[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Misc Developer News (#34)

The news are collected on http://wiki.debian.org/DeveloperNews
Please contribute short news about your work/plans/subproject.

In this issue:
 + Email notifications for git commits on git.debian.org
 + alioth.debian.org now exports project meta-data as RDF (using DOAP/ADMS.SW)
 + Animate the Debian microblogging accounts!
 + Cryptographic verification of upstream packages
 + State of the debian-keyring
 + ci.debian.net

Email notifications for git commits on git.debian.org

 Many projects rely on the git-commit-notice[1] script provided on
 git.debian.org to send mail notifications of the activity of the git
 repositories hosted there. Up to now, this script was based on (a very
 old copy of) the "post-receive-email" contrib script from Git upstream. I
 recently updated it and it's now based on git-multimail[2] which
 generates more useful mails (with better subjects, with commit ordering
 per push, with proper support of merge, etc.). I have tweaked the script
 to auto-migrate the old git configuration settings so most of you
 shouldn't have anything to do but you might want to review/tweak the
 generated configuration (multimailhook.* git config settings) and drop
 the old one (hooks.* git config settings).

  -- Raphaël Hertzog

 [1] http://wiki.debian.org/Alioth/Git#Commit_mails_with_diff
 [2] https://github.com/mhagger/git-multimail/

alioth.debian.org now exports project meta-data as RDF (using DOAP/ADMS.SW)

 The alioth.debian.org forge now runs the ADMS.SW FusionForge plugin,
 which publishes projects meta-data as RDF / Linked Data. Every project's
 homepage https://alioth.debian.org/projects/PROJNAME/ is then available
 as RDF for harvesting robots (using proper content-type negotiation, for
 instance : $ curl -k -H "Accept: text/turtle"
 https://alioth.debian.org/projects/PROJNAME/). The two main ontologies
 used are DOAP[3] and ADMS.SW[4], rendering such meta-data compatible with
 other project indexes (such as meta-data published by the PTS[5]). Note
 that due to the big number of hosted projects on Alioth (950+) some
 package indexes can't be exported as RDF yet. More details in ADMS.SW
 plugin for FusionForge deployed on Alioth[6].

  -- Olivier Berger

 [3] https://github.com/edumbill/doap/wiki
 [4] http://joinup.ec.europa.eu/asset/adms_foss/home
 [5] http://wiki.debian.org/qa.debian.org/pts/RdfInterface
 [6] http://joinup.ec.europa.eu/asset/adms_foss/news/admssw-plugin-fusionforge-deployed-alioth

Animate the Debian microblogging accounts!

 The Debian publicity team[7] is seeking help to re-animate the Debian
 microblogging accounts. If you or your team are are looking for help,
 working on something, did something interesting, are holding a Debian
 related event or have something short and Debian-related to say, please
 propose[8] a short message on the team IRC channel. We also welcome folks
 who want to watch Debian IRC/lists/forums/planets and propose short
 messages. We will use deb.li[9] for link shortening. Messages will be
 posted to identica[10] and in the future possibly propagated to other
 microblogging systems and social networks. Help us tell the world about
 the Debian community!

  -- Paul Wise

 [7] https://wiki.debian.org/Teams/Publicity
 [8] https://wiki.debian.org/Teams/Publicity/Identica#identi.ca.2Fdebian
 [9] https://wiki.debian.org/deb.li
 [10] http://identi.ca/debian

Cryptographic verification of upstream packages

 As of devscripts 2.13.3, uscan now supports verifying cryptographic
 signatures on upstream source via the pgpsigurlmangle option in
 debian/watch. See uscan(1) for details and examples. If your upstream
 provides cryptographic signatures, set up your workflow to verify them
 automatically! If your upstream doesn't provide cryptographic signatures,
 nag them until they start doing so! :)


State of the debian-keyring

 Were keyring-maint to drop all embarrassingly-weak keys from the keyring,
 would the web of trust fall apart? Over 62% of the primary keys in the
 Debian keyring on 20131213 were only 1024 bits large. Over 72% of UIDs
 and user attributes were signed with a digest algorithm weaker than
 SHA-2. See more statistics here[11].


 [11] https://lists.debian.org/debian-project/2014/01/msg00119.html


 ci.debian.net[12] is a new service that runs test suites for all packages
 uploaded to unstable. ci.debian.net is powered up by a tool called debci,
 which will be uploaded to the official Archive soon[13]. It's still work
 in progress, so a test suite failure there might be due to a problem with
 the platform. When it comes to a production-ready state, it will be
 properly announced on the debian-debian-announce mailing list. If you
 want to help, the debci git repository has a TODO list[14].

  -- Antonio Terceiro

 [12] http://ci.debian.net
 [13] http://bugs.debian.org/736416
 [14] http://anonscm.debian.org/gitweb/?p=users/terceiro/debci.git;a=blob;f=TODO.otl;hb=HEAD



Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: