DuckCorp Projects: Issueshttps://projects.duckcorp.org/https://projects.duckcorp.org/favicon.ico?16699090422024-01-08T12:29:54ZDuckCorp Projects
Redmine DuckCorp Infrastructure - Bug #788 (New): needrestart should not restart ppp serviceshttps://projects.duckcorp.org/issues/7882024-01-08T12:29:54ZMarc Dequènesduck@duckcorp.org
<p>It causes the Internet connection to restart but that is not needed. Affects Elwing.</p> DuckCorp Infrastructure - Enhancement #787 (New): Add carddav/caldav SRV records on dc.ohttps://projects.duckcorp.org/issues/7872023-08-17T08:45:40ZMarc Dequènesduck@duckcorp.org
<p><a class="external" href="https://blog.fidelramos.net/software/nextcloud-caldav-carddav-dns">https://blog.fidelramos.net/software/nextcloud-caldav-carddav-dns</a></p> DuckCorp Infrastructure - Bug #783 (In Progress): Move Services out of Orfeohttps://projects.duckcorp.org/issues/7832023-07-09T13:51:58ZMarc Dequènesduck@duckcorp.org
Orfeo's RAID ! has one disk down, so let's move certain services out of it for now:
<ul>
<li>✅ PostgreSQL database -> Toushirou</li>
<li>✅ webmail -> Toushirou</li>
<li>✅ mailing-lists -> Toushirou</li>
<li>✅ XMPP -> Jinta</li>
<li>🔳 IRC services</li>
<li>🔳 (maybe, or later if things gets bad) NS1 & DDNS -> Toushirou</li>
</ul> DuckCorp Infrastructure - Enhancement #782 (Resolved): Migrate to Debian Bookwormhttps://projects.duckcorp.org/issues/7822023-06-28T04:50:54ZMarc Dequènesduck@duckcorp.org
<p>Quack,</p>
This ticket is tracking the migration steps:
<ul>
<li>✅ custom/backported packages:
<ul>
<li>✅ identify packages that are still needed => spoolinger, python-certbot-dns-rfc2136</li>
<li>✅ setup suite in custom repo</li>
<li>✅ update packages and upload them</li>
</ul>
</li>
<li>✅ add <em>non-free-firmware</em> component to get CPU microcode updates; Nicecity also needs firmware-realtek unfortunately)</li>
<li>🔳 needed software/config changes (to update in Ansible):
<ul>
<li>✅ apache2: none</li>
<li>✅ atheme-services: none</li>
<li>✅ dovecot: expire plugin removed: use <a href="https://doc.dovecot.org/configuration_manual/namespace/#core_setting-namespace/mailbox/autoexpunge" class="external">mailbox/autoexpunge</a> instead</li>
<li>✅ icecast2: none</li>
<li>✅ inspircd: pcre module is now pcre2</li>
<li>🔳 logcheck: rsyslog now defaults to “high precision timestamps” and we need to update regexs in our custom filters -> see <a class="issue tracker-2 status-1 priority-3 priority-lowest" title="Enhancement: Upgrade and cleanup custom logcheck filters (New)" href="https://projects.duckcorp.org/issues/785">#785</a></li>
<li>✅ lxd: remove, we'll be using podman+quadlets instead (not needed for redmine anymore)</li>
<li>✅ mailman3: none</li>
<li>✅ mediawiki: config check needed</li>
<li>✅ mariadb-server: <em>innodb_large_prefix</em> and <em>innodb_file_format</em> are deprecated and can simply be removed (we used the new default already)</li>
<li>✅ matrix-synapse: missing, hopefully should come as backports like it did for Bullseye</li>
<li>✅ openldap: none</li>
<li>✅ passenger: none</li>
<li>✅ postfix: none</li>
<li>✅ postgresql: none</li>
<li>✅💡 proftpd: missing, maybe it's time to deprecate it for good</li>
<li>✅ prometheus: lots of changes but current config should be fine</li>
<li>✅ redis-server: none</li>
<li>✅ redmine: switch back to the package</li>
<li>✅ roundcube: <a href="https://github.com/roundcube/roundcubemail/releases/tag/1.6.0" class="external">config has changed slightly</a></li>
<li>✅ xl2tpd: control command renamed</li>
<li>…</li>
</ul>
</li>
<li>✅ upgrade: (follow the <a class="wiki-page" href="https://projects.duckcorp.org/projects/dc-admin/wiki/OS_Upgrade">OS_Upgrade</a> procedure) (suggested order)
<ul>
<li>✅ Elwing</li>
<li>✅ Nicecity</li>
<li>✅ Orhos</li>
<li>✅ Thorfinn</li>
<li>✅ Jinta</li>
<li>✅ Toushirou</li>
<li>✅ Orfeo</li>
</ul>
</li>
<li>🔳 post-check: (possibly moved into specific ticket later)
<ul>
<li>🔳 check services still missing systemd config (we might be able to remove some workaround in Ansible) -> see <a class="issue tracker-2 status-1 priority-3 priority-lowest" title="Enhancement: Check services still missing systemd config (New)" href="https://projects.duckcorp.org/issues/786">#786</a></li>
<li>🔳 do we still need rsyslog? maybe for logcheck -> see <a class="issue tracker-2 status-1 priority-3 priority-lowest" title="Enhancement: Do we still need rsyslog? (New)" href="https://projects.duckcorp.org/issues/784">#784</a></li>
<li>🔳 remove obsolete logcheck filters (maybe start again from scratch and pull back rules we had when we hit them?) -> see <a class="issue tracker-2 status-1 priority-3 priority-lowest" title="Enhancement: Upgrade and cleanup custom logcheck filters (New)" href="https://projects.duckcorp.org/issues/785">#785</a></li>
<li>✅ remove obsolete log files:
<ul>
<li>/var/log/mail.{info,warn,err}</li>
<li>/var/log/lpr.log</li>
<li>/var/log/{messages,debug,daemon.log}</li>
</ul>
</li>
<li>anacron: check is it needs reenabling for software that did not switch to systemd</li>
</ul></li>
</ul> DuckCorp Infrastructure - Enhancement #743 (In Progress): Switching to Prometheus?https://projects.duckcorp.org/issues/7432021-11-17T11:56:09ZMarc Dequènesduck@duckcorp.org
<p>With exporters gaining TLS support there is no obvious major problem left and we can do some testing.</p>
<p>I've started a new playbook and role to experiment and so far it is working well.</p>
Some though, in no order:
<ul>
<li>zabbix: hard to configure all in the slow UI</li>
<li>zabbix: certain features are slow to come (<a class="issue tracker-2 status-6 priority-3 priority-lowest closed" title="Enhancement: Maybe use LLD Stacking graph script in forum (Rejected)" href="https://projects.duckcorp.org/issues/495">#495</a>, native systemd support, LLD web checks…)</li>
<li>prometheus_ansible_role: no service autodetection anymore, I found very easy to map "features" to inventory groups or variables; it's now easy to manually disable or force-enable if needed</li>
<li>prometheus: <a href="https://github.com/prometheus/prometheus/issues/8543" class="external">nice feature coming to help split the config</a>, but in the meanwhile I might be able to use <em>file_sd_configs</em> and avoid passing inventory vars directly into the role to work around the problem</li>
<li>grafana: I would have preferred if grafana was packaged in Debian but in the end it's very handy to make use of their dashboard libraries and avoid spending hours and hours designing every little graph</li>
<li>prometheus: using textfiles collector can be an alternative to the lack of exporter or when it's not packaged (used for NTP/chrony)</li>
</ul>
What we have so far:
<ul>
<li>node basic and all the hardware goodies, temperature etc seem to be there too</li>
<li>poller stats</li>
<li>Bind</li>
<li>Postfix</li>
<li>Apache</li>
<li>PG</li>
<li>LXD</li>
<li>blackbox with checks of almost all public services endpoints, with TLS and protocol checks when possible too</li>
<li>Prosody but no grafana dashboard and the amount of stats are limited; there are additional modules called measure_* to complement but they are not packaged</li>
<li>MySQL</li>
<li>NTP</li>
<li>Nextcloud</li>
</ul>
I was able to setup several exporters and borrow various alerts from <a class="external" href="https://awesome-prometheus-alerts.grep.to/">https://awesome-prometheus-alerts.grep.to/</a> but even if we have more than before in certain areas I'd like to check if we're missing something important (compared to our Zabbix installation):
<ul>
<li><del>time sync is checked but NTPd stats are missing; there is an exporter but it is not packaged</del></li>
<li>no maps, but if that was cute that was also utterly useless</li>
<li>ProFTPd, but I'm not sure it's worth it now</li>
<li>SNMP checks for my internal switches, more out of curiosity</li>
<li>SNMP checks for my printer, but I don't use it very often so it's not critical</li>
<li>OpenLDAP stats, more out of curiosity</li>
<li><del>MDA, this is important</del></li>
<li><del>MySQL, also important</del></li>
<li><del>alerts via mail, IRC and XMPP</del></li>
</ul>
What I plan to look at:
<ul>
<li>[WIP] make the role generic and split it form our main repo (and use it at OSCI)</li>
<li><del>generation of alerter contacts and alert methods (Matrix, XMPP, Mail)</del></li>
<li><del>blackbox, maybe replace smokeping? add check for certs, DNSSEC etc</del></li>
<li>[WIP] grafana base config generation</li>
<li><del>MySQL exporter</del></li>
<li>SNMP for my internal switches</li>
<li>could we make certain graphs public? (like pings etc?)</li>
<li><del><a href="https://github.com/kumina/dovecot_exporter" class="external">Dovecot exporter</a>, but not packaged in Debian</del></li>
<li><del><a href="https://github.com/xperimental/nextcloud-exporter" class="external">Nextcloud exporter</a></del> backported and bumped to 0.5.0 for token auth support</li>
<li><a href="https://github.com/jaywink/matrix-alertmanager" class="external">Matrix alert hook</a>, but not packaged in Debian</li>
<li><a href="https://github.com/prometheus/node_exporter/issues/1136" class="external">node exporter maintainers do not want to add systemd service stats</a> but there is a <a href="https://github.com/povilasv/systemd_exporter" class="external">systemd exporter</a> that would help get per-service resource consumption stats</li>
<li>the IRC relay displays only limited info, no severity coloring, and sometimes disconnect and is unable to reconnect; <a href="https://gitlab.crans.org/esum/NinjaBot" class="external">NinjaBot</a> seems to be a nice alternative</li>
<li>SSH checks on non-standard port (currently Orthos and Nicecity checks only check the gateway…)</li>
</ul> DuckCorp Infrastructure - Bug #737 (Resolved): IrcOnWeb is sometimes rejected by the servershttps://projects.duckcorp.org/issues/7372021-10-26T14:44:31ZMarc Dequènesduck@duckcorp.org
<p>TheLounge gives this error:<br /><pre>
Closing link: (00DAAABJB@193.200.42.177) [WEBIRC: you don't match any configured WebIRC hosts.] (irc)
</pre></p>
<p>The server logs confirm:<br /><pre>
Mon Oct 25 2021 03:52:01 REMOTECGIIRC: From irc2.duckcorp.org: Connecting user 01DAAAA7C (193.200.42.177) tried to use WEBIRC but didn't match any configured WebIRC hosts.
</pre></p>
<p>Not sure what's going one, maybe a DNS lookup problem but the config did not change, the version is the same as on Buster since we used a backport and on the host the DNS and other services are working fine.</p> DuckCorp Infrastructure - Bug #728 (Resolved): postfix-mta-sts-resolver.service: ConnectionResetE...https://projects.duckcorp.org/issues/7282021-07-27T06:29:28ZMarc Dequènesduck@duckcorp.org
<p>On toushirou we got:<br /><pre>
/var/log/daemon.log.3.gz:Jul 6 06:59:59 Toushirou mta-sts-daemon[27711]: 2021-07-06 06:59:59 INFO MAIN: MTA-STS daemon starting...
/var/log/daemon.log.3.gz:Jul 6 06:59:59 Toushirou mta-sts-daemon[27711]: 2021-07-06 06:59:59 INFO MAIN: Starting eventloop...
/var/log/daemon.log.3.gz:Jul 6 06:59:59 Toushirou mta-sts-daemon[27711]: 2021-07-06 06:59:59 INFO MAIN: uvloop enabled.
/var/log/daemon.log.3.gz:Jul 6 06:59:59 Toushirou mta-sts-daemon[27711]: 2021-07-06 06:59:59 INFO MAIN: Eventloop started.
/var/log/daemon.log.3.gz:Jul 6 06:59:59 Toushirou mta-sts-daemon[27711]: Traceback (most recent call last):
/var/log/daemon.log.3.gz:Jul 6 06:59:59 Toushirou mta-sts-daemon[27711]: File "/usr/bin/mta-sts-daemon", line 11, in <module>
/var/log/daemon.log.3.gz:Jul 6 06:59:59 Toushirou mta-sts-daemon[27711]: load_entry_point('postfix-mta-sts-resolver==1.0.0', 'console_scripts', 'mta-sts-daemon')()
/var/log/daemon.log.3.gz:Jul 6 06:59:59 Toushirou mta-sts-daemon[27711]: File "/usr/lib/python3/dist-packages/postfix_mta_sts_resolver/daemon.py", line 123, in main
/var/log/daemon.log.3.gz:Jul 6 06:59:59 Toushirou mta-sts-daemon[27711]: evloop.run_until_complete(amain(cfg, evloop))
/var/log/daemon.log.3.gz:Jul 6 06:59:59 Toushirou mta-sts-daemon[27711]: File "uvloop/loop.pyx", line 1448, in uvloop.loop.Loop.run_until_complete
/var/log/daemon.log.3.gz:Jul 6 06:59:59 Toushirou mta-sts-daemon[27711]: File "/usr/lib/python3/dist-packages/postfix_mta_sts_resolver/daemon.py", line 65, in amain
/var/log/daemon.log.3.gz:Jul 6 06:59:59 Toushirou mta-sts-daemon[27711]: await cache.setup()
/var/log/daemon.log.3.gz:Jul 6 06:59:59 Toushirou mta-sts-daemon[27711]: File "/usr/lib/python3/dist-packages/postfix_mta_sts_resolver/redis_cache.py", line 34, in setup
/var/log/daemon.log.3.gz:Jul 6 06:59:59 Toushirou mta-sts-daemon[27711]: self._pool = await aioredis.create_redis_pool(**self._opts)
/var/log/daemon.log.3.gz:Jul 6 06:59:59 Toushirou mta-sts-daemon[27711]: File "/usr/lib/python3/dist-packages/aioredis/commands/__init__.py", line 201, in create_redis_pool
/var/log/daemon.log.3.gz:Jul 6 06:59:59 Toushirou mta-sts-daemon[27711]: loop=loop)
/var/log/daemon.log.3.gz:Jul 6 06:59:59 Toushirou mta-sts-daemon[27711]: File "/usr/lib/python3/dist-packages/aioredis/pool.py", line 56, in create_pool
/var/log/daemon.log.3.gz:Jul 6 06:59:59 Toushirou mta-sts-daemon[27711]: await pool._fill_free(override_min=False)
/var/log/daemon.log.3.gz:Jul 6 06:59:59 Toushirou mta-sts-daemon[27711]: File "/usr/lib/python3/dist-packages/aioredis/pool.py", line 388, in _fill_free
/var/log/daemon.log.3.gz:Jul 6 06:59:59 Toushirou mta-sts-daemon[27711]: conn = await self._create_new_connection(self._address)
/var/log/daemon.log.3.gz:Jul 6 06:59:59 Toushirou mta-sts-daemon[27711]: File "/usr/lib/python3/dist-packages/aioredis/connection.py", line 129, in create_connection
/var/log/daemon.log.3.gz:Jul 6 06:59:59 Toushirou mta-sts-daemon[27711]: await conn.auth(password)
/var/log/daemon.log.3.gz:Jul 6 06:59:59 Toushirou mta-sts-daemon[27711]: File "/usr/lib/python3/dist-packages/aioredis/util.py", line 48, in wait_ok
/var/log/daemon.log.3.gz:Jul 6 06:59:59 Toushirou mta-sts-daemon[27711]: res = await fut
/var/log/daemon.log.3.gz:Jul 6 06:59:59 Toushirou mta-sts-daemon[27711]: File "/usr/lib/python3/dist-packages/aioredis/connection.py", line 183, in _read_data
/var/log/daemon.log.3.gz:Jul 6 06:59:59 Toushirou mta-sts-daemon[27711]: obj = await self._reader.readobj()
/var/log/daemon.log.3.gz:Jul 6 06:59:59 Toushirou mta-sts-daemon[27711]: File "/usr/lib/python3/dist-packages/aioredis/stream.py", line 94, in readobj
/var/log/daemon.log.3.gz:Jul 6 06:59:59 Toushirou mta-sts-daemon[27711]: await self._wait_for_data('readobj')
/var/log/daemon.log.3.gz:Jul 6 06:59:59 Toushirou mta-sts-daemon[27711]: File "/usr/lib/python3.7/asyncio/streams.py", line 473, in _wait_for_data
/var/log/daemon.log.3.gz:Jul 6 06:59:59 Toushirou mta-sts-daemon[27711]: await self._waiter
/var/log/daemon.log.3.gz:Jul 6 06:59:59 Toushirou mta-sts-daemon[27711]: ConnectionResetError: [Errno 104] Connection reset by peer
/var/log/daemon.log.3.gz:Jul 6 06:59:59 Toushirou systemd[1]: postfix-mta-sts-resolver.service: Main process exited, code=exited, status=1/FAILURE
/var/log/daemon.log.3.gz:Jul 6 06:59:59 Toushirou systemd[1]: postfix-mta-sts-resolver.service: Failed with result 'exit-code'.
/var/log/daemon.log.3.gz:Jul 6 06:59:59 Toushirou systemd[1]: postfix-mta-sts-resolver.service: Consumed 709ms CPU time.
/var/log/daemon.log.3.gz:Jul 6 06:59:59 Toushirou systemd[1]: postfix-mta-sts-resolver.service: Service RestartSec=100ms expired, scheduling restart.
/var/log/daemon.log.3.gz:Jul 6 06:59:59 Toushirou systemd[1]: postfix-mta-sts-resolver.service: Scheduled restart job, restart counter is at 1.
/var/log/daemon.log.3.gz:Jul 6 06:59:59 Toushirou systemd[1]: postfix-mta-sts-resolver.service: Consumed 709ms CPU time.
</pre></p>
<p>After 5 times the service seem to not have been brought back.</p>
<p>Is it a problem because redis was restarted? We need to investigate.</p>
<p>Severity high since it blocked outgoing emails on this server.</p> DuckCorp Infrastructure - Enhancement #721 (Resolved): IRC: add port 6697https://projects.duckcorp.org/issues/7212021-04-29T10:52:37ZMarc Dequènesduck@duckcorp.org
<p>It's the IANA reserved port for IRC TLS.</p> DuckCorp Infrastructure - Bug #694 (Resolved): Proper mail configuration for non-MX/relay servershttps://projects.duckcorp.org/issues/6942020-04-16T05:12:10ZMarc Dequènesduck@duckcorp.org
<p>Thorfinn seem to have a basic loopback-only config. Nicecity has exim. It is a bit of a mess.<br />Also having proper TLS settings would be better.</p> DuckCorp Infrastructure - Enhancement #693 (Rejected): LXD on Elwinghttps://projects.duckcorp.org/issues/6932020-04-14T06:40:23ZMarc Dequènesduck@duckcorp.org
<p>I need to continue exploring LXD on Elwing. Not sure if we can use it to replace Orfeo in case we loose it or the housing but it may become handy.</p>
<p>Currently on major problem is the Debian packaging which is still WIP: <a class="external" href="https://wiki.debian.org/LXD">https://wiki.debian.org/LXD</a><br />My package has not been updated for a while and I would like a more stable solution if we're to use it in production.</p> DuckCorp Infrastructure - Tracking #672 (Resolved): redmine: 2FA supporthttps://projects.duckcorp.org/issues/6722019-09-09T06:49:25ZMarc Dequènesduck@duckcorp.org
<p>The is a <a href="https://www.redmine.org/issues/1237" class="external">long standing upstream BR</a> with a series of patches which were recently updated. Unfortunately it is not implemented as a plugin so let's track the inclusion progress.</p> DuckCorp Infrastructure - Enhancement #663 (Resolved): redis: upgrade role with Buster configurationhttps://projects.duckcorp.org/issues/6632019-08-17T15:44:35ZMarc Dequènesduck@duckcorp.org
<p>Currently the old config works fine on Orfeo but it would be better to adapt and make use of new parameters if adequate.</p> DuckCorp Infrastructure - Enhancement #652 (In Progress): Orfeo would like a brand new bodyhttps://projects.duckcorp.org/issues/6522019-05-08T16:47:00ZMarc Dequènesduck@duckcorp.org
<p>It is a followup of <a class="issue tracker-2 status-3 priority-4 priority-default closed parent" title="Enhancement: Toushirou would like a brand new body (Resolved)" href="https://projects.duckcorp.org/issues/537">#537</a> for Orfeo only.</p>
<p>Orfeo is old too and even if we do not need more power now it crashed last year for an undetermined reason and we should think of the future.</p>
<p>I'm still looking into the possibility of hosting it on a Elwing container using LXD. My internet connection is better even if not wonderful. And my complicated network config and Hivane L2TP tunnel are stable now. As we might never have the ability to change the machine in the current hosting I guess it's even more an interesting possibility to explore.</p> DuckCorp Infrastructure - Enhancement #648 (Resolved): Debian Buster Migrationhttps://projects.duckcorp.org/issues/6482019-04-21T09:56:01ZMarc Dequènesduck@duckcorp.org
<p>Please update the TODOs below and add a note to comment on the progress.</p>
Identified oneshot changes:
<ul>
<li>before migration:
<ul>
<li><del>add buster in our repo and check if packages needs to be ported</del> (spoolinger is done, lxd needs more work, nothing else needs porting)</li>
<li><del><a href="https://www.debian.org/releases/buster/amd64/release-notes/ch-information.en.html#migrate-interface-names" class="external">Migrating from legacy network interface names</a></del> (all machines migrated to the new <a class="wiki-page" href="https://projects.duckcorp.org/projects/dc-admin/wiki/Naming_Rules#Network-Interfaces">Naming Rules</a>)</li>
</ul>
</li>
<li>after migration:
<ul>
<li><del>/usr is now merged by default and most softwares expect path to be updated (look at the <em>softwares incompatible with usrmerge layout</em> below): apt install usrmerge</del> (done)</li>
<li><del>SysV init related packages no longer required: apt purge initscripts sysv-rc insserv startpar</del> (done)</li>
<li><del>PostgreSQL databases need to be reindexed</del> (in fact pg_upgradecluster dumps/imports so it is not necessary)</li>
<li><del>apt-transport-https is no longer necessary</del></li>
<li><del>on web servers <em>php7.0-common</em> needs to be removed manually: : apt purge php7.0-common</del> (done)</li>
<li><del>systemd-journal-upload/systemd-journal-gatewayd services user/group can be removed as they are now dynamically allocated</del> (none found)</li>
</ul></li>
</ul>
Identified deployment changes:
<ul>
<li><del>hidepid with systemd and polkit: see <a class="external" href="https://wiki.debian.org/Hardening#Mounting_.2Fproc_with_hidepid">https://wiki.debian.org/Hardening#Mounting_.2Fproc_with_hidepid</a></del></li>
<li><del>install debian-security-support</del></li>
</ul>
Problematic softwares:
<ul>
<li><del>phpmyadmin: not in Buster but still in Debian; I see a <a href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879741" class="external">RFA</a> with work towards newer versions but that requires several new dependencies</del> (backport builds done and working, see <a class="issue tracker-6 status-3 priority-3 priority-lowest closed child" title="Tracking: phpmyadmin: not available in stable and orphaned (Resolved)" href="https://projects.duckcorp.org/issues/670">#670</a>)</li>
<li><del>ftp-ssl: still in Debian but missing in Buster because it was not ready for openssl 1.1; 0.17.34+0.2-4.1 contains a patch and could be backported in our repo (unless it comes in Debian first)</del></li>
<li>softwares incompatible with usrmerge layout:
<ul>
<li><del>molly-guard problems (<a class="external" href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930131">https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930131</a>)</del> (molly-guard and usrmerge backported in our repo)</li>
</ul></li>
</ul> DuckCorp Infrastructure - Enhancement #229 (In Progress): [STICKY] Features missing in softwares ...https://projects.duckcorp.org/issues/2292011-06-21T23:14:56ZMarc Dequènesduck@duckcorp.org
<p>List of features that needs help implementing.</p>
<p>You should contact upstream authors in order to get the feature included in the official sofware.</p>
<p>DC-specific feature won't be added here.</p>
<p>Additionally, you can have a look at the following tickets already reported in Debian:<br /><a class="external" href="http://bugs.debian.org/cgi-bin/pkgreport.cgi?users=admin@duckcorp.org;include=severity:wishlist">http://bugs.debian.org/cgi-bin/pkgreport.cgi?users=admin@duckcorp.org;include=severity:wishlist</a></p>