many of you asked, so it's better if i describe it here.

i recently started working on ppc packages, without any kind of big announcement. that was on purpose. i don't have too much time for this (so surely i won't maintain - at least not manually - a full ppc port with security fixes, etc), but i'm interested at least getting a working toolchain, so that anybody who has such a machine and time can easily help.

so no, this will not be in 0.9, we didn't plan anything like that.

maybe for 1.0, we'll see :)

ah, as a side not, it was interesting today, i met (unintentionally) one of the Hungarian summer of code guys. i previously collected such a list, and i was surprised about i did not know about him. so i asked to type "blogs.frugalware.org", and search for "summer of code" to see if he is really missing from the list. actually he was not missing. but the funny fact was that - as usually - i was prepared to be forced to spell "frugalware", but this was not the case this time, he typed the word properly without asking. heh, we're getting known! :]

It seems recently one of my favorite topics is 'how to convert from $random SCM to git' ;)

So, I already had a configuration using tailor, but that was slow. I know this already. Tailor is good because it always works, it isn't good because it's fast.

First, you need git-1.6.0rc0 or higher, you can find an fpm in my bmf repo.

Second, you need the bzr fastimport plugin:

bzr branch lp:bzr-fastimport

Then enable the plugin:

cd ~/.bzr/plugins; ln -s /path/to/bzr-fastimport fastimport

Now you can clone git-bzr itself:

git clone git://github.com/pieter/git-bzr.git

Put it to your PATH:

cd ~/bin; ln -s /path/to/git-bzr/git-bzr .

NOTE: so you should not symlink the dir, but the script inside the dir.

Okay, this is done, now clone (branch in bzr terms) the bzr repo you want to convert. For example:

bzr branch http://code.bitlbee.org/bitlbee/

Finally do the conversion (from the git-bzr README):

git bzr add upstream ../bzr-branch
git bzr fetch upstream
git checkout -b local_branch bzr/upstream
: hack hack hack
git bzr push upstream

Actually for now I only needed a one-directional convert, so my update-bitlbee.sh now looks like:

cd ~/scm/bzr/bitlbee
bzr pull
cd - # so we are again under bitlbee.git, it works in bare repos as well!
git bzr fetch upstream

And yes, the resulting trees match perfectly! ;)

(Yes, I plan to package git-bzr and bzr-fastimport but I want to give it a good testing first.)

The GSoC student list is not public, and to be honest, usually it's boring. In most cases you just want to read the mails matching ^From:.*google.com, and just delete the remaining junk. However, there was a funny thread there, about how others deal with the usual problem: if you want to describe others (read: who is not a geek) what do you do (hack PaX, rewrite git-merge, etc.) you probably need a half an hour. Or maybe it's better not describing your job at all. Let's see some funny quotes:

The "I gave up" one:

After the first 10 fails, I decided to say the following as fast as I can: Me: "I am doing "something" and Google is paying me to do it. I don't know why they are, but I assume its' because they aren't evil and stuff. End of story". Other: Oh. (Coding resumes)

BTW, the guy adds vim support to anjuta. :)

If you have nice friends, you'll get:

People who don't understand usually state as much, followed by, "...but if Google is paying you, that's pretty neat."

The "involved" one:

Unfortunately, I end up rambling for twenty-plus minutes and they are sorry they ever asked...

The "practical" one:

In my case, everyone in my university thinks it is an intern program so they ask me when I am going to travel. I have memorized the response.

The "religious":

I spent about twenty minutes explaining to a reporter from business week the finer points of open source vs free software.

And the typo kign:

> thanks very much gays ...... > GUYS .... really, I was miss typed ... now, again. Thanks very much GUYS

(I hope this post does not count as a leak, though. :P)

in this mailing list post, the recent gsoc podcast is linked, which is actually about git. two times my project is explained as well, about 11m14s and about 26m09s.

it's usually hard to describe to people what i'm doing in my project, maybe this'll help a bit? :)

so, in the latest stable version of asciidoc, the default pdf backend of a2x is dblatex, not fop.

given that this way we can avoid Java, that must be a good thing ;) (faster, freeer, etc)

here are a few tricks:

• if you want to hide the "revision history" page:

  0

• if you want to avoid the dblatex logo, just comment out the line:

  1

• it seems that atm the $ math expression $ form is not supported, but you can do for example:

  <inlineequation><alt>
  \[ \$\alpha + \$\beta = \$(\alpha + \beta) \]
  </alt></inlineequation>
  

  AFAIK this was not possible till now, using fop. :)

okay, this won't be a happy post either, but i thought i would just share a few links here.

first, there was this article about some microsoft ie security problem, and the opensource evangelists started to hype again linux about being open, etc, etc. you know the story.

the sad fact is that, just being opensource, or let's say even having an open scm will not guarantee that all the details are published. i want to pick up a minor issue, so that i can be sure about i don't publish any details here which may not public.

let's take this commit. it's a bugfix, right? umm, if it would be security-related, they would mention it. hm, no.

to make the long story short, the relevant cve is there, even secunia released an advisory.

i could add few more details (no cve on the secunia page, the "from remote" is probably wrong), and finally make some conclustions, but i would avoid that this sime.

take care.

i find it really interesting that some people think that the scm for free software doesn't matter that much. just think about the "open"suse buildscripts, where the svn (in which they are tracked) is closed, or about "free"bsd, where the perforce repos (where _real_ development happens) is not checkoutable anonymously.

and no, i'm not rms who says you must use a free scm to develop free software, i just think a public access to it would be nice.

of course there are other projects like archlinux as well (no anonsvn), but i didn't wanted to start with it, since this post is not (just) about distro war..

ah and yes, the best of these is Debian where many maintainer use just a single huge generated diff and the real scm where they develop such diffs isn't public, either.

(finally a bad example is Ubuntu where the whole webapp behind the distro where all the bzr code and bugs are stored is closed source as well.)

so at the end it'll turn out that we're more free, without having any "open" or "free" in our name, without having a frugalware-legal@ and such? ;)

update:

the blacklist seem to grow.

see gentoo, where the releng repo isn't public, either.

an other funny fact is that they refuse to give security support for the kernel, the base of your system..

git-1.5.6 will be released soon (probably in a few weeks) and there are some interesting news in it.

one of them is the new git cvsimport -W switch which makes it easy to do bi-directional changes between git and cvs.

to set up your local repo:

$ CVSROOT=$URL cvs co module
$ cd module
$ git cvsimport

this will do a fresh checkout of the cvs module and will import it to git. you will have two interesting git branch: origin is the "reference" one, you should not touch it, and you can work in master.

you can commit to master, etc.

then there are two tricky operations:

first, you may want to commit back your local commits.

to do this:

$ for i in $(git rev-list --reverse origin..master)
do
        git cvsexportcommit -W -c -p -u $i
done

second, you may want to fetch upstream changes and rebase your local changes on top of them:

$ git cvsimport -i
$ git rebase origin

that's all.

cookies goes to Dscho in commit d775734. :)

yesterday somebody mentioned on #git this talk. it's not a real video, just audio + slides but it's really nice. i would say if the "Linus one" made you say "heh, this may worth to check out" then this one will be the "hey, this one prevented me from learning things the hard way".

it's just one hour and it describes so many important tricks that i haven't encountered elsewhere yet.

just watch it.

uhm, this will be a long post, but i'll try to keep it short :)

a few words about fop. we write our documentation in asciidoc. asciidoc is plain text with a very simple markup, asciidoc can convert this to docbook. then docbook-xsl can convert this to .fo, finally fop can convert .fo to .pdf.

my problem with fop is that it's written in java and we just used the upstream binary. this is primarily a security problem.

so, about one and a half months ago got the crazy idea to compile fop from source. of course the correct way to do this is to package first the depends. this is really a avalanche, becase we didn't have too much generic java libs packaged, so i had to package many. namely:

jflex, piccolo, gnu.regexp, jarjar, jmock, qdox, easymock, hamcrest, iso-relax, relaxngdatatype, xsdlib, msv, xpp3, xpp2, gnu-crypto, apache-log4j, xmldb-api, ws-jaxme, dom4j, jdom, icu4j, jaxp, jaxp, xom, jaxen, rhino, batik, servletapi, jaf, gnuinetlib, gnumail, avalon-logkit, avalon-framework, commons-logging, commons-io and xmlgraphics-commons.

hm. that's 36. horrible ;)

the nice thing is that all these (except xmlgraphics-commons because classpath still lacks jpeg support) are compiled with the ecj/gcj toolchain, without any sun blob.

the other benefits are:

• a native fop binary:

  $ file /usr/bin/fop
  /usr/bin/fop: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), for GNU/Linux 2.6.0, dynamically linked (uses shared libs), stripped

• now we got rid of fop-devel, since this version can both convert ttf fonts to xml ones (needed if you want to embed custom fonts into pdf) and convert fo documents to pdf ones.

yay!