Posted on

Debian and the Internet of Things

Everybody is talking about the Internet of Things. Unfortunately there is no sign of it in Debian yet. Besides some smaller packages like sispmctl, usbrelay or the 1-wire support in digitemp and owfs, there is not much software to control devices over a network.

With the recent upload of alljoyn-core-1504 this might change.

The Alljoyn Framework, where the Alljoyn Core is just one of several modules, lets devices and applications detect each other and communicate with one another over a D-Bus like message bus. The development of the framework has been started by Qualcomm some years ago and is meanwhile managed by the AllSeen Alliance, a nonprofit consortium. The software is licensed under the ISC license.

This first upload is just the first step of a long journey. Other modules that compose the framework and already have a released tarball are related to lightning products, gateways to overcome the boundaries of the local network and much more. In the near future it is also planned to have modules that attach Z-Wave-, ZigBee- or Bluetooth-devices to the Alljoyn bus.

So all in all, this looks like an exciting task and everybody is invited to help maintaining the software in Debian.

Posted on

My Debian Activities in April 2016

FTP assistant

This month I marked 171 packages for accept and rejected 42. I also sent 3 emails to maintainers asking questions. It seems to be that another quiet month is behind us. Nevertheless the flood of strange things in NEW continued this month. Hmm, weird world ..

Debian LTS

This was my twenty-second month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian.

This month my all in all workload had been 15.75h. After getting the permission of the security team I changed the temporary-issues to meanwhile assigned CVEs and uploaded fuseiso. This resulted in DSA 3551-1.

I also prepared new packages for asterisk and asked for testers on the LTS mailing list. Luckily Gabriel Filion really tried these packages and found a regression with manager connections. Dear reader, the new packages are waiting for your tests now :-).

Further I used the upload of poppler (DLA 446-1) to test the workflow of the new wheezy-security upload. Uploading and building packages worked perfectly. Unfortunately the push to the security mirrors was a bit delayed (it only happened after an upload of the security team). But this seems to be fixed by Ansgar now.

Last but not least I had a look at PHP5. I think I will start my regular uploads in May.

Other stuff

As I had to deal with non-Debian stuff this month, I didn’t do lots of other things. I only uploaded node-uml …

Posted on

My Debian Activities in March 2016

FTP assistant

This month I marked 226 packages for accept and rejected 22. I also sent 5 emails to maintainers asking questions. It seems to be that a rather quiet month is behind us. As I have seen some packages with strange debian/copyright in binNEW, I wonder whether also the archive should be checked regularly. Maybe it is time to file some bugs …

Debian LTS

This was my twenty-first month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian.

Due to outstanding hours that were redistributed, my all in all workload had been 14.25h. As Wheezy LTS didn’t start yet and I am not able to do normal security uploads, I sent debdiffs to the security team. Btw. this can be done by everybody and the way to go is described in chapter 5.8.5 of the Debian Developer’s Reference.

Altogether I sent the following debdiffs for …

  • extplorer to fix CVE-2015-0896
  • inspircd to fix CVE-2015-8702
  • libmatroska to fix CVE-2015-8792
  • libstruts1.2-java to fix CVE-2015-0899
  • fuseiso to fix two temporary issues
  • minissdpd to fix CVE-2016-3178 and CVE-2016-3179
  • tlslite to fix CVE-2015-3220

As the security team wants to update Wheezy and Jessie with only one DSA, whenever applicable I created debdiffs for both releases. Up to now the results can be seen in DSA 3526-1, DSA 3527-1 and DSA 3536-1. As tlslite has been removed from Wheezy during today’s point release, I am afraid that was a wasted effort.

Other stuff

My node activities this month involved uploads of: node-component-consoler, node-generator-supported, node-xmlhttprequest-ssl, node-co, node-uid-umber, node-url-join, node-uri-path, node-read-file, node-nth-check, node-base62, node-require-dir, node-for-in, node-obj-util, node-normalize-it-url, node-delve, node-function-bind, node-seq, node-json-localizer, node-through, node-addressparser, node-ansi-regex, node-crypto-cacerts, node-decamelize, node-array-find-index, node-require-main-filename, node-invert-kv, node-starttls.

To fix one or the other bug I also uploaded: node-connect, node-mysql.

I also forwarded bug #809252, which is tagged as security relevant in the BTS, to the Node Security Project. I even got one answer stating that the report arrived. We will see what happens next. At least after 45 days another email might arrive …

Posted on

My Debian Activities in February 2016

FTP assistant

This month I marked 364 package for accept and rejected 66. Due to the help of lamby, the length of the NEW queue dropped mostly below 50, so there is no need for complaints anymore :-). I also sent 22 emails to maintainers asking questions.

Squeeze LTS

This was my twentieth month that I did some work for the Squeeze LTS initiative, started by Raphael Hertzog at Freexian.

This month more people started to contribute and my workload dropped down to 11.25h. Altogether I uploaded those DLAs:

  • [DLA 424-1] didiwiki security update
  • [DLA 423-1] krb5 security update
  • [DLA 433-1] xerces-c security update
  • [DLA 444-1] php5 security update

This month I was also involved in embargoed uploads and could do an upload on my own (DLA 433-1).

Now Squeeze LTS is officially done. I leave it with mixed feelings. On the one hand it became more and more difficult to backport patches for the latest version to the old software. On the other hand I could learn a lot of stuff about the methods other maintainers used some years ago. Yes, although not always visible at first sight, over the years there are lots of improvements on how packages can be handled in Debian.

So, let us start with Wheezy now …

Other stuff

On the way to pump.io, grunt and some other cool stuff, I uploaded:

  • node-abab
  • node-array-equal
  • node-array-flatten
  • node-array-unique
  • node-cors
  • node-deep-extend
  • node-original
  • node-simplesmtp
  • node-setimmediate
  • node-uglify-save-license
  • node-unpipe

Yes, sometimes this npm2deb makes it really easy to create a package.

In order to fix FTBFSs, errors from DebCI or whatever might fail these days, I also uploaded new versions of:

  • node-array-equal
  • node-array-parallel
  • node-bufferjs
  • node-crc
  • node-css-what
  • node-eventsource
  • node-mime-types
  • node-mocks-http
  • node-rai
  • node-requires-port
  • node-url-parse
  • node-xoauth2

Today I could see the first fruits of my labor. Some packages, I did not touch, migrated to testing because some of their dependencies were finally able to migrate as well.

Posted on

My Debian Activities in October 2015

FTP assistant

This month I marked 492 packages for accept and rejected 50 of them. I had to send only 11 emails to maintainers.

Up to now I accepted about 6000 packages, my first one was pexpect_3.0-1 on 20131211.

date package
1 20131211 pexpect_3.0-1
1111 20140506 dochelp_0.1
2121 20140825 cl-parse-number_1.3-1
2222 20140903 node-websocket-driver_0.3.5-1
3333 20150303 libparse-keyword-perl_0.08-1
4242 20150625 python-monotonic_0.2-1
4444 20150708 libmusicbrainz5_5.1.0+git20150707-1
5555 20150928 golang-github-yosssi-ace_0.0.4+git20150515.41.78e48a2-3

So, when do you expect accepted package number 6666, 7777, 8888 and 9999?

Squeeze LTS

This was my sixteenth month that I did some work for the Squeeze LTS initiative, started by Raphael Hertzog at Freexian.

This month I only got a workload of 13.25h. Altogether I uploaded those DLAs:

  • [DLA 327-1] freeimage security update
  • [DLA 331-1] polarssl security update
  • [DLA 334-1] libxml2 security update
  • [DLA 334-2] libxml2 regression update

While preparing the libxml2 upload, I mixed up things for the i386 build and so [DLA 334-2] had to follow shortly after [DLA 334-1].
I also prepared a new upload of PHP5 with nine CVEs fixed. I put the i386 and amd64 versions at people.d.o and invite everybody to test them and give positive or negative feedback. The real upload to the archive will happen next week.

This month I also had another term of doing frontdesk work and looked for CVEs that are important for Squeeze LTS or could be ignored.

Other stuff

This month I only polished some packages and uploaded:

I also manually closed #711329 and #352421. After adopting package chktex I inherited #352421, which was one of my oldest bugs. It was about emacs longlines-mode support and I could close it without actually fixing something. The longlines-mode vanished from emacs. So, sorry for that …

Posted on

My Debian Activities in July 2015

FTP assistant

This month I marked 485 packages for accept, rejected 87 of them and had to send 18 emails to maintainers. The NEW-queue is below 100 again, but you hardworking fellows don’t make a break, but start the GCC5 transition. This is so much fun :-).

Squeeze LTS

This was my thirteens month that I did some work for the Squeeze LTS initiative, started by Raphael Hertzog at Freexian.

This month I got assigned a workload of 15h and I spent again most of it to work on a new upload of php5. I finally prepared the patches for the CVEs and realized only then that the number of failed tests drastically increased. So return to beginning and checking why everything is broken now :-(.

  • [DLA 269-1] linux-ftpd-ssl security update
  • [DLA 271-1] libunwind security update
  • [DLA 280-1] ghostscript security update
  • [DLA 281-1] expat security update

The patch for [DLA 269-1] was prepared by Mats Erik Andersson.

This month I also had another term of doing frontdesk work. So I answered questions on the IRC channel and looked for CVEs that are important for Squeeze LTS or could be ignored.

Other stuff

This month I could finally finish the harminv transition and all affected packages migrated to testing meanwhile.

I also uploaded a new version for pipexec.

Donations

Again, thanks alot to all donors. I really appreciate this and hope that everybody is pleased with my commitment. Don’t hesitate to make suggestions for improvements.

Posted on

My Debian Activities in June 2015

FTP assistant

This month I marked 539 packages for accept, rejected 61 of them and had to send 24 emails to maintainers. This is a new personal record. Even in the month before the Jessie freeze I accepted only 407 packages. So, very well done (self-laudation has to happen from time to time :-)).

Another record was broken as well. After 19 month of doing this kind of work, I got my first insulting email. I would prefer to wait another 19 month before I get the next one …

Squeeze LTS

This was my twelfth month that I did some work for the Squeeze LTS initiative, started by Raphael Hertzog at Freexian.

This month I got assigned a workload of only 14.5h and I spent most of it to work on a new upload of php5. Unfortunately there have been so many CVEs comming in, that I didn’t do an upload yet.

Other stuff I uploaded was

  • [DLA 258-1] jqueryui security update
  • [DLA 262-1] libcrypto++ security update

This month I also had my first one and a half weeks of doing frontdesk work. As introduced in this email, every member of the LTS team should do some LTS CVE triage. Up to now it was mainly done by Raphael and he wants to share this task with everybody else. So I answered questions on the IRC channel, on the LTS list and looked for CVEs that are important for Squeeze LTS or could be ignored.

Other stuff

This month I also uploaded a new version of harminv and wondered why the package didn’t move to testing. Of course there is a document how to do a transition of a library properly. But hey, it is me, I know everything better and of course I can use a shortcut. Oh boy, I was wrong. So I also uploaded new versions of meep, meep-lam4, meep-openmpi, meep-mpi-default and meep-mpich2.

And the moral of the story: If you don’t understand why something should be done in a specific way, you shouldn’t try to do it different.

Donations

Again, thanks alot to all donors. I really appreciate this and hope that everybody is pleased with my commitment. Don’t hesitate to make suggestions for improvements.

Posted on

My Debian Activities in May 2015

FTP assistant

This month I marked 235 packages for accept and rejected 44 of them. I know, the NEW-queue is rather large, but the numbers are showing a downward trend again.

In the light of recent events I would like to cite two things. The US Copyright Office Circular 14 says about derivative work:

A typical example of a derivative work received for registration in the Copyright Office is one that is primarily a new work but incorporates some previously published material. This previously published material makes the work a derivative work under the copyright law. To be copyrightable, a derivative work must be different enough from the original to be regarded as a “new work” or must contain a substantial amount of new material. Making minor changes or additions of little substance to a preexisting work will not qualify the work as a new version for copyright purposes. The new material must be original and copyrightable in itself. Titles, short phrases, and format, for example, are not copyrightable.

Title 17 of the United States Code says in §103:

The copyright in a compilation or derivative work extends only to the material contributed by the author of such work, as distinguished from the preexisting material employed in the work, and does not imply any exclusive right in the preexisting material. The copyright in such work is independent of, and does not affect or enlarge the scope, duration, ownership, or subsistence of, any copyright protection in the preexisting material.

Squeeze LTS

This was my eleventh month that I did some work for the Squeeze LTS initiative, started by Raphael Hertzog at Freexian.

This month I got assigned a workload of only 10.25h and I spent most of it to prepare a new upload of ruby1.9.1. The other stuff I uploaded was

  • [DLA 222-1] commons-httpclient security update
  • [DLA 226-1] ntfs-3g security update
  • [DLA 226-2] ntfs-3g regression update
  • [DLA 235-1] ruby1.9.1 security update

[DLA 222-1 has been “only” a sponsored upload, where Markus Koschany prepared the patches. [DLA-226] needed two uploads as the first patch turned out to be incomplete. I also marked CVEs in the security tracker as for Squeeze or added notes for future processing.
The next big adventure in June will be another upload of PHP5.

Other stuff

This month I also uploaded feynmf to take care of the new TDS tree (#766287).

Donations

Again, thanks alot to all donors. I really appreciate this and hope that everybody is pleased with my commitment. Don’t hesitate to make suggestions for improvements.

Posted on

My Debian Activities in March 2015

FTP assistant

Recently the NEW queue grew due to lots of uploads of new KDE software and several smaller node-packages. The KDE-stuff will be processed one after another, but the node-stuff seems to be rather strange. After the last discussion I was told that all those small packages can be accumulated into bigger chunks. I hope this discussion doesn’t need to be repeated again …

Anyway, this month I marked 117 packages for accept and rejected 51 packages.

Squeeze LTS

This was my ninth month that I did some work for the Squeeze LTS initiative, started by Raphael Hertzog at Freexian.

This month I got assigned a workload of 15.25h and I spent these hours to upload new versions of:

  • [DLA 163-1] bind9 security update
  • [DLA 166-1] libarchive security update
  • [DLA 167-1] redcloth security update
  • [DLA 170-1] mod-gnutls security update
  • [DLA 171-1] libssh2 security update
  • [DLA 181-1] xerces-c security update
  • [DLA 182-1] batik security update
  • [DLA 183-1] libxfont security update
  • [DLA 184-1] binutils security update

Finally I was also able to upload the binutils package. Up to now, I got no complaints that something is not working anymore, so yeah, I seem to make it. The next big adventure will be a new upload of PHP. I already started with some patches, but it is still a good piece of work.

I also uploaded update for DLA 164-1] unace security update, [DLA 168-1] konversation security update and [DLA 172-1] libextlib-ruby security update although no LTS sponsor indicated any interest.

Other packages

This month the severity of one bug in greylistd had been raised from normal to severe and such I had to upload a new version. Thanks to Andreas Beckmann for raising and for providing a patch.

I also uploaded a new version of dict-elements and closed a bug related to reproducible builds.

As I am the maintainer of libkeepalive, I got an email from Andreas Florath. He wanted to persuade me to create a package for his library libdontdie, which is rather similar to libkeepalive but has some improvements. As I promised to do some more packaging work, he didn’t have to argue much and voila, there now is a new package libdontdie available. As the cooperation with him is really pleasant, I also created a package for his other project: pipexec.

Donations

Thanks alot to all donors, this month I got 30€ in total. I really appreciate this and hope that everybody is pleased with my commitment. Don’t hesitate to make suggestions for improvements.

Posted on

My Debian Activities in January 2015

FTP assistant

This month at the beginning of the year has been rather quiet as well. All in all I marked 50 packages for accept and rejected only 17 packages.

Squeeze LTS

This was my seventh month that I did some work for the Squeeze LTS initiative, started by Raphael Hertzog at Freexian.

This month I got assigned a workload of 12h and I spent these hours to upload new versions of:

  • [DLA 127-1] pyyaml security update
  • [DLA 128-1] sox security update
  • [DLA 138-1] jasper security update
  • [DLA 145-1] php5 security update

In doing so, preparing the upload for php5 consumed most of the time as support from Upstream for the old version in Squeeze no longer exists. Oddly enough, a simple one-line-patch seems to have created a regression …

I also sponsored the upload of [DLA 133-1] unrtf security update, [DLA 134-1] curl security update and [DLA 130-1] firebird2.1 security update. Many thanks to Nguyen Cong from Toshiba who prepared the patches for these packages.

I also uploaded two DLAs for polarssel ([DLA 129-1] polarssl security update and [DLA 144-1] polarssl security update) although no LTS sponsor indicated any interest.

Other packages

Thanks to the relentless QA work of Andreas Beckmann, his piuparts tests detected an issue in the greylistd package. If greylistd has been installed in Wheezy, removed but not purged afterwards, the whole system dist-upgraded to Jessie and afterwards greylistd is installed again, there would be an error message. RC bug taken, fixed package uploaded and unblock request approved.