Quoting John Paul Adrian Glaubitz (2015-06-20 13:50:28)
> On 06/20/2015 08:42 PM, Jonas Smedegaard wrote:
>> Please file bugreports regarding security flaws of DECnet packages
>> against those DECnet packages, *not* their reverse dependencies!
>
> Jonas, do you actually read what I wrote?
Yes.
Quoting John Paul Adrian Glaubitz (2015-06-20 15:16:28)
> You are still trying to boil this down to the mere problem with cmus,
This bugreport is filed against cmus, is it not?
> but that's just a side effect. The real point is that roaraudio
> depends on an unmaintained piece of core software
Quoting Don Armstrong (2015-06-20 14:38:25)
> There's clearly a bug here, but even after reading this bug log, I've
> had to do research on my own to determine what that issue is.
>
> If the libroar2 maintainers which to keep decnet support, then someone
> should probably figure out how to circu
Package: audacity
Version: 2.0.6-2
Severity: normal
Dear Maintainer,
*** Reporter, please consider answering these questions, where appropriate ***
* What led up to the situation?
* What exactly did you do (or not do) that was effective (or
ineffective)?
* What was the outcome of t
Mapping jessie to stable.
Mapping stable to proposed-updates.
Accepted:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Mon, 15 Jun 2015 15:05:21 +0200
Source: lame
Binary: lame lame-doc libmp3lame0 libmp3lame-dev
Architecture: source amd64 all
Version: 3.99.5+repack1-7+deb8u1
Hi Adrian,
On Sat, Jun 20, 2015 at 10:16:28PM +0200, John Paul Adrian Glaubitz wrote:
> On 06/20/2015 09:52 PM, Stephan Jauernick wrote:
> > Please do for the reasons mentioned below. Also these are
> > considered standard of a good bug report.
>
> No, the problem is apparent and I don't really w
lame_3.99.5+repack1-7+deb8u1_amd64.changes uploaded successfully to localhost
along with the files:
lame_3.99.5+repack1-7+deb8u1.dsc
lame_3.99.5+repack1-7+deb8u1.debian.tar.xz
lame_3.99.5+repack1-7+deb8u1_amd64.deb
lame-doc_3.99.5+repack1-7+deb8u1_all.deb
libmp3lame0_3.99.5+repack1-7+deb8
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 06/20/2015 09:52 PM, Stephan Jauernick wrote:
> Please do for the reasons mentioned below. Also these are
> considered standard of a good bug report.
No, the problem is apparent and I don't really want to debug libdnet.
You are still trying to b
Hi Adrian,
On Sat, Jun 20, 2015 at 07:34:25PM +0200, John Paul Adrian Glaubitz wrote:
> On 06/20/2015 01:03 PM, Stephan Jauernick wrote:
> > Thanks for pointing that out. I was mistaken there. Sorry :(
>
> No worries, I don't think we disagree about the problem in general.
>
> > Can you maybe st
On Sat, 20 Jun 2015 20:46:17 +0200 John Paul Adrian Glaubitz
wrote:
> >> Currently cmus is definitely getting stuck on a _fresh_ install,
> >> simply by installing with "apt-get install cmus".
> >
> > On those systems where you experience cmus being stuck, is the
> > package "dnet-common" also
On Sat, 20 Jun 2015, Patrick Matthäi wrote:
> Am 20.06.2015 um 19:51 schrieb John Paul Adrian Glaubitz:
> ld the release back because of such ancient
> >>> software?
> >
> >> OK, so lets drop iceweasel? This is definitly offtopic here
> >
> > No, we dropped sparc as a release architecture as a re
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 06/20/2015 08:42 PM, Jonas Smedegaard wrote:
> Please file bugreports regarding security flaws of DECnet packages
> against those DECnet packages, *not* their reverse dependencies!
Jonas, do you actually read what I wrote? This very bug report e
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 06/20/2015 08:25 PM, Jonas Smedegaard wrote:
>> glaubitz@ikarus:~$ apt-cache depends cmus | grep libroar2
>> Recommends: libroar2 glaubitz@ikarus:~$
>
> I agree that cmus pulls in libroar2. Why is that dangerous?
Because libroar _depends_ on l
Quoting John Paul Adrian Glaubitz (2015-06-20 12:56:56)
> On 06/20/2015 07:51 PM, Jonas Smedegaard wrote:
>>> Installing cmus on a newly installed system will therefore install
>>> libdnet as a transitive dependency
>>
>> Agreed cmus pulls in the _library_ for dnet.
>
> Which is unmaintained upst
Quoting John Paul Adrian Glaubitz (2015-06-20 13:00:53)
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> On 06/20/2015 07:56 PM, Jonas Smedegaard wrote:
>>> I can't imagine that you cannot reproduce this on a clean
>>> install, I could reproduce it on all machines running at least
>>> Jessi
Am 20.06.2015 um 19:51 schrieb John Paul Adrian Glaubitz:
ld the release back because of such ancient
>>> software?
>
>> OK, so lets drop iceweasel? This is definitly offtopic here
>
> No, we dropped sparc as a release architecture as a result
> in case you missed that.
Because of roaraudio? Oh
Am 20.06.2015 um 19:28 schrieb John Paul Adrian Glaubitz:
> On 06/20/2015 06:56 PM, Patrick Matthäi wrote:
>>> I can't say what's right or best for cmus, but what is right for
>>> Debian seems fairly self evident to everyone but the roar
>>> maintainers.
>
>> There is no depenedencie of *roar* to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 06/20/2015 07:56 PM, Jonas Smedegaard wrote:
>> I can't imagine that you cannot reproduce this on a clean
>> install, I could reproduce it on all machines running at least
>> Jessie.
>
> Please provide the command to reproduce _without_ --with-su
Quoting John Paul Adrian Glaubitz (2015-06-20 12:34:25)
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> On 06/20/2015 01:03 PM, Stephan Jauernick wrote:
> > Thanks for pointing that out. I was mistaken there. Sorry :(
>
> No worries, I don't think we disagree about the problem in general.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 06/20/2015 07:51 PM, Jonas Smedegaard wrote:
>> Installing cmus on a newly installed system will therefore
>> install libdnet as a transitive dependency
>
> Agreed cmus pulls in the _library_ for dnet.
Which is unmaintained upstream and in Debia
Quoting Jonas Smedegaard (2015-06-20 12:51:10)
> Quoting John Paul Adrian Glaubitz (2015-06-20 12:22:09)
> > On 06/20/2015 05:45 PM, Jonas Smedegaard wrote:
> >> Please elaborate what in cmus is "broken by default" - seems this
> >> whole "issue" of yours stems from installing an additional packag
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 06/20/2015 01:12 PM, Patrick Matthäi wrote:
>> It's definitely the Debian way when a certain package
>> functionality that maybe a handful people need breaks other
>> packages. Then it's your duty as a good Debian maintainer to get
>> rid of the o
Quoting John Paul Adrian Glaubitz (2015-06-20 12:22:09)
> On 06/20/2015 05:45 PM, Jonas Smedegaard wrote:
>> Please elaborate what in cmus is "broken by default" - seems this
>> whole "issue" of yours stems from installing an additional package
>> only _suggested_ by cmus.
>
> It's not a Suggests
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 06/20/2015 01:06 PM, Stephan Jauernick wrote:
> Could you please make a bug against roaraudio asking to drop the
> libdnet dependency?
There are already three of such bug reports:
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=755934
> htt
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 06/20/2015 01:03 PM, Stephan Jauernick wrote:
> Thanks for pointing that out. I was mistaken there. Sorry :(
No worries, I don't think we disagree about the problem in general.
> Can you maybe still provide a backtrace/strace log?
This isn't re
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 06/20/2015 06:56 PM, Patrick Matthäi wrote:
>> I can't say what's right or best for cmus, but what is right for
>> Debian seems fairly self evident to everyone but the roar
>> maintainers.
>
> There is no depenedencie of *roar* to dnet at all.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 06/20/2015 05:45 PM, Jonas Smedegaard wrote:
> Please elaborate what in cmus is "broken by default" - seems this
> whole "issue" of yours stems from installing an additional package
> only _suggested_ by cmus.
It's not a Suggests, it's a Recommen
Am 20.06.2015 um 18:45 schrieb Ron:
> On Sat, Jun 20, 2015 at 01:02:50PM +0200, John Paul Adrian Glaubitz wrote:
>> On 06/20/2015 12:52 PM, Patrick Matthäi wrote:
>>> I need roaraudio for myself? He is my buddy? I don't know him at
>>> all :o John: please stop writing e-mails like this..
>>
>> It's
On Sat, Jun 20, 2015 at 01:02:50PM +0200, John Paul Adrian Glaubitz wrote:
> On 06/20/2015 12:52 PM, Patrick Matthäi wrote:
> > I need roaraudio for myself? He is my buddy? I don't know him at
> > all :o John: please stop writing e-mails like this..
>
> It's Adrian, not John, and I am just quoting
Quoting John Paul Adrian Glaubitz (2015-06-20 04:49:37)
> On 06/19/2015 01:37 PM, James Cowgill wrote:
>> From the bug:
>>> RC severity mostly so this shows up on the radars of all the
>>> right people crossing off the details we need to finalise for the
>>> release.
>>
>> That doesn't apply here.
Processing commands for cont...@bugs.debian.org:
> tags 789256 + pending
Bug #789256 [cmus] cmus: Pulls in unwanted and potentially dangerous DECnet
packages through libroar2
Added tag(s) pending.
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
789256: http://bug
Am 20.06.2015 um 13:02 schrieb John Paul Adrian Glaubitz:
> On 06/20/2015 12:52 PM, Patrick Matthäi wrote:
>> I need roaraudio for myself? He is my buddy? I don't know him at
>> all :o John: please stop writing e-mails like this..
>
> It's Adrian, not John, and I am just quoting Ron who certainly
On Sat, Jun 20, 2015 at 12:42:57PM +0200, John Paul Adrian Glaubitz wrote:
Hi Adrian,
Could you please make a bug against roaraudio asking to drop the libdnet
dependency?
> Stephan,
>
> seriously, you are missing the point. Absolutely _no_one_ needs ROAR
> audio with DECnet support except you an
Hi Adrian,
On Sat, Jun 20, 2015 at 12:47:57PM +0200, John Paul Adrian Glaubitz wrote:
> On 06/20/2015 12:23 PM, Stephan Jauernick wrote:
> > Is there a chance that you got slp installed? If yes. please try
> > to remove it. On Jessie libslp gets pulled in automatically.
>
> Btw, how did you remov
Am 20.06.2015 um 12:42 schrieb John Paul Adrian Glaubitz:
> Stephan,
>
> seriously, you are missing the point. Absolutely _no_one_ needs ROAR
> audio with DECnet support except you and your buddy Patrick.
I need roaraudio for myself? He is my buddy? I don't know him at all :o
John: please stop wr
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 06/20/2015 12:52 PM, Patrick Matthäi wrote:
> I need roaraudio for myself? He is my buddy? I don't know him at
> all :o John: please stop writing e-mails like this..
It's Adrian, not John, and I am just quoting Ron who certainly isn't
making this
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 06/20/2015 12:23 PM, Stephan Jauernick wrote:
> Is there a chance that you got slp installed? If yes. please try
> to remove it. On Jessie libslp gets pulled in automatically.
Btw, how did you remove libslp1 without removing libroar2?
glaubitz@i
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 06/20/2015 12:23 PM, Stephan Jauernick wrote:
> Is there a chance that you got slp installed? If yes. please try
> to remove it. On Jessie libslp gets pulled in automatically.
Oh, and btw, removing essential packages like OpenSLP is _not_ an
opti
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Stephan,
seriously, you are missing the point. Absolutely _no_one_ needs ROAR
audio with DECnet support except you and your buddy Patrick.
If you desperately need ROAR audio in cmus, then you can rebuild it
manually. Debian should not keep packages
Hi,
I will post the important part of one of my previous mails again:
Is there a chance that you got slp installed? If yes. please try to
remove it. On Jessie libslp gets pulled in automatically.
I can't reproduce the bug on a fresh debian wheezy VM. And neither on
a fresh debian jessie VM.
Ple
On 2015-06-20 12:30:54, Sebastian Ramacher wrote:
> On 2015-06-20 09:45:19, Jaromír Mikeš wrote:
> > Hi all,
> >
> > I recently changed build dep of yoshimi package from fltk 1.1 to 1.3.
> > Only because this change package wanted links against 2 new libs
> > libjpeg9-dev libxft-dev which I needed
On 2015-06-20 09:45:19, Jaromír Mikeš wrote:
> Hi all,
>
> I recently changed build dep of yoshimi package from fltk 1.1 to 1.3.
> Only because this change package wanted links against 2 new libs
> libjpeg9-dev libxft-dev which I needed to add to build deps too to get
> package build.
> To me it i
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 06/19/2015 01:37 PM, James Cowgill wrote:
> From the bug:
>> RC severity mostly so this shows up on the radars of all the
>> right people crossing off the details we need to finalise for the
>> release.
>
> That doesn't apply here.
stretch will
On 06/19/2015 01:26 PM, Alessio Treglia wrote:
>> While it might not be a common feature, it is a feature none the less.
>
> One that relies on functionalities provided by a factually dead
> software; please get rid of it.
> Meanwhile I'll be demoting cmus's libroar dependency from Recommends
> to
Hi all,
I recently changed build dep of yoshimi package from fltk 1.1 to 1.3.
Only because this change package wanted links against 2 new libs
libjpeg9-dev libxft-dev which I needed to add to build deps too to get
package build.
To me it is strange because if fltk 1.3 needs these libs they should
Accepted:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Format: 1.8
Date: Sat, 20 Jun 2015 08:39:41 +0200
Source: zynaddsubfx
Binary: zynaddsubfx zynaddsubfx-dssi zynaddsubfx-dbg
Architecture: source amd64
Version: 2.4.3-6
Distribution: unstable
Urgency: medium
Maintainer: Debian Multimedia Mai
zynaddsubfx_2.4.3-6_amd64.changes uploaded successfully to localhost
along with the files:
zynaddsubfx_2.4.3-6.dsc
zynaddsubfx_2.4.3-6.debian.tar.xz
zynaddsubfx-dbg_2.4.3-6_amd64.deb
zynaddsubfx-dssi_2.4.3-6_amd64.deb
zynaddsubfx_2.4.3-6_amd64.deb
Greetings,
Your Debian queue da
47 matches
Mail list logo
