Posted on

My Debian Activities in July 2022

FTP master

This month I accepted 420 and rejected 44 packages. The overall number of packages that got accepted was 422.

I am sad to write the following lines, but unfortunately there are people who rather take advantage of others instead of doing a proper maintenance of their packages.

So, in order to find time slots for as much packages in NEW as possible, I no longer write a debian/copyright for others. I know it is a boring task to collect the copyright information, but our policy still requires this. Of course nobody is perfect and certainly one or the other license or copyright holder can be overlooked. Luckily most of the contributors maintain their debian/copyright very thouroughly with a terrific result.

On the other hand some contributors upload only some crap and demand that I exactly list what is missing. I am no longer willing to do this. I am going to stop processing after I found a few missing things and reject the package. When I see repeatedly uploads containing only improvements with things I pointed out, I will process this package only after all others from NEW are done.

Debian LTS

This was my ninety-seventh month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian.

This month my all in all workload has been 35.75h. Unfortunately Stretch LTS has moved to Stretch ELTS and Buster LTS was not yet opened in July. So I think this is the first month I did not work all assigned hours.

Besides things on security-master, I only worked 20h on moving the LTS documentation to their new destination. At the moment the documentation is spread over several locations. As searching over all those locations is not possible, it shall be collected at one place.

Debian ELTS

This month was the forty-eighth ELTS month.

During my allocated time I uploaded:

  • [ELA-643-1] for ncurses (5.9+20140913-1+deb8u4, 6.0+20161126-1+deb9u3)
  • [ELA-655-1] for libhttp-daemon-perl (6.01-1+deb8u1, 6.01-1+deb9u1)
  • [6.14-1.1] upload to unstable
  • [#1016391] bullseye-pu: libhttp-daemon-perl/6.12-1+deb11u1

I also started to work on mod-wsgi and my patch was already approved by the maintainer. Now I am waiting for the security team to decide whether it will be uploaded as DSA or via PU.

Last but not least I did some days of frontdesk duties.

Other stuff

This month I uploaded new upstream versions or improved packaging of:

Posted on

My Debian Activities in June 2022

FTP master

This month I accepted 305 and rejected 59 packages. The overall number of packages that got accepted was 310.

From time to time I am also looking at the list of packages to be removed. If you would like to make life easier for the people who remove packages, please make sure that the resulting dak command really makes sense. If this command consists of garbage, please adapt the Subject: of your bug report accordingly.

Also it does not make sense to file bugs to remove packages from NEW. Please don’t hesitate to close such bugs again …

Debian LTS

This was my ninety-sixth month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian.

This month my all in all workload has been 30.25h. During that time I did LTS and normal security uploads of:

  • [DLA 3058-1] libsndfile security update for two CVEs
  • [DLA 3060-1] blender security update for three CVEs
  • [#1008577] bullseye-pu: golang-github-russellhaering-goxmldsig/1.1.0-1+deb11u1 package has been accepted
  • [#1009077] bullseye-pu: minidlna/1.3.0+dfsg-2+deb11u1 package has been accepted
  • upload of blender to buster-security, no DSA yet
  • upload of blender to bullseye-security, no DSA yet, this upload seems to have failed 🙁

I have to admit that I totally ignored the EOL of Stretch LTS, so my upload of ncurses needs to go to Stretch ELTS now.

This month I also moved/refactored the current LTS documentation to a new repository and started to move the LTS Wiki as well.

I also continued to work on security support for golang packages.

Last but not least I did some days of frontdesk duties and took care of issues on security-master.

At this point I also need to mention my first “business trip”. I drove the short distance between Chemnitz and Freiberg and met Anton to have a face to face talk about LTS/ELTS. It was a great pleasure and definitely more fun than a meeting on IRC.

Debian ELTS

This month was the forty-seventh ELTS month.

During my allocated time I uploaded:

  • ELS-629-1 for libsndfile

Due to the delay of my ncurses upload to Stretch LTS, the ELTS upload got delayed as well. Now I will do both uploads to ELTS in July.

Last but not least I did some days of frontdesk duties.

Debian Printing

This month I uploaded new upstream versions or improved packaging of:

Debian Astro

As there has been a new indi release arriving in Debian, I uploaded new upstream versions of most of the indi-3rdparty packages. Don’t hesitate to tell me whether you really use one of them :-).

Other stuff

This month I uploaded new upstream versions or improved packaging of:

Posted on

My Debian Activities in May 2022

FTP master

This month I accepted 288 and rejected 45 packages. The overall number of packages that got accepted was 290.

Debian LTS

This was my ninety-fifth month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian.

This month my all in all workload has been 40h. During that time I did LTS and normal security uploads of:

  • [DLA 3029-1] cups security update for one embargoed CVE
  • [DLA 3028-1] atftp security update for one CVE
  • [DLA 3030-1] zipios++ security update for one CVE
  • [DSA-5149-1] cups security update in Buster and Bullseye
  • [#1008577] bullseye-pu: golang-github-russellhaering-goxmldsig/1.1.0-1+deb11u1 debdiff was approved and package uploaded
  • [#1009077] bullseye-pu: minidlna/1.3.0+dfsg-2+deb11u1 debdiff was approved and package uploaded
  • [#1009250] bullseye-pu: fribidi/1.0.8-2+deb11u1 debdiff was approved and package uploaded

Further I continued working on libvirt and started to work on blender and ncurses.

I also continued to work on security support for golang packages.

Last but not least I did some days of frontdesk duties and took care of issues on security-master.

Debian ELTS

This month was the forty-seventh ELTS month.

During my allocated time I uploaded:

  • ELS-618-1 for openldap

I also moved/refactored the current ELTS documentation to a new repository.

Further I started to work on blender and ncurses in ELTS as well as in LTS.

Last but not least I did some days of frontdesk duties.

Debian Printing

This month I uploaded new upstream versions or improved packaging of:

The reason for the new upstream version of ipp-usb was a strange bug. Some HP printers claim to have fax support but fail to respond to corresponding IPP queries. I understand that nowadays sending a fax is no longer a main theme for quality assurance. But if one tries to advertise as much features as possible, all these features should basically work and not prevent the things a printer should normally do.

The reason for the new upstream version of cups was a security issue. You now should have the latest version of cups installed (there have been updates in other Debian releases as well).

Debian Astro

This month I uploaded new upstream versions or improved packaging of:

Other stuff

This month I uploaded new packages:

Posted on

My Debian Activities in April 2022

FTP master

This month I accepted 186 and rejected 26 packages. The overall number of packages that got accepted was 188.

Debian LTS

This was my ninety-fourth month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian.

This month my all in all workload has been 40h. During that time I did LTS and normal security uploads of:

  • [DLA 2973-1] minidlna security update for one CVE
  • [DLA 2974-1] fribidi security update for three CVEs
  • [DLA 2988-1] tinyxml security update for one CVE
  • [DLA 2987-1] libarchive security update for three CVEs
  • [#1009076] buster-pu: minidlna/1.2.1+dfsg-2+deb10u3
  • [#1009077] bullseye-pu: minidlna/1.3.0+dfsg-2+deb11u1
  • [#1009251] buster-pu: fribidi/1.0.5-3.1+deb10u2
  • [#1009250] bullseye-pu: fribidi/1.0.8-2+deb11u1
  • [#1010380] buster-pu: flac/1.3.2-3+deb10u2

Further I worked on libvirt, the dependency problems in unstable have been resolved and fixing in other releases can continue.

I also continued to work on security support for golang packages.

Last but not least I did some days of frontdesk duties.

Debian ELTS

This month was the forty-siyth ELTS month.

During my allocated time I uploaded:

  • ELA-591-1 for minidlna
  • ELA-592-1 for fribidi
  • ELA-602-1 for tinyxml
  • ELS-603-1 for libarchive

Last but not least I did some days of frontdesk duties.

Debian Printing

This month I uploaded new upstream versions or improved packaging of:

As I already became the maintainer of usb-modeswitch I also adopted usb-modeswitch-data

Debian Astro

Unfortunately I didn’t do anything for this group, but in May I will upload a new version of openvlbi and several indi-3rdparty packages.

Other stuff

Last but not least I uploaded several new upstream version of golang packages but not before checking with ratt that all dependencies still work.

Posted on

My Debian Activities in March 2022

FTP master

This month I accepted 332 and rejected 15 packages. This ratio gives a reason to hope. The overall number of packages that got accepted was 342.

Debian LTS

This was my ninety-third month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian.

This month my all in all workload has been 40h. During that time I did LTS and normal security uploads of:

  • [DLA 2932-1] tiff security update for three CVEs
  • [DLA 2931-1] cyrus-sasl2 security for one CVE
  • [DLA 2966-1] libgc security update for one CVE
  • [#1006493] bullseye-pu: htmldoc debdiff was approved and package uploaded
  • [#1006493] buster-pu: htmldoc debdiff was approved and package uploaded
  • [#1007938] buster-pu: cups/2.2.10-6+deb10u5
  • [#1007938] buster-pu: cups debdiff was approved and package uploaded
  • [#1008577] bullseye-pu: golang-github-russellhaering-goxmldsig/1.1.0-1+deb11u1
  • [#1008578] buster-pu: golang-github-russellhaering-goxmldsig/0.0~git20170911.b7efc62-1+deb10u1
  • [unstable] minidlna security update for one CVE

All my PU bugs for Buster and Bullseye, that accumulated over the last months, were part of the latest point release. So new ones have to be created now :-).

I also continued to work on security support for golang packages. As a result #1008577 and #1008578 were the first real tests with a simple package.

Debian ELTS

This month was the forty-fifth ELTS month.

During my allocated time I uploaded:

  • ELA-573-1 for cyrus-sasl2
  • ELA-589-1 for libgc

Unfortunately uploads have to be done for younger releases first, so I had to withhold some uploads for ELTS. Hopefully they can be done in April. Probably this policy needs to be reconsidered.

Last but not least I did some days of frontdesk duties.

Debian Printing

This month I uploaded new upstream versions or improved packaging of:

In order to make the Debian Edu team happy, I uploaded a new version of cups-filters with an adapted Apparmor-file to Unstable and Bullseye.

Debian Astro

This month I uploaded new upstream versions or improved packaging of:

Other stuff

This month I uploaded new upstream versions or improved packaging of:

In order to avoid an AUTORM of some Osmocom packages, I also had to NMU:

Posted on

My Debian Activities in February 2022

FTP master

This month I accepted 484 and rejected 73 packages. The overall number of packages that got accepted was 495.

The overall number of rejected packages was 76, which is about 15% of the uploads to NEW. While most of the maintainers do a great job when creating their debian/copyright, others are a bit lax. Unfortunately those people seem to be more enthusiastic when fighting for changes in NEW processing or even removing NEW.

One argument in discussions about NEW is that the copyright verification of packages can be done by the community after accepting the packages in the archive.
Last month I did not get any hint that such checks have been done by anybody. As the past already showed several times, this community based checks simply do not exist.

So in the end poorly maintained copyright information will rot in the archive and I am not sure that this really corresponds with the Debian Social Contract.

Debian LTS

This was my ninety-second month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian.

This month my all in all workload has been 40h. During that time I did LTS and normal security uploads of:

  • [DLA 2928-1] htmldoc security update for three CVEs
  • [#1004049] buster-pu: zziplib debdiff was approved and package uploaded
  • [#1004050] bullseye-pu: zziplib debdiff was approved and package uploaded
  • [#1004055] buster-pu: debdiff was approved and package uploaded
  • [#1006493] bullseye-pu: htmldoc/1.9.11-4+deb11u2
  • [#1006494] buster-pu: htmldoc/1.9.3-1+deb10u3
  • [#1006550] buster-pu: tiff/4.1.0+git191117-2~deb10u4
  • [#1006551] bullseye-pu: tiff/4.2.0-1+deb11u1

Unfortunately salsa went down at the end of the month, so several planned uploads did not happen and have to be delayed to March.

I also continued to work on security support for golang packages. Further I worked on packages in NEW on security-master and injected missing sources. Last but not least I did some days of frontdesk duties.

Debian ELTS

This month was the forty-fourth ELTS month.

During my allocated time I uploaded:

  • ELA-567-1 for apache2
  • ELA-567-2 for apache2
  • ELA-568-1 for ksh
  • ELA-569-1 for tiff
  • ELA-570-1 for htmldoc

Further I worked on cyrus-sasl but did not do an upload yet.

Last but not least I did some days of frontdesk duties.

Debian Printing

As announced last month I uploaded a new version of cups.

Altogether I uploaded new upstream versions or improved packaging of:

Debian Astro

This month I uploaded new upstream versions or improved packaging of:

Other stuff

This month I uploaded new upstream versions or improved packaging of:

Posted on

My Debian Activities in January 2022

FTP master

This month I accepted 342 and rejected 57 packages. The overall number of packages that got accepted was 366.

Lately I was asked: Is it ftpmaster’s opinion and policy that there is no difference in NEW queue review process between bin and src?

This is a yes/no-question and in this generality the answer is clearly: Every package in NEW needs a full review.

Of course there are circumstances with exceptions. For example after an upload of -1, which would get a full review, the upload of -2 afterwards, introducing a new binary package, would get a much faster review. In this case it would make sense to ping on IRC and draw attention to this. Nevertheless the evaluation of a “light review” might differ between the maintainer and the person doing the review.

Debian LTS

This was my ninety-first month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian.

This month my all in all workload has been 40h. During that time I did LTS and normal security uploads of:

  • [DLA 2882-1] sphinxsearch security update for one CVE
  • [DLA 2890-1] libspf2 security update for two CVEs
  • [DLA 2897-1] apr security update for one CVE
  • [DLA 2900-1] lrzsz security update for one CVE
  • [DLA 2901-1] libxfont security update for one CVE
  • [DLA 2902-1] graphicsmagick security update for one CVE
  • [#1004049] buster-pu: package zziplib/0.13.62-3.2+deb10u1
  • [#1004050] bullseye-pu: package zziplib/0.13.62-3.3+deb11u1
  • [#1004055] buster-pu: package raptor2/2.0.14-1.1~deb10u2

I also started to work on security support for golang packages. Though this sounds like an easy task, the devel is in the details.
As CVEs need to be fixed in unstable first, at the moment it looks like this is the most time consuming task. I will report later on my journey to fix open CVEs in golang-github-russellhaering-goxmldsig

Further I worked on packages in NEW on security-master and injected missing sources.

Last but not least I did some days of frontdesk duties and attended an LTS meeting on IRC.

Debian ELTS

This month was the forty-third ELTS month.

During my allocated time I uploaded:

  • ELA-544-1 for libspf2
  • ELA-549-1 for apr
  • ELA-552-1 for lrzsz
  • ELA-553-1 for libxfont

Further I worked on an update for apache2

Last but not least I did some days of frontdesk duties.

Debian Printing

I was finally able to upload a new version of hplip and Ubuntu is now able to build new snaps for their next release.
Altogether I uploaded new upstream versions or improved packaging of:

Now the dashboard looks rather good and my next task for February is an update of cups.

Debian Astro

As there was a release of version 1.9.4 of INDI and indi-3rdparty, I also uploaded the new version of all INDI drivers and releated libs from indi-3rdparty.

Other stuff

This month I uploaded lots of new upstream releases of golang packages.

Posted on

My Debian Activities in December 2021

FTP master

This month I accepted 412 and rejected 44 packages. The overall number of packages that got accepted was 423.

Debian LTS

This was my ninetieth month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian.

This month my all in all workload has been 40h. During that time I did LTS and normal security uploads of:

  • [DLA 2846-1] raptor2 security update for one CVE
  • [DLA 2845-1] libsamplerate security update for one CVE
  • [DLA 2859-1] zziplib security update for one CVE
  • [DLA 2858-1] libzip security update for one CVE
  • [DLA 2869-1] xorg-server security update for three CVEs
  • [#1002912] for graphicsmagick in Buster
  • [debdiff] for sphinxearch/buster to maintainer and sec team
  • [debdiff] for zziplib/buster to maintainer
  • [debdiff] for zziplib/bullseye to maintainer
  • [debdiff] for raptor2/bullseye to maintainer

I also started to work on libarchive

Further I worked on packages in NEW on security-master. In order to faster process such packages, I added a notification when work arrived there.

Last but not least I did some days of frontdesk duties.

Debian ELTS

This month was the forty-second ELTS month.

During my allocated time I uploaded:

  • ELA-527-1 for libsamplerate
  • ELA-528-1 for raptor2
  • ELA-529-1 for ufraw
  • ELA-532-1 for zziplib
  • ELA-534-1 for xorg-server

Last but not least I did some days of frontdesk duties.

Debian Astro

Related to my previous article about fun with telescopes I uploaded new versions or did source uploads for:

Besides the indi-stuff I also uploaded

Other stuff

I celebrated christmas :-).

Posted on

My Debian Activities in November 2021

FTP master

This month I accepted 564 and rejected 93 packages. The overall number of packages that got accepted was 591.

Debian LTS

This was my eighty-ninth month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian.

This month my all in all workload has been 40h. During that time I did LTS and normal security uploads of:

  • [DLA 2820-1] atftp security update for two CVEs
  • [DLA 2821-1] axis security update for one CVE
  • [DLA 2822-1] netkit-rsh security update for two CVEs
  • [DLA 2825-1] libmodbus security update for two CVEs
  • [#1000408] for libmodbus in Buster
  • [#1000485] for btrbk in Bullseye
  • [#1000486] for btrbk in Buster

I also started to work on pgbouncer to get an update for each release and had to process packages from NEW on security-master.

Further I worked on a script to automatically publish DLAs on the Debian website, that are posted to debian-lts-announce. The script can be found on salsa. It only publishes stuff from people on a whitelist. At the moment it is running on a computer at home. You might run your own copy, or just send me an email to be put on the whitelist as well.

Last but not least I did some days of frontdesk duties.

Debian ELTS

This month was the forty-first ELTS month.

During my allocated time I uploaded:

  • ELA-517-1 for atftp
  • ELA-519-1 for qtbase-opensource-src
  • ELA-520-1 for libsdl1.2
  • ELA-521-1 for libmodbus

Last but not least I did some days of frontdesk duties.

Debian Printing

Unfortunately I did not do as much as I wanted this month. At least I looked at some old bugs and uploaded new upstream versions of …

I hope this will improve in December again. New versions of cups and hplip are on my TODO-list.

Debian Astro

This month I uploaded new versions of …

Other stuff

I improved packaging or fixed bugs of:

Posted on

My Debian Activities in October 2021

FTP master

This month I accepted 341 and rejected 46 packages. The rejection is as high as last month. I hope everybody is aware that pressing just one key when accepting a package is much faster than writing an explanation why a package has to be rejected. Anyway, the overall number of packages that got accepted was 355.

Debian LTS

This was my eighty-eighth month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian.

This month my all in all workload has been 28.5h. During that time I did LTS and normal security uploads of:

  • [DLA 2788-1] strongswan security update for one CVE
  • [DLA 2789-1] squashfs-tools security update for one CVE
  • [DLA 2792-1] faad2 security update for seven CVEs
  • [DLA 2796-1] jbig2dec security update for two CVEs
  • [DLA 2800-1] cups security update for one CVE
  • [#998042] for jbig2dec in Buster

I also continued to work on exiv2.

Last but not least I did some days of frontdesk duties.

Debian ELTS

This month was the fortieth ELTS month.

During my allocated time I uploaded:

  • ELA-494-1 for curl
  • ELA-497-1 for squashfs-tools
  • ELA-498-1 for openssl
  • ELA-501-1 for faad2
  • ELA-504-1 for jbig2dec
  • ELA-508-1 for cups

Last but not least I did some days of frontdesk duties.

Debian Printing

I improved packaging or fixed bugs or uploaded a new version of:

Last but not least I looked at some old bugs and checked whether they could be closed.

Debian Astro

Though being a silent member of Debian Astro for a long time, I am now going to be more active now. Most of the time I will be focused on packages for telescope control, but of course I won’t stay away from other topics.

So I uploaded:

If you know of other missing packages, don’t hesitate to tell me!

Other stuff

On my neverending golang challenge I again uploaded some packages either for NEW or as source upload.

I uploaded new upstream versions of:

I improved packaging or fixed bugs of: