Re: seeking a "temp" sponsor

[Jacob Luna Lundberg]

On Tue, Aug 17, 2004 at 08:34:57PM -0600, Wesley J Landaker wrote:
> On Tuesday 17 August 2004 17:32, Jacob Luna Lundberg wrote:
> > I maintain the xscorch package and my usual sponsor isn't responding
> > (I think he's just too busy).  I have a new debian version which
> > fixes a bug with 64-bit platforms and updates standards compliance
> > just a tad. I'm looking for somebody to upload for me, hopefully in
> > time to get it into testing.  :)
> 
> debian/copyright names the principal upstream authors and the license, 
> but doesn't contain the actual copyright "statement". From what I could 
> glean from the AUTHORS file and the headers from the source, you'd 
> probably want something like:

Ok, I'd like to make this 0.2.0-3 since -2 has been published on my 
archive for a while now.  I've created -3 with hopefully the needed 
amendment, available at (http://www.gnifty.net/code/xscorch/).

The copyright file now says:

``
This package was debianized by Brian M. Almeida <[EMAIL PROTECTED]> on
Fri, 21 Apr 2000 21:43:28 -0400.

It was downloaded from http://www.xscorch.org/

Upstream Authors:

Justin David Smith <[EMAIL PROTECTED]>
Jacob Luna Lundberg <[EMAIL PROTECTED]>

Copyright:

Copyright (c) 2000, 2001, 2002, 2003, 2004 Justin David Smith
Copyright (c) 2000, 2001, 2002, 2003, 2004 Jacob Luna Lundberg
Copyright (c) 2003 Jason House
Copyright (c) 2000, 2001 Jake Post
Copyright (c) 2000 Matti Hnninen
Copyright (c) 2000 Nickolai Zeldovich

This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, version 2 of the License ONLY.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software Foundation,
Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA


On Debian systems, the complete text of the GNU General Public License,
version 2, can be found in the file "/usr/share/common-licenses/GPL-2".
''

Thanks,
-Jacob

-- 

Mistrust is the dark heart of wicked problems.

 - Jonathan B. King, ``Learning to Solve the Right Problems'', pg. 12.


pgp3p0vpOes5C.pgp
Description: PGP signature

Re: Seeking sponsors for 3 packages

[Steve Kemp]

On Tue, Aug 17, 2004 at 06:32:30PM -0700, Ken Bloom wrote:
> 
> The third was written by someone else, but it's very useful:
>Package: svp
>Version: 0.2-3
>Description: An SVGAlib based viewer for PostScript and PDF files
> svp is an SVGAlib based GhostScript frontend, allowing you to view
> PostScript and PDF files on your virtual consoles.
> 
> All of my packages are at http://wwwcsif.cs.ucdavis.edu/~bloom/

  I will sponsor this package when it has been fixed to avoid a local
 root attack.

  The binary is installed setuid(root), and contains the following
 code:

   snprintf(command, 255, "gs -dBATCH -dNOPAUSE -dSAFER -sDEVICE=nullpage 
\"%s\" 2>&1", filename);
   f=popen(command, "r");

  That is it invokes a copy of 'gs' without dropping root privileges and
 without specifying the path to gs.  This allows a local user to setup
 a trojan gs command and use it to gain root...

  Appropriate solutions could be forking and dropping privileges
 temporarily, dropping the +s bit, or something else.

Steve
--
# The Debian Security Audit Project.
http://www.debian.org/security/audit

Re: Seeking sponsors for 3 packages

[Steve Langasek]

On Wed, Aug 18, 2004 at 09:14:27AM +0100, Steve Kemp wrote:
> On Tue, Aug 17, 2004 at 06:32:30PM -0700, Ken Bloom wrote:

> > The third was written by someone else, but it's very useful:
> >Package: svp
> >Version: 0.2-3
> >Description: An SVGAlib based viewer for PostScript and PDF files
> > svp is an SVGAlib based GhostScript frontend, allowing you to view
> > PostScript and PDF files on your virtual consoles.

> > All of my packages are at http://wwwcsif.cs.ucdavis.edu/~bloom/

>   I will sponsor this package when it has been fixed to avoid a local
>  root attack.

>   The binary is installed setuid(root), and contains the following
>  code:

>snprintf(command, 255, "gs -dBATCH -dNOPAUSE -dSAFER -sDEVICE=nullpage 
> \"%s\" 2>&1", filename);
>f=popen(command, "r");

>   That is it invokes a copy of 'gs' without dropping root privileges and
>  without specifying the path to gs.  This allows a local user to setup
>  a trojan gs command and use it to gain root...

>   Appropriate solutions could be forking and dropping privileges
>  temporarily, dropping the +s bit, or something else.

Do we really want to be adding to the number of svgalib-based programs
in the archive?  Surely this isn't the only security problem lurking...

-- 
Steve Langasek
postmodern programmer


signature.asc
Description: Digital signature

RFS:cross-compiler package

[Rafael Ávila de Espíndola]

I am building some cross-compilers using the crosstool scripts 
(http://kegel.com/crosstool/) and I think that they are generally useful to 
Debian.

I have a new version that is based on crosstool 0.28-rc32 and also has a SPARC 
cross-compiler. I don't have access to any other architecture to test...

It can be downloaded from:
ftp.las.ic.unicamp.br/pub/crosstool

Thanks for any comment.

Rafael

Re: seeking a "temp" sponsor

[Wesley J Landaker]

On Wednesday 18 August 2004 00:52, Jacob Luna Lundberg wrote:
> Ok, I'd like to make this 0.2.0-3 since -2 has been published on my
> archive for a while now.  I've created -3 with hopefully the needed
> amendment, available at (http://www.gnifty.net/code/xscorch/).

Looks good, I've uploaded it.

-- 
Wesley J. Landaker <[EMAIL PROTECTED]>
OpenPGP FP: 4135 2A3B 4726 ACC5 9094  0097 F0A9 8A4C 4CD6 E3D2



pgpRCNsz8Sibp.pgp
Description: signature

xpat2 testing excuses

[Luk Claes]

Hi

xpat2 is installed for m68k a couple of days ago, though it isn't entering
testing because it has "not yet built on m68k"??

It has been built 2 times according buildd.d.o, it is installed according
to buildd.net, but waiting for a build according to bjorn.haxx.se/debian.

What is going wrong or is it supposed to be like this so near the release?

Cheers

Luk

RFS: idzebra -- High-performance, text indexing and retrieval engine

[David Everly]

ITP: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=263830

I am not a Debian Developer, so I am looking for sponsorship.
My packages for the following are available at:

  http://users.adelphia.net/~david.everly/emilda/sarge/
  deb http://users.adelphia.net/~david.everly emilda/sarge/
  deb-src http://users.adelphia.net/~david.everly emilda/sarge/


  * Package name: idzebra
Version : 1.3.17
Upstream Author : Adam Dickmeiss <[EMAIL PROTECTED]>
  * URL : http://ftp.indexdata.dk/pub/zebra/
  * License : GPL
Description : High-performance, text indexing and
retrieval engine

Zebra is a high-performance, general-purpose structured text
indexing and retrieval engine. It reads structured records in a
variety of input formats (eg. email, XML, MARC) and allows access to
them through exact boolean search expressions and relevance-ranked
free-text queries.

-- 
Encrypted Mail Preferred:
Key ID:  8527B9AF
Key Fingerprint:  E1B6 40B6 B73F 695E 0D3B  644E 6427 DD74 8527 B9AF
Information:  http://www.gnupg.org/

ASCII ribbon campaign:
()  against HTML email
/\  against Microsoft attachments
Information:  http://www.expita.com/nomime.html


signature.asc
Description: Digital signature

Re: xpat2 testing excuses

[Andreas Metzler]

On Wed, Aug 18, 2004 at 04:23:51PM +0200, Luk Claes wrote:
> xpat2 is installed for m68k a couple of days ago, though it isn't entering
> testing because it has "not yet built on m68k"??
> 
> It has been built 2 times according buildd.d.o, it is installed according
> to buildd.net, but waiting for a build according to bjorn.haxx.se/debian.
 
> What is going wrong or is it supposed to be like this so near the release?

The testing scripts did not run succesfully tonight.
  cu andreas

Re: xpat2 testing excuses

[Matt Brubeck]

Luk Claes wrote:

> xpat2 is installed for m68k a couple of days ago, though it isn't
> entering testing because it has "not yet built on m68k"??
>
> It has been built 2 times according buildd.d.o, it is installed
> according to buildd.net, but waiting for a build according to
> bjorn.haxx.se/debian.

It appears that xpat2/m68k was only installed yesterday.  When the
testing scripts run today, it should be able to enter sarge (and the
testing status pages will be updated accordingly).  The testing status
is updated only once per day.

I'm not sure why the previous m68k build was not uploaded, but this
is sometimes caused by a problem with the buildd machine.

RFS(2): kimdaba - KDE tool for indexing, searching and viewing images by keywords

[David López Moreno]

Dear Mentors,

This is my second plea for a sponsor for a debian package, kimdaba.

I bet all of you have hundreds or even thousands of images on your hard drive,
collected since you got your first digital camera. And I'm sure that 
through all these years you believed that until eternity you would be able to 
remember the story behind every single picture, the names of all the persons 
on your images and the exact date of every single image.

I guess you have already realized, just like I did, that this is not
possible anymore. Especially for digital images - but also for paper
images - we needed a tool to help us describe our images, and to search
in the pile of images. This is exactly what KimDaBa is all about. 

This is a neat and useful piece of software, and it is not in Debian!!:)

Package description:

* Package name: kimdaba
  Version : 1.1
  Upstream Author : Jesper K. Pedersen <[EMAIL PROTECTED]>
* URL : http://ktown.kde.org/kimdaba/
* License : GPL v2
  Description : KDE tool for indexing, searching and viewing
images by keywords

KDE Image Database (KimDaBa) lets you index, search, group and view
images by keywords, date, locations and persons. It provides a quick and
elegant way to lookup groups of images when you have thousands of
pictures on your hard disk.

The information associated with each photo is stored in a XML file. 
Together with its keywords, KimDaBa stores each picture's MD5 sum, so it
will recognize them even if you move them to another directory. KimDaBa
can also create HTML galleries with the images you select.


Source package is available from:
deb-src http://mentors.debian.net/debian unstable main contrib non-free

Complete package (source+binary) is available at:
http://www-gsi.dec.usc.es/~dave/projects/kimdaba

Package is lintian and linda clean and cleanly builds with pbuilder (sid
environment).

The ITP Bug is #227525 [1]

Any comments/suggestions welcome. 

Thanks in advance for your time and consideration,

David L. Moreno


[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=227525

-- 
David L. Moreno (david.lopez.moreno at hispalinux.es)
GNU/Linux
Debian SID (2.6.6-1) i686 PentiumIII
GPG Public Key at: http://www-gsi.dec.usc.es/~dave/pub_key.asc
Key ID: 761BF242


signature.asc
Description: This is a digitally signed message part

i'm srory for what i did

[Traci Hurt]

=_NextPart_000_%RND_NUM_1.x
Content-Type: text/plain;
Content-Transfer-Encoding: quoted-printable

Wh=E8re some br=E8ast enh=E3ncement pills promiuse miracles 
we don=92t we just help your bre=E3sts achieve their 
full n=E3tural s=ECze. Caress is a unique h=E8rbal bre=E0st 
enh=E3ncement formul=E0 that=92s 1OO% n=E0tural and effective.

Br=E8ast Size M=E3tters.

It shouldn=92t do but the truth is that bre=E3st size 
m=E3tters too many women. Studies show that =E3s m=E3ny =E3s 
85% of w=F5men are not happy with their br=EAasts. 
Caress br=EAast =EAnhancement has the p=F2wer to change 
y=F5ur life f=F5rever. You=92ll fill with confidence when 
you see your new firmer fuller bust line.

http://brusque.herbalmagicsite.com/cbe/index.php?id=3D27




Once upon a midnight dreadry, while I pondered, weak and weary,
Deep into  the darkness peering, long I stood there, wondering, fearing

Most have the Seeds of Judgment in their Mind;

=_NextPart_000_%RND_NUM_t.e--

Re: RFS: http-replicator

[Gertjan van Zwieten]

I have put a (hidden) version 2.2 online with the first four suggested
changes:

* http://gertjan.freezope.org/replicator/http-replicator_2.2.dsc
* http://gertjan.freezope.org/replicator/http-replicator_2.2.tar.gz
* http://gertjan.freezope.org/replicator/http-replicator_2.2_i386.deb

I don't see why it would be better to build http-replicator as a normal
package. All files relevant for non-debian users are in the top folder;
they can simply skip the debian subdir?

Gertjan

On Wed, 18 Aug 2004 00:00:52 +0200, "Erik Schanze"
<[EMAIL PROTECTED]> said:
> "Gertjan van Zwieten" <[EMAIL PROTECTED]>:
> > Hello,
> >
> > I'm looking for a sponsor for http-replicator, a program I wrote
> > myself. It's a single-threaded proxy server written in python. I
> > started working on it some time ago because I needed a way to cache
> > my downloaded debian packages so they won't have to be redownloaded
> > for each individual pc. The existing solutions like apt-cacher and
> > apt-proxy didn't really offer what I was looking for. I have tried
> > to explain this on the website:
> > http://gertjan.freezope.org/replicator.
> >
> > A difference with these other solutions is that although http-
> > replicator has package caching as its primary purpose it still is a
> > general proxy server. The gentoo community also seems to find it
> > quite useful, seeing this discussion:
> > http://forums.gentoo.org/viewtopic.php?t=173226. Currently http-
> > replicator is in the process of becoming an official ebuild, which
> > is a bit odd considering I wrote it for debian :-). I hope it can be
> > in debian as well.
> >
> > I've read the FAQ, it seems the following information is required:
> >
> > * Name: http-replicator
> > * Licence: GPL
> > * Description: Replicating HTTP proxy server
> > * Website: http://gertjan.freezope.org/replicator
> >
> >
> After short look over http-replicator-2.1.tar.gz I have these
> suggestions:
> - In debian/rules you should remove commented out lines.
> - There is no *.dsc file downloadable, I'm not able to build package
>   myself.
> - According Policy 12.1 you should provide manpages for http-
>   replicator and http-replicator_maintenance
> - Current Standards-Version is 3.6.1.
> - Because the programs are not specific to Debian (as I understand)
>   and someone else (e.g. Gentoo) find it useful, you should consider
>   to build it as a normal Package, not native.
>
>
> Regards, Erik
>
>
> --
>  www.ErikSchanze.de *
>  Bitte keine HTML-Mails! No HTML mails, please! Maillimit: 1 MB *
>   * Linux-Info-Tag in Dresden, am 30. Oktober 2004  *
> Info: http://www.linux-info-tag.de *
>
>
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED] with
> a subject of "unsubscribe". Trouble? Contact
> [EMAIL PROTECTED]
>

Re: Bug#265762: ITP: tpop3d -- tpop3d is a fast, extensible, secure UNIX POP3 server

[Rolandas Juodzbalis]

Thomas Viehmann wrote:


Well, choice is about having multiple packages offering distinct
benefits. Choice is not about having two dozen half- to un-maintained
packages failing to achieve the same goal. Being offered 20 packages
isn't exactly a service to the user if he cannot be certain how long and
how well the packages will be cared for. [1]

I cannot see how politely asking prospective packagers to describe the
value they think their particular package adds to the archive is
inappropriate.
There's >50 orphaned packages (where the ex-maintainer or someone else
cared enough to do an upload assigning the package to qa) that have not
been in woody, and probably quite a few ones that have been uploaded and
are ill-maintained (why are 200 packages with RC bugs not in sarge?), so
it's only reasonable to try to estimate the likelihood that a new
package will share the same fate. Being the 10th daemon for a given
service might not decrease that.

Kind regards

Thomas



Hi Thomas at all,

I already found big (?) bug with Debian all versions probably, but not 
sure how to fill bugreport correctly ;) I will try to describe it. Maybe 
someone will help me clearing situation.
Once after reading DWN, I wanted to contribute to my favorite distro. I 
packed tpop3d. And we have question of the day: "why? There are lots of 
bugs to fix in existing packages".  Ok, I said. And started to look at 
wnpp lists. Ok, found one small package: wmnetmon. Just for beginners. 
Right for my work, but I'm using different ;). As described in NM guide, 
I asked for current maintainter to take over his maitenance. He welcomed 
my idea. Then I fixed some bugs, added new translation (not so big) and 
anounced it on debian-mentors list asking for sponsorship (old 
maintainer has no time for it). Thanks for Andreas Metzler and Wesley J 
Landaker for reviewing package and helping me to correct mistakes. But 
what is interesting in all this - nobody answered with "yes, I will 
sponsor you". Of course, it is only four days past my request, but who 
can guarantee that answer will be? Now I see my bug. On next bugfix in 
orphaned package I should ask - will be there sponsor. And I think every 
beginner should ask this question before doing something. Because after 
spending half of sunday learning new features it is pitty to find that 
nobody needs your work. This is big bug from my point of view.


Sorry for such long letter,
Rolandas

Re: Seeking sponsors for 3 packages

[Ken Bloom]

On Wed, 18 Aug 2004 01:45:07 -0700, Steve Langasek wrote:

> Do we really want to be adding to the number of svgalib-based programs in
> the archive?  Surely this isn't the only security problem lurking...

It's a very simple bug to fix, and documented right in the vga_init
manpage. Here's the fix:

svp (0.2-4) unstable; urgency=low

  * Fixed a security bug where a user could run an arbitrary program 
named gs with root privelages.
 - Moved vga_init() to be the first command called, as vga_init() drops
   privelages. If the usage message gets printed, this will print 
   out a bit of cruft first, but it's worth it for security, right?
 - Hardcoded the path to /usr/bin/gs. Things will break if gs moves,
   but its much more likely to change name than move and the name was
   already hardcoded, so what am I worried about?

 -- Ken Bloom <[EMAIL PROTECTED]>  Wed, 18 Aug 2004 15:56:26 -0700

And the fixed package is up on the site I mentioned.

-- 
I usually have a GPG digital signature included as an attachment.
See http://www.gnupg.org/ for info about these digital signatures.
My key was last signed 08/17/2004. If you use GPG *please* see me about 
signing the key. * My computer can't give you viruses by email. ***

Re: RFS: LSongs? :)

[Wesley J Landaker]

On Tuesday 17 August 2004 21:27, Lawrence Williams wrote:
> That would be great. For now, I'd just like some help with the two
> dependencies i need for my lsongs package. Both are only small
> packages and should be fairly easy to clean up. They are mostly clean
> now as I've inherited the work of a previous maintainer. I'll upload
> them to mentors later and send you the info.

I'd send an RFS to debian-mentors for each package separately, even if 
you think they're all related--some mentor may be interested in 
sponsoring one but not the other.

Feel free to CC me when you post them, and I will try to help if I have 
the time, but I can't guarantee it at this point.

> P.S. you are a DD? :P

Yes. (=

-- 
Wesley J. Landaker <[EMAIL PROTECTED]>
OpenPGP FP: 4135 2A3B 4726 ACC5 9094  0097 F0A9 8A4C 4CD6 E3D2



pgpdXdYKDdXRA.pgp
Description: signature

Re: Bug#265762: ITP: tpop3d -- tpop3d is a fast, extensible, secure UNIX POP3 server

[Wesley J Landaker]

On Wednesday 18 August 2004 15:56, Rolandas Juodzbalis wrote:

> I already found big (?) bug with Debian all versions probably, but

[ . . . ]

> helping me to correct mistakes. But what is interesting in all this -
> nobody answered with "yes, I will sponsor you". Of course, it is only
> four days past my request, but who can guarantee that answer will be?

I just skimmed the threads on both wmnetmon and tpop3d; it seems like 
one reason nobody has stepped up and offered to sponsor is that it 
sounded like you still had work to do on both of those packages. 
Perhaps this was a misconception, but it was my at-a-glance impression.

It may help to read through the debian-mentors FAQ, if you haven't 
already: , 
especially the section, "How do I get a sponsor for my package?", "But 
why should I waste time packaging if there's no guarantee it's going to 
be uploaded?", and "Where else can I get a sponsor?".

If you feel that the packages are ready to be reviewed again, please 
post links to both of your packages (wmnetmon and tpop3d) and I will 
try to give you feedback. I am willing to sponsor your packages if/when 
they are in good shape.

> And it is up to Debian community to
> choose if I will be passive user or will start to do something really
> useful.

Well, really, it's up to you; you're the only one who can take 
responsibility for your choices! =)

But if you're willing to be a active and reliable maintainer, I am 
willing to sponsor your packages.

-- 
Wesley J. Landaker <[EMAIL PROTECTED]>
OpenPGP FP: 4135 2A3B 4726 ACC5 9094  0097 F0A9 8A4C 4CD6 E3D2



pgpDDnAgefH5U.pgp
Description: signature

Re: Seeking sponsors for 3 packages

[Steve Kemp]

On Tue, Aug 17, 2004 at 06:32:30PM -0700, Ken Bloom wrote:
> 
> The third was written by someone else, but it's very useful:
>Package: svp
>Version: 0.2-3
>Description: An SVGAlib based viewer for PostScript and PDF files
> svp is an SVGAlib based GhostScript frontend, allowing you to view
> PostScript and PDF files on your virtual consoles.
> 
> All of my packages are at http://wwwcsif.cs.ucdavis.edu/~bloom/

  I will sponsor this package when it has been fixed to avoid a local
 root attack.

  The binary is installed setuid(root), and contains the following
 code:

   snprintf(command, 255, "gs -dBATCH -dNOPAUSE -dSAFER -sDEVICE=nullpage \"%s\" 
2>&1", filename);
   f=popen(command, "r");

  That is it invokes a copy of 'gs' without dropping root privileges and
 without specifying the path to gs.  This allows a local user to setup
 a trojan gs command and use it to gain root...

  Appropriate solutions could be forking and dropping privileges
 temporarily, dropping the +s bit, or something else.

Steve
--
# The Debian Security Audit Project.
http://www.debian.org/security/audit


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Seeking sponsors for 3 packages

[Steve Langasek]

On Wed, Aug 18, 2004 at 09:14:27AM +0100, Steve Kemp wrote:
> On Tue, Aug 17, 2004 at 06:32:30PM -0700, Ken Bloom wrote:

> > The third was written by someone else, but it's very useful:
> >Package: svp
> >Version: 0.2-3
> >Description: An SVGAlib based viewer for PostScript and PDF files
> > svp is an SVGAlib based GhostScript frontend, allowing you to view
> > PostScript and PDF files on your virtual consoles.

> > All of my packages are at http://wwwcsif.cs.ucdavis.edu/~bloom/

>   I will sponsor this package when it has been fixed to avoid a local
>  root attack.

>   The binary is installed setuid(root), and contains the following
>  code:

>snprintf(command, 255, "gs -dBATCH -dNOPAUSE -dSAFER -sDEVICE=nullpage \"%s\" 
> 2>&1", filename);
>f=popen(command, "r");

>   That is it invokes a copy of 'gs' without dropping root privileges and
>  without specifying the path to gs.  This allows a local user to setup
>  a trojan gs command and use it to gain root...

>   Appropriate solutions could be forking and dropping privileges
>  temporarily, dropping the +s bit, or something else.

Do we really want to be adding to the number of svgalib-based programs
in the archive?  Surely this isn't the only security problem lurking...

-- 
Steve Langasek
postmodern programmer


signature.asc
Description: Digital signature

RFS:cross-compiler package

[Rafael Ávila de Espíndola]

I am building some cross-compilers using the crosstool scripts 
(http://kegel.com/crosstool/) and I think that they are generally useful to 
Debian.

I have a new version that is based on crosstool 0.28-rc32 and also has a SPARC 
cross-compiler. I don't have access to any other architecture to test...

It can be downloaded from:
ftp.las.ic.unicamp.br/pub/crosstool

Thanks for any comment.

Rafael


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: seeking a "temp" sponsor

[Wesley J Landaker]

On Wednesday 18 August 2004 00:52, Jacob Luna Lundberg wrote:
> Ok, I'd like to make this 0.2.0-3 since -2 has been published on my
> archive for a while now.  I've created -3 with hopefully the needed
> amendment, available at (http://www.gnifty.net/code/xscorch/).

Looks good, I've uploaded it.

-- 
Wesley J. Landaker <[EMAIL PROTECTED]>
OpenPGP FP: 4135 2A3B 4726 ACC5 9094  0097 F0A9 8A4C 4CD6 E3D2



pgpIfRgyT2m1u.pgp
Description: signature

xpat2 testing excuses

[Luk Claes]

Hi

xpat2 is installed for m68k a couple of days ago, though it isn't entering
testing because it has "not yet built on m68k"??

It has been built 2 times according buildd.d.o, it is installed according
to buildd.net, but waiting for a build according to bjorn.haxx.se/debian.

What is going wrong or is it supposed to be like this so near the release?

Cheers

Luk


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

RFS: idzebra -- High-performance, text indexing and retrieval engine

[David Everly]

ITP: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=263830

I am not a Debian Developer, so I am looking for sponsorship.
My packages for the following are available at:

  http://users.adelphia.net/~david.everly/emilda/sarge/
  deb http://users.adelphia.net/~david.everly emilda/sarge/
  deb-src http://users.adelphia.net/~david.everly emilda/sarge/


  * Package name: idzebra
Version : 1.3.17
Upstream Author : Adam Dickmeiss <[EMAIL PROTECTED]>
  * URL : http://ftp.indexdata.dk/pub/zebra/
  * License : GPL
Description : High-performance, text indexing and
retrieval engine

Zebra is a high-performance, general-purpose structured text
indexing and retrieval engine. It reads structured records in a
variety of input formats (eg. email, XML, MARC) and allows access to
them through exact boolean search expressions and relevance-ranked
free-text queries.

-- 
Encrypted Mail Preferred:
Key ID:  8527B9AF
Key Fingerprint:  E1B6 40B6 B73F 695E 0D3B  644E 6427 DD74 8527 B9AF
Information:  http://www.gnupg.org/

ASCII ribbon campaign:
()  against HTML email
/\  against Microsoft attachments
Information:  http://www.expita.com/nomime.html


signature.asc
Description: Digital signature

Re: xpat2 testing excuses

[Andreas Metzler]

On Wed, Aug 18, 2004 at 04:23:51PM +0200, Luk Claes wrote:
> xpat2 is installed for m68k a couple of days ago, though it isn't entering
> testing because it has "not yet built on m68k"??
> 
> It has been built 2 times according buildd.d.o, it is installed according
> to buildd.net, but waiting for a build according to bjorn.haxx.se/debian.
 
> What is going wrong or is it supposed to be like this so near the release?

The testing scripts did not run succesfully tonight.
  cu andreas


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: xpat2 testing excuses

[Matt Brubeck]

Luk Claes wrote:

> xpat2 is installed for m68k a couple of days ago, though it isn't
> entering testing because it has "not yet built on m68k"??
>
> It has been built 2 times according buildd.d.o, it is installed
> according to buildd.net, but waiting for a build according to
> bjorn.haxx.se/debian.

It appears that xpat2/m68k was only installed yesterday.  When the
testing scripts run today, it should be able to enter sarge (and the
testing status pages will be updated accordingly).  The testing status
is updated only once per day.

I'm not sure why the previous m68k build was not uploaded, but this
is sometimes caused by a problem with the buildd machine.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

RFS(2): kimdaba - KDE tool for indexing, searching and viewing images by keywords

[David López Moreno]

Dear Mentors,

This is my second plea for a sponsor for a debian package, kimdaba.

I bet all of you have hundreds or even thousands of images on your hard drive,
collected since you got your first digital camera. And I'm sure that 
through all these years you believed that until eternity you would be able to 
remember the story behind every single picture, the names of all the persons 
on your images and the exact date of every single image.

I guess you have already realized, just like I did, that this is not
possible anymore. Especially for digital images - but also for paper
images - we needed a tool to help us describe our images, and to search
in the pile of images. This is exactly what KimDaBa is all about. 

This is a neat and useful piece of software, and it is not in Debian!!:)

Package description:

* Package name: kimdaba
  Version : 1.1
  Upstream Author : Jesper K. Pedersen <[EMAIL PROTECTED]>
* URL : http://ktown.kde.org/kimdaba/
* License : GPL v2
  Description : KDE tool for indexing, searching and viewing
images by keywords

KDE Image Database (KimDaBa) lets you index, search, group and view
images by keywords, date, locations and persons. It provides a quick and
elegant way to lookup groups of images when you have thousands of
pictures on your hard disk.

The information associated with each photo is stored in a XML file. 
Together with its keywords, KimDaBa stores each picture's MD5 sum, so it
will recognize them even if you move them to another directory. KimDaBa
can also create HTML galleries with the images you select.


Source package is available from:
deb-src http://mentors.debian.net/debian unstable main contrib non-free

Complete package (source+binary) is available at:
http://www-gsi.dec.usc.es/~dave/projects/kimdaba

Package is lintian and linda clean and cleanly builds with pbuilder (sid
environment).

The ITP Bug is #227525 [1]

Any comments/suggestions welcome. 

Thanks in advance for your time and consideration,

David L. Moreno


[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=227525

-- 
David L. Moreno (david.lopez.moreno at hispalinux.es)
GNU/Linux
Debian SID (2.6.6-1) i686 PentiumIII
GPG Public Key at: http://www-gsi.dec.usc.es/~dave/pub_key.asc
Key ID: 761BF242


signature.asc
Description: This is a digitally signed message part

i'm srory for what i did

[Traci Hurt]

=_NextPart_000_%RND_NUM_1.x
Content-Type: text/plain;
Content-Transfer-Encoding: quoted-printable

Wh=E8re some br=E8ast enh=E3ncement pills promiuse miracles 
we don=92t we just help your bre=E3sts achieve their 
full n=E3tural s=ECze. Caress is a unique h=E8rbal bre=E0st 
enh=E3ncement formul=E0 that=92s 1OO% n=E0tural and effective.

Br=E8ast Size M=E3tters.

It shouldn=92t do but the truth is that bre=E3st size 
m=E3tters too many women. Studies show that =E3s m=E3ny =E3s 
85% of w=F5men are not happy with their br=EAasts. 
Caress br=EAast =EAnhancement has the p=F2wer to change 
y=F5ur life f=F5rever. You=92ll fill with confidence when 
you see your new firmer fuller bust line.

http://brusque.herbalmagicsite.com/cbe/index.php?id=3D27




Once upon a midnight dreadry, while I pondered, weak and weary,
Deep into  the darkness peering, long I stood there, wondering, fearing

Most have the Seeds of Judgment in their Mind;

=_NextPart_000_%RND_NUM_t.e--


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: RFS: http-replicator

[Gertjan van Zwieten]

I have put a (hidden) version 2.2 online with the first four suggested
changes:

* http://gertjan.freezope.org/replicator/http-replicator_2.2.dsc
* http://gertjan.freezope.org/replicator/http-replicator_2.2.tar.gz
* http://gertjan.freezope.org/replicator/http-replicator_2.2_i386.deb

I don't see why it would be better to build http-replicator as a normal
package. All files relevant for non-debian users are in the top folder;
they can simply skip the debian subdir?

Gertjan

On Wed, 18 Aug 2004 00:00:52 +0200, "Erik Schanze"
<[EMAIL PROTECTED]> said:
> "Gertjan van Zwieten" <[EMAIL PROTECTED]>:
> > Hello,
> >
> > I'm looking for a sponsor for http-replicator, a program I wrote
> > myself. It's a single-threaded proxy server written in python. I
> > started working on it some time ago because I needed a way to cache
> > my downloaded debian packages so they won't have to be redownloaded
> > for each individual pc. The existing solutions like apt-cacher and
> > apt-proxy didn't really offer what I was looking for. I have tried
> > to explain this on the website:
> > http://gertjan.freezope.org/replicator.
> >
> > A difference with these other solutions is that although http-
> > replicator has package caching as its primary purpose it still is a
> > general proxy server. The gentoo community also seems to find it
> > quite useful, seeing this discussion:
> > http://forums.gentoo.org/viewtopic.php?t=173226. Currently http-
> > replicator is in the process of becoming an official ebuild, which
> > is a bit odd considering I wrote it for debian :-). I hope it can be
> > in debian as well.
> >
> > I've read the FAQ, it seems the following information is required:
> >
> > * Name: http-replicator
> > * Licence: GPL
> > * Description: Replicating HTTP proxy server
> > * Website: http://gertjan.freezope.org/replicator
> >
> >
> After short look over http-replicator-2.1.tar.gz I have these
> suggestions:
> - In debian/rules you should remove commented out lines.
> - There is no *.dsc file downloadable, I'm not able to build package
>   myself.
> - According Policy 12.1 you should provide manpages for http-
>   replicator and http-replicator_maintenance
> - Current Standards-Version is 3.6.1.
> - Because the programs are not specific to Debian (as I understand)
>   and someone else (e.g. Gentoo) find it useful, you should consider
>   to build it as a normal Package, not native.
>
>
> Regards, Erik
>
>
> --
>  www.ErikSchanze.de *
>  Bitte keine HTML-Mails! No HTML mails, please! Maillimit: 1 MB *
>   * Linux-Info-Tag in Dresden, am 30. Oktober 2004  *
> Info: http://www.linux-info-tag.de *
>
>
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED] with
> a subject of "unsubscribe". Trouble? Contact
> [EMAIL PROTECTED]
>


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Bug#265762: ITP: tpop3d -- tpop3d is a fast, extensible, secure UNIX POP3 server

[Rolandas Juodzbalis]

Thomas Viehmann wrote:
Well, choice is about having multiple packages offering distinct
benefits. Choice is not about having two dozen half- to un-maintained
packages failing to achieve the same goal. Being offered 20 packages
isn't exactly a service to the user if he cannot be certain how long and
how well the packages will be cared for. [1]
I cannot see how politely asking prospective packagers to describe the
value they think their particular package adds to the archive is
inappropriate.
There's >50 orphaned packages (where the ex-maintainer or someone else
cared enough to do an upload assigning the package to qa) that have not
been in woody, and probably quite a few ones that have been uploaded and
are ill-maintained (why are 200 packages with RC bugs not in sarge?), so
it's only reasonable to try to estimate the likelihood that a new
package will share the same fate. Being the 10th daemon for a given
service might not decrease that.
Kind regards
Thomas

Hi Thomas at all,
I already found big (?) bug with Debian all versions probably, but not 
sure how to fill bugreport correctly ;) I will try to describe it. Maybe 
someone will help me clearing situation.
Once after reading DWN, I wanted to contribute to my favorite distro. I 
packed tpop3d. And we have question of the day: "why? There are lots of 
bugs to fix in existing packages".  Ok, I said. And started to look at 
wnpp lists. Ok, found one small package: wmnetmon. Just for beginners. 
Right for my work, but I'm using different ;). As described in NM guide, 
I asked for current maintainter to take over his maitenance. He welcomed 
my idea. Then I fixed some bugs, added new translation (not so big) and 
anounced it on debian-mentors list asking for sponsorship (old 
maintainer has no time for it). Thanks for Andreas Metzler and Wesley J 
Landaker for reviewing package and helping me to correct mistakes. But 
what is interesting in all this - nobody answered with "yes, I will 
sponsor you". Of course, it is only four days past my request, but who 
can guarantee that answer will be? Now I see my bug. On next bugfix in 
orphaned package I should ask - will be there sponsor. And I think every 
beginner should ask this question before doing something. Because after 
spending half of sunday learning new features it is pitty to find that 
nobody needs your work. This is big bug from my point of view.

Sorry for such long letter,
Rolandas
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Seeking sponsors for 3 packages

[Ken Bloom]

On Wed, 18 Aug 2004 01:45:07 -0700, Steve Langasek wrote:

> Do we really want to be adding to the number of svgalib-based programs in
> the archive?  Surely this isn't the only security problem lurking...

It's a very simple bug to fix, and documented right in the vga_init
manpage. Here's the fix:

svp (0.2-4) unstable; urgency=low

  * Fixed a security bug where a user could run an arbitrary program 
named gs with root privelages.
 - Moved vga_init() to be the first command called, as vga_init() drops
   privelages. If the usage message gets printed, this will print 
   out a bit of cruft first, but it's worth it for security, right?
 - Hardcoded the path to /usr/bin/gs. Things will break if gs moves,
   but its much more likely to change name than move and the name was
   already hardcoded, so what am I worried about?

 -- Ken Bloom <[EMAIL PROTECTED]>  Wed, 18 Aug 2004 15:56:26 -0700

And the fixed package is up on the site I mentioned.

-- 
I usually have a GPG digital signature included as an attachment.
See http://www.gnupg.org/ for info about these digital signatures.
My key was last signed 08/17/2004. If you use GPG *please* see me about 
signing the key. * My computer can't give you viruses by email. ***



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: RFS: LSongs? :)

[Wesley J Landaker]

On Tuesday 17 August 2004 21:27, Lawrence Williams wrote:
> That would be great. For now, I'd just like some help with the two
> dependencies i need for my lsongs package. Both are only small
> packages and should be fairly easy to clean up. They are mostly clean
> now as I've inherited the work of a previous maintainer. I'll upload
> them to mentors later and send you the info.

I'd send an RFS to debian-mentors for each package separately, even if 
you think they're all related--some mentor may be interested in 
sponsoring one but not the other.

Feel free to CC me when you post them, and I will try to help if I have 
the time, but I can't guarantee it at this point.

> P.S. you are a DD? :P

Yes. (=

-- 
Wesley J. Landaker <[EMAIL PROTECTED]>
OpenPGP FP: 4135 2A3B 4726 ACC5 9094  0097 F0A9 8A4C 4CD6 E3D2



pgpFX3G6D9JYj.pgp
Description: signature

Re: Bug#265762: ITP: tpop3d -- tpop3d is a fast, extensible, secure UNIX POP3 server

[Wesley J Landaker]

On Wednesday 18 August 2004 15:56, Rolandas Juodzbalis wrote:

> I already found big (?) bug with Debian all versions probably, but

[ . . . ]

> helping me to correct mistakes. But what is interesting in all this -
> nobody answered with "yes, I will sponsor you". Of course, it is only
> four days past my request, but who can guarantee that answer will be?

I just skimmed the threads on both wmnetmon and tpop3d; it seems like 
one reason nobody has stepped up and offered to sponsor is that it 
sounded like you still had work to do on both of those packages. 
Perhaps this was a misconception, but it was my at-a-glance impression.

It may help to read through the debian-mentors FAQ, if you haven't 
already: , 
especially the section, "How do I get a sponsor for my package?", "But 
why should I waste time packaging if there's no guarantee it's going to 
be uploaded?", and "Where else can I get a sponsor?".

If you feel that the packages are ready to be reviewed again, please 
post links to both of your packages (wmnetmon and tpop3d) and I will 
try to give you feedback. I am willing to sponsor your packages if/when 
they are in good shape.

> And it is up to Debian community to
> choose if I will be passive user or will start to do something really
> useful.

Well, really, it's up to you; you're the only one who can take 
responsibility for your choices! =)

But if you're willing to be a active and reliable maintainer, I am 
willing to sponsor your packages.

-- 
Wesley J. Landaker <[EMAIL PROTECTED]>
OpenPGP FP: 4135 2A3B 4726 ACC5 9094  0097 F0A9 8A4C 4CD6 E3D2



pgpQZ2IFpkPvi.pgp
Description: signature