essing, we can only
> do this for smaller applications than something like MariaDB/MySQL due
> the testing effort needed.
They solve completely different problems, though. One handles PAM
sessions, the other handles services.
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
]] Daniel Black
> How User= systemd directives work with lbpam-tmpdir I'm not sure,
> however without a setuid there shouldn't be an invalid TMPDIR env
> variable there.
systemd doesn't start a new PAM session for services, so there's no
interaction there.
--
]] Robie Basak
> On Thu, Nov 10, 2022 at 05:37:53PM +0100, Tollef Fog Heen wrote:
> > I think it's more wide than that: If you change UID, you need to
> > sanitise the environment. Your HOME is likely to be wrong. PATH might
> > very well be pointing at directories
xpectations that maintainer scripts can have
about the environment they're running in, and how do we make those
expectations hold? This should probably then be documented in policy.
Cheers,
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
o
ahead.
Cheers,
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
st denies you reusing the file name and the
uploader gets an error message, I don't know.)
Cheers,
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
of installed packages match what exist in those
sources, or have a passlist in the «receive report» stage on the server
that looks at which distribution is being reported for and validate that
those packages (and possibly versions) exist or have existed in the
past.)
--
Tollef Fog Heen
UNIX is us
sign GPL-ed code,
certainly not GPLv3.
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
]] Hanno 'Rince' Wagner
> Hi everbody,
>
> On Sun, 24 Apr 2022, Tollef Fog Heen wrote:
>
> > I don't think we have docs for running with a different root of trust
> > than MS'. To be honest, I'm not sure we even _should_ have a lot of docs
&g
discover the docs and run with the instructions without understanding
the implications.
As for it being more secure, for that to be a good and meaningful
discussion, we have to agree on what the threat model is. What's the
threat you want to protect against by using your own or Debian's keys?
al» source is available
elsewhere, which means it needs to be somewhere we manage, and treat
source packages as generated artifacts that can't be turned back into
the actual source.
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
urity-sensitive software in C, so I'm going to ask for its removal
unless it's adopted by somebody fairly quickly.
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
l mails from a Debian
> machine via POP? I really would love to separat ma Debian box
> fromothers.
We (debian/DSA) do not provide email hosting. We provide email
forwarding.
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
t using dh is a good thing overall. I should
probably upload it just to get some of the dust off it.)
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
]] Adrian Bunk
> Something will break (like in the mlocate case), and people might only
> start noticing when they are doing fresh installs of buster after the
> release.
Which mlocate case is this?
--
Tollef Fog Heen, mlocate maintainer
UNIX is user friendly, it's just picky
stemd setup; in sysvinit it's in rc2.d,
whereas with systemd it just waits for apparmor.service,
system-random-seed.service and systemd-tmpfiles-setup.service, so the
risk of it being blocked is much smaller.
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
syscalls at all
for it, by logging to an mmap-ed file and using that as a circular
buffer.
While Varnish is certainly an extreme case, I'd be surprised if it's the
only one doing something that doesn't fit into a traditional syslog
model.
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
mething not entirely unlike your option number three,
but without the guarantee part. That's an essential point of the
reproducible builds effort: if you build the same sources, you should
end up with the same binary. A question is how far does that goal
stretch?
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
]] Russ Allbery
> Tollef Fog Heen writes:
>
> > I think we should (over time) aim towards non-reproducible builds being
> > release critical bugs, and I think «builds differently in an unclean
> > chroot» is a class of non-reproducibleness we need to tackle («fails to
&
ine whether or not that bug
> is RC.
Build-Conflicts should ideally only be used when properly fixing what
causes the difference in behaviour to be hard to fix. If it's possible
without expending too much effort, one should rather try to fix what
causes the problem rather than working
put is in.
If people want English output, they should set their locale parameters
appropriately.
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
therwise, this looks like a good idea to me.
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
rrent
setup is wrong.
One problem with providing outbound SMTP service is that we'd end up
with a bunch of user support requests when inevitably something didn't
work. DSA already has enough work to do that we'd rather not have that
extra load.
--
Tollef Fog Heen
UNIX is user friend
l
should be sufficient here:
For the record, the TC expects maintainers to continue to support the
multiple available init systems in Debian. That includes merging
reasonable contributions, and not reverting existing support without
a compelling reason.
Cheers,
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
with nVidia, stuff 3 years old gets dropped from
> the official drivers while 2 years old doesn't get Linux support yet -- and
> nouveau has problems on its own.
es2gears_x11 works fine on my GF116 board (release date: 2011-03-15)
using the proprietary drivers (on an otherwise test
ng most of the WAT/MIA dance. If
people can't be bothered to reply to a single email saying «yup, another
year please» with some reasonable amount of pinging and time to reply,
they are effectively MIA, at least if they haven't let people know on
-private or similar.)
--
Tollef Fog
]] Michael Stone
> On Tue, Oct 23, 2018 at 10:05:35PM +0200, Tollef Fog Heen wrote:
> >We should not be in the business of distributing known-vulnerable
> >software. There are practical considerations around point releases and
> >such which makes this not-really-true for a
is gets converged at each point release. If
you look cdimage.d.o, we are only distributing the latest point release.
I think the same standard should apply to cloud images.
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
nce there's no GPG installed on the system» and let the user know
that? No need to actually disable PGP support.
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
]] Ivan Shmakov
> >>>>> Sune Vuorela writes:
> >>>>> On 2018-10-21, Jonas Smedegaard wrote:
> >>>>> Tollef Fog Heen writes:
>
> [I see I’ve managed to botch References: for the
> news:linux.debian.devel readers; my ap
pends on gnupg. It's the kind of dependencies
that individually make sense, but where libgpgme11 should probably
have a Recommends: gnupg, not Depends.
This is pretty easy to find out by using apt-file show $package and
apt-cache show $package, btw.
--
Tollef Fog Heen
UNIX is user friend
]] Anthony DeRobertis
> This works at least as far back as Wheezy.
IIRC, I wrote the patches for this in the hacklab (aka the
decommissioned church) at Debconf 7 in Edinburgh. Guillem wrote code
based on that, which was merged mid-2010.
--
Tollef Fog Heen
UNIX is user friendly, it
)
Assuming it's small enough, using a pipe (or possibly a FIFO) could
work. That's kernel memory and iirc it won't be swapped out. (I'm
happy to be corrected on this, I'm basing it on what I've heard before
and my recollection of it.)
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
]] Russell Stuart
> On Thu, 2018-06-07 at 18:14 +0200, Tollef Fog Heen wrote:
> > Packages does not imply automation (lots of people maintain machines
> > by logging into each one and running apt by hand and $EDITOR on their
> > configuration files; I suspect this appli
e about. Trying to get
> them to package those few things that they care about deeply is more
> dubious and often doesn't add much value for them.
This is a good point.
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
l their service. DSA has root on the hosts and maintain those,
but we don't run all our services, so we'd rather not be on the critical
path for updating various services (which we'd need to be if those came
from packages).
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
27;s unlikely.
We'd like somebody else to run the service since we already have plenty
enough to do and there's no real reason for it to be something that
needs to be provided by DSA.
Cheers,
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
have yet to
discuss it.)
Cheers,
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
ecursively. Not the most fun job in the
world, but it's at least possible to automate somewhat.
I'm curious what, if anything, we can do to better support the second
model. In particular because (as you note) it's very much in vogue with
lots of upstreams those days.
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
]] Ian Jackson
There is still no need to Cc folks on Debian lists unless explicitly
requested.
> Tollef Fog Heen writes ("Re: udftools, pktsetup and init scripts"):
> >] Pali Rohár
> >
> > > What do you think about moving pktsetup into own binary package?
m take it over. (I'm the maintainer.)
Cheers,
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
kages that the primary effort of
maintaining your package is updating the Standards-Version header then
just don't include it?
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
tion of «on error: exit» is useful, especially for
simplistic control loops.)
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
sidered a
> serious bug.
No, it's not. Not complying with policy is anything from wishlist to
critical all depending.
> We would spare a lot of developer time by not using this field
> anymore.
I don't think so, I think we save quite a bit of effort by having it due
to the
t such thing probably needs more discussion or announcement in
> changelog... etc... as existing system configurations needs to be
> updated.
If you do split it, udftools need to depend on pktsetup for the next
release at least so people don't lose that functionality.
--
Tollef Fog Hee
profile with the
> aa-disable command).
I think they (in general) should be RC for whatever is shipping the
buggy apparmor profile.
Having packages that are broken out of the box is not the kind of distro
we should be shipping.
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
]] Simon McVittie
> On Thu, 05 Oct 2017 at 21:43:20 +0200, Tollef Fog Heen wrote:
> > However, if you just do the IMO more common sudo $command, you get a lot
> > more:
> >
> > $ sudo env | wc -l
> > 87
>
> Is that under default configuration? My /etc/s
and
adds some SUDO_* settings.
However, if you just do the IMO more common sudo $command, you get a lot
more:
$ sudo env | wc -l
87
It does clean up PATH, but it does not filter out my normal settings, so
say, LESS and LESSOPEN leak through to dpkg.
--
Tollef Fog Heen
UNIX is user friendly, it
]] Ivan Shmakov
> >>>>> Tollef Fog Heen writes:
> >>>>> Ivan Shmakov
> >>>>> Hans-Christoph Steiner writes:
>
> >>> Package: dpkg-dev
>
> >>> More and more packages are adding unicode files
>
> &g
so that
people without Norwegian keyboard (or without compose keys) can type it
too, but the canonical name is bokmål, not bokmaal.
(I see there's a small bug where the symlink is the wrong way around,
I'll get that fixed.)
å is in latin1, though so fonts should not be a problem in you
Linux. Somebody could
implement the APIs and produce, say, PDFs, or print using a hand-built
printer. For the first case, you could easily run that on a general
purpose system.
You say that the requirement for an implementation to be useful is
orthogonal to whether it's suitable for main.
ose are attributes that can't be
packaged. Having the source (and redistribution rights) to some cloud
provider's software would not really put us that much closer to having
what they offer and make them attractive.
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
]] Adrian Bunk
> On Fri, Aug 18, 2017 at 10:07:49PM +0200, Tollef Fog Heen wrote:
> > ]] Adrian Bunk
> >...
> > The PCI consortium extended the deadline until June
> > 2018. Assuming that deadline holds, people with older machines will not
> > be able to acces
ance to move to something
newer. «We need to do this because this change is coming, whether we
want it or not.»
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
t will use
that version out of the box (isync being referred to elsethread).
Finding and fixing those bugs is good.
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
;t purely generated from the archive. (Yes, we'd need to publish
them somewhere and record where they came from and there's a lot of
practical questions.)
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
]] Marc Haber
> On Thu, 13 Jul 2017 19:37:52 +0200, Tollef Fog Heen
> wrote:
> >]] Marc Haber
> >> My finger memory will still type tcpdump -i eth0 before the brain can
> >> intervene ten years from now.
> >
> >In that particular case, I'll re
sbin/whatever
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target
work to hook into when a link unit is activated?
(Or just a Wants and Before in the foo.link unit)
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
your own customer files in /etc/udev/rules.d
> anyway. At least that's what I do.
FWIW, I've (almost) never done this. I generally just use the provided
names and don't really care what they are as long as they don't jump
around.
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
affic happens on. YMMV, of course.
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
ve with PRs.
I'm not sure why this is very useful. It can, in some cases, be a
useful data point, but in general, as the maintainer, I'll want to
review the patch in the same way no matter whether it came from somebody
with a key in the keyring or not.
--
Tollef Fog Heen
UNIX is user
init systems are free to implement them if they so want.
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
l/mostly due to the
> use of metapackages.
A package can only be in a single section.
I'd look at tagging the packages with debtags and doing a debtags search
on installed packages instead of faffing with metapackages.
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
service myself.
You could talk to Packagecloud and see if they're interested. Not sure
what the size of the repo is, their open source offering is for up to
25G.
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
]] Akash Sarda
> Description : Create a MD5 hash with hex encoding
node-md5-o-matic provides an md5 function that seems to do the same, can
you use that instead?
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
]] Aarti Kashyap
Hi,
> Description : Get the PATH environment variable key cross-platform
This seems to be a subset of what node-osenv provides, can you use that
instead?
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
iption : Cross-platform home directory retriever
>
> This Script can retrieve your Home Directory
Do we need a fourth node.js package to do this? We already have
node-resolve-dir, node-expand-tilde and node-osenv which all seems to do
the same.
--
Tollef Fog Heen
UNIX is user friend
324sr-management-ip-address-configuration/ :
config ipif System ipaddress 192.168.2.2/24
Cisco does it differently, and I'm sure some others do too, but the
$ip/prefixlen notation is pretty common in the networking world at
least.
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
]] Josh Triplett
> Does this seem like a reasonable approach?
I think it sounds fine, but please remember that it's pkg-config, not
pkgconfig. :-)
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
]] Pirate Praveen
> Description : Check if gulplog is available before attempting to
> use it
Is there a node-has-has-gulplog too, to check for if has-gulplog is
available before attempting to use it? This package sounds a bit weird,
even as Node.js packages go.
--
Tollef Fog Hee
ounds like you have had very different interactions with the release
team than I have. In my experience, they're doing a difficult job, and
doing it well, trying to accomodate everybody while still making
progress towards releasing.
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
essionnally and would like to package and maintain
> Falco in Debian.
Yay, great to see this packaged! I've wanted to poke at it for a while,
but ENOTIME so far.
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
k to Fastly to see if we
can get a process to get this improved, but this should be rare(r) for
legacy IP.
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
esponse header seems to be important, given that it
> is sent twice, but apart from that…
Not really, it's just that it passes through multiple caches on the way.
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
ward stay in the past)
> and on to considering the apt https transport and thoughts on how this
> could become part of the base install.
Note that the performance of HTTPS there is worse than for HTTP due to a
lack of SRV support in apt-transport-https, though, which means it falls
back to doi
ecord won't help much, you want to know what IP it
resolved to and what headers you got from the backend to uniquely
identify problems with a single POP or machine in a POP.
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
I'd prefer if user creation was just done declaratively and then we
could scan the archive. If we have a manually-maintained list, it will
get out of sync with reality pretty quickly.
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
]] Ian Jackson
> Tollef Fog Heen writes ("Re: Bug#820036: No bug mentioning a Debian KEK and
> booting use it."):
>
> > So far, I don't believe there are any.
>
> this is rather discouraging, at least for those who think this signed
> image
n look at this. So far, I don't believe there are any.
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
]] Ian Campbell
> Have we gotten to the point where we consider deb.d.o suitable for
> production use? The web page still says Experimental (so I would assume
> "not production yet")
As of this morning, the bit about experimental was removed from the web
page.
--
Tollef Fo
e just so everybody has the same set of
problems. At the same time, if we can design a solution that works well
for everybody, that's of course preferable.
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
x/work around? No. However, it requires more
thought and design than just slapping a few letsencrypt certs onto
some hosts.
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
y
and Cloudfront deployed, which is, frankly, a more realistic proposition
than jury-rigging something on the per-country mirrors.
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
how I read "feel like excuses."
>
> Not ashamed, just bad ;-).
So you're flat-out saying that you're intentionally behaving like a
dick.
Go away and don't come back until your behaviour's changed. People
trolling and behaving like dicks are not welcome in De
ble on my part (I can try to find the information/answer the
questions). In the former case, was there something wrong with the bug
report? Did it even reach a human? Did they just not care? It's hard
to know, and it's completely inactionable (unactionable?) from the
submitter's point of view.
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
init system.
The waste of CPU cycles is the least of the problems dependencies try to
fix. Incorrect operation is a much more interesting one.
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
not familiar with.» clause.
Until it's packaged, I think it's pretty irrelevant to our discussions
here.
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
ny» misspellings.
If you don't want to detract from your message, don't add intentional
speed bumps to it.
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
]] Wookey
> On 2016-07-23 18:58 +0200, Tollef Fog Heen wrote:
> > ]] Geert Stappers
> >
> > > FWIW I agree with both '"main package "should have documentation'
> > > and 'additional documentation in separate doc package'.
> &g
]] Sven Bartscher
> I am a developer and regardless of the distribution I use, I often have
> a slow internet connection. So having to download possibly large
> documentation is a problem for me.
How do you keep up with unstable or testing, then?
--
Tollef Fog Heen
UNIX is user frien
]] Tobias Frost
> Am Samstag, den 23.07.2016, 18:58 +0200 schrieb Tollef Fog Heen:
> > Disk space is pretty cheap and we keep complaining about the
> > per-package overhead in Packages.gz, so it should be a net gain for
> > most people.
>
> Think embedded devices.
]] Jonas Smedegaard
> Quoting Tollef Fog Heen (2016-07-23 18:58:37)
> > ]] Geert Stappers
> >
> >> FWIW I agree with both '"main package "should have documentation' and
> >> 'additional documentation in separate doc package'.
>
ant docs to exclude the relevant
parts of /usr/share/doc using dpkg excludes instead. Disk space is
pretty cheap and we keep complaining about the per-package overhead in
Packages.gz, so it should be a net gain for most people.
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
x27;s a perfectly fine way to specify that you want a tmpfs mount of a
particular size on /tmp: /etc/fstab. I don't know why sysv-rc added
another special extension for this rather than just letting people use
the standard interface.
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
using a wrapper script that did:
On a multi-socket system, you might well end up swapping instead of
using all the memory in this particular case, since you get hit by the
default NUMA allocation policy. (Unless that's changed recently.)
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
]] Josh Triplett
> [Please CC me on replies.]
>
> Tollef Fog Heen wrote:
> > ]] Josh Triplett
> > > Tollef Fog Heen wrote:
> > > > I personally recommend using deb.debian.org.
> > >
> > > That works nicely, thanks! Seems to hav
]] Josh Triplett
> Tollef Fog Heen wrote:
> > I personally recommend using deb.debian.org.
>
> That works nicely, thanks! Seems to have decent performance.
>
> I couldn't find any announcement or documentation of this, other than
> that on the site itself, thoug
]] Josh Triplett
> Tollef Fog Heen wrote:
> > I'd not actively recommend people use httpredir.debian.org as it's
> > somewhat sporadically maintained.
>
> Do you have any more details on that? Does a better alternative exist?
I personally recommend using deb.de
you're connecting to.
> The concluding answer to your question is probably "use another
> hostname". Either a ftp.xx.d.o host or the geo dns based:
> http://httpredir.debian.org
I'd not actively recommend people use httpredir.debian.org as it's
somewhat sporadically maintained.
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
e for the DAMs too.
> I /think/, but I am not sure, that DSA is also using similar tokens to store
> SSH keys (and maybe other secrets on the token).
We're investigating their use for use for Secure Boot as well as for
buildd signing keys.
--
Tollef Fog Heen
UNIX is user friendly, it
1 - 100 of 1220 matches
Mail list logo