octave-iso2mesh 1.9.6+ds-10 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Sat, 30 Mar 2024 06:02:28 -0300 Source: octave-iso2mesh Architecture: source Version: 1.9.6+ds-10 Distribution: unstable Urgency: medium Maintainer: Debian Octave Group Changed-By: Rafael Laboissière Closes: 1066594 Changes:

Accepted nestopia 1.52.1+dfsg-1 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 31 Mar 2024 19:44:05 +0200 Source: nestopia Architecture: source Version: 1.52.1+dfsg-1 Distribution: unstable Urgency: medium Maintainer: Debian Games Team Changed-By: Stephen Kitt Changes: nestopia (1.52.1+dfsg-1)

Re: Command /usr/bin/mv wrong message in German

Am 31.03.2024 um 19:44 schrieb Hans: > Hi folks, > > as I could not find, which package /usr/bin/mv is belonging to and > apt-file search /usr/bin/mv did not help either, I just in form you here. Problems with German translations are best reported to debian-l10n-ger...@lists.debian.org. > There

Accepted mbedtls 2.28.8-1 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Sun, 31 Mar 2024 20:02:32 +0200 Source: mbedtls Architecture: source Version: 2.28.8-1 Distribution: unstable Urgency: medium Maintainer: Debian IoT Maintainers Changed-By: Andrea Pappacoda Closes: 900015 Changes: mbedtls

Re: xz backdoor

On Sat, Mar 30, 2024 at 11:22:33PM -0300, Santiago Ruano Rincón wrote: > > I agree that dogfooding is important for discovering quality issues, but > > I think it's a poor argument for discovering security issues, especially > > if it concerns a host which is used for building and signing

Re: Some t64 libraries already in testing; I'm confused

Hi! On Sun, 2024-03-31 at 06:54:10 +0200, Andreas Metzler wrote: > On 2024-03-30 Julian Gilbey wrote: > > My very limited understanding of this major transition was that the > > t64 libraries are being held in unstable until (almost) everything is > > ready, at which point there will be a

Re: Validating tarballs against git repositories

On Sun, Mar 31, 2024 at 08:16:33AM +0200, Lucas Nussbaum wrote: > On 29/03/24 at 23:29 -0700, Russ Allbery wrote: > > This is why I am somewhat skeptical that forcing everything into Git > > commits is as much of a benefit as people are hoping. This particular > > attacker thought it was better

Re: Is it allowed to remove attribution in public domain "licensed" source code? (and pondering about ftp-level reviews)

Quoting Otto Kekäläinen (2024-03-30 22:09:46) > Is it so that the debian/copyright file is reviewed by ftp-masters > only for packages in NEW queue, and there is probably no automation in > place to flag subsequent copyright changes for re-review? It is my understanding that it is, and always has

Re: xz backdoor

On Sat, Mar 30, 2024 at 08:15:10PM +, Colin Watson wrote: > On Sat, Mar 30, 2024 at 05:12:17PM +0100, Sirius wrote: > > I have seen discussion about shifting away from the whole auto(re)conf > > tooling to CMake or Meson with there being a reasonable drawback to CMake. > > Is that something

Re: xz backdoor

Bastian Blank writes: > On Sun, Mar 31, 2024 at 12:05:54PM +0500, Andrey Rakhmatullin wrote: >> On Sat, Mar 30, 2024 at 11:22:33PM -0300, Santiago Ruano Rincón wrote: >> > As others have said, the best solution is to relay on HSW for handling >> > the cryptographic material. >> Aren't these

Accepted haskell-haskell-gi 0.26.7-4 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sat, 30 Mar 2024 17:06:54 +0200 Source: haskell-haskell-gi Architecture: source Version: 0.26.7-4 Distribution: unstable Urgency: medium Maintainer: Debian Haskell Group Changed-By: Ilias Tsitsimpis Closes: 1067272 Changes:

Accepted golang-github-antonini-golibjpegturbo 0.0~git20141208.c03a2fa-2 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Sat, 30 Mar 2024 15:11:21 +0100 Source: golang-github-antonini-golibjpegturbo Architecture: source Version: 0.0~git20141208.c03a2fa-2 Distribution: unstable Urgency: medium Maintainer: Debian Go Packaging Team Changed-By: Gürkan

Accepted golang-github-jamiealquiza-envy 1.1.0-2 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Sat, 30 Mar 2024 15:11:52 +0100 Source: golang-github-jamiealquiza-envy Architecture: source Version: 1.1.0-2 Distribution: unstable Urgency: medium Maintainer: Debian Go Packaging Team Changed-By: Gürkan Myczko Changes:

Accepted gcc-14 14-20240330-1 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sat, 30 Mar 2024 13:27:56 +0100 Source: gcc-14 Architecture: source Version: 14-20240330-1 Distribution: unstable Urgency: medium Maintainer: Debian GCC Maintainers Changed-By: Matthias Klose Closes: 1067904 Changes: gcc-14

Accepted google-android-installers 1710437545-4 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 31 Mar 2024 09:20:16 +0200 Source: google-android-installers Architecture: source Version: 1710437545-4 Distribution: unstable Urgency: medium Maintainer: Fab Stz Changed-By: Fab Stz Changes: google-android-installers

Accepted golang-github-pbnjay-pixfont 0.0~git20200714.33b7446-2 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Sat, 30 Mar 2024 15:12:26 +0100 Source: golang-github-pbnjay-pixfont Architecture: source Version: 0.0~git20200714.33b7446-2 Distribution: unstable Urgency: medium Maintainer: Debian Go Packaging Team Changed-By: Gürkan Myczko

Accepted groonga-normalizer-mysql 1.2.3-4 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Sun, 31 Mar 2024 15:51:27 +0900 Source: groonga-normalizer-mysql Architecture: source Version: 1.2.3-4 Distribution: unstable Urgency: medium Maintainer: Kentaro Hayashi Changed-By: Kentaro Hayashi Changes:

Accepted rust-prost-derive 0.11.9-2 (source) into experimental

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sat, 30 Mar 2024 23:16:07 -0400 Source: rust-prost-derive Architecture: source Version: 0.11.9-2 Distribution: experimental Urgency: medium Maintainer: Debian Rust Maintainers Changed-By: Alexander Kjäll Changes:

Accepted rust-plotters 0.3.5-3 (source) into experimental

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sat, 30 Mar 2024 23:02:56 -0400 Source: rust-plotters Architecture: source Version: 0.3.5-3 Distribution: experimental Urgency: medium Maintainer: Debian Rust Maintainers Changed-By: Alexander Kjäll Changes: rust-plotters

Accepted rust-prost-build 0.11.9-2 (source) into experimental

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sat, 30 Mar 2024 23:16:46 -0400 Source: rust-prost-build Architecture: source Version: 0.11.9-2 Distribution: experimental Urgency: medium Maintainer: Debian Rust Maintainers Changed-By: Alexander Kjäll Changes:

Accepted rust-textwrap 0.16.1-1 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Sun, 31 Mar 2024 11:20:54 +0200 Source: rust-textwrap Architecture: source Version: 0.16.1-1 Distribution: unstable Urgency: medium Maintainer: Debian Rust Maintainers Changed-By: Sylvestre Ledru Changes: rust-textwrap

Accepted rust-malachite-base 0.4.0-3 (source) into experimental

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sat, 30 Mar 2024 23:01:27 -0400 Source: rust-malachite-base Architecture: source Version: 0.4.0-3 Distribution: experimental Urgency: medium Maintainer: Debian Rust Maintainers Changed-By: Alexander Kjäll Changes:

Accepted rust-itertools-num 0.1.3-2 (source) into experimental

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sat, 30 Mar 2024 22:30:05 -0400 Source: rust-itertools-num Architecture: source Version: 0.1.3-2 Distribution: experimental Urgency: medium Maintainer: Debian Rust Maintainers Changed-By: Alexander Kjäll Changes:

Accepted rust-libcst 0.1.0-2 (source) into experimental

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sat, 30 Mar 2024 22:45:56 -0400 Source: rust-libcst Architecture: source Version: 0.1.0-2 Distribution: experimental Urgency: medium Maintainer: Debian Rust Maintainers Changed-By: Alexander Kjäll Changes: rust-libcst (0.1.0-2)

Re: xz backdoor

On Sun, Mar 31, 2024 at 11:59:35AM +0100, Colin Watson wrote: > > What we can do unilaterally is to disallow vendoring those files. > > Does it help? At least in the case of autoconf it removes one common > > source of hard to read files. > That's doable unilaterally to some extent, using the

Accepted obs-studio 30.0.2+dfsg-3 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 31 Mar 2024 15:13:19 +0200 Source: obs-studio Built-For-Profiles: noudeb Architecture: source Version: 30.0.2+dfsg-3 Distribution: unstable Urgency: medium Maintainer: Debian Multimedia Maintainers Changed-By: Benjamin Drung

Re: xz backdoor

In days of yore (Sun, 31 Mar 2024), Colin Watson thus quoth: > On Sun, Mar 31, 2024 at 10:10:42AM +0200, Sirius wrote: > > Not worth boiling the ocean over, but is there an estimate of how many > > packaged projects have customisations to their autoconf that is not found > > in the upstream

Accepted asahi-audio 1.7-2 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 27 Mar 2024 17:54:45 +0100 Source: asahi-audio Architecture: source Version: 1.7-2 Distribution: unstable Urgency: medium Maintainer: Tobias Heider Changed-By: Tobias Heider Changes: asahi-audio (1.7-2) unstable;

Re: Some t64 libraries already in testing; I'm confused

On Sat, Mar 30, 2024 at 10:41:55PM +, Julian Gilbey wrote: > My very limited understanding of this major transition was that the > t64 libraries are being held in unstable until (almost) everything is > ready, at which point there will be a coordinated migration into > testing. But I've now

Re: Some t64 libraries already in testing; I'm confused

On 2024-03-31 Andreas Metzler wrote: [...] > Afaict these are broken, though: [...] > tnat64 0.06-1 false positive, grep error.

Re: xz backdoor

Hi, Quoting Christian Kastner (2024-03-30 19:49:48) > On 2024-03-30 17:00, Marco d'Itri wrote: > > On Mar 30, Jonathan Carter wrote: > > > >> Another big question for me is whether I should really still > >> package/upload/etc from an unstable machine. It seems that it may be > >> prudent > >

Re: xz backdoor

On Sun, Mar 31, 2024 at 09:35:09AM +0200, Bastian Blank wrote: > On Sat, Mar 30, 2024 at 08:15:10PM +, Colin Watson wrote: > > On Sat, Mar 30, 2024 at 05:12:17PM +0100, Sirius wrote: > > > I have seen discussion about shifting away from the whole auto(re)conf > > > tooling to CMake or Meson

Re: xz backdoor

On Sun, Mar 31, 2024 at 10:10:42AM +0200, Sirius wrote: > Not worth boiling the ocean over, but is there an estimate of how many > packaged projects have customisations to their autoconf that is not found > in the upstream autoconf project? If that number is low single digit > percent, it may

Accepted schism 2:20240328-1 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Sat, 30 Mar 2024 15:46:00 +0100 Source: schism Architecture: source Version: 2:20240328-1 Distribution: unstable Urgency: medium Maintainer: Debian Multimedia Maintainers Changed-By: Gürkan Myczko Changes: schism (2:20240328-1)

Re: Seeking a small group to package Apache Arrow (was: Bug#970021: RFP: apache-arrow -- cross-language development platform for in-memory analytics)

Julian, Arrow is a complicated and large package. We use it at work (where there is a fair amount of Python, also to Conda etc) and do have issues with more complex builds especially because it is 'data infrastructure' and can come in from different parts. I would recommend against packaging at

Accepted graphviz-dot-mode 0.4.2+git20230325.8ff793b-1 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Sun, 31 Mar 2024 08:45:35 -0300 Source: graphviz-dot-mode Architecture: source Version: 0.4.2+git20230325.8ff793b-1 Distribution: unstable Urgency: medium Maintainer: Debian Emacsen team Changed-By: David Bremner Changes:

Re: xz backdoor

Luca Boccassi wrote on 31/03/2024 at 12:47:57+0200: > On Sun, 31 Mar 2024 at 08:39, Bastian Blank wrote: >> >> On Sun, Mar 31, 2024 at 12:05:54PM +0500, Andrey Rakhmatullin wrote: >> > On Sat, Mar 30, 2024 at 11:22:33PM -0300, Santiago Ruano Rincón wrote: >> > > As others have said, the best

Accepted gcc-bpf 14 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 31 Mar 2024 14:03:40 +0200 Source: gcc-bpf Built-For-Profiles: noudeb Architecture: source Version: 14 Distribution: unstable Urgency: medium Maintainer: Debian GCC Maintainers Changed-By: Matthias Klose Changes: gcc-bpf

Accepted binutils-bpf 17 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 31 Mar 2024 14:07:36 +0200 Source: binutils-bpf Architecture: source Version: 17 Distribution: unstable Urgency: medium Maintainer: Debian GCC Maintainers Changed-By: Matthias Klose Changes: binutils-bpf (17) unstable;

Accepted meta-phosh 37 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Mon, 25 Mar 2024 08:17:27 +0100 Source: meta-phosh Architecture: source Version: 37 Distribution: unstable Urgency: medium Maintainer: DebianOnMobile Maintainers Changed-By: Guido Günther Changes: meta-phosh (37) unstable;

  1   2   >