All Horde packages (horde3, imp4, kronolith2 ) were in GNU Arch repository. After Lenny release, we decided to migrate to Git. Git has a lot cool features, and I was convinced by Pierre Habouzit talk about Packaging with Git. Technically, I used git-archimport to keep all history of packaging. Each package has a Git repository with some branches: upstream, upstream+patches, upstream+repack (if needed), pristine-tar, debian-sid (imported from GNU Arch) and debian-<release>. The hardest step was to set up a common ancestor for debian-sid and upstream branches: I found git-merge-unrelated-branch script to do it automagically. I write guidelines for packaging Horde with Git on Debian Wiki with some notes about migration from GNU Arch to Git. Comments welcome!

This code comes from the actual sources of the last PHP release (ext/sockets/sockets.c). It's probable that this code has been here like, forever: First, yes, this is for real a static variable in the C module, those guys don't know about either of the const or static keyword.

   /* inet_ntop should be used instead of inet_ntoa */                                                       
   int inet_ntoa_lock = 0;

   /* ... */

Then they wrap getpeername:

   PHP_FUNCTION(socket_getpeername)
    
       /* ... */
       if (getpeername(php_sock->bsd_socket, sa, &salen) < 0)  
           PHP_SOCKET_ERROR(php_sock, "unable to retrieve peer name", errno);
           RETURN_FALSE;
        

so far so good. Or maybe not so good.

       switch (sa->sa_family)  
           case AF_INET:
               sin = (struct sockaddr_in *) sa;
               while (inet_ntoa_lock == 1);
               inet_ntoa_lock = 1;

Riiiiiight, locks 101, you fail.

               addr_string = inet_ntoa(sin->sin_addr);
               inet_ntoa_lock = 0;

QUICK ! let's release the lock before we actually use addr_string !

               zval_dtor(arg2);
               ZVAL_STRING(arg2, addr_string, 1);
               /*... */

And you know the best of it ? Of course that code is totally useless since^[1]:

   $ grep -wc inet_ntoa **/*.[hc] grep -v :0
   ext/sockets/sockets.c:4
   ext/standard/basic_functions.c:1
   ext/standard/dns.c:2
   main/network.c:1
   sapi/cgi/fastcgi.c:1
   sapi/tux/php_tux.c:1

Those guys are priceless. Especially when you consider the number of 50-liners to implement inet_ntop that lie around.

This vote is a joke. It mixes very different questions, among them:

• do we trust our release team ;
• shall we delay the Lenny release for firmware issues or not (We answered that twice in the past with huge majorities btw) ;
• shall we modify the meaning the the SC/DFSG.

And you're supposed to make one single option win. Not all options deal with those three questions at once. So definitely, like Julien states it: It's a TRAP. That's why there is one and only one winning stategy to that vote:

• rank (like Christian did) Further Discussion first.
• rank all the answers to the previous questions at the same level 2 (e.g. for me it's probably option 2 and 4 or something similar).
• do not rank the rest (or rank it 3 or greater or - or whatever).

This vote is a perversion of our voting system, don't fall for it. Edit (answer to Neil): Neil, you don't get it, if you make anything else than Further Discussion win, you actually let one option of the vote win. As most of the ballot options only answer at most 2 of the underlying questions I cited above, and only one for many of the options, you give the power to the secretary to decide what the option you voted for meant. This is unacceptable, therefore, you have to put further discussion first. We just don't want to let one single man (that showed that he's totally unable to prepare a sane vote, without pushing his agenda at the same time) decide the real issue of the vote.

There have been 470 mails during the last month in the DFSG violations threads on -vote@, but only 10 posters have contributed more than 10 mails so far:

85 Robert Millan
51 Manoj Srivastava
18 Pierre Habouzit
18 Josselin Mouette
16 Thomas Bushnell BSG
14 Stephen Gran
13 Frans Pop
13 Ean Schuessler
13 Adeodato Simo
12 Russ Allbery

Is someone working on a summary of the discussions? I would really hate it if we were asked to vote on this, with a “for details, see the -vote@ archives” footnote. (Robert Millan sounds like a perfect candidate for this task :-) )

Another point release for Etch has been done; now it's the time for the CD team to roll out new images after the next mirror pulse. The official announcements (prepared by Alexander Reichle-Schmehl, thanks!) will follow shortly afterwards. FTP master of the day was Joerg Jaspert, who did his first point release since Woody, as he told us on IRC. We appreciate your work and you spending your time that shortly before going to Argentina. This point release includes the etchnhalf update introducing a new kernel image (based on 2.6.24) and some driver updates. Additionally the infamous openssl hole will be fixed for good, even for new installs. Again I want to present you a list of people who contributed to this release. It cannot be complete as I got the information out of the Changed-by fields of the uploads.

• akira yamada
• Alexander Sack
• Alexander Schmehl
• A Mennucc1
• Andrea De Iacovo
• Andres Salomon
• Aurelien Jarno
• Charles Plessy
• Christian Perrier
• Christian Welzel
• Colin Watson
• dann frazier (indefatigable kernel worker, most sourceful uploads)
• Darren Salt
• Devin Carraway (3rd place of sourceful uploads, due to security work)
• Emmanuel Lacour
• Eric Dorland
• Fabio Tranchitella
• Faidon Liambotis
• Fathi Boudra
• Florian Weimer
• Francesco Paolo Lovergine
• Francois Marier
• Frank Lichtenheld
• Frans Pop (thanks for your d-i work!)
• Frederic Peters
• Gregory Colpart
• Holger Levsen
• Jan Wagner
• Jay Berkenbilt
• J r my Bobbio
• Joey Hess
• Joey Schulze
• Josselin Mouette
• Julien Cristau
• Kai Hendry
• Kurt Roeckx
• LaMont Jones
• Laszlo Boszormenyi
• Martin Pitt
• maximilian attems
• Michael Biebl
• Michael Koch
• Mike Hommey
• Moritz Muehlenhoff
• Noah Meyerhans
• Ola Lundqvist
• Otavio Salvador
• Patrick Matth i
• Petter Reinholdtsen
• Philipp Kern
• Pierre Habouzit
• Raphael Hertzog
• Rene Engelhard
• Robert Millan
• Roberto Lumbreras
• Roland Mas
• Romain Beauxis
• Russ Allbery
• Sean Finney
• Stefan Fritsch
• Steffen Joeris
• Stephen Gran
• Steve Kemp
• Sune Vuorela
• Thijs Kinkhorst (2nd place of sourceful uploads, due to security work)
• Thomas Viehmann
• Toni Mueller
• Tzafrir Cohen

From the Release Team we had dann frazier (who drove the important kernel part of etchnhalf), Luk Claes, Neil McGovern, Andreas Barth, Martin Zobel-Helas and me working on it. ;-)

Steve,

If you don't like seeing cumbersome security warnings for insecure https connections, how about not using https when what you really want is http in the first place?

Because I don't necessarily have the choice. When I'm reporting a bug on a given open source Trac, they often put https on them because they think it's better for them (and for them it is because they generated the certificate and so on), and there is no http version. Note that when I use https for myself, I import my CA in firefox, so I don't have a single warning, so I kind of know how to avoid them when I care about https. But there isn't always a plain HTTP alternative, and that is what makes it a real PITA. Okay, you want to warn the user the https isn't secure, there are plenty of ways that don't require you to add an exception on a certificate. I spoke of the little lock, because that's what is even on IE, but please remember than when you browse trusted https, the URL bar is in this kind of yellow. Well, if the https is unsecure, just don't put that background. If you really want, you can add some kind of rosa color to mark that it's "bad" but it in a not too terrible way (in opposition to a broken/invalid certificate and where the URL bar should be blinking red with an air-raid like siren). I repeat, the fact that the HTTPS certificate is self-signed never changes the fact that when a given user goes on this kind of https site, he wants to be there, and HE WILL click on the 5 silly steps of the SSL exception thing. So why bother ? It serve one single purpose: pissing users off. And for what it's worth, I disagree with you, most of the people that are not computer related I know absolutely don't know they could think that http_s_ is more secure than http. Each time I give them an URL without the http:// part they ask, is this https or http ?, because they absolutely don't get the difference, and I don't try to explain it to them, because this would lead them to think https is better. Those kind of people only rely on visual helpers from the browser part. They really do. PS: yes I also believe that bad security is worse than no security because it gives the illusion for people to be safe, and then they have bad behavior. When your condom is broken, things can go really wrong. But you missed my point, in the sense, probably because I'm too annoyed to make it clear inbetween rants. My point really was what I tried to explain, namely that if people don't know they should think there is security in the first place, your remark is moot, and for the other you can activate the different URL background, it's just fine. Of course, invalid certificates must remain a pain to go through, this whole thing is only about the untrusted ones.

Okay, following my irritated post I received (sigh) complaints about me being too harsh. So to these people here is what I say, because I'm tired answering the same thing over and over. For starters, the SSL dialog in firefox is badly designed:

1. My mom doesn't grok it, so it totally fails the "corridor testing" (see JoelOnSoftware if you don't know what it is), stop pretending otherwise;
2. since it fails with the "average not very computer literate user", I, as an advanced user, believe to be representative of this kind of person, say and affirm that this UI is completely broken and horrible, not to mention counter-intuitive.

That said, I have other things to say on the form. Yeah I've been harsh, and I will continue to be about this issue: this has not been designed with the simplicity in mind, but by geeks (FSVO geek) that believe that it's important to educate people about how nice HTTPS is and that everyone should talk in S3kr3t because its 733t. And I'm sure they tried very hard to make it very painful for users to have to deal with HTTPS and not believe in it to be trusted for bad reasons. Why ?

• because geeks want to use https when possible ;
• but they care about it to be secure (FSVO secure);
• and that they want the whole world to do like them because they know the TRUTH.

HELLLOOOO PEOPLE this is the wrong way to do it. People are already aware that it is https, because they did typed https in the URL. And again, my mom doesn't know what the s in https stands for and she doesn't care. What she cares about is to see the small lock when she logs on her bank website, not even when she goes on her webmail. You REALLY want to make a simple UI ? Well, please try to explain and justify (with real arguments) Why on earth is https with an untrusted certificate less secure than http ?. Okay I'll let you 3 seconds to think. 1
2
3 What is your answer ? OH see ? it isn't. So now second 1 question, why does it need to be more painful to use https with an untrusted certificate than plain http ?. Well, I don't have 3 seconds to give anymore, so let's jump to the answer: there is absolutely no reason. See, I'm far from an UI expert, and what I use every day for UIs would revulse 99% of the planet: vim as an editor, awesome as a tiling window manager, vimperator for a browser, and I live most of the time in a terminal. But it takes me like 10 minutes to design what I believe to be an excellent UI for https with untrusted certificate: just don't mind the certificate and show it like plain HTTP. YES I'M ANNOYED That brings me to the last point. I see in my comments, and have received the same by mail, that I should not be harsh with people writing such a brilliant piece of software. Well, the fact that firefox is or is not a good piece of software is totally irrelevant. When you claim no less than trying to reinvent the web, well, if you fuck up this big, you deserve it. No matter if it's a free piece of software or not. (or a piece of free software or not). When you request your users to click on FIVE completely counter-intuitive buttons/urls to finally be able to see a webpage they want to see (and my mom doesn't care about the webmail being insecurely hosted, really), with the first screen being almost the same than what you get when a serer timeouts or 404, well, you're just out of your mind. There is absolutely nothing that can excuse such a bad design, and the SSL thing is a failure. I mean everyone is laughing at the vista way of asking you if you really meant to go pee, well I see no difference here, it's as dumb and inefficient. No matter how much firefox did improved (and it did memory wise, believe me, I feel it, and I'm really glad about that), https is part of my everyday's life. Those five clicks are a real PAIN. When I'm reading documentation, browsing some sources, and so on, I go through this dialog about 3 to 10 times in a row. I'm totally unimpressed, and just because a couple of geeks believed that it was GOOD to educate me about how dangerous untrusted certificates are, I have to break my workflow to grab my mouse in the middle of my work. No sorry, I don't really want to be calm. In fact, what annoys me the most, is that I'm a programmer. And as a programmer, the worst thing to me, is regression. Regression is what happens when you're sloppy, and don't test your program enough. It's what happen when you aren't good enough to keep your concentration, and don't see the big picture, and constantly break your program invariants. So when I see a regression that people did on purpose, well, it shocks me beyond what I can explain with words, that's the worst thing you can do to a piece of software. I won't really mind a new feature that only partially works, I won't mind if a feature that is complicated to write isn't there after 5 years dreaming of it, but this ? I do mind. There is no way to consider that ruining a piece of software like that to the name of A Greater Good is excusable. Oh and last words: wanting to educate people this way is a way worst offense that what I will ever say on the subject. Such a condescending approach to what they think of their users reminds me of various journalists that I met, and that when I tried to rephrase some things so that they can write about it to their readers, answered to me oh you know, they're too dumb, they'll never understand. And as a result, articles or interview are always distorted, can't interest the readers that don't care about the subject a lot, because there's nothing captivating in the article, and is totally inexact and uninteresting to people interested in the matter, because it's void from its substance. Well, the SSL dialog gives me the very same impression: it's annoying to me who knows what a SSL certificate is, and my mom won't know a single bit more what an SSL certificate is and why she should care^[1].

Today seems to be Firefox/Iceweasel 3 Bashing Day on Planet Debian, so let me join the fun :) I agree with most other people that the default Firefox/Iceweasel 3 config is not ideal, so here's what I did to fix it. Some of these items improve performance, some remove annoyances, some remove privacy issues, some remove security issues. Not everything here may be desirable for people other than me. General

• Disable the bookmarks toolbar via "View / Toolbars / Bookmarks Toolbar", nobody needs that and we save some screen space. Remove all pre-defined bookmarks while we're at it.
• Select "View / Toolbars / Customize".
  • Add the "New Tab" button/icon right after the "Home" button. This is probably the most-used button (for me at least) and it's not available per default...
  • Click "Use Small Icons", there's no reason to waste screen space.
  • Remove the Google search bar (useless).
  • Now move all icons and the URL bar into the menu bar (I'm not kidding). After that you can disable the nagivation toolbar via "View / Toolbars / Navigation Toolbar" and save even more screen space.

Preferences Select "Edit / Preferences". Main:

• Select "When Iceweasel starts: Show a blank page".
• Set "Home Page" to whatever you see fit.

Tabs:

• Enable "Always show the tab bar".

Content:

• At the right-hand side of "Enable JavaScript" click "Advanced" and uncheck all checkboxes. JavaScript stuff shouldn't need to do any of those operations.
• Uncheck "Enable Java". Nobody needs this crap and it's a huge security risk.

Privacy:

• Disable "Keep my history for xyz days" completely. Huge privacy risks.
• Disable "Remember what I enter in forms and the search bar". Huge security and privacy risks, almost no gain.
• Disable "Remember what I've downloaded". Huge privacy risks.
• Uncheck "Accept third-party cookies".
• Choose "Keep until: I close Iceweasel".
• Click "Show Cookies" and remove all of them.
• Enable "Always clear my private data when I close Iceweasel". Click "Settings" and check all items. You want to purge everything when closing Iceweasel.

Security:

• On the right-hand side of "Warn me when sites try to install add-ons" click "Exceptions" and remove all exceptions.
• Disable "Tell me if the site I'm visiting is a suspected attack site". Useless crap, possibly a privacy issue.
• Disable "Tell me if the site I'm visiting is a suspected forgery". Useless crap, possibly a privacy issue.
• Disable "Remember passwords for sites". This is a huge security risk, never ever enable it!

Advanced:

• "General" tab:
  • Enable "Warn me when web sites try to redirect or reload the page".
  • Disable "Check my spelling as I type". Useless, annoying crap, which probably even impacts performance.
• "Update" tab:
  • Disable "Automatically check for updates to: Installed Add-ons".
  • Disable "Automatically check for updates to: Search Engines".
  • Select "When updates to Iceweasel are found: Ask me what I want to do".
about:config Open a new tab, enter "about:config" as URL and hit ENTER. Click the annoying "I'll be careful, I promise!" button. Uncheck "Show this warning next time" while we're at it.
• Set browser.urlbar.matchOnlyTyped = true to disable the new, annoying "AwesomeBar" URL bar feature (which is also a huge privacy risk).
• Browser tabs are way too huge for my taste (thus only very few fit on the screen). Fix it with browser.tabs.tabMinWidth = 60 and browser.tabs.tabMaxWidth = 60 (needs a browser restart). You can even use less than 60 if you don't need any text and an icon per tab is enough for you.
• Disable the annoying, flashing auto-search stuff when you select "Tools / Add-ons / Get Add-ons": Set extentions.getAddons.showPane = false.
• Set bidi.support = 0. You'll probably never need it, so reduce the number of potential bugs and security issues by disabling it.
• Self-signed certificate handling is annoying, so fix it with: browser.ssl_override_behavior = 2 and browser.xul.error_pages.expert_bad_cert = true (thanks Pierre Habouzit).
• Set browser.tabs.closeButtons = 3 in order to prevent accidental closing of tabs (no more Close buttons on each tab, only one global Close button on the right). Yes, CTRL+Shift+T helps in case it still happens.
• Set network.prefetch-next = false to prevent random prefetching of webpages which means wasting CPU cycles and bandwidth, as well as subtle privacy and security issues.
Plugins None. Don't even think about installing crap like the closed-source Flash player if stability or security are important to you. If you absolutely must watch YouTube videos, I recommend youtube-dl. Extensions Use as few as possible. Every extention may have security problems or bugs, and can negatively affect performance etc. Pretty much the only one I use is NoScript to selectively enable JavaScript for some trusted websites (and disable it for all other sites).

Yes Stefano, I too believe that the SSL certificate thingy in Iceweasel 3 is just a bad joke. I mean WHAT THE FUCK WERE THEY THINKING ? At least in the RCs it improved, and the logo isn't the same as 404, it took me 10 refresh the first time I saw it to understand that it was not a 404 but an untrusted self-signed certificate. And the whole "exception" thing is absurd. NO I DON'T WANT TO ADD AN EXCEPTION you morons. Here would be a good UI, that I never saw implemented in any browser but would make sense:

• I want to browse the damn site, that you remember for me the current certificate, and browse without pretending it's safe (this way users do not believe to be protected when they are not).
• Next time I go to that website again, if the untrusted certificate changed, then and only then I want to be bugged about the fact that this website changed its certificate.
• I don't want any popup, anything, no "yellow" background in the URL (as the certificate is not trusted) no nothing, just browse it as if it was plain HTTP wrt the UI.

It's enough for 99.9% of the users. Then, some of us really care about importing some untrusted certificates (for our own webmails e.g.). Then well, a small button that allows advanced users to check, import, and mark an untrusted certificate as trusted is just what one needs. One can even hide that in some menu, it would be fine. I for example, have only checked the SSL certificate from my webmail and something like 3 or 4 websites. I do NOT want to be bugged for the other. But no, instead we have this completely delirious interface that no-one can sanely call User Interface. They're on crack. Anyways, here is a way to make your pain easier, either in about:config or in your $ HOME /.mozilla/firefox/$ profile-with-name-on-crack-id /user.prefs set the following values this way^[1]:

 user_pref("browser.ssl_override_behavior", 2);
 user_pref("browser.xul.error_pages.expert_bad_cert", true);

It makes validating a certificate two clicks away (one of the settings shows the 'add exception' buttons instead of showing a link to make them visible, the other settings makes firefox download the certificate for you so that you don't have to ASK HIM to do so^[2]. And you know the worst thing ? I'm sure the guy(s) who wrote this fucking dialog is(are) very proud of it.

  (1:55) 
  [artemis] sudo dpkg --purge ion3 ion3-scripts
 [sudo] password for madcoder: 
 (Reading database ... 126510 files and directories currently installed.)
 Removing ion3-scripts ...
 Purging configuration files for ion3-scripts ...
 Removing ion3 ...
 Purging configuration files for ion3 ...
 dpkg - warning: while removing ion3, directory  /etc/X11/ion3' not empty so not removed.
 dpkg - warning: while removing ion3, directory  /usr/lib/ion3/lc' not empty so not removed.
 Processing triggers for menu ...
 Processing triggers for man-db ...
 sudo dpkg --purge ion3 ion3-scripts  1,25s user 1,19s system 12% cpu 19,539 total

AAAAAAAAAAAAAAHHHHHHHHHHHHHHHHHHHHHHHHH I feel better now. I'm right now a proud awesome-3-git user. The current git version has 90% of what I used in ion3. I mostly mis tabs, but I'm almost already used not to have them anymore, tiling is way better after all, and there are pure lua implementations of those around, just the current one are not nice enough (IMHO) but it can only improve. Another missing feature is autocompletion in the launch command / ssh to / ... menus. But I assume this would not really be hard to add. OTOH there are already things that I like better in awesome: it's easier to extend than ion3, the widgets are a fantastic idea, it uses antialiased fonts, and so on. And layouts are a really clever idea for sure. See here to see what it can look like.

With firefox3 entering unstable, it's now possible to upload firefox3 extensions. Vimperator just entered unstable tonight, just enjoy it. For those not knowing about it, it's an excellent extension that gives to your firefox the vim look and feel. People that are already hooked to git will love it. Tiled window manager users usually love it. The best feature it has is the so called quick hints feature. Type f in command mode, to have nice labels next to every link in the page. You can type some letter, and only links that contains those letters will have the hints, and you'll see something like this (I added 'mo' after having asked for quick hints like you can see in the ruler):

Dear Bastian let's fix your blog post.

Philipp thinks, the fact that rng is not using the information in /usr/share/bug renders rng unfit for release and upgraded the corresponding bugreport from wishlist to serious. Moreover: since I dared to downgrade the report back to wishlist he decided to remove rng from testing and block it until the bug is fixed.

s/Philipp/the Release Team/g. And yes, we believe that reportbug-ng goes against the Maintainers wishes, and doesn't help users that don't know how to report a bug (and which are rng audience unless I'm mistaken).

I don t want to heat the debate about this bug again, but Philipp s decision seems arbitrary for me and I wonder if the same standard is applied to every other Debian package.

It's not, it was discussed in the Release Team and was not Philipp on his own alone. And yes, the same standards of quality is wanted for every package in Debian.

I mean, rng has no release critical defects.

That's you claiming that, there have been really constructive remarks in both bug that we upgraded, and that I think explain wisely why the current reportbug-ng behaviour doesn't makes it a suitable reportbug tool right now. I think for example that Sam's and Michael Biebl contributions in both bugs are good explanations of what is wrong and why.

It just does not use the aforementioned scripts as additional information in bugreports does this really render the software unfit for release ?

Yes it does. Again, people that use rng are I think, less experienced users, who need guidance through the bug reporting process. The kind of users that often send annoying bug reports. Instead of lowering the annoyance factor, you aggravate it. In the end, rng makes the frustration higher, and totally fails to meet its primary goals: making bug reporting nicer, simpler, and more efficient for the Reporter and the Maintainer. While it's probably nicer for the reporter, you totally fail on the other part of the contract. And if you don't care about the Maintainer, then well, reportbug-ng is just a spam machine to them, and your careless attitude toward them is unfit for release for sure.

Following Martin's post on the subject, since I created my prompt, I've updated quite a lot. It only showed the branch before, now it does so even when I'm on a detached head or something, and also shows when I'm in the middle of a rebase or a merge. You can see the zsh-fu for this. For example, when I'm in the middle of a rebase on my paid work repository, it looks like:

 (10:34) <~/dev/mmsx master <rebase -i>> 
 [artemis]                                                 (~/dev/mmsx/Build/)

With nice colors I cannot really show without a screenshot that I'm too lazy to do :) This is a recent addition that I shamelessly took from the contrib bash prompt in git-core package. And to be frank it's really needed, because it's cheap tests (basically looking for magic file names) and that it can tell you if you forgot to end a rebase or a merge, which can happen if you have been disturbed in the middle of it by a colleague for example. I liked the '*' idea from Martin to show if the tree is dirty. Sadly it's not an option. Martin, to do that, you can do:

 unclean=
 git diff-files --quiet && git diff-index --cached --quiet HEAD --   unclean='*'

But this is a very expensive operation. On the glibc git repository, it takes seconds with cold cache (and it's not very surprising because it basically has to stat(3) a lot of stuff). And not having a shell for seconds is a bit extreme. PS: I know my prompt only supports git, but:

1. I barely care about other VCSes as I only use git and sometimes svn for packaging ;
2. when I have to use svn it's for cheap stuff where I don't really need the prompt help.

Today is again about removing packages from testing as my hintfile says. We've discussed (in the RM team) policy a bit, and it seems that we agree that packages with Release Critical bugs open for more than 3 weeks without any kind of activity from the Maintainer warrant a removal from testing without prior notification. Tonight's work is then just doing the quite not fascinating work of going through this list and look for removal candidates. Note that we will always give more time to Maintainers that need it to fix a bug, if he/she states so in the bug report. Needing time is perfectly okay. Not telling about it isn't.

Paid work burnt all my free time recenlty, that's why there wasn't a rc-bug-a-day for two days. I'm back with two removals, a couple of gcc-4.3 FTBFSes fixed. And 5 uploads for RG bugs from Sandro Tosi that were rotting in my mail client. The bad news for tonight is that gcc-4.3 FTBFSes are now RC, since it's the default compiler on several architectures. That's almost 40 new RC we now have to deal with. The fun part will be that those RC will probably hinder some transitions to testing. Maintainers, please, fix your packages. There are still too many packages with RG bugs on them, open for many days, from maintainer that are otherwise quite active on IRC or the lists

Today's RC bug was 470462, removal of a package that as a patch for a FTBFS and absolutely no maintainer answers (#417047). I'm also quite excited because I have a mail with 9 nmudiff's for RG/RC bugs waiting to be processed from Sandro Tosi. I want MOAR !

There was no RC-Bug-A-Day yesterday, so two RC bugs for today:

• #463094 some missing $ subst:Stuff in a debian/control;
• #456864 some other missing Build-Dependency causing a FTBFS.

I also plan to sponsor the requests piling in my @debian.org mailbox tonight too.

For today, a debian/copyright bug in tct was fixed.

I sponsored (ugh!) a new ia32-libs today, which means we now are 4 RC down. Note: I really hate this package.

For today: 469552 was downgraded for probably be a user problem and ktranslator was removed due to 469552. I know that the latter wasn't RC for very long (a couple of days at least) but the maintainer should have detect the criticity of the problem himself (the package is mostly unusable because he can't find some of its plugins or sth like that) and is totally unresponsive. I'm pleased to announce that we went under the 400 bugs in lenny (according to turmzimmer) and around 250 bugs that are present in both lenny and sid (which is the "real" amount of bugs to fix).