Whilst anyone can inspect the source code of free software for malicious flaws almost all software is distributed pre-compiled to end users.
NMU SQUIRRELMAIL UPDATE
NMU SQUIRRELMAIL PATCH
Apply patch to warn about uploads that have a version containing ~bpo but do not actually target backports.Check for packages that pass -V to dh_shlibdeps.Support "debhelper-compat (= X) build-dependency as a replacement for debhelper (>= X~).Check for packages that have a relation on both Python 2 & 3.Check for Creative Commons license texts that use the incomplete summary.Detect source-only uploads to non-free that will not be auto-built.Check for packages that contain X11 fonts but do not run update-fonts.Warn about Multi-Arch: same packages that use pycompile in maintainer scripts.Warn about maintainer scripts that directly query the dpkg database.Even more hacking on the Lintian static analysis tool for Debian packages:.Opened a pull request to fix a large number of spelling errors in the gRPC RPC framework.Updated the documentation in James Aylett's django-session-stashable library to make the User Django instance nullable.Corrected a "Remeber" → "Remember" typo in the gobby collaborative text editor.Fixed an issue in (my hosted service for projects that host their Debian packaging on GitHub to easily use Travis CI) where building from a branch called debian was broken.
NMU SQUIRRELMAIL GENERATOR
Opened a pull request for the Jekyll documentation generator to respect SOURCE_DATE_EPOCH over Time.now.Opened a pull request against mblaze to correct a reference to the SOURCE_DATE_EPOCH environment variable.Updated my pull request for promise.js to make the build reproducible.Fixed an encoding error in my django-slack library that provides a convenient library between projects using the Django web-development framework and the Slack chat platform.Authored two pull requests for the Redis key-value database to add support for USE_SYSTEM_LUA and USE_SYSTEM_JEMALLOC build flags to avoid the use of embedded code copies.Opened a pull request against the Pixelfed federated photo social network to avoid double-escaping captions in Atom feeds.Fixed an issue in the Tails operating system where the change of gid of the debian-tor user was breaking automatic upgrades as well as submitted patches to use suitable shebangs and to port a script to Python 3.In this capacity I attended Akademy 2018 where I was particularly taken by Neofytos Kolokotronis talk on KDE's onboarding process ( covered in LWN this week) but also found the Distro BoF illuminating. I previously accepted an invitation for Debian to join the KDE Advisory Board and subsequently helped draft a press release announcing the news.
My activities as the current Debian Project Leader are covered in my Bits from the DPL email to the debian-devel-announce mailing list.Here is my monthly update covering what I have been doing in the free software world during August 2018 ( previous month): August 31st 2018 Free software activities in August 2018