On 06/28/2013 02:42 PM, Thomas Goirand wrote:
> On 06/28/2013 02:29 PM, Thomas Goirand wrote:
>> Package: wnpp
>> Severity: wishlist
>> Owner: Thomas Goirand
>>
>> * Package name: pytz
>> Version : 2013b
>> Upstream Author : Stuart Bishop
>> * URL : https://pypi.python.
On 06/28/2013 02:29 PM, Thomas Goirand wrote:
> Package: wnpp
> Severity: wishlist
> Owner: Thomas Goirand
>
> * Package name: pytz
> Version : 2013b
> Upstream Author : Stuart Bishop
> * URL : https://pypi.python.org/pypi/pytz
> * License : Apache-2
> Progra
Package: wnpp
Severity: wishlist
Owner: Thomas Goirand
* Package name: pytz
Version : 2013b
Upstream Author : Stuart Bishop
* URL : https://pypi.python.org/pypi/pytz
* License : Apache-2
Programming Lang: Python
Description : World timezone definitions,
Paul Tagliamonte wrote:
> On Fri, Jun 28, 2013 at 12:58:20PM +1000, Erik de Castro Lopo wrote:
> > Does this only work for dput-ng thats currently in git?
>
> Nope, all versions of dput-ng have had this support :)
>
> It's just some DDs are reluctent to change the devel setup, so they do
> have
On Thu, Jun 27, 2013 at 8:54 PM, Erik de Castro Lopo
wrote:
> Where is the new procedure for giving Debian Maintainers upload privileges
> documented?
I just took a quick stab at this:
http://wiki.debian.org/DebianMaintainer?action=diff&rev2=119&rev1=118
Feel free to expand on it if needed.
Th
Paul Tagliamonte wrote:
> On Fri, Jun 28, 2013 at 12:58:20PM +1000, Erik de Castro Lopo wrote:
> > Does this only work for dput-ng thats currently in git?
>
> Nope, all versions of dput-ng have had this support :)
>
> It's just some DDs are reluctent to change the devel setup, so they do
> have
On Fri, Jun 28, 2013 at 12:58:20PM +1000, Erik de Castro Lopo wrote:
> Does this only work for dput-ng thats currently in git?
Nope, all versions of dput-ng have had this support :)
It's just some DDs are reluctent to change the devel setup, so they do
have the option of running it in place if th
Paul Tagliamonte wrote:
> It's not, really. It's a new command using the dak commands interface
> (the same one that `dcut(1)` uses to rm / cancel uploads), so, it's only
> natural that it's usable with dcut :)
>
> Currently, only dput-ng supports this, you can invoke `dcut` from
> dput-ng in-pla
On Fri, Jun 28, 2013 at 10:31:47AM +0800, Paul Wise wrote:
> On Fri, Jun 28, 2013 at 9:39 AM, Paul Tagliamonte wrote:
>
> > Some examples from the man page:
> >
> >$ dcut dm --uid "Paul Tagliamonte" --allow glibc
> >$ dcut dm --uid 0x0DEFACED --allow glibc linux --deny kfreebsd9
>
> Uhh,
On Fri, Jun 28, 2013 at 9:39 AM, Paul Tagliamonte wrote:
> Some examples from the man page:
>
>$ dcut dm --uid "Paul Tagliamonte" --allow glibc
>$ dcut dm --uid 0x0DEFACED --allow glibc linux --deny kfreebsd9
Uhh, that should be changed to use the full fingerprint, please don't
teach peop
On Fri, Jun 28, 2013 at 10:54:37AM +1000, Erik de Castro Lopo wrote:
> Hi all,
Greets, Erik,
>
> Where is the new procedure for giving Debian Maintainers upload privileges
> documented?
It's not, really. It's a new command using the dak commands interface
(the same one that `dcut(1)` uses to rm
Hi all,
Where is the new procedure for giving Debian Maintainers upload privileges
documented?
I have found this:
https://lists.debian.org/debian-devel-announce/2012/09/msg8.html
but that is a mailing list post and unfortunately fails as documentation.
Even the DM wiki page points to th
The following is a listing of packages for which help has been requested
through the WNPP (Work-Needing and Prospective Packages) system in the
last week.
Total number of orphaned packages: 489 (new: 7)
Total number of packages offered up for adoption: 153 (new: 3)
Total number of packages request
Le Thu, Jun 27, 2013 at 10:28:15AM -0400, Alexandre Rebert a écrit :
>
> > I wished the respective report would have been sent to the upstream
> > developers,
> > not to Debian. We could have been a second resort when upstream does not
> > react to the reports (not unlikely, admittedly). Now, the
> BTW, the mails you have been sending with links to the crashes have
> been going to publicly archived lists, not sure if you meant for that
> to happen though?
>
I don't think the Mayhem team is at all to blame for that: we seemingly simply
don't have the necessary information in place.
For m
On 27/06/13 21:44, Florian Weimer wrote:
> * Daniel Pocock:
>
>> However, are such issues at the discretion of package maintainers and
>> upstream, or is it useful to have a uniform Debian approach to
>> cryptographic strength?
>
> Keep in mind that RFC 4880 (OpenPGP) hard-codes SHA-1 in severa
* Daniel Pocock:
> However, are such issues at the discretion of package maintainers and
> upstream, or is it useful to have a uniform Debian approach to
> cryptographic strength?
Keep in mind that RFC 4880 (OpenPGP) hard-codes SHA-1 in several
places, notably for key fingerprints. If there's a
On Thursday 27 June 2013 11:19:40 Alexandre Rebert wrote:
> > I do not think that you should try to implement this immediately but
> > from a Debian Maintainers point of view we now could present a case
> > where it makes perfectly sense to use DEP5 formated copyright files and
> > if we try to do
> I do not think that you should try to implement this immediately but
> from a Debian Maintainers point of view we now could present a case
> where it makes perfectly sense to use DEP5 formated copyright files and
> if we try to do this more strictly future tests could profit from it.
For our pur
On Thu, Jun 27, 2013 at 9:25 AM, Andreas Tille wrote:
> The Debian Med team was flooded by about 50 mails which is hard to cope
> in two weeks.
You shouldn't have received that many emails. If we decide to report
more bugs in the future (depending on the reactions from the
community), we will mak
Hi Alexandre,
On Thu, Jun 27, 2013 at 10:28:15AM -0400, Alexandre Rebert wrote:
> I agree with you that it would have been best to contact upstream
> developers instead of package maintainers. I couldn't find a tool
> listing upstream developers for a given package however, and that's
> why we con
On Thu, Jun 27, 2013 at 5:11 AM, Aron Xu wrote:
> I wonder whether you have checked where the crash is caused, you have
> sent several mails to me for every binary in your test run, but in
> dmesg.txt you provided all of them are from the very same library.
> This will cause lots of duplicates, an
Hi
> I wished the respective report would have been sent to the upstream
> developers,
> not to Debian. We could have been a second resort when upstream does not
> react to the reports (not unlikely, admittedly). Now, the Debian maintainer
> sees the findings two weeks before the bug is made publ
> One such crash was reported on a small fluxbox tool to be manually run,
> which used $HOME blindly. When it ran, it segfaulted, which is a bug,
> yes.
>
> However, it's not security, and to see the bug tagged 'security' was
> troubling - what oversight do you have to prevent the security team to
On Thu, Jun 27, 2013 at 3:30 AM, Paul Wise wrote:
> BTW, the mails you have been sending with links to the crashes have
> been going to publicly archived lists, not sure if you meant for that
> to happen though?
I realize only now that many emails (about 20% in our case), that are
listed as pack
Hi,
On Thu, Jun 27, 2013 at 03:15:17PM +0200, "Steffen Möller" wrote:
>
> I wished the respective report would have been sent to the upstream
> developers,
> not to Debian. We could have been a second resort when upstream does not
> react to the reports (not unlikely, admittedly). Now, the Debia
> Gesendet: Donnerstag, 27. Juni 2013 um 14:21 Uhr
> Von: "Paul Tagliamonte"
> An: "Alexandre Rebert"
> Cc: debian-devel@lists.debian.org
> Betreff: Re: Reporting 1.2K crashes
>
> On Tue, Jun 25, 2013 at 01:28:10AM -0400, Alexandre Rebert wrote:
> > I am a security researcher at Carnegie Mellon
Package: wnpp
Severity: wishlist
Owner: Samuel Thibault
* Package name: opari2
Version : 1.0.7
Upstream Author : Bernd Mohr
* URL : http://www.vi-hps.org/Tools/OPARI2.html
* License : BSD3
Programming Lang: C, C++, Fortran
Description : OpenMP Pragma An
There have been various discussions about GnuPG's default use of SHA1, e.g.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=612657
which impacts the archive pseudo-package but is also relevant for the
gnupg* packages
However, are such issues at the discretion of package maintainers and
upstre
BTW folks there is another tool (bfbtester) already in Debian that
does some testing of binaries for issues like crashes with long
argument strings or environment variables and also insecure tmpfile
usage. I'm running it on package uploads along with some other tools.
http://packages.debian.org/si
On Tue, Jun 25, 2013 at 01:28:10AM -0400, Alexandre Rebert wrote:
> I am a security researcher at Carnegie Mellon University, and my team
> has found thousands of crashes in binaries downloaded from debian
> wheeze packages. After contacting ow...@bugs.debian.org, Don Armstrong
^^ wheezy :)
Hi,
On 27/06/13 at 12:34 +0200, Wouter Verhelst wrote:
> On 25-06-13 07:28, Alexandre Rebert wrote:
> > Hi,
> >
> > I am a security researcher at Carnegie Mellon University, and my team
> > has found thousands of crashes in binaries downloaded from debian
> > wheeze packages.
>
> Out of interest
On 25-06-13 07:28, Alexandre Rebert wrote:
> Hi,
>
> I am a security researcher at Carnegie Mellon University, and my team
> has found thousands of crashes in binaries downloaded from debian
> wheeze packages.
Out of interest, can you elaborate on the methodology you used in trying
to find these
On Wed, Jun 26, 2013 at 5:37 AM, Alexandre Rebert
wrote:
> Hi,
>
>> I understand. But two weeks might be a bit too short for the majority
>> of those crashes. Many upstream authors don't get paid for working on
>> their software.
>
> I first want to clarify the purpose of the two-week delay to mak
Package: wnpp
Severity: wishlist
Owner: Thomas Goirand
* Package name: python-jsonrpclib
Version : 0.1.3
Upstream Author : Josh Marshall
* URL : https://pypi.python.org/pypi/jsonrpclib
* License : Apache-2.0
Programming Lang: Python
Description : imple
BTW, the mails you have been sending with links to the crashes have
been going to publicly archived lists, not sure if you meant for that
to happen though?
--
bye,
pabs
http://wiki.debian.org/PaulWise
--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubs
On 26-06-13 03:46, Yasuhiro Araki wrote:
> P.S.2
> I hope to attend f2f meeting at debconf2013.
> But unfortunately I cannot attend it.
> If teleconf, and other way meetings are open, I would like to join from
> Japan.
I don't know where that meeting will be on the schedule; but if it is in
a roo
37 matches
Mail list logo
