[blog] 01/02: Touch-ups, clarifications, tidying, etc.

Tue Dec 5 14:10:51 UTC 2017

This is an automated email from the git hooks/post-receive script.

lamby pushed a commit to branch master
in repository blog.

commit 06d9f1b07365cb8424d00f95f03494a73c573a95
Author: Chris Lamb <lamby at debian.org>
Date:   Tue Dec 5 13:20:27 2017 +0000

    Touch-ups, clarifications, tidying, etc.
---
 drafts/136.mdwn | 53 +++++++++++++++++------------------------------------
 drafts/137.mdwn |  3 +++
 2 files changed, 20 insertions(+), 36 deletions(-)

diff --git a/drafts/136.mdwn b/drafts/136.mdwn
index 98d746f..98d8069 100644
--- a/drafts/136.mdwn
+++ b/drafts/136.mdwn
@@ -7,22 +7,18 @@ Media coverage
 
 * Jelle van der Waa [wrote about Reproducible Arch Linux](http://vdwaa.nl/arch/linux/reproducible/builds/security/reproducible-builds-arch/). ([HN thread](https://news.ycombinator.com/item?id=15820356))
 
-* A while back, on October 31st 2017, Ludovic Courtès wrote a [summary about the status of Reproducible Guix](https://gnu.org/software/guix/news/reproducible-builds-a-status-update.html), which for them led to a nice and unexpected benefit: faster downloads!
+* On October 31st 2017, Ludovic Courtès wrote a [summary about the status of Reproducible Guix](https://gnu.org/software/guix/news/reproducible-builds-a-status-update.html), which even led to desirable side-effects such as faster downloads.
 
 Arch Linux imap key leakage
 ---------------------------
 
-A [security issue](https://bugs.archlinux.org/task/56484) was found on the imap
-package for [Arch Linux thanks to the reproducible builds efforts](https://tests.reproducible-builds.org/archlinux/).
-Due to a
-hardcoded key-generation routine in the build() step of imap's PKGBUILD (the
-standard packaging file for Arch Linux packages), a default secret key was
-generated and leaked on all imap installations. 
+A [security issue was found in the imap package](https://bugs.archlinux.org/task/56484) in Arch Linux [thanks to the reproducible builds effort](https://tests.reproducible-builds.org/archlinux/) in that distribution.
 
-This was prompty reviewed, confirmed and fixed by the Arch Linux package
-maintainers.
+Due to a hardcoded key-generation routine in the `build()` step of `imap`'s `PKGBUILD` (the standard packaging file for Arch Linux packages), a default secret key was generated and leaked on all `imap` installations. This was prompty reviewed, confirmed and fixed by the package maintainers.
 
-Debian Packages reviewed and fixed, and bugs filed
+This mirrors similar security issues found in Debian, such as [[!bug 833885]].
+
+Debian packages reviewed and fixed, and bugs filed
 -------------------------------------------
 
 * Adrian Bunk:
@@ -41,6 +37,7 @@ Debian Packages reviewed and fixed, and bugs filed
     * [[!bug 883348]] filed against [[!pkg psychtoolbox-3]].
     * [[!bug 883359]] filed against [[!pkg at-spi2-core]].
 
+In addition, 73 FTBFS bugs were detected and reported by Adrian Bunk.
 
 Reviews of unreproducible Debian packages
 ----------------------------------
@@ -48,17 +45,9 @@ Reviews of unreproducible Debian packages
 83 package reviews have been added, 41 have been updated and 33 have been removed in this week,
 adding to our knowledge about [identified issues](https://tests.reproducible-builds.org/debian/index_issues.html).
 
-1 issue types have been updated:
-
-- [qt-rcc patch is merged](https://anonscm.debian.org/git/reproducible/notes.git/commit/?id=d86ea540)
-
-
-Weekly Debian QA work
---------------
+1 issue type was updated:
 
-During our reproducibility testing, FTBFS bugs have been detected and reported by:
-
- - Adrian Bunk (73)
+- [timestamps\_in\_source\_generated\_by_rcc](https://anonscm.debian.org/git/reproducible/notes.git/commit/?id=d86ea540)
 
 
 LEDE / OpenWrt packages updates:
@@ -79,13 +68,13 @@ diffoscope development
 
 - Chris Lamb:
     - [Handle case where a file to be "fuzzy" matched does not contain enough entropy (#882981)](https://anonscm.debian.org/git/reproducible/diffoscope.git/commit/?id=8599873)
-    - [Make cleanup of placeholders idempotent.](https://anonscm.debian.org/git/reproducible/diffoscope.git/commit/?id=893a1e7)
+    - [Make cleanup of placeholders idempotent](https://anonscm.debian.org/git/reproducible/diffoscope.git/commit/?id=893a1e7)
 - Mike Hommey:
     - [Extract libarchive contents with a file extension](https://anonscm.debian.org/git/reproducible/diffoscope.git/commit/?id=a7c1d23)
 - Ximin Luo:
     - Bug fixes:
-        - [Run zipinfo on /dev/stdin instead of a variable path. (Closes: #879011)](https://anonscm.debian.org/git/reproducible/diffoscope.git/commit/?id=25fee28)
-        - [Looser matching for .deb archive members. (Closes: #881937)](https://anonscm.debian.org/git/reproducible/diffoscope.git/commit/?id=e5dc438)
+        - [Run zipinfo on /dev/stdin instead of a variable path (Closes: #879011)](https://anonscm.debian.org/git/reproducible/diffoscope.git/commit/?id=25fee28)
+        - [Looser matching for .deb archive members (Closes: #881937)](https://anonscm.debian.org/git/reproducible/diffoscope.git/commit/?id=e5dc438)
     - Features/cleanup:
         - [Allow non-text formats to output an empty diff](https://anonscm.debian.org/git/reproducible/diffoscope.git/commit/?id=0670bc0)
         - [Add a Difference.from\_command\_exc to distinguish excluded commands from empty diff](https://anonscm.debian.org/git/reproducible/diffoscope.git/commit/?id=f148615)
@@ -137,7 +126,7 @@ tests.reproducible-builds.org
             - [Check for new packages every day (instead of every 2)](https://anonscm.debian.org/git/qa/jenkins.debian.net.git/commit/?id=368d055b)
             - [Schedule newer versions automatically](https://anonscm.debian.org/git/qa/jenkins.debian.net.git/commit/?id=e6346092)
             - [Prefer manually triggered packages over new packages](https://anonscm.debian.org/git/qa/jenkins.debian.net.git/commit/?id=5c2b989a)
-            - [Detect versions of packages of 'any' arch](https://anonscm.debian.org/git/qa/jenkins.debian.net.git/commit/?id=2809fdde)
+            - [Detect versions of packages of `any` arch](https://anonscm.debian.org/git/qa/jenkins.debian.net.git/commit/?id=2809fdde)
             - [Schedule 'old' packages which haven't been tested yet](https://anonscm.debian.org/git/qa/jenkins.debian.net.git/commit/?id=735a2b36)
         - Features:
             - [Generate graphs](https://anonscm.debian.org/git/qa/jenkins.debian.net.git/commit/?id=5fc61d7c)
@@ -168,27 +157,19 @@ tests.reproducible-builds.org
     - Misc:
         - [Be more verbose when deploying jobs](https://anonscm.debian.org/git/qa/jenkins.debian.net.git/commit/?id=76b11fd8)
         - [Ignore some warnings in commit messages](https://anonscm.debian.org/git/qa/jenkins.debian.net.git/commit/?id=261a781d)
-        - [IRC notifications to #lede-dev on Freenode](https://anonscm.debian.org/git/qa/jenkins.debian.net.git/commit/?id=bbbb35ed)
+        - [Emit IRC notifications to `#lede-dev` on Freenode](https://anonscm.debian.org/git/qa/jenkins.debian.net.git/commit/?id=bbbb35ed)
 
 - Chris Lamb:
-    - [Ignore "warning" etc. in commit messages.](https://anonscm.debian.org/git/qa/jenkins.debian.net.git/commit/?id=70f4d6a9)
+    - [Ignore "warning" etc. in commit messages](https://anonscm.debian.org/git/qa/jenkins.debian.net.git/commit/?id=70f4d6a9)
 
 - Hans-Christoph Steiner continued his work on reproducible [F-Droid](https://f-droid.org/en/):
     - [Always wait for successful `git fetch`](https://anonscm.debian.org/git/qa/jenkins.debian.net.git/commit/?id=715102a8)
     - [Include new Python dependencies](https://anonscm.debian.org/git/qa/jenkins.debian.net.git/commit/?id=fb94269b)
 
 - lynxis:
-    - [Update references to sources.debian.org](https://anonscm.debian.org/git/qa/jenkins.debian.net.git/commit/?id=abe238c3)
-
-
-bugs filed to upstream projects
--------------------------------
-
-* Santiago Torres-Arias:
-  * [Make gnu-apl reproducible](https://savannah.gnu.org/bugs/index.php?52586)
-  * fbnews: sorry, there is no public record of the bug. you can see the patch [here](https://ptpb.pw/CfGQ/diff) though
+    - [Update references to `sources.debian.org`](https://anonscm.debian.org/git/qa/jenkins.debian.net.git/commit/?id=abe238c3)
 
 Misc.
 -----
 
-This week's edition was written by Bernhard M. Wiedemann, Chris Lamb & reviewed by a bunch of Reproducible Builds folks on IRC & the mailing lists.
+This week's edition was written by Alexander Couzens, Bernhard M. Wiedemann, Chris Lamb, Holger Levsen, Santiago Torres-Arias, Vagrant Cascadian & reviewed by a bunch of Reproducible Builds folks on IRC & the mailing lists.
diff --git a/drafts/137.mdwn b/drafts/137.mdwn
index cf9a752..092df78 100644
--- a/drafts/137.mdwn
+++ b/drafts/137.mdwn
@@ -12,6 +12,9 @@ lede/openwrt package feeds
         	https://github.com/openwrt/packages/pull/5217 
 		https://github.com/openwrt/packages/pull/5218
 
+* Santiago Torres-Arias:
+  * [Make gnu-apl reproducible](https://savannah.gnu.org/bugs/index.php?52586)
+  * fbnews: sorry, there is no public record of the bug. you can see the patch [here](https://ptpb.pw/CfGQ/diff) though
 
 
 https://github.com/trendmicro/tlsh/pull/51#issuecomment-349206496 via diffoscope development

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/reproducible/blog.git

