Posted on

My Debian Activities in January 2022

FTP master

This month I accepted 342 and rejected 57 packages. The overall number of packages that got accepted was 366.

Lately I was asked: Is it ftpmaster’s opinion and policy that there is no difference in NEW queue review process between bin and src?

This is a yes/no-question and in this generality the answer is clearly: Every package in NEW needs a full review.

Of course there are circumstances with exceptions. For example after an upload of -1, which would get a full review, the upload of -2 afterwards, introducing a new binary package, would get a much faster review. In this case it would make sense to ping on IRC and draw attention to this. Nevertheless the evaluation of a “light review” might differ between the maintainer and the person doing the review.

Debian LTS

This was my ninety-first month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian.

This month my all in all workload has been 40h. During that time I did LTS and normal security uploads of:

  • [DLA 2882-1] sphinxsearch security update for one CVE
  • [DLA 2890-1] libspf2 security update for two CVEs
  • [DLA 2897-1] apr security update for one CVE
  • [DLA 2900-1] lrzsz security update for one CVE
  • [DLA 2901-1] libxfont security update for one CVE
  • [DLA 2902-1] graphicsmagick security update for one CVE
  • [#1004049] buster-pu: package zziplib/0.13.62-3.2+deb10u1
  • [#1004050] bullseye-pu: package zziplib/0.13.62-3.3+deb11u1
  • [#1004055] buster-pu: package raptor2/2.0.14-1.1~deb10u2

I also started to work on security support for golang packages. Though this sounds like an easy task, the devel is in the details.
As CVEs need to be fixed in unstable first, at the moment it looks like this is the most time consuming task. I will report later on my journey to fix open CVEs in golang-github-russellhaering-goxmldsig

Further I worked on packages in NEW on security-master and injected missing sources.

Last but not least I did some days of frontdesk duties and attended an LTS meeting on IRC.

Debian ELTS

This month was the forty-third ELTS month.

During my allocated time I uploaded:

  • ELA-544-1 for libspf2
  • ELA-549-1 for apr
  • ELA-552-1 for lrzsz
  • ELA-553-1 for libxfont

Further I worked on an update for apache2

Last but not least I did some days of frontdesk duties.

Debian Printing

I was finally able to upload a new version of hplip and Ubuntu is now able to build new snaps for their next release.
Altogether I uploaded new upstream versions or improved packaging of:

Now the dashboard looks rather good and my next task for February is an update of cups.

Debian Astro

As there was a release of version 1.9.4 of INDI and indi-3rdparty, I also uploaded the new version of all INDI drivers and releated libs from indi-3rdparty.

Other stuff

This month I uploaded lots of new upstream releases of golang packages.

Posted on

My Debian Activities in December 2021

FTP master

This month I accepted 412 and rejected 44 packages. The overall number of packages that got accepted was 423.

Debian LTS

This was my ninetieth month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian.

This month my all in all workload has been 40h. During that time I did LTS and normal security uploads of:

  • [DLA 2846-1] raptor2 security update for one CVE
  • [DLA 2845-1] libsamplerate security update for one CVE
  • [DLA 2859-1] zziplib security update for one CVE
  • [DLA 2858-1] libzip security update for one CVE
  • [DLA 2869-1] xorg-server security update for three CVEs
  • [#1002912] for graphicsmagick in Buster
  • [debdiff] for sphinxearch/buster to maintainer and sec team
  • [debdiff] for zziplib/buster to maintainer
  • [debdiff] for zziplib/bullseye to maintainer
  • [debdiff] for raptor2/bullseye to maintainer

I also started to work on libarchive

Further I worked on packages in NEW on security-master. In order to faster process such packages, I added a notification when work arrived there.

Last but not least I did some days of frontdesk duties.

Debian ELTS

This month was the forty-second ELTS month.

During my allocated time I uploaded:

  • ELA-527-1 for libsamplerate
  • ELA-528-1 for raptor2
  • ELA-529-1 for ufraw
  • ELA-532-1 for zziplib
  • ELA-534-1 for xorg-server

Last but not least I did some days of frontdesk duties.

Debian Astro

Related to my previous article about fun with telescopes I uploaded new versions or did source uploads for:

Besides the indi-stuff I also uploaded

Other stuff

I celebrated christmas :-).

Posted on

Fun with Telescopes

Recently I purchased a small telescope to look at solar spots. When choosing a mount, I checked whether it can be controlled with OSS.

In this context INDI is mentioned everywhere and my desired mount was supported. indi and kstars are already part of Debian, so “apt install”, selecting my mount, …. oh, wait, the menu shows it, but I can not select it.

Ok, that was the time when I learned about the difference of indi and indi-3rdparty. The indi package just contains a few drivers and others are available from a different repository. This split has been done either due to different release cycles of the driver, a different OSS license of it, or just due to binary blobs without source being part of some drivers.

Fine, there are already packages of the 3rdparty-repository available from an Ubuntu PPA, so it should be no problem to add them do Debian as well.

Some manufacturers freely distribute at least the specification of their API so that others are able to write the corresponding software. Some manufacturers even write their own driver. Examples are:

  • Skywatcher (mounts who can be controlled by the Skywatcher Protocol)
  • Shelyak to control some spectrographs
  • Radio Astronomy Supplies’ SpectraCyber hydrogen line spectrometer
  • Vixen, for controlling Vixen Starbook and Vixen Starbook Ten
  • Starlight Express, SX CCDs, SX wheel and SX Active Optics

A minor part actually does not have binary blobs but distributes the sources of their software. Unfortunately they have licenses that are not compatible with DFSG and those packages still need to go to non-free. Examples are:

  • Finger Lakes Instrumentation (FLI), L.L.C.
  • Lunatico Astronomia
  • Astrojolo
  • Astromechanics

But there also seem to exist lots of manufacturers of astronomically accessories, especially cameras, that just distribute some binary blobs to talk to their hardware. This is sad, but at the moment it is just the way it is and such package need to go to non-free.

Luckily their blobs are accompanied with corresponding licenses. At least those manufacturers understand how software licenses work and packaging their SDK is just straight forward. Examples are:

  • SBIG Astronomical Instruments
  • Moravian Instruments Inc.
  • Player One Astronomy

However, when looking at the license information of some Ubuntu packages, several of them were distributed under a CC license. This is not a common license for software, so I wanted to get a confirmation whether these information are correct.

Unfortunately most of such manufacturers don’t want to disclose their licenses. For whatever reason they distribute their tarballs without any hint and emails to their support channels are just ignored. Examples of such bad behaviour are:

  • Altaircam
  • QSI (was bought by Atik)
  • Atik
  • Touptek
  • QHY

However the best answer comes from the Levenhuk support. My question about the license of their SDK was answered by:

I am afraid we cannot disclose any further information except the software file that is available on our website.

So strictly speaking nobody is allowed to use their software. I wonder whether such competence also becomes visible in their products. I will never really know as there are more than enough OSS friendly manufacturers available.

Anyway, most of the indi-3rdparty drivers are now available and I got lots of suggestions about hardware I need to buy in the future :-).

Posted on

My Debian Activities in November 2021

FTP master

This month I accepted 564 and rejected 93 packages. The overall number of packages that got accepted was 591.

Debian LTS

This was my eighty-ninth month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian.

This month my all in all workload has been 40h. During that time I did LTS and normal security uploads of:

  • [DLA 2820-1] atftp security update for two CVEs
  • [DLA 2821-1] axis security update for one CVE
  • [DLA 2822-1] netkit-rsh security update for two CVEs
  • [DLA 2825-1] libmodbus security update for two CVEs
  • [#1000408] for libmodbus in Buster
  • [#1000485] for btrbk in Bullseye
  • [#1000486] for btrbk in Buster

I also started to work on pgbouncer to get an update for each release and had to process packages from NEW on security-master.

Further I worked on a script to automatically publish DLAs on the Debian website, that are posted to debian-lts-announce. The script can be found on salsa. It only publishes stuff from people on a whitelist. At the moment it is running on a computer at home. You might run your own copy, or just send me an email to be put on the whitelist as well.

Last but not least I did some days of frontdesk duties.

Debian ELTS

This month was the forty-first ELTS month.

During my allocated time I uploaded:

  • ELA-517-1 for atftp
  • ELA-519-1 for qtbase-opensource-src
  • ELA-520-1 for libsdl1.2
  • ELA-521-1 for libmodbus

Last but not least I did some days of frontdesk duties.

Debian Printing

Unfortunately I did not do as much as I wanted this month. At least I looked at some old bugs and uploaded new upstream versions of …

I hope this will improve in December again. New versions of cups and hplip are on my TODO-list.

Debian Astro

This month I uploaded new versions of …

Other stuff

I improved packaging or fixed bugs of:

Posted on

My Debian Activities in October 2021

FTP master

This month I accepted 341 and rejected 46 packages. The rejection is as high as last month. I hope everybody is aware that pressing just one key when accepting a package is much faster than writing an explanation why a package has to be rejected. Anyway, the overall number of packages that got accepted was 355.

Debian LTS

This was my eighty-eighth month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian.

This month my all in all workload has been 28.5h. During that time I did LTS and normal security uploads of:

  • [DLA 2788-1] strongswan security update for one CVE
  • [DLA 2789-1] squashfs-tools security update for one CVE
  • [DLA 2792-1] faad2 security update for seven CVEs
  • [DLA 2796-1] jbig2dec security update for two CVEs
  • [DLA 2800-1] cups security update for one CVE
  • [#998042] for jbig2dec in Buster

I also continued to work on exiv2.

Last but not least I did some days of frontdesk duties.

Debian ELTS

This month was the fortieth ELTS month.

During my allocated time I uploaded:

  • ELA-494-1 for curl
  • ELA-497-1 for squashfs-tools
  • ELA-498-1 for openssl
  • ELA-501-1 for faad2
  • ELA-504-1 for jbig2dec
  • ELA-508-1 for cups

Last but not least I did some days of frontdesk duties.

Debian Printing

I improved packaging or fixed bugs or uploaded a new version of:

Last but not least I looked at some old bugs and checked whether they could be closed.

Debian Astro

Though being a silent member of Debian Astro for a long time, I am now going to be more active now. Most of the time I will be focused on packages for telescope control, but of course I won’t stay away from other topics.

So I uploaded:

If you know of other missing packages, don’t hesitate to tell me!

Other stuff

On my neverending golang challenge I again uploaded some packages either for NEW or as source upload.

I uploaded new upstream versions of:

I improved packaging or fixed bugs of: