Re: Debian installer level 1 - danish translation

Quoting Anders Jenbo (and...@jenbo.dk): > Hi i was handed "Debian installer level 1" to translate, I completed it > back in 6 of December, 2009. but i have not been able to get in contact > with the person who has the danish commit privileges for Debian since > then. > > the following is to emails

Re: [RFH] Debian 2.6.32 CONFIG_WIRELESS_OLD_REGULATORY, wireless-regdb and crda

On Wed, 2010-03-03 at 17:51 -0800, Luis R. Rodriguez wrote: > On Wed, Mar 3, 2010 at 3:50 PM, Peter Samuelson wrote: > > > > [Luis R. Rodriguez] > >> BTW -- while we're on the topic of 2.6.32 and the next Debian > >> release, and 802.11, do you guys ship iw by default yet? > > > > It's available (

Depends: libapt-pkg-libc ... which is a virtual package

It seems for us experimental archive users, most of the year we see e.g., The following packages have unmet dependencies: aptitude: Depends: libapt-pkg-libc6.9-6-4.8 which is a virtual package. python-apt: Depends: libapt-inst-libc6.9-6-1.1 which is a virtual package. Depends: li

Re: md5sums files

James Vega writes: > On Thu, Mar 04, 2010 at 02:11:55AM +0100, Harald Braumann wrote: >> I think I was finally able to decipher your message. But my other >> points still hold. And while it is just a matter of programming, simple >> or not, it already exists in debhelper. So doing it at build tim

Re: md5sums files

On Thu, Mar 04, 2010 at 02:11:55AM +0100, Harald Braumann wrote: > I think I was finally able to decipher your message. But my other points > still > hold. And while it is just a matter of programming, simple or not, it already > exists in debhelper. So doing it at build time is SMOAOLTDR, by wh

Re: [RFH] Debian 2.6.32 CONFIG_WIRELESS_OLD_REGULATORY, wireless-regdb and crda

On Wed, Mar 3, 2010 at 3:50 PM, Peter Samuelson wrote: > > [Luis R. Rodriguez] >> BTW -- while we're on the topic of 2.6.32 and the next Debian >> release, and 802.11, do you guys ship iw by default yet? > > It's available (version 0.9.14), but not shipped by default. Can it? Luis -- To UNS

Re: md5sums files

On Wed, Mar 03, 2010 at 06:50:28PM -0600, Peter Samuelson wrote: > > [Harald Braumann] > > On Wed, Mar 03, 2010 at 05:41:26PM -0600, Peter Samuelson wrote: > > > > > > [Harald Braumann] > > > > > Given a .deb, turning the data.tar.gz into foo.md5sums is a SMOP. > > > > > This could be before, dur

Re: md5sums files

[Harald Braumann] > On Wed, Mar 03, 2010 at 05:41:26PM -0600, Peter Samuelson wrote: > > > > [Harald Braumann] > > > > Given a .deb, turning the data.tar.gz into foo.md5sums is a SMOP. > > > > This could be before, during, or after the deb is unpacked. > > > > > If you create the hashes at unpac

Re: Removing the manpage requirement for GUI programs?

On Wed, Mar 03, 2010 at 07:17:14PM +0100, Yves-Alexis Perez wrote: > On 28/02/2010 01:32, Ben Finney wrote: > > Josselin Mouette writes: > > > >> > Yes, I overall agree with your arguments. However having it in the > >> > policy means we get bug reports about manual pages and have to deal > >> >

Re: How KDE uses Htdig

On 2010-03-03, Mats Erik Andersson wrote: > Dear Developers, > My present worry has to do with the fact that KDE has a dependency on Htdig, > and I do not use KDE, nor do I use Gnome, so therefore I _do_ need some > complimentary information on the matter. > > I intend this daily rebuilding to be

Re: Removing the manpage requirement for GUI programs?

2010/2/27 Josselin Mouette : > GUI applications usually take only a few simple command-line options, > and more importantly, when you use a modern development framework, these > options will always be documented correctly with the --help switch. Manuals are not only for documenting command line s

Re: md5sums files

On Wed, Mar 03, 2010 at 05:41:26PM -0600, Peter Samuelson wrote: > > [Harald Braumann] > > > Given a .deb, turning the data.tar.gz into foo.md5sums is a SMOP. > > > This could be before, during, or after the deb is unpacked. > > > If you create the hashes at unpack time, you don't catch errors th

Re: md5sums files

On Wed, Mar 03, 2010 at 03:14:04PM -0800, Russ Allbery wrote: > Harald Braumann writes: > > > Completely agreed. Also, because playing around is always more fun than > > just talking, I've attached a script that signs/verifies binary > > packages. Dpkg doesn't seem to mind the extra files. > > >

Re: [RFH] Debian 2.6.32 CONFIG_WIRELESS_OLD_REGULATORY, wireless-regdb and crda

[Luis R. Rodriguez] > BTW -- while we're on the topic of 2.6.32 and the next Debian > release, and 802.11, do you guys ship iw by default yet? It's available (version 0.9.14), but not shipped by default. -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsub

Bug#572400: ITP: libheimdal-kadm5-perl -- Perl module to administer a Heimdal Kerberos KDC

Package: wnpp Severity: wishlist Owner: Russ Allbery * Package name: libheimdal-kadm5-perl Version : 0.08 Upstream Author : Leif Johansson * URL : http://search.cpan.org/dist/Heimdal-Kadm5/ * License : BSD (3-clause) Programming Lang: Perl/C Description

Re: md5sums files

[Harald Braumann] > > Given a .deb, turning the data.tar.gz into foo.md5sums is a SMOP. > > This could be before, during, or after the deb is unpacked. > If you create the hashes at unpack time, you don't catch errors that > happen during unpack. You mean errors reading the data.tar.gz file? Th

Re: md5sums files

Harald Braumann writes: > Completely agreed. Also, because playing around is always more fun than > just talking, I've attached a script that signs/verifies binary > packages. Dpkg doesn't seem to mind the extra files. > This script signs each file in the package individually, but it could > als

Re: md5sums files

On Wed, Mar 03, 2010 at 04:20:36PM -0500, Michael Gilbert wrote: > On Wed, 03 Mar 2010 21:58:11 +0100, Frank Lin PIAT wrote: > > Signed debs may introduce a fake sense of security (Only apt repository > > provide security updates). By signing packages, user may assume that a > > package is safe whe

How KDE uses Htdig

Dear Developers, I am having a go at preparing a QA upload for the package Htdig, but I need some complimentary information before I can submit this suggestion to mentors.debian.net. It was my work on an RC-bug that lead to the most recent NMU-upload for Htdig. At the moment, my new contribution

Re: [RFH] Debian 2.6.32 CONFIG_WIRELESS_OLD_REGULATORY, wireless-regdb and crda

On Mon, Mar 1, 2010 at 8:39 PM, Paul Wise wrote: > On Tue, 2010-03-02 at 04:44 +0200, Faidon Liambotis wrote: >> Luis R. Rodriguez wrote: >> > Can you guys upstream a package into Debian with a gitweb URL reference? >> If I'm understanding the question correctly, yes. We have Vcs-$VCS (i.e. >> Vcs

Re: Removing the manpage requirement for GUI programs?

Yves-Alexis Perez writes: > On 28/02/2010 01:32, Ben Finney wrote: > > If manpages were useful only for documenting command-line options, > > this would be a valid point. As has been pointed out, though, > > manpages for programs are useful for much more than that. > > But that's why he doesn't p

Re: unreliable buildds for non-free

On 2010-03-03, Joachim Reichel wrote: > What is the recommended procedure to deal with this? Last time I asked > the release team to remove the offending architecture from testing. > Should I simply do that for (almost) every upload? >From now you should only get buildd uploads for builders that

Re: md5sums files

Stefano Zacchiroli writes: > I'm curious about what contributed to this positive change (dh7 and/or > CDBS invoking dh_md5sums by default?), any idea? We added a Lintian tag warning about not having md5sums in that time frame, I think. -- Russ Allbery (r...@debian.org)

Re: md5sums files

On Wed, Mar 03, 2010 at 08:34:27AM +, Philipp Kern wrote: > On 2010-03-03, Neil Williams wrote: > > Changing to SHA won't help. I'm for ditching all md5sums from packages. > > It's not a lot of disc space gained but it does give a false sense of > > security or 'insurance' if you want to avoid

Re: md5sums files

On Wed, Mar 03, 2010 at 08:08:38PM +0100, Bernd Zeimetz wrote: > I think its about time to require to generate checksums for packages > and make all packages which do not do so RC buggy. Well, RC buggy is probably a tad excessive for this release, considering that we are (I hope :)) close to a fre

Re: md5sums files

On Wed, 03 Mar 2010 21:58:11 +0100, Frank Lin PIAT wrote: > On Tue, 2010-03-02 at 18:21 -0800, Russ Allbery wrote: > > Wouter Verhelst writes: > > > > > Or is it useful to be able to say "if it doesn't check out, it's > > > certainly corrupt, and if it does check out, it may be corrupt"? Didn't >

Debian installer level 1 - danish translation

Hi i was handed "Debian installer level 1" to translate, I completed it back in 6 of December, 2009. but i have not been able to get in contact with the person who has the danish commit privileges for Debian since then. the following is to emails, related to this issue. the link that is suposed t

Re: md5sums files

On Wed, 2010-03-03 at 11:37 +, Philipp Kern wrote: > On 2010-03-03, Wouter Verhelst wrote: > > This is where I disagree. When a checksum algorithm is compromised (and > > MD5 *is* compromised), things only ever get worse, not better. Indeed, > > MD5 preimage attacks are pretty hard *today*. Bu

Re: md5sums files

On Tue, 2010-03-02 at 18:21 -0800, Russ Allbery wrote: > Wouter Verhelst writes: > > > Or is it useful to be able to say "if it doesn't check out, it's > > certainly corrupt, and if it does check out, it may be corrupt"? Didn't > > think so. > > I don't understand why you say this. Cryptographi

unreliable buildds for non-free

Hi, often my non-free package does not make the transition to testing because it is missing builds for some architectures. The buildds of these architectures are unreliable in the sense that sometimes they build the package, sometime they don't (try to build it). Therefore, the package does not m

Re: md5sums files

On Wed, Mar 03, 2010 at 02:02:01PM -0600, Peter Samuelson wrote: > > [Julien Cristau] > > > fundamentally, shipping a md5sums file is really just a tradeoff in > > > download size vs. installation speed, not unlike gzip vs. bzip2. One > > > > Only if you assume that disks never fail and thus fil

Re: md5sums files

[Julien Cristau] > > fundamentally, shipping a md5sums file is really just a tradeoff in > > download size vs. installation speed, not unlike gzip vs. bzip2. One > > Only if you assume that disks never fail and thus files never get > corrupted when the package gets unpacked. Given a .deb, turni

Re: md5sums files

Osamu Aoki wrote: > True but debsums can address these issues by system administrator > touch-ups as documented in manpage using: > > * /etc/apt/apt.conf.d/90debsums (debsums >= 2.0.7) > * debsums_init(8) (debsums >= 2.0.34 @ 2007) It's not uncommon to be given an existing system

Re: md5sums files

On Wed, Mar 3, 2010 at 10:05:11 -0600, Peter Samuelson wrote: > fundamentally, shipping a md5sums file is really just a tradeoff in > download size vs. installation speed, not unlike gzip vs. bzip2. One Only if you assume that disks never fail and thus files never get corrupted when the package

Re: md5sums files

Philipp Kern wrote: > On 2010-03-03, Wouter Verhelst wrote: >> This is where I disagree. When a checksum algorithm is compromised (and >> MD5 *is* compromised), things only ever get worse, not better. Indeed, >> MD5 preimage attacks are pretty hard *today*. But switching to something >> more secur

Re: Mass bug filing for python-apt API transition

Am Mittwoch, den 17.02.2010, 12:09 +0100 schrieb Julian Andres Klode: > Hi, > > as some of you already know, python-apt received a new > API (sometimes called 0.8 API). We intent to drop the old API > for Squeeze+1, and thus ask you to upgrade your packages to > use the new API. > > Mass bug fili

Re: Bug#545782: imagemagick-dbg: missing README.Debian to explain how programs are used

Bastien ROUCARIES writes: > Any progress on this bug ? My reading of the general opinion in the discussion (not universal) was that nothing really needed to be done, since gdb just works out of the box with the debugging files. Hence, if one does debugging in the normal way, everything magicall

Re: Removing the manpage requirement for GUI programs?

On 28/02/2010 01:32, Ben Finney wrote: > Josselin Mouette writes: > >> > Yes, I overall agree with your arguments. However having it in the >> > policy means we get bug reports about manual pages and have to deal >> > with them, while they are not the primary source of documentation for >> > comm

Re: md5sums files

On Thu, Mar 04, 2010 at 01:12:26AM +0900, Osamu Aoki wrote: > > > In this day and age of completely and utterly broken MD5[0], I think we > > should stop providing these files, and maybe provide something else > > instead. Like, I dunno, shasums? Or perhaps gpgsigs? But stop providing > > md5sum

Re: md5sums files

Hi, On Wed, Mar 03, 2010 at 03:06:20AM +0100, Wouter Verhelst wrote: > Hello world, > > wou...@celtic:/var/lib/dpkg/info$ ls *md5sums|wc -l > 2340 > wou...@celtic:/var/lib/dpkg/info$ ls *sums|wc -l > 2340 > wou...@celtic:/var/lib/dpkg/info$ dpkg -l|sed -e'1,/=/d'|wc -l > 2483 Here on my syst

Re: md5sums files

On Wed, Mar 03, 2010 at 11:37:17AM +, Philipp Kern wrote: > On 2010-03-03, Wouter Verhelst wrote: > > This is where I disagree. When a checksum algorithm is compromised (and > > MD5 *is* compromised), things only ever get worse, not better. Indeed, > > MD5 preimage attacks are pretty hard *tod

Re: md5sums files

[Wouter Verhelst] > I must say I was somewhat surprised by these numbers. Out of 2483 > packages installed on my laptop, 2340 install md5sums. The surprising part, perhaps, is that dpkg itself didn't just generate the other 143 md5sums files at installation time. I suggested this a long time ago

Re: md5sums files

On Wed, Mar 03, 2010 at 03:16:08PM +0100, Bernhard R. Link wrote: > * Harald Braumann [100303 14:49]: > > But it would be great if the whole chain, from beginning to end, was > > secured, even against a malicious and presumably very powerful attackers. > > Checksums for files coming from packages

Re: md5sums files

On Wed, Mar 03, 2010, Wouter Verhelst wrote: > In this day and age of completely and utterly broken MD5[0], I think we > should stop providing these files, and maybe provide something else > instead. Like, I dunno, shasums? Or perhaps gpgsigs? But stop providing > md5sums. > > Or is it useful to

Re: Bug#555743: dpkg-gencontrol: add support for Description:-s in the Source package stanza

On Tue, Mar 02, 2010, Raphael Hertzog wrote: > The sensible answer is putting this information in the .dsc and thus in > the Sources files. But it means that the file would get somewhat bigger > and it might meant again supplementary changes in the infrastructutre if > people want to see those desc

Re: md5sums files

* Harald Braumann [100303 14:49]: > As a means to check for filesystem corruptions or non-malicious changes, > MD5 is good enough. So until we have something better, I guess they can > stay. I'd even say they should stay. The shorter the hash the more useable. And md5 is the shortest well-defined

Bug#572338: ITP: php-net-whois -- PHP PEAR module for querying whois services

Package: wnpp Severity: wishlist Owner: Dario Minnucci -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 * Package name: php-net-whois Version : 1.0.2 Upstream Author : Seamus Venasse * URL : http://pear.php.net/package/Net_Whois * License : PHP 3.01 Programm

Re: md5sums files

On Wed, Mar 03, 2010 at 02:39:05PM +0100, Harald Braumann wrote: > On Wed, Mar 03, 2010 at 03:06:20AM +0100, Wouter Verhelst wrote: > > In this day and age of completely and utterly broken MD5[0], I think we > > should stop providing these files, and maybe provide something else > > instead. Like,

Re: md5sums files

On Wed, Mar 03, 2010 at 03:06:20AM +0100, Wouter Verhelst wrote: > In this day and age of completely and utterly broken MD5[0], I think we > should stop providing these files, and maybe provide something else > instead. Like, I dunno, shasums? Or perhaps gpgsigs? But stop providing > md5sums. > >

Re: Bug#545782: imagemagick-dbg: missing README.Debian to explain how programs are used

Any progress on this bug ? On Sun, Dec 27, 2009 at 8:26 PM, Nelson A. de Oliveira wrote: > Hi! > > On Sun, Dec 27, 2009 at 10:14 AM, Jari Aalto wrote: >> Repoening, this doesn't address the original bug report titled "missing >> README.Debian to explain how programs are used". Please provide >>

Bug#572325: ITP: xjobs -- reads job descriptions line by line and executes them in parallel

Package: wnpp Severity: wishlist Owner: Stefan Voelkel * Package name: xjobs Version : 20100203 Upstream Author : Thomas Maier-Komor * URL : http://www.maier-komor.de/xjobs.html * License : GPL Programming Lang: C Description : reads job descriptions

Re: md5sums files

On 2010-03-03, Wouter Verhelst wrote: > This is where I disagree. When a checksum algorithm is compromised (and > MD5 *is* compromised), things only ever get worse, not better. Indeed, > MD5 preimage attacks are pretty hard *today*. But switching to something > more secure in preparation for the d

Re: md5sums files

On Wed, Mar 03, 2010 at 03:17:52PM +1100, Erik de Castro Lopo wrote: > Russ Allbery wrote: > > > Wouter Verhelst writes: > > > > > Or is it useful to be able to say "if it doesn't check out, it's > > > certainly corrupt, and if it does check out, it may be corrupt"? Didn't > > > think so. > > >

Re: md5sums files

Mike Hommey writes: > On Wed, Mar 03, 2010 at 08:29:09AM +, Neil Williams wrote: >> On Wed, 3 Mar 2010 08:35:18 +0100 >> Mike Hommey wrote: >> >> > On Wed, Mar 03, 2010 at 06:30:34AM +, Sune Vuorela wrote: >> > > >> > > The md5 sums isn't to be used in case of a break in, as you can't

Re: md5sums files

Erik de Castro Lopo writes: > Russ Allbery wrote: > >> Wouter Verhelst writes: >> >> > Or is it useful to be able to say "if it doesn't check out, it's >> > certainly corrupt, and if it does check out, it may be corrupt"? Didn't >> > think so. >> >> I don't understand why you say this. Crypto

Re: Bug#555743: dpkg-gencontrol: add support for Description:-s in the Source package stanza

Stefano Zacchiroli writes: > On Tue, Mar 02, 2010 at 11:05:14AM +0100, Raphael Hertzog wrote: >> > 0) (Starting intuition) most source package have a description per se, >> >intuitively, that is the same description you'd find on the upstream >> >homepage that made you download a specific

Re: md5sums files

Wouter Verhelst, 2010-03-03 03:06:20 +0100 : [...] > In this day and age of completely and utterly broken MD5[0], I think > we should stop providing these files, and maybe provide something else > instead. Like, I dunno, shasums? Or perhaps gpgsigs? But stop > providing md5sums. > > Or is it use

Re: Bug#555743: dpkg-gencontrol: add support for Description:-s in the Source package stanza

Hello everybody, Le Tue, Mar 02, 2010 at 02:04:56PM +0100, Raphael Hertzog a écrit : > On Tue, 02 Mar 2010, Stefano Zacchiroli wrote: > > On Tue, Mar 02, 2010 at 01:03:57PM +0100, Emilio Pozuelo Monfort wrote: > > > The substvars approach sounds good to me. I think I'd use it quite a lot, > > > sp

Re: md5sums files

On Wed, Mar 03, 2010 at 08:29:09AM +, Neil Williams wrote: > On Wed, 3 Mar 2010 08:35:18 +0100 > Mike Hommey wrote: > > > On Wed, Mar 03, 2010 at 06:30:34AM +, Sune Vuorela wrote: > > > > > > The md5 sums isn't to be used in case of a break in, as you can't trust > > > anything on the sy

Re: md5sums files

On 2010-03-03, Neil Williams wrote: > Changing to SHA won't help. I'm for ditching all md5sums from packages. > It's not a lot of disc space gained but it does give a false sense of > security or 'insurance' if you want to avoid the more formal meaning of > 'security'. Please don't. It's not abo

Re: md5sums files

On Wed, 3 Mar 2010 08:35:18 +0100 Mike Hommey wrote: > On Wed, Mar 03, 2010 at 06:30:34AM +, Sune Vuorela wrote: > > > > The md5 sums isn't to be used in case of a break in, as you can't trust > > anything on the system anyways, but more things like: > > - did I make; sudo make install some