On 11/06/13 02:47, Paul Wise wrote: > On Tue, Jun 11, 2013 at 12:48 AM, Carlos Alberto Lopez Perez wrote: > >> I'm not sure if beta versions are welcome on Debian or should be avoided >> if possible. My understanding is that it should be avoided if possible. > > The main thing is that packages uploaded to unstable are destined for > the next Debian stable release and should thus be suitable for release > in Debian stable in the maintainer's opinion (and the release/security > teams). > > In general, releases blessed by upstreams as final are probably more > likely to be suitable for stable than ones they designate as beta. > Obviously this varies between upstreams, some are more diligent than > others and keep their tree suitable for stable at all times. > Ultimately it is the choice of the Debian maintainer whether or not a > beta version is suitable for stable or not. > > One example of getting it wrong; some years ago a beta of apache or a > beta some apache related thing (I forget) was released in Debian > stable. Upstream made an change between the beta release and the final > release that made Debian incompatible with various other distros. In > hindsight, shipping the beta was a bad idea; this is one reason why we > tend to be conservative about this. > > In this case I would guess the risks are probably low as long as > 1.2~beta1 has been verified to work, since aircrack-ng is mostly an > end-user tool. > >> I was thinking in uploading this minor revision of 1.1 to unstable first >> (mainly to close #688158) and later packaging 1.2~beta1 for experimental. > > Sounds like a good plan to me. > > The changes look good to me, uploaded. > Thanks a lot :) > For the next upload, you may want to look at the links on the PTS page > and run some automated checkers over the package: > > http://packages.qa.debian.org/a/aircrack-ng.html > http://wiki.debian.org/HowToPackageForDebian#Check_points_for_any_package > Looks like a great battery of tests. I will definitively try it. > Another couple of things for the future of this package: > > Replace the embedded copy of oui.txt with one shared by many packages. > Which package contains such oui file? Is there any package shipping generic oui files to be shared or is every package shipping just his own oui file? Also aircrack don't knows how to parse the raw oui file. The oui file should be "grepped" for "(hex)" and leading/trailing spaces should be removed. A script (airodump-ng-oui-update) is shipped with the package to download the latest oui file and convert it to the format that aircrack understands. I guess patching aircrack to understand the raw oui file shouldn't be that difficult. The question is if there is any package shipping a generic oui file that is meant to be shared for the rest of the packages on the system, and not is only shipped for its own use. I won't feel confident relying in the oui file shipped by another package unless that oui file is shipped with generic purposes. > Switch from hardening-includes to standard debhelper compat 9, which > automatically includes hardening flags. > > wrap-and-sort -sa would make diffs of debian/control easier to understand. > > BTW, your OpenPGP key doesn't appear to have an expiry date. It is a > good idea to set one and set reminders for the date when you should > extend your key expiry date. Please see the relevant sections of this > document: > > https://we.riseup.net/riseuplabs+paow/openpgp-best-practices > I have AES encrypted revocation certificates already generated that I store in different places. In case I lost my private key I can just revoke it. I find the usage of an expiration date a bit annoying, because if someone don't updates regularly his keyring he can have my key expired even if I renewed it, and he could run into trouble to encrypt the mail to me. Not everyone is tech savvy. This already has happened with some friends. Regards!
Attachment:
signature.asc
Description: OpenPGP digital signature