Package: wnpp
Severity: wishlist
Owner: Dan Bungert
X-Debbugs-Cc: debian-devel@lists.debian.org, danielbung...@gmail.com
* Package name: gnome-shell-extension-pop-shell
Version : 1.2.0
Upstream Author : System76
* URL : https://github.com/pop-os/shell
* License
On Thu, Sep 2, 2021 at 10:39 PM Phil Morrell wrote:
> Over this last year there seems to have been a noticeable divergence of
> maintainer opinion, on what has become known as vendoring
Embedded copies of code/etc have downsides ...
https://wiki.debian.org/EmbeddedCopies
> It is my reading of t
Quoting Phil Morrell (2021-09-03 03:30:04)
> On Fri, Sep 03, 2021 at 02:46:20AM +0200, Jonas Smedegaard wrote:
> > First of all, thanks for compiling the list of reasonings.
>
> Thanks for taking the time to read through it, I was hoping it would
> be a useful observation.
>
> > I get the impres
On Thu, Sep 2, 2021 at 9:06 PM Ansgar wrote:
> Accessing www.debian.org will also not work on such systems (and unlike
> deb.d.o that does not even offer non-https). It's not Debian's problem.
The Tor onion services offer alternatives to the https PKI:
https://onion.debian.org/
> Is replacing d
On Fri, Sep 03, 2021 at 02:46:20AM +0200, Jonas Smedegaard wrote:
> First of all, thanks for compiling the list of reasonings.
Thanks for taking the time to read through it, I was hoping it would be
a useful observation.
> I get the impression that you are framing current state of embedding as
>
On Thu, 2021-09-02 at 15:53 +, Bastien Roucariès wrote:
> A few year ago I have created the privacy-breach lintian checks in
> order to detect trackers in our doc
>
> I think we are losing the battle here.
These lintian checks are a good start, but they are just heuristics
that cannot detect
On Fri, Sep 03, 2021 at 01:03:35AM +0200, Jérémy Lal wrote:
> - should a package debian/control list bundled dependencies to make
> sure to avoid duplications ?
Maybe? I noted in my final paragraph that Fedora has a mechanism for
this that we don't, but perhaps Provides is sufficient.
> - when a
Quoting Bastien Roucariès (2021-09-02 23:45:30)
> Perl is an option I implemented the privacy breach test in perl. The
> problem is I prefer to drop a debian/package.privacy.xslt file in the
> package instead of asking maintainer to code the removal of privacy
> problems...
>
> Generic one coul
Hi Phil,
First of all, thanks for compiling the list of reasonings.
I get the impression that you are framing current state of embedding as
a generally good thing to do, and if I understand that correctly then I
disagree with it.
I suspect that it helps if separating reasons for _encouraging_
The following is a listing of packages for which help has been requested
through the WNPP (Work-Needing and Prospective Packages) system in the
last week.
Total number of orphaned packages: 1226 (new: 4)
Total number of packages offered up for adoption: 205 (new: 2)
Total number of packages reques
Package: wnpp
Severity: wishlist
Owner: Ben Westover
X-Debbugs-Cc: debian-devel@lists.debian.org
* Package name: proton-caller
Version : 2.3.2
Upstream Author : Ben Westover
* URL : https://github.com/caverym/proton-caller/
* License : GPL-3+
Programming Lan
Le ven. 3 sept. 2021 à 00:39, Phil Morrell a écrit :
> Over this last year there seems to have been a noticeable divergence of
> maintainer opinion, on what has become known as vendoring, from a strict
> reading of [policy 4.13]. I think it's notable that the heading is
> [Embedded] copies and wa
Over this last year there seems to have been a noticeable divergence of
maintainer opinion, on what has become known as vendoring, from a strict
reading of [policy 4.13]. I think it's notable that the heading is
[Embedded] copies and was [Convenience] copies since its inception,
thankfully I found
Le jeudi 2 septembre 2021, 16:11:48 UTC Jonas Smedegaard a écrit :
> Quoting Bastien Roucariès (2021-09-02 17:53:18)
>
> > A few year ago I have created the privacy-breach lintian checks in
> > order to detect trackers in our doc
> >
> > I think we are losing the battle here.
> >
> > I believe t
On Thu, 2021-09-02 at 21:26 +0200, Simon Richter wrote:
> As it is now, I can install a Debian system where no X.509
> certificate authorities are trusted.
That doesn't change with the proposal?
> - If I deselect all CAs in the configuration dialog of the
> ca-certificates package, what mechan
Hi,
On 02.09.21 03:22, Hideki Yamane wrote:
Providing "default secure setting" is good message to users.
The TLS layer is not part of the security model, so we'd be teaching
users to look for the wrong thing, kind of like the "encrypted with SSL"
badges on web pages in the 90ies.
We hav
On 2021-09-02 12:27:34 -0400 (-0400), Roberto C. Sánchez wrote:
[...]
> In this context, it might make sense to describe using HTTPS as
> the transport for APT operations is providing "default
> confidentiality".
Which, as similarly discussed, it really doesn't do either (because
of deterministic
On Thu, Sep 02, 2021 at 04:08:37PM +, Jeremy Stanley wrote:
> On 2021-09-02 10:22:15 +0900 (+0900), Hideki Yamane wrote:
> [...]
> > Providing "default secure setting" is good message to users.
> [...]
>
> As previously covered, I'd suggest steering clear of referring to
> this as adding "def
Quoting Bastien Roucariès (2021-09-02 17:53:18)
> A few year ago I have created the privacy-breach lintian checks in
> order to detect trackers in our doc
>
> I think we are losing the battle here.
>
> I believe that we need better tools than sed in order to fix this kind
> of problem.
>
> I h
On 2021-09-02 10:22:15 +0900 (+0900), Hideki Yamane wrote:
[...]
> Providing "default secure setting" is good message to users.
[...]
As previously covered, I'd suggest steering clear of referring to
this as adding "default security." That implies APT wasn't already
effectively secure over plain
Hi,
A few year ago I have created the privacy-breach lintian checks in order to
detect trackers in our doc
I think we are losing the battle here.
I believe that we need better tools than sed in order to fix this kind of
problem.
I have some idea like:
- read the html tree
- convert the html t
21 matches
Mail list logo
