Package for Debian

[ioerror]

I'd be happy to help package this for Debian - is it ready to be packaged?

[dgoulet]

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

Yes, I think Micah is helping on that or at least have thing moving on. Can you confirm Micah?

Thanks! David -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux)

iQEbBAEBCgAGBQJRK7avAAoJEELoaioR9I021LMH+KFem0lPDv2FoolrGE08xpHJ uXdZIZzJi3WDA4H0OqOOONLXca7VW9FdyRfe8cKRH0SJKsWSqGbNBDVapw2jvlCU db5L+xCdlmiZXNRi89NKUFfvZ1DyjWrazQJBvDcepvQSbpm+HMPh1cPdvg38PDyP OWJglvR31EK4/iS7UE7rHeI8hemjhvdcP+K+TnKJ5RgVYlI2mJW7vbn44dyY40FU zyivcFiPFti4y0V+IWLLOdlkOKmjUvEYlU6jvaot3nYdyivIH8PIgvN68N7COlCZ 5O3Zum2axQwqId6lSdQh+0Rds1B9HAPVeRRKh8eUCvOuMIEEIUtmcfLrLhIqIA== =uheS -----END PGP SIGNATURE-----

[DrWhax]

I'd rather wait with the packaging till we are confident enough to ship a beta version, it's alpha now. But thanks for volunteering to package!

[DrWhax]

Next to that, #11 is the master ticket for packaging.

[dgoulet]

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

Hmmm, not sure, we can put it in the testing repository and this way having more user that can try it and help us stabilize it.

At least a warning somewhere saying, "Don't count on that for your life."

Redhat is already packaging it through Paul. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBCgAGBQJRK8ApAAoJEELoaioR9I02h20IAMjiIDlIFl3xm3tF+myeg8EF wKbGA9hS+GoCeu0tEhDpK6vx0sGuirbDLrsylRDZ0eVXllsY/guCYsolJUsohflR KvAo5WyJUx67QN57UMDlzCzcTOlm51ni8JBT0VkE2CwR7KLvPTvMUPaFUUL5LlOS RXzhvm5cpLGa+rrIO2F7z/zmrJdGft4k8hpF/a8sZx3Ai5yrQxkxCCh9lvdqvxKi f0kcSmYP0cvPUIdarqzKY6ZIV8rieOYnIZxgcbuKBEyYGGN4T1dwdBlpSuVRfi2A lWcqVVt025Sza5pkOMaVH5gUpIux4IQ3SweWidMpecrX4GcyocsOf1tLSsW750Y= =6ool -----END PGP SIGNATURE-----

[DrWhax]

Personally, I would be OK with it, if we could patch #21 #22 and #23? What are your thoughts?

[dgoulet]

21, for sure! But this requires libotr to have a new release since this can't be fixed until a new libotr release.

22 and #23 yes.

So we can agree that no release until all security related bugs are at least fixed. (And it would be a alpha2 also or going to beta could also be consider?).

[DrWhax]

Right, I should have remembered that #21 requires an libOTR update, perhaps Jake could tickle Ian to test the changes and merge them upstream? :)

Yes, I think we should really fix the security bugs before we release any new version and ask for packaging for various distros!

I'll dedicate some time as well to help out with this.

[micah]

For Debian, we got the go ahead to upload a new version of the package to Debian experimental, which is really a narrow set of users. I think we are just waiting for the go ahead from the irssi-otr team here.

Regarding the libOTR update in #21 - I filed a bug with Debian a month or so ago. I will follow-up with that bug asking if we can add this fix to a package into experimental.

It looks like anarcat volunteered in #11, but perhaps ioerror might like to work with him? If necessary, I can also help, but I'm happy that others are working on it!

[ioerror]

I did merge the requested patches into libotr but it is awaiting Ian's review. It may take a while.

[DrWhax]

Thanks Micah for reaching out to Debian.

If someone is willing to maintain a patched libOTR to experimental for a bit, and after we patched irssi-otr with #21 #22 and #23 and #27 as well? I'm confident with bringing out a new version which can get packaged into experimental? At that point we should ask Paul as well to package it for fedora.

[micah]

Unfortunately, the current Debian maintainer for libotr responded saying that he is waiting for upstream to give an OK on the patch before bringing it into the package. So we need Ian to do something here I guess.

[DrWhax]

Bad luck then, I guess we'll wait till Ian had time to review the patches. Thanks for your comment.

[ioerror]

micah:

Unfortunately, the current Debian maintainer for libotr responded saying that he is waiting for upstream to give an OK on the patch before bringing it into the package. So we need Ian to do something here I guess.

OK

(wait, what just happened? :) )

[anarcat]

So this is almost done. I have a package ready here:

http://anonscm.debian.org/gitweb/?p=collab-maint/irssi-plugin-otr.git;a=summary

I'm waiting for confirmation from the current maintainer to upload to unstable (because I basically redid the whole packaging, since the build system changed completely), at which point we can wait a week or two and even backport to stable (wheezy!).

I also kicked a pull request while I was there (#30).

How about making another alpha release? It seems there are a lot of fixes in git that are not tagged...

[DrWhax]

I would personally be confident with another alpha tag, it would be alpha2. Self reminder: credit people in the changelog who contributed. Any thoughts David?

[dgoulet]

Ya, I've been using irssi-otr with two different friends on two networks for months now and I've not seen anything problematic so an alpha2 would be fine with me. I also used it with people on Adium and Pidgin.

There is still issue #22 that is tagged with "security" and should be looked at maybe and evaluated before we do a second release?

[anarcat]

There's a whole lot of issues that are important, security-wise. I added a bunch to the audit (#14).

Yet I don't think those should keep releases from happening, as those releases allow us to ship a more stable version, with less bugs. Keep in mind that the previous plugin had all those bugs and more!

[anarcat]

Thanks for the new release, I factored it in the Debian package, which allowed me to drop local patches, yay! :) We're now cleanly building against upstream, without patches!

Still waiting confirmation from the current maintainer.

[anarcat]

I have uploaded the package to Debian experimental. I am waiting for the updated libotr to push it to unstable. I am now a co-maintainer of the package.

We can close this issue.