Re: A 2025 NewYear present: make dpkg --force-unsafe-io the default?

On Tue, Dec 24, 2024 at 3:54 AM Michael Tokarev wrote: > > Hi! > > The no-unsafe-io workaround in dpkg was needed for 2005-era ext2fs > issues, where a power-cut in the middle of filesystem metadata > operation (which dpkg does a lot) might result in in unconsistent > filesystem state. This worka

Re: Do we need three-and-a-half nigh-identical X compositors ‒ xcompmgr, compton, picom, unagi?

On Fri, Dec 13, 2024 at 8:01 AM наб wrote: > > Hi! > > We seem to be shipping 3.5 standalone compositors > (maintainers in CC): > 1. xcompmgr ‒ the upstream's effectively finished > (we have 1.1.8, the two releases since changed nothing of > substance) > last maintaine

Re: Simpler git workflow for packaging with upstreamless repositories

my needs and my preferences. (Off-topic, but part of the reason I don't use gbp is the docs for how to use it are just not enough to actually figure out what you're doing. Just a documentation revamp or initial tutorial for it would be awesome. Maybe if I ever relearn it I should help with tha

Re: RFC: "Recommended bloat", and how to possibly fix it

On Fri, Nov 22, 2024 at 5:49 AM Guillem Jover wrote: > > Hi! > > On Tue, 2024-11-05 at 17:35:59 -0600, Aaron Rainbolt wrote: > > With all this in mind, I'd like to call some attention to a feature > > request made by Patrick Schleizer some time ago, whom I've cop

Re: RFC: "Recommended bloat", and how to possibly fix it

On Thu, 7 Nov 2024 22:29:07 -0500 "Theodore Ts'o" wrote: > On Thu, Nov 07, 2024 at 12:08:22AM -0700, Soren Stoutner wrote: > > On Wednesday, November 6, 2024 10:41:46 PM MST Aaron Rainbolt > > wrote: > > > Again, this isn't a problem limited to a d

Re: RFC: "Recommended bloat", and how to possibly fix ito

On Thu, 7 Nov 2024 19:53:27 + Roger Lynn wrote: > On 06/11/2024 19:20, Bill Allombert wrote: > > Le Tue, Nov 05, 2024 at 05:35:59PM -0600, Aaron Rainbolt a écrit : > >> Hello, and thanks for your time. > >> > >> I've been a Debian user and contrib

Re: RFC: "Recommended bloat", and how to possibly fix it

On Wed, 06 Nov 2024 21:41:43 -0700 Soren Stoutner wrote: > On Wednesday, November 6, 2024 8:12:29 PM MST Aaron Rainbolt wrote: > > At this point, we have two options. We can either explicitly remove > > all of the extra packages that get installed, or we can skip > > install

Re: RFC: "Recommended bloat", and how to possibly fix it

On Wed, 06 Nov 2024 15:59:22 -0700 Soren Stoutner wrote: > On Wednesday, November 6, 2024 3:06:59 PM MST Aaron Rainbolt wrote: > > And this brings us back to the original idea of creating a > > Weak-Depends field. From my viewpoint, policy states that > > Recommends is f

Re: RFC: "Recommended bloat", and how to possibly fix it

On Wed, 6 Nov 2024 22:55:43 + Colin Watson wrote: > On Wed, Nov 06, 2024 at 04:06:59PM -0600, Aaron Rainbolt wrote: > > (Side note, I wonder if there's a way to implement Weak-Depends that > > *doesn't* require modifying all of the tons of packages Johannes > &g

Re: RFC: "Recommended bloat", and how to possibly fix it

On Wed, 06 Nov 2024 14:21:30 -0700 Soren Stoutner wrote: > On Wednesday, November 6, 2024 12:08:07 PM MST Aaron Rainbolt wrote: > >For instance, gwenview currently > > recommends kamera. gwenview is an image viewer, kamera is a tool for > > working with digital cameras

Re: RFC: "Recommended bloat", and how to possibly fix it

enview useless or even substantially degraded from a functionality standpoint when kamera is missing. It ought to be a Suggests according to Debian policy, but it's obvious why it ended up being a Recommends because it does enable additional functionality that doesn't work otherwise.

Re: RFC: "Recommended bloat", and how to possibly fix it

replies are inline. On Wed, 06 Nov 2024 02:28:33 +0100 Johannes Schauer Marin Rodrigues wrote: > Hi, > > Quoting Aaron Rainbolt (2024-11-06 00:35:59) > > According to the Debian Policy Manual, section 7.2, the Recommends > > field in Debian packages "declares a strong, but

RFC: "Recommended bloat", and how to possibly fix it

Hello, and thanks for your time. I've been a Debian user and contributor for a while, and have noticed a rather frustrating issue that I'm interested in potentially contributing code to fix. The issue is what I call "Recommended bloat", which in short is what happens when you install a package wit

Bug#1072900: ITP: qt6-quickeffectmaker -- Qt 6 Quick Effect Maker

Package: wnpp Severity: wishlist Owner: Aaron Rainbolt X-Debbugs-Cc: debian-devel@lists.debian.org, arraybo...@gmail.com * Package name    : qt6-quickeffectmaker   Version : 6.6.2   Upstream Contact: Debian Qt/KDE Maintainers * URL : https://www.qt.io/developers

Bug#1058713: ITP: picom-conf -- Configuration editor for Picom

Package: wnpp Severity: wishlist Owner: Aaron Rainbolt X-Debbugs-Cc: debian-devel@lists.debian.org, arraybo...@ubuntu.com * Package name: picom-conf Version : 0.17.0 Upstream Contact: redtide * URL : https://github.com/qtilities/picom-conf * License : Mixed

Bug#1058712: ITP: sddm-conf -- Graphical editor for SDDM

Package: wnpp Severity: wishlist Owner: Aaron Rainbolt X-Debbugs-Cc: debian-devel@lists.debian.org, arraybo...@ubuntu.com * Package name: sddm-conf Version : 0.1.0 Upstream Contact: redtide * URL : https://github.com/qtilities/sddm-conf * License : MIT (with

Bug#1058651: ITP: qtilitools -- Scripts/commands used in the Qtilities organization.

Package: wnpp Severity: wishlist Owner: Aaron Rainbolt X-Debbugs-Cc: debian-devel@lists.debian.org, arraybo...@ubuntu.com * Package name: qtilitools Version : 0.1.2 Upstream Contact: redtide * URL : https://github.com/qtilities/qtilitools * License : BSD-3

Re: ARM architectures

of it) supports both armhf and arm64 debian packages out of the box (And has support for these enabled in dpkg). Greetings Aaron

nfs-common: recommends nonexistend package

Hello Debian Developers! Not sure if this is the right place to report this, but the package "nfs-common" still recommends python instead of python3 in bullseye where only Python 3 is available Aaron

Re: Re: Release plan page design

rgb(226,226,226);     padding: 0.5rem; }   I'm not sure about how to add this to the markdown, can you tell me how to do that?   Aaron     Hi Aaron, On 13-01-2021 22:22, Aaron Dewes wrote: > The page https://release.debian.org/bullseye/freeze_policy.html > currently says a stylesheet for the

Release plan page design

minor change and you're probably busy with preparing the bullseye release, but I wanted to share it anyway if you want to use it in the future. Cheers, Aaron Transition and (build-)essential Freeze Soft Freeze Hard Freeze Full Freeze Date2021-01-12 2021-

Bug#979349: ITP: htmltoxbel -- htmlToXBel allows you to convert bookmarks stored in the HTML format to the XBel format.

Package: wnpp Severity: wishlist Owner: Aaron Dewes X-Debbugs-Cc: debian-devel@lists.debian.org, aaron.de...@web.de * Package name: htmltoxbel Version : 0.1.0 Upstream Author : Aaron Dewes * URL : http://gitlab.com/EndorphinBrowser/tools/htmlToXBel * License

Re: MBF proposal: remaining users of fltk1.1 (vs. fltk1.3).

d upstream hasn't historically showed much interest in supplying them: https://www.fltk.org/str.php?L2180 However, it looks like they may finally be coming around: https://github.com/fltk/fltk/issues/22 In general, thanks for weighing in! -- Aaron M. Ucko, KB1CJC (amu at alum.mit.edu, ucko at debian.org) http://www.mit.edu/~amu/ | http://stuff.mit.edu/cgi/finger/?a...@monk.mit.edu

MBF proposal: remaining users of fltk1.1 (vs. fltk1.3).

ulstretch Debian QA Group htmldoc Debian Science Maintainers imview Debichem Team drawxtl Marcelo Soares Mota posterazor Paul Brossier aconnectgui alsamixergui Peter Pentchev wmanager Thierry Randrianiriana xdiskusage Tiago Bortoletto Vaz rakarrack -- A

Bug#9542654: ITP: grok-jpeg2000 -- Grok is an implementation of Part 1 of the JPEG 2000 standard. It aims for speed and stability.

Package: wnpp Severity: wishlist Owner: Aaron Boxer * Package name: grok-jpeg2000 Version : 5.0.0 Upstream Author : Aaron Boxer * URL : https://github.com/GrokImageCompression/grok * License : AGPL Programming Lang: C++ Description : Grok is an

ITP: grok-jpeg2000 -- Grok is an implementation of Part 1 of the JPEG 2000 standard. It aims for speed and stability.

Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: Aaron Boxer To: Debian Bug Tracking System Subject: ITP: grok-jpeg2000 -- Grok is an implementation of Part 1 of the JPEG 2000 standard. It aims for speed and stability. The code i

Re: Seeking sponsor for new package

On Sat, Mar 14, 2020 at 7:45 PM Emmanuel Arias wrote: > Hi!, > > Great I can see. I've not my tools with me (I am on vacation) but, I will > be happy > to review on a week the package. > Thank You ! On Fri, Mar 13, 2020 at 7:24 PM Aaron Boxer wrote: > >>

Re: Packaging new library very similar to another library

On Fri, Mar 13, 2020 at 10:22 AM Andrey Rahmatullin wrote: > On Thu, Mar 12, 2020 at 05:25:48PM -0400, Aaron Boxer wrote: > > > > but I get the following error: > > > > > > > > dpkg-source: error: can't build with source format '3.0 (quilt)

Re: Seeking sponsor for new package

Thanks, Emmanuel. Following the git-buildpackage page, I have created three new branches on my repo: debian-branch, upstream-branch and pristine-tar. The debian folder can be found in those three branches. And thanks for the link, I will take a look. Cheers, Aaron On Fri, Mar 13, 2020 at 10

Re: Seeking sponsor for new package

Hi Fabrice, Thanks so much for your reply. This makes sense. I will try git-buildpackage, and I will move the source + debian packaging to a separate branch. Best, Aaron On Thu, Mar 12, 2020 at 7:28 PM Fabrice BAUZAC-STEHLY wrote: > Hello Aaron, > > I'm a newbie in Debian packa

Seeking sponsor for new package

right file. Would anyone here be interested in helping get this package submitted ? Thanks! Aaron

Re: Packaging new library very similar to another library

On Thu, Mar 12, 2020 at 3:21 PM Andrey Rahmatullin wrote: > On Thu, Mar 12, 2020 at 02:05:48PM -0400, Aaron Boxer wrote: > > > > > > Besides the copyright file, I would like to test building the > > > package. > > > > > > What's the be

Re: Packaging new library very similar to another library

On Thu, Mar 12, 2020 at 1:26 PM Andrey Rahmatullin wrote: > On Thu, Mar 12, 2020 at 01:17:29PM -0400, Aaron Boxer wrote: > > On Thu, Mar 12, 2020 at 1:00 PM Andrey Rahmatullin > wrote: > > > > > On Thu, Mar 12, 2020 at 12:49:25PM -0400, Aaron Boxer wrote: > >

Re: Packaging new library very similar to another library

On Thu, Mar 12, 2020 at 1:00 PM Andrey Rahmatullin wrote: > On Thu, Mar 12, 2020 at 12:49:25PM -0400, Aaron Boxer wrote: > > Besides the copyright file, I would like to test building the package. > > What's the best way of doing this? I am on > > Ubuntu Eoan. Thanks!

Re: Packaging new library very similar to another library

On Tue, Mar 10, 2020 at 2:38 PM Aaron Boxer wrote: > > > On Tue, Mar 10, 2020 at 8:46 AM Sudip Mukherjee < > sudipm.mukher...@gmail.com> wrote: > >> On Tue, Mar 10, 2020 at 12:29 PM Aaron Boxer wrote: >> > >> > Thanks, Sudip! I've made those ch

Re: Packaging new library very similar to another library

On Tue, Mar 10, 2020 at 8:46 AM Sudip Mukherjee wrote: > On Tue, Mar 10, 2020 at 12:29 PM Aaron Boxer wrote: > > > > Thanks, Sudip! I've made those changes, and renamed the library to > grok-jpeg2000 > > > > The only thing missing right now is the

Re: Packaging new library very similar to another library

Sudip Mukherjee wrote: > On Mon, Mar 9, 2020 at 11:52 PM Aaron Boxer wrote: > > > > I've made a first pass at the packaging. If anyone has time to review, > it would be great: > > > > https://github.com/GrokImageCompression/grok/tree/master/debian > > Just few th

Re: Packaging new library very similar to another library

I've made a first pass at the packaging. If anyone has time to review, it would be great: https://github.com/GrokImageCompression/grok/tree/master/debian Thanks! On Mon, Mar 9, 2020 at 2:25 PM Aaron Boxer wrote: > > On Mon, Mar 9, 2020 at 1:42 PM Andrey Rahmatullin wrote: > >

Re: Packaging new library very similar to another library

On Mon, Mar 9, 2020 at 1:42 PM Andrey Rahmatullin wrote: > On Mon, Mar 09, 2020 at 12:56:41PM -0400, Aaron Boxer wrote: > > Thanks, guys. Another question (first time creating a package): is it > > possible to unpack > > the openjpeg .deb and re-use the packaging ? > No,

Re: Packaging new library very similar to another library

Thanks, guys. Another question (first time creating a package): is it possible to unpack the openjpeg .deb and re-use the packaging ? On Sun, Mar 8, 2020 at 2:41 PM Andrey Rahmatullin wrote: > On Sun, Mar 08, 2020 at 02:30:06PM -0400, Aaron Boxer wrote: > > Hello! > > I ma

Re: Packaging new library very similar to another library

Correction: this is the current package for openjpeg: https://tracker.debian.org/pkg/openjpeg2 On Sun, Mar 8, 2020 at 2:30 PM Aaron Boxer wrote: > Hello! > I maintain an image compression library > > https://github.com/GrokImageCompression/grok > > which is very similar to a

Packaging new library very similar to another library

OpenJPEG to do that ? Thank you! Aaron Boxer

Hibernate not working !

, Aaron -- Aaron Gray Independent Open Source Software Engineer, Computer Language Researcher, Information Theorist, and amateur computer scientist.

source packing source code

? -- Aaron Gray Independent Open Source Software Engineer, Computer Language Researcher, Information Theorist, and amateur computer scientist.

Bug#896712: ITP: golang-github-dataence-porter2 -- Native Go English Porter2 stemmer

Package: wnpp Severity: wishlist Owner: "Aaron M. Ucko" * Package name: golang-github-dataence-porter2(-dev) Version : 0.0~git20150829.0.56e4718 Upstream Author : Jian Zhen / Dataence, LLC * URL : https://github.com/dataence/porter2 * License :

Re: Debian distro build system

Great thanks very much everyone I maybe a while ;) On 20 September 2017 at 14:48, Ian Jackson wrote: > Aaron Gray writes ("Re: Debian distro build system"): > > I basically want to > > > > a) be able to build a Debain distro myself such as Jessie for testin

Re: Debian distro build system

> > If you can give us some info on what you are actually trying to do > then we can give you a better answer. > I basically want to a) be able to build a Debain distro myself such as Jessie for testing purposes b) be able to make bespoke modifications to this -- Aaron Gray Inde

Debian distro build system

machines I can use for the purpose. Regards, Aaron -- Aaron Gray Independent Open Source Software Engineer, Computer Language Researcher, Information Theorist, and amateur computer scientist.

Bug#810949: ITP: ncbi-entrez-direct -- NCBI Entrez utilities on the command line

Package: wnpp Severity: wishlist Owner: "Aaron M. Ucko" * Package name: ncbi-entrez-direct Version : 3.60 Upstream Author : Jonathan Kans * URL : http://www.ncbi.nlm.nih.gov/books/NBK179288 * License : Public Domain Programming Lang: Perl, Go, Bo

Re: goals for hardening Debian: ideas and help wanted

heartbleed (that also affected commercial VPN products such as Cisco ASA/PIX and some Juniper devices). IPsec hat to be revised and is often implemented in a way that defies the standard that has been under heavy criticism by the cryptography community (e.g. https://www.schneier.com/paper-ipsec.htm

Re: goals for hardening Debian: ideas and help wanted

st I don't understand your first sentence. Second how does a VPN provide more "security" than say Tor? Deeply confused, Aaron [0] - https://en.wikipedia.org/wiki/Information_security signature.asc Description: OpenPGP digital signature

Re: Proposing amd64-hardened architecture for Debian

> But it’s absolutely infuriating when developers of security sensitive > software are actively thwarting those efforts by using the world’s most > exploitable allocation policy and then not even testing that one can > disable it. Nothing to add here, very well said! Aaron signature.asc Description: OpenPGP digital signature

Re: Proposing amd64-hardened architecture for Debian

is just unacceptable to most - it's not however - to the people that design, implement and use such paranoid policy systems: NSA and the intelligence community in general. I like to think people get rich of writing policies for those people with no added benefit for security, it amuses me. Beautiful codebase though. Aaron signature.asc Description: OpenPGP digital signature

Re: Proposing amd64-hardened architecture for Debian

the Gentoo guys try it but it seems to be largely unmaintained nowadays. Hence - currently - the burden falls on security and systems engineers that deploy systems on a given Linux distribution. Aaron signature.asc Description: OpenPGP digital signature

Bug#743966: ITP: lua-term -- a Lua module for manipulating a terminal

Package: wnpp Severity: wishlist Owner: Aaron Zauner * Package name: lua-term Version : 0.03 Upstream Author : Rob Hoelz * URL : https://github.com/hoelzro/lua-term * License : MIT Programming Lang: Lua Description : a Lua module for manipulating a

Bug#743823: ITP: lmod -- Lua environment modules

Package: wnpp Severity: wishlist Owner: Aaron Zauner * Package name: lmod Version : 5.3.2 Upstream Author : Robert McLay * URL : https://www.tacc.utexas.edu/tacc-projects/lmod * License : MIT Programming Lang: Lua Description : Lua environment modules

Btrfs limitations in the Debian installer 7.0 beta4 release

Recently, I decided to put down a Btrfs root on my workstation using the latest release of the installer. I found that given my hardware configuration, this is not possible, and would require using another installer or debootstrap the installation, which is far from ideal. I have two 250 GB drives

Bug#685038: ITP: mailscanner -- email gateway for virus scanning, spam and phishing detection

Package: wnpp Severity: wishlist Owner: Aaron Schrab * Package name: mailscanner Version : 4.84.5.2 Upstream Author : Julian Field * URL : http://www.mailscanner.info * License : GPL Programming Lang: Perl Description : email gateway for virus

Re: Starting services automatically after install

On Sun, Jun 03, 2012 at 02:46:21PM +0800, Chow Loong Jin wrote: > Is there even a point in having DHCP listening on localhost? So, why even bother starting it? Thus, the whole point of this thread. -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o

Re: Starting services automatically after install

On Sat, Jun 02, 2012 at 10:43:00PM +0200, Tollef Fog Heen wrote: > Are you seriously suggesting that DHCP and SSH servers should not listen > on external interfaces by default? The use case for SSH or DHCPd on > localhost only is pretty small. I would much rather have DHCP listening on localhost,

Re: Starting services automatically after install

On Sat, Jun 02, 2012 at 04:02:57PM +0300, Serge wrote: > I'm not experienced in this topic much yet, that's why I'm writing not in > list, but directly. Feel free to reply into list, if you wish. I would prefer to keep it on the list for a public archive, and to benefit the greater admin populatio

Re: Starting services automatically after install

On Fri, Jun 01, 2012 at 08:23:20PM +0200, Jonas Smedegaard wrote: > Debian goal is - as you probably know already - for packages to work out > of the box. For daemons this means they are started by default. > > If a package (service or not) is insecure by default, it is a bug! > Severity of suc

Re: Starting services automatically after install

On Fri, Jun 01, 2012 at 07:49:03PM +0100, Philip Hands wrote: > The reason that RedHat don't start things is that their default approach > has been to install a whole load of stuff that you might possibly want, > and allow you to enable it when you are inspired to give some new > service a try. > >

Starting services automatically after install

I'm trying to dig through the archives to see if this has been discussed, and I'm only finding random one-off discussions here and there about it. Nothing concrete. If it has already been discussed in great detail, my apologies. By default in Debian, when a service package is installed, such as op

Bug#637122: general: Realtek RTL8111 with r8169 module causes kernel panic on large packets

Package: general Severity: normal The kernel panics when it receives a packet on an interface running the r8169 module that is of sufficient size. To reproduce, have another host on the interface with MTU of 9000 to send a ICMP ping packet of size 9000, and then the driver will cause a panic. I

Hashcash token does not represent bits calculated [Bug]

Package: hashcash Version: 1.21-1 According to the documentation, the hashcash binary supports the '-b bits' switch and argument for calculating a hashcash token of the size specified. The default size is 20 bits. The '-b' switch argument supports an exact size, say '-b 40' for minting a 40 bit to

Bug 181493 should now be closed

The Sun RPC license that has plaqued this bug, has been re-licensed to the 3-clause BSD license. This affects glibc and krb5-*, and possibly other packages. The change from Sun is documented here: http://blogs.sun.com/webmink/entry/old_code_and_old_licenses Tom Callaway of Red Hat blogged about

Good News: The Sun RPC license has been changed

You can see the details outlined in this blog post by Tom Callaway: http://spot.livejournal.com/315383.html Long story short: The Sun RPC license that affects this bug has been re-licensed to the 3-clause BSD license. Even though Debian is moving to eglibc, this is still good news. Finally time t

Re: chromium-browser in Debian Sid

On 06/30/2010 01:18 AM, Giuseppe Iuculano wrote: > On 06/30/2010 06:15 AM, Aaron Toponce wrote: >> I just noticed that the chromium-browser package releases in Debian >> GNU/Linux unstable are synced version-for-version with the google-chrome >> beta package provided by the 3

chromium-browser in Debian Sid

I just noticed that the chromium-browser package releases in Debian GNU/Linux unstable are synced version-for-version with the google-chrome beta package provided by the 3rd party Google Linux repository. Is this intentional? What's the rationale behind using the beta releases for chromium-browser

Re: xulrunner 1.9.2 into sid?

On 06/29/2010 05:16 AM, Adam Borowski wrote: > Uhm, and that gets me what? It would nuke all cookies, including those > which are supposed to last beyond the session. Touche. I misread your post, and Chromium's ability to do this by default. Apologies. -- . O . O . O . . O O . . . O . .

Re: xulrunner 1.9.2 into sid?

On 06/29/2010 03:57 AM, Adam Borowski wrote: > [1]. A Chromium extension named "AdBlock" exists, but it merely hides the > junk after downloading them -- so you merely don't see them while still > being subjected to slowdown, having your bandwidth stolen, being tracked, > having advertising scripts

Re: xulrunner 1.9.2 into sid?

On 06/28/2010 02:34 AM, Mike Hommey wrote: > The latter also applies for iceape and icedove, and is why 3.5/1.9.1 is > still considered as the release target: iceape 2.0, icedove 3.0, and > iceweasel 3.5 are all based on xulrunner/gecko 1.9.1. Security support > for stable will be easier if there i

xulrunner 1.9.2 into sid?

Seeing as though upstream Firefox 3.6 released December 1, 2008, and upstream Thunderbird 3.1 released just a couple days ago, it might be high time to get xulrunner 1.9.2 into Sid, as both Iceweasel 3.6 and Icedove 3.1 will depend on it. However, I hear there will be lots of breakage if xulrunner

Re: Bug#581488: general: lower vm.swappiness by default for desktop installations

On 5/12/2010 1:22 PM, Marcus Better wrote: > Recently I got the advice [1] to set vm.swappiness to 0, rather than > the default 60. This improved things dramatically. Apparently Eclipse > is no longer being swapped out preemptively all the time. The > difference in perceived responsiveness is spect

Re: UPG and the default umask

On 05/19/2010 03:48 PM, Christoph Anton Mitterer wrote: > See above, or do you wish a larger paper discussing the issues?! ^^ So FUD it is. At least you're consistent. -- . O . O . O . . O O . . . O . . . O . O O O . O . O O . . O O O O . O . . O O O O . O O O signatur

Re: UPG and the default umask

On 05/19/2010 03:11 PM, Christoph Anton Mitterer wrote: > Or is that already, the case? At least I've had the impression that > neither mine, nor the arguments of some other people (Harald, Peter, etc.) > were even answered here. You've only mentioned that SSH won't operate if the write bit is set

Re: UPG and the default umask

On 05/19/2010 01:25 PM, James Vega wrote: > Except /etc/profile won't be sourced again unless "newgrp - " is > used, right? Correct, or the user issues a new login shell after the change has been made. -- . O . O . O . . O O . . . O . . . O . O O O . O . O O . . O O O O . O .

Re: UPG and the default umask

On 05/19/2010 01:20 PM, Philipp Kern wrote: > Sorry, I assumed that UPG is a system-wide concept and that I could just > change to my collaboration group and have a useful umask there too. So we > only cater for the setgid flag on directories? The "newgrp" command changes your default group. The

Re: UPG and the default umask

On 05/19/2010 01:00 PM, Philipp Kern wrote: > When I do "newgrp " it's still UPG and the umask should still be > 2, no? This check would change my umask. If the new default group is named something other than your username, it's no longe UPG. UPG is only if the user name and group name match, and

Re: UPG and the default umask

On 05/19/2010 11:25 AM, Santiago Vila wrote: > For the record: I've changed the umask setting in /etc/profile to this: > > if [ "`id -u`" -ge 1000 ]; then > umask 002 > else > umask 022 > fi [snip] > Some people proposed complex code to determine whether UPG was in use > for system users. Su

Re: UPG and the default umask

On 05/17/2010 11:46 AM, Christoph Anton Mitterer wrote: > If you need to change for example ssh, to allow an authorized_keys file > or perhaps even things like ~/.ssh/id_rsa to be group-readable and/or > writable you actively compromise security, at least for those systems > which do not use (for w

Re: UPG and the default umask

;t doing anything for the discussion. > On Mon, 2010-05-17 at 11:04 -0600, Aaron Toponce wrote: >> If you're using a non-UPG system, then you don't care. Debian is >> UPG-based, so your argument is invalid. > You actually, have to care... at least if #581919 is "s

Re: UPG and the default umask

On 05/17/2010 10:49 AM, Harald Braumann wrote: > On Mon, May 17, 2010 at 10:14:28AM -0600, Aaron Toponce wrote: >> On 05/17/2010 10:02 AM, Harald Braumann wrote: >>> - you could have a UPG system but a mismatch of IDs -> wrong umask >> >> ID numbers, yes. ID names

Re: UPG and the default umask

On 05/17/2010 10:02 AM, Harald Braumann wrote: > - you could have a UPG system but a mismatch of IDs -> wrong umask ID numbers, yes. ID names, no. If the user name maches the group name, IE: aaron = aaron, then the user matches the private group. If the match is not made, then umask 0022

Re: UPG and the default umask

On 5/17/2010 7:34 AM, Marvin Renich wrote: > This looks like a bug in pam_umask. UPG has never guaranteed uid=gid. > I'll file a bug. While the numerical ID might not match, the names should: id -gn should equal id -un After all, that is part of the definition of the UPG setup. -- . O . O .

Re: UPG and the default umask

On 05/17/2010 07:00 AM, Mike Hommey wrote: > There is no such thing as Debian's idea of UPG. There is simply the fact > that when you create a user with UPG, it uses the first uid and the > first gid available. It can happen that they don't match, in the > scenario I gave above. This applies to any

Re: UPG and the default umask

On 05/16/2010 05:11 PM, Santiago Vila wrote: > They have login shells in the sense that their shell field in /etc/passwd > is /bin/sh, but if they do not really "login" to the system, then they > do not read /etc/profile. > > In either case, if we plan to set default umask in /etc/login.defs or >

Re: UPG and the default umask

On 05/16/2010 12:39 PM, Russ Allbery wrote: > Because the further discussion was wrong. System users have login shells > in Debian. (I consider this a very long-standing bug.) Then the logic should be in play. System users don't necessarily have a private group, so their umask should be 0022. If

Re: UPG and the default umask

On 05/15/2010 12:16 AM, Vincent Danjean wrote: > Somethink is wrong here. Should 314347 be reopened ? Agreed. It's not working as it should. Running openssh-client version 1:5.5p1-3, and setting the write bit on my private group seems to keep the client from behaving as expected. -- . O . O .

Re: UPG and the default umask

On 05/15/2010 02:51 PM, Willi Mann wrote: > Is it possible to detect whether an account is configured properly based on > the UPG idea? If yes, wouldn't it then make sense to only set umask 002 if a > proper UPG account is detected, otherwise 022? This would avoid putting non- > UPG systems on da

Re: Bug#581729: [SQUEEZE] Document the umask change for new installs

On 05/15/2010 10:47 AM, Santiago Vila wrote: > On Sun, 16 May 2010, Charles Plessy wrote: > >> Also, I have not seen on -devel that the idea of having a different >> umask for system and regular users has been implemented in >> base-files yet. I propose to not mention this until base-files is >> u

Re: Open then gates

On 05/15/2010 02:00 AM, Robert Klotzner wrote: > Also as far as I understood from a previous post, this change will only > affect > new installations, not existing ones. So even if a user misunderstood the > concept and added other users to his private group, this change does not > affect > hi

Re: Bug#581729: [SQUEEZE] Document the umask change for new installs

On 05/15/2010 05:50 AM, Christoph Anton Mitterer wrote: > On Sat, 2010-05-15 at 13:45 +0200, Holger Levsen wrote: >> This paragraph should be accompanied by something like: >> >> Instead of adding users to other users private groups (which has issues as >> explained above) it is recommend to creat

Re: Bug#581729: [SQUEEZE] Document the umask change for new installs

On 05/15/2010 05:26 AM, Christoph Anton Mitterer wrote: > On Sat, 2010-05-15 at 14:16 +0300, Andrei Popescu wrote: >> for regular users > Would have to double check it,... but doesn't the current change also > affect root? This does, but root is also in his own UPG. If you add any user to the root

Re: Open then gates

On 05/14/2010 06:40 PM, Klaus Ethgen wrote: > Oh, I will not make any more comment to that decision. Maybe I will > search for a more secure distribution. This decision is much to much. > And it is the last straw that breaks the camels back. Debian was was my > favorite distribution for over ten ye

Re: UPG and the default umask

On 5/13/2010 3:48 AM, Santiago Vila wrote: > Will be done in base-files 5.4. I just saw the change committed. Thank you very much! This is good news. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=581434#25 -- . O . O . O . . O O . . . O . . . O . O O O . O . O O . . O O O O

Re: UPG and the default umask

On 5/13/2010 3:34 AM, Philipp Kern wrote: > On 2010-05-13, Charles Plessy wrote: >> If no stronger objections against a change from 022 to 002 is raised, would >> you >> agree changing base-files so that /etc/profile uses 002 on new systems? > > Doesn't that lead to "great fun" if you activate N

Re: UPG and the default umask

On 05/11/2010 07:09 PM, Russ Allbery wrote: > Aaron already explained this, but I was confused for quite some time about > the point of UPG and I'm not sure I would have gotten it from his > explanation, so let me say basically the same thing he said in different > words. >

Re: UPG and the default umask

On 5/10/2010 4:46 PM, Klaus Ethgen wrote: > You can never trust anybody for giving him rights to _all_ of your > files. So this assuming is never true and a user will not have any > benefit of this group if the umask is 002! I trust my wife to all of my files. >> If you don't trust users in your

  1   2   3   4   >