Salsa CI introducing world-writable permissions

2022-02-06 Thread John Goerzen
Hi folks, I thought I ought to alert people about this, since I haven't seen it documented anywhere. Salsa CI is effectively doing a chmod -R a+w . on trees in checks out, and in some circumstances these permissions can flow into generated data (.debs, Docker images, etc.) I recommend adding a c

Re: Legal advice regarding the NEW queue

2022-02-06 Thread John Goerzen
On Fri, Feb 04 2022, Russ Allbery wrote: > Scott correctly points out that there are a ton of copyright bugs in > Debian *anyway*, despite NEW review. He sees this as a reason for not > relaxing our review standards. I see it as the exact opposite: evidence > that our current review standards ar

Re: Legal advice regarding the NEW queue

2022-02-06 Thread Sean Whitton
Hello, On Fri 04 Feb 2022 at 11:50PM +01, Christian Kastner wrote: > On 2022-02-04 18:39, Russ Allbery wrote: >> In other words, this thread is once again drifting into a discussion of >> how to do copyright review *better*, when my original point is that we >> should seriously consider not doing

sid: texinfo : Depends: perlapi-5.32.1 but it is not installable

2022-02-06 Thread Liang Yan
Hi, I am trying to build qemu in sid locally, however hit an package dependency broken. The package is texinfo, it said no perlapi. However perlapi is a virtual package provided by perl-base which is already installed in my system. # apt install perl-base Reading package lists... Done Buil

Re: sid: texinfo : Depends: perlapi-5.32.1 but it is not installable

2022-02-06 Thread Paul Gevers
Hi, On 06-02-2022 22:05, Liang Yan wrote: Just wondering if anyone happen to know the problem. or just my mis-configration? https://lists.debian.org/debian-devel-announce/2022/02/msg0.html Paul OpenPGP_signature Description: OpenPGP digital signature

sid: texinfo : Depends: perlapi-5.32.1 but it is not installable

2022-02-06 Thread Liang Yan
Hi, I am trying to install texinfo in my sid, it said no perlapi. However perlapi is a virtual package provided by perl-base which is already installed in my system. # apt install perl-base Reading package lists... Done Building dependency tree... Done Reading state information... Done perl-b

Bug#1005076: ITP: sre-yield -- Expands a regular expression to its possible matches

2022-02-06 Thread Paulo
Package: wnpp Severity: wishlist Owner: "Paulo Roberto Alves de Oliveira (aka kretcheu)" X-Debbugs-Cc: debian-devel@lists.debian.org * Package name: sre-yield Version : 1.2 Upstream Author : Google Inc. * URL : https://github.com/google/sre_yield * License : A

Re: sid: texinfo : Depends: perlapi-5.32.1 but it is not installable

2022-02-06 Thread Liang Yan
On 2/6/22 16:09, Paul Gevers wrote: Hi, On 06-02-2022 22:05, Liang Yan wrote: Just wondering if anyone happen to know the problem. or just my mis-configration? https://lists.debian.org/debian-devel-announce/2022/02/msg0.html Glad to know it, thanks! ~Liang Paul

Re: NEW processing friction

2022-02-06 Thread Sean Whitton
Hello Russ, On Tue 25 Jan 2022 at 01:45pm -08, Russ Allbery wrote: > Jonas Smedegaard writes: > >> I just don't think the solution is to ignore copyright or licensing >> statements. > > That's not the goal. The question, which keeps being raised in part > because I don't think it's gotten a goo

Bug#1005090: ITP: node-zx -- Tool to launch modern Javascript scripts

2022-02-06 Thread Yadd
Package: wnpp Severity: wishlist Owner: Yadd X-Debbugs-Cc: debian-devel@lists.debian.org * Package name: node-zx Version : 4.3.0 Upstream Author : Anton Medvedev * URL : https://github.com/google/zx * License : Apache-2.0 Programming Lang: JavaScript Descr