Re: RFS: PySol packages
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi! Am Samstag, 15. März 2003 16:26 schrieb Alexander Nofftz: > Note: PySol 4.81 currently doesn't work with tk8.4 8.4.2-2 from Sid. > tk8.4 8.4.0-5 of Testing works fine. See also bugs #184832 and #184609. This is definitely a bug in TKinter, see #184404 and #184453 or http://python.org/sf/698517 So my package can be uploaded. I'm still looking for a sponsor. You can get everything from http://server.alexnofftz.de/~alex/~pysol/ Regards, Alex - -- Alexander Nofftz, Leverkusen, Germany [EMAIL PROTECTED] http://www.AlexNofftz.de Jabber: [EMAIL PROTECTED] (Jabber?! http://amessage.de) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+dbmFj+sgkDoXsk4RAjMuAKDz1voh5q+D5NTiQlxnMPchr6SzaACfTRkI xiI2mPBDe9TH+uBVA8U2iXE= =1KcD -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Looking for a sponsor for btn4ws
Hello, I packaged my btn4ws Gimp-perl script for Debian and I'm looking for a sponsor now. The package and it's source are now apt-get-able from deb http://www.dittberner.info/files/debian unstable main deb-src http://www.dittberner.info/files/debian unstable main The description follows: Package: btn4ws Version: 0.6-1 Priority: optional Section: graphics Maintainer: Jan Dittberner <[EMAIL PROTECTED]> Depends: gimp1.2-perl, libgimp1.2-dev Architecture: all Filename: pool/graphics/b/btn4ws/btn4ws_0.6-1_all.deb Size: 9626 MD5sum: 8493eb24f681fc7e199253130eac4589 Description: buttons for websites - a Gimp based button generator btn4ws creates a sequence of buttons for web pages. You can give some parameters for the layout in a dialog. The tool can generate HTML, CSS and JavaScript code for rollover effects if desired. installed-size: 48 I'm living in Dresden, Germany if that matters. Regards Jan Dittberner -- Jan Dittberner - ICQ: 1963573 GPG-ID: 0x65C354AF - http://wwwkeys.de.pgp.net/ http://www.dittberner.info/ pgp0.pgp Description: PGP signature
Shared library
Section 11.2 of Debian Policy says: You must specify the gcc option `-D_REENTRANT' when building a library (either static or shared) to make the library compatible with LinuxThreads. Is this obsolete? I can't find `-D_REENTRANT' in the gcc documentation. I assume that all Debian packages should be compatible with LinuxThreads, or is this necessary only for code that specifically uses threads? Regards, Bob -- _ |_) _ |_Robert D. Hilliard<[EMAIL PROTECTED]> |_) (_) |_) 1294 S.W. Seagull Way <[EMAIL PROTECTED]> Palm City, FL 34990 USA GPG Key ID: 390D6559 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: pbuilder - how to use existing apt cache?
Junichi Uekawa <[EMAIL PROTECTED]> writes: [...] > > > Is there a 'canonical' way to achive what I'm asking for? > > > > I simply use APTCACHE=/var/cache/apt/archives/, it copies the contents > > into the chroot first and copies back the newly downloaded debs. > > > > I'll add this into the FAQ section of the documentation. > I initially thought it should be obvious, but apparently isn't. Yes, thanks. It wasn't clear to me, how pbuilder actually works. I thought that because /var/cache/apt/archives is not accessible from within the chroot, this would not be possible. It didn't cross my mind that /var/cache/pbuilder/aptcache is also outside the chroot. But please add to the FAQ that both /var/cache/apt/archives and the chroot must be located on the same partition. Else hard-linking the debs doesn't work. Thanks, Johannes ~/.signature under construction -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Setting Tex and metapost paths without env variables
Hi people, I'm packaging therion, some cave survey software, at the moment. In fact I've packaged it but I have a couple of queries. Therion uses tex and metafont extensively (to draw postscript/PDF cave surveys/symbols). It need to set a couple of environment variables in order to add it's own tex and metafont macros to the search paths of those apps. ie export THERION=/usr/share/therion export MPINPUTS=.:/usr/share/therion/mpost: export TEXINPUTS=.:/usr/share/therion/tex: In order to initially package it I have done as suggested in the developers reference and renamed the therion binary to therion.bin and made 'therion' a shell script that sets these variables (or uses existing settings if present), exports them and then runs therion.bin. However this seems like something of a hack, and is not exactly encouraged as a practice in the docs, so I wonder if it would be 'better' if therion were to add it's macros to the Tex and metapost paths properly. Is there a nice Debian way to do this (I know very little about either of these programs)? Or are there good reasons why things shouldn't be done this way. e.g you really only want these extra dirs on the list when processing therion stuff, not all the time as there might be clashes?, or perhaps it's difficult to reliably register these paths and remove them when therion is removed due to too many possible config flavours? Suggestions welcome - if no-one has any better ideas I'll stick with the current plan as it works fine - it just does seem very 'satisfying'. Also - I have packages that now need building on unstable (right version of gcc, right versions of wxwindows), but I don't have an unstable machine handy. I assumed there would be handy chroots for maintainers to build in if necessary but I couldn't actually find any except on dubussey.d.o. This is OK, but I can't easily test the arm binaries produced in my normal test environment. There must be a 'recommended' way to do this building. Am I supposed to use pbuilder or dchroot and make my own local unstable? How much space does that need - the root disk is bursting on my development machine. thanx for any help anyone can provide. Do cc: me - I'm not on this list. Wookey -- Aleph One Ltd, Bottisham, CAMBRIDGE, CB5 9BA, UK Tel +44 (0) 1223 811679 work: http://www.aleph1.co.uk/ play: http://www.chaos.org.uk/~wookey/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Shared library
Bob> Section 11.2 of Debian Policy says: You must specify the gcc
Bob> option `-D_REENTRANT' when building a library (either static or
Bob> shared) to make the library compatible with LinuxThreads.
Bob> Is this obsolete? I can't find `-D_REENTRANT' in the gcc
Bob> documentation.
Because it is just a special case of the -D"var=val" option.
Bob> I assume that all Debian packages should be compatible with
Bob> LinuxThreads, or is this necessary only for code that
Bob> specifically uses threads?
We cannot predict what code the library will be linked with, so we
must assume it will be linked with threaded code.
--
Ian Zimmerman, Oakland, California, U.S.A.
if (sizeof(signed) > sizeof(unsigned) + 4) { delete this; }
GPG: 433BA087 9C0F 194F 203A 63F7 B1B8 6E5A 8CA3 27DB 433B A087
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Setting Tex and metapost paths without env variables
Wookey> In order to initially package it I have done as suggested in
Wookey> the developers reference and renamed the therion binary to
Wookey> therion.bin and made 'therion' a shell script that sets these
Wookey> variables (or uses existing settings if present), exports them
Wookey> and then runs therion.bin.
Wookey> However this seems like something of a hack, and is not
Wookey> exactly encouraged as a practice in the docs, so I wonder if
Wookey> it would be 'better' if therion were to add it's macros to the
Wookey> Tex and metapost paths properly. Is there a nice Debian way to
Wookey> do this (I know very little about either of these programs)?
I would just put them in a suitable subdirectory/-ies of
/usr/share/texmf (probably a new one) and run /usr/bin/texhash
in postinst and postrm of the package.
--
Ian Zimmerman, Oakland, California, U.S.A.
if (sizeof(signed) > sizeof(unsigned) + 4) { delete this; }
GPG: 433BA087 9C0F 194F 203A 63F7 B1B8 6E5A 8CA3 27DB 433B A087
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
pgp 2.6.3i vs pgp5i vs gnupgp
Hi, I would like to setup a key to eventually be used for Debian related activities (the kind nm's need). I would like to use an existing version of pgp on a set of solaris systems I have access to, the problem is they have PGP version 2.6.3i. I'm unsure as to whether this is a secure version of PGP and what kinds of bugs it has in it. Reading through the Debian packages I find that pgp is up to version 2.6.3i-9, and reading it's changelog I do not see significant reason to use a version newer than 2.5.3i. The description does say it "is obsolete compared to PGP 5." I have also seen patches for 2.6.3i, but I don't know if any are necessary, or significantly useful to me. pgp5i's description says "This is version 5.0i, and has significant changes compared to 2.6.3a. You may want to consider keeping the old version handy." I don't know what any of these significant change are or why I'd still want the old version. Hmm, it also seems to have a potential bug in it's description by saying "it does not have a license for its use of the RSA cryptosystem, on which some nasty people claim a patent." I think pgp maintainers removed those kinds of strings from their package as the RSA cryptosystem patent expired? My understanding of gnupg, is that it's the same as pgp5i, but without the patented IDEA related stuff. Is the version that I have available good enough? What other benefits might a newer version provide (as related to Debian)? Below is the text I get from pgp on this Solaris system. > pgp Pretty Good Privacy(tm) 2.6.3i - Public-key encryption for the masses. (c) 1990-96 Philip Zimmermann, Phil's Pretty Good Software. 1996-01-18 International version - not for use in the USA. Does not use RSAREF. Current time: 2003/03/17 20:09 GMT For details on licensing and distribution, see the PGP User's Guide. For other cryptography products and custom development services, contact: Philip Zimmermann, 3021 11th St, Boulder CO 80304 USA, phone +1 303 541-0140 For a usage summary, type: pgp -h Thanks Drew Daniels -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Installing writable configuration files for an Apache module.
> I've just finished creating and testing a new package, > libapache-mod-virgule, this is the module which is behind the > Advogato.org website. > > The module uses a set of .xml files for it's configuration, and > for storing user login details - and I'm a little unsure as to > where they should be installed. > > Currently I create a directory '/var/lib/mod-virgule' and place > them there. However I do there could be a better location to use > and I'm open to suggestions. They should reside in /etc/mod-virgule, and /var/lib/mod-virgule -if you need it to exist- should either be a symlink or contain symlinks pointing to the relevant files - Take a look at the policy, 11.7.2: http://www.debian.org/doc/debian-policy/ch-files.html#s11.7.2 > One concern is that these files must be writable by the apache > process - to do that I've installed a new user and group and made > the directory +S. > > The alternative is to install them nobody:nogroup, which is bad. > > Now obviously anybody with a login shell upon the box can tamper > with these files - if there's a good solution that I've not thought > of I'd appreciate hearing of it.. Remember Apache runs with the user and group www-data - If you make them normal 0644 files owned by www-data:www-data, I think you should be safe... Unless, of course, you are using www-data for things other than Apache itself ;-) -- Gunnar Wolf - [EMAIL PROTECTED] - (+52-55)5630-9700 ext. 1366 PGP key 1024D/8BB527AF 2001-10-23 Fingerprint: 0C79 D2D1 2C4E 9CE4 5973 F800 D80E F35A 8BB5 27AF -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
General programming questions list?
Hi, Where should I post general programming questions? What are some good (interactive) resources? I'm still reading the required and suggested new maintainer's documentation, so forgive me if it's pointed out somewhere. A real example should anyone be inclined to comment: In C++, I have a base class and a derived class. I want to allow operator= to be overloaded properly for my derived class such that it can have the base class assigned to it. Do I need to define derivedClass::operator=() to copy all the members and set any new members to null? Can I somehow use the operator=() function from the base class to save time (especially since the base class isn't written by me)? Drew Daniels -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: pgp 2.6.3i vs pgp5i vs gnupgp
On Mon, Mar 17, 2003 at 02:57:26PM -0600, Drew Scott Daniels wrote: > I would like to setup a key to eventually be used for Debian related > activities (the kind nm's need). I would like to use an existing version > of pgp on a set of solaris systems I have access to, the problem is they > have PGP version 2.6.3i. I'm unsure as to whether this is a secure version > of PGP and what kinds of bugs it has in it. I think you'll want to consider using GnuPG. PGP's future is pretty uncertain, and it was pretty bleak until extremely recently. About this Solaris machine, beware that you shouldn't be running anything that you want to keep secure on a multi-user machine. Most of us keep our keys on machines that are unreachable from the internet. A single unpatched Solaris bug could expose your key to the world, and if you're able to upload packages to Debian based on that key, then millions of people could be affected by your single fsck-up. - chad pgp0.pgp Description: PGP signature
Re: pgp 2.6.3i vs pgp5i vs gnupgp
On Mon, 17 Mar 2003, Chad Miller wrote: > On Mon, Mar 17, 2003 at 02:57:26PM -0600, Drew Scott Daniels wrote: > > I would like to setup a key to eventually be used for Debian related > > activities (the kind nm's need). I would like to use an existing version > > of pgp on a set of solaris systems I have access to, the problem is they > > have PGP version 2.6.3i. I'm unsure as to whether this is a secure version > > of PGP and what kinds of bugs it has in it. > > I think you'll want to consider using GnuPG. PGP's future is pretty > uncertain, and it was pretty bleak until extremely recently. > > About this Solaris machine, beware that you shouldn't be running anything > that you want to keep secure on a multi-user machine. Most of us keep > our keys on machines that are unreachable from the internet. A single > unpatched Solaris bug could expose your key to the world, and if you're > able to upload packages to Debian based on that key, then millions of > people could be affected by your single fsck-up. > How about for validation of PGP messages. Is the version on the solaris system good enough for validation? I've decided to carry a disk around with my key and have GnuPG on all the various single user machines that I use. I don't want to have to download messages to validate them instead of doing it on the remote server, although I do realize the minor, but real security issues involved in this too. I've also found useful information at pgpi.org since my last post. It seems that the IDEA algorithm is not in 2.6.x, but is in 5.0i and some other versions. I also found pointers to the non-free "free" pgp 8 for windows (yes, most of "my" single user machines are stuck with windows). It's license is DFSG non-free to the point at which I'm questioning it's value over GnuPG. I don't know whether IDEA adds much value yet. Drew Daniels -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: pgp 2.6.3i vs pgp5i vs gnupgp
On Mon, Mar 17, 2003 at 04:05:50PM -0600, Drew Scott Daniels wrote: > How about for validation of PGP messages. Is the version on the solaris > system good enough for validation? [...] Yes, probably. > I've also found useful information at pgpi.org since my last post. It > seems that the IDEA algorithm is not in 2.6.x, but is in 5.0i and some > other versions. I also found pointers to the non-free "free" pgp 8 for > windows (yes, most of "my" single user machines are stuck with windows). > It's license is DFSG non-free to the point at which I'm questioning it's > value over GnuPG. I don't know whether IDEA adds much value yet. None at all. Idea is available for GnuPG, we're just not allowed to distribute it. I haven't needed it in several years, anyway. If you must have it, Google: "gnupg idea plugin" - chad pgp0.pgp Description: PGP signature
Re: General programming questions list?
Drew, > In C++, I have a base class and a derived class. I want to allow > operator= to be overloaded properly for my derived class such that it > can have the base class assigned to it. Do I need to define > derivedClass::operator=() to copy all the members and set any new > members to null? Can I somehow use the operator=() function from the > base class to save time (especially since the base class isn't written > by me)? There is always USENET but also: * http://lists.linux.org.au/listinfo/linuxcprogramming/ * http://lists.linux.org.au/listinfo/tuxcpprogramming/ Some out of data information can be found at: * http://www.rebel.net.au/~lloy0076/linux_c_programming/ One can ask fairly basic to advanced questions there. DSL -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: General programming questions list?
Drew> In C++, I have a base class and a derived class. I want to allow
Drew> operator= to be overloaded properly for my derived class such
Drew> that it can have the base class assigned to it. Do I need to
Drew> define derivedClass::operator=() to copy all the members and set
Drew> any new members to null? Can I somehow use the operator=()
Drew> function from the base class to save time (especially since the
Drew> base class isn't written by me)?
David> http://lists.linux.org.au/listinfo/linuxcprogramming/
David> http://lists.linux.org.au/listinfo/tuxcpprogramming/
David> http://www.rebel.net.au/~lloy0076/linux_c_programming/
Also:
ftp://ftp.rug.nl/contrib/frank/documents/cplusplus.annotations/
--
Ian Zimmerman, Oakland, California, U.S.A.
if (sizeof(signed) > sizeof(unsigned) + 4) { delete this; }
GPG: 433BA087 9C0F 194F 203A 63F7 B1B8 6E5A 8CA3 27DB 433B A087
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: RFS: PySol packages
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi! Am Samstag, 15. März 2003 16:26 schrieb Alexander Nofftz: > Note: PySol 4.81 currently doesn't work with tk8.4 8.4.2-2 from Sid. > tk8.4 8.4.0-5 of Testing works fine. See also bugs #184832 and #184609. This is definitely a bug in TKinter, see #184404 and #184453 or http://python.org/sf/698517 So my package can be uploaded. I'm still looking for a sponsor. You can get everything from http://server.alexnofftz.de/~alex/~pysol/ Regards, Alex - -- Alexander Nofftz, Leverkusen, Germany [EMAIL PROTECTED] http://www.AlexNofftz.de Jabber: [EMAIL PROTECTED] (Jabber?! http://amessage.de) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+dbmFj+sgkDoXsk4RAjMuAKDz1voh5q+D5NTiQlxnMPchr6SzaACfTRkI xiI2mPBDe9TH+uBVA8U2iXE= =1KcD -END PGP SIGNATURE-
Looking for a sponsor for btn4ws
Hello, I packaged my btn4ws Gimp-perl script for Debian and I'm looking for a sponsor now. The package and it's source are now apt-get-able from deb http://www.dittberner.info/files/debian unstable main deb-src http://www.dittberner.info/files/debian unstable main The description follows: Package: btn4ws Version: 0.6-1 Priority: optional Section: graphics Maintainer: Jan Dittberner <[EMAIL PROTECTED]> Depends: gimp1.2-perl, libgimp1.2-dev Architecture: all Filename: pool/graphics/b/btn4ws/btn4ws_0.6-1_all.deb Size: 9626 MD5sum: 8493eb24f681fc7e199253130eac4589 Description: buttons for websites - a Gimp based button generator btn4ws creates a sequence of buttons for web pages. You can give some parameters for the layout in a dialog. The tool can generate HTML, CSS and JavaScript code for rollover effects if desired. installed-size: 48 I'm living in Dresden, Germany if that matters. Regards Jan Dittberner -- Jan Dittberner - ICQ: 1963573 GPG-ID: 0x65C354AF - http://wwwkeys.de.pgp.net/ http://www.dittberner.info/ pgpDGvE7432Wn.pgp Description: PGP signature
Shared library
Section 11.2 of Debian Policy says: You must specify the gcc option `-D_REENTRANT' when building a library (either static or shared) to make the library compatible with LinuxThreads. Is this obsolete? I can't find `-D_REENTRANT' in the gcc documentation. I assume that all Debian packages should be compatible with LinuxThreads, or is this necessary only for code that specifically uses threads? Regards, Bob -- _ |_) _ |_Robert D. Hilliard<[EMAIL PROTECTED]> |_) (_) |_) 1294 S.W. Seagull Way <[EMAIL PROTECTED]> Palm City, FL 34990 USA GPG Key ID: 390D6559
Re: pbuilder - how to use existing apt cache?
Junichi Uekawa <[EMAIL PROTECTED]> writes: [...] > > > Is there a 'canonical' way to achive what I'm asking for? > > > > I simply use APTCACHE=/var/cache/apt/archives/, it copies the contents > > into the chroot first and copies back the newly downloaded debs. > > > > I'll add this into the FAQ section of the documentation. > I initially thought it should be obvious, but apparently isn't. Yes, thanks. It wasn't clear to me, how pbuilder actually works. I thought that because /var/cache/apt/archives is not accessible from within the chroot, this would not be possible. It didn't cross my mind that /var/cache/pbuilder/aptcache is also outside the chroot. But please add to the FAQ that both /var/cache/apt/archives and the chroot must be located on the same partition. Else hard-linking the debs doesn't work. Thanks, Johannes ~/.signature under construction
Setting Tex and metapost paths without env variables
Hi people, I'm packaging therion, some cave survey software, at the moment. In fact I've packaged it but I have a couple of queries. Therion uses tex and metafont extensively (to draw postscript/PDF cave surveys/symbols). It need to set a couple of environment variables in order to add it's own tex and metafont macros to the search paths of those apps. ie export THERION=/usr/share/therion export MPINPUTS=.:/usr/share/therion/mpost: export TEXINPUTS=.:/usr/share/therion/tex: In order to initially package it I have done as suggested in the developers reference and renamed the therion binary to therion.bin and made 'therion' a shell script that sets these variables (or uses existing settings if present), exports them and then runs therion.bin. However this seems like something of a hack, and is not exactly encouraged as a practice in the docs, so I wonder if it would be 'better' if therion were to add it's macros to the Tex and metapost paths properly. Is there a nice Debian way to do this (I know very little about either of these programs)? Or are there good reasons why things shouldn't be done this way. e.g you really only want these extra dirs on the list when processing therion stuff, not all the time as there might be clashes?, or perhaps it's difficult to reliably register these paths and remove them when therion is removed due to too many possible config flavours? Suggestions welcome - if no-one has any better ideas I'll stick with the current plan as it works fine - it just does seem very 'satisfying'. Also - I have packages that now need building on unstable (right version of gcc, right versions of wxwindows), but I don't have an unstable machine handy. I assumed there would be handy chroots for maintainers to build in if necessary but I couldn't actually find any except on dubussey.d.o. This is OK, but I can't easily test the arm binaries produced in my normal test environment. There must be a 'recommended' way to do this building. Am I supposed to use pbuilder or dchroot and make my own local unstable? How much space does that need - the root disk is bursting on my development machine. thanx for any help anyone can provide. Do cc: me - I'm not on this list. Wookey -- Aleph One Ltd, Bottisham, CAMBRIDGE, CB5 9BA, UK Tel +44 (0) 1223 811679 work: http://www.aleph1.co.uk/ play: http://www.chaos.org.uk/~wookey/
Re: Shared library
Bob> Section 11.2 of Debian Policy says: You must specify the gcc
Bob> option `-D_REENTRANT' when building a library (either static or
Bob> shared) to make the library compatible with LinuxThreads.
Bob> Is this obsolete? I can't find `-D_REENTRANT' in the gcc
Bob> documentation.
Because it is just a special case of the -D"var=val" option.
Bob> I assume that all Debian packages should be compatible with
Bob> LinuxThreads, or is this necessary only for code that
Bob> specifically uses threads?
We cannot predict what code the library will be linked with, so we
must assume it will be linked with threaded code.
--
Ian Zimmerman, Oakland, California, U.S.A.
if (sizeof(signed) > sizeof(unsigned) + 4) { delete this; }
GPG: 433BA087 9C0F 194F 203A 63F7 B1B8 6E5A 8CA3 27DB 433B A087
Re: Setting Tex and metapost paths without env variables
Wookey> In order to initially package it I have done as suggested in
Wookey> the developers reference and renamed the therion binary to
Wookey> therion.bin and made 'therion' a shell script that sets these
Wookey> variables (or uses existing settings if present), exports them
Wookey> and then runs therion.bin.
Wookey> However this seems like something of a hack, and is not
Wookey> exactly encouraged as a practice in the docs, so I wonder if
Wookey> it would be 'better' if therion were to add it's macros to the
Wookey> Tex and metapost paths properly. Is there a nice Debian way to
Wookey> do this (I know very little about either of these programs)?
I would just put them in a suitable subdirectory/-ies of
/usr/share/texmf (probably a new one) and run /usr/bin/texhash
in postinst and postrm of the package.
--
Ian Zimmerman, Oakland, California, U.S.A.
if (sizeof(signed) > sizeof(unsigned) + 4) { delete this; }
GPG: 433BA087 9C0F 194F 203A 63F7 B1B8 6E5A 8CA3 27DB 433B A087
pgp 2.6.3i vs pgp5i vs gnupgp
Hi, I would like to setup a key to eventually be used for Debian related activities (the kind nm's need). I would like to use an existing version of pgp on a set of solaris systems I have access to, the problem is they have PGP version 2.6.3i. I'm unsure as to whether this is a secure version of PGP and what kinds of bugs it has in it. Reading through the Debian packages I find that pgp is up to version 2.6.3i-9, and reading it's changelog I do not see significant reason to use a version newer than 2.5.3i. The description does say it "is obsolete compared to PGP 5." I have also seen patches for 2.6.3i, but I don't know if any are necessary, or significantly useful to me. pgp5i's description says "This is version 5.0i, and has significant changes compared to 2.6.3a. You may want to consider keeping the old version handy." I don't know what any of these significant change are or why I'd still want the old version. Hmm, it also seems to have a potential bug in it's description by saying "it does not have a license for its use of the RSA cryptosystem, on which some nasty people claim a patent." I think pgp maintainers removed those kinds of strings from their package as the RSA cryptosystem patent expired? My understanding of gnupg, is that it's the same as pgp5i, but without the patented IDEA related stuff. Is the version that I have available good enough? What other benefits might a newer version provide (as related to Debian)? Below is the text I get from pgp on this Solaris system. > pgp Pretty Good Privacy(tm) 2.6.3i - Public-key encryption for the masses. (c) 1990-96 Philip Zimmermann, Phil's Pretty Good Software. 1996-01-18 International version - not for use in the USA. Does not use RSAREF. Current time: 2003/03/17 20:09 GMT For details on licensing and distribution, see the PGP User's Guide. For other cryptography products and custom development services, contact: Philip Zimmermann, 3021 11th St, Boulder CO 80304 USA, phone +1 303 541-0140 For a usage summary, type: pgp -h Thanks Drew Daniels
Re: Installing writable configuration files for an Apache module.
> I've just finished creating and testing a new package, > libapache-mod-virgule, this is the module which is behind the > Advogato.org website. > > The module uses a set of .xml files for it's configuration, and > for storing user login details - and I'm a little unsure as to > where they should be installed. > > Currently I create a directory '/var/lib/mod-virgule' and place > them there. However I do there could be a better location to use > and I'm open to suggestions. They should reside in /etc/mod-virgule, and /var/lib/mod-virgule -if you need it to exist- should either be a symlink or contain symlinks pointing to the relevant files - Take a look at the policy, 11.7.2: http://www.debian.org/doc/debian-policy/ch-files.html#s11.7.2 > One concern is that these files must be writable by the apache > process - to do that I've installed a new user and group and made > the directory +S. > > The alternative is to install them nobody:nogroup, which is bad. > > Now obviously anybody with a login shell upon the box can tamper > with these files - if there's a good solution that I've not thought > of I'd appreciate hearing of it.. Remember Apache runs with the user and group www-data - If you make them normal 0644 files owned by www-data:www-data, I think you should be safe... Unless, of course, you are using www-data for things other than Apache itself ;-) -- Gunnar Wolf - [EMAIL PROTECTED] - (+52-55)5630-9700 ext. 1366 PGP key 1024D/8BB527AF 2001-10-23 Fingerprint: 0C79 D2D1 2C4E 9CE4 5973 F800 D80E F35A 8BB5 27AF
General programming questions list?
Hi, Where should I post general programming questions? What are some good (interactive) resources? I'm still reading the required and suggested new maintainer's documentation, so forgive me if it's pointed out somewhere. A real example should anyone be inclined to comment: In C++, I have a base class and a derived class. I want to allow operator= to be overloaded properly for my derived class such that it can have the base class assigned to it. Do I need to define derivedClass::operator=() to copy all the members and set any new members to null? Can I somehow use the operator=() function from the base class to save time (especially since the base class isn't written by me)? Drew Daniels
Re: pgp 2.6.3i vs pgp5i vs gnupgp
On Mon, Mar 17, 2003 at 02:57:26PM -0600, Drew Scott Daniels wrote: > I would like to setup a key to eventually be used for Debian related > activities (the kind nm's need). I would like to use an existing version > of pgp on a set of solaris systems I have access to, the problem is they > have PGP version 2.6.3i. I'm unsure as to whether this is a secure version > of PGP and what kinds of bugs it has in it. I think you'll want to consider using GnuPG. PGP's future is pretty uncertain, and it was pretty bleak until extremely recently. About this Solaris machine, beware that you shouldn't be running anything that you want to keep secure on a multi-user machine. Most of us keep our keys on machines that are unreachable from the internet. A single unpatched Solaris bug could expose your key to the world, and if you're able to upload packages to Debian based on that key, then millions of people could be affected by your single fsck-up. - chad pgpAhmdAQyVuY.pgp Description: PGP signature
Re: pgp 2.6.3i vs pgp5i vs gnupgp
On Mon, 17 Mar 2003, Chad Miller wrote: > On Mon, Mar 17, 2003 at 02:57:26PM -0600, Drew Scott Daniels wrote: > > I would like to setup a key to eventually be used for Debian related > > activities (the kind nm's need). I would like to use an existing version > > of pgp on a set of solaris systems I have access to, the problem is they > > have PGP version 2.6.3i. I'm unsure as to whether this is a secure version > > of PGP and what kinds of bugs it has in it. > > I think you'll want to consider using GnuPG. PGP's future is pretty > uncertain, and it was pretty bleak until extremely recently. > > About this Solaris machine, beware that you shouldn't be running anything > that you want to keep secure on a multi-user machine. Most of us keep > our keys on machines that are unreachable from the internet. A single > unpatched Solaris bug could expose your key to the world, and if you're > able to upload packages to Debian based on that key, then millions of > people could be affected by your single fsck-up. > How about for validation of PGP messages. Is the version on the solaris system good enough for validation? I've decided to carry a disk around with my key and have GnuPG on all the various single user machines that I use. I don't want to have to download messages to validate them instead of doing it on the remote server, although I do realize the minor, but real security issues involved in this too. I've also found useful information at pgpi.org since my last post. It seems that the IDEA algorithm is not in 2.6.x, but is in 5.0i and some other versions. I also found pointers to the non-free "free" pgp 8 for windows (yes, most of "my" single user machines are stuck with windows). It's license is DFSG non-free to the point at which I'm questioning it's value over GnuPG. I don't know whether IDEA adds much value yet. Drew Daniels
Re: pgp 2.6.3i vs pgp5i vs gnupgp
On Mon, Mar 17, 2003 at 04:05:50PM -0600, Drew Scott Daniels wrote: > How about for validation of PGP messages. Is the version on the solaris > system good enough for validation? [...] Yes, probably. > I've also found useful information at pgpi.org since my last post. It > seems that the IDEA algorithm is not in 2.6.x, but is in 5.0i and some > other versions. I also found pointers to the non-free "free" pgp 8 for > windows (yes, most of "my" single user machines are stuck with windows). > It's license is DFSG non-free to the point at which I'm questioning it's > value over GnuPG. I don't know whether IDEA adds much value yet. None at all. Idea is available for GnuPG, we're just not allowed to distribute it. I haven't needed it in several years, anyway. If you must have it, Google: "gnupg idea plugin" - chad pgpnMDxB2vUsG.pgp Description: PGP signature
Re: General programming questions list?
Drew, > In C++, I have a base class and a derived class. I want to allow > operator= to be overloaded properly for my derived class such that it > can have the base class assigned to it. Do I need to define > derivedClass::operator=() to copy all the members and set any new > members to null? Can I somehow use the operator=() function from the > base class to save time (especially since the base class isn't written > by me)? There is always USENET but also: * http://lists.linux.org.au/listinfo/linuxcprogramming/ * http://lists.linux.org.au/listinfo/tuxcpprogramming/ Some out of data information can be found at: * http://www.rebel.net.au/~lloy0076/linux_c_programming/ One can ask fairly basic to advanced questions there. DSL
