[Pkg-mpd-maintainers] libmpdclient/ncmpc in debian (was "MPD 0.21 in buster")
Florian Schlichting
fsfs at debian.org
Mon Dec 17 23:24:09 GMT 2018
On Sun, Dec 02, 2018 at 07:50:42PM +0100, kaliko wrote:
> On 14/11/2018 16:24, kaliko wrote:
> > On 14/11/2018 09:21, Max Kellermann wrote:
> >> But it could be worse, just look at the ncmpc package, which appears
> >> completely unmaintained and even suffers from a CVE (of course, that
> >> bug was already fixed upstream when it was reported in the Debian bug
> >> tracker): https://security-tracker.debian.org/tracker/CVE-2018-9240
> >
> > Regarding ncmpc and libmpdclient (same maintainer, CCed), I'm
> > maintaining packages for my own use and I tried to contact Sebastian
> > twice offering help but got no answer so far.
>
> I rebased my changed on Sebastian repository:
>
> https://salsa.debian.org/kaliko-guest/ncmpc
> https://salsa.debian.org/kaliko-guest/libmpdclient
>
>
> If somebody is willing to review my packaging and eventually nmu the
> packages.
there's a new "package salvaging process" in Debian, and I just filed
bugs #916729 and #916731 to document my intent to move libmpdclient and
ncmpc into the mpd team. If nothing happens for three weeks, we can move
forward and take over those packages.
kaliko, thanks for salvaging the git history for the two packages - I
even cannot access the repos on git.tokkee.org as the certificate has
expired and it's using HSTS... Are you interested in polishing your
repos a bit more? There are a number of lintian warnings (especially if
you switch on --pedantic) and I would prefer to have upstream and
pristine-tar branches (along with the complete upstream source, not just
the debian directory) in git - and possibly also the upstream git
history: git-buildpackage has options to specify an upstream tag that
gets merged into master along with the contents of the 'upstream' branch
created from the tar.xz...
Regarding MPD 0.21, it seems to have built OK everywhere (except where
it hasn't been built yet), so let's go and test it and then upload a -2
to unstable in early January so we don't get removed from buster by the
roaraudio FTBFS.
Florian
More information about the Pkg-mpd-maintainers
mailing list