Package: wnpp
Severity: wishlist
Owner: Mo Zhou
X-Debbugs-Cc: debian-devel@lists.debian.org
* Package name: simdutf
Version : 6.2.0
* URL : https://github.com/simdutf/simdutf
* License : Apache-2.0 OR MIT
Programming Lang: C++
Description : Unicode valida
On 14/02/2025 22:10, Iustin Pop wrote:
Hi,
I have a package that, in the extract source step, generates very large
"artifacts" - I guess this is the actual source code. And this fails, of
course (https://salsa.debian.org/debian/doc-rfc/-/jobs/7091134):
I raised an issue for this here
https://
Hi,
I have a package that, in the extract source step, generates very large
"artifacts" - I guess this is the actual source code. And this fails, of
course (https://salsa.debian.org/debian/doc-rfc/-/jobs/7091134):
$ du -sh
2.0G.
Uploading artifacts...
/builds/debian/doc-rfc/debian/output/: fo
On Fri, 14 Feb 2025 17:12:48 +, Colin Watson
wrote:
>On Fri, Feb 14, 2025 at 03:28:35PM +0100, Marc Haber wrote:
>> Especially if the list just goes the (wrong) way of so many commercial
>> security tools and/or consultants who just compare version numbers and
>> flag our stable versions as vu
Santiago Ruano Rincón writes:
> Any thoughts?
I'm sure there are things up near the top of the list that do need a
closer look, but picking a package that I'm responsible for:
> 0, 1, openqa, (4.6.1732034221.ae34b08ff -> 4.6.1739296030.77d38ef),
by the time you get down that far, it's probably
On Fri, Feb 14, 2025 at 03:28:35PM +0100, Marc Haber wrote:
> Especially if the list just goes the (wrong) way of so many commercial
> security tools and/or consultants who just compare version numbers and
> flag our stable versions as vulnerable regardless whether we have
> patched vulnerabilities
On Fri, Feb 14, 2025 at 02:44:47PM +0100, Chris Hofstaedtler wrote:
> Just having the list does not add anything new. All software can
> have security bugs, so this list devolves to "packages that are not
> uptodate wrt to upstream".
I'm not sure that's quite right. It's a _prioritized_ list of
On Fri, 14 Feb 2025 14:44:47 +0100, Chris Hofstaedtler
wrote:
>* Santiago Ruano Rincón [250213 20:21]:
>> Here attached you can find a list of packages that have ever had a
>> security issue **and** whose packaged version is not "up to date",
>> according to the uscan results. It is sorted by the
On Feb 13, Vincent Danjean wrote:
> In addition, I do not see how snapshotting of full FS can be correctly
> supported, unless all other softwares are stopped while dpkg is running.
>
> What if a database records some transactions while dpkg is running. What
> would happen at rollback ?
Th
* Santiago Ruano Rincón [250213 20:21]:
> Here attached you can find a list of packages that have ever had a
> security issue **and** whose packaged version is not "up to date",
> according to the uscan results. It is sorted by the number of currently
> open CVEs in sid (the first "column"), and b
On Thu Feb 13, 2025 at 8:57 PM GMT, Paul Gevers wrote:
You might also want to somehow take activity on the package into
account.
Absolutely. E.g. the new OpenJDK 11 package came out a week ago. It
would be interesting to see which packages in the list have a much
larger gap, such as years.
11 matches
Mail list logo
