Re: DEP-14: Default branch name 'debian/latest' objections?

Sam Hartman writes: >> "Otto" == Otto Kekäläinen writes: > > > Otto> I would be curious to hear why people are *not* adopting > Otto> 'debian/latest'? > > Because debian/latest is more to type and because until we adopt > something I think has a chance of getting real conformity, I a

Re: Let's make 2025 a year when code reviews became common in Debian

Jonas Smedegaard writes: > Quoting Gioele Barabucci (2025-01-23 15:56:24) >> On 23/01/25 15:28, Matthew Vernon wrote: >> > Otto Kekäläinen writes: >> > >> >> Numerous people are posting Merge Requests on Salsa. Please help >> >> review them! >> > >> > I'd much much rather MRs were associated w

Bug#1093901: ITP: golang-github-google-go-tdx-guest -- wrap /dev/tdx-guest and attestation verification

Package: wnpp Severity: wishlist Owner: Simon Josefsson * Package name: golang-github-google-go-tdx-guest Version : 0.3.1-1 Upstream Author : Google * URL : https://github.com/google/go-tdx-guest * License : Apache-2.0 Programming Lang: Go Description

Bug#1093379: ITP: golang-github-santhosh-tekuri-jsonschema -- JSONSchema Validation using Go

Package: wnpp Severity: wishlist Owner: Simon Josefsson * Package name: golang-github-santhosh-tekuri-jsonschema Version : 6.0.1-1 Upstream Author : Santhosh Kumar Tekuri * URL : https://github.com/santhosh-tekuri/jsonschema * License : Apache-2.0

Re: Mentors. Confirmed packages needing DD review and possible sponsorship

Phil Wyett writes: > #1084884 RFS: golang-github-regclient-regclient [ITP] -- Docker and OCI > Registry Client (tooling) > RFS: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1084884 > dget -x > https://mentors.debian.net/debian/pool/main/g/golang-github-regclient-regclient/golang-github-regcl

Bug#1094568: ITP: tlsrpt -- implement TLSRPT reporting into an MTA and to generate and submit TLSRPT reports

Package: wnpp Severity: wishlist Owner: Simon Josefsson X-Debbugs-Cc: debian-devel@lists.debian.org * Package name: tlsrpt Version : 0.5.0rc1 Upstream Author : Boris Lohner, Uwe Kamper, et al * URL : https://github.com/sys4/tlsrpt * License : LGPLv3+ / GPLv3

Re: Is HURD's lack of HOST_NAME_MAX and PATH_MAX a good architectural approach

Janneke Nieuwenhuizen writes: > Sam Hartman writes: > >> TL;DR: Is it time for the rest of Debian to stop conforming to HURD's >> lack of maximums for path and hostname? > > The GNU Coding standards say: Avoid arbitrary limits > (. I a

Bug#1094693: ITP: golang-github-d4l3k-go-bfloat16 -- Bfloat16 conversion utilities for Go/Golang

Package: wnpp Severity: wishlist Owner: Simon Josefsson * Package name: golang-github-d4l3k-go-bfloat16 Version : 0.0~git20211005.690c3bd-1 Upstream Author : Tristan Rice * URL : https://github.com/d4l3k/go-bfloat16 * License : Expat Programming Lang: Go

Bug#1094694: ITP: golang-github-nlpodyssey-gopickle -- load picke/PyTorch serialized data (library)

Package: wnpp Severity: wishlist Owner: Simon Josefsson * Package name: golang-github-nlpodyssey-gopickle Version : 0.3.0-1 Upstream Author : NLP Odyssey * URL : https://github.com/nlpodyssey/gopickle * License : BSD-2-clause Programming Lang: Go

Bug#1094698: ITP: golang-github-pdevine-tensor -- n-dimensional array Go library

Package: wnpp Severity: wishlist Owner: Simon Josefsson * Package name: golang-github-pdevine-tensor Version : 0.0~git20240510.f88f456-1 Upstream Author : Patrick Devine * URL : https://github.com/pdevine/tensor * License : Apache-2.0 Programming Lang: Go

Bug#1094707: ITP: golang-github-gorgonia-vecf32 -- vecf32 provides methods for slices of float32

Package: wnpp Severity: wishlist Owner: Simon Josefsson * Package name: golang-github-gorgonia-vecf32 Version : 0.9.0-1 Upstream Author : Gorgonia * URL : https://github.com/gorgonia/vecf32 * License : Expat Programming Lang: Go Description : vecf32

Re: minisign support in uscan

Yadd writes: > On 1/13/25 11:14, Simon Josefsson wrote: >> nick black writes: >> >>> i'm beginning to see use of minisign[0] as an alternative to GPG >>> for signing releases[2]. i'm completely ambivalent with regards to >>> the merits o

Re: GnuPG 2.4 before Trixie freeze

Daniel Kahn Gillmor writes: > Thanks for this discussion, all-- > > On Tue 2025-01-07 15:16:27 +0100, Simon Josefsson wrote: >> I believe this would be good, I frequently run into GnuPG bugs in the >> 2.2.x branch that was fixed years ago in 2.4 > > Can you identify so

Re: GnuPG 2.4 before Trixie freeze

Daniel Kahn Gillmor writes: > Aside from GnuPG's ongoing architectural challenges, the thing i > personally most want to avoid for Debian would be contributing to the > schism where longstanding users of OpenPGP are suddenly migrated to > non-OpenPGP artifacts that other OpenPGP implementations c

Re: GnuPG 2.4 before Trixie freeze

Daniel Kahn Gillmor writes: > On Mon 2025-01-13 10:53:30 +0100, Simon Josefsson wrote: >> I actually meant missing features. From my recollection it was features >> related to support for some subset of combinations of 25519, gpgsm, >> smartcards and the gpg/ssh agent.

Re: minisign support in uscan

nick black writes: > i'm beginning to see use of minisign[0] as an alternative to GPG > for signing releases[2]. i'm completely ambivalent with regards to > the merits of minisign, but would like to be able to verify them > with uscan. That would be great -- upstreams are using other mechanisms

Re: minisign support in uscan

nick black writes: > Simon Josefsson left as an exercise for the reader: >> nick black writes: >> That would be great -- upstreams are using other mechanisms to sign >> their releases today, like Sigsum, Sigstore, gitsign S/MIME etc, and I >> don't thin

Re: GnuPG 2.4 before Trixie freeze

Jonathan McDowell writes: > On Mon, Jan 13, 2025 at 11:08:11AM +0100, Simon Josefsson wrote: >> Daniel Kahn Gillmor writes: >> > I welcome review and critique of the packaging for this tricky package, >> > which is pretty deeply embedded in Debian (though getting les

Re: handling the OpenPGP schism safely in Debian [was: Re: GnuPG 2.4 before Trixie freeze]

First a big thank you for all your efforts re OpenPGP! It is hard to navigate when there are conflicting requirements around. We need more boats attempting to navigate rather than less, increasing the chances to reach fertile grounds. Daniel Kahn Gillmor writes: > But the schism is, as far as

Re: GnuPG 2.4 before Trixie freeze

Thank you for clarifying a bit about who is behind FreePG! Andrew Gallagher writes: > Simon Joseffson mailto:si...@joseffson.org>> wrote: > >> It seems there is push from the anti-GnuPG people to promote a fork >> called FreePG instead of real GnuPG, will you package that? >> >> https://gitlab.c

Re: GnuPG 2.4 before Trixie freeze

Marco d'Itri writes: > On Jan 14, Simon Josefsson wrote: > >> I don't think it is a good idea to use the powers that comes by being a >> package maintainer or distribution to force changes of how some piece of >> software is supposed to work by patching it wi

Bug#1093026: ITP: gnupg24 -- GNU Privacy Guard, a LibrePGP implementation

Package: wnpp Severity: wishlist Owner: Simon Josefsson X-Debbugs-CC: debian-devel@lists.debian.org * Package name: gnupg24 Version : 2.4.7 Upstream Author : Werner Koch, et al * URL : https://www.gnupg.org/ * License : GPL Programming Lang: C Description

Re: GnuPG 2.4 before Trixie freeze

Marco d'Itri writes: > On Jan 14, Simon Josefsson wrote: > >> Do you have earlier examples of Debian modifying upstream's desired wire >> crypto-sensitive protocol in the way like what is being done for GnuPG? >> Maybe there are some older OpenSSH or Ope

Bug#1091197: ITP: python-genson -- user-friendly JSON Schema generator

Package: wnpp Severity: wishlist Owner: Simon Josefsson X-Debbugs-Cc: debian-devel@lists.debian.org, debian-pyt...@lists.debian.org * Package name: python-genson Version : 1.3.0 Upstream Author : Jon Wolverton * URL : https://github.com/wolverdude/genson/ * License

Bug#1093298: ITP: golang-github-denisbrodbeck-machineid -- Get the unique machine id of any host

Package: wnpp Severity: wishlist Owner: Simon Josefsson * Package name: golang-github-denisbrodbeck-machineid Version : 1.0.1-1 Upstream Author : Denis Brodbeck * URL : https://github.com/denisbrodbeck/machineid * License : Expat Programming Lang: Go

Bug#1093302: ITP: mage -- a Make/rake-like dev tool using Go

Package: wnpp Severity: wishlist Owner: Simon Josefsson * Package name: mage Version : 1.15.0-1 Upstream Author : Mage * URL : https://github.com/magefile/mage * License : Apache-2.0 Programming Lang: Go Description : a Make/rake-like dev tool using Go

Bug#1093309: ITP: golang-github-sourcegraph-conc -- Better structured concurrency for go

Package: wnpp Severity: wishlist Owner: Simon Josefsson * Package name: golang-github-sourcegraph-conc Version : 0.3.0-1 Upstream Author : Sourcegraph * URL : https://github.com/sourcegraph/conc * License : Expat Programming Lang: Go Description

Bug#1093313: ITP: golang-gitlab-gitlab-org-fleeting-fleeting -- abstraction for cloud providers' instance groups for GitLab

Package: wnpp Severity: wishlist Owner: Simon Josefsson * Package name: golang-gitlab-gitlab-org-fleeting-fleeting Version : 0.0~git20250116.5d69933-1 Upstream Author : GitLab B.V. * URL : https://gitlab.com/gitlab-org/fleeting/fleeting * License : Expat

Bug#1093316: ITP: golang-github-saracen-zipextra -- utils for ZIP archive format's "Extra Fields" (Go library)

Package: wnpp Severity: wishlist Owner: Simon Josefsson * Package name: golang-github-saracen-zipextra Version : 0.0~git20220303.0187cb0-1 Upstream Author : Arran Walker * URL : https://github.com/saracen/zipextra * License : Expat Programming Lang: Go

Bug#1093317: ITP: golang-github-saracen-fastzip -- opinionated Zip archiver with a focus on speed (Go library)

Package: wnpp Severity: wishlist Owner: Simon Josefsson * Package name: golang-github-saracen-fastzip Version : 0.1.11-1 Upstream Author : Arran Walker * URL : https://github.com/saracen/fastzip * License : Expat Programming Lang: Go Description

Bug#1093319: ITP: golang-github-go-http-utils-headers -- HTTP header constants for Gophers (Go library)

Package: wnpp Severity: wishlist Owner: Simon Josefsson * Package name: golang-github-go-http-utils-headers Version : 1.0.0-1 Upstream Author : David Cai * URL : https://github.com/go-http-utils/headers * License : Expat Programming Lang: Go Description

Bug#1093266: ITP: golang-github-owenrumney-go-sarif -- Sarif: Static Analysis Results Interchange Format (Go library)

Package: wnpp Severity: wishlist Owner: Simon Josefsson * Package name: golang-github-owenrumney-go-sarif Version : 2.3.3-1 Upstream Author : Owen * URL : https://github.com/owenrumney/go-sarif * License : public domain / unlicense.org Programming Lang: Go

Bug#1093262: ITP: golang-github-spdx-tools-golang -- Collection of Go packages to work with SPDX files

Package: wnpp Severity: wishlist Owner: Simon Josefsson * Package name: golang-github-spdx-tools-golang Version : 0.5.5-1 Upstream Author : SPDX * URL : https://github.com/spdx/tools-golang * License : Apache-2.0 or GPLv2+, CC-BY-4.0 Programming Lang: Go

Bug#1093248: ITP: golang-github-bahlo-generic-list-go -- Go container/list but with generics

Package: wnpp Severity: wishlist Owner: Simon Josefsson * Package name: golang-github-bahlo-generic-list-go Version : 0.2.0-1 Upstream Author : Arne Bahlo * URL : https://github.com/bahlo/generic-list-go * License : BSD-3-clause Programming Lang: Go

Bug#1093249: ITP: golang-github-wk8-go-ordered-map -- Optimal implementation of ordered maps for Golang

Package: wnpp Severity: wishlist Owner: Simon Josefsson * Package name: golang-github-wk8-go-ordered-map Version : 2.1.8-1 Upstream Author : Jean Rougé * URL : https://github.com/wk8/go-ordered-map * License : Apache-2.0 Programming Lang: Go Description

Bug#1093250: ITP: golang-github-invopop-jsonschema -- Generate JSON Schemas from Go types

Package: wnpp Severity: wishlist Owner: Simon Josefsson * Package name: golang-github-invopop-jsonschema Version : 0.13.0-1 Upstream Author : Invopop * URL : https://github.com/invopop/jsonschema * License : Expat Programming Lang: Go Description

Bug#1093257: ITP: golang-github-edwarnicke-gitoid -- Golang libraries for computing git object ids (gitoids)

Package: wnpp Severity: wishlist Owner: Simon Josefsson * Package name: golang-github-edwarnicke-gitoid Version : 0.0~git20220710.1be5bfd-1 Upstream Author : Ed Warnicke * URL : https://github.com/edwarnicke/gitoid * License : Apache-2.0 Programming Lang: Go

Bug#1093252: ITP: witness -- pluggable framework for software supply chain risk management

Package: wnpp Severity: wishlist Owner: Simon Josefsson * Package name: witness Version : 0.7.0-1 Upstream Author : in-toto * URL : https://witness.dev/ https://github.com/in-toto/witness * License : Apache-2.0 Programming Lang: Go

Bug#1093259: ITP: golang-github-spdx-gordf -- parse RDF files using RDF/XML format (Go library)

Package: wnpp Severity: wishlist Owner: Simon Josefsson * Package name: golang-github-spdx-gordf Version : 0.0~git20221230.b735bd5-1 Upstream Author : SPDX * URL : https://github.com/spdx/gordf * License : Expat Programming Lang: Go Description : parse

Bug#1093261: ITP: golang-github-anchore-go-struct-converter -- help migrate between different versioned Go structs (Go library)

Package: wnpp Severity: wishlist Owner: Simon Josefsson * Package name: golang-github-anchore-go-struct-converter Version : 0.0~git20240925.a088364-1 Upstream Author : Anchore, Inc. * URL : https://github.com/anchore/go-struct-converter * License : Apache-2.0

Bug#1101009: ITP: python-freezegun -- allow Python tests to travel through time via datetime

Package: wnpp Severity: wishlist Owner: Simon Josefsson X-Debbugs-Cc: debian-devel@lists.debian.org, debian-pyt...@lists.debian.org * Package name: python-freezegun Version : 1.5.1 Upstream Author : Steve Pulec * URL : https://github.com/spulec/freezegun/ * License

Bug#1100761: ITP: golang-github-tink-crypto-tink-go-gcpkms -- Extension to Tink Go that provides Google Cloud KMS integration

Package: wnpp Severity: wishlist Owner: Simon Josefsson * Package name: golang-github-tink-crypto-tink-go-gcpkms Version : 2.2.0-1 Upstream Author : Tink Cryptography Library * URL : https://github.com/tink-crypto/tink-go-gcpkms * License : Apache-2.0

Re: Call for participation in tag2upload closed beta

Sean Whitton writes: >> Packages (for example): libntlm, cppi, git2cl, guile-fibers > > That should be enough! If you were able to do at least one upload using > 'dgit push-source' for each package to confirm everything is okay, that > would be great. Should be done for libntlm, git2cl and guil

Re: Call for participation in tag2upload closed beta

Sean Whitton writes: > That should be enough! If you were able to do at least one upload using > 'dgit push-source' for each package to confirm everything is okay, that > would be great. I'll try. I got a SSH push warning on first use -- how would I verify this host SSH key? What's the risk u

Re: Call for participation in tag2upload closed beta

Sean Whitton writes: >> Should be done for libntlm, git2cl and guile-fibers now. Dgit didn't >> like cppi, doesn't it handle bare-debian/-style packaging? See: >> https://salsa.debian.org/debian/cppi > > It has --quilt=baredebian+git and --quilt=baredebian+tarball for this > -- please give one

Bug#1100812: ITP: golang-github-smallstep-scep -- Go SCEP server

Package: wnpp Severity: wishlist Owner: Simon Josefsson * Package name: golang-github-smallstep-scep Version : 0.0~git20250221.171a5fa-1 Upstream Author : Smallstep * URL : https://github.com/smallstep/scep * License : Expat Programming Lang: Go

Bug#1100752: ITP: golang-github-tink-crypto-tink-go -- Go implementation of Tink

Package: wnpp Severity: wishlist Owner: Simon Josefsson * Package name: golang-github-tink-crypto-tink-go Version : 2.3.0-1 Upstream Author : Tink Cryptography Library * URL : https://github.com/tink-crypto/tink-go * License : Apache-2.0 Programming Lang: Go

Bug#1100754: ITP: golang-github-tink-crypto-tink-go-awskms -- Extension to Tink Go that provides AWS KMS integration

Package: wnpp Severity: wishlist Owner: Simon Josefsson * Package name: golang-github-tink-crypto-tink-go-awskms Version : 2.1.0-1 Upstream Author : Tink Cryptography Library * URL : https://github.com/tink-crypto/tink-go-awskms * License : Apache-2.0

Re: new archive signing keys for Debian 13/trixie

Ansgar writes: > Hi, > > as usual we have prepared new archive signing keys. Can you share some more information about these keys? Some questions were asked in https://lists.debian.org/debian-devel/2024/02/msg9.html quoted here again for easy reference: 2) For each private key, information

Bug#1101311: ITP: golang-github-openpubkey-openpubkey -- Reference implementation of OpenPubkey

Package: wnpp Severity: wishlist Owner: Simon Josefsson * Package name: golang-github-openpubkey-openpubkey Version : 0.7.3-1 Upstream Author : EthanHeilman, jonnystoten, et al * URL : https://github.com/openpubkey/openpubkey * License : Apache-2.0

Bug#1101894: ITP: log-go -- Sigsum Transparency Log server implementation in Go

Package: wnpp Severity: wishlist Owner: Simon Josefsson * Package name: log-go Version : 0.15.2-1 Upstream Author : Sigsum * URL : https://git.glasklar.is/sigsum/core/log-go/ * License : BSD-2-Clause Programming Lang: Go Description : Sigsum

Bug#1102169: ITP: landrun -- run any process in a secure unprivileged Landlock sandbox

Package: wnpp Severity: wishlist Owner: Simon Josefsson * Package name: landrun Version : 0.1.15-1 Upstream Author : Armin ranjbar * URL : https://github.com/zouuup/landrun * License : Expat Programming Lang: Go Description : Run any process in a

Re: Brief progress report on the Gatway to NEW project.

"Andrea Pappacoda" writes: > Hi Charles, > > On Sat Apr 5, 2025 at 5:59 PM CEST, Charles Plessy wrote: >> I just want to update you with a few words about the Gateway to NEW >> project. (https://salsa.debian.org/newgateway-team) >> >> Our goal is to have an infrastructure and tools to host pre-u

Bug#1101362: ITP: golang-github-google-go-tspi -- TPM TSPI bindings for golang

Package: wnpp Severity: wishlist Owner: Simon Josefsson * Package name: golang-github-google-go-tspi Version : 0.3.0-1 Upstream Author : Google * URL : https://github.com/google/go-tspi * License : Apache-2.0 Programming Lang: Go Description : TSPI

Bug#1101312: ITP: golang-filippo-bigmod -- constant-time library for big integers modulo a prime

Package: wnpp Severity: wishlist Owner: Simon Josefsson * Package name: golang-filippo-bigmod Version : 0.0.3-1 Upstream Author : Filippo Valsorda * URL : https://github.com/FiloSottile/bigmod * License : BSD-3-clause Programming Lang: Go Description

Bug#1101310: ITP: opkssh -- opkssh (OpenPubkey SSH)

Package: wnpp Severity: wishlist Owner: Simon Josefsson * Package name: opkssh Version : 0.3.0-1 Upstream Author : * URL : https://github.com/openpubkey/opkssh * License : Apache-2.0 Programming Lang: Go Description : opkssh (OpenPubkey SSH) opkssh

Re: popularity-contest and gpg

Jeremy Stanley writes: > On 2025-03-27 20:57:52 +0100 (+0100), Petter Reinholdtsen wrote: >> [Simon Josefsson] >> > Why does it need to encrypt data? >> >> To protect the users privacy. >> >> > Can't we just send telemetry over https like every

Re: Bug#1101376: ITP: package-assembler -- CLI tool to create necessary files for a Debian package

Nicolas Peugnet writes: > On 27/03/2025 13:50, Simon Josefsson wrote: >> I've found the 'dh-make-golang make' tool incredibly useful to quickly >> get a suitable debian/* template for a project. I would find a similar >> tool that isn't Go-specific whi

Re: popularity-contest and gpg

Bill Allombert writes: > Dear Debian developpers, > > popularity-contest relies on /usr/bin/gpg for encrypting files. > (it cannot use gpgv which does not provide encryption). Why does it need to encrypt data? Can't we just send telemetry over https like everyone else? For people who are uncom

Bug#1102291: ITP: lib1305 -- microlibrary for the Poly1305 one-time authenticator

Package: wnpp Severity: wishlist Owner: Simon Josefsson * Package name: lib1305 Version : 20250407 Upstream Author : Kaushik Nath, Daniel J. Bernstein, et al * URL : https://lib1305.cr.yp.to/ * License : public domain Programming Lang: C Description

Re: Call for participation in tag2upload closed beta

Yay! I'm happy to beta-test this. Exactly what features are required from dgit to be able to use tag2upload? Maybe I can offer myself to vet the process as a package maintainer that only minimally uses dgit, assuming that I can manage to install and get dgit to work on my machine. A simple 'dpk

Bug#1102645: ITP: golang-github-transparency-dev-formats -- reusable formats related to transparency logs

Package: wnpp Severity: wishlist Owner: Simon Josefsson * Package name: golang-github-transparency-dev-formats Version : 0.0~git20250403.313b830-1 Upstream Author : Google LLC * URL : https://github.com/transparency-dev/formats * License : Apache-2.0

Bug#1102648: ITP: golang-github-transparency-dev-trillian-tessera -- library for building tile-based transparency logs (tlogs)

Package: wnpp Severity: wishlist Owner: Simon Josefsson * Package name: golang-github-transparency-dev-trillian-tessera Version : 0.1.1-1 Upstream Author : The Tessera authors * URL : https://github.com/transparency-dev/trillian-tessera * License : Apache-2.0

Bug#1102649: ITP: golang-github-globocom-go-buffer -- Asynchronous data buffer for Go applications

Package: wnpp Severity: wishlist Owner: Simon Josefsson * Package name: golang-github-globocom-go-buffer Version : 2.0.0-1 Upstream Author : Globo.com * URL : https://github.com/globocom/go-buffer * License : Expat Programming Lang: Go Description

Bug#1102652: ITP: golang-github-robinus2-golang-moving-average -- Moving average implementation for Go

Package: wnpp Severity: wishlist Owner: Simon Josefsson * Package name: golang-github-robinus2-golang-moving-average Version : 1.0.0-1 Upstream Author : Robin Verlangen * URL : https://github.com/RobinUS2/golang-moving-average * License : Apache-2.0

Dropping awk?

Hi I noticed that Fedora 42 was released and their docker images lack a 'awk' tool. Debian trixie images ship with 'mawk' pre-installed right now. While I'm not convinced the removal game is necessarily a good one, I can see that it does have some advantages. Is it possible to drop 'mawk' from

Re: Bug#1094969: git linked with OpenSSL

Richard Laager writes: > As I have said before: I think that computer programmers have a > tendency to treat licenses as if they are self-executing (and precise > like software). Agreed, this is often a challenge when technical people discuss legal matters, and it helps to keep this in mind. >

Re: Bug#1094969: git linked with OpenSSL

Ansgar 🙀 writes: > No, that is not the core problem. Debian, like most other binary > distributions, heavily relies on the system library exception in many, > many places. I believe that is a fairly new (~5 years?) approach within Debian. Debian used to treat OpenSSL incompatible with GPLv2 and

Re: Dropping awk?

Josh Triplett writes: > And the extra symlinks in `/etc/alternatives` don't take much size; I > agree you don't need update-alternatives, but then, you also don't > strictly need the entire dpkg and apt packages, if you're already > omitting their files under /var/lib. Right -- has anyone consid

Re: Associating .texi files to the media type text/prs.texi?

Thanks for explaining! Charles Plessy writes: > Duplicate entries in /etc/mime.types are not supported by some > software including web browsers. This was the part I was missing for my understanding. That seems like a bug. Is progress on fixing that tracked anywhere? Is /etc/mime.types still

Re: Associating .texi files to the media type text/prs.texi?

Jakub Wilk writes: > * Simon Josefsson , 2025-04-23 10:45: >>https://www.iana.org/assignments/media-types/application/texinfo > > The "Published specification" link is: > https://www.gnu.org/software/texinfo/manual/texinfo/texinfo.html#Info-Format-Specification &g

Re: Bug#1094969: git linked with OpenSSL

Henrik Ahlgren writes: > Simon Josefsson writes: > >> I think the idea behind the "proprietary system library" GPL exception >> is to make it possible to distribute GPL binaries linked to non-free >> system libraries on systems where that is pretty much unavoi

Re: Bug#1094969: git linked with OpenSSL

Michael Stone writes: > On Tue, Apr 15, 2025 at 03:38:38PM +0200, Simon Josefsson wrote: >>I believe that is a fairly new (~5 years?) approach within Debian. >>Debian used to treat OpenSSL incompatible with GPLv2 and that all code >>that link to OpenSSL has to have a GPL+Ope

FTBFS when /bin is before /usr/bin in PATH?

Hi I'm doing archive-wide package rebuilds in GitLab CI/CD and my toolchain uses 'setpriv --reset-env' to drop privileges and reset the environment variables, which results in: PATH=/usr/local/bin:/bin:/usr/bin This unusual ordering appears to be intentional for setpriv: https://manpages.debian

Re: FTBFS when /bin is before /usr/bin in PATH?

Johannes Schauer Marin Rodrigues writes: > Hi, > > Quoting Simon Josefsson (2025-05-06 11:34:47) >> The problem seems that it is generating a relative path to its own command >> expanded via PATH, which doesn't work because there is no /share symlink but >> there

Re: FTBFS when /bin is before /usr/bin in PATH?

Chris Hofstaedtler writes: >>podman run -it --rm debian:trixie >>apt-get update >>apt-get install -y --no-install-recommends gradle >>PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin >>gradle >>/bin/gradle: 23: cd: can't cd to /bin/../share/gradle/bin/.. > > I'll point out that t

Re: Associating .texi files to the media type text/prs.texi?

Simon Josefsson writes: > Charles Plessy writes: > >> And the situation could be easily reverted by somebody declaring >> `text/texinfo` to the IANA. > > I did so now. There was a bunch of discussion back and forth with IANA and eventually application/texinf

Re: POSIX sh compatibility (Re: Dropping awk?)

Sean Whitton writes: > Hello, > > On Fri 18 Apr 2025 at 08:18am -04, Michael Stone wrote: > >> On Fri, Apr 18, 2025 at 02:52:17PM +0800, Sean Whitton wrote: >>>On Thu 17 Apr 2025 at 08:02pm -05, Richard Laager wrote: So, personally, I think getting mktemp(1) added to POSIX would be bett

Re: FTBFS when /bin is before /usr/bin in PATH?

Matthias Urlichs writes: > On 06.05.25 13:31, Ahmad Khalifa wrote: >> Fedora doesn't set /bin anymore in the $PATH > > IMHO we should follow that practice, post-Trixie. Agreed. I wrote a bug report about that and then found it was already reported, so summarizing: 1) login.defs can drop /bin a

Re: FTBFS when /bin is before /usr/bin in PATH?

Vincent Lefevre writes: > On 2025-05-07 14:40:01 +0200, Simon Josefsson wrote: >> I think a reasonable conservative system policy is PATH=/usr/bin and >> anything beyond that is something the user or system administrator have >> to add. I think we should give up on /usr

Re: Processing times for the NEW queue (was Re: Bits from DPL)

Your graph and statistics on this is great, thank you! Timo Röhling writes: > 2. Source packages going through NEW merely because they introduce new > binary packages are typically processed faster than completely new > ones. Good point. Therefore, I think your graph gives a biased view for an

Re: Reconsidering Debian’s Inclusion of Non-Free Firmware - A Call for Discussion

pan...@disroot.org writes: > I urge Debian to rethink its decision to officially include non-free > firmware and correct the social contract. Instead of making non-free > firmware the default, Debian should ensure that users consciously > choose to install it while being made aware of the implicat

Re: Reconsidering Debian’s Inclusion of Non-Free Firmware - A Call for Discussion

Aurélien COUDERC writes: > Le 8 mars 2025 21:09:00 GMT+01:00, Simon Josefsson a > écrit : > >>I read this outcome as fairly clear message that, no, Debian does not >>want to provide a second set of installer images, and is not interested >>in contributions to make

Re: Revisiting the idea of pre-NEW peer review? (Re: Bits from DPL)

Charles Plessy writes: > I have prepared a stub for a "Gateway to NEW" on Salsa: > > https://salsa.debian.org/newgateway-team > > I added `Debian` as a team member. > > I am under the impression that forking repositories will not be necessary: if > we provide CI pipeline packages like the salsa-c

Re: Revisiting the idea of pre-NEW peer review? (Re: Bits from DPL)

Charles Plessy writes: >>I suggest to use 'lrc' in the pipeline. I already do this for many >>packages, and I just add >> >>- >>https://salsa.debian.org/debian/licenserecon/raw/main/debian/licenserecon.yml > > Looks good! > >>Yes, false positives happens, and it doesn't always handle Autotools

Re: Reconsidering Debian’s Inclusion of Non-Free Firmware - A Call for Discussion

Bill Allombert writes: > Le Fri, Mar 07, 2025 at 07:33:53PM +0100, Simon Josefsson a écrit : >> pan...@disroot.org writes: >> >> > I urge Debian to rethink its decision to officially include non-free >> > firmware and correct the social contract. Instead of

Re: Reconsidering Debian’s Inclusion of Non-Free Firmware - A Call for Discussion

Johannes Schauer Marin Rodrigues writes: > Hi, > > Quoting Simon Josefsson (2025-03-08 13:43:26) >> My point was that there is no reasonable way to gain confidence about >> security properties of any piece of non-free microcode. Everyone can now >> produce AMD m

Re: Reconsidering Debian’s Inclusion of Non-Free Firmware - A Call for Discussion

Bill Allombert writes: > True, but the GR does not prevent Debian of providing a second set of > installer images. What is required is someone to do the work, as usual. We already had those images before. The winning choice said: We will publish these images as official Debian media, replaci

Re: Reconsidering Debian’s Inclusion of Non-Free Firmware - A Call for Discussion

Ansgar 🙀 writes: > Hi, > > On Sun, 2025-03-09 at 14:19 +0100, Simon Josefsson wrote: >> Our experience seems to differ, I now run Trisquel and Guix on many of >> my home and machines and servers.  For my uses they all work without >> non-free firmware.  You ha

Re: Reconsidering Debian’s Inclusion of Non-Free Firmware - A Call for Discussion

Ansgar 🙀 writes: > Hi, > > On Sun, 2025-03-09 at 15:58 +0100, Simon Josefsson wrote: >> Ansgar 🙀 writes: >> >> > Hi, >> > >> > On Sun, 2025-03-09 at 14:19 +0100, Simon Josefsson wrote: >> > > Our experience seems to differ, I now

Re: Reconsidering Debian’s Inclusion of Non-Free Firmware - A Call for Discussion

"Andrew M.A. Cater" writes: > On Sun, Mar 09, 2025 at 03:58:59PM +0100, Simon Josefsson wrote: >> >> Agreed. However none of that hardware require me to load non-free >> firmware from my operating system, which is my point. That situation is >> sufficient

Re: Growing new FTP-masters (Re: Bits from DPL)

Sean Whitton writes: > Hello, > > On Sun 09 Mar 2025 at 12:17pm +01, Simon Josefsson wrote: > >> Sean Whitton writes: >> >>> The docs are public: https://salsa.debian.org/ftp-team/manpages >> >> Those are helpful even for me as uploading packa

Re: Growing new FTP-masters (Re: Bits from DPL)

Sean Whitton writes: >> My personal suggestion would be to work with one or two volunteers to write a >> somewhat-comprehensive how-to-ftpmaster-the-NEW-queue manual, so that the >> *next* time you have a bottleneck you can throw that document at the >> volunteer >> and say "here's ten example p

Re: Reconsidering Debian’s Inclusion of Non-Free Firmware - A Call for Discussion

Matthias Urlichs writes: > On 08.03.25 21:09, Simon Josefsson wrote: >> I read this outcome as fairly clear message that, no, Debian does not >> want to provide a second set of installer images, and is not interested >> in contributions to make them. > > Another way t

Re: Revisiting the idea of pre-NEW peer review? (Re: Bits from DPL)

Charles Plessy writes: > Hi Sean and everybody, > > Around 12 years ago, I proposed a peer-review system to increase the quality > of > the packages in the NEW queue. https://wiki.debian.org/CopyrightReview > > Maybe we could revisit the idea along these lines: I like this idea, as an opt-in s

Re: NEW review & revision process (or lack thereof) (Re: Growing new FTP-masters (Re: Bits from DPL))

Luke Faraone writes: > The rationale given when I joined as ftpassistant (c. 2012) for not > publicising decisions e.g. in the ITP was to avoid publishing > potentially harshly-worded and embarassing reviews to maintainers in > public (like pointing out that you missed a fairly obvious license >

Re: Reconsidering Debian’s Inclusion of Non-Free Firmware - A Call for Discussion

Marc Haber writes: > I still haven't heard arguments why people refuse to use an installer > that comes with non-free firmware, asks whether this firmware should > be used, and if answered "no", none of this non-free firmware ends up > in the installed system. The resulting system is free regardl

Re: Revisiting the idea of pre-NEW peer review? (Re: Bits from DPL)

Charles Plessy writes: > On Fri, 2025-03-07 at 09:51 +0900, Charles Plessy wrote: > >> > I have prepared a stub for a "Gateway to NEW" on Salsa: >> > >> > https://salsa.debian.org/newgateway-team > > Le Sun, Mar 09, 2025 at 06:00:55PM +0800, Maytham Alsudany a écrit : > >> Am I correct in assu

Re: Reconsidering Debian’s Inclusion of Non-Free Firmware - A Call for Discussion

Geert Stappers writes: >> > We're not obligated to validate their questionable choices in buying >> > hardware that ships with non-free firmware >> >> There are a lot of competing priorities here, and it's the height of >> arrogance to be so certain that one's own opinion is best as to try to >>

Re: Reconsidering Debian’s Inclusion of Non-Free Firmware - A Call for Discussion

Philip Hands writes: > Hi Simon, > > Simon Josefsson writes: > >> While this may be fine to you it is not fine to me, and it is fine to >> disagree on that. > > If there were a method of building images that did not touch the > non-free components, I presume tha

<    1   2   3   4   5   >