On Sat,12.Jul.08, 06:12:33, Joe Smith wrote:
> However, if the security updates come from trusted security mirrors rather
> than
> a general mirror, that attack would fail too. So with the exception of Sid or
> Testing users that do not use the testing-security system to receive security
> updat
On Fri, Jul 11, 2008 at 10:52:36PM -0700, Russ Allbery wrote:
> Russ Allbery <[EMAIL PROTECTED]> writes:
> > Well, it's an RC bug (violation of the must in Policy 9.3.2) for the
> > stop action of an init script to fail if the daemon is not running,
> > which is fairly serious. I think it could w
Florian Weimer deneb.enyo.de> writes:
>
> * Ron Johnson:
>
> >
http://www.cs.arizona.edu/people/justin/packagemanagersecurity/attacks-on-package-managers.html
> >
> > What are people's thoughts on this?
>
> HTTPS doesn't help against non-trusted mirrors.
>
> The difficult question is how to t
Russ Allbery <[EMAIL PROTECTED]> writes:
> Well, it's an RC bug (violation of the must in Policy 9.3.2) for the
> stop action of an init script to fail if the daemon is not running,
> which is fairly serious. I think it could well warrant a stable update
> if it's causing problems for upgrades to
Charles Plessy <[EMAIL PROTECTED]> writes:
> It seems that some packaged daemons use a combination of scripts that
> sometimes makes them difficult to remove on Etch:
>
> - prerm stops the daemon and exits if it fails
This is generally correct. If the daemon can't shut down cleanly,
continuing
Hi all,
It seems that some packaged daemons use a combination of scripts that
sometimes makes them difficult to remove on Etch:
- prerm stops the daemon and exits if it fails
- /etc/init.d/package stops the daemon using start-stop-daemon and
fails if it was not running.
As a result, if the
Brian <[EMAIL PROTECTED]> writes:
[…]
Brian, the questions you asked are best asked on
[EMAIL PROTECTED] I'll follow up with some answers
there.
--
\ “People's Front To Reunite Gondwanaland: Stop the Laurasian |
`\ Separatist Movement!” —wiredog, http://kuro5hin.org/ |
_
Q1)
What's the difference between Build-Depends-Indep and Build-Depends?
I am creating a new package.
* The source package requires i386 to build and has many dependencies.
* The binary package is architechure independent and has no dependencies.
How should I use Build-Depends?
I was thinking:
B
On Sat, Jul 12, 2008 at 02:19:58AM +0200, Frank Lichtenheld wrote:
> While testing some updates to my gtkpod/libgpod packages I noticed that
> I couldn't actually play any songs anymore from my iPod. Which worked
> fine some weeks ago.
> I traced the error back to a change in kernel 2.6.25: Appar
On Fri, Jul 11, 2008 at 09:11:57PM -0400, James Vega wrote:
> On Sat, Jul 12, 2008 at 02:19:58AM +0200, Frank Lichtenheld wrote:
> > Hi.
> >
> > While testing some updates to my gtkpod/libgpod packages I noticed that
> > I couldn't actually play any songs anymore from my iPod. Which worked
> > fin
Per Andersson <[EMAIL PROTECTED]>:
> On Sun, Jun 29, 2008 at 5:20 PM, Steve McIntyre <[EMAIL PROTECTED]> wrote:
> > 8. Publicise more clearly the places where new people could help
> > out. I'm commonly asked by people how they could get involved in
> > Debian, or what tasks most urgently need
Ralf Hildebrandt <[EMAIL PROTECTED]>:
> * Martijn van Oosterhout <[EMAIL PROTECTED]>:
> > On Tue, Jul 8, 2008 at 2:37 AM, Joey Hess <[EMAIL PROTECTED]> wrote:
> > > http://sourceware.org/bugzilla/show_bug.cgi?id=4980
> >
> > I just find it wierd that there doesn't appear to be a single person
> >
["Followup-To:" header set to linux.debian.devel.]
sean finney <[EMAIL PROTECTED]>:
> On Tuesday 08 July 2008 06:40:05 pm Steve Langasek wrote:
>
> > Ulrich made the change, and he's not exactly known for giving helpful
> > explanations. Apparently he thinks bug ping-pong is a better use of his
On Sat, Jul 12, 2008 at 02:19:58AM +0200, Frank Lichtenheld wrote:
> Hi.
>
> While testing some updates to my gtkpod/libgpod packages I noticed that
> I couldn't actually play any songs anymore from my iPod. Which worked
> fine some weeks ago.
>
> I traced the error back to a change in kernel 2.6
On Sat, 12 Jul 2008, Frank Lichtenheld wrote:
> On Fri, Jul 11, 2008 at 11:48:03AM -0400, Michael Casadevall wrote:
> > Maybe a check should be added to APT to flag a warning if there has been no
> > updates for a significant period of time? That way if a mirror ever does
> > that, its more detect
On Fri, Jul 11, 2008 at 11:48:03AM -0400, Michael Casadevall wrote:
> Maybe a check should be added to APT to flag a warning if there has been no
> updates for a significant period of time? That way if a mirror ever does
> that, its more detectable.
That really doesn't make any sense for stable us
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
It doesn't have to have updated packages, maybe have something like this
APT-Ping: *timestamp*
and then push out a new packages file with just an updated timestamp in it.
Michael
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comme
Hi.
While testing some updates to my gtkpod/libgpod packages I noticed that
I couldn't actually play any songs anymore from my iPod. Which worked
fine some weeks ago.
I traced the error back to a change in kernel 2.6.25: Apparently vfat
file system can now become case sensitive in some cases
("FA
* Bastian Venthur [Thu, 10 Jul 2008 11:39:16 +0200]:
> Thanks for the hint, unfortunately that didn't help. I've rebuild
> python-qt3 with CXXFLAGS="-Wall -g -O0" but rng is still segfaulting.
> There is also no bugreport in python-qt3 indicating that someone else
> has this problem.
FWIW se
[Jonas Meurer]
> Forwarding the mail to debian-devel. Are there any objections by
> developers against rsyslog as default syslog daemon?
No objection. Just a small report that Debian Edu already switched to
rsyslog for our Lenny based version, and it seem to work just fine.
Because debootstrap cl
OoO Pendant le temps de midi du vendredi 11 juillet 2008, vers 12:18,
Lucas Nussbaum <[EMAIL PROTECTED]> disait :
> The problem I see with that is that people will be left without a
> supported dom0 kernel at some point during the etch lifetime. Do we have
> a plan to address that? Shouldn't we
On Sun, 29 Jun 2008 16:20:00 +0100, Steve McIntyre wrote:
> As you may remember, back before I started the DPL job I promised to
> run a survey.
Thanks for your work!
> 2. On the flip side of that, I'd also like to ask the members of the
>teams that are acknowledged to perform well to help
Wouter Verhelst dijo [Wed, Jul 09, 2008 at 12:12:23AM +0200]:
> The separation of a Debian menu and a "desktop" menu has been seen by
> some as a feature. I remember a post on Planet Debian by one of the
> GNOME maintainers (although I don't recall who it was) who explicitly
> said that he would no
On 11/07/2008 Carl Fürstenberg wrote:
> On Fri, Jul 11, 2008 at 17:25, Stephen Gran <[EMAIL PROTECTED]> wrote:
> >
> > I think it would be helpful to use the previous 400 discussions of the
> > same topic as a starting point, and only bring it up again if there are
> > new arguments.
>
> Have prob
On Fri, Jul 11, 2008 at 17:25, Stephen Gran <[EMAIL PROTECTED]> wrote:
>
> I think it would be helpful to use the previous 400 discussions of the
> same topic as a starting point, and only bring it up again if there are
> new arguments.
Have problem finding such discussion. Do you have any referen
* Ron Johnson:
> http://www.cs.arizona.edu/people/justin/packagemanagersecurity/attacks-on-package-managers.html
>
> What are people's thoughts on this?
HTTPS doesn't help against non-trusted mirrors.
The difficult question is how to tell an APT source which is not updated
regularly from an APT
Maybe a check should be added to APT to flag a warning if there has been no
updates for a significant period of time? That way if a mirror ever does
that, its more detectable.
Michael
On Fri, Jul 11, 2008 at 8:55 AM, Steinar H. Gunderson <
[EMAIL PROTECTED]> wrote:
> On Fri, Jul 11, 2008 at 07:36:
This one time, at band camp, Carl Fürstenberg said:
> Per an discussion in IRC about removal of user or groups when purging
> packages, I though of asking for comments about a proposal of updating
> the policy.
>
> Basically the idea is that, if a package is creating an user or an
> group, that is
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Per an discussion in IRC about removal of user or groups when purging
packages, I though of asking for comments about a proposal of updating
the policy.
Basically the idea is that, if a package is creating an user or an
group, that is dynamically allo
Package: wnpp
Severity: wishlist
Owner: "Krzysztof Krzyżaniak (eloy)" <[EMAIL PROTECTED]>
* Package name: libgetopt-long-descriptive-perl
Version : 0.074
Upstream Author : http://search.cpan.org/dist/Getopt-Long-Descriptive/
* URL : Hans Dieter Pearcey <[EMAIL PROTECTE
hi everybody..!
i am trying to add my personal menu in the gnome menu and kde menu.
so i have created a my.menu and the .directory and associated a .desktop.
This is OK in KDE
BUT
In gnome, the my.menu in /etc/xdg/menus/applications-merged don't seems
to be read
does anybody have alre
Vincent Lefevre wrote:
> Depending on the environment makes the system less predictable.
So does accepting input from the keyboard and network.
Also, I've found that systems without a regular input of electrons have
a much more reliable behavior.
--
see shy jo
signature.asc
Description: Digit
On Thu, Jul 10, 2008 at 11:37:10AM +0200, Andreas Tille wrote:
>> Do you have the right kernel and libc installed?
>
> What is "the right" kernel / libc???
>
> $ uname -a
> Linux wr-linux02 2.6.22-3-686 #1 SMP Sun Feb 10 20:20:49 UTC 2008 i686
> GNU/Linux
>
> It was installed via the the Debian ke
On Fri, Jul 11, 2008 at 02:40:17PM +0200, Andreas Tille wrote:
> On Fri, 11 Jul 2008, Manuel Prinz wrote:
> >With these fixes it still did not build on my system. I needed to change
> >the Build-Depends on lib64z1-dev into zlib1g-dev to get it to build in a
> >clean pbuilder chroot.
> Well, I gue
On Fri, Jul 11, 2008 at 07:36:44AM -0500, Ron Johnson wrote:
> http://www.cs.arizona.edu/people/justin/packagemanagersecurity/attacks-on-package-managers.html
>
> What are people's thoughts on this?
It's been known for quite a while. (I asked one of the guys publishing it,
and he was fully aware
On Fri, 11 Jul 2008, Manuel Prinz wrote:
With these fixes it still did not build on my system. I needed to change
the Build-Depends on lib64z1-dev into zlib1g-dev to get it to build in a
clean pbuilder chroot.
Well, I guess that lib64z1-dev will not exist for amd64 and that this
whole mess is
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
http://www.cs.arizona.edu/people/justin/packagemanagersecurity/attacks-on-package-managers.html
What are people's thoughts on this?
- --
Ron Johnson, Jr.
Jefferson LA USA
"Kittens give Morbo gas. In lighter news, the city of New New
York is doome
Hi Andreas!
Am Dienstag, den 08.07.2008, 14:26 +0200 schrieb Andreas Tille:
> On Mon, 7 Jul 2008, William Pitcock wrote:
>
> > If you do build-depends on gcc-multilib and g++-multilib, it should fix
> > this problem.
>
> As I said it fixes the build problem - but now I have a package with a
> no
On 11/07/08 at 12:18 +0200, Lucas Nussbaum wrote:
> Hi,
>
> On 11/07/08 at 11:24 +0200, Bastian Blank wrote:
> > > - all major distros shipped with "full" Xen support
> >
> > RHEL5/FC8 are 2.6.18 based and ships full support. SLES10 is 2.6.16 based
> > and ships full support. FC9 is 2.6.24 based
On Fri, Jul 11, 2008 at 12:18:51PM +0200, Lucas Nussbaum wrote:
> On 11/07/08 at 11:24 +0200, Bastian Blank wrote:
> > Anything else can be considered more or less broken.
> It seems that Ubuntu 8.04 shipped with a 2.6.24 domU. So Ubuntu is
> the only distro shipping a dom0 based on Linux >> 2.6.18
On 7/11/08, Julien Cristau <[EMAIL PROTECTED]> wrote:
> On Fri, Jul 11, 2008 at 14:07:02 +0400, Sergei Golovan wrote:
> > I'd like to ask if there are plans to update x11proto-core to version
> > 7.0.13 before lenny release?
>
> No, x11proto-core in lenny will be 7.0.12.
OK. Then there's no hurr
Hi,
On 11/07/08 at 11:24 +0200, Bastian Blank wrote:
> > - all major distros shipped with "full" Xen support
>
> RHEL5/FC8 are 2.6.18 based and ships full support. SLES10 is 2.6.16 based
> and ships full support. FC9 is 2.6.24 based and ships only domU support.
> Anything else can be considered m
On Fri, Jul 11, 2008 at 14:07:02 +0400, Sergei Golovan wrote:
> Hi!
>
> I'd like to ask if there are plans to update x11proto-core to version
> 7.0.13 before lenny release?
>
No, x11proto-core in lenny will be 7.0.12.
Cheers,
Julien
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subjec
Hi!
I'd like to ask if there are plans to update x11proto-core to version
7.0.13 before lenny release?
Upstream maintainers have added a new event GenericEvent which breaks
Tk toolkit because Tk uses hardcoded event numbers and adds its own
events (see [1]). Gentoo system is already affected (see
Ian Campbell schreef:
> On Thu, 2008-07-10 at 21:53 +0200, Lucas Nussbaum wrote:
>> Hi,
>>
>> AFAIK, the status of Xen in lenny is currently the following:
>> - no dom0 kernel
>> - domU kernel only for i386 (no domU kernel for amd64)
>>
>> I was told (I don't remember where) that this is because th
On Thu, Jul 10, 2008 at 09:53:25PM +0200, Lucas Nussbaum wrote:
> AFAIK, the status of Xen in lenny is currently the following:
> - no dom0 kernel
Yep. There are some preliminary patches but they break non-paravirt
usage for now.
> - domU kernel only for i386 (no domU kernel for amd64)
x86_64 is
Package: wnpp
Severity: wishlist
Owner: Nathaniel Wesley Filardo <[EMAIL PROTECTED]>
* Package name: darcs-server
Version : 0.0.20070209
Upstream Author : Daan Leijen
* URL : http://www.equational.org/darcs-server/
* License : BSD
Programming Lang: Perl, Haske
On Thu, 2008-07-10 at 21:53 +0200, Lucas Nussbaum wrote:
> Hi,
>
> AFAIK, the status of Xen in lenny is currently the following:
> - no dom0 kernel
> - domU kernel only for i386 (no domU kernel for amd64)
>
> I was told (I don't remember where) that this is because the vanilla
> kernel only suppo
48 matches
Mail list logo
