# sudo apt install licenserecon
jas@kaka:~/dpkg/resolv-wrapper$ lrc
Parsing Source Tree ....
Running licensecheck ....
d/copyright       licensecheck
BSD-3-Clauses     BSD-3-clause     src/resolv_wrapper.c
BSD-3-Clauses     BSD-3-clause     tests/dns_srv.c
BSD-3-Clauses     BSD-3-clause     tests/test_dns_fake.c
BSD-3-Clauses     BSD-3-clause     tests/test_res_query_search.c
BSD-3-Clauses     BSD-3-clause     tests/torture.c
BSD-3-Clauses     BSD-3-clause     tests/torture.h
jas@kaka:~/dpkg/resolv-wrapper$ 

---
include:
  - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/recipes/debian.yml
  - https://salsa.debian.org/debian/licenserecon/raw/main/debian/licenserecon.yml

$ cd $ WORKING_DIR /$ SOURCE_DIR 
$ lrc
Parsing Source Tree ....
Running licensecheck ....
No differences found
Cleaning up project directory and file based variables

This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. Please report excessive re-aggregation in third-party for-profit settings.

I ll explore how I go about identifying issues to work on, learn more about the specific issues, recreate the problem locally, isolate the potential causes, dissect the problem into identifiable parts, and adapt the packaging and/or source code to fix the issues.

In the role of a packager, updating packages is a recurring task. For some projects, a packager is involved in upstream maintenance, or well written release notes make it easy to figure out what changed between the releases. This isn t always the case, for instance with some small project maintained by one or two people somewhere on GitHub, and it can be useful to verify what exactly changed. Diffoscope can help determine the changes between package releases. [ ]

diffoscope diffoscope is our in-depth and content-aware diff utility. Not only can it locate and diagnose reproducibility issues, it can provide human-readable diffs from many kinds of binary formats. This month, Chris Lamb made the following changes, including preparing and uploading versions 190, 191, 192, 193 and 194 to Debian:

• New features:
  • Continue loading a .changes file even if the referenced files do not exist, but include a comment in the returned diff. [ ]
  • Log the reason if we cannot load a Debian .changes file. [ ]
• Bug fixes:
  • Detect XML files as XML files if file(1) claims if they are XML files or if they are named .xml. (#999438)
  • Don t duplicate file lists at each directory level. (#989192)
  • Don t raise a traceback when comparing nested directories with non-directories. [ ]
  • Re-enable test_android_manifest. [ ]
  • Don t reject Debian .changes files if they contain non-printable characters. [ ]
• Codebase improvements:
  • Avoid aliasing variables if we aren t going to use them. [ ]
  • Use isinstance over type. [ ]
  • Drop a number of unused imports. [ ]
  • Update a bunch of %-style string interpolations into f-strings or str.format. [ ]
  • When pretty-printing JSON, mark the difference as being reformatted, additionally avoiding including the full path. [ ]
  • Import itertools top-level module directly. [ ]

Chris Lamb also made an update to the command-line client to trydiffoscope, a web-based version of the diffoscope in-depth and content-aware diff utility, specifically only waiting for 2 minutes for try.diffoscope.org to respond in tests. (#998360) In addition Brandon Maier corrected an issue where parts of large diffs were missing from the output [ ], Zbigniew J drzejewski-Szmek fixed some logic in the assert_diff_startswith method [ ] and Mattia Rizzolo updated the packaging metadata to denote that we support both Python 3.9 and 3.10 [ ] as well as a number of warning-related changes[ ][ ]. Vagrant Cascadian also updated the diffoscope package in GNU Guix [ ][ ].

Distribution work In Debian, Roland Clobus updated the wiki page documenting Debian reproducible Live images to mention some new bug reports and also posted an in-depth status update to our mailing list. In addition, 90 reviews of Debian packages were added, 18 were updated and 23 were removed this month adding to our knowledge about identified issues. Chris Lamb identified a new toolchain issue, absolute_path_in_cmake_file_generated_by_meson.
Work has begun on classifying reproducibility issues in packages within the Arch Linux distribution. Similar to the analogous effort within Debian (outlined above), package information is listed in a human-readable packages.yml YAML file and a sibling README.md file shows how to classify packages too. Finally, Bernhard M. Wiedemann posted his monthly reproducible builds status report for openSUSE and Vagrant Cascadian updated a link on our website to link to the GNU Guix reproducibility testing overview [ ].

Software development The Reproducible Builds project detects, dissects and attempts to fix as many currently-unreproducible packages as possible. We endeavour to send all of our patches upstream where appropriate. This month, we wrote a large number of such patches, including:

• Bernhard M. Wiedemann:
  • ck (build failure in single-CPU machine)
  • libfabric (date-related issue)
  • python-dukpy-kovidgoyal (filesystem ordering)
  • python-thriftpy2 (build failure in the far future)
  • smplayer (date)
• Chris Lamb:
  • #998312 filed against ibus-input-pad.
  • #999848 filed against node-cssstyle.
  • #999866 filed against liboqs.
  • #1000326 filed against xrstools.
  • #1000327 filed against meson (forwarded).
  • #1000401 filed against golang-github-go-git-go-git.
  • #1000531 filed against sphinxcontrib-applehelp.
  • #1000532 filed against sphinxcontrib-jsmath.
  • #1000533 filed against sphinxcontrib-htmlhelp.
  • #1000535 filed against sphinxcontrib-restbuilder.
  • #1000769 filed against node-marked.
  • #1000770 filed against perfect-scrollbar.
• Roland Clobus:
  • #1000674 and #1000685 filed against dictionaries-common (randomness in Ispell dictionaries)
• Simon McVittie:
  • #999552 filed against pcs.
• Vagrant Cascadian:
  • #998420 filed against minia.
  • #1000768 filed against krb5.
  • #1000836 filed against libu2f-host.
  • #1000839 filed against gutenprint.
  • #1000893 filed against bind9.
  • #1000897 filed against lift.
  • #1000921 filed against syncevolution.
  • #1000944 filed against apbs.
  • #1000945 filed against binutils-riscv64-unknown-elf.
  • #1000946 filed against gcc-riscv64-unknown-elf.
  • opensbi, which later led to a better patch on their mailing list.

Elsewhere, in software development, Jonas Witschel updated strip-nondeterminism, our tool to remove specific non-deterministic results from a completed build so that it did not fail on JAR archives containing invalid members with a .jar extension [ ]. This change was later uploaded to Debian by Chris Lamb. reprotest is the Reproducible Build s project end-user tool to build the same source code twice in widely different environments and checking whether the binaries produced by the builds have any differences. This month, Mattia Rizzolo overhauled the Debian packaging [ ][ ][ ] and fixed a bug surrounding suffixes in the Debian package version [ ], whilst Stefano Rivera fixed an issue where the package tests were broken after the removal of diffoscope from the package s strict dependencies [ ].

Testing framework The Reproducible Builds project runs a testing framework at tests.reproducible-builds.org, to check packages and other artifacts for reproducibility. This month, the following changes were made:

• Holger Levsen:
  • Document the progress in setting up snapshot.reproducible-builds.org. [ ]
  • Add the packages required for debian-snapshot. [ ]
  • Make the dstat package available on all Debian based systems. [ ]
  • Mark virt32b-armhf and virt64b-armhf as down. [ ]
• Jochen Sprickerhof:
  • Add SSH authentication key and enable access to the osuosl168-amd64 node. [ ][ ]
• Mattia Rizzolo:

  • Revert reproducible Debian: mark virt(32

    64)b-armhf as down - restored. [ ]

• Roland Clobus (Debian live image generation):
  • Rename sid internally to unstable until an issue in the snapshot system is resolved. [ ]
  • Extend testing to include Debian bookworm too.. [ ]
  • Automatically create the Jenkins view to display jobs related to building the Live images. [ ]
• Vagrant Cascadian:
  • Add a Debian package set group for the packages and tools maintained by the Reproducible Builds maintainers themselves. [ ]

---

If you are interested in contributing to the Reproducible Builds project, please visit our Contribute page on our website. However, you can get in touch with us via:

• IRC: #reproducible-builds on irc.oftc.net.
• Twitter: @ReproBuilds
• Mailing list: rb-general@lists.reproducible-builds.org

• While looking at Kurento Media Server, we stumbled over forked portions of code that are not uploadable to Debian as is (kmsjsoncpp, kms-gstreamer). These components would contain old and unmaintained, but also KMS-patched copies of code. Uploading those would violate Debian policy (which in short forbids code duplications in the archive). We are in touch with Kurento upstream and they have removing these forked projects on their development roadmap, although it is unclear when this might be ready for productive use.
• At the same time, we read BBB developer posts that suggested Janus WebRTC as a possible alternative to Kurento Media Server. As our main directive is getting BigBlueButton into Debian, we might drop the Kurento packaging initiative and spend resources on other components (as Janus WebRTC, thanks to Jonas Smedegaard, already is in Debian).
• The coming week (what a great coincidence), BigBlueButton World 2021 [2] will be held online and the schedule promises a lot of interesting talks and speakers. If interested, join up for free registration. Amongst others, Paulo Lanzarin will be speaking about "BigBlueButton s Media Stack: Overview and the Road Ahead" (12:30 EST(!), June 23rd). For the complete schedule, see [3].

• Thanks to Paul Wise, who joined the packaging effort last week.
• Thanks to Ingo Wichmann from Linuxhotel who is my point of contact on this to the sponsor (German Unix Users Group e.V.) of this endeavour.

remotes/private/attic/novena                    822ca2bb add letter i sent to novena, never published
remotes/private/attic/secureboot                de09d82b quick review, add note and graph
remotes/private/attic/wireguard                 5c5340d1 wireguard review, tutorial and comparison with alternatives
remotes/private/backlog/dat                     914c5edf Merge branch 'master' into backlog/dat
remotes/private/backlog/packet                  9b2c6d1a ham radio packet innovations and primer
remotes/private/backlog/performance-tweaks      dcf02676 config notes for http2
remotes/private/backlog/serverless              9fce6484 postponed until kubecon europe
remotes/private/fin/cost-of-hosting             00d8e499 cost-of-hosting article online
remotes/private/fin/kubecon                     f4fd7df2 remove published or spun off articles
remotes/private/fin/kubecon-overview            21fae984 publish kubecon overview article
remotes/private/fin/kubecon2018                 1edc5ec8 add series
remotes/private/fin/netconf                     3f4b7ece publish the netconf articles
remotes/private/fin/netdev                      6ee66559 publish articles from netdev 2.2
remotes/private/fin/pgp-offline                 f841deed pgp offline branch ready for publication
remotes/private/fin/primes                      c7e5b912 publish the ROCA paper
remotes/private/fin/runtimes                    4bee1d70 prepare publication of runtimes articles
remotes/private/fin/token-benchmarks            5a363992 regenerate timestamp automatically
remotes/private/ideas/astropy                   95d53152 astropy or python in astronomy
remotes/private/ideas/avaneya                   20a6d149 crowdfunded blade-runner-themed GPLv3 simcity-like simulator
remotes/private/ideas/backups-benchmarks        fe2f1f13 review of backup software through performance and features
remotes/private/ideas/cumin                     7bed3945 review of the cumin automation tool from WM foundation
remotes/private/ideas/future-of-distros         d086ca0d modern packaging problems and complex apps
remotes/private/ideas/on-dying                  a92ad23f another dying thing
remotes/private/ideas/openpgp-discovery         8f2782f0 openpgp discovery mechanisms (WKD, etc), thanks to jonas meurer
remotes/private/ideas/password-bench            451602c0 bruteforce estimates for various password patterns compared with RSA key sizes
remotes/private/ideas/prometheus-openmetrics    2568dbd6 openmetrics standardizing prom metrics enpoints
remotes/private/ideas/telling-time              f3c24a53 another way of telling time
remotes/private/ideas/wallabako                 4f44c5da talk about wallabako, read-it-later + kobo hacking
remotes/private/stalled/bench-bench-bench       8cef0504 benchmarking http benchmarking tools
remotes/private/stalled/debian-survey-democracy 909bdc98 free software surveys and debian democracy, volunteer vs paid work

Attic Those are articles that I thought about, then finally rejected, either because it didn't seem worth it, or my editors rejected it, or I just moved on:

• novena: the project is ooold now, didn't seem to fit a LWN article. it was basically "how can i build my novena now" and "you guys rock!" it seems like the MNT Reform is the brain child of the Novena now, and I dare say it's even cooler!
• secureboot: my LWN editors were critical of my approach, and probably rightly so - it's a really complex subject and I was probably out of my depth... it's also out of date now, we did manage secureboot in Debian
• wireguard: LWN ended up writing extensive coverage, and I was biased against Donenfeld because of conflicts in a previous project

Backlog Those were articles I was planning to write about next.

• dat: I already had written Sharing and archiving data sets with Dat, but it seems I had more to say... mostly performance issues, beaker, no streaming, limited adoption... to be investigated, I guess?
• packet: a primer on data communications over ham radio, and the cool new tech that has emerged in the free software world. those are mainly notes about Pat, Direwolf, APRS and so on... just never got around to making sense of it or really using the tech...
• performance-tweaks: "optimizing websites at the age of http2", the unwritten story of the optimization of this website with HTTP/2 and friends
• serverless: god. one of the leftover topics at Kubecon, my notes on this were thin, and the actual subject, possibly even thinner... the only lie worse than the cloud is that there's no server at all! concretely, that's a pile of notes about Kubecon which I wanted to sort through. Probably belongs in the attic now.

Fin Those are finished articles, they were published on my website and LWN, but the branches were kept because previous drafts had private notes that should not be published.

Ideas

• astropy: "Python in astronomy" - had a chat with saimn while writing about sigal, and it turns out he actually works on free software in astronomy, in Python... I actually expect LWN to cover this sooner than later, after Lee Phillips's introduction to SciPy
• avaneya: crowdfunded blade-runner-themed GPLv3 simcity-like simulator, i just have that link so far
• backups-benchmarks: review of backup software through performance and features, possibly based on those benchmarks, maybe based on this list from restic although they refused casync. benchmark articles are hard though, especially when you want to "cover them all"... I did write a silly Attic vs Bup back when those programs existed (2014), in a related note...
• ideas/cumin: review of the Cumin automation tool from WikiMedia Foundation... I ended up using the tool at work and writing service documentation for it
• ideas/future-of-distros: modern packaging problems and complex apps, starting from this discussion about the removal of Dolibarr from Debian, a summary of the thread from liw, and ideas from joeyh (now from the outside of Debian), then debates over the power of FTP masters - ugh, glad I didn't step in that rat's nest
• ideas/on-dying: "what happens when a hacker dies?" rather grim subject, but a more and more important one... joeyh has ideas again, phk as well, then there's a protocol for dying (really grim)... then there are site policies like GitHub, Facebook, etc... more in the branch, but that one I can't help but think about now that family has taken a bigger place in my life...
• ideas/openpgp-discovery: OpenPGP discovery mechanisms (WKD, etc), suggested by Jonas Meurer (somewhere?), only links to Mailveloppe, LEAP, WKD (or is it WKS?), another standard, probably would need to talk about OpenPGP CA now and how Debian and Tor manage their keyrings... pain in the back.
• ideas/password-bench: bruteforce estimates for various password patterns compared with RSA key sizes, spinoff of my smartcard article, in the crypto-bench, look at this shiny graph, surely that must mean an article, right?
• ideas/prometheus-openmetrics: "Evolving the Prometheus exposition format into a standard", seems like this happened
• ideas/telling-time: telling time to users is hard. xclock vs ttyclock, etc. maybe gameclock and undertime as well? syncing time is hard, but it turns out showing it is non trivial as well... basically turning this bug report into an article. for some reason I linked to this meme, derived from this meme, presumably a premonition of my stupid idea of writing undertime TIMEZONES!
• ideas/wallabako: "talk about wallabako, read-it-later + kobo hacking", that's it, not even a link to the project!

A lot of those branches were actually just an empty commit, with the commitlog being the "pitch", more or less. I'd send that list to my editors, sometimes with a few more links (basically the above), and they would nudge me one way or the other. Sometimes they would actively discourage me to write about something, and I would do it anyways, send them a draft, and they would patiently make me rewrite it until it was a decent article. This was especially hard with the terminal emulator series, which took forever to write and even got my editors upset when they realized I had never installed Fedora (I ended up installing it, and I was proven wrong!)

Stalled Oh, and then there's those: those are either "ideas" or "backlog" that got so far behind that I just moved them out of the way because I was tired of seeing them in my list.

• stalled/bench-bench-bench benchmarking http benchmarking tools, a horrible mess of links, copy-paste from terminals, and ideas about benchmarking... some of this trickled out into this benchmarking guide at Tor, but not much more than the list of tools
• stalled/debian-survey-democracy: "free software surveys and Debian democracy, volunteer vs paid work"... A long standing concern of mine is that all Debian work is supposed to be volunteer, and paying explicitly for work inside Debian has traditionally been frowned upon, even leading to serious drama and dissent (remember Dunc-Tank)? back when I was writing for LWN, I was also doing paid work for Debian LTS. I also learned that a lot (most?) Debian Developers were actually being paid by their job to work on Debian. So I was confused by this apparent contradiction, especially given how the LTS project has been mostly accepted, while Dunc-Tank was not... See also this talk at Debconf 16. I had hopes that this study would show the "hunch" people have offered (that most DDs are paid to work on Debian) but it seems to show the reverse (only 36% of DDs, and 18% of all respondents paid). So I am still confused and worried about the sustainability of Debian.

What do you think? So that's all I got. As people might have noticed here, I have much less time to write these days, but if there's any subject in there I should pick, what is the one that you would find most interesting? Oh! and I should mention that you can write to LWN! If you think people should know more about some Linux thing, you can get paid to write for it! Pitch it to the editors, they won't bite. The worst that can happen is that they say "yes" and there goes two years of your life learning to write. Because no, you don't know how to write, no one does. You need an editor to write. That's why this article looks like crap and has a smiley.

Introducing cryptsetup-suspend Today, we're introducing cryptsetup-suspend, whose job is to protect the content of your harddrives while the system is sleeping. TL;DR:

• You can lock your encrypted harddrives during suspend mode by installing cryptsetup-suspend
• For cryptsetup-suspend to work properly, at least Linux kernel 5.6 is required
• We hope that in a bright future, everything will be available out-of-the-box in Debian and it's derivatives

Before: After:

Table of contents

What does this mean and why should you care about it? If you don't use full-disk encryption, don't read any further. Instead, think about, what will happen if you lose your notebook on the train, a random person picks it up and browses through all your personal pictures, e-mails, and tax records. Then encrypt your system and come back. If you believe full-disk encryption is necessary, you might know that it only works when your machine is powered off. Once you turn on the machine and decrypt your harddrive, your encryption key stays in RAM and can potentially be extracted by malicious software or physical access. Even if these attacks are non-trivial, it's enough to worry about. If an attacker is able to extract your disk encryption keys from memory, they're able to read the content of your disk in return. Sadly, in 2020, we hardly power off our laptops anymore. The sleep mode, also known as "suspend mode", is just too convenient. Just close the lid to freeze the system state and lift it anytime later in order to continue. Well, convenience usually comes with a cost: during suspend mode, your system memory is kept powered, all your data - including your encryption keys - stays there, waiting to be extracted by a malicious person. Unfortunately, there are practical attacks to extract the data of your powered memory. Cryptsetup-suspend expands the protection of your full-disk encryption to all those times when your computer sleeps in suspend mode. Cryptsetup-suspend utilizes the suspend feature of LUKS volumes and integrates it with your Debian system. Encryption keys are evicted from memory before suspend mode and the volumes have to be re-opened after resuming - potentially prompting for the required passphrases. By now, we have a working prototype which we want to introduce today. We did quite some testing, both on virtualized and bare-metal Debian and Ubuntu systems, with and without graphical stack, so we dare to unseal and set free the project and ask you - the community - to test, review, criticize and give feedback. Here's a screencast of cryptsetup-suspend in action:

State of the implementation: where are we? If you're interested in the technical details, here's how cryptsetup-suspend works internally. It basically consists of three parts:

1. cryptsetup-suspend: A C program that takes a list of LUKS devices as arguments, suspends them via luksSuspend and suspends the system afterwards. Also, it tries to reserve some memory for decryption, which we'll explain below.
2. cryptsetup-suspend-wrapper: A shell wrapper script which works the following way:
   1. Extract the initramfs into a ramfs
   2. Run (systemd) pre-suspend scripts, stop udev, freeze almost all cgroups
   3. Chroot into the ramfs and run cryptsetup-suspend
   4. Resume initramfs devices inside chroot after resume
   5. Resume non-initramfs devices outside chroot
   6. Thaw groups, start udev, run (systemd) post-suspend scripts
   7. Unmount the ramfs
3. A systemd unit drop-in file overriding the Exec property of systemd-suspend.service so that it invokes the script cryptsetup-suspend-wrapper.

Reusing large parts of the existing cryptsetup-initramfs implementation has some positive side-effects: Out-of-the-box, we support all LUKS block device setups that have been supported by the Debian cryptsetup packages before. Freezing most processes/cgroups is necessary to prevent possible race-conditions and dead-locks after the system resumes. Processes will try to access data on the locked/suspended block devices eventually leading to buffer overflows and data loss.

Technical challenges and caveats

• Dead-locks at suspend: In order to prevent possible dead-locks between suspending the encrypted LUKS disks and suspending the system, we have to tell the Linux kernel to not sync() before going to sleep. A corresponding patch got accepted upstream in Linux 5.6. See section What about the kernel patch? below for details.
• Race conditions at resume: Likewise, there's a risk of race conditions between resuming the system and unlocking the encypted LUKS disks. We went with freezing as many processes as possible as a counter measurement. See last part of section State of the implementation: where are we? for details.
• Memory management: Memory management is definitely a challenge. Unlocking disks might require a lot of memory (if key derivation function is argon2i) and the swap device most likely is locked at that time. See section All that matters to me is the memories! below for details.
• systemd dependency: Our implementation depends on systemd. It uses a unit drop-in file for systemd-suspend.service for hooking into the system suspend process and depends on systemds cgroup management to freeze and thaw processes. If you're using a different init system, sorry, you're currently out of luck.

What about the kernel patch? The problem is simple: the Linux kernel suspend implementation enforces a final filesystem sync() before the system goes to sleep in order to prevent potential data loss. While that's sensible in most scenarios, it may result in dead-locks in our situation, since the block device that holds the filesystem is already suspended. The fssync() call will block forever as it waits for the block device to finish the sync() operation. So we need a way to conditionally disable this sync() call in the Linux kernel resume function. That's what our patch does, by introducing a run-time switch at /sys/power/sync_on_suspend, but it only got accepted into the Linux kernel recently and was first released with Linux kernel 5.6. Since release 4.3, the Linux kernel at least provides a build-time flag to disable the sync(): CONFIG_SUSPEND_SKIP_SYNC (that was called SUSPEND_SKIP_SYNC first and renamed to CONFIG_SUSPEND_SKIP_SYNC in kernel release 4.9). Enabling this flag at build-time protects you against the dead locks perfectly well. But while that works on an individual basis, it's a non-option for the distribution Linux kernel defaults. In most cases you still want the sync() to happen, except if you have user-space code that takes care of the sync() just before suspending your system - just like our cryptsetup-suspend implementation does. So in order to properly test cryptsetup-suspend, you're strongly advised to run Linux kernel 5.6 or newer. Fortunately, Linux 5.6 is available in buster-backports thanks to the Debian Kernel Team.

All that matters to me is the memories! One of the tricky parts is memory management. Since version 2, LUKS uses argon2i as default key derivation function. Argon2i is a memory-hard hash function and LUKS2 assigns the minimum of half of your systems memory or 1 GB to unlocking your device. While this is usually unproblematic during system boot - there's not much in the system memory anyway - it can become problematic when suspending. When cryptsetup tries to unlock a device and wants 1 GB of memory for this, but everything is already occupied by your browser and video player, there's only two options what to do:

1. Kill a process to free some memory
2. Move some of the data from memory to swap space

The first option is certainly not what you expect when suspending your system. The second option is impossible, because swap is located on your harddrive which we have locked before. Our current solution is to allocate the memory after freezing the other processes, but before locking the disks. At this time, the system can still move data to swap, but it won't be accessed anymore. We then release the memory just in time for cryptsetup to claim it again. The implementation of this is still subject to change.

What's missing: A proper user interface As mentioned before, we consider cryptsetup-suspend usable, but it certainly still has bugs and shortcomings. The most obvious one is lack of a proper user interface. Currently, we switch over to a tty command-line interface to prompt for passphrases when unlocking the LUKS devices. It certainly would be better to replace this with a graphical user interface later, probably by using plymouth or something alike. Unfortunately, it seems rather impossible to spawn a real graphical environment for the passphrase prompt. That would imply to load the full graphical stack into the ramfs, raising the required amount of memory significantly. Lack of memory is currently our biggest concern and source of trouble. We'd definitely appreciate to learn about your ideas how to improve the user experience here.

Let's get practical: how to use TL;DR: On Debian Bullseye (Testing), all you need to do is to install the cryptsetup-suspend package from experimental. It's not necessary to upgrade the other cryptsetup packages. On Debian Buster, cryptsetup packages from backports are required.

1. First, be sure that you're running Linux kernel 5.6 or newer. For Buster systems, it's available in buster-backports.
2. Second, if you're on Debian Buster, install the cryptsetup 2:2.3.3-2~bpo10+1 packages from buster-backports.
3. Third, install the cryptsetup-suspend package from experimental. Beware that cryptsetup-suspend depends on cryptsetup-initramfs (>= 2:2.3.3-1~). Either you need the cryptsetup packages from testing/unstable, or the backports from buster-backports.
4. Now that you have the cryptsetup-suspend package installed, everything should be in place: Just send your system to sleep. It should switch to a virtual text terminal before going to sleep, ask for a passphrase to unlock your encrypted disk(s) after resume and switch back to your former working environment (most likely your graphical desktop environment) afterwards.

Security considerations Suspending LUKS devices basically means to remove the corresponding encryption keys from system memory. This protects against all sort of attacks trying to read them from there, e.g. cold-boot attacks. But, cryptsetup-suspend only protects the encryption keys of your LUKS devices. Most likely there's more sensitive data in system memory, like all kinds of private keys (e.g. OpenPGP, OpenSSH) or documents with sensitive content. We hope that the community will help improve this situation by providing useful pre-/post-suspend scripts. A positive example is KeepassXC, which is able to lock itself when going to suspend mode.

Related and similar projects

• Systemd Homed: systemd recently got a new feature to manage home directories. It brings support for encrypting your home directory within a LUKS2 container and for suspending the LUKS2 container during system sleep. It all is limited to systemd home directories though and doesn't help with other LUKS devices.
• There's several earlier luks-suspend-* implementations. Unfortunately, neither of them deal with all the Technical challenges and caveats we discovered. Still we'd like to mention some of them:
• debian-luks-suspend
• go-luks-suspend
• arch-luks-suspend

Links

• Our Linux kernel patch: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c052bf82c6b00ca27aab0859addc4b3159dfd3a4
• The debian/experimental branch of our Debian cryptsetup packaging repository, containing cryptsetup-suspend related changes: https://salsa.debian.org/cryptsetup-team/cryptsetup/-/tree/debian/experimental
• cryptsetup-suspend manpage: https://salsa.debian.org/cryptsetup-team/cryptsetup/-/blob/debian/experimental/debian/doc/cryptsetup-suspend.xml

Feedback and Comments We'd be more than happy to learn about your thoughts on cryptsetup-suspend. For specific issues, don't hesitate to open a bugreport against cryptsetup-suspend. You can also reach us via mail - see the next section for contact addresses. Last but not least, comments below the blogpost work as well.

Authors

• Tim (tim at systemli.org)
• Jonas (jonas at freesources.org)

• build-rdeps
  • Updated build-rdeps to work with compressed apt indices. (Debian bug #698240)
  • Added support for Build-Arch- Conflicts,Depends to build-rdeps. (adc87981)
  • Merged Andreas Henriksson's patch for setting remote.<name>.push-url when using debcheckout to clone a git repository. (Debian bug #753838)
• debsign
  • Updated bash completion for gpg keys to use gpg --with-colons, instead of manually parsing gpg -K output. Aside from being the Right Way to get machine parseable information out of gpg, it fixed completion when gpg is a 2.x version. (Debian bug #837380)

• Packaged the new upstream release (1.2.1)
• Basic package maintenance (-dbgsym package, policy update, enabled hardening flags).
• Uploaded 1.2.1-1

• Attempted to nudge lua-nvim's builds along on a couple architectures where they were waiting for neovim to be installable
  • x32: Temporarily removed lua-nvim Build-Depends to break the BD-Uninstallable cycle between lua-nvim and neovim.
  • powerpcspe: Temporarily removed luajit Build-Depends, reducing test scope, to fix the build.
    • If memory serves, the test failures are fixed upstream for the next release.
• Uploaded 0.2.0-4

• autobahn-cpp
• libdata-messagepack-perl
• ring

• Used the powerpc porterbox to debug and fix a 32-bit integer overflow that was causing test failures.
• Asked the vim-perl folks about getting updated runtime files to Bram, after Jakub Wilk filed Debian bug #873755. This had been fixed 4+ years earlier, but not yet merged back into Vim. Thanks to Rob Hoelz for pulling things together and sending the updates to Bram.
• I've continued to receive feedback from Debian users about their frustration with Vim's new "defaults.vim", both in regards to the actual default settings and its interaction with the system-wide vimrc file. While I still don't intend to deviate from upstream's behavior, I did push back some more on the existing behavior. I appreciate Christian Brabandt's effort, as always, to understand the issue at hand and have constructive discussions. His final suggestion seems like it will resolve the system vimrc interaction, so hopefully Bram is receptive to it.
• Uploaded 2:8.0.1144-1
• Thanks to a nudge from Salvatore Bonaccorso and Moritz M hlenhoff, I uploaded 2:8.0.0197-4+deb9u1 which fixes CVE-2017-11109. I had intended to do this much sooner, but it fell through the cracks. Due to Adam Barratt's quick responses, this should make it into the upcoming Stretch 9.2 release.

• Started work on updating the packaging
  • Converted to 3.0 (quilt) source format
  • Updated to debhelper 10 compat
  • Initial attempts at converting to a dh rules file
    • Running into various problems here and still trying to figure out whether they're in the upstream build system, Debian's patches, or both.

• Worked with Niko Dittmann to fix build failures Niko was experiencing on OpenBSD 6.1 #7298
• Merged upstream Vim patches into neovim from various contributors
  • Young Jean Han - #7233
  • KunMing Xie - #7258, #7311, #7309, #7310
  • James McCoy - #7325
• Discussed focus detection behavior after a recent change in the implementation (#7221)
  • While testing focus detection in various terminal emulators, I noticed pangoterm didn't support this. I submitted a merge request on libvterm to provide an API for reporting focus changes. If that's merged, it will be trivial for pangoterm to notify applications when the terminal has focus.
• Fixed a bug in our tooling around merging Vim patches, which was causing it to incorrectly drop certain files from the patches. #7328

• Angela, my wife, I met daily on Jabber. Thanks for letting me go to this great DebConf17 conference and keeping our family up and running
• Andreas asking people to either impersonate his wife or adoptive daughter for a photo shooting. You gave such a touching talk on Friday, together with Minh from Vietnam.
• Holger for nagging us about stone age bugs in the Debian Blends package and the outdated software list in Debian Edu (Kernel 2.6.32 package are finally not mentioned anymore)
• Vagrant, Foetini and Alkis for there efforts on LTSP and their success in Greece with bringing Debian into Greek schools
• Tiago, Jerome and all the others from the local team, providing us with such great food and support. THANKS folks!!!
• Enrico who showed my his 20 liner version of nodm aka lightdm-autologin-greeter (and also made me curious on staticsite)
• Jonas Smedegaard for teaching me the solarized theme and loads of other things
• Siri for being around and really having a stand for making Debian look more like a product
• Dimitri John Ledkov for chiming in on Ayatana Indicators as next Indicators upstream for Ubuntu 18.04 LTS
• Chrys for chiming on .desktop file proxying, meet you back in #arctica on Freenode
• Sean for asking me daily, if my luggage had arrived (see below), as he shared the same fate during DebCamp
• the owner of that nice shop where I bought loads of clothes while waiting for my luggage still stuck in Hamburg
• Steven for looking into gcc compiler macros with me for nx-libs autotools conversion, also probably - luggage wise - the lightest traveller among us
• Fabian for sharing is sadness and pain about the FLOSS non-situation in schools all over Quebec
• Mario from New Zealand and Jos from the Netherlands chiming in on FLOSS and education on IRC after having watch my talk about Debian Edu / Skolelinux. Mario, we will soon ask you for opensourcing your teacher screen over WiFi solution...
• Lior who thinks about bringing Debian Edu / Skolelinux to Israel. (That would be awesome!)
• Rhonda for having time for my Debian Backports woes and probably having been quite forgiving ;-)
• Bobby who is a font engineer during the week and (used to be) a cave explorer and mapper in his spare time
• Ximin for providing deep insight in the key signing workflow and the caff approach to it
• Daniel for sharing work experiences and nudging me to go with Remote Desktop stuff (out of pure personal interest *g*, of course, but still)
• Tzfarir and Gunnar for a nice chat on the last night of DebConf

• Finding my luggage
  • After I had arrived at Montreal Airport, I found out that my luggage stayed in Hamburg
  • So the first 4.5 days, I was continuously busy with calling Lufthansa for package item tracking...
  • Go shopping twice, to update my plastic bag of fresh clothes...
• MATE 1.18 in Debian
  • Finalize package builds of MATE 1.18 in Debian unstable (because of some GLib2.0 regression, thanks to Iain Lane for the prompt fix and upload)
• Debian Edu
  • clear up src:package debian-edu regarding the task files related to Debian Pure Blends
  • this work is still in progress...
• Debian Blends (esp. the blends-dev part of the blends src:package)
  • You can now have empty Depends: / Recommends: / Suggests: fields with the list of packages then starting in the next line.
  • It is now possible to have real Depends: fields in task files that become Depends: fields in debian/control. Packages targetting Depends: that are not in unstable get de-promoted to the Suggests: field in debian/control.
  • Tested with most available Debian Pure Blends meta-packages
  • I also pointed Daniel Pocock with his new GnuPG clean-room project towards Debian Pure Blends
• Ring: A 'new' distributed video chat tool without mediating servers. Good concept, however, we could not get it to work on the DebConf campus.
• Debian Design Team (which I am now a member of, I guess)
  • Dive into and out of the vision of a Debian Uniform set of packages, turning the collection of software in Debian into one thing.
  • Run my terminal applications now with the Base16 profile 'solarized-universal'. However, Debian Design will be much more than 16 colors in a console terminal.
  • Let's turn Debian into something like a potential product!
• Debian Policy:
  • I even helped with a Debian Policy bug...
• Skolab Groupware: Forking Kolab (v2) as a new project, named the Skolab Groupware. Instead of migrating my own mail server away from Kolab (v2), I chose continuing maintenance for it, at least for the core compoents:
  • https://github.com/Skolab-Groupware
  • Targetting small to medium sized installations with little administration effort.
  • I mainly ported Kolab's kolab-webadmin PHP project to a recent status so that it can run under Debian testing/unstable: https://github.com/Skolab-Groupware/skolab-webadmin
  • Big thanks to Siri Reiter for consulting me on artwork and for helping me putting together a simple logo for the project.
• nx-libs: Work on several PRs:
  • https://github.com/ArcticaProject/nx-libs/pull/496 (review + merge)
  • https://github.com/ArcticaProject/nx-libs/pull/498 (code)
  • https://github.com/ArcticaProject/nx-libs/pull/499 (code)
  • https://github.com/ArcticaProject/nx-libs/pull/501 (review + merge)
  • Play with KDE5 and nx-libs: IT WORKS!
• Weblate:
  • Become hosted by hosted Weblate for...
  • Ayatana Indicators
  • Arctica Project
  • Skolab Groupware
  Thanks to Michal iha for providing this fine translation service

• Talk: Supporting Debian Edu / Skolelinux as a Product: Lessons Learned
  • Schedule: https://debconf17.debconf.org/talks/169
  • Video: http://meetings-archive.debian.net/pub/debian-meetings/2017/debconf17/su...
  • Outcome: https://sunweavers.net/blog/node/59
• Talk: Ayatana Indicators
  • Schedule: https://debconf17.debconf.org/talks/168
  • Video: http://meetings-archive.debian.net/pub/debian-meetings/2017/debconf17/ay...
  • Outcome: https://sunweavers.net/blog/node/60
• Ad-hoc BoF: Bits from the Debian+Ubuntu MATE Packaging Team
  • Schedule: https://debconf17.debconf.org/talks/223
  • Outcome: still to be published...
• Ad-hoc BoF: Debian for Remote Desktop Computing
  • Schedule: https://debconf17.debconf.org/talks/60
  • Outcome: still to be published...

• mate-settings-daemon
• mate-dock-applet
• brisk-menu
• mate-optimus
• caja-actions
• mate-common
• mate-tweak
• plank
• freerdp (2x)
• freerdp2
• gosa-plugin-mailaddress

• python-wither
• lightdm-autologin-greeter
• caja-rename

• freerdp (1.1) (actually twice, one of them a security upload)
• gosa-plugin-mailaddress
• mate-themes

• Prepare upload of caja-admin by asking for release tags upstream
• Talk Clint Byrums into a fresh upload of the long not touch undistract-me package
• Breed on different desktop layouts for Debian MATE (like in Ubuntu MATE)
• Do quite a bit of GnuPG key signing
• Update my consent with NM to pick up my work on collab-maint request processing again

• On June 19th, Chris Lamb presented at LinuxCon China 2017 on Reproducible Builds.
• h01ger created a poll for a date for the next Reproducible Builds summit, please vote if you are interested in attending.
• Our next IRC meeting will be on the 6th of July at 17:00 UTC with the following agenda.

• Bernhard M. Wiedemann:
  • gnuradio + volk
  • pymol
  • distorm
  • qtscriptgenerator
  • cpython
  • x3270 x3270
  • sphinx
  • obs-service-tar_scm
  • osc
  • matplotlib merged
  • pyparted merged
  • bjoern merged

• Adrian Bunk (1)
• Edmund Grimley Evans (1)

• Chris Lamb:
  • Document the 'h' variable in our raw_feeder
  • Split diffoscope.difference into feeders
  • Tidy diffoscope/difference.py
• Ximin Luo:
  • Add a PartialString class
  • More ydiff/linediff from diffoscope. difference => diff to group unified_diff related things together
  • difference: has_children -> has_visible_children, and take into account comments
  • Add various traverse_ methods to Difference
  • Move side-by-side and linediff algorithms to difference.py
  • Refactor html-dir presenter to be a class instance, avoiding global state
  • html-dir: show/hide diff comments, which can be very large

• Vagrant Cascadian:
  • Proposed reducing the number of concurrent builds each armhf machine runs, to reduce out-of-memory errors, crashes and false positives with FTBFS on armhf, reducing the number of armhf build workers from 70 to 51.
• Valerie Young: Add highlighting in navigation for the new nodes health pages.
• Mattia Rizzolo:
  • Do not dump database ACL in the backups.
  • Deduplicate SSLCertificateFile directive into the common-directives-ssl macro
  • Apache: t.r-b.o: redirect /testing/ to /stretch/
  • db: s/testing/stretch/g
  • Start adding code to test buster...
• Holger Levsen:
  • Update README.infrastructure to explain who has root access where.
  • reproducible_nodes_info.sh: correctly recognize zero builds per day.
  • Add build nodes health overview page, then split it in three: health overview, daily munin graphs and weekly munin graphs.
  • reproducible_worker.sh: improve handling of systemctl timeouts.
  • reproducible_build_service: sleep less and thus restart failed workers sooner.
  • Replace ftp.(de uk us).debian.org with deb.debian.org everywhere.
  • Performance page: also show local problems with _build_service.sh (which are autofixed after a maximum of 133.7 minutes).
  • Rename nodes_info job to html_nodes_info.
  • Add new node health check jobs, split off from maintenance jobs, run every 15 minutes.
    • Add two new checks: 1. for correct future (2019 is incorrect atm, and we sometimes got that). 2.) for writeable /tmp (sometimes happens on borked armhf nodes).
  • Add jobs for testing buster.
  • s/testing/stretch/g in all the code.
  • Finish the code to deal with buster.
  • Teach jessie and Ubuntu 16.04 how to debootstrap buster.

When invoking this function, be careful not to interpolate arguments into the string run by the shell, such as Exec::shell(format!("sort ", filename)). Such code is prone to errors and, if filename comes from an untrusted source, to shell injection attacks. Instead, use Exec::cmd("sort").arg(filename).

fn copyright_fromgit(repo: &str) -> Result<Vec<String>>  
    let tempdir = TempDir::new_in(".", "debcargo")?;
    Exec::cmd("git")
     .args(&["clone", "--bare", repo, tempdir.path().to_str().unwrap()])
     .stdout(subprocess::NullFile)
     .stderr(subprocess::NullFile)
     .popen()?;
    let author_process =  
        Exec::shell(OsStr::new("git log --format=\"%an <%ae>\"")).cwd(tempdir.path())  
        Exec::shell(OsStr::new("sort -u"))
     .capture()?;
    let authors = author_process.stdout_str().trim().to_string();
    let authors: Vec<&str> = authors.split('\n').collect();
    let mut notices: Vec<String> = Vec::new();
    for author in &authors  
        let author_string = format!("--author= ", author);
        let first =  
            Exec::cmd("/usr/bin/git")
             .args(&["log", "--format=%ad",
                    "--date=format:%Y",
                    "--reverse",
                    &author_string])
             .cwd(tempdir.path())   Exec::shell(OsStr::new("head -n1"))
         .capture()?;
        let latest =  
            Exec::cmd("/usr/bin/git")
             .args(&["log", "--format=%ad", "--date=format:%Y", &author_string])
             .cwd(tempdir.path())   Exec::shell("head -n1")
         .capture()?;
        let start = i32::from_str(first.stdout_str().trim())?;
        let end = i32::from_str(latest.stdout_str().trim())?;
        let cnotice = match start.cmp(&end)  
            Ordering::Equal => format!(" ,  ", start, author),
            _ => format!(" - ,  ", start, end, author),
         ;
        notices.push(cnotice);
     
    Ok(notices)
 

• Ben Hutchings did 13 hours (out of 15h allocated + 3 extra hours, thus keeping 5 extra hours for June).
• Brian May did 10 hours.
• Chris Lamb did 18 hours.
• Emilio Pozuelo Monfort did 23 hours (out of 24 hours allocated + 2 hours remaining, thus keeping 3 hours for June).
• Guido G nther did 8 hours.
• Hugo Lefeuvre did 15 hours.
• Jonas Meurer gave back his remaining hours from last month.
• Markus Koschany did 27.25 hours.
• Ola Lundqvist did 12 hours (out of 6h allocated + 6 remaining hours).
• Rapha l Hertzog did 12 hours.
• Roberto C. Sanchez did 22 hours (out of 20 hours allocated + 4.5 hour remaining, thus keeping 2.5 extra hours for June).
• Thorsten Alteholz did 27.25 hours.

• Platinum sponsors:
• TOSHIBA (for 20 months)
• GitHub (for 11 months)
• Gold sponsors:
• The Positive Internet (for 36 months)
• Blablacar (for 35 months)
• Linode (for 25 months)
• Babiel GmbH (for 14 months)
• Plat Home (for 14 months)
• Silver sponsors:
• Domeneshop AS (for 35 months)
• Universit Lille 3 (for 35 months)
• Trollweb Solutions (for 33 months)
• Nantes M tropole (for 29 months)
• Dalenys (for 26 months)
• Univention GmbH (for 21 months)
• Universit Jean Monnet de St Etienne (for 21 months)
• Sonus Networks (for 15 months)
• UR Communications BV (for 9 months)
• maxcluster GmbH (for 9 months)
• Exonet B.V. (for 5 months)
• Bronze sponsors:
• David Ayers IntarS Austria (for 36 months)
• Evolix (for 36 months)
• Offensive Security (for 36 months)
• Seznam.cz, a.s. (for 36 months)
• Freeside Internet Service (for 35 months)
• MyTux (for 35 months)
• Linuxhotel GmbH (for 33 months)
• Intevation GmbH (for 32 months)
• Daevel SARL (for 31 months)
• Bitfolk LTD (for 30 months)
• Megaspace Internet Services GmbH (for 30 months)
• Greenbone Networks GmbH (for 29 months)
• NUMLOG (for 29 months)
• WinGo AG (for 28 months)
• Ecole Centrale de Nantes LHEEA (for 25 months)
• Sig-I/O (for 22 months)
• Entr ouvert (for 20 months)
• Adfinis SyGroup AG (for 17 months)
• Laboratoire LEGI UMR 5519 / CNRS (for 12 months)
• Quarantainenet BV (for 12 months)
• GNI MEDIA (for 11 months)
• RHX Srl (for 9 months)
• Bearstech (for 3 months)
• LiHAS (for 3 months)

No comment Liked this article? Click here. My blog is Flattr-enabled.

• Antoine Beaupr did 19.5 hours (out of 16h allocated + 5.5 remaining hours, thus keeping 2 extra hours for May).
• Ben Hutchings did 12 hours (out of 15h allocated, thus keeping 3 extra hours for May).
• Brian May did 10 hours.
• Chris Lamb did 18 hours.
• Emilio Pozuelo Monfort did 17.5 hours (out of 16 hours allocated + 3.5 hours remaining, thus keeping 2 hours for May).
• Guido G nther did 12 hours (out of 8 hours allocated + 4 hours remaining).
• Hugo Lefeuvre did 15.5 hours (out of 6 hours allocated + 9.5 hours remaining).
• Jonas Meurer did nothing (out of 4 hours allocated + 3.5 hours remaining, thus keeping 7.5 hours for May).
• Markus Koschany did 23.75 hours.
• Ola Lundqvist did 14 hours (out of 20h allocated, thus keeping 6 extra hours for May).
• Rapha l Hertzog did 11.25 hours (out of 10 hours allocated + 1.25 hours remaining).
• Roberto C. Sanchez did 16.5 hours (out of 20 hours allocated + 1 hour remaining, thus keeping 4.5 extra hours for May).
• Thorsten Alteholz did 23.75 hours.

• Platinum sponsors:
• TOSHIBA (for 19 months)
• GitHub (for 10 months)
• Gold sponsors:
• The Positive Internet (for 35 months)
• Blablacar (for 34 months)
• Linode (for 24 months)
• Babiel GmbH (for 13 months)
• Plat Home (for 13 months)
• Silver sponsors:
• Domeneshop AS (for 34 months)
• Universit Lille 3 (for 34 months)
• Trollweb Solutions (for 32 months)
• Nantes M tropole (for 28 months)
• Dalenys (for 25 months)
• Univention GmbH (for 20 months)
• Universit Jean Monnet de St Etienne (for 20 months)
• Sonus Networks (for 14 months)
• UR Communications BV (for 9 months)
• maxcluster GmbH (for 8 months)
• Exonet B.V. (for 4 months)
• Bronze sponsors:
• David Ayers IntarS Austria (for 35 months)
• Evolix (for 35 months)
• Offensive Security (for 35 months)
• Seznam.cz, a.s. (for 35 months)
• Freeside Internet Service (for 34 months)
• MyTux (for 34 months)
• Linuxhotel GmbH (for 32 months)
• Intevation GmbH (for 31 months)
• Daevel SARL (for 30 months)
• Bitfolk LTD (for 29 months)
• Megaspace Internet Services GmbH (for 29 months)
• Greenbone Networks GmbH (for 28 months)
• NUMLOG (for 28 months)
• WinGo AG (for 28 months)
• Ecole Centrale de Nantes LHEEA (for 24 months)
• Sig-I/O (for 21 months)
• Entr ouvert (for 19 months)
• Adfinis SyGroup AG (for 16 months)
• GNI MEDIA (for 11 months)
• Laboratoire LEGI UMR 5519 / CNRS (for 11 months)
• Quarantainenet BV (for 11 months)
• RHX Srl (for 8 months)
• Bearstech
• LiHAS

No comment Liked this article? Click here. My blog is Flattr-enabled.

• Antoine Beaupr did 19 hours (out of 14.75h allocated + 10 remaining hours, thus keeping 5.75 extra hours for April).
• Balint Reczey did nothing (out of 14.75 hours allocated + 2.5 hours remaining) and gave back all his unused hours. He took on a new job and will stop his work as LTS paid contributor.
• Ben Hutchings did 14.75 hours.
• Brian May did 10 hours.
• Chris Lamb did 14.75 hours.
• Emilio Pozuelo Monfort did 11.75 hours (out of 14.75 hours allocated + 0.5 hours remaining, thus keeping 3.5 hours for April).
• Guido G nther did 4 hours (out of 8 hours allocated, thus keeping 4 extra hours for April).
• Hugo Lefeuvre did 4 hours (out of 13.5 hours allocated, thus keeping 9.5 extra hours for April).
• Jonas Meurer did 11.25 hours (out of 14.75 hours allocated, thus keeping 3.5 extra hours for April).
• Markus Koschany did 14.75 hours.
• Ola Lundqvist did 23.75 hours (out of 14.75h allocated + 9 hours remaining).
• Rapha l Hertzog did 15 hours (out of 10 hours allocated + 6.25 hours remaining, thus keeping 1.25 hours for April).
• Roberto C. Sanchez did 21.5 hours (out of 14.75 hours allocated + 7.75 hours remaining, thus keeping 1 extra hour for April).
• Thorsten Alteholz did 14.75 hours.

• Platinum sponsors:
• TOSHIBA (for 18 months)
• GitHub (for 9 months)
• Gold sponsors:
• The Positive Internet (for 34 months)
• Blablacar (for 33 months)
• Linode LLC (for 23 months)
• Babiel GmbH (for 12 months)
• Plat Home (for 12 months)
• Silver sponsors:
• Domeneshop AS (for 33 months)
• Universit Lille 3 (for 33 months)
• Trollweb Solutions (for 31 months)
• Nantes M tropole (for 27 months)
• University of Luxembourg (for 25 months)
• Dalenys (for 24 months)
• Univention GmbH (for 19 months)
• Universit Jean Monnet de St Etienne (for 19 months)
• Sonus Networks (for 13 months)
• UR Communications BV (for 7 months)
• maxcluster GmbH (for 7 months)
• Exonet B.V. (for 3 months)
• Bronze sponsors:
• David Ayers IntarS Austria (for 34 months)
• Evolix (for 34 months)
• Offensive Security (for 34 months)
• Seznam.cz, a.s. (for 34 months)
• Freeside Internet Service (for 33 months)
• MyTux (for 33 months)
• Linuxhotel GmbH (for 31 months)
• Intevation GmbH (for 30 months)
• Daevel SARL (for 29 months)
• Bitfolk LTD (for 28 months)
• Megaspace Internet Services GmbH (for 28 months)
• Greenbone Networks GmbH (for 27 months)
• NUMLOG (for 27 months)
• WinGo AG (for 26 months)
• Ecole Centrale de Nantes LHEEA (for 23 months)
• Sig-I/O (for 20 months)
• Entr ouvert (for 18 months)
• Adfinis SyGroup AG (for 15 months)
• Laboratoire LEGI UMR 5519 / CNRS (for 10 months)
• Quarantainenet BV (for 10 months)
• GNI MEDIA (for 9 months)
• RHX Srl (for 7 months)
• Bearstech
• LiHAS

No comment Liked this article? Click here. My blog is Flattr-enabled.

• DLA 836-2: Regression update for munin
• DLA 869-1: Several security fixes for cgiemail
• tested packaged prepared by other LTS team members against regressions
• libical: bug triaging, testing reproducers
• putty: tested reproducers, backported patches (not finished yet)

Links

• Debian Wiki: Debian Long Term Support
• Freexian: Debian Long Term Support

• Antoine Beaupr did 3 hours (out of 13h allocated, thus keeping 10 extra hours for March).
• Balint Reczey did 13 hours (out of 13 hours allocated + 1.25 hours remaining, thus keeping 1.25 hours for March).
• Ben Hutchings did 19 hours (out of 13 hours allocated + 15.25 hours remaining, he gave back the remaining hours to the pool).
• Chris Lamb did 13 hours.
• Emilio Pozuelo Monfort did 12.5 hours (out of 13 hours allocated, thus keeping 0.5 hour for March).
• Guido G nther did 8 hours.
• Hugo Lefeuvre did nothing and gave back his 13 hours to the pool.
• Jonas Meurer did 14.75 hours (out of 5 hours allocated + 9.75 hours remaining).
• Markus Koschany did 13 hours.
• Ola Lundqvist did 4 hours (out of 13h allocated, thus keeping 9 hours for March).
• Rapha l Hertzog did 3.75 hours (out of 10 hours allocated, thus keeping 6.25 hours for March).
• Roberto C. Sanchez did 5.5 hours (out of 13 hours allocated + 0.25 hours remaining, thus keeping 7.75 hours for March).
• Thorsten Alteholz did 13 hours.

• Platinum sponsors:
• TOSHIBA (for 17 months)
• GitHub (for 8 months)
• Gold sponsors:
• The Positive Internet (for 33 months)
• Blablacar (for 32 months)
• Linode LLC (for 22 months)
• Babiel GmbH (for 11 months)
• Plat Home (for 11 months)
• Silver sponsors:
• Domeneshop AS (for 32 months)
• Universit Lille 3 (for 32 months)
• Trollweb Solutions (for 30 months)
• Nantes M tropole (for 26 months)
• University of Luxembourg (for 24 months)
• Dalenys (for 23 months)
• Univention GmbH (for 18 months)
• Universit Jean Monnet de St Etienne (for 18 months)
• Sonus Networks (for 12 months)
• UR Communications BV (for 6 months)
• maxcluster GmbH (for 6 months)
• Exonet B.V.
• Bronze sponsors:
• David Ayers IntarS Austria (for 33 months)
• Evolix (for 33 months)
• Offensive Security (for 33 months)
• Seznam.cz, a.s. (for 33 months)
• Freeside Internet Service (for 32 months)
• MyTux (for 32 months)
• Linuxhotel GmbH (for 30 months)
• Intevation GmbH (for 29 months)
• Daevel SARL (for 28 months)
• Bitfolk LTD (for 27 months)
• Megaspace Internet Services GmbH (for 27 months)
• Greenbone Networks GmbH (for 26 months)
• NUMLOG (for 26 months)
• WinGo AG (for 25 months)
• Ecole Centrale de Nantes LHEEA (for 22 months)
• Sig-I/O (for 19 months)
• Entr ouvert (for 17 months)
• Adfinis SyGroup AG (for 14 months)
• Laboratoire LEGI UMR 5519 / CNRS (for 9 months)
• Quarantainenet BV (for 9 months)
• GNI MEDIA (for 8 months)
• RHX Srl (for 6 months)
• LiHAS
• Bearstech

No comment Liked this article? Click here. My blog is Flattr-enabled.