-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, Aug 25, 2015 at 11:13:15PM +0200, Vincent Bernat wrote:
> ❦ 25 août 2015 17:58 GMT, Bas Wijnen :
>
> > I don't see why javascript minification would be different from C
> > compilation
> > in a way that wou
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Wed, Aug 26, 2015 at 07:35:01AM +0200, Vincent Bernat wrote:
> ❦ 25 août 2015 22:37 GMT, Bas Wijnen :
>
> >> We need to leave the Javascript ecosystem mature a bit more but in the
> >> meantime, a bit of tolera
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thu, Aug 27, 2015 at 04:14:53PM -0700, Russ Allbery wrote:
> Bas Wijnen writes:
>
> > On the other hand, shipping packages that cannot be rebuilt with tools
> > from Debian will also result in angry users. For me personal
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
First of all, thanks for having this discussion. I think it is a serious
problem. Debian is currently hard to install on many machines, and I very much
dislike the idea of telling people to enable all of non-free because of some
hardware. Installing
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Sun, Aug 30, 2015 at 10:14:13AM +0200, Vincent Bernat wrote:
> The build script determines the outcome of what will effectively run on
> our users' machine. I fail to see how this is not an important
> issue.
You are correct, this is important.
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Sun, Aug 30, 2015 at 02:12:43PM +0200, Vincent Bernat wrote:
> This is becoming quite a stretch. At this rate, we will fail to match
> SC#2 because we ship previous versions of software and upstream is
> unlikely to accept a patch against a non-curr
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Mon, Aug 31, 2015 at 08:49:53AM +0200, Raphael Hertzog wrote:
> On Sun, 30 Aug 2015, Bas Wijnen wrote:
> > Why do you care that software is in main, if you evidently do not care about
> > any of the rules we have for it?
>
&g
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Wed, Sep 02, 2015 at 07:33:10PM +0100, Neil Williams wrote:
> On Wed, 2 Sep 2015 13:33:57 -0400
> Marvin Renich wrote:
>
> > * Ben Hutchings [150902 10:12]:
> > > My preferred form is a git repository of code written in C, Python,
> > > or some o
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thu, Sep 03, 2015 at 08:47:11AM +0200, Vincent Bernat wrote:
> Without minification, we'll just ship packages that people won't
> use. Why would I run a crippled installation of Wordpress that will
> drive of part of my users to another competitor?
Package: wnpp
Severity: wishlist
Owner: 3-D printer team <3dprinter-gene...@alioth-lists.debian.net>
* Package name: arduino-sanguino
Version : 1.0.0
Upstream Author : Kristian Sloth Lauszus
* URL : http://lauszus.github.io/Sanguino/
* License : GPL-3+
Progra
Package: wnpp
Severity: wishlist
Owner: Bas Wijnen
X-Debbugs-Cc: debian-devel@lists.debian.org, wij...@debian.org
* Package name: python-fhs
Version : 1.0
Upstream Author : Bas Wijnen
* URL : https://github.com/wijnen/python-fhs
* License : AGPL3
Package: wnpp
Severity: wishlist
Owner: Bas Wijnen
X-Debbugs-Cc: debian-devel@lists.debian.org, wij...@debian.org
* Package name: python-network
Version : 0.2
Upstream Author : Bas Wijnen
* URL : https://github.com/wijnen/python-network
* License : AGPL3
Package: wnpp
Severity: wishlist
Owner: Bas Wijnen
X-Debbugs-Cc: debian-devel@lists.debian.org, wij...@debian.org
* Package name: python-websocketd
Version : 0.2
Upstream Author : Bas Wijnen
* URL : https://github.com/wijnen/python-websocketd
* License
Hi,
On Fri, Apr 22, 2022 at 05:56:08PM +0200, Andrej Shadura wrote:
> I don’t want to discourage you from packaging this, but unless I’m mistaken,
> this will be at least the third Websocket client package for Python, and at
> least the third Websocket server in Python 🙂
Yes, I'm not surprised. I
Package: wnpp
Severity: wishlist
Owner: Bas Wijnen
X-Debbugs-Cc: debian-devel@lists.debian.org, wij...@debian.org
* Package name: python-lua
Version : 0.4
Upstream Contact: Bas Wijnen
* URL : https://github.com/wijnen/python-lua
* License : AGPL3
July 11 2016 9:57 AM, "Pirate Praveen" wrote:
>> Yet it is built with a tool not in Debian, from a different form of the
>> work that upstream actually uses for reading and modifying — the source
>> form of the work. So that compiled form is not the source form of the
>> work.
>
> There is a rea
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Mon, Oct 10, 2016 at 03:08:17PM +0200, Martín Ferrari wrote:
> Prometheus being in contrib basically means the work I have done for the
> past year is worthless, as users could as well just grab unofficial
> packages from other places. I am not sayi
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Wed, Oct 12, 2016 at 10:09:12PM +0200, Martín Ferrari wrote:
> On 12/10/16 21:41, Vincent Bernat wrote:
> >> I don't think that shipping a binary compiled upstream should be
> >> allowed, so where's the line drawn?
Technically it would be allowed,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Fri, Oct 14, 2016 at 10:49:06AM +0200, W. Martin Borgert wrote:
> On 2016-10-13 22:39, Joerg Jaspert wrote:
> > On 14458 March 1977, W. Martin Borgert wrote:
> > > If I package a compiler and put y.tab.c in the package, drop
> > > grammar.y in d/m-s
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Wed, Oct 19, 2016 at 09:07:26AM +0200, Vincent Bernat wrote:
> gulp is just a glorified make and doesn't compile anything on its own.
If make wouldn't be in main, any program using it in its build process would
also not be allowed in main. The opt
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Fri, Oct 21, 2016 at 07:26:43AM +0200, Vincent Bernat wrote:
> It would be as easy for the security team to modify the unminified version
> than the "upper" upstream version of the source.
The release team has just decided that "browserified" files
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Mon, Jan 04, 2016 at 07:45:37AM +, Niels Thykier wrote:
> Philippe Cerfon:
> > On Sun, Jan 3, 2016 at 7:35 AM, Christian PERRIER
> > wrote:
> >> Discussing infrastructure changes like what you're proposing (which I
> >> have no advice about) s
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Sun, Jan 10, 2016 at 02:09:24AM +0100, Philippe Cerfon wrote:
> On Sun, Jan 10, 2016 at 1:11 AM, Josh Triplett wrote:
> > They will if people care as much about that separation as they do about
> > separating firmware.
>
> Which effectively still
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Fri, Jan 15, 2016 at 11:08:35AM +0100, Daniel Pocock wrote:
>
>
> On 15/01/16 04:00, Paul Wise wrote:
> > On Tue, Jan 12, 2016 at 5:42 PM, Daniel Pocock wrote:
> >
> >> default softphone in Debian[1]
> >
> > It should be up to the user what comm
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Sat, Jan 16, 2016 at 01:48:46PM +0100, Daniel Pocock wrote:
> On 15/01/16 14:20, Bas Wijnen wrote:
> > On Fri, Jan 15, 2016 at 11:08:35AM +0100, Daniel Pocock wrote:
> >> On 15/01/16 04:00, Paul Wise wrote:
> >>> O
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Sat, Jan 16, 2016 at 04:09:00PM +0100, Marc Haber wrote:
> It would help to be friendly to each other. No CoC needed by that,
> it's just basic common sense.
The meaning of "friendly" and "common sense" is different for different people.
If you wri
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, Jan 19, 2016 at 06:57:43PM +0100, gaffa wrote:
> It's an MIT license:
>
> https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/tree/firmware/WHENCE#n758
That's a fine license as far as the DFSG is concerned, but as long as the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thu, Jan 28, 2016 at 01:38:11PM +, Ian Jackson wrote:
> Andreas Tille writes ("Statically linked library in libdevel packages? (Was:
> Status of teem package (packaging moved from svn to git))"):
> > I came across this question since policy say
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Fri, Jan 29, 2016 at 06:03:26PM +0100, Dimitri John Ledkov wrote:
> Imho, if static libraries, are shipped we should be conservative about
> them (e.g. do it pretty much for libc only to compile minimal
> freestanding bootloaders and that's about it
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Thanks for pursuing this, Daniel, and for being civil while doing so.
On Tue, Feb 09, 2016 at 05:47:46PM +0100, Daniel Pocock wrote:
> Chromium upstream are keen to discourage use of shared libraries on the
> system and encourage packagers to bundle t
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, Feb 09, 2016 at 10:38:26AM -0700, Sebastian Kuzminsky wrote:
> On another Jessie machine I had to apply the same workaround to some
> additional services. I identified the services that needed the workaround
> by grepping for 'PrivateTmp' in /
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
I like your suggestions in general, but am a bit worried about the results of
this:
On Thu, Feb 25, 2016 at 05:41:57PM +, Steven Chamberlain wrote:
> * If left unfixed, the bugs should trigger an auto-removal from
> unstable so that the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
On Fri, Feb 26, 2016 at 07:59:29PM +0100, Jonas Smedegaard wrote:
> Do we favor tracking the true upstreams when packaging for Debian?
There was some discussion about this on the list recently, but this is a
question that didn't really come up, A
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
On Fri, Feb 26, 2016 at 09:02:48PM +, Steven Chamberlain wrote:
> > Removing the package from the breaking port is an option, and it
> > should be easy to trigger, but it should not be automatic. If we make
> > the process easy and the mainta
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Sun, Mar 06, 2016 at 07:35:57PM +0100, Jakub Wilk wrote:
> So, what we're going to do about it? I see the following options:
>
> B) Fix the spec to allow the HTTPS URL; fix the HTTP-only consumers.
That. Https is good for our users. Even if the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Sun, Mar 06, 2016 at 08:13:49PM +, Ben Hutchings wrote:
> On Sun, 2016-03-06 at 19:19 +0000, Bas Wijnen wrote:
> > On Sun, Mar 06, 2016 at 07:35:57PM +0100, Jakub Wilk wrote:
> > >
> > > So, what we're going to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Mon, Mar 07, 2016 at 04:38:55PM -0600, Don Armstrong wrote:
> On Mon, 07 Mar 2016, Peter Rice wrote:
> > The conclusion was that scientific data (SwissProt, PDB, etc.) are
> > scientific facts and it is not reasonable to require permission to
> > ch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Mon, Mar 07, 2016 at 03:12:10PM +0100, Jonas Smedegaard wrote:
> Oh - I just discovered that this _is_ covered by Policy §4.13 already.
Reading that again, I see that it says code copies are acceptable if the code
is meant to be used that way (with
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, Mar 08, 2016 at 02:14:10PM +, Jonathan Dowland wrote:
> On Fri, Feb 26, 2016 at 07:59:29PM +0100, Jonas Smedegaard wrote:
> > I personally feel it is a bug to not track the true upstream of a
> > project, but that seems not part of our Pol
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Wed, Mar 09, 2016 at 11:37:12AM +0100, IOhannes m zmölnig (Debian/GNU) wrote:
> i think that §4.13 does not cover the original issue of jonas at all, as
> it's about something different: using convenience copies instead of the
> system provided pack
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I think you are mistaken about a few things.
On Sun, Mar 20, 2016 at 06:04:55PM +0100, Santiago Vila wrote:
> The maintainer points out that the default value for HAVE_DOT is NO,
> so he's reluctant to add the build-dependency.
If the program can be
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Sun, Mar 20, 2016 at 08:07:55PM +0100, Adam Borowski wrote:
> On Sun, Mar 20, 2016 at 06:51:23PM +0000, Bas Wijnen wrote:
> > That also means that programs calling dot will need graphviz in their
> > Build-Depends, no matter what
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Mon, Mar 21, 2016 at 11:26:16AM +0100, Santiago Vila wrote:
> > Yes, so that's a bug in those programs, not in doxygen. It would be
> > "fixed" by
> > adding graphviz as a Depends to doxygen, but that would be incorrect.
>
> Please note that it i
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Mon, Mar 21, 2016 at 02:37:44PM +, lumin wrote:
> When I'm dealing with one of my ITP's I found that this is
> a noticeable problem to Debian's lua packages. And I think
> this may require some changes to our lua policy, or the dh-lua
> scripts.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, Mar 22, 2016 at 05:04:50PM +0100, Santiago Vila wrote:
> So the number of affected packages if the default HAVE_DOT is changed
> to "no" would be quite low.
>
> If, instead, doxygen is changed to depend on graphviz, there would be
> nothing to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, Mar 22, 2016 at 09:26:45PM +0100, Santiago Vila wrote:
> I think the issue is not really whether HAVE_DOT=yes is good or not
> in general, but whether this is an issue that should be decided on a
> per package basis or not.
I agree, that is wh
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Sun, Apr 10, 2016 at 09:06:50PM +0500, Andrey Rahmatullin wrote:
> On Sun, Apr 10, 2016 at 05:57:16PM +0200, Andreas Tille wrote:
> > > > whether it is advisable to try hard to provide static libraries even if
> > > > upstream build system does not
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Mon, Apr 11, 2016 at 03:25:46PM +0900, Mike Hommey wrote:
> > What uses require PIC static libraries that cannot be satisfied by building
> > -static --whole-archive ?
>
> https://wiki.debian.org/Hardening#DEB_BUILD_HARDENING_PIE_.28gcc.2Fg.2B-.2B-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Wed, Apr 13, 2016 at 05:17:54PM +0200, Marco d'Itri wrote:
> On Apr 13, Ian Jackson wrote:
> > We in Debian are in a good position to defend our users from the
> > fallout from this problem. We could change our default compiler
> > options to favo
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thu, Apr 14, 2016 at 02:57:00PM +0200, Vincent Danjean wrote:
> > If users have such specialized needs, I think it is not only reasonable that
> > they build their own versions of their libraries; I expect them to prefer
> > that.
> > So we should
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, Apr 19, 2016 at 10:13:28PM +0200, Vincent Danjean wrote:
> The initial argument was:
> > We in Debian are in a good position to defend our users from the
> > fallout from this problem. We could change our default compiler
> > options to favour
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Wed, Apr 27, 2016 at 02:28:22PM +0200, Daniel Pocock wrote:
> If I use this method, can the strings be translated easily by the
> Debian translators just like the strings for po-debconf/maintainer
> scripts?
>
> Or is there some additional Debian-s
On Mon, Jan 01, 2018 at 07:43:06PM +0100, Vincent Bernat wrote:
> ❦ 1 janvier 2018 17:47 +0100, Jonas Smedegaard :
>
> >> I have very little time for Debian. Each time I update a package, I have
> >> to bump Standards-Version and fix new Lintian warnings. I would
> >> appreciate if we would ass
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Sat, Aug 05, 2017 at 06:28:20PM +0200, Christoph Biedl wrote:
> intrigeri wrote...
>
> > tl;dr: I hereby propose we enable AppArmor by default in testing/sid,
> > and decide one year later if we want to keep it this way in the
> > Buster release.
>
Note: this post is not about certspotter at all, so I'm not Cc'ing the bug and
changed the Subject line.
On Wed, Aug 09, 2017 at 05:30:19PM -0400, Jonas Smedegaard wrote:
> Stuff like s3cmd are tools connecting to cloud services. Arguably
> usable to have tools to free data from the clouds.
Whi
On Mon, Aug 14, 2017 at 08:58:00AM +1000, Ben Finney wrote:
> "Dr. Bas Wijnen" writes:
>
> > What seems to be the dispute is whether software that runs on a remote
> > system is still "software" for the purpose of our rules.
>
> That is not in disp
On Tue, Aug 15, 2017 at 08:46:43AM +1000, Ben Finney wrote:
> The language is clear that it is talking about dependency in the sense
> of requiring the program installed on the system in order for the
> program to build or execute.
I think the mention of package dependencies is an incomplete list
On Sat, Aug 19, 2017 at 06:21:23PM +0200, Philipp Kern wrote:
> On 08/18/2017 10:36 AM, Dr. Bas Wijnen wrote:
> > Consider the following: unrar-nonfree contains some software which is
> > non-free
> > and can therefore not be in main. The reason we don't put it in mai
On Sun, Aug 27, 2017 at 04:00:54PM +0500, Andrey Rahmatullin wrote:
> On Sun, Aug 27, 2017 at 10:20:27AM +, Dr. Bas Wijnen wrote:
> > Let me put it differently then: for me, one of the major benefits of Debian
> > over (most of) our derivatives is that I can set the system u
On Mon, Aug 28, 2017 at 12:29:07PM +0500, Andrey Rahmatullin wrote:
> On Mon, Aug 28, 2017 at 06:58:50AM +, Dr. Bas Wijnen wrote:
> > Are you saying that a Debian system where only main is enabled is unsafe?
> [...]
> > If that is correct, it is a huge problem that that is
I'm getting tired of this. You keep avoiding my questions and changing the
subject. Unless you start answering my questions, I'm going to stop
responding.
On Mon, Aug 28, 2017 at 02:21:01PM +0500, Andrey Rahmatullin wrote:
> On Mon, Aug 28, 2017 at 08:55:43AM +0000, Dr. Bas
Thanks Philipp, unlike the mail I responded to a few minutes ago, yours is
constructive and I'm happy to continue discussing this with you.
On Mon, Aug 28, 2017 at 12:31:15PM +0200, Philipp Kern wrote:
> On 08/27/2017 12:20 PM, Dr. Bas Wijnen wrote:
> > On Sat, Aug 19, 2017 at 06
On Mon, Aug 28, 2017 at 09:15:01AM -0400, The Wanderer wrote:
> On 2017-08-28 at 07:59, Dr. Bas Wijnen wrote:
> > I think if someone wants to write a client with the purpose of
> > interacting with a non-free service, that client should go in contrib
> > and there is nothin
On Thu, Aug 31, 2017 at 11:16:36AM +0200, Ansgar Burchardt wrote:
> python-digitalocean, ruby-azure*, waagent, twittering-mode,
> probably HBCI clients, python3-googleapi,
> python3-pyicloud, python-yowsup, youtube-dl,
> libgfbgraph-0.2-dev
Thank you for this list. I removed servers that cannot r
On Thu, Dec 28, 2017 at 10:13:52AM +0500, Andrey Rahmatullin wrote:
> On Wed, Dec 27, 2017 at 11:00:38PM +0100, Toni Mueller wrote:
> > they will most likely simply not understand the point, and what makes
> > free hardware so much better.
>
> > massively encourage users to use non-free hardware
On Fri, Dec 29, 2017 at 07:18:57PM +0100, Adam Borowski wrote:
> On Fri, Dec 29, 2017 at 05:57:21PM +, Dr. Bas Wijnen wrote:
> > So we need to decide what we want. I think there probably is consensus
> > about:
> >
> > - We want people with non-free hardware to
On Fri, Dec 29, 2017 at 10:43:58PM +0100, Alexander Wirt wrote:
> On Fri, 29 Dec 2017, Philipp Kern wrote:
> > Put a mapping into a git repository that DDs can push to? Make sure that
> > it is fast-forwarded always? Then let people deal with it?
> I am currently working on such a mapping.
I appr
101 - 167 of 167 matches
Mail list logo
