hi,
(leaving full context for debian-policy@l.d.o)
On Sat, Nov 13, 2021 at 06:56:24AM +0100, Petter Reinholdtsen wrote:
> Package: dpkg-dev
> Version: 1.20.9
>
> Dear dpkg-dev developers,
>
> One feature that is deeply missed, and which disappered when we moved to
> source only uploads, is the
On Mon, Jan 25, 2021 at 04:29:45PM +0100, Guillem Jover wrote:
> > having two variables, DEBSIGN_KEYID and DEB_SIGN_KEYID, for the same thing
> > seems wrong to me. Do you agree?
> The first is a configuration variable, the second is an environment
> variable. :)
ah, ok, then. & thanks for
hi,
On Mon, Jan 25, 2021 at 01:56:02AM +0100, Guillem Jover wrote:
> I'm assuming you have this configured in ~/.devscripts with
> DEBSIGN_KEYID. You should be able to get similar results for
> dpkg-buildpackage by either setting the DEB_SIGN_KEYID environment
> variable
having two variables,
On Fri, Jan 08, 2021 at 08:54:01PM +0100, Balint Reczey wrote:
> I'm wondering if decompression support could be accepted for Bullseye,
> to let compression being enabled, too, in Bookworm.
I'd love to see this as well - and wouldn't mind having both for Bullseye ;)
--
cheers,
Holger
On Tue, Jul 07, 2020 at 03:52:08PM +0200, Guillem Jover wrote:
> Holger, as I mentioned some days ago, I consider this case a
> regression which I was planning on fixing. This fix was already
> included earlier today in the dpkg 1.20.4 upload. :)
yup, I've seen this today. Thank you!
--
On Mon, Jul 06, 2020 at 09:08:43PM -0700, Felix Lechner wrote:
> > not sure if this is the same bug or just a similar one:
> > lrwxrwxrwx 1 user user 9 Jul 3 16:07 debian/munin.service -> /dev/null
> As for Holger's package, Lintian also flags that condition. Source
> packages can be unpacked
Hi,
not sure if this is the same bug or just a similar one:
[...]
dpkg-source: info: extracting munin in munin-2.0.63
dpkg-source: info: unpacking munin_2.0.63.orig.tar.gz
dpkg-source: info: unpacking munin_2.0.63-1.debian.tar.xz
dpkg-source: error: pathname 'munin-2.0.63/debian/munin.service'
hi Guillem,
On Fri, Nov 09, 2018 at 11:55:38AM +0100, Guillem Jover wrote:
> Actually, I guess the other option that might be an option for stable is
> to make dpkg-buildpackage generate the buildinfo file itself, and on
> source-only uploads force the name to be _source.buildinfo regardless
> of
On Sat, Oct 12, 2019 at 09:29:18AM +0200, Ansgar wrote:
> > Why should it generate a new source?
> Because sourceful uploads need a new source package.
[...]
> > This is using the version suffix
> > for binNMUs, using this convention for something that is not a binNMU
> > seems just wrong.
I
Hi Helge,
On Thu, Aug 01, 2019 at 05:56:28PM +0200, Helge Kreutzmann wrote:
> I would suggest discussing this on debian-l10n-german so everybody
> interested from the German team notices and can join.
ack
> On Wed, Jul 31, 2019 at 09:05:35PM +0000, Holger Levsen wrote:
> > On We
On Wed, Jul 31, 2019 at 10:23:21PM +0200, Helge Kreutzmann wrote:
> The translation only changed one word, namely canary. You can find it
> in the upstream git repository.
>
> The remaining translation is only in the latest version in sid (and
> most of it in earlier version, e.g. in stable, as
On Wed, Jul 31, 2019 at 09:13:51PM +0200, Helge Kreutzmann wrote:
> [...] I appreciate getting feedback for the
> translation.
where can one find the updated translation?
--
tschau,
Holger
---
Hi,
On Thu, May 09, 2019 at 07:24:56PM +0200, Salvatore Bonaccorso wrote:
> > On Sun, Nov 11, 2018 at 08:38:36AM +0100, Salvatore Bonaccorso wrote:
> > > On Fri, Nov 09, 2018 at 11:48:27AM +0100, Guillem Jover wrote:
> > > > On Thu, 2018-11-08 at 20:28:57
control: severity -1 wishlist
thanks
On Tue, Oct 30, 2018 at 01:14:00PM +0200, Martin-Éric Racine wrote:
> Package: dpkg-dev
> Version: 1.19.2
> Severity: important
>
> The above error message is useless. It doesn't tell what needs to be fixed or
> where.
while I agree that the location should
Hi,
On Thu, Nov 08, 2018 at 09:24:01PM +0100, Salvatore Bonaccorso wrote:
> We were again biten by this issue for some security-updates (most
> recent one nginx). Do any involved parties know, was there any
> progress in adressing this problem?
in
Hi Guillem,
thanks for your feedback! However I'm not sure what to do with it...
On Sun, Oct 14, 2018 at 01:20:22AM +0200, Guillem Jover wrote:
> Just in case this is helpful in the future, I've reproduced this now,
> by using in addition:
[...]
interesting, thanks for sharing!
> Then, first,
Package: dpkg
Version: 1.18.25
Severity: important
Dear Guillem,
on June 28th 2018 was the last successful test of
https://jenkins.debian.net/job/chroot-installation_stretch_install_education-mathematics_upgrade_to_buster/
which tests the installation of the education-mathmatics meta-package on
lar.
these all seem pretty useful/nice to me, thanks for your work & feedback
here.
> On Fri, 2018-09-28 at 11:40:38 +, Holger Levsen wrote:
> > also, running eg 'dpkg -l dpkg' and then ending up in less is confusing
> > and breaking >20y old habbits, and then I press 'q'
On Fri, Sep 28, 2018 at 02:42:19AM +1000, Craig Sanders wrote:
> I upgraded dpkg today and noticed that 'dpkg -l' now always pipes its output
> through less, even if $PAGER is unset. The only way to get the output to go
> to the tty is to explicitly pipe it to cat.
>
> This is exactly the
Hi Guillem,
people are still affected by this bug...
On Fri, Mar 02, 2018 at 01:25:51AM +0100, Guillem Jover wrote:
> Perhaps the simplest and more correct might be to name it using
> something like source+amd64 as the arch name, which seems like a
> dubious arch, but at least is accurate and
Hi josch,
adding #774415 to to: and reply-to:…
On Fri, Jun 08, 2018 at 07:54:20PM +0200, Johannes Schauer wrote:
> > as I'm not an sbuild user (yet) myself, I was hesistant to try this
> > myself, so I'm confused now: does it work as it is now? (or does it need
> > changes to snapshot.d.o?)
>
>
Guillem, josch:
thanks for your feedback, much appreciated.
On Fri, Jun 08, 2018 at 08:38:49AM +0200, Johannes Schauer wrote:
> > I say it's an artificial blocker, because it is based on the problem
> > faced while implementing the srebuild script to use the current
> > snapshot.d.o API. And I
Hi Guillem,
ping on this bug, you haven't replied to it yet and it's a blocker for
"#774415 sbuild: please add the srebuild sbuild wrapper to reproduce builds"
which is a rather important one to give users the means to easily
reproduce Debian packages, which is a core feature of reproducible
On Thu, Apr 05, 2018 at 05:43:58PM +0200, Jean-Michel Vourgère wrote:
> So, during compilation:
> SOURCE_DATE_EPOCH must ignore bin-nmu changelog entries
> because it breaks Multi-Arch:same on bin-nmu.
>
> During dpkg-deb (:
> SOURCE_DATE_EPOCH must *not* ignore bin-nmu changelog entries
>
On Wed, Jan 24, 2018 at 04:05:39PM +0100, Salvatore Bonaccorso wrote:
> Any news regarding this proposal from Ansgar? We were biten now
> several times already by this (e.g. php update, curl via
> security.d.o).
Guilem, what's your stance on this bug?
We (reproducible builds) really dont want
Package: base,chrome-gnome-shell
Severity: important
hi,
from #debian-edu and #-release just now:
https://piuparts.debian.org/sid/fail/education-desktop-gnome_2.10.14.log fails
with
17m25.6s ERROR: FAIL: After purging files have disappeared:
/etc/opt/ owned by: chrome-gnome-shell
hmm.
On Tue, Oct 17, 2017 at 01:13:09AM +, Guillem Jover wrote:
> Bug #873937 in package dpkg reported by you has been fixed in
> the dpkg/dpkg.git Git repository. You can see the changelog below, and
> you can check the diff of the fix at:
>
Source: dpkg
Version: 1.8.24
Severity: wishlist
User: reproducible-bui...@lists.alioth.debian.org
Usertags: toolchain
X-Debbugs-Cc: reproducible-b...@lists.alioth.debian.org
Hi Guillem,
during discussing #844431 it became clear, that some information about the
running kernel should be included
hi,
while I very much like this idea, please don't store md5sums, but rather
sha256sums.
Thank you!
--
cheers,
Holger (wondering why I seem to have to write this in 2017)
signature.asc
Description: Digital signature
On Wed, Feb 08, 2017 at 06:28:27AM +0100, Guillem Jover wrote:
> Sure, and I question the wisdom of doing a pure source-only upload w/o
> building the binaries at the same time.
I do this all the time:
#1 debuild -S
#2 sudo pbuilder $thatnewdsc
#3 do tests & compare whats in the archive with
Package: dpkg
Version: 1.18.15
Severity: normal
Hi Guillem,
the subject basically says it all, dpkg should not generate .buildinfo
files for source only uploads, as they are totally pointless for those.
(I'm also not even sure whether you had implemented in most recent
uploads, but I thought I
Hi Michael,
On Wed, Nov 09, 2016 at 07:16:53PM +0100, Michael Biebl wrote:
> > https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/systemd.html
> Do you also have builds for i386? (which this issue is about, amd64 is fine)
yes, they are linked from that url as well, though you can
Hi,
On Sat, Nov 05, 2016 at 08:58:06PM +0100, Michael Biebl wrote:
> As this breaks packages to build successfully, I'm bumping this to RC.
> E.g. I'm unable to successfully build systemd in a freshly created
> chroot on i386. I suspect once the buildds update their chroot, it will
> affect a lot
control: reopen -1
On Wed, Oct 05, 2016 at 06:33:05PM +, Debian Bug Tracking System wrote:
> Date: Wed, 5 Oct 2016 20:30:35 +0200
> From: "FedEx 2Day A.M."
> To: 126505-cl...@bugs.debian.org
closed by spam…
--
cheers,
Holger
signature.asc
Hi Guillem,
(sorry for the late reply…)
On Thu, Jul 07, 2016 at 12:20:44AM +0200, Guillem Jover wrote:
> > could you please comment briefly on
> > your take on this bug and it's status?
>
> I've had my qualms about the need for this patch, but in any
> case the provided patch has not been
Hi,
Guillem, (kudos and thanks for the recent dpkg upload(s)! Glad to see
progress with reproducible bits!) could you please comment briefly on
your take on this bug and it's status?
It's in the BTS since 13 months without a maintainer comment.
Thanks! ;-)
--
cheers,
Holger
Hi,
On Tue, Apr 26, 2016 at 10:54:15AM +0200, Guillem Jover wrote:
> That's weird, it does work fine here, just checked with git master to
> make sure there's been no regressions:
we've been seeing the same behavior when uploading diffoscope. When I
build it, tests/data/test(1|2).(o|a) are not
Hi,
On Wed, Mar 30, 2016 at 02:19:02AM -0400, Daniel Kahn Gillmor wrote:
> No one is arguing for dropping the build path from .buildinfo files.
ok, cool. Thanks (to you both) for clarifying!
--
cheers,
Holger
signature.asc
Description: Digital signature
Hey!
On Wed, Mar 30, 2016 at 10:32:08AM +0200, Guillem Jover wrote:
> Yes, I was notified on IRC, and also saw your private mail. :)
hehe, lol. Too much travelling and a new mail client… so I forgot :)
but then, it's also good to have that in the BTS, as a matter of proper
workflows…
> In
Hi,
On Tue, Mar 29, 2016 at 09:36:00PM -0400, Daniel Kahn Gillmor wrote:
> This isn't fun-spoiling, it's a useful reality check. But if we were
> required to get all the way to 100% before we made any progress, then
> reproducible builds wouldn't have gotten off the ground at all.
it's surely
Hi Guillem,
FYI, GNU tar's upstream has accepted our patch! :-)
cheers,
Holger
- Forwarded message from Sergey Poznyakoff -
Date: Thu, 24 Mar 2016 05:33:34 +
From: Sergey Poznyakoff
To: Sergey Poznyakoff
Hi,
not wanting to spoil the fun, but…
On Mon, Mar 28, 2016 at 06:33:49PM -0400, Daniel Kahn Gillmor wrote:
> > Ah great! And one less way to leak local information.
> yep :)
I *believe* it's not enough (for reproducible builds in arbitrary
pathes) if gcc+clang can now cope. IIRC there are
Lunar,
also:
< josch> personally i'd be happy with Lunar's suggestion: Installed-Build-
Depends
< josch> i think the natural understanding of that term implies the
transitivity as well as that it's not the closure that is meant
* h01ger likes Installed-Build-Depends too
< h01ger> | [12:14] <
Hi Josch,
On Donnerstag, 4. Februar 2016, Johannes Schauer wrote:
> maybe we can merge Lunar's original suggestion Installed-Build-Depends (a
> name which is missing the transitive/recursive-ness) with the new
> suggestion and make it:
>
> Installed-Transitive-Build-Depends
>
> This way it
no thanks for totally dismissing what I said…
and making funny signs about the crap I said. very funny.
signature.asc
Description: This is a digitally signed message part.
Hi,
On Donnerstag, 4. Februar 2016, Guillem Jover wrote:
> I asked for more suggestions on #debian-dpkg, and Johannes Schauer
> suggested Transitive-Build-Depends, which is something I had in mind
> too (that or «Recursive-»), but kind of softly discarded in trying to
> have a consistently
+many thanks for your thorough review! :-)
signature.asc
Description: This is a digitally signed message part.
Hi,
On Freitag, 29. Januar 2016, Guillem Jover wrote:
> > (I'd be in favor of naming the first accepted buildinfo
> > file of the archive just "" so that it's predictable…
> I'm not sure how we'd use a sequential number in a distributed manner
> starting with 0s though? :9
we can't :)
Hi Guillem,
just quickly commenting on two sub topics…
On Donnerstag, 28. Januar 2016, Guillem Jover wrote:
> > One of the main change is that `.buildinfo` should now be named with an
> > arbitrary identifier. By default this defaults to $HOSTNAME-$TIMESTAMP
> > but can be set to an arbitrary
reassign -1 debian-policy
thanks
signature.asc
Description: This is a digitally signed message part.
Hi Patrick,
you are aware of
echo -e '#!/bin/sh\nexit 101' > /usr/sbin/policy-rc.d
to implement exactly this?
cheers,
Holger
signature.asc
Description: This is a digitally signed message part.
On Sonntag, 7. Dezember 2014, Niels Thykier wrote:
For reference, dpkg is upgraded to 1.17.21 before the problem occurs.
It is possible that this is fixed in dpkg 1.17.22 (which is not in Jessie).
FWIW,
Hi David,
On Freitag, 7. November 2014, David Prévot wrote:
I’m not able to get the dpkg version out of the provided log, but given
the date, (2014-11-01 21:29:50 UTC), I’d expect it to be still
dpkg/1.17.13 (while 1.17.21 migrated to Jessie on 2014-11-03). Can you
please update the chroot
package: font-config
severity: serious
x-debbugs-cc: debian-d...@lists.debian.org
Hi,
I'm not 100% sure the following issue is caused by font-config, please
reassign appropriatly if it is not.
https://jenkins.debian.net/job/chroot-installation_wheezy_install_education-
package: man-db
severity: serious
x-debbugs-cc: debian-d...@lists.debian.org
Hi,
I'm not 100% sure the following issue is caused by man-db, please reassign
appropriatly if it is not.
https://jenkins.debian.net/job/chroot-installation_wheezy_install_education-
package: readahead-fedora
severity: serious
x-debbugs-cc: debian-d...@lists.debian.org
Hi,
I'm not 100% sure the following issue is caused by readahead-fedora, please
reassign appropriatly if it is not. (eg or is it man-db?)
Hi Guillem,
thanks for following up on these bugs! And for maintaining dpkg in the first
place! :-)
On Samstag, 14. Juni 2014, Guillem Jover wrote:
I'm merging with the already filed bug report, because the request
seems confused. The time spent when building kernel packages rests in
Hi Guillem,
thanks for fixing this bug so fast!
cheers,
Holger
signature.asc
Description: This is a digitally signed message part.
package: dpkg-dev
severity: wishlist
Hi,
it would be awesome if dpkg-dev would support this nativly.
cheers,
Holger
-- Forwarded Message --
Betreff: using pbzip2 or pigz when building packages
Datum: Mittwoch, 11. Januar 2012
Von: Holger Levsen hol...@layer
package: dpkg
version: 1.14.31
Hi,
I'm sponsoring the typo3-src packages into Debian and when a new request for
sponsoring arrives I usually compare the new version with the old version
with either debdiff or meld.
Recently the package switched it source format to 3.0 and now some files have
package: dpkg
severity: wishlist
tags: security
version: 1.14.25
Hi,
during a discussion about how to compromise the security of a Debian system I
noticed that /var/log/dpkg.log just logs the version number of the packages
installed, thus one can inject a on-the-fly-modified .deb with the same
Hi,
On Sonntag, 12. April 2009, Raphael Hertzog wrote:
How can you tag this security while saying provided that the user doesn't
care of the security.
I was waking up (finishing my mental backlog from yesterday) and thought of a
different meaning of security: affecting security, not causing
62 matches
Mail list logo