The news are collected on http://wiki.debian.org/DeveloperNews Please contribute short news about your work/plans/subproject. In this issue: + Email notifications for git commits on git.debian.org + alioth.debian.org now exports project meta-data as RDF (using DOAP/ADMS.SW) + Animate the Debian microblogging accounts! + Cryptographic verification of upstream packages + State of the debian-keyring + ci.debian.net Email notifications for git commits on git.debian.org ----------------------------------------------------- Many projects rely on the git-commit-notice[1] script provided on git.debian.org to send mail notifications of the activity of the git repositories hosted there. Up to now, this script was based on (a very old copy of) the "post-receive-email" contrib script from Git upstream. I recently updated it and it's now based on git-multimail[2] which generates more useful mails (with better subjects, with commit ordering per push, with proper support of merge, etc.). I have tweaked the script to auto-migrate the old git configuration settings so most of you shouldn't have anything to do but you might want to review/tweak the generated configuration (multimailhook.* git config settings) and drop the old one (hooks.* git config settings). -- Raphaël Hertzog [1] http://wiki.debian.org/Alioth/Git#Commit_mails_with_diff [2] https://github.com/mhagger/git-multimail/ alioth.debian.org now exports project meta-data as RDF (using DOAP/ADMS.SW) --------------------------------------------------------------------------- The alioth.debian.org forge now runs the ADMS.SW FusionForge plugin, which publishes projects meta-data as RDF / Linked Data. Every project's homepage https://alioth.debian.org/projects/PROJNAME/ is then available as RDF for harvesting robots (using proper content-type negotiation, for instance : $ curl -k -H "Accept: text/turtle" https://alioth.debian.org/projects/PROJNAME/). The two main ontologies used are DOAP[3] and ADMS.SW[4], rendering such meta-data compatible with other project indexes (such as meta-data published by the PTS[5]). Note that due to the big number of hosted projects on Alioth (950+) some package indexes can't be exported as RDF yet. More details in ADMS.SW plugin for FusionForge deployed on Alioth[6]. -- Olivier Berger [3] https://github.com/edumbill/doap/wiki [4] http://joinup.ec.europa.eu/asset/adms_foss/home [5] http://wiki.debian.org/qa.debian.org/pts/RdfInterface [6] http://joinup.ec.europa.eu/asset/adms_foss/news/admssw-plugin-fusionforge-deployed-alioth Animate the Debian microblogging accounts! ------------------------------------------ The Debian publicity team[7] is seeking help to re-animate the Debian microblogging accounts. If you or your team are are looking for help, working on something, did something interesting, are holding a Debian related event or have something short and Debian-related to say, please propose[8] a short message on the team IRC channel. We also welcome folks who want to watch Debian IRC/lists/forums/planets and propose short messages. We will use deb.li[9] for link shortening. Messages will be posted to identica[10] and in the future possibly propagated to other microblogging systems and social networks. Help us tell the world about the Debian community! -- Paul Wise [7] https://wiki.debian.org/Teams/Publicity [8] https://wiki.debian.org/Teams/Publicity/Identica#identi.ca.2Fdebian [9] https://wiki.debian.org/deb.li [10] http://identi.ca/debian Cryptographic verification of upstream packages ----------------------------------------------- As of devscripts 2.13.3, uscan now supports verifying cryptographic signatures on upstream source via the pgpsigurlmangle option in debian/watch. See uscan(1) for details and examples. If your upstream provides cryptographic signatures, set up your workflow to verify them automatically! If your upstream doesn't provide cryptographic signatures, nag them until they start doing so! :) --dkg State of the debian-keyring --------------------------- Were keyring-maint to drop all embarrassingly-weak keys from the keyring, would the web of trust fall apart? Over 62% of the primary keys in the Debian keyring on 20131213 were only 1024 bits large. Over 72% of UIDs and user attributes were signed with a digest algorithm weaker than SHA-2. See more statistics here[11]. --Clint [11] https://lists.debian.org/debian-project/2014/01/msg00119.html ci.debian.net ------------- ci.debian.net[12] is a new service that runs test suites for all packages uploaded to unstable. ci.debian.net is powered up by a tool called debci, which will be uploaded to the official Archive soon[13]. It's still work in progress, so a test suite failure there might be due to a problem with the platform. When it comes to a production-ready state, it will be properly announced on the debian-debian-announce mailing list. If you want to help, the debci git repository has a TODO list[14]. -- Antonio Terceiro [12] http://ci.debian.net [13] http://bugs.debian.org/736416 [14] http://anonscm.debian.org/gitweb/?p=users/terceiro/debci.git;a=blob;f=TODO.otl;hb=HEAD -- bye, pabs http://wiki.debian.org/PaulWise
Attachment:
signature.asc
Description: This is a digitally signed message part