Like each month, here comes a report about the work of paid contributors to Debian LTS. Individual reports In July, about 181 work hours have been dispatched among 11 paid contributors. Their reports are available:

• Antoine Beaupr did 20h (out of 16h allocated + 4 extra hours).
• Ben Hutchings did 14 hours (out of 15h allocated, thus keeping 1 extra hour for August).
• Chris Lamb did 18 hours.
• Emilio Pozuelo Monfort did 18.5 hours (out of 23.5 hours allocated + 8 hours remaining, thus keeping 13 hours for August).
• Guido G nther did 10 hours.
• Hugo Lefeuvre did nothing due to personal problems (out of 2h allocated + 10 extra hours, thus keeping 12 extra hours for August).
• Markus Koschany did 23.5 hours.
• Ola Lundqvist did not publish his report yet (out of 14h allocated + 2 extra hours).
• Rapha l Hertzog did 7 hours (out of 12 hours allocated but he gave back his remaining hours).
• Roberto C. Sanchez did 19.5 hours (out of 23.5 hours allocated + 12 hours remaining, thus keeping 16 extra hours for August).
• Thorsten Alteholz did 23.5 hours.

Evolution of the situation The number of sponsored hours increased slightly with two new sponsors: Leibniz Rechenzentrum (silver sponsor) and Catalyst IT Ltd (bronze sponsor). The security tracker currently lists 74 packages with a known CVE and the dla-needed.txt file 64. The number of packages with open issues increased of almost 50% compared to last month. Hopefully this backlog will get cleared up when the unused hours will actually be done. In any case, this evolution is worth watching. Thanks to our sponsors New sponsors are in bold.

• Platinum sponsors:
• TOSHIBA (for 22 months)
• GitHub (for 13 months)
• Gold sponsors:
• The Positive Internet (for 38 months)
• Blablacar (for 37 months)
• Linode (for 27 months)
• Babiel GmbH (for 16 months)
• Plat Home (for 16 months)
• Silver sponsors:
• Domeneshop AS (for 37 months)
• Universit Lille 3 (for 37 months)
• Trollweb Solutions (for 35 months)
• Nantes M tropole (for 32 months)
• Dalenys (for 28 months)
• Univention GmbH (for 23 months)
• Universit Jean Monnet de St Etienne (for 23 months)
• Sonus Networks (for 17 months)
• UR Communications BV (for 12 months)
• maxcluster GmbH (for 11 months)
• Exonet B.V. (for 7 months)
• Leibniz Rechenzentrum
• Bronze sponsors:
• David Ayers IntarS Austria (for 38 months)
• Evolix (for 38 months)
• Offensive Security (for 38 months)
• Seznam.cz, a.s. (for 38 months)
• Freeside Internet Service (for 37 months)
• MyTux (for 37 months)
• Intevation GmbH (for 35 months)
• Linuxhotel GmbH (for 35 months)
• Daevel SARL (for 33 months)
• Bitfolk LTD (for 32 months)
• Megaspace Internet Services GmbH (for 32 months)
• NUMLOG (for 32 months)
• Greenbone Networks GmbH (for 31 months)
• WinGo AG (for 31 months)
• Ecole Centrale de Nantes LHEEA (for 27 months)
• Sig-I/O (for 24 months)
• Entr ouvert (for 22 months)
• Adfinis SyGroup AG (for 19 months)
• GNI MEDIA (for 14 months)
• Quarantainenet BV (for 14 months)
• RHX Srl (for 11 months)
• Bearstech (for 5 months)
• LiHAS (for 5 months)
• People Doc
• Catalyst IT Ltd

No comment Liked this article? Click here. My blog is Flattr-enabled.

Like each month, here comes a report about the work of paid contributors to Debian LTS. Individual reports In May, about 161 work hours have been dispatched among 11 paid contributors. Their reports are available:

• Antoine Beaupr did 12h (out of 16h allocated, thus keeping 4 extra hours for July).
• Ben Hutchings did 20 hours (out of 15h allocated + 5 extra hours).
• Chris Lamb did 16 hours.
• Emilio Pozuelo Monfort did 11 hours (out of 16 hours allocated + 3 hours remaining, thus keeping 8 hours for July).
• Guido G nther did 9 hours.
• Hugo Lefeuvre did 5 hours (out of 15h allocated, thus keeping 10 extra hours for July).
• Markus Koschany did 16 hours.
• Ola Lundqvist did 12 hours (out of 14h allocated, thus keeping 2 extra hours for July).
• Rapha l Hertzog did 12 hours.
• Roberto C. Sanchez did 6.5 hours (out of 16 hours allocated + 2.5 hour remaining, thus keeping 12 extra hours for July).
• Thorsten Alteholz did 16 hours.

Evolution of the situation The number of sponsored hours increased slightly with one new bronze sponsor and another silver sponsor is in the process of joining. The security tracker currently lists 49 packages with a known CVE and the dla-needed.txt file 54. The number of open issues is close to last month. Thanks to our sponsors New sponsors are in bold.

• Platinum sponsors:
• TOSHIBA (for 21 months)
• GitHub (for 11 months)
• Gold sponsors:
• The Positive Internet (for 37 months)
• Blablacar (for 36 months)
• Linode (for 26 months)
• Babiel GmbH (for 15 months)
• Plat Home (for 14 months)
• Silver sponsors:
• Domeneshop AS (for 36 months)
• Universit Lille 3 (for 36 months)
• Trollweb Solutions (for 34 months)
• Nantes M tropole (for 30 months)
• Dalenys (for 27 months)
• Univention GmbH (for 22 months)
• Universit Jean Monnet de St Etienne (for 22 months)
• Sonus Networks (for 16 months)
• UR Communications BV (for 10 months)
• maxcluster GmbH (for 10 months)
• Exonet B.V. (for 6 months)
• Bronze sponsors:
• David Ayers IntarS Austria (for 37 months)
• Evolix (for 37 months)
• Offensive Security (for 37 months)
• Seznam.cz, a.s. (for 37 months)
• Freeside Internet Service (for 36 months)
• MyTux (for 36 months)
• Linuxhotel GmbH (for 34 months)
• Intevation GmbH (for 33 months)
• Daevel SARL (for 32 months)
• Bitfolk LTD (for 31 months)
• Megaspace Internet Services GmbH (for 31 months)
• Greenbone Networks GmbH (for 30 months)
• NUMLOG (for 30 months)
• WinGo AG (for 29 months)
• Ecole Centrale de Nantes LHEEA (for 26 months)
• Sig-I/O (for 23 months)
• Entr ouvert (for 21 months)
• Adfinis SyGroup AG (for 18 months)
• Quarantainenet BV (for 13 months)
• GNI MEDIA (for 12 months)
• RHX Srl (for 10 months)
• Bearstech (for 4 months)
• LiHAS (for 4 months)
• People Doc

One comment Liked this article? Click here. My blog is Flattr-enabled.

So I finally got myself a blog to write about my software and hardware projects, my work in Debian and, I guess, stuff. Readers of planet.debian.org, hi! If you can see this I got the configuration right. For the curious, I m using a static site generator for this blog Hugo to be specific like all the cool kids do these days.

Like each month, here comes a report about the work of paid contributors to Debian LTS. Individual reports In May, about 182 work hours have been dispatched among 11 paid contributors. Their reports are available:

• Ben Hutchings did 13 hours (out of 15h allocated + 3 extra hours, thus keeping 5 extra hours for June).
• Brian May did 10 hours.
• Chris Lamb did 18 hours.
• Emilio Pozuelo Monfort did 23 hours (out of 24 hours allocated + 2 hours remaining, thus keeping 3 hours for June).
• Guido G nther did 8 hours.
• Hugo Lefeuvre did 15 hours.
• Jonas Meurer gave back his remaining hours from last month.
• Markus Koschany did 27.25 hours.
• Ola Lundqvist did 12 hours (out of 6h allocated + 6 remaining hours).
• Rapha l Hertzog did 12 hours.
• Roberto C. Sanchez did 22 hours (out of 20 hours allocated + 4.5 hour remaining, thus keeping 2.5 extra hours for June).
• Thorsten Alteholz did 27.25 hours.

Evolution of the situation The number of sponsored hours did not change and we are thus still a little behind our objective. The security tracker currently lists 44 packages with a known CVE and the dla-needed.txt file 42. The number of open issues is close to last month. Thanks to our sponsors New sponsors are in bold (none this month unfortunately).

• Platinum sponsors:
• TOSHIBA (for 20 months)
• GitHub (for 11 months)
• Gold sponsors:
• The Positive Internet (for 36 months)
• Blablacar (for 35 months)
• Linode (for 25 months)
• Babiel GmbH (for 14 months)
• Plat Home (for 14 months)
• Silver sponsors:
• Domeneshop AS (for 35 months)
• Universit Lille 3 (for 35 months)
• Trollweb Solutions (for 33 months)
• Nantes M tropole (for 29 months)
• Dalenys (for 26 months)
• Univention GmbH (for 21 months)
• Universit Jean Monnet de St Etienne (for 21 months)
• Sonus Networks (for 15 months)
• UR Communications BV (for 9 months)
• maxcluster GmbH (for 9 months)
• Exonet B.V. (for 5 months)
• Bronze sponsors:
• David Ayers IntarS Austria (for 36 months)
• Evolix (for 36 months)
• Offensive Security (for 36 months)
• Seznam.cz, a.s. (for 36 months)
• Freeside Internet Service (for 35 months)
• MyTux (for 35 months)
• Linuxhotel GmbH (for 33 months)
• Intevation GmbH (for 32 months)
• Daevel SARL (for 31 months)
• Bitfolk LTD (for 30 months)
• Megaspace Internet Services GmbH (for 30 months)
• Greenbone Networks GmbH (for 29 months)
• NUMLOG (for 29 months)
• WinGo AG (for 28 months)
• Ecole Centrale de Nantes LHEEA (for 25 months)
• Sig-I/O (for 22 months)
• Entr ouvert (for 20 months)
• Adfinis SyGroup AG (for 17 months)
• Laboratoire LEGI UMR 5519 / CNRS (for 12 months)
• Quarantainenet BV (for 12 months)
• GNI MEDIA (for 11 months)
• RHX Srl (for 9 months)
• Bearstech (for 3 months)
• LiHAS (for 3 months)

No comment Liked this article? Click here. My blog is Flattr-enabled.

After a long time I decided to move my blog again to something with git and markdown in the background. I decided to give hugo a chance on my uberspace account. Uberspace is a nice, geek driven hoster in germany from geeks for geeks. The blog itself is hosted on github, it pushes commits to a simple golang based webhook service based on adnanh/webhook.

Like each month, here comes a report about the work of paid contributors to Debian LTS. Individual reports In April, about 190 work hours have been dispatched among 13 paid contributors. Their reports are available:

• Antoine Beaupr did 19.5 hours (out of 16h allocated + 5.5 remaining hours, thus keeping 2 extra hours for May).
• Ben Hutchings did 12 hours (out of 15h allocated, thus keeping 3 extra hours for May).
• Brian May did 10 hours.
• Chris Lamb did 18 hours.
• Emilio Pozuelo Monfort did 17.5 hours (out of 16 hours allocated + 3.5 hours remaining, thus keeping 2 hours for May).
• Guido G nther did 12 hours (out of 8 hours allocated + 4 hours remaining).
• Hugo Lefeuvre did 15.5 hours (out of 6 hours allocated + 9.5 hours remaining).
• Jonas Meurer did nothing (out of 4 hours allocated + 3.5 hours remaining, thus keeping 7.5 hours for May).
• Markus Koschany did 23.75 hours.
• Ola Lundqvist did 14 hours (out of 20h allocated, thus keeping 6 extra hours for May).
• Rapha l Hertzog did 11.25 hours (out of 10 hours allocated + 1.25 hours remaining).
• Roberto C. Sanchez did 16.5 hours (out of 20 hours allocated + 1 hour remaining, thus keeping 4.5 extra hours for May).
• Thorsten Alteholz did 23.75 hours.

Evolution of the situation The number of sponsored hours decreased slightly and we re now again a little behind our objective. The security tracker currently lists 54 packages with a known CVE and the dla-needed.txt file 37. The number of open issues is comparable to last month. Thanks to our sponsors New sponsors are in bold.

• Platinum sponsors:
• TOSHIBA (for 19 months)
• GitHub (for 10 months)
• Gold sponsors:
• The Positive Internet (for 35 months)
• Blablacar (for 34 months)
• Linode (for 24 months)
• Babiel GmbH (for 13 months)
• Plat Home (for 13 months)
• Silver sponsors:
• Domeneshop AS (for 34 months)
• Universit Lille 3 (for 34 months)
• Trollweb Solutions (for 32 months)
• Nantes M tropole (for 28 months)
• Dalenys (for 25 months)
• Univention GmbH (for 20 months)
• Universit Jean Monnet de St Etienne (for 20 months)
• Sonus Networks (for 14 months)
• UR Communications BV (for 9 months)
• maxcluster GmbH (for 8 months)
• Exonet B.V. (for 4 months)
• Bronze sponsors:
• David Ayers IntarS Austria (for 35 months)
• Evolix (for 35 months)
• Offensive Security (for 35 months)
• Seznam.cz, a.s. (for 35 months)
• Freeside Internet Service (for 34 months)
• MyTux (for 34 months)
• Linuxhotel GmbH (for 32 months)
• Intevation GmbH (for 31 months)
• Daevel SARL (for 30 months)
• Bitfolk LTD (for 29 months)
• Megaspace Internet Services GmbH (for 29 months)
• Greenbone Networks GmbH (for 28 months)
• NUMLOG (for 28 months)
• WinGo AG (for 28 months)
• Ecole Centrale de Nantes LHEEA (for 24 months)
• Sig-I/O (for 21 months)
• Entr ouvert (for 19 months)
• Adfinis SyGroup AG (for 16 months)
• GNI MEDIA (for 11 months)
• Laboratoire LEGI UMR 5519 / CNRS (for 11 months)
• Quarantainenet BV (for 11 months)
• RHX Srl (for 8 months)
• Bearstech
• LiHAS

No comment Liked this article? Click here. My blog is Flattr-enabled.

A bug fix release of RcppTOML arrived on CRAN today. Table arrays were (wrongly) not allowing for nesting; a simply recursion fix addresses this. RcppTOML brings TOML to R. TOML is a file format that is most suitable for configurations, as it is meant to be edited by humans but read by computers. It emphasizes strong readability for humans while at the same time supporting strong typing as well as immediate and clear error reports. On small typos you get parse errors, rather than silently corrupted garbage. Much preferable to any and all of XML, JSON or YAML -- though sadly these may be too ubiquitous now. TOML is making good inroads with newer and more flexible projects such as the Hugo static blog compiler, or the Cargo system of Crates (aka "packages") for the Rust language.

Changes in version 0.1.3 (2017-04-25)

• Nested TableArray types are now correctly handled (#16)

Courtesy of CRANberries, there is a diffstat report for this release. More information is on the RcppTOML page page. Issues and bugreports should go to the GitHub issue tracker.

This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. Please report excessive re-aggregation in third-party for-profit settings.

Like each month, here comes a report about the work of paid contributors to Debian LTS. Individual reports In March, about 190 work hours have been dispatched among 14 paid contributors. Their reports are available:

• Antoine Beaupr did 19 hours (out of 14.75h allocated + 10 remaining hours, thus keeping 5.75 extra hours for April).
• Balint Reczey did nothing (out of 14.75 hours allocated + 2.5 hours remaining) and gave back all his unused hours. He took on a new job and will stop his work as LTS paid contributor.
• Ben Hutchings did 14.75 hours.
• Brian May did 10 hours.
• Chris Lamb did 14.75 hours.
• Emilio Pozuelo Monfort did 11.75 hours (out of 14.75 hours allocated + 0.5 hours remaining, thus keeping 3.5 hours for April).
• Guido G nther did 4 hours (out of 8 hours allocated, thus keeping 4 extra hours for April).
• Hugo Lefeuvre did 4 hours (out of 13.5 hours allocated, thus keeping 9.5 extra hours for April).
• Jonas Meurer did 11.25 hours (out of 14.75 hours allocated, thus keeping 3.5 extra hours for April).
• Markus Koschany did 14.75 hours.
• Ola Lundqvist did 23.75 hours (out of 14.75h allocated + 9 hours remaining).
• Rapha l Hertzog did 15 hours (out of 10 hours allocated + 6.25 hours remaining, thus keeping 1.25 hours for April).
• Roberto C. Sanchez did 21.5 hours (out of 14.75 hours allocated + 7.75 hours remaining, thus keeping 1 extra hour for April).
• Thorsten Alteholz did 14.75 hours.

Evolution of the situation The number of sponsored hours has been unchanged but will likely decrease slightly next month as one sponsor will not renew his support (because they have switched to CentOS). The security tracker currently lists 52 packages with a known CVE and the dla-needed.txt file 40. The number of open issues continued its slight increase not worrisome yet but we need to keep an eye on this situation. Thanks to our sponsors New sponsors are in bold.

• Platinum sponsors:
• TOSHIBA (for 18 months)
• GitHub (for 9 months)
• Gold sponsors:
• The Positive Internet (for 34 months)
• Blablacar (for 33 months)
• Linode LLC (for 23 months)
• Babiel GmbH (for 12 months)
• Plat Home (for 12 months)
• Silver sponsors:
• Domeneshop AS (for 33 months)
• Universit Lille 3 (for 33 months)
• Trollweb Solutions (for 31 months)
• Nantes M tropole (for 27 months)
• University of Luxembourg (for 25 months)
• Dalenys (for 24 months)
• Univention GmbH (for 19 months)
• Universit Jean Monnet de St Etienne (for 19 months)
• Sonus Networks (for 13 months)
• UR Communications BV (for 7 months)
• maxcluster GmbH (for 7 months)
• Exonet B.V. (for 3 months)
• Bronze sponsors:
• David Ayers IntarS Austria (for 34 months)
• Evolix (for 34 months)
• Offensive Security (for 34 months)
• Seznam.cz, a.s. (for 34 months)
• Freeside Internet Service (for 33 months)
• MyTux (for 33 months)
• Linuxhotel GmbH (for 31 months)
• Intevation GmbH (for 30 months)
• Daevel SARL (for 29 months)
• Bitfolk LTD (for 28 months)
• Megaspace Internet Services GmbH (for 28 months)
• Greenbone Networks GmbH (for 27 months)
• NUMLOG (for 27 months)
• WinGo AG (for 26 months)
• Ecole Centrale de Nantes LHEEA (for 23 months)
• Sig-I/O (for 20 months)
• Entr ouvert (for 18 months)
• Adfinis SyGroup AG (for 15 months)
• Laboratoire LEGI UMR 5519 / CNRS (for 10 months)
• Quarantainenet BV (for 10 months)
• GNI MEDIA (for 9 months)
• RHX Srl (for 7 months)
• Bearstech
• LiHAS

No comment Liked this article? Click here. My blog is Flattr-enabled.

Welcome to the third post in the rarely relevant R recommendation series, or R⁴ for short. Today will be brief, but of some importance. In order to know where R is going next, few places provide a better vantage point than the actual ongoing development. A few years ago, I mentioned to Duncan Murdoch how straightforward the setup of my CRANberries feed (and site) was. After all, static blog compilers converting textual input to html, rss feed and whatnot have been around for fifteen years (though they keep getting reinvented). He took this to heart and built the (not too pretty) R-devel daily site (which also uses a fancy diff tool as it shows changes in NEWS) as well as a more general description of all available sub-feeds. I follow this mostly through blog aggregations -- Google Reader in its day, now Feedly. A screenshot is below just to show that it doesn't have to be ugly just because it is on them intertubes: This shows a particularly useful day when R-devel folded into the new branch for what will be the R 3.4.0 release come April 21. The list of upcoming changes is truly impressive and quite comprehensive -- and the package registration helper, focus of posts #1 and #2 here, is but one of these many changes. One function I learned about that day is tools::CRAN_package_db(), a helper to get a single (large) data.frame with all package DESCRIPTION information. Very handy. Others may have noticed that CRAN repos now have a new top-level file PACKAGES.rds and this function does indeed just fetch it--which you could do with a similar one-liner in R-release as well. Still very handy. But do read about changes in R-devel and hence upcoming changes in R 3.4.0. Lots of good things coming our way.

This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. Please report excessive re-aggregation in third-party for-profit settings.

A new release of RcppTOML is now on CRAN. This release fixes a few parsing issues for less frequently-used inputs: vectors of boolean or date(time) types, as well as table array input. RcppTOML brings TOML to R. TOML is a file format that is most suitable for configurations, as it is meant to be edited by humans but read by computers. It emphasizes strong readability for humans while at the same time supporting strong typing as well as immediate and clear error reports. On small typos you get parse errors, rather than silently corrupted garbage. Much preferable to any and all of XML, JSON or YAML -- though sadly these may be too ubiquitous now. TOML is making good inroads with newer and more flexible projects such as the Hugo static blog compiler, or the Cargo system of Crates (aka "packages") for the Rust language.

Changes in version 0.1.2 (2017-03-26)

• Dates and Datetimes in arrays in the input now preserve their types instead of converting to numeric vectors (#13)
• Boolean vectors are also correctly handled (#14)
• TableArray types are now stored as lists in a single named list (#15)
• The README.md file was expanded with an example and screenshot.
• Added file init.c with calls to R_registerRoutines() and R_useDynamicSymbols(); also use .registration=TRUE in useDynLib in NAMESPACE
• Two example files were updated.

Courtesy of CRANberries, there is a diffstat report for this release. More information is on the RcppTOML page page. Issues and bugreports should go to the GitHub issue tracker.

This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. Please report excessive re-aggregation in third-party for-profit settings.

Like each month, here comes a report about the work of paid contributors to Debian LTS. Individual reports In January, about 154 work hours have been dispatched among 13 paid contributors. Their reports are available:

• Antoine Beaupr did 3 hours (out of 13h allocated, thus keeping 10 extra hours for March).
• Balint Reczey did 13 hours (out of 13 hours allocated + 1.25 hours remaining, thus keeping 1.25 hours for March).
• Ben Hutchings did 19 hours (out of 13 hours allocated + 15.25 hours remaining, he gave back the remaining hours to the pool).
• Chris Lamb did 13 hours.
• Emilio Pozuelo Monfort did 12.5 hours (out of 13 hours allocated, thus keeping 0.5 hour for March).
• Guido G nther did 8 hours.
• Hugo Lefeuvre did nothing and gave back his 13 hours to the pool.
• Jonas Meurer did 14.75 hours (out of 5 hours allocated + 9.75 hours remaining).
• Markus Koschany did 13 hours.
• Ola Lundqvist did 4 hours (out of 13h allocated, thus keeping 9 hours for March).
• Rapha l Hertzog did 3.75 hours (out of 10 hours allocated, thus keeping 6.25 hours for March).
• Roberto C. Sanchez did 5.5 hours (out of 13 hours allocated + 0.25 hours remaining, thus keeping 7.75 hours for March).
• Thorsten Alteholz did 13 hours.

Evolution of the situation The number of sponsored hours increased slightly thanks to Bearstech and LiHAS joining us. The security tracker currently lists 45 packages with a known CVE and the dla-needed.txt file 39. The number of open issues continued its slight increase, this time it could be explained by the fact that many contributors did not spend all the hours allocated (for various reasons). There s nothing worrisome at this point. Thanks to our sponsors New sponsors are in bold.

• Platinum sponsors:
• TOSHIBA (for 17 months)
• GitHub (for 8 months)
• Gold sponsors:
• The Positive Internet (for 33 months)
• Blablacar (for 32 months)
• Linode LLC (for 22 months)
• Babiel GmbH (for 11 months)
• Plat Home (for 11 months)
• Silver sponsors:
• Domeneshop AS (for 32 months)
• Universit Lille 3 (for 32 months)
• Trollweb Solutions (for 30 months)
• Nantes M tropole (for 26 months)
• University of Luxembourg (for 24 months)
• Dalenys (for 23 months)
• Univention GmbH (for 18 months)
• Universit Jean Monnet de St Etienne (for 18 months)
• Sonus Networks (for 12 months)
• UR Communications BV (for 6 months)
• maxcluster GmbH (for 6 months)
• Exonet B.V.
• Bronze sponsors:
• David Ayers IntarS Austria (for 33 months)
• Evolix (for 33 months)
• Offensive Security (for 33 months)
• Seznam.cz, a.s. (for 33 months)
• Freeside Internet Service (for 32 months)
• MyTux (for 32 months)
• Linuxhotel GmbH (for 30 months)
• Intevation GmbH (for 29 months)
• Daevel SARL (for 28 months)
• Bitfolk LTD (for 27 months)
• Megaspace Internet Services GmbH (for 27 months)
• Greenbone Networks GmbH (for 26 months)
• NUMLOG (for 26 months)
• WinGo AG (for 25 months)
• Ecole Centrale de Nantes LHEEA (for 22 months)
• Sig-I/O (for 19 months)
• Entr ouvert (for 17 months)
• Adfinis SyGroup AG (for 14 months)
• Laboratoire LEGI UMR 5519 / CNRS (for 9 months)
• Quarantainenet BV (for 9 months)
• GNI MEDIA (for 8 months)
• RHX Srl (for 6 months)
• LiHAS
• Bearstech

No comment Liked this article? Click here. My blog is Flattr-enabled.

Like each month, here comes a report about the work of paid contributors to Debian LTS. Individual reports In January, about 159 work hours have been dispatched among 13 paid contributors. Their reports are available:

• Antoine Beaupr did 12.75 hours.
• Balint Reczey did 14 hours (out of 12.75 hours allocated + 2.5 hours remaining, thus keeping 1.25 hours for February).
• Ben Hutchings did 3 hours (out of 12.75 hours allocated + 5.5 hours remaining, thus keeping 15.25 extra hours for February).
• Chris Lamb did 12.75 hours.
• Emilio Pozuelo Monfort did 15.25 hours (out of 12.75 hours allocated + 2.5 hours remaining).
• Guido G nther did 8 hours.
• Hugo Lefeuvre did 15.25 hours (out of 12.75 hours allocated + 2.5 hours remaining).
• Jonas Meurer did 9 hours (out of 12 hours allocated + 6.75 hours remaining, thus keeping 9.75 extra hours for February).
• Markus Koschany did 12.75 hours.
• Ola Lundqvist did 12.75 hours.
• Rapha l Hertzog did 10 hours.
• Roberto C. Sanchez did 12.5 hours (out of 12.75 hours allocated, thus keeping 0.25 hours for February).
• Thorsten Alteholz did 12.75 hours.

Evolution of the situation The number of sponsored hours increased slightly thanks to Exonet joining us. The security tracker currently lists 37 packages with a known CVE and the dla-needed.txt file 36. The situation is roughly similar to last month even though the number of open issues increased slightly. Thanks to our sponsors New sponsors are in bold.

• Platinum sponsors:
• TOSHIBA (for 16 months)
• GitHub (for 7 months)
• Gold sponsors:
• The Positive Internet (for 32 months)
• Blablacar (for 31 months)
• Linode LLC (for 21 months)
• Babiel GmbH (for 10 months)
• Plat Home (for 10 months)
• Silver sponsors:
• Domeneshop AS (for 31 months)
• Universit Lille 3 (for 31 months)
• Trollweb Solutions (for 29 months)
• Nantes M tropole (for 25 months)
• University of Luxembourg (for 23 months)
• Dalenys (for 22 months)
• Univention GmbH (for 17 months)
• Universit Jean Monnet de St Etienne (for 17 months)
• Sonus Networks (for 11 months)
• UR Communications BV (for 5 months)
• maxcluster GmbH (for 5 months)
• Exonet B.V.
• Bronze sponsors:
• David Ayers IntarS Austria (for 32 months)
• Evolix (for 32 months)
• Offensive Security (for 32 months)
• Seznam.cz, a.s. (for 32 months)
• Freeside Internet Service (for 31 months)
• MyTux (for 31 months)
• Linuxhotel GmbH (for 29 months)
• Intevation GmbH (for 28 months)
• Daevel SARL (for 27 months)
• Bitfolk LTD (for 26 months)
• Megaspace Internet Services GmbH (for 26 months)
• Greenbone Networks GmbH (for 25 months)
• NUMLOG (for 25 months)
• WinGo AG (for 24 months)
• Ecole Centrale de Nantes LHEEA (for 21 months)
• Sig-I/O (for 18 months)
• Entr ouvert (for 16 months)
• Adfinis SyGroup AG (for 13 months)
• Laboratoire LEGI UMR 5519 / CNRS (for 8 months)
• Quarantainenet BV (for 8 months)
• GNI MEDIA (for 7 months)
• RHX Srl (for 5 months)

No comment Liked this article? Click here. My blog is Flattr-enabled.

Following up on the somewhat important RcppTOML 0.1.0 releaseas which brought RcppTOML to Windows, we have a first minor update 0.1.1. Two things changed: once again updated upstream code from Chase Geigle's cpptoml which now supports Date types too, and we added the ability to parse TOML from strings as opposed to only from files. TOML is a file format that is most suitable for configurations, as it is meant to be edited by humans but read by computers. It emphasizes strong readability for humans while at the same time supporting strong typing as well as immediate and clear error reports. On small typos you get parse errors, rather than silently corrupted garbage. Much preferable to any and all of XML, JSON or YAML -- though sadly these may be too ubiquitous now.
TOML is making good inroads with newer and more flexible projects such as the Hugo static blog compiler, or the Cargo system of Crates (aka "packages") for the Rust language.

Changes in version 0.1.1 (2017-xx-yy)

• Synchronized multiple times with ccptoml upstream adding support for local datetime and local date and more (PR #9, #10, PR #11)
• Dates are now first class types, some support for local versus UTC times was added (though it may be adviseable to stick with UTC)
• Parsing from (R) character variables is now supported as well
• Output from print.toml no longer prints extra newlines

Courtesy of CRANberries, there is a diffstat report for this release. More information and examples are on the RcppTOML page. Issues and bugreports should go to the GitHub issue tracker.

This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. Please report excessive re-aggregation in third-party for-profit settings.

My WordPress blog got hacked two days ago and now twice today. This morning I purged MySQL and restored a good backup from three days ago, changed all DB and WordPress passwords (both the old and new ones were long and autogenerated ones), but not even an hour after the redeploy the hack was back. (It can still be seen on Planet Debian and Planet Ubuntu. Neither the Apache logs nor the Journal had anything obvious, nor were there any new files in global or user www directories, so I m a bit stumped how this happened. Certainly not due to bruteforcing a password, that would both have shown in the logs and also have triggered ban2fail, so this looks like an actual vulnerability. I upgraded to WordPress 4.7.1 a few days ago, and apparently 4.7.2 fixes a few vulnerabilities, although all of them don t sound like they would match my situation. jessie-backports is still at 4.7.1, so I missed that update. But either way, all WordPress blogs hosted on my server are down for the time being. I took this as motivation to finally migrate to something more robust. WordPress has tons of features that I never need, and also a lot of overhead (dynamic generation, MySQL, its own user/passwords, etc.). I had a look around, and it seems Hugo and Blogofile are nice contenders no privileges, no database, outputting static files, input is Markdown (so much nicer to type than HTML!), and maintaining your blog in git and previewing the changes on my local laptop are straightforward. I happened to try Hugo first, and like it enough to give it an extended try you have plenty of themes to choose from and they are straightforward to customize, so I don t need to spend a lot of time learning and crafting CSS. I ran the WordPress to Hugo Exporter, and it produced remarkable results fairly usable HTML Markdown and metadata conversion, it keeps all the original URLs, and it s painless to use. Nicely done! So here it is, on to a much more secure server now! \o/

Like each month, here comes a report about the work of paid contributors to Debian LTS. Individual reports In December, about 175 work hours have been dispatched among 14 paid contributors. Their reports are available:

• Antoine Beaupr did 20.5 hours (out of 13.5 hours allocated + 7 remaining hours).
• Balint Reczey did 10 hours (out of 13.5 hours allocated, thus keeping 2.5 hours for January).
• Ben Hutchings did 10 hours (out of 13.5 hours allocated + 2 hours remaining, thus keeping 5.5 extra hours for January).
• Brian May did 10 hours.
• Chris Lamb did 13.5 hours.
• Emilio Pozuelo Monfort did 11 hours (out of 13.5 hours allocated, thus keeping 2.5 extra hours for January).
• Guido G nther did 8 hours.
• Hugo Lefeuvre did 11 hours (out of 13.5 hours allocated, thus keeping 2.5 extra hours for January).
• Jonas Meurer did 5.25 hours (out of 12 hours allocated, thus keeping 6.75 extra hours for January).
• Markus Koschany did 13.5 hours.
• Ola Lundqvist did 13.5 hours.
• Rapha l Hertzog did 10 hours.
• Roberto C. Sanchez did 13.5 hours.
• Thorsten Alteholz did 13.5 hours.

Evolution of the situation The number of sponsored hours did not increase but a new silver sponsor is in the process of joining. We are only missing another silver sponsor (or two to four bronze sponsors) to reach our objective of funding the equivalent of a full time position. The security tracker currently lists 31 packages with a known CVE and the dla-needed.txt file 27. The situation improved a little bit compared to last month. Thanks to our sponsors New sponsors are in bold.

• Platinum sponsors:
• TOSHIBA (for 14 months)
• GitHub (for 5 months)
• Gold sponsors:
• The Positive Internet (for 30 months)
• Blablacar (for 29 months)
• Linode LLC (for 19 months)
• Babiel GmbH (for 8 months)
• Plat Home (for 8 months)
• Silver sponsors:
• Domeneshop AS (for 29 months)
• Universit Lille 3 (for 29 months)
• Trollweb Solutions (for 27 months)
• Nantes M tropole (for 23 months)
• University of Luxembourg (for 21 months)
• Dalenys (for 20 months)
• Univention GmbH (for 15 months)
• Universit Jean Monnet de St Etienne (for 15 months)
• Sonus Networks (for 9 months)
• UR Communications BV (for 3 months)
• maxcluster GmbH (for 3 months)
• Bronze sponsors:
• David Ayers IntarS Austria (for 30 months)
• Evolix (for 30 months)
• Offensive Security (for 30 months)
• Seznam.cz, a.s. (for 30 months)
• Freeside Internet Service (for 29 months)
• MyTux (for 29 months)
• Linuxhotel GmbH (for 27 months)
• Intevation GmbH (for 26 months)
• Daevel SARL (for 25 months)
• Bitfolk LTD (for 24 months)
• Megaspace Internet Services GmbH (for 24 months)
• Greenbone Networks GmbH (for 23 months)
• NUMLOG (for 23 months)
• WinGo AG (for 22 months)
• Ecole Centrale de Nantes LHEEA (for 19 months)
• Sig-I/O (for 16 months)
• Entr ouvert (for 14 months)
• Adfinis SyGroup AG (for 11 months)
• Laboratoire LEGI UMR 5519 / CNRS (for 6 months)
• Quarantainenet BV (for 6 months)
• GNI MEDIA (for 5 months)
• RHX Srl (for 3 months)

No comment Liked this article? Click here. My blog is Flattr-enabled.

Big news: RcppTOML now works on Windows too! This package had an uneventful 2016 without a single update. Release 0.0.5 had come out in late 2015 and we had no bugs or issues to fix. We use the package daily in production: a key part of our parameterisation is in TOML files In the summer, I took one brief stab at building on Windows now that R sports itself a proper C++11 compiler on Windows too. I got stuck over the not-uncommon problem of incomplete POSIX and/or C++11 support with MinGW and g++-4.9. And sadly ... I appears I wasn't quite awake enough to realize that the missing functionality was right there exposed by Rcpp! Having updated that date / datetime functionality very recently, I was in a better position to realize this when Devin Pastoor asked two days ago. I was able to make a quick suggestion which he tested, which I then refined ... here we are: RcppTOML on Windows too! (For the impatient: CRAN has reported that it has built the Windows binaries, they should hit mirrors such as this CRAN package for RcppTOML shortly.) So what is this TOML thing, you ask? A file format, very suitable for configurations, meant to be edited by humans but read by computers. It emphasizes strong readability for humans while at the same time supporting strong typing as well as immediate and clear error reports. On small typos you get parse errors, rather than silently corrupted garbage. Much preferable to any and all of XML, JSON or YAML -- though sadly these may be too ubiquitous now. But TOML is making good inroads with newer and more flexible projects. The Hugo static blog compiler is one example; the Cargo system of Crates (aka "packages") for the Rust language is another example. The new release updates the included cpptoml template header by Chase Geigle, brings the aforementioned Windows support and updates the Travis configuration. We also added a NEWS file for the first time so here are all changes so far:

Changes in version 0.1.0 (2017-01-05)

• Added Windows support by relying on Rcpp::mktime00() (#6 and #8 closing #5 and #3)
• Synchronized with cpptoml upstream (#9)
• Updated Travis CI support via newer run.sh

Changes in version 0.0.5 (2015-12-19)

• Synchronized with cpptoml upstream (#4)
• Improved and extended examples

Changes in version 0.0.4 (2015-07-16)

• Minor update of upstream cpptoml.h
• More explicit call of utils::str()
• Properly cope with empty lists (#2)

Changes in version 0.0.3 (2015-04-27)

• First CRAN release after four weeks of initial development

Courtesy of CRANberries, there is a diffstat report for this release. More information and examples are on the RcppTOML page. Issues and bugreports should go to the GitHub issue tracker.

This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. Please report excessive re-aggregation in third-party for-profit settings.

Like each month, here comes a report about the work of paid contributors to Debian LTS. Individual reports In October, about 150 work hours have been dispatched among 14 paid contributors. Their reports are available:

• Antoine Beaupr did 4 hours (out of 11 hours allocated, thus keeping 7 extra hours for December).
• Balint Reczey did 11 hours.
• Ben Hutchings did 9 hours (out of 11 hours allocated, thus keeping 2 extra hours for December).
• Brian May did 11 hours.
• Chris Lamb did 11 hours.
• Emilio Pozuelo Monfort did 11 hours.
• Guido G nther did 8 hours.
• Hugo Lefeuvre did 11 hours.
• Jonas Meurer did 12.75 hours (out of 11 hours allocated + 1.75 hours remaining).
• Markus Koschany did 11 hours.
• Ola Lundqvist did 11.75 hours (out of 11 hours allocated + 0.75 hours remaining).
• Rapha l Hertzog did 11 hours.
• Roberto C. Sanchez did 11 hours.
• Thorsten Alteholz did 11 hours.

Evolution of the situation The number of sponsored hours did not change this month and in fact we haven t had any new sponsor since September. We still need a couple of supplementary sponsors to reach our objective of funding the equivalent of a full time position. The security tracker currently lists 40 packages with a known CVE and the dla-needed.txt file 36. We don t seem to really catch up the small backlog. The reasons are not clear but I noticed that there are a few packages that take a lot of time due to the number of issues found with fuzzers. We also handle many issues that the security team ends up classifying as not worth an update because we add the package to dla-needed.txt before the security team has done its review and nobody checks afterwards. Thanks to our sponsors New sponsors are in bold.

• Platinum sponsors:
• TOSHIBA (for 14 months)
• GitHub (for 5 months)
• Gold sponsors:
• The Positive Internet (for 30 months)
• Blablacar (for 29 months)
• Linode LLC (for 19 months)
• Babiel GmbH (for 8 months)
• Plat Home (for 8 months)
• Silver sponsors:
• Domeneshop AS (for 29 months)
• Universit Lille 3 (for 29 months)
• Trollweb Solutions (for 27 months)
• Nantes M tropole (for 23 months)
• University of Luxembourg (for 21 months)
• Dalenys (for 20 months)
• Univention GmbH (for 15 months)
• Universit Jean Monnet de St Etienne (for 15 months)
• Sonus Networks (for 9 months)
• UR Communications BV (for 3 months)
• maxcluster GmbH (for 3 months)
• Bronze sponsors:
• David Ayers IntarS Austria (for 30 months)
• Evolix (for 30 months)
• Offensive Security (for 30 months)
• Seznam.cz, a.s. (for 30 months)
• Freeside Internet Service (for 29 months)
• MyTux (for 29 months)
• Linuxhotel GmbH (for 27 months)
• Intevation GmbH (for 26 months)
• Daevel SARL (for 25 months)
• Bitfolk LTD (for 24 months)
• Megaspace Internet Services GmbH (for 24 months)
• Greenbone Networks GmbH (for 23 months)
• NUMLOG (for 23 months)
• WinGo AG (for 22 months)
• Ecole Centrale de Nantes LHEEA (for 19 months)
• Sig-I/O (for 16 months)
• Entr ouvert (for 14 months)
• Adfinis SyGroup AG (for 11 months)
• Laboratoire LEGI UMR 5519 / CNRS (for 6 months)
• Quarantainenet BV (for 6 months)
• GNI MEDIA (for 5 months)
• RHX Srl (for 3 months)

No comment Liked this article? Click here. My blog is Flattr-enabled.

Like each month, here comes a report about the work of paid contributors to Debian LTS. Individual reports In October, about 175 work hours have been dispatched among 14 paid contributors. Their reports are available:

• Antoine Beaupr did 13 hours.
• Balint Reczey did 7 hours (out of 13 hours allocated + 4.5 remaining, the extra hours have been given back).
• Ben Hutchings did 13.75 hours (out of 13 hours allocated + 0.75 remaining).
• Brian May did 13 hours.
• Chris Lamb did 13 hours.
• Emilio Pozuelo Monfort did 13 hours.
• Guido G nther did 9 hours (out of 8h allocated + 1h remaining).
• Hugo Lefeuvre did 12 hours.
• Jonas Meurer did 10.25 hours (out of 12 hours allocated, thus keeping 1.75 extra hours for November).
• Markus Koschany did 13 hours.
• Ola Lundqvist did 13.5 hours (out of 13 hours assigned + 1.25 remaining, thus keeping 0.75 extra hours).
• Rapha l Hertzog did 13 hours.
• Roberto C. Sanchez did 14.75 hours (out of 13h allocated + 1.75h remaining).
• Thorsten Alteholz did 13 hours.

Evolution of the situation The number of sponsored hours did not change this month. We still need a couple of supplementary sponsors to reach our objective of funding the equivalent of a full time position. The security tracker currently lists 34 packages with a known CVE and the dla-needed.txt file 29. The situation improved slightly compared to last month. Thanks to our sponsors New sponsors are in bold.

• Platinum sponsors:
• TOSHIBA (for 13 months)
• GitHub (for 4 months)
• Gold sponsors:
• The Positive Internet (for 29 months)
• Blablacar (for 28 months)
• Linode LLC (for 18 months)
• Babiel GmbH (for 7 months)
• Plat Home (for 7 months)
• UR Communications BV
• Silver sponsors:
• Domeneshop AS (for 28 months)
• Universit Lille 3 (for 28 months)
• Trollweb Solutions (for 26 months)
• Nantes M tropole (for 22 months)
• University of Luxembourg (for 20 months)
• Dalenys (for 19 months)
• Univention GmbH (for 14 months)
• Universit Jean Monnet de St Etienne (for 14 months)
• Sonus Networks (for 8 months)
• maxcluster GmbH
• Bronze sponsors:
• David Ayers IntarS Austria (for 29 months)
• Evolix (for 29 months)
• Offensive Security (for 29 months)
• Seznam.cz, a.s. (for 29 months)
• Freeside Internet Service (for 28 months)
• MyTux (for 28 months)
• Linuxhotel GmbH (for 26 months)
• Intevation GmbH (for 25 months)
• Daevel SARL (for 24 months)
• Bitfolk LTD (for 23 months)
• Megaspace Internet Services GmbH (for 23 months)
• Greenbone Networks GmbH (for 22 months)
• NUMLOG (for 22 months)
• WinGo AG (for 21 months)
• Ecole Centrale de Nantes LHEEA (for 18 months)
• Sig-I/O (for 15 months)
• Entr ouvert (for 13 months)
• Adfinis SyGroup AG (for 10 months)
• Laboratoire LEGI UMR 5519 / CNRS (for 5 months)
• Quarantainenet BV (for 5 months)
• GNI MEDIA (for 4 months)
• RHX Srl

No comment Liked this article? Click here. My blog is Flattr-enabled.

Like each month, here comes a report about the work of paid contributors to Debian LTS. Individual reports In September, about 152 work hours have been dispatched among 13 paid contributors. Their reports are available:

• Balint Reczey did 15 hours (out of 12.25 hours allocated + 7.25 remaining, thus keeping 4.5 extra hours for October).
• Ben Hutchings did 6 hours (out of 12.3 hours allocated + 1.45 remaining, he gave back 7h and thus keeps 9.75 extra hours for October).
• Brian May did 12.25 hours.
• Chris Lamb did 12.75 hours (out of 12.30 hours allocated + 0.45 hours remaining).
• Emilio Pozuelo Monfort did 1 hour (out of 12.3 hours allocated + 2.95 remaining) and gave back the unused hours.
• Guido G nther did 6 hours (out of 7h allocated, thus keeping 1 extra hour for October).
• Hugo Lefeuvre did 12 hours.
• Jonas Meurer did 8 hours (out of 9 hours allocated, thus keeping 1 extra hour for October).
• Markus Koschany did 12.25 hours.
• Ola Lundqvist did 11 hours (out of 12.25 hours assigned thus keeping 1.25 extra hours).
• Rapha l Hertzog did 12.25 hours.
• Roberto C. Sanchez did 14 hours (out of 12.25h allocated + 3.75h remaining, thus keeping 2 extra hours).
• Thorsten Alteholz did 12.25 hours.

Evolution of the situation The number of sponsored hours reached 172 hours per month thanks to maxcluster GmbH joining as silver sponsor and RHX Srl joining as bronze sponsor. We only need a couple of supplementary sponsors now to reach our objective of funding the equivalent of a full time position. The security tracker currently lists 39 packages with a known CVE and the dla-needed.txt file 34. It s a small bump compared to last month but almost all issues are affected to someone. Thanks to our sponsors New sponsors are in bold.

• Platinum sponsors:
• TOSHIBA (for 12 months)
• GitHub (for 3 months)
• Gold sponsors:
• The Positive Internet (for 28 months)
• Blablacar (for 27 months)
• Linode LLC (for 17 months)
• Babiel GmbH (for 6 months)
• Plat Home (for 6 months)
• UR Communications BV
• Silver sponsors:
• Domeneshop AS (for 27 months)
• Universit Lille 3 (for 27 months)
• Trollweb Solutions (for 25 months)
• Nantes M tropole (for 21 months)
• University of Luxembourg (for 19 months)
• Dalenys (for 18 months)
• Univention GmbH (for 13 months)
• Universit Jean Monnet de St Etienne (for 13 months)
• Sonus Networks (for 7 months)
• maxcluster GmbH
• Bronze sponsors:
• David Ayers IntarS Austria (for 28 months)
• Evolix (for 28 months)
• Offensive Security (for 28 months)
• Seznam.cz, a.s. (for 28 months)
• Freeside Internet Service (for 27 months)
• MyTux (for 27 months)
• Intevation GmbH (for 25 months)
• Linuxhotel GmbH (for 25 months)
• Daevel SARL (for 23 months)
• Bitfolk LTD (for 22 months)
• Megaspace Internet Services GmbH (for 22 months)
• Greenbone Networks GmbH (for 21 months)
• NUMLOG (for 21 months)
• WinGo AG (for 21 months)
• Ecole Centrale de Nantes LHEEA (for 17 months)
• Sig-I/O (for 14 months)
• Entr ouvert (for 12 months)
• Adfinis SyGroup AG (for 9 months)
• GNI MEDIA (for 4 months)
• Laboratoire LEGI UMR 5519 / CNRS (for 4 months)
• Quarantainenet BV (for 4 months)
• RHX Srl

No comment Liked this article? Click here. My blog is Flattr-enabled.

Welcome to gambaru.de. Here is my monthly report that covers what I have been doing for Debian. If you re interested in Android, Java, Games and LTS topics, this might be interesting for you. Debian Android

• I sponsored a new upstream release of android-platform-tools-base prepared by Kai-Chung Yan and Chirayu Desai.

Debian Games

• I packaged a new upstream release of hyperrogue, a rogue-like game settled in a non-euclidian world, fixing one RC bug (#811991). I uploaded two more revisions later that addressed build failures on arm64 and hppa.
• I fixed more RC bugs (build failures with GCC-6) in torus-trooper (#835712) and fife (#811858).
• I packaged new upstream releases of pygame-sdl2, renpy, freeorion, netrek-client-cow, redeclipse, redeclipse-data, hitori, atomix, adonthell and adonthell-data.
• I updated gtkballs and fixed a documentation bug (#820588) but also a /usr/share/locale issue that prevented the actual use of the translations.
• I raised the severity of #797998 to grave in unknown-horizons because the game cannot be started currently. In order to fix this issue I packaged a new build-dependency, fifechan, which is currently awaiting approval by the FTP team. As soon as fifechan got accepted I will upload new upstream releases of fife and unknown-horizons.
• I released debian-games 1.5, a Debian blend and collection of games metapackages.
• Hardening-wrapper has been deprecated for some time and this issue became release critical now. I updated cookietool, alex4 and netrek-client-cow to use dpkg-buildflags instead.
• Together with Russel Coker I packaged a new upstream release of warzone2100. This package would benefit from a new regular uploader. If you are interested in it, please get involved. (Same story for hyperrogue, redeclipse, renpy and unknown-horizons and many other games.)
• I started a new Bullet transition (#839243). The package is currently waiting in the NEW queue and I hope to complete this work in October.
• I triaged #838199 and reassigned the issue to fonts-roboto. Initially I prepared an NMU but eventually the maintainer uploaded a new revision himself. It is now possible to install the hinted and unhinted versions of fonts-roboto together which also resolved former installation problems with kodi and freeorion.

Debian Java

• I packaged new upstream releases of undertow, activemq and jackrabbit.
• I fixed RC bugs in libphonenumber (#836768), wagon2 (#837022) and activemq (#839244).
• I updated syncany in experimental and simplified the packaging a little. Unfortunately upstream has been on hiatus for the past year and we haven t seen new releases in the meantime. Nevertheless give it a try, even though it is still alpha software, it s an useful cloud-storage and synchronization tool.
• I sponsored a new upstream release of freeplane for Felix Natter.
• I prepared and uploaded security updates for jackrabbit and zookeeper in Jessie.

Debian LTS This was my eight month as a paid contributor and I have been paid to work 12,25 hours on Debian LTS, a project started by Rapha l Hertzog. In that time I did the following:

• From 12. September until 19. September I was in charge of our LTS frontdesk. I triaged bugs in tiff3, mysql-5.5, curl, dropbear, mantis, icu, dwarfutils, jackrabbit, zendframework, zookeeper and graphicsmagick. For the latter I skimmed through all commits since the last version to identify the patches that fix the recent issues in graphicsmagick. I also answered questions on the mailing list and contacted Diego Biurrun again about his progress with libav. It is now anticipated that Hugo Lefeuvre and Diego will issue a new libav security release this month.
• I reviewed and tested a patch by Rapha l Hertzog for roundcube.
• DLA-629-1. Issued a security update for jackrabbit fixing 1 CVE.
• DLA-630-1. Issued a security update for zookeeper fixing 1 CVE.
• DLA-633-1. Issued a security update for wordpress fixing 7 CVE. This one also required backports of certain functions from newer releases and a database upgrade that required careful testing.
• I also issued DLA-622-1 and DLA-623-1, two security issues that I already mentioned last month. It was discovered that Debian s versions of Tomcat were vulnerable to a root privilege escalation issue. However it was also necessary that another exploit, for instance in a web application, could be used to gain write access as the tomcat user. Former security issues were already fixed and new ones are not known. Nevertheless since a zero-day exploit could not be ruled out, the issue was embargoed for a month to give other distributions time to fix this issue as well. You can read more about this topic at legalhackers.com.

Non-maintainer uploads

• I fixed various RC bugs in several games that are not maintained by the Games Team. The following games will be available in Stretch again soon: solarwolf, enigma, open-invaders, crrcsim, noiz2sa, csmash, csmash-demosong and glob2.

Misc

• I packaged a new upstream release of MediathekView.
• I uploaded a new revision of xarchiver and applied a patch from Helmut Grohne that made it possible to cross-build the package.