Your message dated Mon, 8 Aug 2005 08:47:19 +0100
with message-id <[EMAIL PROTECTED]>
and subject line Bug#321896: Incorrect security info on AMD64 page
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 8 Aug 2005 01:16:02 +0000
>From [EMAIL PROTECTED] Sun Aug 07 18:16:02 2005
Return-path: <[EMAIL PROTECTED]>
Received: from hongkong.cs.nmsu.edu [128.123.64.160]
by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
id 1E1wFG-0006KD-00; Sun, 07 Aug 2005 18:16:02 -0700
Received: from hongkong.cs.nmsu.edu (IDENT:[EMAIL PROTECTED] [127.0.0.1])
by hongkong.cs.nmsu.edu (8.12.11/8.12.11) with ESMTP id j781Fuo5008210;
Sun, 7 Aug 2005 19:16:01 -0600
Received: (from [EMAIL PROTECTED])
by hongkong.cs.nmsu.edu (8.12.11/8.12.11/Submit) id j781FuS1008209;
Sun, 7 Aug 2005 20:15:56 -0500
From: Ross Combs <[EMAIL PROTECTED]>
Date: Sun, 07 Aug 2005 20:15:56 -0500
To: [EMAIL PROTECTED]
Subject: Incorrect security info on AMD64 page
Message-ID: <[EMAIL PROTECTED]>
User-Agent: nail 10.7 3/19/04
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
Package: www.debian.org
Version: n/a
The security support for the AMD64 port is still (apparently) not
in place. However the only information on www.debian.org says that
it is. Following the instructions provided on the site is dangerous
because no security updates will be applied.
Specifically, this page:
http://www.debian.org/ports/amd64/
says:
"The stable release of the unofficial port is based on unpatched Sarge
sources and has full security support by the Debian Security Team. The
Debian-Backports and -Volatile services are fully supported, too.
...
The Debian Security Team supports updates to the unofficial Sarge
release, which are made available on security.debian.org."
Suggested correction is to put all of the "official" wording in future
tense ("will support updates ..."), and the add the correct location to
give apt to obtain the fixes now.
Additionally, the correct location can not be found by searching
debian.org for announcements. The last announcement on the subject
(from _May_ of 2005) says the same as the AMD64 port page: go to
security.debian.org. I had to ask on LWN to get the real answer.
Another reader responded:
http://lwn.net/Articles/144530/
"Goswin von Brederlow answered this question in
http://lists.debian.org/debian-amd64/2005/07/msg00347.html.
'We are waiting on James Troup to activate amd64 on the security
servers. The buildd is otherwise setup and running.
For the time being all security builds are uploaded to
sarge-proposed-updates on amd64.debian.net and people should add
that to the sources.list for now and just till sec.d.o gets
reconfigured for us.'
"
That mailing list post was a month ago. It doesn't appear the
security servers will activate amd64 any time soon so it would be
better to update the documentation to not point to them for AMD64.
Thanks,
-Ross
---------------------------------------
Received: (at 321896-done) by bugs.debian.org; 8 Aug 2005 07:47:52 +0000
>From [EMAIL PROTECTED] Mon Aug 08 00:47:52 2005
Return-path: <[EMAIL PROTECTED]>
Received: from mail0.avcosystems.co.uk [195.224.236.86]
by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
id 1E22MS-0000ov-00; Mon, 08 Aug 2005 00:47:52 -0700
Received: from lexx.avco ([192.168.0.1] helo=andromeda)
by mail0.avcosystems.co.uk with esmtp (Exim 4.52 #1 (Debian))
id 1E22Lv-00044N-QD; Mon, 08 Aug 2005 08:47:19 +0100
Received: from 127.0.0.1 (AVG SMTP 7.0.338 [267.10.2]); Mon, 08 Aug 2005
08:47:19 +0100
Message-ID: <[EMAIL PROTECTED]>
From: "Adam D. Barratt" <[EMAIL PROTECTED]>
To: "Ross Combs" <[EMAIL PROTECTED]>,
<[EMAIL PROTECTED]>
Cc: <debian-www@lists.debian.org>
References: <[EMAIL PROTECTED]>
Subject: Re: Bug#321896: Incorrect security info on AMD64 page
Date: Mon, 8 Aug 2005 08:47:19 +0100
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1506
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1506
X-AVCO-Scan-Signature: 6b9ed759886a02dbb61b8c3cb8a7d253
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-4.0 required=4.0 tests=BAYES_20,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
On Monday, August 08, 2005 2:15 AM, Ross Combs <[EMAIL PROTECTED]> wrote:
> The security support for the AMD64 port is still (apparently) not
> in place.
This is not the case - see
http://lists.debian.org/debian-devel-announce/2005/08/msg00001.html
[...]
> "Goswin von Brederlow answered this question in
> http://lists.debian.org/debian-amd64/2005/07/msg00347.html.
>
> 'We are waiting on James Troup to activate amd64 on the security
> servers. The buildd is otherwise setup and running.
That may well have been the case in early July. It has not been the case
since at least last week, when the announcement was made.
> That mailing list post was a month ago. It doesn't appear the
> security servers will activate amd64 any time soon so it would be
> better to update the documentation to not point to them for AMD64.
The security team and the ftpmaster of amd64.debian.net disagree on both
points, as per the d-d-a post I referred to earlier. Therefore I'm closing
this report.
(Indeed
http://security.debian.org/debian-security/dists/stable/updates/main/
already contains a binary-amd64 folder, although admittedly it currently
only contains arch-all packages)
Regards,
Adam
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
