(semi-)automatic unclaim of packages with more than 2 weeks of inactivity

2019-06-17 Thread Holger Levsen
hi,

today I unclaimed these packages for LTS and these for eLTS:

LTS:
-glib2.0 (Mike Gabriel)
-libsdl1.2 (Hugo Lefeuvre)
-libsdl2 (Hugo Lefeuvre)
-libsdl2-image (Hugo Lefeuvre)
-mupdf (Mike Gabriel)
-python-urllib3 (Roberto C. Sánchez)
-python2.7 (Roberto C. Sánchez)
-python3.4 (Roberto C. Sánchez)
-qemu (Mike Gabriel)
-ruby-omniauth (Abhijith PA)
-sdl-image1.2 (Hugo Lefeuvre)

eLTS:
-python2.6 (Roberto C. Sánchez)
-python2.7 (Roberto C. Sánchez)
-suricata (Hugo Lefeuvre)


-- 
tschau,
Holger

---
   holger@(debian|reproducible-builds|layer-acht).org
   PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C


signature.asc
Description: PGP signature


(semi-)automatic unclaim of packages with more than 2 weeks of inactivity

2019-06-10 Thread Holger Levsen
hi,

today I unclaimed no packages for eLTS and these packages for LTS:

- faad2 (Hugo Lefeuvre)
- hdf5 (Hugo Lefeuvre)
- sysdig (Hugo Lefeuvre)
- tomcat8 (Abhijith PA)


-- 
tschau,
Holger

---
   holger@(debian|reproducible-builds|layer-acht).org
   PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C


signature.asc
Description: PGP signature


(semi-)automatic unclaim of packages with more than 2 weeks of inactivity

2019-06-03 Thread Holger Levsen
hi,

today I unclaimed no packages for LTS nor eLTS, yay.


-- 
tschau,
Holger

---
   holger@(debian|reproducible-builds|layer-acht).org
   PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C


signature.asc
Description: PGP signature


(semi-)automatic unclaim of packages with more than 2 weeks of inactivity

2019-05-27 Thread Holger Levsen
hi,

I've done this again, today I unclaimed:

- for LTS:
  - poppler (Emilio)
- none for eLTS.


-- 
tschau,
Holger

---
   holger@(debian|reproducible-builds|layer-acht).org
   PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C


signature.asc
Description: PGP signature


(semi-)automatic unclaim of packages with more than 2 weeks of inactivity

2019-05-20 Thread Holger Levsen
hi,

I've done this again, today I unclaimed:

- no packages for LTS.
- for eLTS:
  - pacemaker (Mike Gabriel)
  - wireshark (Hugo Lefeuvre)


-- 
tschau,
Holger

---
   holger@(debian|reproducible-builds|layer-acht).org
   PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C


signature.asc
Description: PGP signature


(semi-)automatic unclaim of packages with more than 2 weeks of inactivity

2019-05-13 Thread Holger Levsen
hi,

I've done this again, today I unclaimed:

- no packages for LTS.
- apache2 for eLTS (from Markus Koschany).


-- 
tschau,
Holger

---
   holger@(debian|reproducible-builds|layer-acht).org
   PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C


signature.asc
Description: PGP signature


(semi-)automatic unclaim of packages with more than 2 weeks of inactivity

2019-05-06 Thread Holger Levsen
hi,

I've done this again, today I unclaimed:

- no packages. Yay! :)


-- 
tschau,
Holger

---
   holger@(debian|reproducible-builds|layer-acht).org
   PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C


signature.asc
Description: PGP signature


(semi-)automatic unclaim of packages with more than 2 weeks of inactivity

2019-04-29 Thread Holger Levsen
hi,

I've done this again, today I unclaimed 

for LTS:

-faad2 (Hugo Lefeuvre)
-hdf5 (Hugo Lefeuvre)
-wireshark (Hugo Lefeuvre)

for eLTS:

-systemd (Mike Gabriel)
-wireshark (Hugo Lefeuvre)


-- 
tschau,
Holger

---
   holger@(debian|reproducible-builds|layer-acht).org
   PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C


signature.asc
Description: PGP signature


(semi-)automatic unclaim of packages with more than 2 weeks of inactivity

2019-04-22 Thread Holger Levsen
hi,

I've done this again, today I unclaimed 

for LTS:

qemu (Emilio)

for eLTS:

firmware-nonfre (Emilio)


-- 
tschau,
Holger

---
   holger@(debian|reproducible-builds|layer-acht).org
   PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C


signature.asc
Description: PGP signature


(semi-)automatic unclaim of packages with more than 2 weeks of inactivity

2019-04-15 Thread Holger Levsen
Hi,

I've done this again, today I unclaimed:

clamav (Ola Lundqvist)
jruby (Abhijith PA)


-- 
tschau,
Holger

---
   holger@(debian|reproducible-builds|layer-acht).org
   PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C


signature.asc
Description: PGP signature


Re: (semi-)automatic unclaim of packages with more than 2 weeks of inactivity

2019-04-08 Thread Holger Levsen
On Mon, Apr 08, 2019 at 12:36:25PM -0400, Roberto C. Sánchez wrote:
> That is excellent to know.  Thanks for the feedback.

thank you too! :)


-- 
tschau,
Holger

---
   holger@(debian|reproducible-builds|layer-acht).org
   PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C

Dance like no one's watching. Encrypt like everyone is.


signature.asc
Description: PGP signature


Re: (semi-)automatic unclaim of packages with more than 2 weeks of inactivity

2019-04-08 Thread Roberto C . Sánchez
On Mon, Apr 08, 2019 at 04:25:39PM +, Holger Levsen wrote:
> On Mon, Apr 08, 2019 at 11:26:31AM -0400, Roberto C. Sánchez wrote:
> > I knew something was missing from my message :-)
> 
> :)
> 
> > I have no problem updating the notes weekly or so.  That solution would
> > also fit well with the current system.
> 
> great! and yes, simply updating the note is enough. It's also more than
> just busywork, it sends a valuable signal.
> 
That is excellent to know.  Thanks for the feedback.

Regards,

-Roberto

-- 
Roberto C. Sánchez



Re: (semi-)automatic unclaim of packages with more than 2 weeks of inactivity

2019-04-08 Thread Holger Levsen
On Mon, Apr 08, 2019 at 11:26:31AM -0400, Roberto C. Sánchez wrote:
> I knew something was missing from my message :-)

:)

> I have no problem updating the notes weekly or so.  That solution would
> also fit well with the current system.

great! and yes, simply updating the note is enough. It's also more than
just busywork, it sends a valuable signal.


-- 
tschau,
Holger

---
   holger@(debian|reproducible-builds|layer-acht).org
   PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C


signature.asc
Description: PGP signature


Re: (semi-)automatic unclaim of packages with more than 2 weeks of inactivity

2019-04-08 Thread Roberto C . Sánchez
On Mon, Apr 08, 2019 at 02:39:26PM +, Holger Levsen wrote:
> On Mon, Apr 08, 2019 at 10:31:23AM -0400, Roberto C. Sánchez wrote:
> > Is there perhaps a way of thinking about this that I am missing?
>  
> honest question: do you think it's too much work to update the notes
> every other week?
> 
I knew something was missing from my message :-)

I have no problem updating the notes weekly or so.  That solution would
also fit well with the current system.

Would something as simple as this do the job?

@@ -86,7 +86,7 @@ python-urllib3 (Roberto C. Sánchez)
 --
 python2.7 (Roberto C. Sánchez)
   NOTE: 20190321: Patches integrated for CVE-2018-14647, CVE-2019-5010, and 
CVE-2019-9636
-  NOTE: 20190321: Waiting on upstream action for CVE-2019-9740 (roberto)
+  NOTE: 20190408: Waiting on upstream action for CVE-2019-9740 (roberto)
 --
 python3.4 (Roberto C. Sánchez)
   NOTE: 20190321: Patches integrated for CVE-2018-14647 and CVE-2019-9636

That is, keep the same note just update the date.

The reason I asked the question the way I did initially was because I
had assumed (perhaps wrongly) that updating the note in this way might
not be considered acceptable.

In retrospect, I should have just given the example and then asked
directly instead of the rather abstract question/situation I tried to
explain at the first.

Regards,

-Roberto

-- 
Roberto C. Sánchez



Re: (semi-)automatic unclaim of packages with more than 2 weeks of inactivity

2019-04-08 Thread Holger Levsen
On Mon, Apr 08, 2019 at 10:31:23AM -0400, Roberto C. Sánchez wrote:
> Is there perhaps a way of thinking about this that I am missing?
 
honest question: do you think it's too much work to update the notes
every other week?


-- 
tschau,
Holger

---
   holger@(debian|reproducible-builds|layer-acht).org
   PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C


signature.asc
Description: PGP signature


Re: (semi-)automatic unclaim of packages with more than 2 weeks of inactivity

2019-04-08 Thread Roberto C . Sánchez
On Mon, Apr 08, 2019 at 12:32:35PM +, Holger Levsen wrote:
> Hi,
> 
> I've done this again and am considering (in general) to not write these mails
> anymore. Please speak up if you think these mails are useful (or could
> be made more useful.)
> 
> Today I do feel it's useful to point out, that one should not merely
> reclaim the packages but also update the notes and explain why the
> package is claimed for long but not uploaded. Else it will be unclaimed
> again next week.
> 

Perhaps there needs to be a way to tag or otherwise identify packages in
a "holding" status.  In my case, I have python2.7 (LTS/ELTS), python3.4
(LTS), python2.6 (ELTS), and python-urllib3 (ELTS/LTS).*  All are
affected by various CVEs out of a group which has been identified by
upstream.  Some CVEs have patches, while others are still awaiting
upstream action.  I have already integrated patches for those CVEs which
have them and hence have packages which are partially ready.

It doesn't make sense to me to upload right now with only some
vulnerabilities patched (or none for same cases where a package is only
affected by the one or two CVEs which have no upstream patch yet).  I
suppose that I could push everything to Salsa and unclaim the packages
(leaving a link to where I've pushed my work), but I do intend to apply
upstream's patches as soon as they become available, test, and upload.
It seems not especially efficient for me to go to the trouble of
cleaning up the in-progress work to push to Salsa.

Is there perhaps a way of thinking about this that I am missing?

Regards,

-Roberto

* Of course, apart from those which were unclaimed from my by the most
  recent run.

-- 
Roberto C. Sánchez



Re: (semi-)automatic unclaim of packages with more than 2 weeks of inactivity

2019-04-08 Thread Holger Levsen
On Mon, Apr 08, 2019 at 02:35:21PM +0200, Sylvain Beucler wrote:
> I think they are useful

ok. as two people expressed this, I will keep them.

> though according to the wiki page they are part
> of the front-desk duties.
> 
> Should we update it?

so far, I think, frontdesk has never done this, so yes, I think an
update is in order.


-- 
tschau,
Holger

---
   holger@(debian|reproducible-builds|layer-acht).org
   PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C


signature.asc
Description: PGP signature


Re: (semi-)automatic unclaim of packages with more than 2 weeks of inactivity

2019-04-08 Thread Hugo Lefeuvre
> > I've done this again and am considering (in general) to not write these 
> > mails
> > anymore. Please speak up if you think these mails are useful (or could
> > be made more useful.)
>
> I think they are useful, though according to the wiki page they are part
> of the front-desk duties.

I also find them useful.

-- 
Hugo Lefeuvre (hle)|www.owl.eu.com
RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD
ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C


signature.asc
Description: PGP signature


Re: (semi-)automatic unclaim of packages with more than 2 weeks of inactivity

2019-04-08 Thread Sylvain Beucler
Hi,

On 08/04/2019 14:32, Holger Levsen wrote:
> I've done this again and am considering (in general) to not write these mails
> anymore. Please speak up if you think these mails are useful (or could
> be made more useful.)
>
> Today I do feel it's useful to point out, that one should not merely
> reclaim the packages but also update the notes and explain why the
> package is claimed for long but not uploaded. Else it will be unclaimed
> again next week.
I think they are useful, though according to the wiki page they are part
of the front-desk duties.

Should we update it?

- Sylvain



(semi-)automatic unclaim of packages with more than 2 weeks of inactivity

2019-04-08 Thread Holger Levsen
Hi,

I've done this again and am considering (in general) to not write these mails
anymore. Please speak up if you think these mails are useful (or could
be made more useful.)

Today I do feel it's useful to point out, that one should not merely
reclaim the packages but also update the notes and explain why the
package is claimed for long but not uploaded. Else it will be unclaimed
again next week.


-- 
tschau,
Holger

---
   holger@(debian|reproducible-builds|layer-acht).org
   PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C


signature.asc
Description: PGP signature


Re: (semi-)automatic unclaim of packages with more than 2 weeks of inactivity

2019-03-04 Thread Abhijith PA
Hi.

On Monday 25 February 2019 05:39 PM, Holger Levsen wrote:
> hi,
> 
> I've just unclaimed some packages where the last documented activity on
> these packages was more than two weeks ago:

..
> libraw (Abhijith PA)
..

Last month was quite busy with life.

I see that libraw is claimed by Thorsten Alteholz. Thorsten if you need
any help let me know.


--abhijith.



(semi-)automatic unclaim of packages with more than 2 weeks of inactivity

2019-03-04 Thread Holger Levsen
Hi,

today there were no packages with more than 2 weeks of inactivity, yay!


-- 
tschau,
Holger

---
   holger@(debian|reproducible-builds|layer-acht).org
   PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C


signature.asc
Description: PGP signature


(semi-)automatic unclaim of packages with more than 2 weeks of inactivity

2019-02-25 Thread Holger Levsen
hi,

I've just unclaimed some packages where the last documented activity on
these packages was more than two weeks ago:

libav (Mike Gabriel)
libraw (Abhijith PA)
openssh (Mike Gabriel)
symfony (Roberto C. Sánchez)
uw-imap (Roberto C. Sánchez)

If you intend to continue working on them, please just reclaim them and
update the note.

Thanks.


-- 
tschau,
Holger

---
   holger@(debian|reproducible-builds|layer-acht).org
   PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C

Our civilization is being sacrificed for the opportunity of a very small number
of people to continue making enormous amounts of money...  It is the sufferings
of the many  which pay  for the luxuries  of the few...  You say  you love your
children  above all else,  and yet  you are stealing  their future  in front of 
their very eyes...


signature.asc
Description: PGP signature