My Debian Activities in April 2016

FTP assistant

This month I marked 171 packages for accept and rejected 42. I also sent 3 emails to maintainers asking questions. It seems to be that another quiet month is behind us. Nevertheless the flood of strange things in NEW continued this month. Hmm, weird world ..

Debian LTS

This was my twenty-second month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian.

This month my all in all workload had been 15.75h. After getting the permission of the security team I changed the temporary-issues to meanwhile assigned CVEs and uploaded fuseiso. This resulted in DSA 3551-1.

I also prepared new packages for asterisk and asked for testers on the LTS mailing list. Luckily Gabriel Filion really tried these packages and found a regression with manager connections. Dear reader, the new packages are waiting for your tests now :-).

Further I used the upload of poppler (DLA 446-1) to test the workflow of the new wheezy-security upload. Uploading and building packages worked perfectly. Unfortunately the push to the security mirrors was a bit delayed (it only happened after an upload of the security team). But this seems to be fixed by Ansgar now.

Last but not least I had a look at PHP5. I think I will start my regular uploads in May.

Other stuff

As I had to deal with non-Debian stuff this month, I didn’t do lots of other things. I only uploaded node-uml …

My Debian Activities in March 2016

FTP assistant

This month I marked 226 packages for accept and rejected 22. I also sent 5 emails to maintainers asking questions. It seems to be that a rather quiet month is behind us. As I have seen some packages with strange debian/copyright in binNEW, I wonder whether also the archive should be checked regularly. Maybe it is time to file some bugs …

Debian LTS

This was my twenty-first month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian.

Due to outstanding hours that were redistributed, my all in all workload had been 14.25h. As Wheezy LTS didn’t start yet and I am not able to do normal security uploads, I sent debdiffs to the security team. Btw. this can be done by everybody and the way to go is described in chapter 5.8.5 of the Debian Developer’s Reference.

Altogether I sent the following debdiffs for …

  • extplorer to fix CVE-2015-0896
  • inspircd to fix CVE-2015-8702
  • libmatroska to fix CVE-2015-8792
  • libstruts1.2-java to fix CVE-2015-0899
  • fuseiso to fix two temporary issues
  • minissdpd to fix CVE-2016-3178 and CVE-2016-3179
  • tlslite to fix CVE-2015-3220

As the security team wants to update Wheezy and Jessie with only one DSA, whenever applicable I created debdiffs for both releases. Up to now the results can be seen in DSA 3526-1, DSA 3527-1 and DSA 3536-1. As tlslite has been removed from Wheezy during today’s point release, I am afraid that was a wasted effort.

Other stuff

My node activities this month involved uploads of: node-component-consoler, node-generator-supported, node-xmlhttprequest-ssl, node-co, node-uid-umber, node-url-join, node-uri-path, node-read-file, node-nth-check, node-base62, node-require-dir, node-for-in, node-obj-util, node-normalize-it-url, node-delve, node-function-bind, node-seq, node-json-localizer, node-through, node-addressparser, node-ansi-regex, node-crypto-cacerts, node-decamelize, node-array-find-index, node-require-main-filename, node-invert-kv, node-starttls.

To fix one or the other bug I also uploaded: node-connect, node-mysql.

I also forwarded bug #809252, which is tagged as security relevant in the BTS, to the Node Security Project. I even got one answer stating that the report arrived. We will see what happens next. At least after 45 days another email might arrive …

My Debian Activities in February 2016

FTP assistant

This month I marked 364 package for accept and rejected 66. Due to the help of lamby, the length of the NEW queue dropped mostly below 50, so there is no need for complaints anymore :-). I also sent 22 emails to maintainers asking questions.

Squeeze LTS

This was my twentieth month that I did some work for the Squeeze LTS initiative, started by Raphael Hertzog at Freexian.

This month more people started to contribute and my workload dropped down to 11.25h. Altogether I uploaded those DLAs:

  • [DLA 424-1] didiwiki security update
  • [DLA 423-1] krb5 security update
  • [DLA 433-1] xerces-c security update
  • [DLA 444-1] php5 security update

This month I was also involved in embargoed uploads and could do an upload on my own (DLA 433-1).

Now Squeeze LTS is officially done. I leave it with mixed feelings. On the one hand it became more and more difficult to backport patches for the latest version to the old software. On the other hand I could learn a lot of stuff about the methods other maintainers used some years ago. Yes, although not always visible at first sight, over the years there are lots of improvements on how packages can be handled in Debian.

So, let us start with Wheezy now …

Other stuff

On the way to pump.io, grunt and some other cool stuff, I uploaded:

  • node-abab
  • node-array-equal
  • node-array-flatten
  • node-array-unique
  • node-cors
  • node-deep-extend
  • node-original
  • node-simplesmtp
  • node-setimmediate
  • node-uglify-save-license
  • node-unpipe

Yes, sometimes this npm2deb makes it really easy to create a package.

In order to fix FTBFSs, errors from DebCI or whatever might fail these days, I also uploaded new versions of:

  • node-array-equal
  • node-array-parallel
  • node-bufferjs
  • node-crc
  • node-css-what
  • node-eventsource
  • node-mime-types
  • node-mocks-http
  • node-rai
  • node-requires-port
  • node-url-parse
  • node-xoauth2

Today I could see the first fruits of my labor. Some packages, I did not touch, migrated to testing because some of their dependencies were finally able to migrate as well.

My Debian Activities in January 2016

FTP assistant

This month I marked 281 package for accept and rejected 58, so almost back to normal processing. I also sent 19 emails to maintainers asking questions.

As mentioned in October the accept-number has reached another milestone. I accepted package 6666 on 20151221, it was python-skbio_0.4.1-1. The winner of a fast processed package with the best guess of this date is: *tata* Javi. Ok, he was the only participant :-). So, who can guess the date of 7777?

Squeeze LTS

This was my nineteenth month that I did some work for the Squeeze LTS initiative, started by Raphael Hertzog at Freexian.

This month several people had to reduce their contribution, so all in all I got a workload of 30h. Altogether I uploaded those DLAs:

  • [DLA 392-1] roundcube security update
  • [DLA 393-1] srtp security update
  • [DLA 394-1] passenger security update
  • [DLA 399-1] foomatic-filters security update
  • [DLA 398-1] privoxy security update
  • [DLA 401-1] imlib2 security update

For the first time this month, I was also involved in three embargoed uploads. Ben and I were informed about some security issues before they got published and I prepared the DLAs. Although the real upload for all suites were still done by the security team, it was really exciting.

I also spent some time on #796095 and prepared another patch for review. Further I am almost done with the next upload of PHP 5.3. Just before starting dupload, another issue appeared. As I think that this will be the last upload of PHP for Squeeze LTS, I also want to take care of this latecomer. The upload of krb5 is waiting in the pipeline, I am just waiting for a confirmation that everything is fine.

This month I also had another term of doing frontdesk work and looked for CVEs that are important for Squeeze LTS or could be ignored.

As Wheezy LTS is just before the start, I already prepared the new build environment. So either now or later in April, I am ready …

Other stuff

Due to the high LTS workload, there was no time for other stuff :-(.

book: Building Microservices from Sam Newman

Recently I read the book Building Microservices from Sam Newman, published by O’Reilly. Up to now I didn’t have to deal with microservices and this book gave a very good summary of this topic.

Unfortunately there are lots of links inside that book, but I could not find a page where all of them are listed online. So here are most of them in the bit.ly-form and the direct one:

http://bit.ly/1GZuFW9 http://alistair.cockburn.us/Hexagonal+architecture Alistair Cockburn’s concept of hexagonal architecture
http://bit.ly/1zOFMxl http://programmer.97things.oreilly.com/wiki/index.php/The_Single_Responsibility_Principle Robert C. Martin’s definition of the Single Responsibility Principle
http://12factor.net/ Heroku’s 12 Factors
http://dropwizard.io Dropwizard = Open source, JVM-based microcontainer
http://bit.ly/1JtA6KX https://github.com/Netflix/karyon Karyon = Open source, JVM-based microcontainer
http://bit.ly/1wxQtw https://github.com/Netflix/Hystrix ciruit breaker library Hystrix
http://bit.ly/1fh2AGt http://martinfowler.com/articles/richardsonMaturityModel.html Richardson Maturity Model
http://bit.ly/1EmZMss http://martinfowler.com/bliki/CatastrophicFailover.html Martin Fowler: catastrophic failover
http://bit.ly/1yISOdQ http://martinfowler.com/bliki/TolerantReader.html Postel’s law
http://semver.org Semantic versioning
http://bit.ly/1v71DOH http://martinfowler.com/bliki/StranglerApplication.html Strangler Application Pattern
http://bit.ly/1EmC3zf https://github.com/Netflix/aegisthus Aegisthus project
http://www.packer.io Packer
http://bit.ly/1Daos3Q http://martinfowler.com/articles/nonDeterminism.html Eradicating Non-Determinism in Tests
http://bit.ly/15BPCVE http://martinfowler.com/articles/enterpriseREST.html “Now you have 2.1.0 problems”
http://bit.ly/1GZwceN https://github.com/realestate-com-au/pact Pact
http://logstash.net Logstash – log file parser
http://bit.ly/1BrIp6a https://www.elastic.co/products/kibana Kibana – ElasticSearch-backed system for viewing logs
https://www.owasp.org Open Web Application Security Project
http://bit.ly/1e9i40t http://queue.acm.org/detail.cfm?id=2499552 The antifragil organization
http://bit.ly/15Co2I7 https://github.com/Netflix/eureka Eureka from Netflix

Further several books are recommended.

  • Domain-Driven Design, Eric Evan at Amazon.de
  • Implementing Domain-Driven Design by Vaughn Vernon at Amazon.de
  • Working Effectively with Legacy Code by Michael Feathers at Amazon.de
  • Refactrogin Databases by Scott J. Amber and Pramod J. Sadalage at Amazon.de
  • Continuous delivery by Jez Humble and Dave Farley at Amazon.de
  • Agile Testing by Lisa Crispin and Janet Gregory at Amazon.de
  • Succeeding with Agile by Mike Cohn at Amazon.de
  • Information Dashboard Design: Displaying Data for At-a-Glance Monitoring by Stephen Few at Amazon.de
  • Lightweight Systems for Realtime Monitoring by Sam Newman
  • Cryptography Engineering by Niels Ferguson, Bruce Schneier and Tadayoshi Kohno at Amazon.de
  • Release It! by Michael Nygard at Amazon.de

My Debian Activities in December 2015

FTP assistant

Due to Christmas, I only marked 254 packages for accept and rejected 17 of them. I had to send 14 emails to maintainers.

Squeeze LTS

This was my eighteenth month that I did some work for the Squeeze LTS initiative, started by Raphael Hertzog at Freexian.

As other members of the LTS team had to give back some hours of their workload, this month my initial workload of 18.25h had been increased to 21.25h. Altogether I uploaded those DLAs:

  • [DLA 370-1] bind9 security update
  • [DLA 373-1] libxml2 security update
  • [DLA 375-1] libpng security update

I also started to work on CVEs for packages t-coffee and pitivi, only to recognize that the versions in Squeeze are not affected. Further I prepared patches for passenger and srtp but I could not test them yet, so an upload will be in January.

This month I also experienced something strange. Due to the upload of the new version of mysql, I had to process a package for squeeze-lts in NEW. I seldom see a package, that creates so much “red” output from lintian. I assume this always happens when an “old” package will be checked by the latest lintian and is a good sign for all the development within Debian.

I also tested Raphaels patch for #796784 and could confirm that everything works as expected.

Unfortunately the php5 upload must be delayed until Januar.

This month I also had another week of frontdesk duties.

Other stuff

The Advent season is over and the Debian Med Advent Calendar is full to bursting. The incredible number of 150 bugs have been closed this year!

Due to the GSL transition a new upload of all meep packages had to be done and all in all I could close #748822, #807210, #807212, #807213, #807214, #807215 and #807747.

dcmd: what is in the dsc file

Notice to my future self: If you want to see a list of files that are referenced by a Debian dsc-file, you need to use:

dcmd dsc-file

The output is the list of files in its ‘Files’ section, plus the dsc-file itself. You can also apply dcmd to changes-files. You can also use a command as the second parameter and do funny stuff with all those files within the dsc-file.

Debian Med Bug Squashing in Advent 2015

The Debian Med Bug Squashing just ended and the Debian Med Advent Calendar is full to bursting.

Like the years before, the Debian Med team performed a bug squashing event from December 1st to 24th. All bugs that have been closed during that period got an entry in the calendar. This year I am really impressed with the achievement of all participants. After the rather small quantity last year, the incredible number of 150 bugs have been closed this year! Thanks alot!

year number of bugs closed
2011 63
2012 28
2013 73
2014 5
2015 150

Litecoin and IPv6

Notice to my future self: If you start the litecoin client (v0.10.2.2) all peers in peers.dat seem to be IPv4 only. At least, I got no connection to the Litecoin network. After looking at the list of supernodes, I could filter two supernodes with IPv6 addresses:

  • ltc.block-explorer.com
  • ltc.lfcvps.com

Putting them as

addnode=ltc.block-explorer.com
addnode=ltc.lfcvps.com

into litecoin.conf, I got my connection and could do some transactions.

My Debian Activities in November 2015

FTP assistant

This month I marked 352 packages for accept and rejected 61 of them. I had to send only 15 emails to maintainers.

I also started to work on #796095 and #796784, but my first patch was rejected. So expect more to come here …

Squeeze LTS

This was my seventeenth month that I did some work for the Squeeze LTS initiative, started by Raphael Hertzog at Freexian.

Due to Toshiba becoming the first platinum sponsor, I got a workload of 21.25h. This is a new and delightful record! Altogether I uploaded those DLAs:

  • [DLA 341-1] php5 security update
  • [DLA 343-1] libpng security update
  • [DLA 355-1] libxml2 security update
  • [DLA 356-1] libsndfile security update

I also started to work on two bugs that were filed against the pseudo-package ftp.debian.org, which are somehow related to the security team: #796095 and #796784 (see above). Moreover I started to work on the next php5 upload, which will happen at the end of December.

As more and more people work at the LTS frontdesk now, this month I could chill out a bit and let the others do the work.

Other stuff

As the Advent season started again I would also like to draw some attention to the Debian Med Advent Calendar. It was announced here and like the past years, the Debian Med team starts a bug squashing event from the December 1st to 24th. Every bug that is closed will be registered in the calendar. So instead of taking something from the calendar, this special one will be filled and at Christmas hopefully every Debian Med related bug is closed. Don’t hestitate, start to squash 🙂 .