Lars Wirzenius wrote:
> On Thu, Feb 02, 2012 at 05:09:42PM +, PICCA Frédéric-Emmanuel wrote:
> > In that case you got his kind of piuparts error [1], if you did not
> > remove the homedir of the previously added user.
> >
> > What is the right fice for this ?
>
> The proper way to fix this is
On Fri, Feb 03, 2012 at 12:27:40AM +0100, Josselin Mouette wrote:
> Le jeudi 02 février 2012 à 19:11 +, brian m. carlson a écrit :
> > The mime-support solution is part of Policy. It is a perfectly working,
> > fully-implemented solution.
>
> This is a blatant lack of knowledge of the curr
On 02/03/2012 01:28 AM, Christoph Anton Mitterer wrote:
> But this wouldn't solve our discussion here... the question would
> still be open, whether Debian sets this flag or not, or whether it
> makes two binary packages.
Now that's something I didn't read from Ondřej's mail, but delivering
the pa
Tanguy Ortolo wrote:
> Packages can currenctly declared dependencies on specific versions of
> other packages, with simple relations: <<, <=, =, >= and >>. For
> instance:
> Package: xul-ext-adblock-plus
> Depends: iceweasel (>= 3.6.13) | iceape (>= 2.1) | …
>
> While this is sufficient fo
Package: wnpp
Severity: wishlist
Owner: "Yao Wei (魏銘廷)"
* Package name: gcin
Version : 2.7.1
Upstream Author : Edward Der-Hua Liu
* URL : http://hyperrate.com/dir.php?eid=67
* License : LGPL2
Programming Lang: C
Description : GTK+ based input method pl
Hi,
I'm currently maintaining alone the following source packages:
libnatpmp, minissdpd, miniupnpc and miniupnpd
For that last one, I've just sent an ITP, since it finally becomes
possible to build it in Debian (and the packaging is already done,
sitting in my public_git on Alioth). MiniUPnPd is
On Fri, 3 Feb 2012, Christoph Anton Mitterer wrote:
> Wasn't it once the case with PaX that packages have to be compiled
> specially? Or some ELF headers added or so?
Some shared libraries have code which can't be run without an executable
stack, it's a small number of libraries that are written
Hello Lists:
May I add that there are also packages waiting for a sponsor for uploading ?
Cheers,
Jerome
On 03/02/12 01:26, w...@debian.org wrote:
The following is a listing of packages for which help has been requested
through the WNPP (Work-Needing and Prospective Packages) system in the
las
On Fri, 2012-02-03 at 00:34 +, Ben Hutchings wrote:
> There is an easy way to benefit from it.
Well still the user wouldn't know how to configure it...
Actually I must admit that I haven't followed PaX/grsec now for some
time (mainly due to the deb package being always out of date in sid).
Was
The following is a listing of packages for which help has been requested
through the WNPP (Work-Needing and Prospective Packages) system in the
last week.
Total number of orphaned packages: 395 (new: 1)
Total number of packages offered up for adoption: 150 (new: 0)
Total number of packages request
Hey.
First, thanks Ondřej, for bringing this to a wider audience :)
On Thu, 2012-02-02 at 13:55 +0100, Ondřej Surý wrote:
> 1. Suhosin patch has an impact on the speed and memory usage. This has
> been documented and even author admits it [1].
>
> 2. It doesn't help our users when reporting b
On Fri, Feb 03, 2012 at 12:55:59AM +0100, Christoph Anton Mitterer wrote:
> On Thu, 2012-02-02 at 12:18 +1100, Russell Coker wrote:
> > The current approach of having a kernel patch package seems to work well.
> Phew... well there are many people running at >stable... and for
> them it does not
On Thu, 2012-02-02 at 12:18 +1100, Russell Coker wrote:
> The current approach of having a kernel patch package seems to work well.
Phew... well there are many people running at >stable... and for
them it does not... as the package seems more or less orphaned.
Also,.. configuring something com
Russell Coker writes:
> SE Linux is supported in critical packages including the kernel,
> sysvinit, and cron. So any user who wants to use it can just install
> the SE Linux specific packages and rely on the built-in support for SE
> Linux in important base packages.
> This compares to the PHP
On Fri, 3 Feb 2012, Russ Allbery wrote:
> For example, Debian could immediately become a much more secure OS by
> enabling SELinux in enforcing mode on all Debian systems. The reason why
> we don't do this is that currently that tradeoff doesn't make sense; too
> much other stuff doesn't work, to
Le jeudi 02 février 2012 à 19:11 +, brian m. carlson a écrit :
> The mime-support solution is part of Policy. It is a perfectly working,
> fully-implemented solution.
This is a blatant lack of knowledge of the current state of the
distribution.
> If you feel that it is obsolescent or
> ob
Ian Jackson writes:
> Pierre Joye writes:
>> [...] But so far I failed to see other features in Suhosin that we need
>> to implement without having more cons than pros.
> I know nearly nothing about PHP security and nothing about Suhosin.
> But from what I have read in this thread, I find this
Le jeudi 02 février 2012 à 18:59 +0100, Andreas Tille a écrit :
> On Thu, Feb 02, 2012 at 04:52:22PM +0100, Josselin Mouette wrote:
> > > However, to prove your point you need to mention counter examples which
> > > are actually failing to use mime-support or are actually broken because
> > > of u
Package: wnpp
Severity: wishlist
Owner: Thomas Goirand
* Package name: miniupnpd
Version : 1.6.20120121
Upstream Author : Thomas Bernard
* URL : http://miniupnp.free.fr/
* License : BSD
Programming Lang: C
Description : daemon providing UPnP Internet G
unsubscribe
On Sun, Jan 29, 2012 at 1:22 PM, Ben Hutchings wrote:
> Debian 7.0 'wheezy' will include Linux 3.2. This is currently in
> unstable and will soon enter testing.
>
> The kernel team is open to backporting some features from later kernel
> versions, particularly to support newer hardw
On 02/02/12 14:43, Carlos Alberto Lopez Perez wrote:
> On 02/02/12 14:31, Stefan Esser wrote:
>> considering the fact that you write this email the very same day that a
>> remote code execution vulnerability in PHP is found that is easy to exploit
>> from remote and is greatly mitigated by the us
Hi Russ,
On Thu, Feb 02, 2012 at 12:58:03PM -0800, Russ Allbery wrote:
> Michael Biebl writes:
>
> > Show us where mime-support is a required part in policy and then we can
> > talk again.
>
> Policy 9.7 currently says that it's a bug to not support mime-support:
Many thanks for always bringin
On 02.02.2012 21:58, Russ Allbery wrote:
> Anyway, I think this discussion is painful and not likely to change
> anyone's mind, whereas the necessary glue between desktop files and
> mime-support looks like a couple of days of work. I'm currently playing
> with the idea of writing a spec and post
Michael Biebl writes:
> Show us where mime-support is a required part in policy and then we can
> talk again.
Policy 9.7 currently says that it's a bug to not support mime-support:
Packages which provide the ability to view/show/play, compose, edit or
print MIME types should register th
On 02/03/2012 01:59 AM, Stas Malyshev wrote:
> You seem to advocate the approach in which
> performance and convenience can and should be sacrificed to security.
> It is a matter of opinion
Something I don't get here. If there's this issue, and
different tastes, why can't a build flag be used, so
Processing commands for cont...@bugs.debian.org:
> reassign 658139 general
Bug #658139 [evince] evince: missing mime entry
Bug reassigned from package 'evince' to 'general'.
> tags 658139 - patch
Bug #658139 [general] evince: missing mime entry
Removed tag(s) patch.
> retitle 658139 generate mailc
On 02.02.2012 20:11, brian m. carlson wrote:
> The mime-support solution is part of Policy. It is a perfectly working,
...
> As a package maintainer, you're going to have to support some things you
> don't like. If you hate natural alignment and think sparc is awful, you
Show us where mime-su
On Thu, Feb 02, 2012 at 06:08:33PM +0100, Josselin Mouette wrote:
> Le jeudi 02 février 2012 à 16:12 +, Ian Jackson a écrit :
> > The correct approach it is not to unilaterally decide to do switch to
> > some other half-implemented system, remove support for the previously
> > working machiner
Stefan Esser wrote:
> And there are many many good reasons, why Suhosin must be external to PHP.
> The most obvious one is that the code is clearly separated, so that not
> someone of the hundred PHP commiters accidently breaks a safe guard.
That's not a justification to keep it as a patch.
Safe g
On Thu, 02 Feb 2012 18:08:33 +0100, Josselin Mouette wrote:
> Le jeudi 02 février 2012 à 16:12 +, Ian Jackson a écrit :
> > The correct approach it is not to unilaterally decide to do switch to
> > some other half-implemented system, remove support for the previously
> > working machinery, an
Josselin Mouette writes ("Re: Breaking programs because a not yet implemented
solution exists in theory (Was: Bug#658139: evince: missing mime entry)"):
> Le jeudi 02 février 2012 à 16:12 +, Ian Jackson a écrit :
> > The correct approach it is not to unilaterally decide to do switch to
> > so
Hi!
I know that for many years you have not understood the idea behind
Suhosin, the concept of exploit mitigations.
I think we have a difference of approaches here, and it is well known.
There's more or less a consensus among PHP dev that to introduce a
feature, especially with high user perfo
On Thu, Feb 02, 2012 at 04:52:22PM +0100, Josselin Mouette wrote:
> > However, to prove your point you need to mention counter examples which
> > are actually failing to use mime-support or are actually broken because
> > of using mime-support.
>
> Are you trying to troll, or do you actually not k
OoO En cette nuit striée d'éclairs du jeudi 02 février 2012, vers 02:21,
Russell Coker disait :
>> However, a low profile container/virtualization solution is needed, and I
>> know there is quite some demand for it: both some larger scale
>> organisations and several smaller/non-profit organisati
On Thu, Feb 02, 2012 at 05:09:42PM +, PICCA Frédéric-Emmanuel wrote:
> > We had a conversation (here I think) last year about whether programs
> > should be trying to automatically remove users in their postrm. IIRC
> > the conclusion of that discussion the answer was that they should not,
> >
> We had a conversation (here I think) last year about whether programs
> should be trying to automatically remove users in their postrm. IIRC
> the conclusion of that discussion the answer was that they should not,
> at least in the default case.
> We should double check this, before you submit
Hi,
I'd be happy to help, if you don't find any better suited candidate
(if you have volunteers who are more expert than me, by all means go
for them!!) I definitely have made it to plenty of debconfs, and sure
hope to continue the trend.
Thanks,
Guido
--
To UNSUBSCRIBE, email to debian-devel
Le jeudi 02 février 2012 à 16:12 +, Ian Jackson a écrit :
> The correct approach it is not to unilaterally decide to do switch to
> some other half-implemented system, remove support for the previously
> working machinery, and demand that bug submitters write the
> compatibility code.
The cor
[resent with 7-bit headers. apologies for any mangled names:]
Pierre Joye writes ("Re: [PHP-DEV] Suhosin patch disabled by default in Debian
php5 builds"):
> [...] But so far I failed to see other features in Suhosin that we
> need to implement without having more cons than pros.
I know nearly n
Josselin Mouette writes ("Re: Breaking programs because a not yet implemented
solution exists in theory (Was: Bug#658139: evince: missing mime entry)"):
> Le jeudi 02 février 2012 à 15:51 +0100, Jonas Smedegaard a écrit :
> > The "issue" here (or at least at the dawn of this thread) is that some
Bernd Zeimetz writes:
> On 01/31/2012 10:37 PM, Ben Hutchings wrote:
> [...]
>> If anyone wishes to volunteer to maintain VServer in Debian - you are
>> very welcome, but please start by addressing the bugs filed against
>> them in squeeze and reviewing the existing conflicts. If you can
>> prov
On Thu, Feb 2, 2012 at 4:49 PM, Pierre Joye wrote:
> hi Stefan,
>
> On Thu, Feb 2, 2012 at 3:14 PM, Stefan Esser wrote:
> > Hello Pierre,
> >
> >> About the current flaw affecting 5.3/4, PHP and suhosin had bugs, and
> >> will have bugs. This is not really hot news. That does not affect this
> >
On Thu, 2012-02-02 at 09:29 +0200, Jonathan Carter (highvoltage) wrote:
[...]
> We tried the 2.6.32 VZ kernel on squeeze / wheezy / lucid / precise -
> and it works.
That's what I would expect, but it's good to know.
> We have a PPA[1] for our experimental packages too. We
> might run into bugs
hi Stefan,
On Thu, Feb 2, 2012 at 3:14 PM, Stefan Esser wrote:
> Hello Pierre,
>
>> About the current flaw affecting 5.3/4, PHP and suhosin had bugs, and
>> will have bugs. This is not really hot news. That does not affect this
>> discussion.
>
> I know that for many years you have not understood
Le jeudi 02 février 2012 à 16:43 +0100, Andreas Tille a écrit :
> > The policy
> > might claim it is the recommended way, but only a handful of programs,
> > such as mutt and lynx, actually make use of this information.
>
> Any reason you are leaving out those two programs (see, mc) which were
>
Andreas Beckmann writes ("mass bug filing of 'deluser/delgroup: command not
found' errors detected by piuparts"):
> Most of these errors happen during the 'postrm purge' phase because
> non-essential programs are called by the maintainer script without
> checking their existance.
We had a convers
* Josselin Mouette [120202 16:23]:
> [the usual insults removed] The policy
> might claim it is the recommended way, but only a handful of programs,
> such as mutt and lynx, actually make use of this information.
Or programs like "see" or everything using it that wants to savely run
a program for
On Thu, Feb 02, 2012 at 04:23:01PM +0100, Josselin Mouette wrote:
>
> Claiming that the mime-support system actually works is stretching
> reality as much as a bone who just met Chuck Norris’ fist.
I fail to see a reason to fall back to polemics.
> The policy
> might claim it is the recommended
On Thu, Feb 02, 2012 at 03:14:56PM +0100, Stefan Esser wrote:
> BTW: You should really really look into the history of PHP security and check
> for each of the last 8 years how many features were in Suhosin and later
> merged into PHP because of some nasty security problem.
> You will see that a
Le jeudi 02 février 2012 à 15:51 +0100, Jonas Smedegaard a écrit :
> The "issue" here (or at least at the dawn of this thread) is that some
> package maintainers have chosen to break something that used to work.
Claiming that the mime-support system actually works is stretching
reality as much a
Ohh btw…
> I have walked the bug list for 5.3 mentioning suhosin[2] to actually
> at least partially support what I have just said. I have found few
> bugs where suhosin was causing a problems ([3],[4]) and a handful of
> bugs with "have suhosin, cannot help". I know this isn't (and can't
> be) a
On 12-02-02 at 03:32pm, Josselin Mouette wrote:
> Le jeudi 02 février 2012 à 02:14 +, Wookey a écrit :
> > It wasn't at all obvious that the actual reason was a conspiracy to
> > remove mime file support from evince. Now that I know about it, I'm
> > not very impressed. Andreas has already e
On Donnerstag, 2. Februar 2012, Nico Golde wrote:
> http://thexploit.com/sec/critical-php-remote-vulnerability-introduced-in-fi
> x-for-php-hashtable-collision-dos/
Oh my... :(
sigh.
thanks Stefan, thanks Nico.
--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject
* Carlos Alberto Lopez Perez [2012-02-02 14:46]:
> On 02/02/12 14:31, Stefan Esser wrote:
> > considering the fact that you write this email the very same day that a
> > remote code execution vulnerability in PHP is found that is easy to
> > exploit from remote and is greatly mitigated by the us
Le jeudi 02 février 2012 à 02:14 +, Wookey a écrit :
> It wasn't at all obvious that the actual reason was a conspiracy to
> remove mime file support from evince. Now that I know about it, I'm
> not very impressed. Andreas has already expressed this annoyance so I
> won't say it again.
Being
Hello Pierre,
> About the current flaw affecting 5.3/4, PHP and suhosin had bugs, and
> will have bugs. This is not really hot news. That does not affect this
> discussion.
I know that for many years you have not understood the idea behind Suhosin, the
concept of exploit mitigations.
The only r
Hi Stefan,
On Thu, Feb 2, 2012 at 2:31 PM, Stefan Esser wrote:
> Hello Ondřej,
>
>> My personal feeling is that most people see suhosin as "this is about
>> security, thus it must be good". This combined with bad PHP security
>> history makes everybody feel insecure when suhosin was removed, but
Hello Ondřej,
> My personal feeling is that most people see suhosin as "this is about
> security, thus it must be good". This combined with bad PHP security
> history makes everybody feel insecure when suhosin was removed, but
> the real question is if the suhosin is still really helping with PHP
On 02/02/12 14:31, Stefan Esser wrote:
> considering the fact that you write this email the very same day that a
> remote code execution vulnerability in PHP is found that is easy to exploit
> from remote and is greatly mitigated by the use of Suhosin you look pretty
> stupid. (In case of usage
Crossposting to php-internals too since those are the guys who receive
the bugreports...
Debian unstable packages has recently disabled suhosin patch by
default (it is still kept as optional part which could be enabled at
compile time).
I am trying to summarize the reasons why I have decided to d
Hi,
I'm planning to file bugs against all packages that currently fail the
piuparts test with a 'deluser/delgroup: command not found' error in
wheezy and sid.
Currently 17 binary packages from 15 source packages are affected.
Most of these errors happen during the 'postrm purge' phase because
non
On Thu, Feb 02, 2012 at 12:10:17PM +0100, Cyril Brulebois wrote:
> Mike Hommey (02/02/2012):
> > As discussed on irc, if you instead do iceweasel-api-3.6, iceweasel-api-4.0,
> > etc. you end up having crazy dependencies like:
> > Depends: iceweasel-api-3.6 | iceweasel-api-4.0 | iceweasel-api-5.0 |
Package: wnpp
Severity: wishlist
Owner: "Gonéri Le Bouder"
* Package name: libfusioninventory-agent-task-deploy-perl
Version : 1.0.9901
Upstream Author : Gonéri Le Bouder
* URL : http://www.fusioninventory.org/
* License : GPL, Perl
Programming Lang: Perl
Mike Hommey (02/02/2012):
> As discussed on irc, if you instead do iceweasel-api-3.6, iceweasel-api-4.0,
> etc. you end up having crazy dependencies like:
> Depends: iceweasel-api-3.6 | iceweasel-api-4.0 | iceweasel-api-5.0 |
> iceweasel-api-6.0 | ... | iceweasel-api-11.0 | iceape-api-2.1 |
> icea
On Thu, Feb 02, 2012 at 11:33:01AM +0100, Mike Hommey wrote:
> On Thu, Feb 02, 2012 at 11:14:43AM +0100, Alexander Reichle-Schmehl wrote:
> > Hi!
> >
> > Am 02.02.2012 10:54, schrieb Tanguy Ortolo:
> > > Packages can currenctly declared dependencies on specific versions of
> > > other packages, wi
On Thu, Feb 02, 2012 at 11:14:43AM +0100, Alexander Reichle-Schmehl wrote:
> Hi!
>
> Am 02.02.2012 10:54, schrieb Tanguy Ortolo:
> > Packages can currenctly declared dependencies on specific versions of
> > other packages, with simple relations: <<, <=, =, >= and >>. For
> > instance:
> > Pack
Hi!
Am 02.02.2012 10:54, schrieb Tanguy Ortolo:
> Packages can currenctly declared dependencies on specific versions of
> other packages, with simple relations: <<, <=, =, >= and >>. For
> instance:
> Package: xul-ext-adblock-plus
> Depends: iceweasel (>= 3.6.13) | iceape (>= 2.1) | …
>
>
On Thu, Feb 02, 2012 at 09:39:46AM +0100, Thomas Koch wrote:
> some time ago I started to collect hints for upstream developers on a wiki
> page:
>
> http://wiki.debian.org/Java/UpstreamHints
This is helpful. However, I do not see a point in advertising Git in
this specific content. It is not
Packages can currenctly declared dependencies on specific versions of
other packages, with simple relations: <<, <=, =, >= and >>. For
instance:
Package: xul-ext-adblock-plus
Depends: iceweasel (>= 3.6.13) | iceape (>= 2.1) | …
While this is sufficient for most cases, it does not cover one
Package: wnpp
Severity: wishlist
Owner: medhamsh
* Package name: rudecgi
Version : 5.0.0
Upstream Author : Matthew Flood
* URL : http://www.rudeserver.com/cgiparser/index.html
* License : (GPL)
Programming Lang: (C++)
Description : C++ parser library
On 02.02.2012 02:21 Russell Coker wrote:
> Are there many users who need root containment but who won't have the
> resources to run Xen or KVM when the support for Squeeze ends?
I am convinced there are several hosting providers and NGOs who use
linux-vservers for (amongst other) the purpose of r
On Thu, Feb 02, 2012 at 09:39:46AM +0100, Thomas Koch wrote:
> Hi,
>
> some time ago I started to collect hints for upstream developers on a wiki
> page:
>
> http://wiki.debian.org/Java/UpstreamHints
I am Lars Wirzenius and I approve of this page.
However, http://wiki.debian.org/UpstreamGuide
Hi,
some time ago I started to collect hints for upstream developers on a wiki
page:
http://wiki.debian.org/Java/UpstreamHints
The page is intended for the audience of upstream developers who care that
their software be included in a distribution and would be willing to do their
part to make
73 matches
Mail list logo
