Package: wnpp
Severity: wishlist
Owner: Maytham Alsudany
X-Debbugs-CC: debian-devel@lists.debian.org, debian...@lists.debian.org
* Package name: golang-github-kr-logfmt
Version : 0.0~git20210122.19f9bcb-1
Upstream Author : Keith Rarick and Blake Mizerany
https:
On 2023-11-11 09:32, Julian Andres Klode wrote:
> While libraries are dependencies of Essential packages, they
> themselves are distinctively not Essential, they are pseudo-essential.
Fair enough, but still the general point of being very careful about
what we make (pseudo-)essential is valid and
Nilesh Patra wrote on 15/11/2023 at 03:49:12+0100:
> On 15 November 2023 5:10:50 am IST, Nicholas D Steeves
> wrote:
>>On the surface, this means Proton Mail (free account) is great! And for
>>general use, I feel like we should be supportive of them; however, I'm
>>starting to wonder if we need
While I do think that PM generating a PGP key by default is a good
thing. Even if they are compromised, it is still better than no
encryption for the vast majority of user *as long as they are not used
for something else*.
The problem for us is that it is not possible to upload subkeys to PM,
whic
Hi,
I'm new to this mailing list, having joined hoping to contribute to Debian, so
I hope you won't mind me offering my opinion here, with this being a subject
I'm quite keen on.
> On 15 Nov 2023, at 12:01, Salvo Tomaselli wrote:
>
> In data mercoledì 15 novembre 2023 03:21:34 CET, Simon Rich
Hi!
On Thu, 2023-11-09 at 17:38:05 -0500, Benjamin Barenblat wrote:
> coreutils can link against OpenSSL, yielding a substantial speed boost
> in sha256sum etc. For many years, this was inadvisable due to license
> conflicts. However, as of bookworm, coreutils requires GPL-3+ and
> OpenSSL is Apac
Hi!
On Tue, 2023-11-14 at 17:29:01 +1100, Craig Small wrote:
> What:
> Create a new package procps-base. This uses the existing procps source
> package and just enable building of pidof. procps-base will be an Essential
> package and only contain pidof.
>
> Why:
> This would bring the pidof varia
nil...@mailbox.org wrote:
>
>>2. The Proton Mail web client automatically encrypts email to anyone who
>>it has a key for. Usually, this would be a great thing, but it means
>>that emailing 1234 at bugs.debian.org while CCing
>>uploader_since_this_is_an_rc_...@debian.org will encrypt the email tha
Package: wnpp
Severity: wishlist
Owner: dann frazier
X-Debbugs-Cc: debian-devel@lists.debian.org
* Package name: virt-firmware
Version : 23.10
Upstream Contact: Gerd Hoffmann
* URL : https://gitlab.com/kraxel/virt-firmware
* License : GPL-2+
Programming Lang
Hello,
I completely agree with you and many others on that regard. A private
key is private, and shall not be stored in a server where multiple users
might access to and open to internet, which can be compromised.
Doing this makes the attack surface substantially larger, and given the
target
On 2023-11-15 11:01:35 +0100 (+0100), Salvo Tomaselli wrote:
[...]
> I was recently discussing with pypi and core python developers,
> and it seems that their take is very different than ours.
>
> It seems that pypi completely removed support for signed updates,
> and instead now verification happ
Package: wnpp
Severity: wishlist
Owner: Timo Röhling
X-Debbugs-Cc: debian-devel@lists.debian.org
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
* Package name: python-laszip
Version : 0.2.3
Upstream Author : Thomas Montaigu
* URL : https://github.com/tmontaigu/laszip
Hi,
My few smallcoins, responding to each of the proposed outcomes (even
if they were intended to be mutually-exclusive...) are:
A) Educating contributors that retaining control of their signing keys
is important seems valuable -- it seems OK to provide a few
illustrative examples of situations w
Hello,
I would like to add an observation tangential to your points A), explanation
to new contributors, and B) potentially advise against the use of Proton Mail
for Debian work to yield a «no, Proton Mail can be useful for some Debian
work».
In December 2022/January 2023, I found a sponsor for m
I wrote:
>nil...@mailbox.org wrote:
>>
>>>2. The Proton Mail web client automatically encrypts email to anyone who
>>>it has a key for. Usually, this would be a great thing, but it means
>>>that emailing 1234 at bugs.debian.org while CCing
>>>uploader_since_this_is_an_rc_...@debian.org will encryp
Package: wnpp
Severity: wishlist
Owner: Yogeswaran Umasankar
X-Debbugs-Cc: debian-devel@lists.debian.org, kd8...@gmail.com
* Package name: python-pyrgg
Version : 1.4
Upstream Contact: Sepand Haghighi
* URL : https://github.com/sepandhaghighi/pyrgg
* License :
On 2023-11-16 00:20:40 +0100 (+0100), Salvo Tomaselli wrote:
> In data mercoledì 15 novembre 2023 15:58:15 CET, Jeremy Stanley ha scritto:
> > why do you need to put an OpenPGP key on the service
> > you're using to upload Python packages (not Debian packages) to
> > PyPI, given that PyPI doesn't s
Salvo Tomaselli writes:
> I am currently not using any service to upload to pypi. But this
> requires the occasional creation and deletion of global tokens.
> The only way to avoid global tokens is to upload from github, in which
> case I can no longer sign the .tar.gz.
Well, you *can*, but you
On 2023-11-15 16:03:54 -0800 (-0800), Russ Allbery wrote:
[...]
> Well, you *can*, but you would have to then download the .tar.gz from
> PyPI, perform whatever checks you need to in order to ensure it is a
> faithful copy of the source release, and then sign it and put that .asc
> file somewhere (
Package: wnpp
Severity: wishlist
Owner: Josenilson Ferreira da Silva
X-Debbugs-Cc: debian-devel@lists.debian.org, nilsonfsi...@hotmail.com
* Package name: python-singledispatch-json
Version : 0.4.0
Upstream Contact: Davis-Foster
* URL : https://github.com/domdfcoding/
Jeremy Stanley writes:
> Or build and sign the .tar.gz, then provide the .tar.gz file to the
> upload automation on GitHub for publishing to PyPI.
Oh, yes, that would work. You'd want to unpack that tarball and re-run
the tests and whatnot, but all very doable.
--
Russ Allbery (r...@debian.or
At 2023-11-15T14:58:15+, Jeremy Stanley wrote:
> I replied to you there too, but you still never seemed to be able to
> explain... why do you need to put an OpenPGP key on the service
> you're using to upload Python packages (not Debian packages) to
> PyPI, given that PyPI doesn't support uploa
22 matches
Mail list logo
