#1087512 ITS: checksecurity

Package:
src:checksecurity
Source:
src:checksecurity
Submitter:
Andreas Tille
Date:
2025-02-05 20:33:01 UTC
Severity:
normal
Tags:
#1087512#5
Date:
2024-11-14 15:05:41 UTC
From:
To:
Hi

I'm interested in salvaging your package checksecurity, in accordance
with the Package Salvaging procedure outlined in the Developers
Reference[1].  Your package meets the criteria for this process, and I
would love to assist in preserving and maintaining it. As the Salvage
process suggests, here is a list of the criteria that apply, in my
opinion:

  - NMUs, (more than one NMU in a row).
  - Bugs filed against the package do not have answers from the
    maintainer.
  - There are QA issues with the package.

I believe your package should be maintained by the Debian team on Salsa
and I've took the freedom to create a Salsa repository here[2]. If you
choose not to accept the ITS, I'd be more than happy to help you move it
to another location, wherever you prefer. My goal is to make it as easy
as possible for contributors to join your effort to maintain this
package.

Your package was highlighted in the Bug of the Day[3] initiative, which
aims to introduce newcomers to manageable tasks and guide them through
the workflow to solve them. The focus of this initiative is on migrating
packages to Salsa, as it's a great way to familiarize newcomers with a
consistent Git-based workflow.

Kind regards
    Andreas.

[1] https://www.debian.org/doc/manuals/developers-reference/pkgs.en.html#package-salvaging
[2] https://salsa.debian.org/debian/checksecurity
[3] https://salsa.debian.org/tille/tiny_qa_tools/-/wikis/Tiny-QA-tasks
#1087512#10
Date:
2024-11-14 17:57:47 UTC
From:
To:
This is great news. Ive been using a local fork for a while -- i assumed
this package was dead

https://salsa.debian.org/rpil2/checksecurity

feel free to use any of this in debian.
#1087512#15
Date:
2024-11-14 23:00:58 UTC
From:
To:
Hi Richard,

Am Thu, Nov 14, 2024 at 05:57:47PM +0000 schrieb Richard Lewis:

Not really dead since it has quite some popcon but somehow forgotten /
unmaintained.

Well, what about if you take responsibility at least as Uploaader.  I'd
suggest I'll upload if the Maintainer agrees / will not answer.  I'm
fine with adding you as Uploader in my upload.  Than you merge in those
changes you consider important for the package and possibly close more
bugs.  I volunteer to sponsor your work.  This is the right way to make
sure the package will not die.

What do you think about this?

Kind regards
    Andreas.
#1087512#20
Date:
2024-11-15 19:06:19 UTC
From:
To:
Works for me. I assume we wait a bit for any response -- im equally happy
to work with anyone else, from memory, the package mostly works OK and just
needs a bit of a cleanup.

(The main annoyance for me is having the configuration not all in one
directory, which makes version control needlessly difficult)
#1087512#25
Date:
2024-11-15 21:41:14 UTC
From:
To:
Hi Javier,

thanks a lot for your answer.

Am Fri, Nov 15, 2024 at 02:53:17PM +0100 schrieb Javier Fernandez-Sanguino:

I admit the security repo makes a lot more sense than debian/.  Please feel
free to move

https://salsa.debian.org/debian/checksecurity/

there and take over whatever you consider worth keeping from my work.  I
consider it way better if this package stays in your constant attention
than if I as an outsider would try to care for it.

Sounds very sensible.  Please also note the response from

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1087512#10

who has some enhancements and possibly the intention to co-maintain the
package.

Saludos from Toulouse and thanks again for taking over from here

     Andreas.
#1087512#30
Date:
2024-12-15 07:58:12 UTC
From:
To:
Hi Javier,

I'd like to ping this ITS. In the bug log for "#197563 Checksecurity's
priority is too low"[1], you indicated an intent to maintain the
package, which I take to mean you plan to upload it yourself. That’s
great, as I’d prefer not to add more packages to my workload. I wanted
to highlight that the Salsa repository[2] includes fixes for 5 bugs. It
would be excellent if you could upload these changes and announce the
Vcs fields in the process. This would remove checksecurity from our Bug
of the Day list (where it appeared again today). Hosting it on Salsa
would also make it more accessible to Debian contributors.

Kind regards
    Andreas.

[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=197563#15
[2] https://salsa.debian.org/debian/checksecurity
#1087512#35
Date:
2024-12-31 19:01:51 UTC
From:
To:
Dear Andreas,

Sorry for the late reply. I have just uploaded to the archive a new version
of the package including all your fixes as well as some additional fixes
for bugs in the BTS. Thank you for your work uploading this to Salsa and
making it more accessible to other contributors.

I will need some time to review the changes introduced by Richard in order
to move them into the package. But hopefully now with the GIT repository
available it makes it easier for others to submit improvements as pull
requests.

Best regards and have a great start of the new year!

Javier
#1087512#40
Date:
2024-12-31 20:47:46 UTC
From:
To:
Hi Javier,

Am Tue, Dec 31, 2024 at 08:01:51PM +0100 schrieb Javier Fernandez-Sanguino:

No need for any thanks - it was a pleasure to help you.  Please make
sure you push your final commits and a tag.

Yea. ;-)

Same to you

      Andreas.
#1087512#45
Date:
2025-01-04 17:53:13 UTC
From:
To:
Hi again,

Am Tue, Dec 31, 2024 at 09:47:46PM +0100 schrieb Andreas Tille:

Ping for pushing.  Tracker.d.o claims that VCS is newer since it has the
remaining '+nmu' in the version string.

BTW, I plan to inject `nat` into debian/ team on Salsa as well and will
ping you once its ready.

Kind regards and thank you for your work
    Andreas.
#1087512#50
Date:
2025-01-05 11:23:58 UTC
From:
To:
Tags pushed.

Super, thanks for letting me know.

Javier
#1087512#55
Date:
2025-01-09 18:47:55 UTC
From:
To:
Dear Richard,

Similarly to what Andreas proposed, I'm happy to sponsor changes to this
software and co-maintain the package. Since the source code is now
available in Salsa, I would suggest you propose you incorporate the local
changes directly into the latest version uploaded (2.0.17, just uploaded
today). I'm happy to prepare a new 2.0.18 with all your local changes

Best regards

Javier
#1087512#60
Date:
2025-01-17 10:39:14 UTC
From:
To:
I have now done this -- just submitted
https://salsa.debian.org/debian/checksecurity/-/merge_requests/1

There's obviously quite a bit in there, but happy to discuss/change any of it
#1087512#65
Date:
2025-02-05 11:41:37 UTC
From:
To:
On Fri, 17 Jan 2025 at 10:39, Richard Lewis <richard.lewis.debian@googlemail.com> wrote:

Meanwhile,  checksecurity got dropped from testing due to the piuparts
failures - that is fixed in the MR, so would it be possible to take a
look soon. i could do a smaller MR if that would unblock this?
#1087512#70
Date:
2025-02-05 13:14:23 UTC
From:
To:
Hi Richard,

Am Wed, Feb 05, 2025 at 11:41:37AM +0000 schrieb Richard Lewis:

Thanks a lot for your MR.  If you provide a *dedicated* MR just fixing
the problem of this bug report I'd happily step in to accept it and
upload in case Javier might have some time constraints.  In general I
understood Javier keeps on maintaining this package and he is way more
competent to review your large MR.

Kind regards and thanks again for your commitment
   Andreas.
#1087512#75
Date:
2025-02-05 18:22:47 UTC
From:
To:
Smaller MR submitted,
https://salsa.debian.org/debian/checksecurity/-/merge_requests/2
I think it is enough to get back into testing

I will rebase the other MR onto this.
#1087512#80
Date:
2025-02-05 20:28:50 UTC
From:
To:
Hi Richard,

thanks for the patch fixing the specific error #1092611.  I merged the
MR and uploaded to delayed=5 which leaves a chance to cancel the upload
until the weekend.

Kind regards
   Andreas.

Am Wed, Feb 05, 2025 at 06:22:47PM +0000 schrieb Richard Lewis: