Contributing to Debian is part of Freexian’s mission. This article covers the latest achievements of Freexian and their collaborators. All of this is made possible by organizations subscribing to our Long Term Support contracts and consulting services.
urllib3’s old security patch by Stefano Rivera
Stefano ran into a test-suite failure in a new Debian package (python-truststore), caused by Debian’s patch to urllib3 from a decade ago, making it enable TLS verification by default (remember those days!). Some analysis confirmed that this patch isn’t useful any more, and could be removed.
While working on the package, Stefano investigated the scope of the urllib3 2.x transition. It looks ready to start, not many packages are affected.
Preparing for Python 3.12 in dh-python by Stefano Rivera
We are preparing to start the Python 3.12 transition in Debian. Two of the upstream changes that are going to cause a lot of packages to break could be worked-around in dh-python, so we did:
- Distutils is no longer shipped in the Python stdlib. Packages need to Build-Depend on python3-setuptools to get a (compatibility shim) distutils. Until that happens, dh-python will Depend on setuptools.
- A failure to find any tests to execute will now make the unittest runner exit 5, like pytest does. This was our change, to test-suites that have failed to be automatically discovered. It will cause many packages to fail to build, so until they explicitly skip running test suites, dh-python will ignore these failures.
/usr-merge by Helmut Grohne
It has become clear that the planned changes to debhelper and systemd.pc cause more rc-bugs. Helmut researched these systematically and filed another stack of patches. At the time of this writing, the uploads would still cause about 40 rc-bugs. A new opt-in helper dh_movetousr has been developed and added to debhelper in trixie and unstable.
debian-printing, by Thorsten Alteholz
This month Thorsten adopted two packages, namely rlpr and lprng, and moved them to the debian-printing team. As part of this Thorsten could close eight bugs in the BTS.
Thorsten also uploaded a new upstream version of cups, which also meant that eleven bugs could be closed.
As package hannah-foo2zjs still depended on the deprecated policykit-1 package, Thorsten changed the dependency list accordingly and could close one RC bug by the following upload.
Invalid PEP-440 Versions in Python Packages by Stefano Rivera
Stefano investigated how many packages in Debian (typically Debian-native packages) recorded versions in their packaging metadata (egg-info directories) that weren’t valid PEP-440 Python versions. pip is starting to enforce that all versions on the system are valid.
Miscellaneous contributions
- distro-info-data updates in Debian, due to the new Ubuntu release, by Stefano.
- DebConf 23 bookkeeping continues, but is winding down. Stefano still spends a little time on it.
- Utkarsh continues to monitor and help with reimbursements.
- Helmut continues to maintain architecture bootstrap and accidentally broke pam briefly
- Anton uploaded boost1.83 and started to prepare a transition to make boost1.83 as a default boost version.
- Rejuntada Debian UY 2023, a MiniDebConf that will be held in Montevideo, from 9 to 11 November, mainly organized by Santiago.