Package: wnpp
Severity: wishlist
Owner: Matthew Grant
* Package name: dms
Version : 1.0
Upstream Author : Matthew Grant
* URL : http://mattgrant.net.nz/software/dms
* License : GPL3
Programming Lang: Python
Description : DNS Management System
DNS Mana
On Thu, Mar 06, 2014 at 07:51:28AM +0800, Paul Wise wrote:
> On Thu, Mar 6, 2014 at 3:03 AM, Moritz Muehlenhoff wrote:
>
> > * We're planning to request for hidepid to be enabled by default (to 1).
> > This will squash an entire class of information leaks. If you have any
> > comments or objec
On Thu, Mar 6, 2014 at 12:33 PM, Matthias Klose wrote:
> This should not be enabled in the distro itself, and if, then not before it
> can
> be enabled upstream. From my point of view it was a mistake to enable it this
> way before getting this upstream. However it is a lot of work to get the
>
Am 06.03.2014 02:00, schrieb Paul Wise:
>> * The distribution hardening using dpkg-buildflags is coming along
>> nicely.
>
> Unfortunately this doesn't apply to binaries compiled outside of the
> package building system. It would be great if we could adopt the
> Ubuntu approach of just enabling
Package: wnpp
Severity: wishlist
Owner: Miriam Ruiz
* Package name: glamour
Version : 1.0.0
Upstream Author : Nelson do Vale
* URL : https://launchpad.net/glamour
* License : Code/Art: Public Domain. Music: DFSG-Free
Programming Lang: Python
Description
On Thu, Mar 06, 2014 at 12:54:00AM +0100, Vincent Danjean wrote:
> I'm not sure I will let this setup (hidepid=1) on my computers. My
> current POV (that can change) is that I prefer to be able to do the
> maximum of thing as a normal user (top, ps, read log (I'm in the
> adm group), ...) ans swi
Paul Wise writes:
> Perhaps we could encourage those submitting security bugs to
> X-Debbugs-CC the oss-sec list?
I don't think the list would really appreciate that. Most of the CVE
requests it currently gets have been vetted by either a developer of the
software or by the security team of a d
A lot of this is really great news, thanks for your work!
On Thu, Mar 6, 2014 at 3:03 AM, Moritz Muehlenhoff wrote:
> * In some cases source packages get renamed, These
> renames currently need to be tracked manually. We're planning to
> automate these. If anyone wants to help and impleme
On 05/03/2014 22:33, Jakub Wilk wrote:
> * Guido Günther , 2014-03-05, 20:54:
>> I looked at the docs and as I read them this would affect uid 0 as well.
>
> Luckily this is not the case. :) root can see other users' /proc
> entries just fine. Perhaps the documentation should be improved.
So, i
On Thu, Mar 6, 2014 at 3:03 AM, Moritz Muehlenhoff wrote:
> * We're planning to request for hidepid to be enabled by default (to 1).
> This will squash an entire class of information leaks. If you have any
> comments or objections, please get in touch with us.
Apparently this breaks suspend w
* Guido Günther , 2014-03-05, 20:54:
* We're planning to request for hidepid to be enabled by default (to
1). This will squash an entire class of information leaks. If you have
any comments or objections, please get in touch with us.
For the lazy, this is documentation for hidepid:
hidepid=0
Package: wnpp
Severity: wishlist
Owner: Florian Schlichting
* Package name: libposix-strftime-compiler-perl
Version : 0.31
Upstream Author : Masahiro Nagano
* URL : https://metacpan.org/release/POSIX-strftime-Compiler
* License : GPL-1+, Artistic
Programming
Hi,
the work of the security team is very, very much appreciated!
On Wed, Mar 05, 2014 at 08:03:01PM +0100, Moritz Muehlenhoff wrote:
> * We're planning to request for hidepid to be enabled by default (to 1).
> This will squash an entire class of information leaks. If you have any
> comments o
On Wed, Mar 05, 2014 at 08:29:37AM +0100, Ondrej Surý wrote:
> On Tue, Mar 4, 2014, at 21:33, Gunnar Wolf wrote:
> > Ondrej Surý dijo [Tue, Mar 04, 2014 at 08:10:47PM +0100]:
> > > On Mon, Mar 3, 2014, at 19:13, Gunnar Wolf wrote:
> > > > As keyring maintainers, we no longer consider 1024D keys to
Le 05/03/2014 15:05, Jeremy T. Bouse a écrit :
> I would tend to side more with Odyx here in that the keys are still
> considered trustworthy enough to be in the keyring but we're encouraging
> moving to stronger keys and no longer accepting these keys to be
> included.
Yes, this was my thoughts,
Package: wnpp
Severity: wishlist
Owner: "Sandro Knauß"
* Package name: python-srs
Version : 0.30.11
Upstream Author : Stuart Gathman
* URL : http://bmsi.com/python/pysrs.html
* License : Python License (CNRI Python License)
Programming Lang: Python
Descrip
Package: wnpp
Severity: wishlist
Owner: Klee Dienes
* Package name: madgwick-ahrs
Version : 0.0.20120219-1
Upstream Author : Sebastian Madgwick
* URL : http://www.x-io.co.uk/open-source-imu-and-ahrs-algorithms
* License : CC-SA 3.0
Programming Lang: C
Descr
On 05.03.2014 04:01, Didier 'OdyX' Raboud wrote:
Le mercredi, 5 mars 2014, 10.47:07 Paul Wise a écrit :
On Wed, Mar 5, 2014 at 1:55 AM, Xavier Roche wrote:
> I have a rather silly question: would a mail (signed with this
key)
> request to the DDs who already signed the initial key (and checked
Package: wnpp
Severity: wishlist
Owner: "Barak A. Pearlmutter"
* Package name: colpack
Version : 1.0.9
Upstream Author : Alex Pothen
* URL : http://www.cscapes.org/coloringpage/
* License : LGPL-3+
Programming Lang: C++
Description : Specialized graph
On 05/03/14 09:09, Florian Ernst wrote:
> Hello all,
>
> On Tue, Mar 04, 2014 at 03:49:25PM +0100, Daniel Pocock wrote:
>> The rsyslog mongodb output module and the PHP mongodb modules are now in
>> wheezy-backports. This would appear to be sufficient to do something like:
>>
>> rsyslog => mon
Le 05/03/2014 10:01, Didier 'OdyX' Raboud a écrit :
> Le mercredi, 5 mars 2014, 10.47:07 Paul Wise a écrit :
>> On Wed, Mar 5, 2014 at 1:55 AM, Xavier Roche wrote:
>>> I have a rather silly question: would a mail (signed with this key)
>>> request to the DDs who already signed the initial key (and
On 04/03/14 18:04, Nicolas Dandrimont wrote:
> * Daniel Pocock [2014-03-04 15:49:25 +0100]:
>
>> I didn't see any existing package of LogAnalyzer from Adiscon, the
>> people who make rsyslog - is there any specific reason for not packaging
>> it or it is just not something anybody needed yet? It
Le mercredi, 5 mars 2014, 10.47:07 Paul Wise a écrit :
> On Wed, Mar 5, 2014 at 1:55 AM, Xavier Roche wrote:
> > I have a rather silly question: would a mail (signed with this key)
> > request to the DDs who already signed the initial key (and checked
> > the identity) to sign the replacement key c
Hello all,
On Tue, Mar 04, 2014 at 03:49:25PM +0100, Daniel Pocock wrote:
> The rsyslog mongodb output module and the PHP mongodb modules are now in
> wheezy-backports. This would appear to be sufficient to do something like:
>
> rsyslog => mongodb => loganalyzer
>
> Has anybody else tried
24 matches
Mail list logo
