Search Results: "Gianfranco Costamagna"

Here is my monthly update covering what I have been doing in the free software world in September 2017 (previous month):

Submitted a pull request to Quadrapassel (the Gnome version of Tetris) to start a new game when the pause button is pressed outside of a game. This means you would no longer have to use the mouse to start a new game. [...]
Made a large number of improvements to AptFS my FUSE-based filesystem that provides a view on unpacked Debian source packages as regular folders including moving away from manual parsing of package lists [...] and numerous code tidying/refactoring changes.
Sent a small patch to django-sitetree, a Django library for menu and breadcrumb navigation elements to not mask test exit codes from the surrounding shell. [...]
Updated travis.debian.net, my hosted service for projects that host their Debian packaging on GitHub to use the Travis CI continuous integration platform to test builds:
- Add support for "sloppy" backports. Thanks to Bernd Zeimetz for the idea and ongoing testing. [...]
- Merged a pull request from James McCoy to pass DEB_BUILD_PROFILES through to the build. [...]
- Workaround Travis CI's HTTP proxy which does not appear to support SRV records. [...]
- Run debc from devscripts if the build was successful [...] and output the .buildinfo file if it exists [...].
Fixed a few issues in local-debian-mirror, my package to easily maintain and customise a local Debian mirror via the DebConf configuration tool:
- Fix an issue where file permissions from the remote could result in a local archive that was impossible to access. [...]
- Clear out empty directories on the local repository. [...]
Updated django-staticfiles-dotd, my Django staticfiles adaptor to concatentate static media in .d-style directories to support Python 3.x by using bytes objects (commit) and move away from monkeypatch as it does not have a Python 3.x port yet (commit).
I also posted a short essay to my blog entitled "Ask the Dumb Questions" as well as provided an update on the latest Lintian release.

Reproducible builds

Whilst anyone can inspect the source code of free software for malicious flaws, most software is distributed pre-compiled to end users. The motivation behind the Reproducible Builds effort is to allow verification that no flaws have been introduced either maliciously or accidentally during this compilation process by promising identical results are always generated from a given source, thus allowing multiple third-parties to come to a consensus on whether a build was compromised. I have generously been awarded a grant from the Core Infrastructure Initiative to fund my work in this area. This month I:

Published a short blog post about how to determine which packages on your system are reproducible. [...]
Submitted a pull request for Numpy to make the generated config.py files reproducible. [...]
Provided a patch to GTK upstream to ensure the immodules.cache files are reproducible. [...]
Within Debian:
- Updated isdebianreproducibleyet.com, moving it to HTTPS, adding cachebusting as well as keeping the number up-to-date.
- Submitted the following patches to fix reproducibility-related toolchain issues:
  - gdk-pixbuf: Make the output of gdk-pixbuf-query-loaders reproducible. (#875704)
  - texlive-bin: Make PDF IDs reproducible. (#874102)
- Submitted a patch to fix a reproducibility issue in doit.
Categorised a large number of packages and issues in the Reproducible Builds "notes" repository.
Chaired our monthly IRC meeting. [...]
Worked on publishing our weekly reports. (#123, #124, #125, #126 & #127)

I also made the following changes to our tooling:

reproducible-check

reproducible-check is our script to determine which packages actually installed on your system are reproducible or not.

Handle multi-architecture systems correctly. (#875887)
Use the "restricted" data file to mask transient issues. (#875861)
Expire the cache file after one day and base the local cache filename on the remote name. [...] [...]

I also blogged about this utility. [...]

diffoscope

diffoscope is our in-depth and content-aware diff utility that can locate and diagnose reproducibility issues.

Filed an issue attempting to identify the causes behind an increased number of timeouts visible in our CI infrastructure, including running a number of benchmarks of recent versions. (#875324)
New features:
- Add "binwalking" support to analyse concatenated CPIO archives such as initramfs images. (#820631).
- Print a message if we are reading data from standard input. [...]
Bug fixes:
- Loosen matching of file(1)'s output to ensure we correctly also match TTF files under file version 5.32. [...]
- Correct references to path_apparent_size in comparators.utils.file and self.buf in diffoscope.diff. [...] [...]
Testing:
- Make failing some critical flake8 tests result in a failed build. [...]
- Check we identify all CPIO fixtures. [...]
Misc:
- No need for try-assert-except block in setup.py. [...]
- Compare types with identity not equality. [...] [...]
- Use logging.py's lazy argument interpolation. [...]
- Remove unused imports. [...]
- Numerous PEP8, flake8, whitespace, other cosmetic tidy-ups.

strip-nondeterminism

strip-nondeterminism is our tool to remove specific non-deterministic results from a completed build.

Log which handler processed a file. (#876140). [...]

disorderfs

disorderfs is our FUSE-based filesystem that deliberately introduces non-determinism into directory system calls in order to flush out reproducibility issues.

Add a simple autopkgtest. [...]

Debian My activities as the current Debian Project Leader are covered in my monthly "Bits from the DPL" email to the debian-devel-announce mailing list.

Lintian I made a large number of changes to Lintian, the static analysis tool for Debian packages. It reports on various errors, omissions and general quality-assurance issues to maintainers:

Add 4.1.1 as a supported Standards-Version. (#875509)
Warn about Django libraries that do not depend on Django itself. (#877292)
Add a --list-tags option to print all tags Lintian knows about. (#779675)
Prevent false positives in copyright-year-in-future when matching URLs, the Tcl license (#876360) and "meta" statements such as "Original Author" (#873323).
Ensure that missing-build-dependency-for-dh_-command is not emitted for dh-strip-nondeterminism at Debhelper compatbility level 10. (#876443)
Also ignore lines that self-reference "typo" when checking for spelling-error-in-changelog.
Avoid false positives in missing-source checks for "CSS Browser Selector". (#874381)
Clarify explanation of description-starts-with-leading-spaces tag. (#849622)
Check for packages including ?rev=0&sc=0 in Vcs-Browser. (#681713)
Drop problematic missing-classpath check. (#857123)
Correct grammar and punctuation in the description of node-package-install-in-nodejs-rootdir.
Recognise autopkgtest-pkg-octave as a valid test suite. (#875985)
Update the description of unknown-testsuite to reflect that autopkgtest is not the only valid value. (#876003)
Apply patch from Guillem Jover to add more package section mappings. (#874121)
Update the data/fields/perl-provides and data/fields/virtual-packages files from the archive; the latter fixes a false positive in bacula-director. (#835120)
Apply a patch from Jakub Wilk to prevent test failures on armhf/arm64, etc. (#877147)
Apply patch from Gianfranco Costamagnato fix a failing LFS test on 32-bit architectures. (#876343)
Apply patches from Guillem Jover & Boud Roukema to improve the description of the binary-file-built-without-LFS-support tag. (#874078)
Correct Depends of python2.7 python3 in Python 3 test package.
Update private/generate-tag-summary to ensure that git-describe(1) will always emit 7 hexadecimal digits as the abbreviated object name, use deb.debian.org as the default mirror, and update the remote locations of Contents-<arch> files.

I also blogged specifically about the Lintian 2.5.54 release.

Patches contributed

debconf: Please add a context manager to debconf.py. (#877096)
nm.debian.org: Add pronouns to ALL_STATUS_DESC. (#875128)
user-setup: Please drop set_special_users hack added for "the convenience of heavy testers". (#875909)
postgresql-common: Please update README.Debian for PostgreSQL 10. (#876438)
django-sitetree: Should not mask test failures. (#877321)
charmtimetracker:
- Missing binary dependency on libqt5sql5-sqlite. (#873918)
- Please drop "Cross-Platform" from package description. (#873917)

I also submitted 5 patches for packages with incorrect calls to find(1) in debian/rules against hamster-applet, libkml, pyferret, python-gssapi & roundcube.

Debian LTS

This month I have been paid to work 15 hours on Debian Long Term Support (LTS). In that time I did the following:

"Frontdesk" duties, triaging CVEs, etc.
Documented an example usage of autopkgtests to test security changes.
Issued DLA 1084-1 and DLA 1085-1 for libidn and libidn2-0 to fix an integer overflow vulnerabilities in Punycode handling.
Issued DLA 1091-1 for unrar-free to prevent a directory traversal vulnerability from a specially-crafted .rar archive. This update introduces an regression test.
Issued DLA 1092-1 for libarchive to prevent malicious .xar archives causing a denial of service via a heap-based buffer over-read.
Issued DLA 1096-1 for wordpress-shibboleth, correcting an cross-site scripting vulnerability in the Shibboleth identity provider module.

Uploads

python-django:
- 1.11.5-1 New upstream security release. (#874415)
- 1.11.5-2 Apply upstream patch to fix QuerySet.defer() with "super" and "subclass" fields. (#876816)
- 2.0~alpha1-2 New upstream alpha release of Django 2.0, dropping support for Python 2.x.
redis:
- 4.0.2-1 New upstream release.
- 4.0.2-2 Update 0004-redis-check-rdb autopkgtest test to ensure that the redis.rdb file exists before testing against it.
- 4.0.2-2~bpo9+1 Upload to stretch-backports.
aptfs (0.11.0-1) New upstream release, moving away from using /var/lib/apt/lists internals. Thanks to Julian Andres Klode for a helpful bug report. (#874765)
lintian (2.5.53, 2.5.54) New upstream releases. (Documented in more detail above.)
bfs (1.1.2-1) New upstream release.
docbook-to-man (1:2.0.0-39) Tighten autopkgtests and enable testing via travis.debian.net.
python-daiquiri (1.3.0-1) New upstream release.

I also made the following non-maintainer uploads (NMUs):

vimoutliner (0.3.4+pristine-9.3):
- Make the build reproducible. (#776369)
- Expand placeholders in Debian.README. (#575142, #725634)
- Recommend that the ftplugin is enabled. (#603115)
- Correct "is not enable" typo.
bittornado (0.3.18-10.3):
- Make the build reproducible. (#796212).
- Add missing Build-Depends on dh-python.
dtc-xen (0.5.17-1.1):
- Make the build reproducible. (#777322)
- Add missing Build-Depends on dh-python.
dict-gazetteer2k (1.0.0-5.4):
- Make the build reproducible. (#776376).
- Override empty-binary-packagea Lintian warning to avoid dak autoreject.
cgilib (0.6-1.1) Make the build reproducible. (#776935)
dhcping (1.2-4.2) Make the build reproducible. (#777320)
dict-moby-thesaurus (1.0-6.4) Make the build reproducible. (#776375)
dtaus (0.9-1.1) Make the build reproducible. (#777321)
fastforward (1:0.51-3.2) Make the build reproducible. (#776972)
wily (0.13.41-7.3) Make the build reproducible. (#777360)

Debian bugs filed

clipit: Please choose a sensible startup default in "live" mode. (#875903)
git-buildpackage: Please add a --reset option to gbp pull. (#875852)
bluez: Please default Device "friendly name" to hostname without domain. (#874094)
bugs.debian.org: Please explicitly link to packages,tracker .debian.org. (#876746)
Requests for packaging:
- selfspy log everything you do on the computer. (#873955)
- shoogle use the Google API from the shell. (#873916)

FTP Team

As a Debian FTP assistant I ACCEPTed 86 packages: bgw-replstatus, build-essential, caja-admin, caja-rename, calamares, cdiff, cockpit, colorized-logs, comptext, comptty, copyq, django-allauth, django-paintstore, django-q, django-test-without-migrations, docker-runc, emacs-db, emacs-uuid, esxml, fast5, flake8-docstrings, gcc-6-doc, gcc-7-doc, gcc-8, golang-github-go-logfmt-logfmt, golang-github-google-go-cmp, golang-github-nightlyone-lockfile, golang-github-oklog-ulid, golang-pault-go-macchanger, h2o, inhomog, ip4r, ldc, libayatana-appindicator, libbson-perl, libencoding-fixlatin-perl, libfile-monitor-lite-perl, libhtml-restrict-perl, libmojo-rabbitmq-client-perl, libmoosex-types-laxnum-perl, libparse-mime-perl, libplack-test-agent-perl, libpod-projectdocs-perl, libregexp-pattern-license-perl, libstring-trim-perl, libtext-simpletable-autowidth-perl, libvirt, linux, mac-fdisk, myspell-sq, node-coveralls, node-module-deps, nov-el, owncloud-client, pantomime-clojure, pg-dirtyread, pgfincore, pgpool2, pgsql-asn1oid, phpliteadmin, powerlevel9k, pyjokes, python-evdev, python-oslo.db, python-pygal, python-wsaccel, python3.7, r-cran-bindrcpp, r-cran-dotcall64, r-cran-glue, r-cran-gtable, r-cran-pkgconfig, r-cran-rlang, r-cran-spatstat.utils, resolvconf-admin, retro-gtk, ring-ssl-clojure, robot-detection, rpy2-2.8, ruby-hocon, sass-stylesheets-compass, selinux-dbus, selinux-python, statsmodels, webkit2-sharp & weston. I additionally filed 4 RC bugs against packages that had incomplete debian/copyright files against: comptext, comptext, ldc & python-oslo.concurrency.

Since debhelper/10.3, there has been a number of performance related changes. The vast majority primarily improves bulk performance or only have visible effects at larger input sizes. Most visible cases are:

dh + dh_* now scales a lot better for large number of binary packages. Even more so with parallel builds.
Most dh_* tools are now a lot faster when creating many directories or installing files.
dh_prep and dh_clean now bulk removals.
dh_install can now bulk some installations. For a concrete corner-case, libssl-doc went from approximately 11 seconds to less than a second. This optimization is implicitly disabled with exclude (among other).
dh_installman now scales a lot better with many manpages. Even more so with parallel builds.
dh_installman has restored its performance under fakeroot (regression since 10.2.2)

For debhelper, this mostly involved:

avoiding fork+exec of commands for things doable natively in perl. Especially, when each fork+exec only process one file or dir.
bulking as many files/dirs into the call as possible, where fork+exec is still used.
caching / memorizing slow calls (e.g. in parts of pkgfile inside Dh_Lib)
adding an internal API for dh to do bulk check for pkgfiles. This is useful for dh when checking if it should optimize out a helper.
and, of course, doing things in parallel where trivially possible.

How to take advantage of these improvements in tools that use Dh_Lib:

If you use install_ file,prog,lib,dir , then it will come out of the box. These functions are available in Debian/stable. On a related note, if you use doit to call install (or mkdir ), then please consider migrating to these functions instead.
If you need to reset owner+mode (chown 0:0 FILE + chmod MODE FILE), consider using reset_perm_and_owner. This is also available in Debian/stable.
- CAVEAT: It is not recursive and YMMV if you do not need the chown call (due to fakeroot).
If you have a lot of items to be processed by a external tool, consider using xargs(). Since 10.5.1, it is now possible to insert the items anywhere in the command rather than just in the end.
If you need to remove files, consider using the new rm_files function. It removes files and silently ignores if a file does not exist. It is also available since 10.5.1.
If you need to create symlinks, please consider using make_symlink (available in Debian/stable) or make_symlink_raw_target (since 10.5.1). The former creates policy compliant symlinks (e.g. fixup absolute symlinks that should have been relative). The latter is closer to a ln -s call.
If you need to rename a file, please consider using rename_path (since 10.5). It behaves mostly like mv -f but requires dest to be a (non-existing) file.
Have a look at whether on_pkgs_in_parallel() / on_items_in_parallel() would be suitable for enabling parallelization in your tool.
- The emphasis for these functions is on making parallelization easy to add with minimal code changes. It pre-distributes the items which can lead to unbalanced workloads, where some processes are idle while a few keeps working.

Credits: I would like to thank the following for reporting performance issues, regressions or/and providing patches. The list is in no particular order:

Helmut Grohne
Kurt Roeckx
Gianfranco Costamagna
Iain Lane
Sven Joachim
Adrian Bunk
Michael Stapelberg

Should I have missed your contribution, please do not hesitate to let me know.
Filed under: Debhelper, Debian

dh + dh_* now scales a lot better for large number of binary packages. Even more so with parallel builds.
Most dh_* tools are now a lot faster when creating many directories or installing files.
dh_prep and dh_clean now bulk removals.
dh_install can now bulk some installations. For a concrete corner-case, libssl-doc went from approximately 11 seconds to less than a second. This optimization is implicitly disabled with exclude (among other).
dh_installman now scales a lot better with many manpages. Even more so with parallel builds.
dh_installman has restored its performance under fakeroot (regression since 10.2.2)

For debhelper, this mostly involved:

avoiding fork+exec of commands for things doable natively in perl. Especially, when each fork+exec only process one file or dir.
bulking as many files/dirs into the call as possible, where fork+exec is still used.
caching / memorizing slow calls (e.g. in parts of pkgfile inside Dh_Lib)
adding an internal API for dh to do bulk check for pkgfiles. This is useful for dh when checking if it should optimize out a helper.
and, of course, doing things in parallel where trivially possible.

How to take advantage of these improvements in tools that use Dh_Lib:

If you use install_ file,prog,lib,dir , then it will come out of the box. These functions are available in Debian/stable. On a related note, if you use doit to call install (or mkdir ), then please consider migrating to these functions instead.
If you need to reset owner+mode (chown 0:0 FILE + chmod MODE FILE), consider using reset_perm_and_owner. This is also available in Debian/stable.
- CAVEAT: It is not recursive and YMMV if you do not need the chown call (due to fakeroot).
If you have a lot of items to be processed by a external tool, consider using xargs(). Since 10.5.1, it is now possible to insert the items anywhere in the command rather than just in the end.
If you need to remove files, consider using the new rm_files function. It removes files and silently ignores if a file does not exist. It is also available since 10.5.1.
If you need to create symlinks, please consider using make_symlink (available in Debian/stable) or make_symlink_raw_target (since 10.5.1). The former creates policy compliant symlinks (e.g. fixup absolute symlinks that should have been relative). The latter is closer to a ln -s call.
If you need to rename a file, please consider using rename_path (since 10.5). It behaves mostly like mv -f but requires dest to be a (non-existing) file.
Have a look at whether on_pkgs_in_parallel() / on_items_in_parallel() would be suitable for enabling parallelization in your tool.
- The emphasis for these functions is on making parallelization easy to add with minimal code changes. It pre-distributes the items which can lead to unbalanced workloads, where some processes are idle while a few keeps working.

Credits: I would like to thank the following for reporting performance issues, regressions or/and providing patches. The list is in no particular order:

Helmut Grohne
Kurt Roeckx
Gianfranco Costamagna
Iain Lane
Sven Joachim
Adrian Bunk
Michael Stapelberg

Should I have missed your contribution, please do not hesitate to let me know.
Filed under: Debhelper, Debian

So much for my monthly blogging! Here s what I have been up to in the Open Source world over the last 6 months. Debian

Uploaded a new version of the debian-multimedia blends metapackages
Uploaded the latest abcmidi
Uploaded the latest node-process-nextick-args
Prepared version 1.0.2 of libdrumstick for experimental, as a first step for the transition. It was sponsored by James Cowgill.
Prepared a new node-inline-source-map package, which was sponsored by Gianfranco Costamagna.
Uploaded kmetronome to experimental as part of the libdrumstick transition.
Prepared a new node-js-yaml package, which was sponsored by Gianfranco Costamagna.
Uploaded version 4.2.4 of Gramps.
Prepared a new version of vmpk which I am going to adopt, as part of the libdrumstick transition. I tried splitting the documentation into a separate package, but this proved difficult, and in the end I missed the transition freeze deadline for Debian Stretch.
Prepared a backport of Gramps 4.2.4, which was sponsored by IOhannes m zm lnig as Gramps is new for jessie-backports.
Began a final push to get kosmtik packaged and into the NEW queue before the impending Debian freeze for Stretch. Unfortunately, many dependencies need updating, which also depend on packages not yet in Debian. Also pushed to finish all the new packages for node-tape, which someone else has decided to take responsibility for.
Uploaded node-cross-spawn-async to fix a Release Critical bug.
Prepared a new node-chroma-js package, but this is unfortunately blocked by several out of date & missing dependencies.
Prepared a new node-husl package, which was sponsored by Gianfranco Costamagna.
Prepared a new node-resumer package, which was sponsored by Gianfranco Costamagna.
Prepared a new node-object-inspect package, which was sponsored by Gianfranco Costamagna.
Removed node-string-decoder from the archive, as it was broken and turned out not to be needed anymore.
Uploaded a fix for node-inline-source-map which was failing tests. This turned out to be due to node-tap being upgraded to version 8.0.0. J r my Lal very quickly provided a fix in the form of a Pull Request upstream, so I was able to apply the same patch in Debian.

Ubuntu

Prepared a merge of the latest blends package from Debian in order to be able to merge the multimedia-blends package later. This was sponsored by Daniel Holbach.
Prepared an application to become an Ubuntu Contributing Developer. Unfortunately, this was later declined. I was completely unprepared for the Developer Membership Board meeting on IRC after my holiday. I had had no time to chase for endorsements from previous sponsors, and the application was not really clear about the fact that I was not actually applying for upload permission yet. No matter, I intend to apply again later once I have more evidence & support on my application page.
Added my blog to Planet Ubuntu, and this will hopefully be the first post that appears there.
Prepared a merge of the latest debian-multimedia blends meta-package package from Debian. In Ubuntu Studio, we have the multimedia-puredata package seeded so that we get all the latest Puredata packages in one go. This was sponsored by Michael Terry.
Prepared a backport of Ardour as part of the Ubuntu Studio plan to do regular backports. This is still waiting for sponsorship if there is anyone reading this that can help with that.
Did a tweak to the Ubuntu Studio seeds and prepared an update of the Ubuntu Studio meta-packages. However, Adam Conrad did the work anyway as part of his cross-flavour release work without noticing my bug & request for sponsorship. So I closed the bug.
Updated the Ubuntu Studio wiki to expand on the process for updating our seeds and meta-packages. Hopefully, this will help new contributors to get involved in this area in the future.
Took part in the testing and release of the Ubuntu Studio Trusty 14.04.5 point release.
Took part in the testing and release of the Ubuntu Studio Yakkety Beta 1 release.
Prepared a backport of Ansible but before I could chase up what to do about the fact that ansible-fireball was no longer part of the Ansible package, some one else did the backport without noticing my bug. So I closed the bug.
Prepared an update of the Ubuntu Studio meta-packages. This was sponsored by Jeremy Bicha.
Prepared an update to the ubuntustudio-default-settings package. This switched the Ubuntu Studio desktop theme to Numix-Blue, and reverted some commits to drop the ubuntustudio-lightdm-theme package fom the archive. This had caused quite a bit of controversy and discussion on IRC due to the transition being a little too close to the release date for Yakkety. This was sponsored by Iain Lane (Laney).
Prepared the Numix Blue update for the ubuntustudio-lightdm-theme package. This was also sponsored by Iain Lane (Laney). I should thank Krytarik here for the initial Numix Blue theme work here (on the lightdm theme & default settings packages).
Provided a patch for gfxboot-theme-ubuntu which has a bug which is regularly reported during ISO testing, because the Try Ubuntu Studio without installing option was not a translatable string and always appeared in English. Colin Watson merged this, so hopefully it will be translated by the time of the next release.
Took part in the testing and release of the Ubuntu Studio Yakkety 16.10 release.
After a hint from Jeremy Bicha, I prepared a patch that adds a desktop file for Imagemagick to the ubuntustudio-default-settings package. This will give us a working menu item in Ubuntu Studio whilst we wait for the bug to be fixed upstream in Debian. Next month I plan to finish the ubuntustudio-lightdm-theme, ubuntustudio-default-settings transition, including dropping ubuntustudio-lightdm-theme from the Ubuntu Studio seeds. I will include this fix at the same time.

Other

At other times when I have had a spare moment, I have been working on resurrecting my old Family History website. It was originally produced in my Windows XP days, and I was no longer able to edit it in Linux. I decided to convert it to Jekyll. First I had to extract the old HTML from where the website is hosted using the HTTrack Website Copier. Now, I am in the process of switching the structure to the standard Jekyll template approach. I will need to switch to a nice Jekyll based theme, as as the old theming was pretty complex. I pushed the code to my Github repository for safe keeping.

Plan for December Debian Before the 5th January 2017 Debian Stretch soft freeze I hope to:

Ensure node-tape makes it through into Stretch.
Work on all the dependencies needed to get kosmtik into Stretch.
Convert Cree.py from QT4 to QT5 to allow it to re-enter Stretch.

Ubuntu

Add the Ubuntu Studio Manual Testsuite to the package tracker, and try to encourage some testing of the newest versions of our priority packages.
Finish the ubuntustudio-lightdm-theme, ubuntustudio-default-settings transition including an update to the ubuntustudio-meta packages.
Reapply to become a Contributing Developer.
Start working on an Ubuntu Studio package tracker website so that we can keep an eye on the status of the packages we are interested in.

Other

Continue working to convert my Family History website to Jekyll.
Try and resurrect my old Gammon one-name study Drupal website from a backup and push it to the new GoONS Website project.

Welcome to gambaru.de. Here is my monthly report that covers what I have been doing for Debian. If you re interested in Android, Java, Games and LTS topics, this might be interesting for you. Debian Android

I sponsored and reviewed android-platform-external-libunwind and android-platform-frameworks-base for Kai-Chung. Two more packages, android-framework-23 and android-platform-tools-swt, are currently waiting in the NEW queue and hopefully they become available soon. Kai-Chung also became Debian Maintainer this month and I granted him upload permissions for android-platform-tools-base for a start. Congratulations.
I packaged a new upstream release of apktool (2.2.1).

Debian Games

I fixed RC bugs in lordsawar (#839323) and doomsday (#839338).
I packaged new upstream releases of atanks, lordsawar, blockattack and peg-e.
I completed the Bullet transition (#839243). Bullet 2.85 has also been released this month but it is now too late for Stretch because the transition freeze is already on the 5th of November. I expect more point releases a la 2.85.x during the coming weeks and I intend to provide an updated package in experimental soon.
I did some cleanups, package upgrades and bug fixes for box2d and redeclipse (apparently redeclipse-server requires the -data package to be present now).
I uploaded Redeclipse 1.5.6 to jessie-backports in the hope that more players will be able to connect to the multiplayer servers. Unfortunately network compatibility breaks rather frequently.
I applied a patch from Gianfranco Costamagna to address an Multiarch installation issue (#841824) in FreeOrion.

Debian Java

This month I tended to upgrade more Java packages including new upstream releases of libjide-oss-java, activemq, easymock, libapache-mod-jk, svnkit, sweethome3d-furniture-editor, sweethome3d-textures-editor, sweethome3d-furniture, sweethome3d, sweethome3d-furniture-nonfree, maven-enforcer, bsaf, libjcommon-java, libjfreechart-java, libcsv-java, jansi, jansi-native, jboss-xnio and undertow.
The update of maven-enforcer caused a regression in its reverse-dependencies (#841197) and required a patch and upload of another revision. The Jfreechart library upgrade also required a compatibility patch for statcvs.
I updated stegosuite and fixed an incorrect Section field in debian/control.
I updated the Debian packaging of libjgraph-java and libjemmy2-java.
I decided to work on getting Eclipse into shape again. The current version is outdated and affected by several bugs at the moment and I really think it should not be released with Stretch. The new version though requires a major package update because the build system is Maven based now. Luca Vercelli already worked on sat4j and Tycho, two preconditions for packaging Eclipse. I reviewed sat4j and uploaded an NMU (#815911) later. I m still working on Tycho (#816604) and I hope to finish it soon.
Netbeans 8.2 was released. I have already completed the work on libnb-platform18-java (updated package is available in Git) but I haven t started yet with netbeans itself. I intend to continue the fun in November.

Debian LTS This was my eight month as a paid contributor and I have been paid to work 13 hours on Debian LTS, a project started by Rapha l Hertzog. In that time I did the following:

From 10. October until 17. October I was in charge of our LTS frontdesk. I triaged bugs in libgd2, graphicsmagick, libxrender, mupdf, libxfixes, guile-2.0, glance, inspircd, libxi, libxv, libxst, spip, libxml2, libarchive and jasper.
DLA-648-1. Issued a security update for c-ares fixing 1 CVE.
DLA-664-1. Issued a security update for libxrender fixing 2 CVE.
DLA-666-1. Issued a security update for guile-2.0 fixing 2 CVE.
DLA-667-1. Issued a security update for libxv fixing 1 CVE.
DLA-668-1. Issued a security update for libass fixing 2 CVE. I triaged CVE-2016-7970 and marked the version in Wheezy as not affected.
DLA-673-1. Issued a security update for kdepimlibs fixing 1 CVE.

Non-maintainer uploads

I fixed various RC bugs in gnudoq and xsok which are not maintained by the Games Team. The following games are available in Stretch again: gnudoq (#817296, #817484), xsok (#817738) and I also worked on four more bug fixes to improve the game s desktop integration and internationalization support.
I fixed another RC bug in trackballs (#831119) but while I was working on the update I discovered that the game frequently segfaults which makes it kind of unplayable (#839788). I haven t found a solution yet but I suspect the switch to guile-2.0 and related patches introduced this behavior.

I uploaded a new revision of criticalmass and applied a patch from Adrian Bunk to fix #811816, a FTBFS.
I triaged an RC bug for raptor2 (#824735) and the issue could be closed after the bug reporter confirmed that raptor2 built fine again.

What happened in the reproducible builds effort between March 20th and March 26th: Toolchain fixes

Sebastian Ramacher uploaded breathe/4.2.0-1 which makes its output deterministic. Original patch by Chris Lamb, merged upstream.
Rafael Laboissiere uploaded octave/4.0.1-1 which allows packages to be built in place and avoid unreproducible builds due to temporary build directories appearing in the .oct files.

Daniel Kahn Gillmor worked on removing build path from build symbols submitting a patch adding -fdebug-prefix-map to clang to match GCC, another patch against gcc-5 to backport the removal of -fdebug-prefix-map from DW_AT_producer, and finally by proposing the addition of a normalizedebugpath to the reproducible feature set of dpkg-buildflags that would use -fdebug-prefix-map to replace the current directory with . using -fdebug-prefix-map. Sergey Poznyakoff merged the --clamp-mtime option so that it will be featured in the next Tar release. This option is likely to be used by dpkg-deb to implement deterministic mtimes for packaged files. Packages fixed The following packages have become reproducible due to changes in their build dependencies: augeas, gmtkbabel, ktikz, octave-control, octave-general, octave-image, octave-ltfat, octave-miscellaneous, octave-mpi, octave-nurbs, octave-octcdf, octave-sockets, octave-strings, openlayers, python-structlog, signond. The following packages became reproducible after getting fixed:

atheme-services/7.0.7-1 by Antoine Beaupr .
boa-constructor/0.6.1-16 by Reiner Herrmann.
calculix-ccx/2.10-1 by Wolfgang F tterer, fixed upstream.
deap/1.0.2.post2-2 by Daniel Stender.
debian-keyring/2016.03.22 uploaded by Jonathan McDowell, fix by Niels Thykier, obsolete patch by Satyam Zode.
firefox-kwallet5/1.0-2 by Sandro Knau .
fox1.6/1.6.51-1 by Joachim Wiedorn.
gdnsd/2.2.3-1 by Faidon Liambotis.
glib2.0/2.48.0-1 uploaded by Iain Lane, original patch by Lunar, merged upstream.
jwm/2.3.4-1 uploaded by Samuel Henrique Oltramari Pinto, fix by Reiner Herrmann.
libasm4-java/5.0.4-2 by Emmanuel Bourg.
libjna-java/4.2.2-1 by Emmanuel Bourg.
libsynthesis/3.4.0.47.5+syncevolution-1.5.1-1 uploaded by Tino Mettler, patch by Reiner Herrmann.
logback/1:1.1.6-1 by Emmanuel Bourg.
nethack/3.6.0-2 uploaded by James Cowgill, patch by Reiner Herrmann.
php-htmlpurifier/4.7.0-2 by David Pr vot.
psocksxx/1.1.0-1 by Gianfranco Costamagna.
sbmltoolbox/4.1.0-3 uploaded by Afif Elghraoui, original patch by Reiner Herrmann.
spades/3.7.1+dfsg-2 by Sascha Steinbiss.
sprng/2.0a-10 uploaded by Dirk Eddelbuettel, original patch by Reiner Herrmann.

Some uploads fixed some reproducibility issues, but not all of them:

gle-graphics/4.2.5-2 by Christian T. Steigies.
kexec-tools/1:2.0.10-2 uploaded by Khalid Aziz, original patch by Lunar.
pdal/1.1.0-4 by Bas Couwenberg.
tcl8.5/8.5.19-2 uploaded by Sergei Golovan, original patch.
tcl8.6/8.6.5+dfsg-2 uploaded by Sergei Golovan, original patch.

Patches submitted which have not made their way to the archive yet:

#818742 on milkytracker by Reiner Herrmann: sorts the list of source files.
#818752 on tcl8.4 by Reiner Herrmann: sort source files using C locale.
#818753 on tk8.6 by Reiner Herrmann: sort source files using C locale.
#818754 on tk8.5 by Reiner Herrmann: sort source files using C locale.
#818755 on tk8.4 by Reiner Herrmann: sort source files using C locale.
#818952 on marionnet by ceridwen: dummy out build date and uname to make build reproducible.
#819334 on avahi by Reiner Herrmann: ship upstream changelog instead of the one generated by gettextize (although duplicate of #804141 by Santiago Vila).

tests.reproducible-builds.org i386 build nodes have been setup by converting 2 of the 4 amd64 nodes to i386. (h01ger) Package reviews 92 reviews have been removed, 66 added and 31 updated in the previous week. New issues: timestamps_generated_by_xbean_spring, timestamps_generated_by_mangosdk_spiprocessor. Chris Lamb filed 7 FTBFS bugs. Misc. On March 20th, Chris Lamb gave a talk at FOSSASIA 2016 in Singapore. The very same day, but a few timezones apart, h01ger did a presentation at LibrePlanet 2016 in Cambridge, Massachusetts. Seven GSoC/Outreachy applications were made by potential interns to work on various aspects of the reproducible builds effort. On top of interacting with several applicants, prospective mentors gathered to review the applications.

What happened in the reproducible builds effort between March 20th and March 26th:

Toolchain fixes

Sebastian Ramacher uploaded breathe/4.2.0-1 which makes its output deterministic. Original patch by Chris Lamb, merged uptream.

Rafael Laboissiere uploaded octave/4.0.1-1 which allows packages to be built in place and avoid unreproducible builds due to temporary build directories appearing in the `.oct` files.

Daniel Kahn Gillmor worked on removing build path from build symbols submitting a patch adding `-fdebug-prefix-map` to clang to match GCC, another patch against gcc-5 to backport the removal of `-fdebug-prefix-map` from `DW_AT_producer`, and finally by proposing the addition of a `normalizedebugpath` to the `reproducible` feature set of `dpkg-buildflags` that would use `-fdebug-prefix-map` to replace the current directory with `.` using `-fdebug-prefix-map`. As succesful result of lobbying at LibrePlanet 2016, the `--clamp-mtime` option will be featured in the next Tar release. This option is likely to be used by `dpkg-deb` to implement deterministic mtimes for packaged files.

Packages fixed The following packages have become reproducible due to changes in their build dependencies: augeas, gmtkbabel, ktikz, octave-control, octave-general, octave-image, octave-ltfat, octave-miscellaneous, octave-mpi, octave-nurbs, octave-octcdf, octave-sockets, octave-strings, openlayers, python-structlog, signond. The following packages became reproducible after getting fixed:

atheme-services/7.0.7-1 by Antoine Beaupr .

boa-constructor/0.6.1-16 by Reiner Herrmann.

calculix-ccx/2.10-1 by Wolfgang F tterer, fixed upstream.

deap/1.0.2.post2-2 by Daniel Stender.

debian-keyring/2016.03.22 uploaded by Jonathan McDowell, fix by Niels Thykier, obsolete patch by Satyam Zode.

firefox-kwallet5/1.0-2 by Sandro Knau .

fox1.6/1.6.51-1 by Joachim Wiedorn.

gdnsd/2.2.3-1 by Faidon Liambotis.

glib2.0/2.48.0-1 uploaded by Iain Lane, original patch by Lunar, merged upstream.

jwm/2.3.4-1 uploaded by Samuel Henrique Oltramari Pinto, fix by Reiner Herrmann.

libasm4-java/5.0.4-2 by Emmanuel Bourg.

libjna-java/4.2.2-1 by Emmanuel Bourg.

libsynthesis/3.4.0.47.5+syncevolution-1.5.1-1 uploaded by Tino Mettler, patch by Reiner Herrmann.

logback/1:1.1.6-1 by Emmanuel Bourg.

nethack/3.6.0-2 uploaded by James Cowgill, patch by Reiner Herrmann.

php-htmlpurifier/4.7.0-2 by David Pr vot.

psocksxx/1.1.0-1 by Gianfranco Costamagna.

sbmltoolbox/4.1.0-3 uploaded by Afif Elghraoui, original patch by Reiner Herrmann.

spades/3.7.1+dfsg-2 by Sascha Steinbiss.

sprng/2.0a-10 uploaded by Dirk Eddelbuettel, original patch by Reiner Herrmann.

Some uploads fixed some reproducibility issues, but not all of them:

gle-graphics/4.2.5-2 by Christian T. Steigies.

kexec-tools/1:2.0.10-2 uploaded by Khalid Aziz, original patch by Lunar.

pdal/1.1.0-4 by Bas Couwenberg.

tcl8.5/8.5.19-2 uploaded by Sergei Golovan, original patch.

tcl8.6/8.6.5+dfsg-2 uploaded by Sergei Golovan, original patch.

Patches submitted which have not made their way to the archive yet:

#818742 on milkytracker by Reiner Herrmann: sorts the list of source files.

#818752 on tcl8.4 by Reiner Herrmann: sort source files using C locale.

#818753 on tk8.6 by Reiner Herrmann: sort source files using C locale.

#818754 on tk8.5 by Reiner Herrmann: sort source files using C locale.

#818755 on tk8.4 by Reiner Herrmann: sort source files using C locale.

#818952 on marionnet by ceridwen: dummy out build date and uname to make build reproducible.

#819334 on avahi by Reiner Herrmann: ship upstream changelog instead of the one generated by gettextize (although duplicate of #804141 by Santiago Vila).

tests.reproducible-builds.org `i386` build nodes have been setup by converting 2 of the 4 `amd64` nodes to `i386`. (h01ger)

Package reviews 92 reviews have been removed, 66 added and 31 updated in the previous week. New issues: timestamps_generated_by_xbean_spring, timestamps_generated_by_mangosdk_spiprocessor. Chris Lamb filed 7 FTBFS bugs.

Misc. On March 20th, Chris Lamb gave a talk at FOSSASIA 2016 in Singapore. The very same day, but a few timezones apart, h01ger did a presentation at LibrePlanet 2016 in Cambridge, Massachusetts. Seven GSoC/Outreachy applications were made by potential interns to work on various aspects of the reproducible builds effort. On top of interacting with several applicants, prospective mentors gathered to review the applications. Huge thanks to Linda Naeun Lee for the new hackergotchi visible on Planet Debian.

What happened in the reproducible builds effort between January 24th and January 30th:

Media coverage Holger Levsen was interviewed by the FOSDEM team to introduce his talk on Sunday 31st.

Toolchain fixes Jonas Smedegaard uploaded d-shlibs/0.63 which makes the order of dependencies generated by `d-devlibdeps` stable accross locales. Original patch by Reiner Herrmann.

Packages fixed The following 53 packages have become reproducible due to changes in their build dependencies: appstream-glib, aptitude, arbtt, btrfs-tools, cinnamon-settings-daemon, cppcheck, debian-security-support, easytag, gitit, gnash, gnome-control-center, gnome-keyring, gnome-shell, gnome-software, graphite2, gtk+2.0, gupnp, gvfs, gyp, hgview, htmlcxx, i3status, imms, irker, jmapviewer, katarakt, kmod, lastpass-cli, libaccounts-glib, libam7xxx, libldm, libopenobex, libsecret, linthesia, mate-session-manager, mpris-remote, network-manager, paprefs, php-opencloud, pisa, pyacidobasic, python-pymzml, python-pyscss, qtquick1-opensource-src, rdkit, ruby-rails-html-sanitizer, shellex, slony1-2, spacezero, spamprobe, sugar-toolkit-gtk3, tachyon, tgt. The following packages became reproducible after getting fixed:

angband-doc/3.0.3.6 by Manoj Srivastava, obsolete patch by Chris Lamb.

atdgen/1.7.2-1 by St phane Glondu.

bibtool/2.63+ds-1 by Jerome Benoit.

cglib/3.2.0-1 by Emmanuel Bourg.

cmst/2016.01.28-1 by Alf Gaida.

coreutils/8.25-1 uploded by Michael Stone, fixed upstream.

doc-base/0.10.7 uploaded by Robert Luberda, original patch by Dhole.

fpc/3.0.0+dfsg-1 uploaded by Paul Gevers.

libaqbanking/5.6.4beta-1 by Micha Lenk.

libgcrypt20/1.6.4-5 uploaded by Andreas Metzler, original patch by Lunar.

libgwenhywfar/4.15.2beta-1 by Micha Lenk.

libxdmcp/1:1.1.2-1.1 by Helmut Grohne (report).

lpe/1.2.8-2 by Adam Majer, obsolete patches (#778197, #793697 by Chris Lamb and akira.

mariadb-10.0/10.0.23-2 by Otto Kek l inen.

mixxx/2.0.0~dfsg-1 by Sebastian Ramacher.

pd-lua/0.7.3-1 by IOhannes m zm lnig.

pd-zexy/2.2.6-2 by IOhannes m zm lnig.

polymake/3.0-1 uploaded by David Bremner, fixed upstream.

prometheus/0.16.2+ds-1 by Mart n Ferrari.

screengrab/1.95+20160128-1 uploaded by Alf Gaida (report).

spykeviewer/0.4.4-1 by Robert Pr pper, original patch by Reiner Herrmann.

testdisk/7.0-1 uploaded by Roland Stigge, upstream patch reported by Mattia Rizzolo.

xorg/1:7.7+13 uploaded by Timo Aaltonen, original patch by Dhole, merged by Andreas Boll.

Some uploads fixed some reproducibility issues, but not all of them:

gnubg/1.05.000-4 by Russ Allbery.

grcompiler/4.2-6 by Hideki Yamane.

sdlgfx/2.0.25-5 fix by Felix Geyer, uploaded by Gianfranco Costamagna.

Patches submitted which have not made their way to the archive yet:

#812876 on glib2.0 by Lunar: ensure that functions are sorted using the C locale when `giotypefuncs.c` is generated.

diffoscope development diffoscope 48 was released on January 26th. It fixes several issues introduced by the retrieval of extra symbols from Debian debug packages. It also restores compatibility with older versions of binutils which does not support `readelf --decompress`.

strip-nondeterminism development strip-nondeterminism 0.015-1 was uploaded on January 27th. It fixes handling of signed JAR files which are now going to be ignored to keep the signatures intact.

Package reviews 54 reviews have been removed, 36 added and 17 updated in the previous week. 30 new FTBFS bugs have been submitted by Chris Lamb, Michael Tautschnig, Mattia Rizzolo, Tobias Frost.

Misc. Alexander Couzens and Bryan Newbold have been busy fixing more issues in OpenWrt. Version 1.6.3 of FreeBSD's package manager `pkg(8)` now supports `SOURCE_DATE_EPOCH`. Ross Karchner did a lightning talk about reproducible builds at his work place and shared the slides.

What happened in the reproducible builds effort this week: Toolchain fixes

Robert Luberda uploaded ispell/3.4.00-4 which fixes another issue with uninitialized memory in ispell hashes. Original patch by Valentin Lorentz.
Robert Luberda uploaded man2html/1.6g-8 which adds support for SOURCE_DATE_EPOCH. Original patch by akira.
gregor herrmann uploaded libdebian-copyright-perl/0.2-3 which sorts copyright files for deterministic ordering. Original patch by Reiner Herrmann.
Rafael Laboissiere uploaded octave-pkg-dev/1.3.2 which normalizes the name of the temporary build directory. This doesn't seem to be enough to make Octave packages reproducible just yet, though.
Nicolas Boulenguez uploaded gprbuild/2015-1 which sets a deterministic date to the generated source.

Packages fixed The following packages became reproducible due to changes in their build dependencies: maven-plugin-tools, norwegian, ocaml-melt, python-biom-format, rivet. The following packages became reproducible after getting fixed:

apache2/2.4.17-1 by Stefan Fritsch.
autogen/1:5.18.6-3 by Andreas Metzler.
debian-timeline/37 by Chris Lamb.
fonty-rg/0.6 uploaded by Radovan Garab k, original patch by Chris Lamb.
foxeye/0.10.2-2 by Andriy Grytsenko.
hsqldb/2.3.3+dfsg2-1 by Markus Koschany.
jasperreports/6.1.1+dfsg-1 uploaded by Markus Koschany, fix by Emmanuel Bourg.
libmath-base-convert-perl/0.11-2 uploaded by Salvatore Bonaccorso, original patch by Reiner Herrmann.
libsdl2-gfx/1.0.1+dfsg-2 uploaded by Manuel A. Fernandez Montecelo, original patch by Reiner Herrmann.
libsdl2/2.0.2+dfsg1-8 uploaded by Gianfranco Costamagna, patch by Reiner Herrmann.
linux/4.2.5-1 by Ben Hutchings.
litl/0.1.7+dfsg-1 by Samuel Thibault, original patch by Chris Lamb.
python-keystoneclient/1:1.7.1-4 by Thomas Goirand.
sphinxbase/0.8+5prealpha-1 by Samuel Thibault.
tatan/1.0.dfsg1-6 uploaded by Markus Koschany, original patch by Reiner Herrmann.
v4l2loopback/0.9.1-4 uploaded by IOhannes m zm lnig, original patch.
yadifa/2.1.4-2 uploaded by Markus Schade, original patch by Reiner Herrmann.

Some uploads fixed some reproducibility issues but not all of them:

lcov/1.12-2 by Alastair McKinstry, original patch by Reiner Herrmann.
libsdl1.2/1.2.15-12 uploaded by Manuel A. Fernandez Montecelo, original patch by Reiner Herrmann.
metview/4.5.7-1 by Alastair McKinstry.
mumble/1.2.10-2 by Christopher Knadle.

The following package is currently failing to build from source but should now be reproducible:

p4vasp/0.3.29+dfsg-2 uploaded by Graham Inggs, original patch by Reiner Herrmann.

Patches submitted which have not made their way to the archive yet:

#803501 on fdroidserver by Reiner Herrmann: add support for SOURCE_DATE_EPOCH to docs/gendocs.sh and normalizes tarball permissions. Sent upstream.
#803547 on bbswitch by Reiner Herrmann: tell tar to normalize the permissions.
#803583 on ndiswrapper by Reiner Herrmann: tell tar to normalize the permissions.
#803601 on xtables-addons by Reiner Herrmann: tell tar to normalize the permissions.
#803603 on usb-modeswitch-data by Reiner Herrmann: tell tar to normalize the permissions.

reproducible.debian.net A quick update on current statistics: testing is at 85% of packages tested reproducible with our modified packages, unstable on armhf caught up with amd64 with 80%. The schroot name used for running diffoscope when testing OpenWrt, NetBSD, Coreboot, and Arch Linux has been fixed. (h01ger, Mattia Rizzolo) Documentation update Paul Gevers documented timestamps in unit files created by the Free Pascal Compiler. reproducible-builds.org is now live. It contains a comprehensive documentation on all aspects that have been identified so far of what we call reproducible builds . It makes room for pointers to projects working on reproducible builds, news, dedicated tools, and community events. Package reviews 206 reviews have been removed, 171 added and 196 updated this week. Chris Lamb reported 28 failing to build from source issues. New issues identified this week: timestamps_in_pdf_content, different_encoding_in_html_by_docbook_xsl, timestamps_in_ppu_generated_by_fpc, method_may_never_be_called_in_documentation_generated_by_javadoc. Misc. Andrei Borzenkov has proposed a fix for uninitialized memory in GRUB's mkimage. Uninitialized memory is one source of hard to track down reproducibility errors. Holger Levsen presented the efforts on reproduible builds at Festival de Software Libre in Puerto Vallarta, Mexico.

The following contributors got their Debian Developer accounts in the last two months:

Gianfranco Costamagna (locutusofborg)
Graham Inggs (ginggs)
Ximin Luo (infinity0)
Christian Kastner (ckk)
Tianon Gravi (tianon)
Iain R. Learmonth (irl)
Laura Arjona Reina (larjona)

The following contributors were added as Debian Maintainers in the last two months:

Senthil Kumaran
Riley Baird
Robie Basak
Alex Muntada
Johan Van de Wauw
Benjamin Barenblat
Paul Novotny
Jose Luis Rivero
Chris Knadle
Lennart Weller

Congratulations!

What happened in the reproducible builds effort this week: Toolchain fixes

St phane Glondu uploaded dh-ocaml/1.0.10 which now generates *.info with a deterministic order. Original patch by Chris Lamb. St phane also uploaded ocaml/4.02.3-1 to experimental which enables ocamldoc to build reproducible manpages using a patch by Valentin Lorentz.
Paul Gevers uploaded pasdoc/0.14.0-1 with upstream changes which should make the generated documentation reproducible by default.
Osamu Aoki uploaded debiandoc-sgml/1.2.31-1 adding spport for a DEBIANDOC_DATE environment variable to override the content of the <date> tag.
Dmitry Shachnev uploaded sphinx/1.3.1-4 which fixes many reproducibility issues and add support for SOURCE_DATE_EPOCH.

Valentin Lorentz sent a patch for ispell to initialize memory structures before dumping their content. In our experimental repository, qt4-x11 has been rebased on the latest version (Dhole), as was doxygen (akira). Packages fixed The following packages became reproducible due to changes in their build dependencies: backup-manager, cheese, coinor-csdp, coinor-dylp, ebook-speaker, freefem, indent, libjbcrypt-java, qtquick1-opensource-src, ruby-coffee-script, ruby-distribution, schroot, twittering-mode. The following packages became reproducible after getting fixed:

abook/0.6.0~pre2-5 by Denis Briand.
ada-reference-manual/1:2012.2-6 by Nicolas Boulenguez.
aegisub/3.2.2+dfsg-1 uploaded by Sebastian Reichel, original patch by Juan Picca.
casablanca/2.5.0-1 uploaded by Gianfranco Costamagna, fix by Mattia Rizzolo.
dpatch/2.0.37 by Gergely Nagy.
ganeti/2.14.1-1~exp1 by Apollon Oikonomopoulos.
gperf/3.0.4-2 by Hilko Bengen, report by akira.
htdig/1:3.2.0b6-14 uploaded by Ralf Treinen, original patch by Chris Lamb.
icedove/38.1.0-1 uploaded by Christoph Goehre, report by Lunar.
kamailio/4.3.1-2 by Victor Seva.
leveldb/1.18-3 uploaded by Laszlo Boszormenyi, original patch by Reiner Herrmann.
librostlab-blast/1.0.1-5 uploaded by Andreas Tille, original patch by Chris Lamb.
linux-tools/4.1.4-1 by Ben Hutchings.
nitpic/0.1-16 uploaded by Ralf Treinen, patches by Chris Lamb (#777492) and akira (#793708).
openscad/2015.03-1+dfsg-1 uploaded by Christian M. Ams ss, fixed upstream.
pciutils/1:3.3.1-1 uploaded by Anibal Monsalve Salazar, origial patch by Reiner Herrmann.
pyepr/0.9.3-1 uploaded by Antonio Valentino, original patch by Juan Picca.
pytables/3.2.1-1 by Antonio Valentino.
python-xlib/0.14+20091101-3 by Andrew Shadura, report by akira.
rrdtool/1.5.4-3 by Jean-Michel Vourg re.
sgmltools-lite/3.0.3.0.cvs.20010909-18 uploaded by Ralf Treinen, patches by Chris Lamb (#777011) and akira (#793720).
uhd/3.8.5-2 by A. Maitland Bottoms.
xfireworks/1.3-10 uploaded by Yukiharu YABUKI, original patch by Chris Lamb.

Some uploads fixed some reproducibility issues but not all of them:

ben/0.7.1 uploaded by Mehdi Dogguy, original patch by Reiner Herrmann.
debiandoc-sgml-doc/1.1.24 uploaded by Osamu Aoki, initial patch by Dhole.
ifrench-gut/1:1.0-31 uploaded by Lionel Elie Mamane, original patch by Valentin Lorentz.
qdjango/0.6.0-1 uploaded by Jeremy Lain , fixed upstream, original patch by akira.
spectacle/0.25-1 assembled by Philippe Coval, original patch by Chris Lamb.

Patches submitted which have not made their way to the archive yet:

#795203 on xlsx2csv by Dhole: set PODDATE to the date of the latest debian/changelog entry.
#795392 on blkreplay by Dhole: tell pod2man to use the date of the latest debian/changelog entry.
#795394 on libitpp by Dhole: use SOURCE_DATE_EPOCH as source for the manpage date instead of the currentdate.
#795395 on adblock-plus by Dhole: set TZ to UTC when using zip.
#795438 on wims-extra by Chris Lamb: ask grep to cope with non-UTF8 files.
#795441 on aprx by Chris Lamb: use SOURCE_DATE_EPOCH as source for the manpage date instead of the currentdate.
#795462 on ogre-1.9 by Chris Lamb: removes timestamps from the documentation system.
#795484 on ruby-rmagick by Chris Lamb: patch the bindings to allow the PRNG seed to be set, and set it to a fixed value when generating examples.
#795562 on htp by Chris Lamb: export TZ=UTC in debian/rules.

akira found another embedded code copy of texi2html in maxima. reproducible.debian.net Work on testing several architectures has continued. (Mattia/h01ger) Package reviews 29 reviews have been removed, 187 added and 34 updated this week. 172 new FTBFS reports were filled, 137 solely by Chris West (Faux). josch spent time investigating the issue with fonts in PDF files. Chris Lamb documented the issue affecting documentation generated by ocamldoc. Misc. Lunar presented a general Reproducible builds HOWTO talk at the Chaos Communication Camp 2015 in Germany on August 13th. Recordings are already available, as well as slides and script. h01ger and Lunar also used CCCamp15 as an opportunity to have discussions with members of several different projects about reproducible builds. Good news should be coming soon.

Slighthly delayed, but here are the stats for week 5 of the DUCK challenge:

Emmanuel Bourg uploaded gant
Marco d'Itri uploaded libsystemd-dummy
Christoph Egger uploaded sbcl
Sandro Tosi uploaded basemap
Hilko Bengen uploaded libbde
Bas Couwenberg uploaded gpx2shp
Michael Stapelberg uploaded dh-make-golang
Jackson Doak uploaded pyicu
Peter Pentchev uploaded stdsyslog
Gianfranco Costamagna uploaded cld2

So we had 10 packages fixed and uploaded by 10 different uploaders. A big "Thank You" to you!! Since the start of this challenge, a total of 59 packages, were fixed. Here is a quick overview:

	Week 1	Week 2	Week 3	Week 4	Week 5	Week 6	Week 7
# Packages	10	15	10	14	10	-	-
Total	10	25	35	49	59	-	-

The list of the fixed and updated packages is availabe here. I will try to update this ~daily. If I missed one of your uploads, please drop me a line. Only 2 more weeks to DebConf15 so please get involved: The DUCK Challenge is running until end of DebConf15! Pevious articles are here: Week 1, Week 2, Week 3, Week 4.