My Debian Activities in November 2014

FTP assistant

In contrast to the last month, this month has been rather quiet and I really liked that :-). The stress has moved to the next team. So all in all I marked 101 packages for accept and had to reject 27 packages. As I mostly reviewed really new packages, I didn’t have to file any RC bug this month.

Squeeze LTS

This was my fifth month that I did some work for the Squeeze LTS initiative, started by Raphael Hertzog at Freexian.

This month I got assigned a workload of 14.25h and I spent these hours to upload new versions of:

  • [DLA 82-1] wget security update
  • [DLA 84-1] curl security update
  • [DLA 89-1] nss security update
  • [DLA 90-1] imagemagick security update
  • [DLA 94-1] php5 security update
  • [DLA 97-1] eglibc security update

I also uploaded [DLA 85-1] libxml-security-java security update, but as nobody of the LTS sponsors had any interest in this package, I did this in my “spare” time. A package with security in its name should not be affected by security issues.

This month my failure of the month has been the binutils package. Although the security team prepared the way for finding the correct patches for all those CVEs, I somehow managed to not find them. This is embarassing …

I am also a bit disappointed by current LTS users. All important packages have been made available for testing before uploading them to the archive. Apart from some brave fellow DDs, no other feedback was reported on debian-lts. Complaints arrived only when the packages have been finally uploaded. Do admins have enough time nowadays and don’t need to use some kind of testbed? Times are changing …

Other packages

This month I even found some time to sponsor uploads, so please welcome a new version of fastaq in experimental and patiently wait for aegaen and kmc to pass NEW.

At this point I also want to mention the Debian Med Advent Calendar, which was announced in this email and already mentioned by Andreas in his latest Debian Med bits. Everybody is invited to take care of as much as possible poor souls.

Support

If you would like to support my Debian work you could either be part of the Freexian initiative (see above) or consider to send some bitcoins to 1JHnNpbgzxkoNexeXsTUGS6qUp5P88vHej. Contact me at donation@alteholz.eu if you prefer another way to donate. Every kind of support is most appreciated.

My Debian Activities in October 2014

FTP assistant

This month has been the month before the freeze. Lots of people uploaded a package at the last moment and wanted to have it in testing before everything is over. This resulted in even more processed package than in September. I was able to accept 407 packages and had to reject 77. The whole FTP team managed it to bring the NEW queue below 40 waiting packages. As the Release team doesn’t like to see binary-NEW packages appearing in unstable (at least those which change the soname of a lib), this number will increase again. But, that’s life …

I am glad that a freeze happens only every few years. So I would particularly thank my dear wife for her patience, when she saw me sitting in front of that damned computer again and again.

Squeeze LTS

This was my fourth month that I did some work for the Squeeze LTS initiative, started by Raphael Hertzog at Freexian.

This month I got assigned a workload of 13.75h and I spent these hours to upload new versions of

  • [DLA 72-1] rsyslog security update
  • [DLA 72-2] rsyslog regression update
  • [DLA 78-1] torque security update
  • [DLA 80-1] libxml2 security update

I also prepared a new upload of wget and still wait for some feedback. In this case some default values had to be changed and I better wait a bit before I break some scripts.

Moreover five CVEs accumulated for php5, so I guess another upload has to be done for this package. This will be ready in the next days …

I also tried to work on libtasn1-3 and librack-ruby. There hadn’t been DSAs for these packages and I tried to dig into the upstream repositories. Unfortunately I failed to find the correct patches. Kudos to the Security Team who have to struggle with all kind of commit messages on a daily basis.

Other packages

I didn’t have time to do any work on my own packages. But during my ftp-time I saw one or another package that deals with some kind of home automation. Up to now there doesn’t seem to be a Debian group who deals with this topic. Maybe it is time to start one?

Support

If you would like to support my Debian work you could either be part of the Freexian initiative (see above) or consider to send some bitcoins to 1JHnNpbgzxkoNexeXsTUGS6qUp5P88vHej. Contact me at donation@alteholz.eu if you prefer another way to donate. Every kind of support is most appreciated.

My Debian activities in August 2014

FTP assistant

By pure chance I was able to accept 237 packages, the same number as last month. 33 times I contacted the maintainer to ask a question about a package and 55 times I had to reject a package. The reject number increased a bit as I also worked on packages that already got a note but had not been fully processed. In contrast I only filed three serious bugs this month.

Currently there are about 200 packages still waiting in the NEW queue As the freeze for Jessie comes closer every day, I wonder whether all of them can be processed in time. So I don’t mind if every maintainer checks the package again and maybe uploads an improved version that can be processed faster.

Squeeze LTS

This was my second month that I did some work for the Squeeze LTS initiative, started by Raphael Hertzog at Freexian

All in all I got assigned a workload of 16.5h for August. I spent these hours to upload new versions of

  • [DLA 32-1] nspr security update
  • [DLA 34-1] libapache-mod-security security update
  • [DLA 36-1] polarssl security update
  • [DLA 37-1] krb5 security update
  • [DLA 39-1] gpgme1.0 security update
  • [DLA 41-1] python-imaging security update

As last month I prepared these uploads on the basis of the corresponding DSAs for Wheezy. For these packages backporting the Wheezy patches to Squeeze was rather easy.

I also had a look at python-django and eglibc. Although the python-django patches apply now, the package fails some tests and these issues need some further investigation. In case of eglibc, my small pbuilder didn’t have enough resources and trying to build the package resulted in a full disk after more than three hours of work.

For PHP5 Ondřej Surý (the real maintainer) suggested to use point releases of upstream instead of applying only patches. I am curious about how much effort is needed for this approach. Stay tuned, next month you will be told more details!

Anyway, this is still a lot of fun and I hope I can finish python-django, eglibc and php5 in September.

Other packages

This month my meep packages plus mpb have been part of a small hdf5 transition. All five packages needed a small patch and a new upload. As the patch was already provided by Gilles Filippini, this was done rather quickly.

Support

If you would like to support my Debian work you could either be part of the Freexian initiative (see above) or consider to send some bitcoins to 1JHnNpbgzxkoNexeXsTUGS6qUp5P88vHej. Contact me at donation@alteholz.eu if you prefer another way to donate. Every kind of support is most appreciated.

My Debian activities in July 2014

FTP assistant
This month I was able to accept 237 packages, 27 times I contacted the maintainer to ask a question about a package and 40 times I had to reject a package. Additionally I needed to file nine serious bugs.
In the light of recent events I want to make clear that there is no automatism to create such bugs. They are all handmade and you can be quite sure that there are no false positives but only real issues.

The highlight of this month has been my first patch to dak, the software which is used to manage the Debian archive. Well, it was just a patch of an email template but at least it closes Bug #754805. Now the new Debian tracker at https://tracker.debian.org/ (a replacement for the Debian Package Tracking system (PTS)) is able to detect in which suite new uploads appear.

Squeeze LTS
This month the initiative to support Squeeze LTS, which was started by Freexian, got some momentum. I would like to thank every sponsor of this initiative (please see a list at
the Freexian LTS page) and of course Raphael Hertzog for organizing everything.

All in all I got assigned a workload of 10.5h for July. I spent these hours to upload new versions of tiff, libxml2, php5 and fail2ban. I prepared these uploads on the basis of the corresponding DSAs for Wheezy. So most of the time the patches for all CVEs could be applied smoothly and only line numbers had to be adjusted. For a few CVEs the difference between the code in Squeeze and Wheezy was too huge and things became more difficult. Luckily all CVEs contained good descriptions of what was wrong, so at the end I could find solutions for all security fixes. In this context I am a bit sad about the feedback on the Debian LTS mailing list. I had hoped to get more responses to my calls to test packages before uploading them to the archive. Of course I do some testing on my own, but I am sure I don’t cover all use cases.

I also used some time to fix the information in the security tracker. Three CVEs for dbus were marked as relevant for Squeeze, but the corresponding code didn’t exist in the Squeeze version.

Anyway, this was a lot of fun and I definitely want to be part of that initiative in the future.

Other packages
I tried to fix #752401 of net-dns-fingerprint. Unfortunately the new version does not really work and upstream is a bit silent.

Support
If you would like to support my Debian work you could either be part of the Freexian initiative (see above) or consider to send some bitcoins to 1JHnNpbgzxkoNexeXsTUGS6qUp5P88vHej. Contact me at donation@alteholz.eu if you prefer another way to donate. Every kind of support is most appreciated.

My Debian activities in June 2014

FTP assistant
With my FTP assistant hat on, I accepted 285 packages. 29 times I had to ask the maintainer a question or had to give a comment. Unfortunately I also had to reject 33 packages. Most of the time due to mistakes in debian/copyright. The review of NEW also resulted in about ten serious bugs in packages that had incomplete copyright information. Dear fellow developers and maintainers: please be more careful when you collect copyright and license information. The better you do your homework, the faster your package will pass NEW!

Squeeze LTS
I also started to contribute to Debian Squeeze-LTS. In June I uploaded security fixes for scheme48 and lxml. Freexian, a French company run by Debian Developer Raphaël Hertzog, started an initiative to establish LTS (Long Term Support) for Debian Squeeze. Via Freexian you can hire other Debian Developers who provide security updates for some more months. So if you still need a stable security support for Debian please consider joining the initiative and visit the Squeeze LTS website at Freexian.

Other packages
For my own packages I uploaded some new versions for different kinds of meep.

Support
If you would like to support my Debian work please consider to send some bitcoins to 1JHnNpbgzxkoNexeXsTUGS6qUp5P88vHej. Contact me at donation@alteholz.eu if you prefer another way to donate. Every kind of support is most appreciated.

BOM: bug squashing and new versions during last three months

As announced in my previous DTPOM article the month of May should be a bug squashing month. As everything worked well, I used last three months to decrease the bug count in Debian packages. Unfortunately I don’t remeber everything, so this list might be incomplete:

  • Due to the help of T, who pointed me to a patch which was sent to the fpdns-user emaillist, bug 680077 disappeared.
  • All meep-* packages had a problem with include files installed in the wrong directory. So development of own programs was a bit difficult. This resulted in

    All bugs have been closed in Sid, but the release team doesn’t want to put it to stable!?

  • Package setserial had some open bugs. Most of them resulted from a strange concept of initializing the serial port and could be closed with just some explanations:
  • With the next upload of greylistd to experimental two bugs could be closed:
  • Two uploads of package uucp closed a few ‘simple’ and one RC bug:

Further I created packages for some new software versions:

  • all packages of the mgltools got a new version (1.5.7~rc1~cvs.20130519-1)
    autodocktools, mgltools-bhtree, mgltools-cadd, mgltools-dejavu, mgltools-geomutils, mgltools-gle, mgltools-mglutil, mgltools-molkit, mgltools-networkeditor, mgltools-opengltk, mgltools-pmv, mgltools-pyautodock, mgltools-pybabel, mgltools-pyglf, mgltools-scenario2, mgltools-sff, mgltools-support, mgltools-symserv, mgltools-utpackages, mgltools-viewerframework, mgltools-vision, mgltools-visionlibraries, mgltools-volume, mgltools-webservices

  • autodocksuite is now available in version 4.2.5.1-3
  • saint is now available in version 2.3.4+dfsg-2
  • I uploaded version 1.5.3-1 of python-cogent, but meanwhile even version 1.5.3-2 is available
  • gcal got an update to version 3.6.3-2
  • epigrass got an update to version 2.2.2-2, unfortunately in that version it depends on python-sqlsoup, which is still in the NEW-queue. Thus this package got an RC bug …

From my point of view 17 closed bugs and 29 updated packages within three months are a pretty good result.

The next month will be characterized by solving all problems with epigrass (and of course python-sqlsoup), mgltools-cadd (there must be a better version hidden somewhere in the sources that needs to be activated somehow) and mgltools-sff (why doesn’t it migrate to testing?). Further the TODO-list of the Debian Med UDD needs to become smaller.

DTPOM: lots of stuff for Debian Med

April has been the month of new packages. I had a look at the task list of Debian Med and tried to finish some (older) packages or created some new ones.

Finally the following packages made it first to “unstable” and after the release of Wheezy, they migrated to “testing” as well:
uc-echo – error correction algorithm designed for short-reads from NGS
python-clips – Python module to interface the CLIPS expert system shell library
visionegg – Python library for 2D/3D visual stimulus generation
qrisk2 – cardiovascular disease risk calculator

Further there are still some packages waiting in the NEW-queue
treeview – Java re-implementation of Michael Eisen’s TreeView
proalign – Probabilistic multiple alignment program

The month of May will be under the banner of bug fixing and new upstream releases. But in case any other package shall be part of Debian, just send an email to blog@alteholz.eu.

DOPOM: scheme48 – A simple, modular, and lightweight Scheme implementation

Some years ago I heard about Scheme and was fascinated by the (at that time at least for me) strange syntax. As this was not yet the time of WWW, I even bought a book to learn more about it.
Unfortunately priorities changed and I needed to spend my time on other things. As I now found that orphaned package I would like to give it a second try and at least keep it rolling.

Debian Med advent calendar

I would like to anounce the Debian Med advent calendar 2012. Just like last year the Debian Med team starts a bug squashing event from the December 1st to 24th. Every day at least one bug from the Debian BTS should be closed. Especially RC bugs for the oncoming Debian release (Wheezy) or bugs in one of the packages maintained by Debian Med shall be closed. Anyone shall be called upon to fix a bug or send a patch. Don’t hestitate, start to squash :-).

DOPOM: a56 – Motorola DSP56001 assembler

Since I first looked at the list of orphaned Debian packages (available at http://www.debian.org/devel/wnpp/orphaned) some time ago, the package a56 has been the lonely leader of the list.

This package contains a freeware assembler for the 56000 architecture. These chips have been very popular in the 1980s (used in NeXT, Atari Falcon and SGI Indigo Workstations).
Updated versions are still used in today’s devices like some mobile phones (-> http://www.freescale.com/webapp/sps/site/homepage.jsp?code=563XXGPDSP)

So, being a bit nostalgic, I adopted this package and brought it to shape. There was even a small bug that I was able to close.