Free software activities in September 2019

  • 30 September, 2019

Here is my monthly update covering what I have been doing in the free software world during September 2019 (previous month):

  • Attended the launch event of OpenUK, a new organisation with the purpose of supporting the growth of free software, hardware and data. It was hosted at the House of Commons of the United Kingdom and turned out to be quite the night to be attending Parliament.

  • As part of my duties of being on the board of directors of the Open Source Initiative and Software in the Public Interest I attended their respective monthy meetings and participated in various licensing and other discussions occurring on the internet, as well as the usual internal discussions regarding logistics, policy etc.

  • Made a number of changes to my tickle-me-email library to implement Gettings Things Done-like behaviours in IMAP inboxes including:

    • Add support for a sendmail-like command. [...]
    • Don't require specifying the target of sent items in the send-later command [...] and decode messages correctly for the same command [...].
  • Opened pull requests to make the build reproducible in:

  • Opened a pull request for the memcached distributed memory object caching system to... correct the spelling of "ensure". [...]

  • More work on the Lintian static analysis tool for Debian packages, releasing versions 2.20.0, 2.21.0, 2.22.0, 2.23.0 & 2.24.0 as well as:

Reproducible builds

Whilst anyone can inspect the source code of free software for malicious flaws almost all software is distributed pre-compiled to end users.

The motivation behind the Reproducible Builds effort is to ensure no flaws have been introduced during this compilation process by promising identical results are always generated from a given source, thus allowing multiple third-parties to come to a consensus on whether a build was compromised.

The initiative is proud to be a member project of the Software Freedom Conservancy, a not-for-profit 501(c)(3) charity focused on ethical technology and user freedom.

Conservancy acts as a corporate umbrella, allowing projects to operate as non-profit initiatives without managing their own corporate structure. If you like the work of the Conservancy or the Reproducible Builds project, please consider becoming an official supporter.

This month I:

I also made the following changes to our tooling:


diffoscope is our in-depth and content-aware diff utility that can locate and diagnose reproducibility issues.

  • New features:

    • Add /srv/diffoscope/bin to the Docker image path. (#70)
    • When skipping tests due to the lack of installed tool, print the package that might provide it. [...]
    • Update the "no progressbar" logging message to match the parallel "missing tlsh module" warnings. [...]
    • Update "requires foo" messages to clarify that they are referring to Python modules. [...]
  • Testsuite updates

    • The test_libmix_differences ELF binary test requires the xxd tool. (#940645)
    • Build the OCaml test input files on-demand rather than shipping them with the package in order to prevent test failures with OCaml 4.08. (#67)
    • Also conditionally skip the identification and "no differences" tests as we require the Ocaml compiler to be present when building the test files themselves. (#940471)
    • Rebuild our test squashfs images to exclude the character device as they requires root or fakeroot to extract. (#65) [...]
  • Code cleanups, including dropping some unnecessary control flow [...], dropping unnecessary pass statements [...] and dropping explicitly inheriting from object class as it unnecessary in Python 3 [...].


Debian LTS

This month I have worked 18 hours on Debian Long Term Support (LTS) and 12 hours on its sister Extended LTS project.

You can find out more about the projects via the following video:


  • redis (5.0.6-1) — New upstream release

  • python-django:

  • aptfs:

    • 1.0.0:
      • Port to Python 3.x. (#936131)
      • Move to a native package and import external Debian packaging from into this repository.
      • Add a pyproject.toml and apply the black source code formatter to the source tree.
      • Drop TODO file; we use our code hosting platform's issue tracker now.
    • 1.0.1 — Fix opening/reading of files after Python 3.x migration.
  • gunicorn:

    • 19.9.0-2 — Drop support for Python 2.x; the gunicorn package now provides the Python 3.x version. (#936679)
    • 19.9.0-3 — Port autopkgtests to Python 3.x.
    • 19.9.0-4 — Add a /usr/bin/gunicorn3/usr/bin/gunicorn compatibility symlink. (#939409)
  • installation-birthday (13):

    • Don't use the deprecated platform library. (#940803)
    • Add a gitlab-ci.yml.
    • Misc coding updates, inculding use the logging module's own string interpolation, not inheriting from object etc.
  • libfiu:

    • 1.00-1:

    • 1.00-2 — Also drop Python 2 support in the autopkgtests.

    • 1.00-3 — Patch the upstream Makefile to not build the Python 2.x bindings to ensure the tests pass.

  • memcached:

    • 1.5.17-1:
      • Adopt package. (#939425)
      • New upstream release. (#924584#939337#879797#835456#789835)
      • Source /etc/default/memcached in /etc/init.d/memcached. (#934542)
      • Add a Pre-Depends on ${misc:Pre-Depends} to ensure a correct dependency on init-system-helpers for the --skip-systemd-native flag.
      • Install README.damemtop to /usr/share/doc/memcached instead of under /usr/share/memcached
    • 1.5.17-2:
      • In the systemd .service file, specify a PIDFile under /run.
      • Add missing ${perl:Depends} to binary dependencies.
    • 1.5.18-1 — New upstream release

New upstream releases of bfs (1.5.1-1), django-auto-one-to-one (3.2.0-1), python-daiquiri (1.6.0-1), python-hiredis (1.0.0-1) and python-redis (3.3.7-1).

Finally, I sponsored uploads of adminer (4.7.3-1) and python-pyocr (0.7.2-1).

FTP Team

As a Debian FTP assistant I ACCEPTed 33 packages: crypto-policies, firmware-tomu, gdmd, golang-github-bruth-assert, golang-github-paypal-gatt, golang-github-rivo-uniseg, golang-github-xlab-handysort, golang-gopkg-libgit2-git2go.v28, icingaweb2-module-audit, icingaweb2-module-boxydash, icingaweb2-module-businessprocess, icingaweb2-module-cube, icingaweb2-module-director, icingaweb2-module-eventdb, icingaweb2-module-graphite, icingaweb2-module-map, icingaweb2-module-nagvis, icingaweb2-module-pnp, icingaweb2-module-statusmap, icingaweb2-module-x509, lazygit, ldh-gui-suite, meep, minder, node-solid-jose, ocaml-charinfo-width, ocaml-stdcompat, ppxfind, ppxlib, printrun, python-securesystemslib, sshesame & tpm2-initramfs-tool.

I additionally filed 6 RC bugs against packages that had potentially-incomplete debian/copyright files against crypto-policies, golang-github-paypal-gatt, icingaweb2-module-graphite, icingaweb2-module-statusmap, minder & printrun.