* Anthony Towns:
>> Viewed this way, wordpress definitely appears to have one of the /highest/
>> rates of security holes for webapps of its class.
>
> 14 bugs per year versus 12 for moodle and phpbb2 doesn't seem that big
> a difference to me.
>
> I'm not sure that bug counts like this are really
* Anthony Towns:
> I don't agree with making a decision to go against an IETF standard
RFC 3484 is not an IETF standard.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
* Clint Adams:
> On Tue, Sep 18, 2007 at 08:41:45PM +0200, Kurt Roeckx wrote:
>> glibc is the only implementation I know of that does this.
>
> I have heard, though not confirmed first-hand, that modern
> versions of FreeBSD, Windows, and Solaris do as well.
FreeBSD 6.2-RELEASE doesn't do it. An
* Anthony Towns:
> FreeBSD 6.2, Jan 2007: stable, but not rule 9
>
> 10:00 {'96.96.96.96': 1000}
> 10:00 what os?
> 10:00 Python 2.4.3 (#2, Nov 8 2006, 23:56:15)
> 10:00 FreeBSD 6.2-RELEASE-p5 i386 SMP-GENERIC
> 10:34 aj: it was 172.16.x.x, nat'd behind 203.y.y.y
On FreeBSD 6.2,
* Kurt Roeckx:
> - A simular case is that you have 2 segments, 1.0.0.0/24 and 1.0.1.0/24,
> and you add a 1.0.0.2 and 1.0.1.2. Now you want clients to connect
> to the one from it's own segment, and fall back to the other if it
> fails.
>
> In this case rule 9 might be useful. But I woul
* Anthony Towns:
> Updating the proposed standard has not been tried.
Just to give you an idea of the time scale involved: moving RFC 3484
to HISTORIC (which is the most likely result, at least for the Rule 9
part) will take at least a year.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a
* Marc Haber:
> On Sat, Dec 01, 2007 at 07:34:58PM +0200, Jari Aalto wrote:
>> >From Admin's point of view dealing with symlinks is much more
>> uncomfortable to control the initial start/stop status.
>
> If one is not comfortable with a sysvinit scheme, one should not be
> adminning a Debian syst
* Kurt Roeckx:
> On Sun, Dec 02, 2007 at 10:10:38PM +, Ian Jackson wrote:
>> Florian Weimer writes ("Re: Bug#412976 repoened - reassign tech-ctte
>> (mixmaster /etc/default/*)"):
>> > Really? Won't upgrades re-enable disabled services if update-rc.d
* Bdale Garbee:
> The second is whether it's acceptable for a Debian package to
> *require* a specific username.
There are a couple of setuid binaries which might have problems
switching to a more flexible scheme. I fear such a requirement might
actually reduce overall security.
--
To UNSUBSC
* Kurt Roeckx:
> For those that didn't notice this yet, 2.7-5 reverted the change of
> 2.7-4. So testing and unstable uses rule 9 again.
I'm confused. Was this intentional?
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
* Ian Jackson:
> On the other hand, the behaviour of a round robin honouring host
> depends on the frequency of DNS retries, past network topology
> history, etc., in a way that may be difficult to predict.
Sure, but round-robin behavior is not tied to the bit pattern of
addresses, so it's less l
* Kalle Kivimaa:
> Steve Langasek writes:
>> Can you expand here on the consequences of ignoring RFC1894? I'm aware that
>> qmail delivery failure mails look different (and, I might argue,
>> gratuitously so) than those of other mail systems, but does this cause
>> interoperability problems for
* Steve Langasek:
> On Tue, Feb 03, 2009 at 08:32:20AM +, Gerrit Pape wrote:
>> 2.1 I'd suggest not to change that, it's a good compromise between
>> performance and reliability.
>
> 2.1. Bounce message contents are not crash-proof.
>
> Qmail does not value the contents of a bounce messa
* Simon McVittie:
> That package might have been ioquake3, which needs the jpeg_mem_src from
> libjpeg8 (I think it was actually added in libjpeg7) to allow decoding
> JPEGs from a memory buffer instead of a libc FILE*. I suspect that's
> a somewhat common use-case, and it isn't part of the libjpe
* Theodore Ts'o:
> The most basic is the idea that whether you can control (via shell
> scrpit fragments) whether or not a service should start at all, and
> what options or environments should be enabled by pasing some file.
Curiously, a lot of system administrators do not do this correctly
usin
* Josselin Mouette:
> Le mardi 17 décembre 2013 à 12:26 -0800, Russ Allbery a écrit :
>> > Is there actually any implementation other than glib2.0 and libdbus that
>> > would be affected by a switch to kdbus?
>>
>> This is an interesting question. Josselin, is GNOME (for example) likely
>> to ac
* Adrian Bunk:
> On Wed, Oct 05, 2016 at 10:00:53AM -0400, Sam Hartman wrote:
>>...
>> I think it's clear that the TC believes that this package is not DFSG
>> free.
>> I think it's clear that the TC believes perl would be better if the
>> situation was improved.
>> I thought it was clear we belie
* Moritz Mühlenhoff:
> * Follow a scheme similar to Firefox ESR where in case of a security
> the update either happens to the latest minor release of
> the current branch or if that has stopped, happens to the next
> major release. To map this to specific k8s releases: Let's assume bullseye
* Moritz Mühlenhoff:
> On Sun, Nov 08, 2020 at 10:49:31PM +0100, Florian Weimer wrote:
>> * Moritz Mühlenhoff:
>>
>> > * Follow a scheme similar to Firefox ESR where in case of a security
>> > the update either happens to the latest minor release of
>>
* Elana Hashman:
> You and the original report mention "tooling issues". Can you please
> provide some examples of tools that do not currently support working
> with compressed symbols and the resulting effects on developer workflow?
dwz still can't process compressed debuginfo sections, I think.
20 matches
Mail list logo
