Bug#790125: RFS: dropbear/2015.67-1.1 NMU

To: Guilhem Moulin <guilhem@guilhem.org>
Cc: Gerrit Pape <pape@smarden.org>, 790125@bugs.debian.org
Subject: Bug#790125: RFS: dropbear/2015.67-1.1 NMU
From: Vincent Cheng <vcheng@debian.org>
Date: Tue, 14 Jul 2015 18:42:53 -0700
Message-id: <[🔎] CACZd_tBGu7Jbqhw3j--zrHU93o_GF-6iMtqmdRHv0S9fUN3Lxw@mail.gmail.com>
Reply-to: Vincent Cheng <vcheng@debian.org>, 790125@bugs.debian.org
In-reply-to: <20150627124024.GA25717@localhost>
References: <20150627124024.GA25717@localhost>

Control: tag -1 + moreinfo

Hi Guilhem,

On Sat, Jun 27, 2015 at 5:40 AM, Guilhem Moulin <guilhem@guilhem.org> wrote:
> Package: sponsorship-requests
> Severity: normal
>
> Dear mentors,
>
> I am looking for a sponsor for my package "dropbear"
>
> * Package name    : dropbear
>   Version         : 2015.67-1.1
>   Upstream Author : Matt Johnston <matt@ucc.asn.au>
> * URL             : http://matt.ucc.asn.au/dropbear/
> * License         : MIT
>   Section         : net
>
> It builds those binary packages:
>
>   dropbear - transitional dummy package for dropbear-{run,initramfs}
>   dropbear-bin - lightweight SSH2 server and client - command line tools
>   dropbear-initramfs - lightweight SSH2 server and client - initramfs integration
>   dropbear-run - lightweight SSH2 server and client - startup scripts
>
> To access further information about this package, please visit the following URL:
>
>   http://mentors.debian.net/package/dropbear
>
> Alternatively, one can download the package with dget using this command:
>
>   dget -x http://mentors.debian.net/debian/pool/main/d/dropbear/dropbear_2015.67-1.1.dsc
>
> More information about dropbear can be obtained from http://matt.ucc.asn.au/dropbear/ .
> The maintainer told me to go ahead a proceed with the NMU [0].
>
> Changes since the last upload:
>
>   * Non-maintainer upload.
>
>   [ Matt Johnston ]
>   * New upstream release.  (Closes: #775222.)
>
>   [ Guilhem Moulin ]
>   * debian/source/format: 3.0 (quilt)
>   * debian/compat: 9
>   * debian/control: bump Standards-Version to 3.9.6 (no changes necessary).
>   * debian/copyright: add machine-readable file.
>   * Split up package in dropbear-bin (binaries), dropbear-run (init scripts)
>     and dropbear-initramfs (initramfs integration).  'dropbear' is now a
>     transitional dummy package depending on on dropbear-run and
>     dropbear-initramfs.  (Closes: #692932.)
>   * Refactorize the package using dh_* tools, including dh_autoreconf.
>     (Closes: #689618, #777324.)
>   * dropbear-run:
>     + Add a status option to the /etc/init.d script.
>     + Pass key files with -r not -d in /etc/init.d script.  (Closes: #761143.)
>     + Post-installation script: Generate missing ECDSA in addition to RSA and
>       DSS host keys.  (Closes: #776976.)
>   * dropbear-initramfs:
>     + Don't mark /usr/share/initramfs-tools/conf-hooks.d/dropbear as a
>       configuration file, since it violates the Debian Policy Manual section
>       10.7.2.  (Regression from 2014.64-1.)
>     + Delete debian/initramfs/premount-devpts, since /dev/pts in mounted by
>       init since initramfs-tools 0.94.  (Closes: #632656.)
>     + Auto-generate host keys in the postinstall script, not when runing
>       update-initramfs.  Pass the '-R' option (via $PKGOPTION_dropbear_OPTION)
>       for the old behavior.  Also, print fingerprint and ASCII art for
>       generated keys (if ssh-keygen is available).
>     + Revert ad2fb1c and remove warning about changing host key.  Users
>       shouldn't be encouraged to use the same keys in the encrypted partition
>       and in the initramfs.  The proper fix is to use an alternative port or
>       UserKnownHostFile.
>     + Set ~root to `mktemp -d "$DESTDIR/root-XXXXXX"` to avoid collisions with
>       $rootmnt.  (Closes: #558115.)
>     + Exit gracefully if $IP is 'none' or 'off'.  (Closes: #692932.)
>     + Start dropbear with flag -s to explicitly disable password logins.
>     + Terminate all children before killing dropbear, to avoid stalled SSH
>       connections.  (Closes: #735203.)
>     + Run configure_networking in the foreground.  (Closes: #584780, #626181,
>       #739519.)
>     + Bring down interfaces and flush network configuration before existing
>       the ramdisk, to avoid misconfigured network in the regular kernel.
>       (Closes: #715048, #720987, #720988.)
>     + Add a script '/bin/unlock' to the initramfs to make remote unlocking
>       easier and possibly as a forced-command restrictions in authorized_keys.

NMUs are intended to be minimally intrusive and be targeted to fix
specific bugs (and usually RC/important ones); that means that in
general, you should avoid things like new upstream releases and
extensive packaging changes, and your proposed debdiff should be as
small as possible. Your changes are more in scope of a package
adoption than a NMU. While I don't want to discourage you from doing
extensive work to improve dropbear, you'll likely find it difficult to
find a DD other than the maintainer who's willing to sponsor this as a
NMU.

Regards,
Vincent

Reply to:

Follow-Ups:
- Bug#790125: RFS: dropbear/2015.67-1.1 NMU
  - From: Guilhem Moulin <guilhem@guilhem.org>

Prev by Date: Processed: Re: Bug#790125: RFS: dropbear/2015.67-1.1 NMU
Next by Date: Bug#792379: RFS: plowshare4/1.0.5-2 [RC] -- filesharing website tool implemented in bash
Previous by thread: Processed: Re: Bug#790125: RFS: dropbear/2015.67-1.1 NMU
Next by thread: Processed: Re: Bug#790125: RFS: dropbear/2015.67-1.1 NMU
Index(es):
- Date
- Thread