Hi Debian Developers!
I don't know how much is feasible and useful the field.
Problem: I have a package that might depend on a libfoo-dev
library.
"might" because it tries to detect it at configure time,
and if the libfoo is found some features are enabled, otherwise
the features are disabled.
On Sunday 24 May 2015 13:02:38 Thomas Koch wrote:
> Git supports signing of commits since version 1.7.9. Everybody should sign
> git commits always.
There is however the argument that by signing every commit by default one may
accidentally publish a signature on some unverified code and somebody
On 2015-05-25, Gianfranco Costamagna wrote:
> I know this might introduce some problems (binNMU?, ABI/API
> incompatibilities?)
It will also give 'feature-flip-flop' on the available architectures.
You never know if that library is actually installable, so it would just
be discarded giving poor
On Mon, May 25, 2015 at 09:51:41AM +0200, Thomas Koch wrote:
> On Sunday 24 May 2015 13:02:38 Thomas Koch wrote:
> > Git supports signing of commits since version 1.7.9. Everybody should sign
> > git commits always.
> There is however the argument that by signing every commit by default one may
>
* Gianfranco Costamagna , 2015-05-25, 07:22:
Problem: I have a package that might depend on a libfoo-dev library.
"might" because it tries to detect it at configure time, and if the
libfoo is found some features are enabled, otherwise the features are
disabled.
Since the libfoo isn't build o
Hi,
Christian PERRIER (2015-05-25):
> Quoting Hideki Yamane (henr...@debian.or.jp):
> > Hi,
> >
> > On Sun Apr 19, 2015 at 16:25:30 +0200, Cyril Brulebois wrote:
> > > Improvements in this release of the installer
> > > =
> > >
> > > * apt-setup:
> >
Package: wnpp
Owner: Axel Beckert
Severity: wishlist
User: debian-p...@lists.debian.org
Usertags: bcn2015
Control: block 786749 by -1
* Package name: libdist-zilla-plugin-test-podspelling-perl
Version : 2.006009
Upstream Author : Caleb Cushing ,
Marcel Gruenaue
On May 25, Samuel Thibault wrote:
> > I use the attached script to easily create and sign my tags.
> Isn't this the equivalent of gbp-buildpackage --git-tag-only?
Not everybody uses gbp.
--
ciao,
Marco
pgp8bVvnDmsWf.pgp
Description: PGP signature
Hi,
Quoting Gianfranco Costamagna (2015-05-25 09:22:57)
> I don't know how much is feasible and useful the field.
>
> Problem: I have a package that might depend on a libfoo-dev
> library.
>
> "might" because it tries to detect it at configure time,
> and if the libfoo is found some features are
* Riku Voipio , 2014-11-24, 11:07:
Sparc is definitely not ok. For evidence, see #721617, liblo was
trying to fetch a double from a 4-byte aligned address. Experience
with liblo shows that other architectures are just fine (or at least
are just slower) with this type of unalignment.
IME, spra
While we're on the subject of git security...should we stop recommending
that non-account-holders use git:// (most efficient, but insecure
against MITM unless you manually check the commit number) in preference
to https:// (at least some security)?
https://wiki.debian.org/Alioth/Git#Accessing_r
Quoting Johannes Schauer (2015-05-25 13:39:13)
> Quoting Gianfranco Costamagna (2015-05-25 09:22:57)
>> Problem: I have a package that might depend on a libfoo-dev library.
>>
>> "might" because it tries to detect it at configure time, and if the
>> libfoo is found some features are enabled, othe
On Sun, May 24, 2015, at 11:12, Iain R. Learmonth wrote:
> On Sun, May 24, 2015 at 01:02:38PM +0200, Thomas Koch wrote:
> > Git supports signing of commits since version 1.7.9. Everybody should sign
> > git
> > commits always.
>
> What is the overhead on this?
As far as git metadata goes, it is
On Mon, May 25, 2015 at 10:33:06AM +0200, Bastian Blank wrote:
> On Mon, May 25, 2015 at 09:51:41AM +0200, Thomas Koch wrote:
> > On Sunday 24 May 2015 13:02:38 Thomas Koch wrote:
> > > Git supports signing of commits since version 1.7.9. Everybody should sign
> > > git commits always.
> > There is
Bastian Blank schreef op 25-5-2015 om 10:33 AM:
> Much worse, do you trust all your development machines with your private
> key?
I do not. That is why I keep my private signature key on my smartcard. I
sign every commit on all of my machines.
You can put this in your .gitconfig to always sign yo
Hi,
Quoting Jonas Smedegaard (2015-05-25 14:34:46)
> Both above approaches are suitable only when in control of the dependent
> package as well.
why?
cheers, josch
signature.asc
Description: signature
* Johannes Schauer , 2015-05-25, 13:39:
http://lists.debian.org/20141217084500.ga16...@alf.mars
In your case this would mean that the source package building
libfoo-dev would modify the binary package libfoo-dev to Provides:
optional-libfoo-dev and additionally build a binary package called
n
Quoting Johannes Schauer (2015-05-25 15:43:24)
> Hi,
>
> Quoting Jonas Smedegaard (2015-05-25 14:34:46)
>> Both above approaches are suitable only when in control of the
>> dependent package as well.
>
> why?
Ah, correction: Only maintainers of dependent package can add a virtual
package (as H
Hi,
Quoting Jakub Wilk (2015-05-25 16:00:39)
> But Helmut's approach only works if libfoo maintainer knows in advance
> the list of architectures where libfoo-dev will be built. It can't be
> applied if, say, libfoo build-depends on libbar-dev, and libbar-dev
> hasn't been built everywhere.
"h
On Mon, May 25, 2015 at 02:54:53PM +0200, Tzafrir Cohen wrote:
> On Mon, May 25, 2015 at 10:33:06AM +0200, Bastian Blank wrote:
> > On Mon, May 25, 2015 at 09:51:41AM +0200, Thomas Koch wrote:
> > > On Sunday 24 May 2015 13:02:38 Thomas Koch wrote:
> > > > Git supports signing of commits since vers
* Johannes Schauer , 2015-05-25, 18:18:
But Helmut's approach only works if libfoo maintainer knows in advance
the list of architectures where libfoo-dev will be built. It can't be
applied if, say, libfoo build-depends on libbar-dev, and libbar-dev
hasn't been built everywhere.
"hasn't been b
On Mon, May 25, 2015, at 09:54, Tzafrir Cohen wrote:
> On Mon, May 25, 2015 at 10:33:06AM +0200, Bastian Blank wrote:
> > On Mon, May 25, 2015 at 09:51:41AM +0200, Thomas Koch wrote:
> > > On Sunday 24 May 2015 13:02:38 Thomas Koch wrote:
> > > > Git supports signing of commits since version 1.7.9.
On Mon, May 25, 2015, at 09:09, Rebecca N. Palmer wrote:
> While we're on the subject of git security...should we stop recommending
> that non-account-holders use git:// (most efficient, but insecure
> against MITM unless you manually check the commit number) in preference
> to https:// (at leas
On Sunday 24 May 2015 21:27:47 Adam D. Barratt wrote:
[snip]
> Due to the way that the archive manages uploads to proposed-updates, if
> you upload a .changes file which only includes source and
> architecture:all packages, please ensure that you rename it to something
> other than "_$arch.changes"
> While we're on the subject of git security...should we stop
> recommending that non-account-holders use git:// (most efficient, but
> insecure against MITM unless you manually check the commit number) in
> preference to https:// (at least some security)?
> https://wiki.debian.org/Alioth/Git#Acces
On 25/05/15 18:24, Lisandro Damián Nicanor Pérez Meyer wrote:
> On Sunday 24 May 2015 21:27:47 Adam D. Barratt wrote:
> [snip]
>> Due to the way that the archive manages uploads to proposed-updates, if
>> you upload a .changes file which only includes source and
>> architecture:all packages, please
On Mon, May 25, 2015 at 19:42:48 +0100, Simon McVittie wrote:
> On 25/05/15 18:24, Lisandro Damián Nicanor Pérez Meyer wrote:
> > On Sunday 24 May 2015 21:27:47 Adam D. Barratt wrote:
> > [snip]
> >> Due to the way that the archive manages uploads to proposed-updates, if
> >> you upload a .changes
Greetings,
I am working towards becoming a Debian Maintainer. Right now I need to get
2 Debian Developers to sign my key. Are there any Debian Developers in
Phoenix, Arizona who would be willing to meet up and sign each other's keys?
Regards,
Andrew
On Monday 25 May 2015 19:26:28 Andrew Kelley wrote:
> Greetings,
>
> I am working towards becoming a Debian Maintainer. Right now I need to get
> 2 Debian Developers to sign my key. Are there any Debian Developers in
> Phoenix, Arizona who would be willing to meet up and sign each other's keys?
H
On Monday 25 May 2015 19:42:48 Simon McVittie wrote:
[snip]
> Post-jessie devscripts has "mergechanges -f -i" for source+all uploads,
> which amalgamates source, arch-dep and/or arch-indep changes into
> foo_1.2-3_multi.changes, discarding any arch-dep binaries. For instance
> https://tracker.debi
Package: wnpp
Severity: wishlist
Owner: Christian Hofstaedtler
* Package name: ruby-molinillo
Version : 0.2.3
Upstream Author : Samuel E. Giddins
* URL : https://github.com/CocoaPods/Molinillo
* License : Expat
Programming Lang: Ruby
Description : gener
31 matches
Mail list logo
