[Hamara-devel] How debian works : Was apt-add-repository
shirish
shirish at hamaralinux.org
Wed Apr 22 17:20:26 BST 2015
in-line :-
On 04/22/2015 01:52 PM, Vikas Tara wrote:
> OK - that solves the xbmc issue then - I think we would pull in newer
> releases of well known / well used packages than are in debian stable
> - do you agree?
Hi all,
Ahem.... WARNING ... this will be a long read.
While the question may look deceptively simple a little bit of
background or understanding will be required as how to debian.org
functions. What debian did for a long time and the community stagnated
was when it had a single person as maintainer and as it is generally
known Debian is very much a voluntary project.
What debian.org did then was to make teams wherein 2-3 or more people
get 'Uploader rights' which means they can patch things, make new
releases and do whatever is required to keep the software in good shape.
I would take example of the kernel as an example of a team and how it
operates.
[$] aptitude show linux-image-3.16.0-4-amd64
Package: linux-image-3.16.0-4-amd64
State: installed
Automatically installed: yes
Version: 3.16.7-ckt9-2
Priority: optional
Section: kernel
Maintainer: Debian Kernel Team <debian-kernel at lists.debian.org>
Architecture: amd64
Uncompressed Size: 163 M
Depends: kmod | module-init-tools, linux-base (>= 3~), debconf (>= 0.5)
| debconf-2.0, initramfs-tools (>= 0.110~) | linux-initramfs-tool
PreDepends: debconf | debconf-2.0
Recommends: firmware-linux-free (>= 3~), irqbalance
Suggests: linux-doc-3.16, debian-kernel-handbook, grub-pc | grub-efi |
extlinux
Breaks: at (< 3.1.12-1+squeeze1), initramfs-tools (< 0.110~)
Provides: linux-modules-3.16.0-4-amd64
Description: Linux 3.16 for 64-bit PCs
The Linux kernel 3.16 and modules for use on PCs with AMD64, Intel 64
or VIA Nano processors.
This kernel also runs on a Xen hypervisor. It supports both
privileged (dom0) and unprivileged (domU) operation.
Homepage: https://www.kernel.org/
While there is much information therein we will just see only line of
the output for our understanding/consideration.
[$] aptitude show | grep Maintainer
Maintainer: Debian Kernel Team <debian-kernel at lists.debian.org>
so we now know that there is team called asdebian-kernel and their home
is lists.debian.org.
Now let's go through the package listing looking for few entries :-
─[$] dpkg -L linux-image-3.16.0-4-amd64 | grep changelog
/usr/share/doc/linux-image-3.16.0-4-amd64/changelog.Debian.gz
For those who might not know changelog.Debian.gz gives you info. as to
what recent changes happened to the package.
Let's go and see there :-
[/usr/share/doc/linux-image-3.16.0-4-amd64 [$] zcat changelog.Debian.gz
| less
linux (3.16.7-ckt9-2) unstable; urgency=medium
* btrfs: simplify insert_orphan_item (Closes: #782362)
-- Ben Hutchings <ben at decadent.org.uk> Mon, 13 Apr 2015 02:01:54 +0100
linux (3.16.7-ckt9-1) unstable; urgency=medium
* New upstream stable update:
http://kernel.ubuntu.com/stable/ChangeLog-3.16.7-ckt8
- usb: core: buffer: smallest buffer should start at ARCH_DMA_MINALIGN
- btrfs: fix leak of path in btrfs_find_item
- tpm_tis: verify interrupt during init
- xfs: ensure buffer types are set correctly
- xfs: inode unlink does not set AGI buffer type
- xfs: set buf types when converting extent formats
- xfs: set superblock buffer type correctly
- xfs: inode unlink does not set AGI buffer type
- xfs: set buf types when converting extent formats
- xfs: set superblock buffer type correctly
- [s390*] KVM: avoid memory leaks if __inject_vm() fails
- samsung-laptop: Add use_native_backlight quirk, and enable it on some
models (regression in 3.14)
- staging: comedi: comedi_compat32.c: fix COMEDI_CMD copy back
- nfs: don't call blocking operations while !TASK_RUNNING
- cdc-acm: add sanity checks
- USB: fix use-after-free bug in usb_hcd_unlink_urb()
- iwlwifi: mvm: fix failure path when power_update fails in
add_interface
- tty: Prevent untrappable signals from malicious program
- cpufreq: Set cpufreq_cpu_data to NULL before putting kobject
- nfs41: .init_read and .init_write can be called with valid pg_lseg
(regression in 3.15)
- mei: mask interrupt set bit on clean reset bit (regression in
3.16.7-ckt5)
- [s390*] KVM: floating irqs: fix user triggerable endless loop
- cfq-iosched: handle failure of cfq group allocation
- tracing: Fix unmapping loop in tracing_mark_write
- fsnotify: fix handling of renames in audit
- blk-mq: fix double-free in error path
- NFSv4.1: Fix a kfree() of uninitialised pointers in
decode_cb_sequence_args
- mm/hugetlb: pmd_huge() returns true for non-present hugepage
- mm/hugetlb: take page table lock in follow_huge_pmd()
- mm/hugetlb: fix getting refcount 0 page in hugetlb_fault()
- mm/hugetlb: add migration/hwpoisoned entry check in
hugetlb_change_protection
- mm/hugetlb: add migration entry check in __unmap_hugepage_range
- iscsi-target: Drop problematic active_ts_list usage
- mm: hwpoison: drop lru_add_drain_all() in __soft_offline_page()
(regression in 3.11)
- jffs2: fix handling of corrupted summary length
- dm mirror: do not degrade the mirror on discard error
- dm io: reject unsupported DISCARD requests with EOPNOTSUPP
- NFS: struct nfs_commit_info.lock must always point to inode->i_lock
(regression in 3.16.4)
- target: Add missing WRITE_SAME end-of-device sanity check
- target: Check for LBA + sectors wrap-around in sbc_parse_cdb
- Btrfs: fix fsync data loss after adding hard link to inode
- sg: fix read() error reporting
- IB/qib: Do not write EEPROM
- [amd64] EDAC, amd64_edac: Prevent OOPS with >16 memory controllers
(regression in 3.11)
- md/raid5: Fix livelock when array is both resyncing and degraded.
- locking/rtmutex: Avoid a NULL pointer dereference on deadlock
(regression in 3.16)
- time: adjtimex: Validate the ADJ_FREQUENCY values
- ntp: Fixup adjtimex freq validation on 32-bit systems
- dm: fix a race condition in dm_get_md
- dm snapshot: fix a possible invalid memory access on unload
- libceph: fix double __remove_osd() problem
- blk-throttle: check stats_cpu before reading it from sysfs
- debugfs: leave freeing a symlink body until inode eviction
- procfs: fix race between symlink removals and traversals
- autofs4 copy_dev_ioctl(): keep the value of ->size we'd used for
allocation
- clk-gate: fix bit # check in clk_register_gate() (regression in 3.11)
- [powerpc*] kernel: Avoid memory corruption at early stage
(regression in 3.14)
- GFS2: Fix crash during ACL deletion in acl max entry check in
gfs2_set_acl() (regression in 3.14)
- net: llc: use correct size for sysctl timeout entries (CVE-2015-2041)
(CVE-2015-2042)
- HID: i2c-hid: Limit reads to wMaxInputLength bytes for input events
(regression in 3.16.7-ckt4)
- net: sctp: fix race for one-to-many sockets in sendmsg's auto
associate
- ipv6: mld: fix add_grhead skb_over_panic for devs with large MTUs
- IB/core: When marshaling ucma path from user-space, clear unused
fields
(regression in 3.14)
- IB/core: Fix deadlock on uverbs modify_qp error flow (regression
in 3.14)
- IB/mlx4: Fix wrong usage of IPv4 protocol for multicast attach/detach
(regression in 3.14)
- IB/iser: Use correct dma direction when unmapping SGs
(regression in 3.15)
- staging: comedi: cb_pcidas64: fix incorrect AI range code handling
- target: Fix R_HOLDER bit usage for AllRegistrants
- target: Avoid dropping AllRegistrants reservation during unregister
- target: Allow AllRegistrants to re-RESERVE existing reservation
- target: Allow Write Exclusive non-reservation holders to READ
- vhost/scsi: potential memory corruption
- mm: softdirty: unmapped addresses between VMAs are clean
- proc/pagemap: walk page tables under pte lock
http://kernel.ubuntu.com/stable/ChangeLog-3.16.7-ckt9
- netfilter: nft_compat: fix module refcount underflow
- netfilter: xt_socket: fix a stack corruption bug
- ipvs: add missing ip_vs_pe_put in sync code
- flowcache: Fix kernel panic in flow_cache_flush_task (regression
in 3.15)
- tcp: make sure skb is not shared before using skb_get()
(regression in 3.16)
- gen_stats.c: Duplicate xstats buffer for later use
- ematch: Fix auto-loading of ematch modules.
- openvswitch: Fix net exit.
- net: reject creation of netdev names with colons
- macvtap: make sure neighbour code can push ethernet header
- udp: only allow UFO for packets from SOCK_DGRAM sockets
- gpiolib: of: allow of_gpiochip_find_and_xlate to find more than
one chip
per node (regression in 3.16.7-ckt6)
- [x86] drm/i915: Check obj->vma_list under the struct_mutex
(regression in 3.15)
- ALSA: hda - Disable runtime PM for Panther Point again
(regression in 3.14)
- nilfs2: fix potential memory overrun on inode
- [armhf] usb: dwc3: dwc3-omap: Fix disable IRQ
- [i386] KVM: emulate: fix CMPXCHG8B on 32-bit hosts
- xhci: Allocate correct amount of scratchpad buffers
- USB: usbfs: don't leak kernel data in siginfo
- efi/libstub: Fix boundary checking in efi_high_alloc()
- USB: serial: fix potential use-after-free after failed probe
- USB: serial: fix tty-device error handling at probe
- staging: comedi: adv_pci1710: fix AI INSN_READ for non-zero channel
- mei: make device disabled on stop unconditionally
- NFSv4: Don't call put_rpccred() under the rcu_read_lock()
- btrfs: fix lost return value due to variable shadowing
- eCryptfs: don't pass fs-specific ioctl commands through
- drm/radeon: fix DRM_IOCTL_RADEON_CS oops
- [armhf] ASoC: omap-pcm: Correct dma mask
- [amd64] x86/asm/entry/64: Remove a bogus 'ret_from_fork' optimization
(CVE-2015-2830)
- Btrfs: fix data loss in the fast fsync path
- Btrfs:__add_inode_ref: out of bounds memory read when looking for
extended ref.
- svcrpc: fix memory leak in gssp_accept_sec_context_upcall
(regression in 3.12)
- SUNRPC: Always manipulate rpc_rqst::rq_bc_pa_list under
xprt->bc_pa_lock
(regression in 3.15)
- net: cls_bpf: fix size mismatch on filter preparation
- net: cls_bpf: fix auto generation of per list handles
- qlge: Fix qlge_update_hw_vlan_features to handle if interface is down
(regression in 3.13)
- libsas: Fix Kernel Crash in smp_execute_task
- ALSA: hda - Fix regression of HD-audio controller fallback modes
(regression in 3.11)
- can: add missing initialisations in CAN related skbuffs
- ftrace: Fix en(dis)able graph caller when en(dis)abling record
via sysctl
- ftrace: Fix ftrace enable ordering of sysctl ftrace_enabled
- [armhf] imx6qdl-sabresd: set swbst_reg as vbus's parent reg
- [armhf] imx6sl-evk: set swbst_reg as vbus's parent reg
- xen-pciback: limit guest control of command register (CVE-2015-2150)
- drm/vmwgfx: Reorder device takedown somewhat
- ALSA: control: Add sanity checks for user ctl id name string
- Revert "i2c: core: Dispose OF IRQ mapping at client removal time"
- nilfs2: fix deadlock of segment constructor during recovery
(regression in 3.16.7-ckt7)
- clk: divider: fix calculation of maximal parent rate for a given
divider
(regression in 3.15)
- [sparc*] Fix several bugs in memmove().
- net: sysctl_net_core: check SNDBUF and RCVBUF for min length
- inet_diag: fix possible overflow in inet_diag_dump_one_icsk()
- caif: fix MSG_OOB test in caif_seqpkt_recvmsg()
- rxrpc: bogus MSG_PEEK test in rxrpc_recvmsg()
- tcp: fix tcp fin memory accounting
- net: compat: Update get_compat_msghdr() to match
copy_msghdr_from_user()
behaviour (regression in 3.13)
- tcp: make connect() mem charging friendly
[ Ian Campbell ]
* Initialise framebuffer console earlier. (Closes: #779935)
* [xen] Enable Xen MCE log support. (Closes: #779698)
* [armhf] mvebu: do not register custom DMA operations when coherency is
disabled (Closes: #780858)
* [armhf] Enable power control on various sunxi platforms, enable
MFD_AXP20X
and REGULATOR_AXP20X and adding the necessary DTB nodes. (Closes:
#781576)
[ Ben Hutchings ]
* [armel/kirkwood] linux-image: Add versioned Breaks against
flash-kernel,
to ensure that an FDT is appended to the image if needed (Closes:
#781193)
* Revert "quota: Store maximum space limit in bytes" to avoid ABI change
* IB/core: Prevent integer overflow in ib_umem_get address arithmetic
(CVE-2014-8159)
* Btrfs: make xattr replace operations atomic (CVE-2014-9710)
* ext4: fix ZERO_RANGE bug hidden by flag aliasing
* ext4: fix accidental flag aliasing in ext4_map_blocks flags
* ext4: allocate entire range in zero range (CVE-2015-0275)
* [x86] microcode/intel: Guard against stack overflow in the loader
(CVE-2015-2666)
* ipv6: Don't reduce hop limit for an interface (CVE-2015-2922)
* [powerpc/powerpc64,ppc64] Disable THERM_PM72 and enable its
replacements
WINDFARM_PM72 and WINDFARM_RM31 as modules. Update the udeb config
accordingly. Thanks to Milan Kupcevic. (Closes: #781934)
* psmouse: Add support for FocalTech touchpads, thanks to Rafal Ramocki
* [x86] drm/i915: Add limited color range readout for HDMI/DP ports on
g4x/vlv/chv (Closes: #775217)
* HID: thingm: fix workqueue race on remove (Closes: #780055)
* [x86] Disable X86_VERBOSE_BOOTUP (Closes: #781953)
* eMMC: Don't initialize partitions on RPMB flagged areas (Closes:
#782038)
* [x86] powercap / RAPL: change domain detection message (Closes:
#781418)
* procfs: Avoid ABI change in 3.16.7-ckt8
* [powerpc/powerpc] udeb: Add fb-modules package containing radeonfb
driver
(Closes: #782058)
-- Ben Hutchings <ben at decadent.org.uk> Wed, 08 Apr 2015 01:03:08 +0100
Sorry for the long read of the changelog but was necessary (this
actually is the evil of monolithic kernels but that's a different topic
altogether so won't go there.)
As can be seen there were two people who made 8th April release of the
kernel Ian Campbell and Ben Hutchings , there might have been others as
well but only these two choose to be credited.
[$] apt-cache policy linux-image-3.16.0-4-amd64
linux-image-3.16.0-4-amd64:
Installed: 3.16.7-ckt9-2
Candidate: 3.16.7-ckt9-2
Version table:
*** 3.16.7-ckt9-2 0
600 http://httpredir.debian.org//debian/ jessie/main amd64 Packages
1 http://httpredir.debian.org//debian/ unstable/main amd64
Packages
[$] apt-cache policy linux-image-3.19.0-trunk-amd64
linux-image-3.19.0-trunk-amd64:
Installed: (none)
Candidate: 3.19.3-1~exp1
Version table:
3.19.3-1~exp1 0
1 http://httpredir.debian.org//debian/ experimental/main
amd64 Packages
So, for the question
" I think we would pull in newer releases of well known / well used
packages than are in debian stable - do you agree? " - Vikas
Yes, we could provided :-
a. We have enough number of people who knows how this all works.
b. We are able to make a statement about quality of our packages and do
share the work upstream as well as with Debian - They will welcome any
help provided we are able to show that we have some knowledge of how
things work (even if we do not know it all.) The benefit of doing any
uploads or anything for that matter is the larger base of users it has
and their ability to bring out even corner cases which otherwise are not
known.
As have shared with Vikas, there are lots of both QA and security tools
which are in Debian (and of course much more in the wilder free software
movement) .
If we are looking for knowledge of popular tools then popcon.debian.org
could be used as a resource but with some caveats :-
a. It is not an accurate way to measure interest in a package. For e.g.
the GNU/Linux monolithic kernel which I have shared would have one of
the biggest numbers but that will as it's an essential component. You
need a kernel to do interrupts, house-keeping jobs and n number of
things that the kernel has to do.
The notation is https://qa.debian.org/popcon.php?package=$PACKAGENAME
For e.g. https://qa.debian.org/popcon.php?package=iceweasel
If you actually look at iceweasel you will see that they have different
versions :-
[$] apt-cache policy iceweasel
Installed: 37.0.2-1
Candidate: 37.0.2-1
Version table:
*** 37.0.2-1 0
1 http://httpredir.debian.org//debian/ experimental/main
amd64 Packages
100 /var/lib/dpkg/status
31.6.0esr-1 0
600 http://httpredir.debian.org//debian/ jessie/main amd64 Packages
1 http://httpredir.debian.org//debian/ unstable/main amd64
Packages
Now there is always going to be this fight between the latest and the
most stable. If we take either the kernel's package or iceweasel
package (both are pretty well-maintained) the releases which are in
testing (will be the new- stable in 3 days time) both the iceweasel and
kernel version are the ones which have Long Term Support (LTS) ,
Mozilla calls it Extended Support Release (ESR) . If we are going to be
a sort of rolling release we would need to think this quite a bit as the
need of QA and security is more (the pressure is more and is the reason
the Ubuntu/Canonical fails and continue to fail) than what currently
happens.
There is a good possibility that Vikas has this all chalked out in the
head or in a book somewhere but because I do not know which way he wants
to proceed, I am afraid he will have to share his vision for this
The easiest way for now would be to do the following :-
a. Concentrate on having good themes/better themes and documenting as
much as we can about Debian and its way of doing things.
b. Finding packages which have high popcon and not active maintainer,
become a maintainer of such a package/packages and earn visibility in
the Debian community.
c. Find packages which would help us whether it is in education, wi-fi
mesh networks or any package which we feel is needed and have good
relations with both the DD/DM/Debian Contributor as well as maintain
good relationships with upstream so trust is there.
The output would be a knowledge community which knows where technology
and technological solutions are heading. Most DD's in their day-job
work on cutting-edge tools and they use the spare-time/hobby to create
the same for the world at large. They would help us identify big and
small cracks within the ecosystem where we could create products which
would be beneficial to all.
Looking forward to feedback.
--
Shirish Agarwal,
Community Lead,
Hamaralinux.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.hamaralinux.org/pipermail/hamara-devel/attachments/20150422/07f3a988/attachment-0001.html>
More information about the Hamara-devel
mailing list