Don t assume another package s unblock is a precedent for yours Sometime we ll use our judgement when granting an unblock to a less-than-straightforward package. Lots of factors go into that, including the regression risk, desirability, impact on other packages (of both acceptance and refusal) and trust. However, a judgement call on one package doesn t automatically mean that the same decision will be made for another. Every single unblock request we get is called on its own merits. Do by all means ask about your package in light of another. There may be cross-over that makes your change desirable as well. Don t take it personally if the judgement call ends up being not what you expected.

---

Getting things into Jessie (#5) is a post from: jwiltshire.org.uk Flattr

Make sure bug metadata is accurate We use the metadata on the bugs you claim to have closed, as well as reading the bug report itself. You can help us out with severities, tags (e.g. blocks), and version information. Don t fall into the trap of believing that an unblock is a green light into Jessie. Britney still follows her validity rules, so if an RC bug appears to affect the unblocked version, it won t migrate. Versions matter, not only the bug state (closed or open).

---

Getting things into Jessie (#4) is a post from: jwiltshire.org.uk Flattr

Make sure everything you ve changed is in the changelog We do read the diffs in detail, and if there s no explanation for something that s changed we ll ask. We also expect it to be in the changelog. Do save some round-trips by making sure your changelog is in order. One round-trip about your package is an inconvenience; when it s scaled up to the number of requests we receive, it s a serious time-sink for us.

---

Getting things into Jessie (#3) is a post from: jwiltshire.org.uk Flattr

If your request doesn t appear on the list, probably the diff was too big There s a size limit for mails to debian-release@lists.debian.org, and in general that s how we read unblock requests. If your mail doesn t appear on the list, but you do get a bug number back, your mail is likely too large.. In this case, that s probably a sign that we won t accept your request without exceptional circumstances. Making so many changes in a package is almost certainly not appropriate for this phase of the cycle. Do use filterdiff to remove automatically-generated files from your diff before sending it, which increases the chances of acceptance. Do follow up to the bug if it doesn t appear on the list; send a short message explaining that happened and why your giant diff should be considered. Don t be surprised if thousands and thousands of lines changed are rejected.

---

Getting things into Jessie (#2) is a post from: jwiltshire.org.uk Flattr

Make it easy for us to review your request The release team gets a lot of mail at this time in the cycle. Make it easy for us by:

• including as much information as you can think of
  • yes, even if you think it s too much
  • remember we have probably never seen your package before
  • if you do write a lot, include a short summary at the top
• not deviating from the freeze policy without a really good reason
  • explain why you deviated and why it s really good in your request
• demonstrating that you ve considered and checked your changes carefully
  • that s one (but not the sole) reason we ask for a source debdiff (and assume you ve read it yourself)

---

Getting things into Jessie (#1) is a post from: jwiltshire.org.uk Flattr

It s finally become properly autumnal, in the real world and in Debian. One week ago, I announced (on behalf of the whole release team) that Debian 8 Jessie had successfully frozen on time. At 18:00 that evening we had 310 release critical bugs that is, the number that we must reduce to 0 before the release is ready. How does that number look now? Well, there are now 315 bugs affecting Jessie, at various stages of progression. That sounds like it s going in the wrong direction, but considering that over a hundred new bugs were filed just 8 hours after the freeze announcement, things are actually looking pretty good. Out of those 315 bugs, 91 have been fixed and the packages affected have already been unblocked by the release team. The fixed packages will migrate to Jessie in the next few days, if they continue to be bug-free. Thirty-four bugs are apparently fixed in unstable but are not cleared for migration yet. That means that the release team has not spotted the fix, or nobody has told us, or the fixed package is unsuitable for some other reason (like unrelated changes in the same upload). You can help by trying to find out which reason applies, and talking to us about it. Most likely nobody has asked us to unblock it yet. Speaking of unblocks, we currently have twenty-four requests that need to be looked at, and a further 20 which are awaiting more information from the maintainer. We already investigated and resolved 260 requests. Our response rate is currently pretty good, but it s unclear whether we can sustain it indefinitely. We all have day jobs, for example. One way you could help is to review the list of unchecked unblocks and gather up missing information, or look at the ones tagged moreinfo and see whether that s still the case (maybe the maintainer replied, but forgot to remove the tag). If you re confident, you might even try triaging some of the obvious requests and give some feedback to the maintainer, though the final decision will be made by a release team member. After all, the quicker this goes the sooner we can release and thaw up unstable again.

---

Footnote: the method used to determine RC bug counts last week and this week differ, and therefore so could the margin for error. Surprisingly enough, counting bugs is not an exact science. I m confident these numbers are close enough for broad comparison, even if they re out by one or two.

---

A chilly week is a post from: jwiltshire.org.uk Flattr

I ve just spent a little time squashing several bugs on the trot, all the same: insufficient build-dependencies when built in a clean environment. Typically this means that the package was uploaded after being built on a developer s normal machine, which already has everything required installed. It s long been the case that we have several ways to build packages in a clean chroot before upload, which reveals these sorts of errors and more. There s not really any excuse for uploading packages that fail to build in this way. Please, for the sanity of everyone working with the archive, don t upload packages that haven t been built in a clean environment. It s such a waste of everybody s time if you don t do this most basic of checks.

---

Clean builds for the win is a post from: jwiltshire.org.uk Flattr

A couple of weeks ago I finally got round to doing some major surgery on iptables-persistent. First of all it is principally now called netfilter-persistent (although the source package hasn t been renamed) and has a plugin architecture so that it can be extended by other packages. One of those packages is iptables-persistent; others may follow. This opens the way to fixing #662743 and #697088 (patches always welcome). There s also a new binary to handle loading/unloading of rules, instead of having all the logic in an init script. I was therefore able to add systemd support as a first-class unit, and I d appreciate patches for an Upstart service (as I m largely unfamiliar with it). Plugins are simply dropped into /usr/share/netfilter-persistent/plugins.d and must follow certain minimum conventions, detailed in netfilter-persistent(1). They can be any executable, so compiled or interpreted binaries are acceptable. This release finally gets the magic 1.0 identifier. It reaches Jessie today, and is already in Ubuntu Utopic. Flattr

---

iptables-persistent overhaul is a post from: jwiltshire.org.uk Flattr

I would like to publicly apologise for the inconvenience caused by my recent updates to the mediawiki and mediawiki-extensions source packages in Debian wheezy (stable-security). As for reasons I m doing Mediawiki-related work at my dayjob, as part of FusionForge/Evolvis development, and try to upstream as much as I can. Our production environment is a Debian wheezy-based system with a selection of newer packages, including MediaWiki from sid (although I also have a test system running sid, so my uploads to Debian are generally better tested). I haven t had experience with stable-security uploads before, and made small oversights (and did not run the full series of tests on the final , permitted-to-upload, version, only beforehand) which led to the problems. The situation was a bit complicated by the need to update the two packages in lockstep, to fight an RC bug file/symlink conflict, which was hard enough to do in sid already, plus the desire to fix other possibly-RC bugs at the same time. I also got no external review, although I cannot blame anyone since I never asked anyone explicitly, so I accept this as my fault. The issues with the updates are:

• mediawiki 1.19.5-1+deb7u1 (the previous stable-security update) was not made by me but by Jonathan Wiltshire
• mediawiki 1.19.11+dfsg-0+deb7u1 (made by me) was fine, fixed the bugs it was supposed to, but was delayed after being uploaded to security-master-unembargoed
• mediawiki 1.19.14+dfsg-0+deb7u1 was supposed to be a mostly upstream update, but I decided to add changes to fix issues pointed out by lintian (not trivial ones), and mistakenly forgot to remove two lines that should not have crept in from sid
• mediawiki 1.19.14+dfsg-0+deb7u2 was quickly uploaded to fix this issue but took about half a day to be ACCEPTed
• mediawiki-extensions 3.5~deb7u1 should have be named 2.12 but could not, due to the aforementioned lockstep update requirement and version checks in maintainer scripts; it fixes the issues but does not add other changes from 3.5 in sid unfortunately, the packaging uses cdbs (which I dislike quite a lot, but as the newcomer in the team I decided to accept it and go on; changing the existing packaging would be quite some effort anyway) and wants debian/control to be regenerated from control.in which I thought I had done, and normally do
• mediawiki-extensions 3.6 (in sid) fixes another dir/symlink conflict shown up after 3.5 was made. I ve requested upload permission for regenerating debian/control and asked whether I am allowed to include this fix as well

My unfamiliarity with some of the packaging concepts used here, combined with this being something I do during $dayjob (which can limit the time I can invest, although I m doing much more work on Mediawiki in Debian than I thought I could do on the job), can cause some of those oversights. I guess I also should install a vanilla wheezy environment somewhere for testing I do not normally do stable uploads (jmw did them before), so I was not prepared for that. And, while here: thanks to the Debian Security Team for putting up with me (also in this week s FusionForge issue), and thanks to Mediawiki upstream for agreeing to support releases shipped in Debian stable for longer support, so we can easily do stable-security updates.

Some evil nasty cold callers who want to sell us windows and doors have been on the phone for a third time. Previously they have been cagey and haven t given away any information that could identify them, except the name Status . They always claim to have made an appointment with the homeowner (that s me) to call (which is a lie) but can never say who arranged the appointment because it s not on the file (probably the only true thing in the conversation). We re listed at the Telephone Preference Service so this kind of call shouldn t be arriving in the first place. However, the TPS gives very little recourse to subscribers when companies ignore it and call anyway. Tonight I thought I d got somewhere by feigning interest and getting a phone number out of them while I have a think about whether to replace our windows. That s one piece of information I can access to make a start on finding out who they are. I was so surprised to get an answer straight away that I didn t bother to gather anything else. The number is for the regional branch of a well-known national children s charity.

---

Cold caller: 1, jmw: 0 is a post from: jwiltshire.org.uk Flattr

Charlie s birthday present this year, it being an important year: I chose Wickers World for the flight, since they have sites nearby and seemed the most professional. We were lucky enough to fly on the first attempt and had beautiful weather, although there was rain behind us.

---

Ballooning is a post from: jwiltshire.org.uk Flattr

From time to time it occurs that two people answer a mail in the same way where one would do closing an unblock request, for example. When this almost happened on debian-release the other day I amused myself by dreaming up an SMTP header that would prevent such embarrassment. I wasn t being serious in the slightest, but nevertheless X-RaceProtection was born (and it turns out at least one resident of a certain IRC channel thought I was).

X-RaceProtection can be a message identifier or the simple value yes and is intended to prevent duplicate replies to, for example, mailing lists. When set as a mail ID, list software should silently drop the message being delivered if the identified message has already received a reply that is, another message quoting that ID in In-Reply-To. If X-RaceProtection is simply yes , the mail ID of In-Reply-To for the message being delivered is used, providing a shortcut.

This means you can set X-RaceProtection when replying to a mail where there is a chance of collision. If someone beat you to it, there is no embarrassment at your mail arriving with a later timestamp. If someone fancies implementing this for smartlist/debbugs, please be my guest!

---

X-RaceProtection: yes is a post from: jwiltshire.org.uk Flattr

1. It is important to rehearse your space carefully. Find a quantity of friends equal to the attendees you expect, lay out the intended room, and check that everybody has free and easy access to their chair.
2. Invest in a decent access point and some power strips with a decent cord length.
3. Relax. I cannot stress enough the importance of this step!

---

Tips for a successful BSP is a post from: jwiltshire.org.uk Flattr

Building things is fun, but sometimes it s nice to have a little light relief with a sledgehammer. Saturday was one of those occasions; there is was a decorative wall in the corner of our lounge. It should have died about thirty years ago and I ve hated it ever since we moved in a year ago. First job was to remove the sockets and cable running up the side, which was a nice surprise in itself: Looks like whoever installed it believed that mastick and wallpaper is a suitable covering to stop drill bits. Hmm. Next we could take out the wall itself. In this case the wooden top was sealed down with more mastick and supported by piles of bricks, then the wall had been secured with concrete and not proper mortar. Fortunately a good sledgehammering soon took care of that: Those bricks truly were hideous, and they are all around the dodgy gas fire and another similar feature in the opposite corner of the room. Incidentally, the newly-revealed carpet in the void should also have died in the seventies (it went straight into the skip), but at least now we have some understanding of the mysterious wallpaper we found under the stairs. Finally we had enough room to work with surface trunking (a temporary housing until the gas pipe is removed and we can bury the cables properly): And the final result, with the sockets moved to a more sensible level and the cable properly protected, new LightwaveRF sockets in the corner and a shiny new aerial point ready for cabinets to go into the gap:

---

13/08: A couple of people pointed out that in the first photo, the offending cable is in a protected zone. This is true, but it wiggles half way round the room from the CU in a similar fashion first sometimes in trunking, sometimes clipped to the fireplace, and sometimes masticked and papered flush with the plaster surface.

---

From building to demolishing is a post from: jwiltshire.org.uk Flattr

When I first undertook the tracking of minor security fixes in point releases, I quickly out-scaled flat text files and a good memory. A Python library and sqlite database helped automate sending notifications and keeping tabs, but the manual work associated with tracking incoming bugs from the security team, applications to and responses from the release team, and the action or inaction of maintainers was still too time-consuming to be useful. This weekend I deployed pyprsc2, with a public view at http://prsc.debian.net/tracker/<bug>. I had planned to do this at Debconf12, but given the circumstances still, it needed doing anyway and what better time? Result: my work now involves adding tracks where required; keeping an eye on the notified list for manual prods; and after a point release, archiving the included bugs and updating the suite version numbers. Bliss. Features:

• automatic sync of metadata for new tracks
• automatic detection of bugs closed from unstable
• automatic notification (and unarchive if required)
• automatic, though manually triggered, prods
• automatic detection of stable/oldstable upload and RT acceptance
• public view of bug status, e.g. http://prsc.debian.net/tracker/660650

Todo:

• finish the views so that bug lists work, as well as detail
• add process documentation pages
• iron out the mailing so bugs.debian.org doesn t throttle back submissions
• add ways to permit more contributors
• refactor where required; this was a learning exercise too
• publish the code

Technical: prsc.debian.net leverages large parts of the Django MVC framework in fact, this was really a learning exercise in disguise since I want to use Django on some more complex projects later. BTS synchronisation is handled by python-debianbts, and synchronisation with proposed-updates is through XML and lxml/objectify (thanks to the release team s awesome XML queue viewer and Adam adding bug numbers to it). Since this was a learning exercise, some of the Python is probably questionable at best and downright wrong at worst, so it probably needs some work still.

---

Point Release Security, Reloaded is a post from: jwiltshire.org.uk Flattr

For two years I have been very fortunate indeed to be fully sponsored for travel and accommodation at DebConf once on the Newbies programme, and once from normal funds. However, considering the cost this year (at least $1,000 in travel expenses) and of personal circumstances, which are not favourable, I am reliant on sponsorship this year even more than others. However, although I have accommodation sponsorship this year I am still waiting to hear about travel. The local team have said they hope to provide details by 20th June, but it s really too late by then there is time off from work to arrange, flight tickets to purchase, vaccinations to have, and of course I could really do with not having to lay out that much money in the first place, even if it s to be reimbursed later. So at this stage at least, I am sad to say that I think it unlikely I will be there. I m looking forward to Switzerland though; this time there might be two of us.

---

I m probably not going to DebConf12 is a post from: jwiltshire.org.uk Flattr

---

Cambridge BSP is a post from: jwiltshire.org.uk Flattr

Recently I had need to re-purpose a server and for convenience, I decided to do a complete wipe and reinstall since it had previously been used for all sorts of package testing, experiments, dak debugging, the list goes on. I took a careful backup and then cooked up some USB installation media, but it took so long to boot (USB1.1, yay) I ran out of time before the building was locked. Since this box has two hard disks, and not being one to back down from a challenge, I eventually reinstalled it over the weekend with nothing no install media, no reinstall robot or intelligent hands just a reliable internet connection and a healthy dose of courage. Here s how. Target: reinstalled machine with the same network settings, ssh host keys, and other minor configuration ported. The disk layout is to be RAID-1 containing LVM, with separate /var volume and separate /boot partition, also RAID-1.

1. One disk in the box contained old data, so I cleared that out and wiped it (including the MBR for good measure) and partitioned it.
2. I set up a degraded RAID-1 array for a small /boot partition, a large RAID-1 array for the LVM and a swap partition.
3. I mounted the new partitions in the correct layout in /mnt and used debootstrap(8) to get a very basic root set up. I also bind-mounted /sys, /proc, /dev and /dev/pts for now, they can be done properly when the root is a bit more mature.
4. Next, I copied into the new root /etc/apt/sources.list and chroot(8)ed into it. Now I could apt-get update and tasksel install standard to get an almost fully-functional base system. At this point it is also sensible to install locales, tzdata and console-data and dpkg-reconfigure them, followed by mdadm and lvm2 if required and openssh-server so you can get back in after rebooting. Some or all of these may already be installed by tasksel.
5. Time to install a kernel before leaving the chroot: apt-get install linux-image-2.6, followed by grub-pc which should detect both installations and set up menu entries for them.
6. Back in the old system, I copied in the network, hosts, resolv and hostname configuration files, and set up /etc/fstab to my liking.
7. Install grub to both hard disks if it isn t already so (dpkg-reconfigure grub-pc) and again check that it detects both installations and creates the right menu entries. At this stage, booting from either hard disk will allow the loading of either the new or old installations, which is exactly what we want. It s now time to umount the new installation.
8. Now I followed the excellent guide for remote kernel upgrades at http://ariekanarie.nl, except in this case we are using the same method to try booting the new system and fall back to the old one if it s a disaster.
9. Reboot and hope!

At this point I rebooted to find myself back in the old kernel, which was disappointing this means the new kernel has panicked and rebooted, and grub has fallen back to the old system (exactly as planned). It turned out there was nothing in /dev at boot time, and udev doesn t start early enough to populate it before panic. That s easily solved by mounting the installation again and using MAKEDEV as a seed.

10. With a bit of luck, you re now in the new installation and can dpkg-reconfigure grub-pc again to install grub to both hard disks again. This isn t strictly necessary, but it records this choice in debconf so future upgrades will automatically upgrade the bootloader everywhere it s needed.
11. Now I could do some tidying up, mount the old installation and copy over all the data I wanted, and after careful checking wipe the first disk clean ready to be added into the RAID arrays.
12. Finally, add the old disk to the RAID arrays so they are fully redundant.

Sources:
http://www.michael-hammer.at/server_config/debootstrap/
http://d-i.alioth.debian.org/tmp/en.i386/apds03.html
http://www.debian.org/releases/stable/amd64/apds03.html.en
https://wiki.archlinux.org/index.php/Convert_a_single_drive_system_to_RAID
http://ariekanarie.nl/archives/211/remote-kernel-upgrade-with-debianubuntu-and-grub2

---

Reinstalling at arm s length is a post from: jwiltshire.org.uk Flattr

The fourth in a series; see also parts 1, 2, and 3. This post is going to be more a photolog than a narrative, and I apologize in advance for it being a bit disjointed. I ve already touched on these themes a bit in the other post, but now it s time to focus on them. Immediately after leaving the airport, it s quite clear that things are a little different. Trees are square. People ride around in the backs of pickups sometimes on top of piles of debris. Left turns are made in front of other lanes of traffic going the same way. But those are just the things obvious from the road. It s a lot of fun to enjoy the differences. First, the ubiquitous square trees. They look pretty, and are found all over. I also found carefully-manicured trees in cone shapes, more cylindrical shapes, etc. It seems that tree care is taken seriously in Mexico. It was also not uncommon to see the bottom few feet of a tree painted white. A park in Guanajuato had a whole bunch of trees carefully trimmed. And from up on the mountain, it still looked impressive (the green area behind the dome). Driving in Mexico was interesting for a lot of reasons. The highways there aren t quite as limited access as the freeways in the USA. It was quite common to see bicyclists, walkers, a mule, or some cattle ambling along the side of the road. Roadside taco stands don t require taking an exit. You just pull off the road because it s right there. Some sights were a bit surprising. Cattle in a pickup, with rope, for instance. Or cattle crossing the highway on the overpass. Street vendors were everywhere. Stop at a red light and someone might spring from the side of the road and suddenly start washing your windshield (expecting a tip); try to sell you flowers, juice, or bug zappers; or even throw business card-sized advertisements for adult websites into any open windows they can find. One night we saw an incredible fire juggler. I would have tipped him well but he was too far away to do so before the light turned green. Mexico s history stretches back into prehistoric times, and we saw the Teuchitlan ruins at Guachimontones one day. It was truly a remarkable feeling to be able to walk down the middle of the ancient ball court, or to climb up one pyramid and see the other from it. It s not exactly architecture, but Jacob and Oliver sure enjoyed visiting the hot springs at Bosque de la Primavera. Jacob still remembers that where the steam is, the water is 200 degrees, and we CAN T TOUCH IT THERE! Back in Guadalajara, here s a photo from the inside of the grand old cathedral. Compared to the cathedrals we saw in Europe, this was of a similar general size and design, and perhaps only slightly newer. But one big difference: worshipers outnumbered tourists at every Mexican cathedral I saw, whether in the center of Guadalajara or at a rainy intersection in Guanajuato or a plaza in Tlaquepaque. It made them feel more alive, and perhaps more sacred as well. One surprise was seeing people sitting on the steps of the cathedral in downtown Guadalajara selling trinkets such as beads. I think the only other place I had seen something like that was in New Orleans. All of Guadalajara s Centro was beautiful. Much of it survives from colonial days; I think a person could spend days exploring its museums and buildings. Way too many of my 900 photos were taken in Centro to post on the blog, but just for flavor, here s one of the less than historic scenes. Yes, that is a bus shaped like a tequila bottle. Fountains were beautiful and common across Mexico. A few of them were easily reachable by boys, and ours sure loved those. There was a lot of public art, including this interesting chair/skeleton/I m not sure what it is: And, just for good measure while walking around Centro, they tossed in an apparent Redundant Array of Inexpensive Typewriters. I don t know what they were doing, but there were about a dozen guys sitting out in the sun typing on their manual typewriters on their identical tables. And who can leave Guadalajara without seeing one of North America s most impressive traffic circles. I ve got to hand it to the Mexicans for making something that is normally really boring into an interesting work of art. Over in Guanajuato, a lot of driving takes place in the city s vast underground tunnel system. Here s a scene emerging from one of them. Guanajuato was already getting decorated for Mexican independence day festivities (Sept. 15-16) while we were there. Here s a typical Guanajuato street scene. Many of the streets were closed to traffic and perhaps not wide enough to handle vehicles anyway. Those streets had a wonderful peaceful and slow feel to them. I feel that I ve barely done the trip justice with this post. The feelings of walking down a beautiful Guanajuato street, or stepping into a Spanish cathedral, or even seeing a bunch of guys with typewriters, just can t be replicated. It s brimming with history and character, and shouldn t be missed.

So, I got enough of the requisite sponsorship and finally booked some flights

---

DebConf 11 is a post from: jwiltshire.org.uk Flattr