Posted on

My Debian Activities in January 2015

FTP assistant

This month at the beginning of the year has been rather quiet as well. All in all I marked 50 packages for accept and rejected only 17 packages.

Squeeze LTS

This was my seventh month that I did some work for the Squeeze LTS initiative, started by Raphael Hertzog at Freexian.

This month I got assigned a workload of 12h and I spent these hours to upload new versions of:

  • [DLA 127-1] pyyaml security update
  • [DLA 128-1] sox security update
  • [DLA 138-1] jasper security update
  • [DLA 145-1] php5 security update

In doing so, preparing the upload for php5 consumed most of the time as support from Upstream for the old version in Squeeze no longer exists. Oddly enough, a simple one-line-patch seems to have created a regression …

I also sponsored the upload of [DLA 133-1] unrtf security update, [DLA 134-1] curl security update and [DLA 130-1] firebird2.1 security update. Many thanks to Nguyen Cong from Toshiba who prepared the patches for these packages.

I also uploaded two DLAs for polarssel ([DLA 129-1] polarssl security update and [DLA 144-1] polarssl security update) although no LTS sponsor indicated any interest.

Other packages

Thanks to the relentless QA work of Andreas Beckmann, his piuparts tests detected an issue in the greylistd package. If greylistd has been installed in Wheezy, removed but not purged afterwards, the whole system dist-upgraded to Jessie and afterwards greylistd is installed again, there would be an error message. RC bug taken, fixed package uploaded and unblock request approved.

Posted on

My Debian Activities in December 2014

FTP assistant

This month at the end of the year has been rather quiet as well. The holiday season is not suited for lots of REJECTs, so all in all I marked 91 packages for accept and rejected only 14 packages. But be aware, the period of grace is over now.

Squeeze LTS

This was my sixth month that I did some work for the Squeeze LTS initiative, started by Raphael Hertzog at Freexian.

This month I got assigned a workload of 20.5h and I spent these hours to upload new versions of:

  • [DLA 99-1] flac security update
  • [DLA 100-1] mutt security update
  • [DLA 101-1] jasper security update
  • [DLA 102-1] tcpdump security update
  • [DLA 105-1] graphviz security update
  • [DLA 107-1] unbound security update
  • [DLA 108-1] nfs-utils security update
  • [DLA 110-1] libyaml security update
  • [DLA 109-1] libyaml-libyaml-perl security update
  • [DLA 117-1] qt4-x11 security update
  • [DLA 121-1] jasper security update
  • [DLA 122-1] eglibc security update
  • [DLA 123-1] firebird2.5 security update
  • [DLA 124-1] unzip security update

This month I also sponsored the upload of [DLA 126-1] ettercap security update. As far as I know, this has been the first time that someone who is not (yet?) involved in Debian as a Debian Maintainer or Debian Developer prepared a patch for Squeeze LTS. So many thanks to Nguyen Cong for doing the work. Thanks to Toshiba as well, who allowed him to work on this package. I am sure there is more to come.

As December is the time of gifts, I also uploaded [DLA 104-1] pdns-recursor security update although no LTS sponsor indicated any interest.

Other packages

Unfortunately the Debian Med Advent Calendar wasn’t as successful as the years before. Only five bugs in packages python-mne, avifile , biomaj-watcher, trimmomatic and uc-echo have been closed. Things can only get better …

Posted on

My Debian Activities in November 2014

FTP assistant

In contrast to the last month, this month has been rather quiet and I really liked that :-). The stress has moved to the next team. So all in all I marked 101 packages for accept and had to reject 27 packages. As I mostly reviewed really new packages, I didn’t have to file any RC bug this month.

Squeeze LTS

This was my fifth month that I did some work for the Squeeze LTS initiative, started by Raphael Hertzog at Freexian.

This month I got assigned a workload of 14.25h and I spent these hours to upload new versions of:

  • [DLA 82-1] wget security update
  • [DLA 84-1] curl security update
  • [DLA 89-1] nss security update
  • [DLA 90-1] imagemagick security update
  • [DLA 94-1] php5 security update
  • [DLA 97-1] eglibc security update

I also uploaded [DLA 85-1] libxml-security-java security update, but as nobody of the LTS sponsors had any interest in this package, I did this in my “spare” time. A package with security in its name should not be affected by security issues.

This month my failure of the month has been the binutils package. Although the security team prepared the way for finding the correct patches for all those CVEs, I somehow managed to not find them. This is embarassing …

I am also a bit disappointed by current LTS users. All important packages have been made available for testing before uploading them to the archive. Apart from some brave fellow DDs, no other feedback was reported on debian-lts. Complaints arrived only when the packages have been finally uploaded. Do admins have enough time nowadays and don’t need to use some kind of testbed? Times are changing …

Other packages

This month I even found some time to sponsor uploads, so please welcome a new version of fastaq in experimental and patiently wait for aegaen and kmc to pass NEW.

At this point I also want to mention the Debian Med Advent Calendar, which was announced in this email and already mentioned by Andreas in his latest Debian Med bits. Everybody is invited to take care of as much as possible poor souls.

Support

If you would like to support my Debian work you could either be part of the Freexian initiative (see above) or consider to send some bitcoins to 1JHnNpbgzxkoNexeXsTUGS6qUp5P88vHej. Contact me at donation@alteholz.eu if you prefer another way to donate. Every kind of support is most appreciated.

Posted on

My Debian activities in August 2014

FTP assistant

By pure chance I was able to accept 237 packages, the same number as last month. 33 times I contacted the maintainer to ask a question about a package and 55 times I had to reject a package. The reject number increased a bit as I also worked on packages that already got a note but had not been fully processed. In contrast I only filed three serious bugs this month.

Currently there are about 200 packages still waiting in the NEW queue As the freeze for Jessie comes closer every day, I wonder whether all of them can be processed in time. So I don’t mind if every maintainer checks the package again and maybe uploads an improved version that can be processed faster.

Squeeze LTS

This was my second month that I did some work for the Squeeze LTS initiative, started by Raphael Hertzog at Freexian

All in all I got assigned a workload of 16.5h for August. I spent these hours to upload new versions of

  • [DLA 32-1] nspr security update
  • [DLA 34-1] libapache-mod-security security update
  • [DLA 36-1] polarssl security update
  • [DLA 37-1] krb5 security update
  • [DLA 39-1] gpgme1.0 security update
  • [DLA 41-1] python-imaging security update

As last month I prepared these uploads on the basis of the corresponding DSAs for Wheezy. For these packages backporting the Wheezy patches to Squeeze was rather easy.

I also had a look at python-django and eglibc. Although the python-django patches apply now, the package fails some tests and these issues need some further investigation. In case of eglibc, my small pbuilder didn’t have enough resources and trying to build the package resulted in a full disk after more than three hours of work.

For PHP5 Ondřej Surý (the real maintainer) suggested to use point releases of upstream instead of applying only patches. I am curious about how much effort is needed for this approach. Stay tuned, next month you will be told more details!

Anyway, this is still a lot of fun and I hope I can finish python-django, eglibc and php5 in September.

Other packages

This month my meep packages plus mpb have been part of a small hdf5 transition. All five packages needed a small patch and a new upload. As the patch was already provided by Gilles Filippini, this was done rather quickly.

Support

If you would like to support my Debian work you could either be part of the Freexian initiative (see above) or consider to send some bitcoins to 1JHnNpbgzxkoNexeXsTUGS6qUp5P88vHej. Contact me at donation@alteholz.eu if you prefer another way to donate. Every kind of support is most appreciated.

Posted on

My Debian activities in July 2014

FTP assistant
This month I was able to accept 237 packages, 27 times I contacted the maintainer to ask a question about a package and 40 times I had to reject a package. Additionally I needed to file nine serious bugs.
In the light of recent events I want to make clear that there is no automatism to create such bugs. They are all handmade and you can be quite sure that there are no false positives but only real issues.

The highlight of this month has been my first patch to dak, the software which is used to manage the Debian archive. Well, it was just a patch of an email template but at least it closes Bug #754805. Now the new Debian tracker at https://tracker.debian.org/ (a replacement for the Debian Package Tracking system (PTS)) is able to detect in which suite new uploads appear.

Squeeze LTS
This month the initiative to support Squeeze LTS, which was started by Freexian, got some momentum. I would like to thank every sponsor of this initiative (please see a list at
the Freexian LTS page) and of course Raphael Hertzog for organizing everything.

All in all I got assigned a workload of 10.5h for July. I spent these hours to upload new versions of tiff, libxml2, php5 and fail2ban. I prepared these uploads on the basis of the corresponding DSAs for Wheezy. So most of the time the patches for all CVEs could be applied smoothly and only line numbers had to be adjusted. For a few CVEs the difference between the code in Squeeze and Wheezy was too huge and things became more difficult. Luckily all CVEs contained good descriptions of what was wrong, so at the end I could find solutions for all security fixes. In this context I am a bit sad about the feedback on the Debian LTS mailing list. I had hoped to get more responses to my calls to test packages before uploading them to the archive. Of course I do some testing on my own, but I am sure I don’t cover all use cases.

I also used some time to fix the information in the security tracker. Three CVEs for dbus were marked as relevant for Squeeze, but the corresponding code didn’t exist in the Squeeze version.

Anyway, this was a lot of fun and I definitely want to be part of that initiative in the future.

Other packages
I tried to fix #752401 of net-dns-fingerprint. Unfortunately the new version does not really work and upstream is a bit silent.

Support
If you would like to support my Debian work you could either be part of the Freexian initiative (see above) or consider to send some bitcoins to 1JHnNpbgzxkoNexeXsTUGS6qUp5P88vHej. Contact me at donation@alteholz.eu if you prefer another way to donate. Every kind of support is most appreciated.