Re: [buildd] Implications of DSA-1571-1

On Tue, Jun 10, 2008 at 02:57:37PM +0200, Petr Stehlik wrote: > Stephen R Marenka wrote: >> On Wed, May 14, 2008 at 09:59:44PM +0200, Petr Stehlik wrote: >>> Stephen R Marenka píše v St 14. 05. 2008 v 13:09 -0500: After this is done I'm going to make a determined effort to get etch-m68k a

Re: [buildd] Implications of DSA-1571-1

Stephen R Marenka wrote: On Wed, May 14, 2008 at 09:59:44PM +0200, Petr Stehlik wrote: Stephen R Marenka píše v St 14. 05. 2008 v 13:09 -0500: After this is done I'm going to make a determined effort to get etch-m68k and security building. quinn-diff puts us 500 packages out, but some of that l

Re: [buildd] Implications of DSA-1571-1

At least qt4-x11 and kdebase are built and uploaded. I wonder if crest is still working on gcc-4.3? Nope, that'll have died when it dropped off the net days ago. Does the build need net access? Before it "dropped off" the load was still pretty high, I think it was still building. I doubt it

Re: [buildd] Implications of DSA-1571-1

On Mon, May 19, 2008 at 07:40:37AM +0200, Michael Schmitz wrote: > > >At least qt4-x11 and kdebase are built and uploaded. I wonder if crest > >is still working on gcc-4.3? > > Nope, that'll have died when it dropped off the net days ago. Does the build need net access? Before it "dropped off" t

Re: [buildd] Implications of DSA-1571-1

Hi, gnomeradio_1.7-6 probably not worth wasting the time. OK. gom_0.30.2-1 herrie_2.0.2-1 hydrogen_0.9.3-5.1 icecast-server_1:1.3.12-19 jack_3.1.1+cvs20050801-25 jack-audio-connection-kit_0.109.2-3 I think these last two are queued somewhere. I'll remove them. Logs still go to cts, a

Re: [buildd] Implications of DSA-1571-1

On Mon, May 19, 2008 at 12:41:35AM +0200, Michael Schmitz wrote: > Do you want to stuff the queue on kullervo in future? Should we > reactivate the mail interface to buildd (rbuilder) for those machines > that can receive > mail? > > Anyway, I'm queueing the following on kullervo: > > abuse-sdl_

Re: [buildd] Implications of DSA-1571-1

+ [EMAIL PROTECTED] [EMAIL PROTECTED] (Debian stuff) + On Sun, 18 May 2008, Stephen R Marenka wrote: On Sun, May 18, 20

Re: [buildd] Implications of DSA-1571-1

On Sun, May 18, 2008 at 07:50:46AM +0200, Michael Schmitz wrote: > hobbes has queued: > > agenda.app_0.28-1 > aufs_0+20080514-2 built > camstream_0.27+dfsg-2 > dballe_4.0.1-1 > ecryptfs-utils_44-1 > ltp_20060918-2.1 > mysql-dfsg-5.0_5.0.51a-6 > pcsc-lite_1.4.101-2 > shared-mime-info_0.30-1

Re: [buildd] Implications of DSA-1571-1

On Sun, 18 May 2008, Michael Schmitz wrote: > hatari_1.0.1-1 Y-A-ARAnyM? ;-) Gr{oetje,eeting}s, Geert -- Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- [EMAIL PROTECTED] In personal conversations with technical people, I call myself a

Re: [buildd] Implications of DSA-1571-1

hobbes has queued: agenda.app_0.28-1 aufs_0+20080514-2 camstream_0.27+dfsg-2 dballe_4.0.1-1 ecryptfs-utils_44-1 ltp_20060918-2.1 mysql-dfsg-5.0_5.0.51a-6 pcsc-lite_1.4.101-2 shared-mime-info_0.30-1 sqlite3_3.5.8-4 tipptrainer_0.6.0-14 cdrdao_1:1.2.2-15 cdrkit_9:1.1.7.1-1 dosbox_0.72-1.1 dvdisaste

Re: [buildd] Implications of DSA-1571-1

Did you mean for N-D-P to still be set? Yup, I decided to clean out old cruft from the unstable chroot first. As we do not have a current ref-unstable baseline, this did take a few tries. It's cleared now... Michael -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "u

Re: [buildd] Implications of DSA-1571-1

Seems to have come back. I'll check on the openssh status today. crest is still up, but I can not log in anymore... I hope somebody still can. Not sure what happened, I did not touch ssh, did somebody upgrade it or did we get locked out again? kullervo is still ok. I did upgrade openssh but it

Re: [buildd] Implications of DSA-1571-1

On Sat, May 17, 2008 at 06:35:08PM +0200, Christian T. Steigies wrote: > On Sat, May 17, 2008 at 12:54:31AM +0200, Michael Schmitz wrote: > > >>Thanks, I'll put that on kullervo. crest is AWOL, did someone try to > > >>reboot it? > > > > > >Not me, but it is fixed? > > >[EMAIL PROTECTED]:~>last > >

Re: [buildd] Implications of DSA-1571-1

On Sat, May 17, 2008 at 12:54:31AM +0200, Michael Schmitz wrote: > >>Thanks, I'll put that on kullervo. crest is AWOL, did someone try to > >>reboot it? > > > >Not me, but it is fixed? > >[EMAIL PROTECTED]:~>last > >ctsR pts/0dslb-088-070-200 Fri May 16 20:55 still logged in > >reboot

Re: [buildd] Implications of DSA-1571-1

On Sat, May 17, 2008 at 05:37:50AM +0200, Michael Schmitz wrote: > are queued on kullervo. Did you mean for N-D-P to still be set? -- Stephen R. Marenka If life's not fun, you're not doing it right! <[EMAIL PROTECTED]> signature.asc Description: Digital signature

Re: [buildd] Implications of DSA-1571-1

Hi, If you notice a buildd has run dry, either ping me or grab some packages and let me know which ones. I've already got some of the big ones. I've taken: xfce4-panel_4.4.2-5 unstable xfce4-quicklauncher-plugin_1.9.4-2 unstable the_3.1-5 unstable farpd_0.2-9 unstable ucspi-proxy_0.97-1 unst

Re: [buildd] Implications of DSA-1571-1

Thanks, I'll put that on kullervo. crest is AWOL, did someone try to reboot it? Not me, but it is fixed? [EMAIL PROTECTED]:~>last ctsR pts/0dslb-088-070-200 Fri May 16 20:55 still logged in reboot system boot 2.6.24-1-amiga Fri May 16 10:46 - 20:55 (10:09) reboot system boo

Re: [buildd] Implications of DSA-1571-1

On Thu, May 15, 2008 at 12:15:37AM +0200, Michael Schmitz wrote: > Hi, > > >>openssl is built and at . > > > >openssh is built and at . > > > >These are both versus etch-m68k. > > Thanks, I'll put that on kullervo

Re: [buildd] Implications of DSA-1571-1

Hi, rebuild. Just need to convince buildd to not listen to the nonexisting wanna-build for the uploads. Let me know how you do that. ;) --- /usr/bin/buildd-mail-orig 2008-05-16 06:39:34.0 +0200 +++ /usr/bin/buildd-mail2008-05-16 06:43:16.0 +0200 @@ -971,6 +971,9 @@

Re: [buildd] Implications of DSA-1571-1

Hi, I'll schedule those of the -fpie failures I can find on hobbes for Did that get fixed? http://lists.debian.org/debian-68k/2008/05/msg4.html ?? (IOW: not officially ...) rebuild. Just need to convince buildd to not listen to the nonexisting wanna-build for the uploads. Let me kno

Re: [buildd] Implications of DSA-1571-1

Hi, The only downside I see is spam harvesting and frankly I've got a nice procmail filter that keeps spam from making it to my buildds (buildd mail only knows six messages, everything else must be spam). If I was really clever, I could probably drop such messages earlier. H. If we route al

Re: [buildd] Implications of DSA-1571-1

Hi, I'm willing to be a manual wanna-build to keep us buildding if ya'll like. With 448 needs-build, I hate to not keep things rolling. If you notice a buildd has run dry, either ping me or grab some packages and let me know which ones. I've already got some of the big ones. A list to get us

Re: [buildd] Implications of DSA-1571-1

On Fri, May 16, 2008 at 04:10:20AM +0200, Michael Schmitz wrote: > Hi, > >> I'm willing to be a manual wanna-build to keep us buildding if ya'll >> like. With 448 needs-build, I hate to not keep things rolling. >> >> If you notice a buildd has run dry, either ping me or grab some >> packages and le

Re: [buildd] Implications of DSA-1571-1

On Thu, May 15, 2008 at 11:10:11PM +0200, Michael Schmitz wrote: >> The question is, should we maintain this on a wiki where it can be >> updated? We've potentially got 25 buildds if all of them were up and >> running. I can keep that in a spreadsheet, but it'll bit rot as soon as >> something cha

Re: [buildd] Implications of DSA-1571-1

Hi, Might as well collect an up-to-date listing for all the buildds. I'm hoping we'll have the opportunity to update keys at buildd.d.o. So I'd like to update all the questions we normally get asked. The question is, should we maintain this on a wiki where it can be updated? We've potentially g

Re: [buildd] Implications of DSA-1571-1

Pretty normal, isn't it? I'm just glad dropping m68k has really sped up Debian releases, no? Do I see a volunteer here for giving a presentation about this topic in the Debian room at next FOSDEM? As long as it's while I'm in Europe anyway ... Duh, while you guys have FOSDEM I usually have Su

Re: [buildd] Implications of DSA-1571-1

Might as well collect an up-to-date listing for all the buildds. I'm hoping we'll have the opportunity to update keys at buildd.d.o. So I'd like to update all the questions we normally get asked. The question is, should we maintain this on a wiki where it can be updated? We've potentially got 25 b

Re: [buildd] Implications of DSA-1571-1

On Thu, May 15, 2008 at 02:16:25AM +0200, Michael Schmitz wrote: >>> Well, those machines that were installed before etch, should be safe. Can >>> anyone confirm this? >> >> Only if you have an RSA key. DSA (as in, Digital Signature Algorithm) >> keys should be considered compromised, too, since th

Re: [buildd] Implications of DSA-1571-1

On Thu, 15 May 2008, Michael Schmitz wrote: > > It seems like we've been building some version of gcc for months. I also > > got qt4-x11 built the day the new one was uploaded. Sigh. > > Pretty normal, isn't it? I'm just glad dropping m68k has really sped up Debian > releases, no? Do I see a volu

Re: [buildd] Implications of DSA-1571-1

Stephen R Marenka wrote: > On Wed, May 14, 2008 at 10:26:17PM +0200, Luk Claes wrote: >> Stephen R Marenka wrote: >>> On Wed, May 14, 2008 at 01:09:31PM -0500, Stephen R Marenka wrote: >>> openssl is built and at . >>> >>> openssh is built and at

Re: [buildd] Implications of DSA-1571-1

On Thu, May 15, 2008 at 02:48:06AM +0200, Michael Schmitz wrote: I'm going to reconfigure a build to try openssh in sid. I think it will build with gcc-4.2. openssl is already available. Uploading. -- Stephen R. Marenka If life's not fun, you're not doing it right! <[EMAIL PROTECT

Re: [buildd] Implications of DSA-1571-1

Hi, Who can still access b.d.o? I can. Want me to queue a stack of packages for someone? Looks like I can't any more. :-) kullervo could still access the database as of three hours ago. Looks like they now banned RSA keys as well. I queued a number of packages on hobbes that had been l

Re: [buildd] Implications of DSA-1571-1

openssh is built and at . If you (re)create the source package (dpkg-source -b) with -sa (source attached), you could probably upload them to etch-m68k ... Would we need arch-all packages too? Yup (see openssh-blacklist). Michael -- To UNS

Re: [buildd] Implications of DSA-1571-1

Hi all, openssl is built and at . openssh is built and at . These are both versus etch-m68k. Thanks, I'll put that on kullervo. crest is AWOL, did someone try to reboot it? kullervo had openssh 3.9somethin

Re: [buildd] Implications of DSA-1571-1

On Thu, May 15, 2008 at 02:16:25AM +0200, Michael Schmitz wrote: >>> Well, those machines that were installed before etch, should be safe. Can >>> anyone confirm this? >> >> Only if you have an RSA key. DSA (as in, Digital Signature Algorithm) >> keys should be considered compromised, too, since th

Re: [buildd] Implications of DSA-1571-1

On Wed, May 14, 2008 at 10:26:17PM +0200, Luk Claes wrote: > Stephen R Marenka wrote: > > On Wed, May 14, 2008 at 01:09:31PM -0500, Stephen R Marenka wrote: > > > >> openssl is built and at . > > > > openssh is built and at

Re: [buildd] Implications of DSA-1571-1

On Wed, May 14, 2008 at 01:09:31PM -0500, Stephen R Marenka wrote: > On Wed, May 14, 2008 at 06:09:29AM +0200, Michael Schmitz wrote: > > Who can still access b.d.o? > > I can. Want me to queue a stack of packages for someone? Looks like I can't any more. > How many keys do we need to get updat

Re: [buildd] Implications of DSA-1571-1

Well, those machines that were installed before etch, should be safe. Can anyone confirm this? Only if you have an RSA key. DSA (as in, Digital Signature Algorithm) keys should be considered compromised, too, since they use the OpenSSL randomizer, which is buggy. q650 has libssl0.9.7 0.9.7e-3s

Re: [buildd] Implications of DSA-1571-1

On Thu, May 15, 2008 at 12:15:37AM +0200, Michael Schmitz wrote: > Hi, > >>> openssl is built and at . >> >> openssh is built and at . >> >> These are both versus etch-m68k. > > Thanks, I'll put that on kullervo. cr

Re: [buildd] Implications of DSA-1571-1

Hi, openssl is built and at . openssh is built and at . These are both versus etch-m68k. Thanks, I'll put that on kullervo. crest is AWOL, did someone try to reboot it? I'm going to reconfigure a build t

Re: [buildd] Implications of DSA-1571-1

On Wed, May 14, 2008 at 09:59:44PM +0200, Petr Stehlik wrote: > Stephen R Marenka píše v St 14. 05. 2008 v 13:09 -0500: > > After this is done I'm going to make a determined effort to get > > etch-m68k and security building. quinn-diff puts us 500 packages out, > > but some of that looks to be chan

Re: [buildd] Implications of DSA-1571-1

On Wed, May 14, 2008 at 10:26:17PM +0200, Luk Claes wrote: > Stephen R Marenka wrote: > > On Wed, May 14, 2008 at 01:09:31PM -0500, Stephen R Marenka wrote: > > > >> openssl is built and at . > > > > openssh is built and at

Re: [buildd] Implications of DSA-1571-1

Stephen R Marenka píše v St 14. 05. 2008 v 13:09 -0500: > After this is done I'm going to make a determined effort to get > etch-m68k and security building. quinn-diff puts us 500 packages out, > but some of that looks to be changes in the override file. I'll find an > aranym box to throw at it. (I

Re: [buildd] Implications of DSA-1571-1

Stephen R Marenka wrote: > On Wed, May 14, 2008 at 01:09:31PM -0500, Stephen R Marenka wrote: > >> openssl is built and at . > > openssh is built and at . If you (re)create the source package (dpkg-source -b) wi

Re: [buildd] Implications of DSA-1571-1

On Wed, May 14, 2008 at 01:09:31PM -0500, Stephen R Marenka wrote: > openssl is built and at . openssh is built and at . These are both versus etch-m68k. I'm going to reconfigure a build to try openssh in sid.

Re: [buildd] Implications of DSA-1571-1

On Wed, May 14, 2008 at 06:09:29AM +0200, Michael Schmitz wrote: >>> >>> ... and can be re-enabled by request. So far I've just found Elgar suffering >>> from this problem. Akire is down at the moment and needs a reboot. >>> Arrakis, Vivaldi and Spice seem to be unaffected because they were install

Re: [buildd] Implications of DSA-1571-1

On Tue, May 13, 2008 at 08:00:53PM +0200, Ingo Juergensmann wrote: > Hi! > > http://lists.debian.org/debian-security-announce/2008/msg00152.html > > The latest SSL remote "problem" has some serious issues for the buildds: > > | Permission denied (publickey,keyboard-interactive). > | May 13 18:0

Re: [buildd] Implications of DSA-1571-1

... and can be re-enabled by request. So far I've just found Elgar suffering from this problem. Akire is down at the moment and needs a reboot. Arrakis, Vivaldi and Spice seem to be unaffected because they were installed before 2006-09-17. vivaldi's been having trouble accessing b.d.o, so I gra

Re: [buildd] Implications of DSA-1571-1

On Tue, May 13, 2008 at 11:20:49PM +0200, Ingo Juergensmann wrote: > On Tue, May 13, 2008 at 10:51:43PM +0200, Michael Schmitz wrote: > > >> Well, those machines that were installed before etch, should be safe. Can > >> anyone confirm this? > > Should be (they should use OpenSSL 0.9.6c or some suc

Re: [buildd] Implications of DSA-1571-1

Should be (they should use OpenSSL 0.9.6c or some such), but they have been disabled anyway. kullervo uses openssl (0.9.8c-4), crest has no openssl, but libssl0.9.8 (0.9.8c-4), so I assume both are affected. They were reinstalled just before I brought them to Hamburg, since they received new dis

Re: [buildd] Implications of DSA-1571-1

*sigh* Is there already a fixed version available in etch-m68k? We'll yet have to build that, I'm afraid. Anyone on it already? Stephen said, he's working on that for etch-m68k. I started a build on crest, kullervo does not let me install packages, somebody has the lock? But I am afraid I won

Re: [buildd] Implications of DSA-1571-1

Hi, Well, those machines that were installed before etch, should be safe. Can anyone confirm this? Should be (they should use OpenSSL 0.9.6c or some such), but they have been disabled anyway. ... and can be re-enabled by request. So far I've just found Elgar suffering It's been a while sinc

Re: [buildd] Implications of DSA-1571-1

On Tue, May 13, 2008 at 11:20:49PM +0200, Ingo Juergensmann wrote: > On Tue, May 13, 2008 at 10:51:43PM +0200, Michael Schmitz wrote: > > >> Well, those machines that were installed before etch, should be safe. Can > >> anyone confirm this? > > Should be (they should use OpenSSL 0.9.6c or some suc

Re: [buildd] Implications of DSA-1571-1

On Tue, May 13, 2008 at 10:51:43PM +0200, Michael Schmitz wrote: >> Well, those machines that were installed before etch, should be safe. Can >> anyone confirm this? > Should be (they should use OpenSSL 0.9.6c or some such), but they have > been disabled anyway. ... and can be re-enabled by req

Re: [buildd] Implications of DSA-1571-1

Hi, The latest SSL remote "problem" has some serious issues for the buildds: | Permission denied (publickey,keyboard-interactive). | May 13 18:02:27 buildd: wanna-build --list=needs-build --dist=unstable | failed; status 255/0 Because of all *.d.o machines have disabled SSH pub key logins now,

[buildd] Implications of DSA-1571-1

Hi! http://lists.debian.org/debian-security-announce/2008/msg00152.html The latest SSL remote "problem" has some serious issues for the buildds: | Permission denied (publickey,keyboard-interactive). | May 13 18:02:27 buildd: wanna-build --list=needs-build --dist=unstable | failed; status 255/0