November 30th 2015

Free software activities in November 2015

Here is my monthly update covering a large part of what I have been doing in the free software world (previously):


  • Presented at MiniDebConf Cambridge 2015 on the current status of Debian's Reproducible Builds effort.
  • Contributed initial Debian support to Red Hat Product Security's repository of certificates shipped by various vendors and Open Source Projects. (#1)
  • Wrote a proof-of-concept version of Guix's challenge command to determine if an installed binary package is reproducible or not. (code)
  • Started initial work on a b2evolution package.
  • Arranged logistics for the Reproducible Builds summit in Athens.

My work in the Reproducible Builds project was also covered in more depth in Lunar's weekly reports (#27, #28, #29, #30).


This month I have been paid to work 13 hours on Debian Long Term Support (LTS). In that time I did the following:

  • Issued DLA 349-1 for python-django correcting an potential settings leak.
  • Issued DLA 351-1 for redmine fixing a data disclosure vulnerability.
  • Worked on multiple iterations of a fix for CVE-2011-5325 in busybox, not yet complete in order to additionally cover hardlinks.
  • Frontdesk duties.


  • redis — Addressing CVE-2015-8080, a buffer-overflow security issue.
  • python-django — Uploading the latest RC release to experimental.
  • strip-nondeterminism — Disable stripping Mono binaries as it is was too aggressive preventing some package installs.
  • gunicorn — Correct Python interpreter path references in gunicorn3-debian.
  • python-redis — New upstream release.
  • ispell-lt — Making the build reproducible.

You can subscribe to new posts via email or RSS.