My Debian Activities in October 2015

FTP assistant

This month I marked 492 packages for accept and rejected 50 of them. I had to send only 11 emails to maintainers.

Up to now I accepted about 6000 packages, my first one was pexpect_3.0-1 on 20131211.

date package
1 20131211 pexpect_3.0-1
1111 20140506 dochelp_0.1
2121 20140825 cl-parse-number_1.3-1
2222 20140903 node-websocket-driver_0.3.5-1
3333 20150303 libparse-keyword-perl_0.08-1
4242 20150625 python-monotonic_0.2-1
4444 20150708 libmusicbrainz5_5.1.0+git20150707-1
5555 20150928 golang-github-yosssi-ace_0.0.4+git20150515.41.78e48a2-3

So, when do you expect accepted package number 6666, 7777, 8888 and 9999?

Squeeze LTS

This was my sixteenth month that I did some work for the Squeeze LTS initiative, started by Raphael Hertzog at Freexian.

This month I only got a workload of 13.25h. Altogether I uploaded those DLAs:

  • [DLA 327-1] freeimage security update
  • [DLA 331-1] polarssl security update
  • [DLA 334-1] libxml2 security update
  • [DLA 334-2] libxml2 regression update

While preparing the libxml2 upload, I mixed up things for the i386 build and so [DLA 334-2] had to follow shortly after [DLA 334-1].
I also prepared a new upload of PHP5 with nine CVEs fixed. I put the i386 and amd64 versions at people.d.o and invite everybody to test them and give positive or negative feedback. The real upload to the archive will happen next week.

This month I also had another term of doing frontdesk work and looked for CVEs that are important for Squeeze LTS or could be ignored.

Other stuff

This month I only polished some packages and uploaded:

I also manually closed #711329 and #352421. After adopting package chktex I inherited #352421, which was one of my oldest bugs. It was about emacs longlines-mode support and I could close it without actually fixing something. The longlines-mode vanished from emacs. So, sorry for that …

openvpn: ping only works between server and client

Notice to my future self:

  • an openvpn connection can be stablished between client and server
  • you can ping the server from the client
  • you can ping the client from the server
  • you added the route in your server config
  • route -n shows everything is in place
  • but you can not ping any host on an attached network

… then you forgot to add a file in the ccd-directory for the correct common name of your client containing all iroute statements.

My Debian Activities in September 2015

FTP assistant

Another month passed and another statistic arrives: This month I marked 341 packages for accept and rejected only 48 of them. Almost like last month I had to send 14 emails to maintainers.

Squeeze LTS

This was my fifteenth month that I did some work for the Squeeze LTS initiative, started by Raphael Hertzog at Freexian.

This month I only got a workload of 14.5h. I finally uploaded a new version of php5. Unfortunately in one library a parameter to a function call introduced new values. As a result all running processes that used the old version of that library produced an error message until they got restarted. As complaints showed up on all channels, I rechecked my patches again and again but could not find an error. I wonder whether this happened once before. At least the php package does not have a mechanism to restart something…
Altogether I uploaded those DLAs:

  • [DLA 307-1] php5 security update
  • [DLA 309-1] openldap security update
  • [DLA 311-1] rpcbind security update
  • [DLA 312-1] libtorrent-rasterbar security update

I also started to work on an upload of freeimage and the next upload of php5.

This month I also had another term of doing frontdesk work. So I answered questions on the IRC channel and looked for CVEs that are important for Squeeze LTS or could be ignored.

Other stuff

Some time ago someone mentioned pump.io and that it would be nice to have it in Debian. I found a Wiki page listing dependencies, with lots of stuff already done and just a few holes. It didn’t look like much work todo until I realized that this page showed only the surface and the shoals are hidden below. Anyway, I started to work on it and up to now

  • node-boolbase
  • node-domelementtype
  • node-eventsource
  • node-querystringify
  • node-rai
  • node-requires-port
  • node-url-parse
  • node-wrappy
  • node-xoauth2

are uploaded and

  • node-schlock
  • node-array-parallel
  • node-css-what
  • node-bufferjs
  • node-exit

are still in NEW. Luckily most of them could be handled by npm2deb, so it was mainly routine piece of work. So, expect more to come …

I also polished some smaller packages and could even close some bugs:

  • dict-elements
  • rplay -> #741567 #597152
  • setserial -> #786976 #761951 #761951
  • siggen -> #772364
  • texify

Package of the Day: ansiweather

While looking at NEW I sometimes see a package and think “wow this is great, you have to try this”.

One of these packages is ansiweather. It looks at the data at openweathermap and presents them on the console. So with

ansiweather -l chemnitz -u metric

I get something like:

Current weather in Chemnitz => 12 °C ☔ – Wind => 2.52 m/s WNW – Humidity => 80 % – Pressure => 1014 hPa

Now I see that I need a coat and an umbrella for my walk. Or better I don’t go outside and continue looking at other stuff in NEW 🙂

My Debian Activities in August 2015

FTP assistant

Another month passed and another statistic arrives: This month I marked 408 packages for accept and rejected only 32 of them. Almost like last month I had to send 14 emails to maintainers.

Squeeze LTS

This was my fourteenth month that I did some work for the Squeeze LTS initiative, started by Raphael Hertzog at Freexian.

As anybody else visited Debconf15, I got assigned a workload of 17h this month. I spent some time to prepare an upload of php5, which I did to people.d.o to let others do some tests with the package. I also uploaded some DLAs

  • [DLA 290-1] xmltooling security update Thorsten Alteholz
  • [DLA 290-2] opensaml2 security update Thorsten Alteholz
  • [DLA 292-1] libstruts1.2-java security update Thorsten Alteholz
  • [DLA 296-1] extplorer security update Thorsten Alteholz
  • [DLA 297-1] wesnoth-1.8 security update Thorsten Alteholz
  • [DLA 298-1] roundup security update Thorsten Alteholz

The patch for [DLA 290-1] was prepared by Ferenc Wagner. As opensaml2 needed a rebuild with the new version of xmltooling, that upload got [DLA-290-2] instead of an own DLA-number.

This month I also had another term of doing frontdesk work. So I answered questions on the IRC channel and looked for CVEs that are important for Squeeze LTS or could be ignored.

Other stuff

As $WORK needed some time this month, my other activities had been almost nil. But expect more to come in September :-).

My Debian Activities in July 2015

FTP assistant

This month I marked 485 packages for accept, rejected 87 of them and had to send 18 emails to maintainers. The NEW-queue is below 100 again, but you hardworking fellows don’t make a break, but start the GCC5 transition. This is so much fun :-).

Squeeze LTS

This was my thirteens month that I did some work for the Squeeze LTS initiative, started by Raphael Hertzog at Freexian.

This month I got assigned a workload of 15h and I spent again most of it to work on a new upload of php5. I finally prepared the patches for the CVEs and realized only then that the number of failed tests drastically increased. So return to beginning and checking why everything is broken now :-(.

  • [DLA 269-1] linux-ftpd-ssl security update
  • [DLA 271-1] libunwind security update
  • [DLA 280-1] ghostscript security update
  • [DLA 281-1] expat security update

The patch for [DLA 269-1] was prepared by Mats Erik Andersson.

This month I also had another term of doing frontdesk work. So I answered questions on the IRC channel and looked for CVEs that are important for Squeeze LTS or could be ignored.

Other stuff

This month I could finally finish the harminv transition and all affected packages migrated to testing meanwhile.

I also uploaded a new version for pipexec.

Donations

Again, thanks alot to all donors. I really appreciate this and hope that everybody is pleased with my commitment. Don’t hesitate to make suggestions for improvements.

My Debian Activities in June 2015

FTP assistant

This month I marked 539 packages for accept, rejected 61 of them and had to send 24 emails to maintainers. This is a new personal record. Even in the month before the Jessie freeze I accepted only 407 packages. So, very well done (self-laudation has to happen from time to time :-)).

Another record was broken as well. After 19 month of doing this kind of work, I got my first insulting email. I would prefer to wait another 19 month before I get the next one …

Squeeze LTS

This was my twelfth month that I did some work for the Squeeze LTS initiative, started by Raphael Hertzog at Freexian.

This month I got assigned a workload of only 14.5h and I spent most of it to work on a new upload of php5. Unfortunately there have been so many CVEs comming in, that I didn’t do an upload yet.

Other stuff I uploaded was

  • [DLA 258-1] jqueryui security update
  • [DLA 262-1] libcrypto++ security update

This month I also had my first one and a half weeks of doing frontdesk work. As introduced in this email, every member of the LTS team should do some LTS CVE triage. Up to now it was mainly done by Raphael and he wants to share this task with everybody else. So I answered questions on the IRC channel, on the LTS list and looked for CVEs that are important for Squeeze LTS or could be ignored.

Other stuff

This month I also uploaded a new version of harminv and wondered why the package didn’t move to testing. Of course there is a document how to do a transition of a library properly. But hey, it is me, I know everything better and of course I can use a shortcut. Oh boy, I was wrong. So I also uploaded new versions of meep, meep-lam4, meep-openmpi, meep-mpi-default and meep-mpich2.

And the moral of the story: If you don’t understand why something should be done in a specific way, you shouldn’t try to do it different.

Donations

Again, thanks alot to all donors. I really appreciate this and hope that everybody is pleased with my commitment. Don’t hesitate to make suggestions for improvements.

My Debian Activities in May 2015

FTP assistant

This month I marked 235 packages for accept and rejected 44 of them. I know, the NEW-queue is rather large, but the numbers are showing a downward trend again.

In the light of recent events I would like to cite two things. The US Copyright Office Circular 14 says about derivative work:

A typical example of a derivative work received for registration in the Copyright Office is one that is primarily a new work but incorporates some previously published material. This previously published material makes the work a derivative work under the copyright law. To be copyrightable, a derivative work must be different enough from the original to be regarded as a “new work” or must contain a substantial amount of new material. Making minor changes or additions of little substance to a preexisting work will not qualify the work as a new version for copyright purposes. The new material must be original and copyrightable in itself. Titles, short phrases, and format, for example, are not copyrightable.

Title 17 of the United States Code says in §103:

The copyright in a compilation or derivative work extends only to the material contributed by the author of such work, as distinguished from the preexisting material employed in the work, and does not imply any exclusive right in the preexisting material. The copyright in such work is independent of, and does not affect or enlarge the scope, duration, ownership, or subsistence of, any copyright protection in the preexisting material.

Squeeze LTS

This was my eleventh month that I did some work for the Squeeze LTS initiative, started by Raphael Hertzog at Freexian.

This month I got assigned a workload of only 10.25h and I spent most of it to prepare a new upload of ruby1.9.1. The other stuff I uploaded was

  • [DLA 222-1] commons-httpclient security update
  • [DLA 226-1] ntfs-3g security update
  • [DLA 226-2] ntfs-3g regression update
  • [DLA 235-1] ruby1.9.1 security update

[DLA 222-1 has been “only” a sponsored upload, where Markus Koschany prepared the patches. [DLA-226] needed two uploads as the first patch turned out to be incomplete. I also marked CVEs in the security tracker as for Squeeze or added notes for future processing.
The next big adventure in June will be another upload of PHP5.

Other stuff

This month I also uploaded feynmf to take care of the new TDS tree (#766287).

Donations

Again, thanks alot to all donors. I really appreciate this and hope that everybody is pleased with my commitment. Don’t hesitate to make suggestions for improvements.

alpine and UTF-8 and Debian lists

This is a note for my future self: When writing an email with only “charset=US-ASCII”, alpine creates an email with:

Content-Type: TEXT/PLAIN; format=flowed; charset=US-ASCII

and everything is fine.

In case of UTF-8 characters inside the text, alpine creates something like:

Content-Type: MULTIPART/MIXED; BOUNDARY="705298698-1667814148-1432049085=:28313"

and the only available part contains:

Content-Type: TEXT/PLAIN; format=flowed; charset=UTF-8
Content-Transfer-Encoding: 8BIT

Google tells me that the reason for this is:

Alpine uses a single part MULTIPART/MIXED to apply a protection wrapper around QUOTED-PRINTABLE and BASE64 content to prevent it from being corrupted by various mail delivery systems that append little (typically advertising) things at the end of the message.

Ok, this behavior might come from bad experiences and it seems to work most of the time. Unfortunately if one sends a signed email to a Debian list that checks whether the signature is valid (like for example debian-lts-announce), such an email will be rejected with:

Failed to understand the email or find a signature: UDFormatError:
Cannot handle multipart messages not of type multipart/signed

*sigh*

My Debian Activities in April 2015

FTP assistant

Another month, another statistic. This month I marked 90 packages for accept and rejected 20 of them.

Squeeze LTS

This was my tenth month that I did some work for the Squeeze LTS initiative, started by Raphael Hertzog at Freexian.

For some reasons this month I got assigned an exceptional high workload of 26.5h and I spent these hours to upload new versions of:

  • [DLA 188-1] arj security update
  • [DLA 189-1] libgd2 security update
  • [DLA 190-1] libgcrypt11 security update
  • [DLA 191-1] checkpw security update
  • [DLA 193-1] chrony security update
  • [DLA 195-1] libtasn1-3 security update
  • [DLA 200-1] ruby1.9.1 security update
  • [DLA 205-1] ppp security update
  • [DLA 211-1] curl security update
  • [DLA 212-1] php5 security update

[DLA 191-1] and [DLA 193-1] have been “only” sponsored uploads, where Markus Koschany and Joachim Wiedorn prepared the patches.
Due to the large number of hours I was able to make a php5 upload which resolves several issues that have been marked as no-dsa before. At this point I would like to thank Jan Ingvoldstad for his thorough tests of the package before I did the final upload.
The next big adventure will be ruby1.9.1. Unfortunately my workload in May is (hopefully) exceptional low, so I am not sure whether I can finish this by the end of that month.

I also uploaded [DLA 206-1] python-django-markupfield security update although no LTS sponsor indicated any interest in this package.

Other stuff

While searching for another bug, I stumbled upon #128818. It is a whishlist bug for apt to support rsync while downloading package metadata. It might not be useful for the entire Packages-file. But wouldn’t it make sense if each package gets its own file and one has to download only stuff that has really changed?

Donations

Again, thanks alot to all donors. I really appreciate this and hope that everybody is pleased with my commitment. Don’t hesitate to make suggestions for improvements.