Bug#202157: packages.d.o should list uploaders

[Martin Michlmayr]

Package: www.debian.org
Severity: wishlist

The packages.d.o pages list the maintainer of the package.  However,
it would be nice to additionally show the uploaders.  Having uploaders
displays more prominently might encourage people to become
co-maintainers of packages.

As an example, alsa-base's source package alsa-driver has:

  Package: alsa-driver
  Binary: alsa-base, alsaconf, alsa-source, alsa-headers
  Maintainer: Debian-Alsa Psychos <[EMAIL PROTECTED]>
  Uploaders: Jordi Mallach <[EMAIL PROTECTED]>, Steve Kowalik <[EMAIL 
PROTECTED]>, David B. Harris <[EMAIL PROTECTED]>

alsa-base's packages page says:
 | Debian-Alsa Psychos is responsible for this Debian package.

I would be nice if this page would say:

 | Debian-Alsa Psychos and Jordi Mallach, Steve Kowalik and David B.
 | Harris are esponsible for this Debian package.


-- 
Martin Michlmayr
[EMAIL PROTECTED]

Bug#202158: devel/people should list co-maintained packages as well

[Martin Michlmayr]

Package: www.debian.org
Severity: wishlist

At the moment, http://www.debian.org/devel/people does not take the
Uploaders: field into account at all.  It would be great if the page
could indicate that you are the uploader (i.e. co-maintainer) of a
package.

-- 
Martin Michlmayr
[EMAIL PROTECTED]

Bug#202157: packages.d.o should list uploaders

[Frank Lichtenheld]

retitle 202157 packages.debian.org: pages should list uploaders
tags 202157 + confirmed
thanks

On Sun, Jul 20, 2003 at 12:00:38PM +0200, Martin Michlmayr wrote:
> The packages.d.o pages list the maintainer of the package.  However,
> it would be nice to additionally show the uploaders.  Having uploaders
> displays more prominently might encourage people to become
> co-maintainers of packages.

I will implement this in my new version[1]. I think it's not worth it to
also patch the old version. But if someone has to many time... ;)

[1] which is making progress, more on this hopefully later today

Gruesse,
-- 
*** Frank Lichtenheld <[EMAIL PROTECTED]> ***
  *** http://www.djpig.de/ ***
see also: - http://www.usta.de/
  - http://fachschaft.physik.uni-karlsruhe.de/

Processed: Re: Bug#202157: packages.d.o should list uploaders

[Debian Bug Tracking System]

Processing commands for [EMAIL PROTECTED]:

> retitle 202157 packages.debian.org: pages should list uploaders
Bug#202157: packages.d.o should list uploaders
Changed Bug title.

> tags 202157 + confirmed
Bug#202157: packages.debian.org: pages should list uploaders
There were no tags set.
Tags added: confirmed

> thanks
Stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)

packages.d.o search problem

[Wang WenRui]

Hi,

I'd like to report a bug on searching packages with packages.d.o
   For example, the mozilla-tabextensions package can be found with "
   mozilla-tabextensions" or "mozilla" as the keyword[1]. But it cannot be
   found with "tabextensions"[2]. The subword option has been turned on.

   The same thing happens when searching "mozilla-firebird" with
   "firebird". [3]

   I guess that one package cannot be found with the keyword after '-'
   in its name.


Best regards
Wang WenRui


[1]
http://packages.debian.org/cgi-bin/search_packages.pl?keywords=mozilla-tabextensions&searchon=names&subword=1&version=all&release=all
[2]
http://packages.debian.org/cgi-bin/search_packages.pl?keywords=tabextensions&searchon=names&subword=1&version=all&release=all
[3]
http://packages.debian.org/cgi-bin/search_packages.pl?keywords=firebird&searchon=names&subword=1&version=all&release=all

Re: packages.d.o search problem

[Matt Kraai]

On Sun, Jul 20, 2003 at 11:54:39PM +0800, Wang WenRui wrote:
>   I'd like to report a bug on searching packages with packages.d.o
>For example, the mozilla-tabextensions package can be found with "
>mozilla-tabextensions" or "mozilla" as the keyword[1]. But it cannot be
>found with "tabextensions"[2]. The subword option has been turned on.
> 
>The same thing happens when searching "mozilla-firebird" with
>"firebird". [3]
> 
>I guess that one package cannot be found with the keyword after '-'
>in its name.

Yes, we know, please see bug #103694

 http://bugs.debian.org/103694

-- 
Matt Kraai  [EMAIL PROTECTED]  Debian GNU/Linux

Web Pages TODO List - Security

[doug jensen]

Hi,

On the Debian Web Pages TODO List, there is the following section:
security

  Find the "moreinfo" entries for older years that contain mentions
  of lists-archives instead of including text from it or even linking
  to it, and correct it.

  There are many advisories in 1997 and early 1998 that lack even the
  basic extra information -- find it and document it. Somehow. :)

  Change the pages to have 'fixed in' info in a tag instead of page body,
  so that we can check for that tag in the template and not display
  'Fixed in:' if it's empty.


I would like to work on that task, and have collected information
related to most of the DSAs on the "undated" page.

Questions on what to do next:

1)  Should the Security team be notified of changes to the DSAs?
2)  It seems difficult, sometimes, to be positive that the "new"
information is exactly what the original DSA was issued for.
My method so far has been:
   a)  Google, using;  [1997 1998].
   b)  Scan various security archives.
   c)  Occasionally look in changelogs (generally didn't help).
   d)  Pick what seems to be the most appropriate information.
Comments, suggestions?
3)  Below are three test patches.  Comments, suggestions?

## Allows the "fixed in" data to be displayed (for Buzz/Rex).
## Affects several DSAs in the 1998, 1997, and undated directories.
## This template isn't being used for current DSAs, last used in 1998.
--- template/debian/fixes_link.wml.old   Fri Nov  1 06:16:30 2002
+++ template/debian/fixes_link.wml.new   Sat Jul 19 17:26:53 2003
@@ -16,6 +16,12 @@
 
   N/A
 
+
+  in release 1.1
+
+
+  in release 1.2
+
 
in release 1.3
 
@@ -41,6 +47,14 @@
if ( $release eq "not" )
{
$str = "";
+   }
+   elsif ( $release eq "buzz" )
+   {
+   $str = "$arch - () $version";
+   }
+   elsif ( $release eq "rex" )
+   {
+   $str = "$arch - () $version";
}
elsif ( $release eq "bo" )
{


## This change allows "Vunerable" to be "Yes" and "Security database
## reference" to be displayed.
--- security/undated/1ssh.data.old   Thu Apr 19 09:52:11 2001
+++ security/undated/1ssh.data.new   Sat Jul 19 17:37:41 2003
@@ -1,7 +1,8 @@
 ssh
 undated
+CA-1998-03
 ssh
-Yes
+yes
 Yes

 #use wml::debian::security


## Changes to 1ssh.wml to add new data.
## Note, there is nothing that absolutely insures that the new
## information is related to the original DSA.
--- security/undated/1ssh.wml.oldSun Jul 22 07:46:50 2001
+++ security/undated/1ssh.wml.newSat Jul 19 16:39:20 2003
@@ -3,6 +3,17 @@
 ssh allowed non-privileged users to forward privileged ports.

 Fixes: ssh 1.2.21-1 or later
+
+The information below was added in July 2003.  Please report
+additions or corrections to debian-www@lists.debian.org:
+Insufficent permission checking may allow a SSH client user, to access
+remote accounts belonging to the ssh-agent user.
+SSH versions 1.2.17 thru 1.2.21 are vulnerable.  SSH versions prior to
+1.2.17 are vunerable to a different, though similar attack.
+Reference to CA-1998-03 was added.
+Changed "Vunerable" to show "Yes".
+Data is now displayed for "Fixed in".
+
 

 # do not modify the following line


Doug Jensen
  

Processed: Done

[Debian Bug Tracking System]

Processing commands for [EMAIL PROTECTED]:

> # implemented
> tags 202157 = pending
Bug#202157: packages.debian.org: pages should list uploaders
Tags were: confirmed
Tags set to: pending

> thanks
Stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)

Processed: Done II

[Debian Bug Tracking System]

Processing commands for [EMAIL PROTECTED]:

> tags 177669 = pending
Bug#177669: packages.debian.org: allpackages.html lists are too big
Tags were: confirmed
Tags set to: pending

> thanks
Stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)

Re: Web Pages TODO List - Security

[Josip Rodin]

On Sun, Jul 20, 2003 at 02:16:19PM -0600, doug jensen wrote:
>   Find the "moreinfo" entries for older years that contain mentions
>   of lists-archives instead of including text from it or even linking
>   to it, and correct it.
> 
>   There are many advisories in 1997 and early 1998 that lack even the
>   basic extra information -- find it and document it. Somehow. :)
> 
> 1)  Should the Security team be notified of changes to the DSAs?

If you're uncertain about anything, they'd likely be the most likely group
where there would be someone who remembers.

> 2)  It seems difficult, sometimes, to be positive that the "new"
> information is exactly what the original DSA was issued for.
> My method so far has been:
>a)  Google, using;  [1997 1998].
>b)  Scan various security archives.
>c)  Occasionally look in changelogs (generally didn't help).
>d)  Pick what seems to be the most appropriate information.
> Comments, suggestions?

What about the debian-security-announce list archive?

Those things were the bulk of my complain which I noted in the TODO file.
There are advisory web pages that have links into the list archive rather
than having the content in them. That's reasonably easy to fix but it needs
man hours.

> 3)  Below are three test patches.  Comments, suggestions?

>  Fixes: ssh 1.2.21-1 or later
> +
> +The information below was added in July 2003.  Please report
> +additions or corrections to debian-www@lists.debian.org:
> +Insufficent permission checking may allow a SSH client user, to access
> +remote accounts belonging to the ssh-agent user.
> +SSH versions 1.2.17 thru 1.2.21 are vulnerable.  SSH versions prior to
> +1.2.17 are vunerable to a different, though similar attack.
> +Reference to CA-1998-03 was added.
> +Changed "Vunerable" to show "Yes".
> +Data is now displayed for "Fixed in".
> +
>  

Looks okay... but I'd move the note about potential problems below the list,
and remove the last three items -- visitors don't really care much about our
administrivia. Note also that if  tags need to surround the s.

-- 
 2. That which causes joy or happiness.

Re: Web Pages TODO List - Security

[doug jensen]

On Sun, Jul 20, 2003 at 11:43:49PM +0200, Josip Rodin wrote:
> What about the debian-security-announce list archive?

I intend to work on those also.

> Looks okay... but I'd move the note about potential problems below the list,
> and remove the last three items -- visitors don't really care much about our
> administrivia. Note also that if  tags need to surround the s.

Thanks! for your help Josip.  

So, I will make those corrections and send the patches back to the list
to be commited, or bug reports to www.debian.org, or ...?
I looked, but only found procedures for developers and others with write
access (hoping I didn't overlook it).

Doug Jensen

Bug#202236: www.debian.org: do @packages messages bounce?

[Dan Jacobson]

Package: www.debian.org
Version: unavailable; reported 2003-07-21
Severity: normal

Whenever I send a message to [EMAIL PROTECTED] I get no
response.

I recall these were supposed to be forwarded to the owner of
some_package.

Maybe they just don't reply, but probably, just like bugs.debian.org,
you have set it up so that if there is any mail trouble, all bounces
are squashed ?

Sorry I send this query as a bug, but that's the only surefire way I know.