Re: Popularity of bzr-builddeb and dh-make

On Fri, 12 Oct 2012, Craig Small wrote: > Steve with his years of packaging experience is not probably a good > sample of one to base this upon. I'd be curious to see if newer > packagers use it or not. I still use dh-make from time to time. Mainly to get a template for debian/control and debian/c

Re: Popularity of bzr-builddeb and dh-make

On Thu, Oct 11, 2012 at 02:38:46PM -0700, Steve Langasek wrote: > dh-make isn't so relevant now that debhelper 7 exists. cp > /usr/share/doc/debhelper/examples/rules.tiny debian/rules && dch > --create, manually create debian/control and debian/copyright, and that's > about it. dh-make comes fro

Re: Debian should move away from MD5 (and at best also from SHA1) (in secure APT and friends)

On Fri, Oct 12, 2012 at 8:30 AM, Christoph Anton Mitterer wrote: > Sources files seems to use MD5, SHA1 and SHA256... though MD5 seems to > have a "special status" (Files vs. Checksums-). > That might be just historic, though. > > Similarly the Packages files... MD5/SHA1/SHA256... Only since whee

Re: Debian should move away from MD5 (and at best also from SHA1) (in secure APT and friends)

On Fri, Oct 12, 2012 at 8:30 AM, Christoph Anton Mitterer wrote: > I further looked around: > e.g. the Release file seems to only use MD5 not so good :( Wrong, the Release file has had all 3 since sarge. woody had MD5 & SHA-1. -- bye, pabs http://wiki.debian.org/PaulWise -- To UNSUBSCRI

Re: Debian should move away from MD5 (and at best also from SHA1) (in secure APT and friends)

Kurt Roeckx wrote: > Andrey Rahmatullin wrote: > > Kurt Roeckx wrote: > > > There are also the md5sums files that are stored in the .deb file. > > > I'm not really sure what the real use case for them is and > > > wouldn't have a problem with them going away. > > debsums(1) aka "what packages on my

Re: Popularity of bzr-builddeb and dh-make

On Fri, Oct 12, 2012 at 5:35 AM, Benjamin Drung wrote: > A poll is a good idea. Can you recommend a site that allows setting up a > poll? The Debian secretary was at one point going to setup devotee for this sort of thing, don't think that ever happened though. If you want some FSAAS (free-softw

Re: (seemingly) declinging bug report numbers

On Fri, Oct 12, 2012 at 3:45 AM, Simon Josefsson wrote: > I can confirm the trend for a couple of organisations. The primary > reason that I identified was the retirement of security support for > Lenny and that Lenny packages are removed from many Debian mirrors which > made it difficult to use

Work-needing packages report for Oct 12, 2012

The following is a listing of packages for which help has been requested through the WNPP (Work-Needing and Prospective Packages) system in the last week. Total number of orphaned packages: 471 (new: 2) Total number of packages offered up for adoption: 136 (new: 1) Total number of packages request

Re: Debian should move away from MD5 (and at best also from SHA1) (in secure APT and friends)

On Thu, 2012-10-11 at 20:18 +0200, Kurt Roeckx wrote: > dpkg-genchanges and dak both generate md5, sha1 and sha256. So > .deb files themself are hashed by all 3 of them. A as far as I > know all tools that verify those files also check all 3 of those > hashes. Ah? Ok... I somehow had in mind that

Re: Popularity of bzr-builddeb and dh-make

On Thu, Oct 11, 2012 at 11:57:55PM +0200, John Paul Adrian Glaubitz wrote: > On Thu, Oct 11, 2012 at 02:38:46PM -0700, Steve Langasek wrote: > > bzr is the fourth most popular version control system in Debian according to > > . If you're going to demote >

Re: (seemingly) declinging bug report numbers

On Thu, Oct 11, 2012 at 11:57:24PM +0200, Vincent Bernat wrote: > ❦ 11 octobre 2012 20:26 CEST, Steve Langasek  : > >> Quite a few upstreams thinks Debian are working contrary to their design > >> and their goals and are actively hindering adoption of their software. > >> If you're interested in

Re: Debian should move away from MD5 (and at best also from SHA1) (in secure APT and friends)

Le Thu, Oct 11, 2012 at 08:18:55PM +0200, Kurt Roeckx a écrit : > > MD5 is covered by policy, and it's the only mentioned in policy, > maybe that should change. Hi Kurt and everybody, For control files, Checksums-Sha1 and Checksums-Sha256 are covered in chapter 5, where they are marked as recomm

Re: Debian should move away from MD5 (and at best also from SHA1) (in secure APT and friends)

On Fri, Oct 12, 2012 at 12:42:57AM +0600, Andrey Rahmatullin wrote: > On Thu, Oct 11, 2012 at 08:18:55PM +0200, Kurt Roeckx wrote: > > There are also the md5sums files that are stored in the .deb file. > > I'm not really sure what the real use case for them is and > > wouldn't have a problem with t

Re: Hijacking^W^W^W^W^W^WSalvaging packages for fun and profit: A proposal

For myself, I'd feel a lot more comfortable with DDs seconding than DMs seconding. In my mind, when you sign up to be a DM, you're signing up to do a good job of maintaining one or more packages. In my mind a part of the additional commitment in agreeing to be a DD is to think about the broader

Re: (seemingly) declinging bug report numbers

Am Freitag, den 12.10.2012, 00:00 +0200 schrieb Vincent Bernat: > ❦ 11 octobre 2012 22:33 CEST, Benjamin Drung : > > >> > I can confirm the trend for a couple of organisations. The primary > >> > reason that I identified was the retirement of security support for > >> > Lenny and that Lenny pack

Re: Popularity of bzr-builddeb and dh-make

Am Donnerstag, den 11.10.2012, 14:38 -0700 schrieb Steve Langasek: > Hi Benjamin, > > On Thu, Oct 11, 2012 at 10:38:08PM +0200, Benjamin Drung wrote: > > How popular are bzr-builddeb and dh-make in Debian? The current > > situation is that packaging-dev recommends bzr-builddeb and suggests > > dh-

Re: (seemingly) declinging bug report numbers

❦ 11 octobre 2012 22:33 CEST, Benjamin Drung  : >> > I can confirm the trend for a couple of organisations. The primary >> > reason that I identified was the retirement of security support for >> > Lenny and that Lenny packages are removed from many Debian mirrors which >> > made it difficult to

Re: Popularity of bzr-builddeb and dh-make

On Thu, Oct 11, 2012 at 02:38:46PM -0700, Steve Langasek wrote: > bzr is the fourth most popular version control system in Debian according to > . If you're going to demote > bzr-builddeb (which doesn't bother me), I think you should also be demoting > sv

Re: (seemingly) declinging bug report numbers

❦ 11 octobre 2012 20:26 CEST, Steve Langasek  : >> Quite a few upstreams thinks Debian are working contrary to their design >> and their goals and are actively hindering adoption of their software. >> If you're interested in examples, just take a look at how rubygems was >> handled in Debian unti

Re: Popularity of bzr-builddeb and dh-make

Hi Benjamin, On Thu, Oct 11, 2012 at 10:38:08PM +0200, Benjamin Drung wrote: > How popular are bzr-builddeb and dh-make in Debian? The current > situation is that packaging-dev recommends bzr-builddeb and suggests > dh-make. It was requested to drop bzr-builddeb from Recommends and add > dh-make [

Re: (seemingly) declinging bug report numbers

Simon Josefsson writes: > Marco Nenciarini writes: >> I've seen recently several company I'm working with getting away from >> Debian in favor of Ubuntu because they have a LTS version. However I >> don't know if this is a general trend. > I can confirm the trend for a couple of organisations.

Re: Popularity of bzr-builddeb and dh-make

A poll is a good idea. Can you recommend a site that allows setting up a poll? Am Donnerstag, den 11.10.2012, 23:29 +0200 schrieb Matthias Klumpp: > Hi! > Have you considered making a poll for this? Because everyone will tell > you a different oppinion... > For me, I think: bzr-builddeb is specifi

Re: Popularity of bzr-builddeb and dh-make

Hi! Have you considered making a poll for this? Because everyone will tell you a different oppinion... For me, I think: bzr-builddeb is specific to Bzr, if you don't use Bzr, it is useless. Instead, dh_make can be used to generate Debian templates quickly, so it might be useful for more people, eve

Bug#690274: ITP: jampal -- mp3 song library management system and player

Package: wnpp Severity: wishlist Owner: Peter Bennett * Package name: jampal Version : 02.01.06 Upstream Author : Peter Bennett * URL : http://jampal.sourceforge.net * License : GPL Programming Lang: Java, C++ Description : mp3 song library management

Popularity of bzr-builddeb and dh-make

Hi, How popular are bzr-builddeb and dh-make in Debian? The current situation is that packaging-dev recommends bzr-builddeb and suggests dh-make. It was requested to drop bzr-builddeb from Recommends and add dh-make [1]. The recommended packages of packaging-dev should be recommended by most of th

Re: (seemingly) declinging bug report numbers

Am Donnerstag, den 11.10.2012, 16:14 -0400 schrieb Paul Tagliamonte: > On Thu, Oct 11, 2012 at 09:45:58PM +0200, Simon Josefsson wrote: > > Marco Nenciarini writes: > > > > > Il giorno gio, 11/10/2012 alle 02.46 +0200, Christoph Anton Mitterer ha > > > scritto: > > >> > > >> On the other hand, s

Re: (seemingly) declinging bug report numbers

On Thu, Oct 11, 2012 at 09:45:58PM +0200, Simon Josefsson wrote: > Marco Nenciarini writes: > > > Il giorno gio, 11/10/2012 alle 02.46 +0200, Christoph Anton Mitterer ha > > scritto: > >> > >> On the other hand, some worries are there that this could imply some > >> decline in Debian itself. > >

Re: (seemingly) declinging bug report numbers

Marco Nenciarini writes: > Il giorno gio, 11/10/2012 alle 02.46 +0200, Christoph Anton Mitterer ha > scritto: >> >> On the other hand, some worries are there that this could imply some >> decline in Debian itself. >> Well I still think Debian is the best distro out there for most (if not >> all

Re: (seemingly) declinging bug report numbers

]] Steve Langasek > On Thu, Oct 11, 2012 at 05:29:51PM +0200, Tollef Fog Heen wrote: > > This might be your impression. It does not at all match my impression. > > > Quite a few upstreams thinks Debian are working contrary to their > > design and their goals and are actively hindering adoption

Re: Debian should move away from MD5 (and at best also from SHA1) (in secure APT and friends)

On Thu, Oct 11, 2012 at 08:18:55PM +0200, Kurt Roeckx wrote: > There are also the md5sums files that are stored in the .deb file. > I'm not really sure what the real use case for them is and > wouldn't have a problem with them going away. debsums(1) aka "what packages on my system are corrupt by a

Re: (seemingly) declinging bug report numbers

On Thu, Oct 11, 2012 at 05:29:51PM +0200, Tollef Fog Heen wrote: > This might be your impression. It does not at all match my impression. > Quite a few upstreams thinks Debian are working contrary to their design > and their goals and are actively hindering adoption of their software. > If you're

Re: Debian should move away from MD5 (and at best also from SHA1) (in secure APT and friends)

On Thu, Oct 11, 2012 at 01:19:58AM +0200, Christoph Anton Mitterer wrote: > Hi folks. > > AFAICS, secure APT and similar things (e.g. dpkg's file hash sums) still > use even MD5. dpkg-genchanges and dak both generate md5, sha1 and sha256. So .deb files themself are hashed by all 3 of them. A as

Re: Debian should move away from MD5 (and at best also from SHA1) (in secure APT and friends)

On 2012-10-11 19:38, Christoph Anton Mitterer wrote: > On Thu, 2012-10-11 at 11:35 -0500, Peter Samuelson wrote: >> > What makes sense is to use a hash that has the properties that are >> > needed for a particular application. > Well... I think that's only really required if performance is very > c

Re: Debian should move away from MD5 (and at best also from SHA1) (in secure APT and friends)

On Thu, 2012-10-11 at 11:35 -0500, Peter Samuelson wrote: > What makes sense is to use a hash that has the properties that are > needed for a particular application. Well... I think that's only really required if performance is very critical, e.g. when you're on embedded devices or so,... but the p

Re: Debian should move away from MD5 (and at best also from SHA1) (in secure APT and friends)

[Christoph Anton Mitterer] > Wouldn't it make sense to start discussions about moving to the > "strongest" possible? No. What makes sense is to use a hash that has the properties that are needed for a particular application. To use your example of dpkg file checksums, their purpose has _nothing

Re: Bug#690183: ITP: apt-fast -- shellscript wrapper for apt-get or aptitude

On Thu, Oct 11, 2012 at 09:59:35AM -0300, Lisandro Damián Nicanor Pérez Meyer wrote: > Of course, being able to download stuff from two different servers at the > same > time had a better end result, and as long as is one download at a time per > server, I think it can be considered socially ac

Re: (seemingly) declinging bug report numbers

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Le 11/10/2012 17:29, Tollef Fog Heen a écrit : > ]] Thibaut Paumard > >> Users who get software through the Debian packages are still >> 100% users of said software. > > This might be your impression. It does not at all match my > impression. > >

Re: (seemingly) declinging bug report numbers

]] Thibaut Paumard > Users who get software through the Debian packages are still 100% > users of said software. This might be your impression. It does not at all match my impression. Quite a few upstreams thinks Debian are working contrary to their design and their goals and are actively hind

Bug#690244: ITP: os-autoinst - cross-distribution-capable, fully automated testing framework

Package: wnpp Severity: wishlist Owner: Hideki Yamane User: debian-de...@debian.or.jp Usertags: debianjp X-Debbugs-CC: debian-devel@lists.debian.org, debian...@lists.debian.org, debian-de...@debian.or.jp Package name: os-autoinst Version: 1.0.0 Upstream Author: Bernhard M. Wiedemann

Re: Hijacking^W^W^W^W^W^WSalvaging packages for fun and profit: A proposal

On Thursday, October 11, 2012 06:44:53 PM Charles Plessy wrote: ... > - I am not found of the voting procedure, and would rather propose to > follow a similar process as for the modification of the Policy and the > Developers Reference, where at least three DDs need to indicate that, in > their co

Re: Bug#690183: ITP: apt-fast -- shellscript wrapper for apt-get or aptitude

On Thu 11 Oct 2012 09:59:35 Lisandro Damián Nicanor Pérez Meyer escribió: [snip] > Well, parallel download does **greatly** improves speed when you access > international servers, like we had to do in Argentina until some few weeks > ago. WRT non i386/amd64 archs. -- Programming today is a race

Re: Bug#690183: ITP: apt-fast -- shellscript wrapper for apt-get or aptitude

On Thu 11 Oct 2012 02:55:24 Marco d'Itri escribió: > On Oct 11, Hideki Yamane wrote: > > > apt-fast is a shellscript wrapper for apt-get that can drastically > > > improve apt download times by downloading packages in parallel, with > > > multiple connections per package. > > > > well, isn't it

Re: (seemingly) declinging bug report numbers

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Le 11/10/2012 13:40, Stefano Zacchiroli a écrit : > On Thu, Oct 11, 2012 at 11:51:50AM +0200, Christoph Anton Mitterer > wrote: >> On Thu, 2012-10-11 at 09:15 +0200, Mathieu Malaterre wrote: >>> I believe the script is incorrect. It does not count ub

Bug#690157: ITP: aptitude-robot -- Automate package choice management

Package: wnpp Owner: "Elmar S. Heeb" Severity: wishlist X-Debbugs-CC: aptitude-de...@lists.alioth.debian.org, debian-devel@lists.debian.org * Package name: aptitude-robot Version : 1.0 Upstream Author : "Elmar S. Heeb" * URL : https://github.com/elmar/aptitude-robot *

Re: (seemingly) declinging bug report numbers

Il giorno gio, 11/10/2012 alle 02.46 +0200, Christoph Anton Mitterer ha scritto: > > On the other hand, some worries are there that this could imply some > decline in Debian itself. > Well I still think Debian is the best distro out there for most (if not > all cases), even though I'd like to see

Re: (seemingly) declinging bug report numbers

On Thu, Oct 11, 2012 at 11:51:50AM +0200, Christoph Anton Mitterer wrote: > On Thu, 2012-10-11 at 09:15 +0200, Mathieu Malaterre wrote: > > I believe the script is incorrect. It does not count ubuntu bugs that > > gets fixed in debian, without ever being referenced in debian BTS... > Well but it's

Re: (seemingly) declinging bug report numbers

On Thu, Oct 11, 2012 at 5:51 PM, Christoph Anton Mitterer wrote: > Well but it's up to interpretation, whether that wouldn't be a worrying > sign, too. I mean that bugs are fixed rather via Ubuntu. Where bugs are reported doesn't matter, as long as they get fixed. Personally I look at the bug tra

Re: (seemingly) declinging bug report numbers

On Thu, 2012-10-11 at 09:15 +0200, Mathieu Malaterre wrote: > I believe the script is incorrect. It does not count ubuntu bugs that > gets fixed in debian, without ever being referenced in debian BTS... Well but it's up to interpretation, whether that wouldn't be a worrying sign, too. I mean that b

Re: Hijacking^W^W^W^W^W^WSalvaging packages for fun and profit: A proposal

Le Thu, Oct 11, 2012 at 05:50:51AM +, Bart Martens a écrit : > > | Anyone can mark a package as orphaned after the following steps have been > | completed : Someone submits an "intent to orphan" (ITO) in the bts with > an > | explanation of why he/she thinks that the package needs a

Re: Hijacking^W^W^W^W^W^WSalvaging packages for fun and profit: A proposal

Hi, On 11.10.2012 07:50, Bart Martens wrote: >> - the submitter of the "intent to orphan" bug must Cc >> debian...@lists.debian.org, and file the bug with severity:serious (this >> was part of the "criterias" proposal). > | Anyone can mark a package as orphaned after the following steps h

Re: Hijacking^W^W^W^W^W^WSalvaging packages for fun and profit: A proposal

Lucas Nussbaum writes: > On 11/10/12 at 05:50 +, Bart Martens wrote: >> | Anyone can mark a package as orphaned after the following steps have >> been >> | completed : Someone submits an "intent to orphan" (ITO) in the bts with >> an >> | explanation of why he/she thinks that the p

Re: (seemingly) declinging bug report numbers

On Thu, Oct 11, 2012 at 2:46 AM, Christoph Anton Mitterer wrote: > Some days ago Christian reported[0] about #69 with the feeling that > bug report numbers in Debian were declining, which Don’s post[1] later > seemingly confirmed. I believe the script is incorrect. It does not count ubuntu bu

(seemingly) declinging bug report numbers

Hi. Some days ago Christian reported[0] about #69 with the feeling that bug report numbers in Debian were declining, which Don’s post[1] later seemingly confirmed. I wondered myself whether this is a problem for Debian and if so, what we can do against it? First declining bug numbers are no