apt-get install debian-wizard

Insider infos, master your Debian/Ubuntu distribution

You are here: Home / Archives for python-django

My Free Software Activities in November 2015

by

My monthly report covers a large part of what I have been doing in the free software world. I write it for my donators (thanks to them!) but also for the wider Debian community because it can give ideas to newcomers and it’s one of the best ways to find volunteers to work with me on projects that matter to me.

Debian LTS

This month I have been paid to work 21.25 hours on Debian LTS. During this time I worked on the following things:

  • From November 2nd to November 8th, I was handling the LTS frontdesk, triaging new CVE, filing bugs, and ensuring timely answers on the mailing list. I pushed 26 commits to the security tracker. While investigating CVE-2015-7183 I discovered more embedded copies of nspr (which resulted in #804058). I also commented on the upstream fix for CVE-2015-5602 which looked like insufficient.
  • Prepared and released DLA-339-1 on libhtml-scrubber-perl fixing one CVE.
  • Prepared and released DLA-350-1 on eglibc with a non-trivial backport fixing one CVE.
  • Prepared and released DLA-353-1 on imagemagick fixing two security issues without CVE yet (and marking one as not-affecting squeeze).
  • Added a third patch after review by the upstream author on my still pending bouncycastle update. The upstream author asked me to further defer the update as they have some related fixes coming up.
  • I did preparatory work for DLA-352-1 by identifying the upstream commits that fixed the security issue.
  • I spent some time checking issues that have been assigned for a long time without any visible progress being made in the hope to unblock them (libvncserver, pound, quassel).

The Debian Administrator’s Handbook

Now that the English version has been finalized for Debian 8 Jessie (I uploaded the package to Debian Unstable), I concentrated my efforts on the French version. The book has been fully translated and we’re now finalizing the print version that Eyrolles will again edit.

Paris Open Source Summit

On November 18th and 19th, I was in Paris for the Paris Open Source Summit. I helped to hold a booth for Debian France during two days (with the help of François-Régis and several others).

François Vuillemin, Juliette Belin and Raphaël Hertzog
François-Régis Vuillemin, Juliette Belin and Raphaël Hertzog

On the booth, we had the visit of Juliette Belin who created the theme and the artwork of Debian 8 Jessie. We lacked goodies but we organized a lottery to win 12 copies of my French book.

Debian packaging work

Django. After two weeks of preparation for revers dependencies, I uploaded Django 1.8 to unstable and raised the severity of remaining bugs. Later I uploaded a new upstream point release (1.8.6). I also handled a release critical bug first by opening a ticket upstream and then by writing a patch and submitting it upstream. I uploaded 1.8.7-2 to Debian with my patch.

I also submittted another small fix which has been rejected because the manual page is generated via Sphinx and I thus had to file a bug against Sphinx (which I did). A work-around has been found in the mean time.

apt-xapian-index NMU. A long time ago, I filed a release critical bug against that package (#793681) but the maintainer did not handle it. Fortunately Sven Joachim prepared an NMU and I just uploaded his work. This resulted in another problem due bash-completion changes that Sven promptly fixed and I uploaded a second NMU a few days later.

Gnome-shell-timer. I forwarded #805347 to gnome-shell-timer issue #29 but gnome-shell-timer is abandoned upstream. On a suggestion of Paul Wise, I tried to get this nice extension integrated into gnome-shell-extensions but the request has been turned down. Is there anyone with javascript skills who would like to adopt this project as an upstream developer? It’s a low maintenance project with a decent and loyal user base.

Misc. I fixed bug #804763 in zim which was the result of a bad Debian-specific patch.
I sponsored pylint-plugin-utils_0.2.3-2.dsc for Joseph Herlant to fix a release critical bug. I filed 806237 against lintian. I filed more tickets upstream, related to my Kali packaging work: one against sddm, one against john

Other Debian-related work

Distro-Tracker. I finally merged the work of Orestis Ioannou on bug #756766 which added the possibility to browse old news of each package.

Debian Installer. I implemented two small features that we wanted in Kali: I fixed #647405 to have a way to disable “deb-src” lines in generated sources.list files. I also filed #805291 to see how to allow kernel command line preseeding to override initrd preseeding… the fix is trivial and it works in Kali. I just have to commit it in Debian, I was hoping to get an ack from someone in charge before doing it.

Thanks

See you next month for a new summary of my activities.

My Free Software Activities in October 2015

by

My monthly report covers a large part of what I have been doing in the free software world. I write it for my donators (thanks to them!) but also for the wider Debian community because it can give ideas to newcomers and it’s one of the best ways to find volunteers to work with me on projects that matter to me.

Debian LTS

This month I have been paid to work 13.25 hours on Debian LTS. During this time I worked on the following things:

  • I prepared and released DLA 330-1 fixing two CVE on unzip.
  • I prepared a bouncycastle update fixing CVE-2015-7940 (after having requested that CVE assignment since nobody had done it yet) but I have not yet released the corresponding DLA yet since I’m waiting for a review by the upstream author. This is hairy cryptographic Java code that was non-trivial to backport and I’d rather make sure that I do not mess anything. The patches are available in the bug report #802671 that I opened.
  • I tested the update to MySQL 5.5 with multiple packages and sent back my findings to the debian-lts mailing list.

I also started a conversation about what paid contributors could work on if they have some spare cycle as the current funding level might allow us to invest some time on work outside of just plain security updates.

The Debian Administrator’s Handbook

I spent quite some time finalizing the Jessie book update, both for the content and for the layout of the printed book.

Debian Handbook: cover of the jessie edition

Misc Debian work

GNOME 3.18. I uploaded a new gnome-shell-timer working with GNOME Shell 3.18 and I filed bugs #800660 and #802480 about an annoying gnome-keyring regression… I did multiple test rounds with the Debian maintainers (Dmitry Shachnev, kudos to him!) and the upstream developers (see here and here). Apart from those regressions, I like GNOME 3.18!

Python-modules team migration to Git. After the Git migration, and since the team policy now imposes usage of git-dpm on all members, I made some tries with it on the python-django package while pushing version 1.8.5 to experimental. And the least I can say is that I’m not pleased with the result. I thus filed 3 bugs summarizing the problems I have with git-dpm: #801666 (no way to set the upstream branch names from within the repository), #801667 (no clean way to merge between packaging branches), #801668 (does not create upstream tag immediately on tarball import). That is on top of other randomly stupid bugs that were already reported like #801548 (does not work with perfectly valid pre-existing upstream tags).

Django packaging. I filed bugs on all packages build-depending on python-django that fail to build with Django 1.8 and informed them that I would upload Django 1.8 to unstable in early November (it’s done already). Then I fixed python-django-jsonfield myself since Distro Tracker relies on this package.

Following this small mass-bug filing, I filed a wishlist bug on devscripts to improve the “mass-bug” helper script (see #801926). And since I used “ratt” to rebuild the packages, I filed a wishlist issue on this new tool as well.

Tryton 3.6 upgrade. I upgraded my own Tryton installation to version 3.6 and filed bug #803066 because the SysV init script was not working properly. That also reminded me that the DD process of Matthias Behrle (the tryton package maintainer) was stalled due to a bug in the NM infrastructure so I pinged the NM team and we sorted out a way for me to advocate him and get his process going…

Distro Tracker. I continued my work to refactor the way we handle incoming mail processing (branch people/hertzog/mailprocessing). It’s now mostly finished and I need to deploy it in a test environment before being able to roll it out on tracker.debian.org.

Thanks

See you next month for a new summary of my activities.

My Free Software Activities in March 2015

by

My monthly report covers a large part of what I have been doing in the free software world. I write it for my donators (thanks to them!) but also for the wider Debian community because it can give ideas to newcomers and it’s one of the best ways to find volunteers to work with me on projects that matter to me.

Debian LTS

This month I have been paid to work 15.25 hours on Debian LTS. In that time I did the following:

  • CVE triage: I pushed 37 commits to the security tracker and contacted 20 maintainers about security issues affecting their packages.
  • I started a small helper script based on the new JSON output of the security tracker (see #761859 for details). It’s not ready yet but will make it easier to detect issues where the LTS team lags behind the security team, and other divergences like this and will speed up future CVE triage work (once done).
  • I sent DLA-174-1 (tcpdump update fixing 3 CVE) after having received a debdiff from the Romain Françoise.
  • I prepared DLA-175-1 on gnupg, fixing 3 CVE.
  • I prepared DLA-180-1 on gnutls26, fixing 3 CVE.

That’s it for the paid work. But still about LTS, I proposed two events for Debconf 15:

A Debian LTS logoIn my last Freexian LTS report, I mentioned briefly that it would be nice to have a logo for the LTS project. Shortly after I got a first logo prepared by Damien Escoffier and a few more followed: they are available on a wiki page (and the logo you see above is from him!). Following a suggestion of Paul Wise, I registered the logo request on another wiki page dedicated to artwork requests. That kind of collaboration is awesome! Thanks to all the artists involved in Debian.

Debian packaging

Django. This month has seen no less than 3 upstream point releases packaged for Debian (1.7.5, 1.7.6 and 1.7.7) and they have been accepted by the release team into Jessie. I’m pleased with this tolerance as I have argued the case for it multiple times in the past given the sane upstream release policy (bugfix only in a given released branch).

Python code analysis. I discovered a few months ago a tool combining the power of multiple Python code analysis tools: it’s prospector. I just filed a “Request for Package” for it (see #781165) and someone already volunteered to package it, yay \o/

update-rc.d and systemd. While working on a Kali version based on Jessie, I got hit by what boils down to a poor interaction between systemd and update-rc.d (see #746580) and after some exchanges with other affected users I raised the severity to serious as we really ought to do something about it before release. I also opened #781155 on openbsd-inetd as its usage of inetd.service instead of openbsd-inetd.service (which is only provided as a symlink to the former) leads to multiple small issues.

Misc

Debian France. The general assembly is over and the new board elected its new president: it’s now official, I’m no longer Debian France’s president. Good luck to Nicolas Dandrimont who took on this responsibility.

Salt’s openssh formula. I improved salt’s openssh formula to make it possible to manage the /etc/ssh/ssh_known_hosts file referencing the public SSH keys of other managed minions.

Tendenci.com. I was looking for a free software solution to handle membership management of a large NPO and I discovered Tendenci. It looked very interesting feature wise and written with a language/framework that I enjoy (Python/Django). But while it’s free software, there’s no community at all. The company that wrote it released it under a free software license and it really looks like that they did intend to build a community but they failed at it. When I looked their “development forums” were web-based and mostly empty with only initial discussion of the current developers and no reply from anybody… there’s also no mention of an IRC channel or a mailing list. I sent them a mail to see what kind of collaboration we could expect if we opted for their software and got no reply. A pity, really.

What free software membership management solution would you use when you have more than 10000 members to handle and when you want to use the underlying database to offer SSO authentication to multiple external services?

Thanks

See you next month for a new summary of my activities.

My Free Software Activities in October 2014

by

My monthly report covers a large part of what I have been doing in the free software world. I write it for my donators (thanks to them!) but also for the wider Debian community because it can give ideas to newcomers and it’s one of the best ways to find volunteers to work with me on projects that matter to me.

Packaging work

With the Jessie freeze approaching, I took care of packaging some new upstream releases that I wanted to get in. I started with zim 0.62, I had skipped 0.61 due to some annoying regressions. Since I had two bugs to forward, I took the opportunity to reach out to the upstream author to see if he had some important fixes to get into Jessie. This resulted in me pushing another update with 3 commits cherry picked from the upstream VCS. I also sponsored a wheezy-backports of the new version.

I pushed two new bugfixes releases of Publican (4.2.3 and 4.2.6) but I had to include a work-around for a bug that I reported earlier on docbook-xml (#763598: the XML catalog doesn’t allow libxml2/xmllint to identify the local copy of some entities files) and that is unlikely to be fixed in time for Jessie.

Last but not least, I pushed the first point release of Django 1.7, aka version 1.7.1 to unstable and asked release managers to ensure it migrates to testing before the real freeze. This is important because the closer we are to upstream, the easier it is to apply security patches during the lifetime of Jessie (which will hopefully be 5 years, thanks to Debian LTS!). I also released a backport of python-django 1.7 to wheezy-backports.

I sponsored galette 0.7.8+dfsg-1 fixing an RC bug so that it can get back to testing (it got removed from testing due to the bug).

Debian LTS

See my dedicated report for the paid work I did on that area. Apart from that, I took some time to get in touch with all the Debian consultants and see if they knew some companies to reach out. There are a few new sponsors in the pipe thanks to this, but given the large set of people that it represents, I was expecting more. I used this opportunity to report all bogus entries (i.e bouncing email, broken URL) to the maintainer of the said webpage.

Distro Tracker

Only 30 commits this month, with almost no external contribution, I’m a bit saddened by this situation because it’s not very difficult to contribute to this project and we have plenty of easy bugs to get you started.

That said I’m still happy with the work done. Most of the changes have been made for Kali but will be useful for all derivatives: it’s now possible to add external repositories in the tracker and not display them in the list of available versions, and not generate automatic news about those repositories. There’s a new “derivative” application which is only in its infancy but can already provide a useful comparison of a derivative with its parent. See it in action on the Kali Package Tracker: http://pkg.kali.org/derivative/ Thanks to Offensive Security which is sponsoring this work!

Since I have pushed Django 1.7 to wheezy-backports, all distro tracker instances that I manage are now running that version of Django and I opted to make that version mandatory. This made it possible to add initial Django migrations and rely on this new feature for future database schema upgrade (I have voluntarily avoided schema change up to now to avoid problems migrating from South to Django migrations).

Thanks

See you next month for a new summary of my activities.

Tags

3.0 (quilt) Activity summary APT aptitude Blog Book Cleanup conffile Contributing CUT d-i Debconf Debian Debian France Debian Handbook Debian Live Distro Tracker dpkg dpkg-source Flattr Flattr FOSS Freexian Git GNOME GSOC HOWTO Interview LTS Me Multiarch nautilus-dropbox News Packaging pkg-security Programming PTS publican python-django Reference release rolling Salt synaptic Ubuntu WordPress

Recent Posts