Time to reply to myself again :)
I went silent in this thread since the end of January because I spent
time fuzzing 8 libraries + CLI front-ends of the DBM family, starting
with LMDB:
> > liblmdb* or libleveldb* are much less popular in popcon by_inst than
> > libdb, yeah...
> >
> >
> > Do we kno
Hi Adrian,
On 1/27/18 1:35 PM, Adrian Bunk wrote:
> On Sat, Jan 27, 2018 at 12:25:20PM +0100, Lionel Debroux wrote:
> > Hi Adrian,
>
> Hi Lionel,
>
> > On 1/27/18 6:27 AM, Adrian Bunk wrote:
> > ...
> > > There doesn't seem to be any disagreement on the general idea,
> > > the only thing missing i
Hi David,
On 1/27/18 1:12 PM, David Kalnischkies wrote:
> On Fri, Jan 26, 2018 at 11:49:41PM +0100, Lionel Debroux wrote:
> > > Anyway, the only util in apt-utils making use of libdb is
> > > apt-ftparchive which a) isn't used much in Debian – but by some
> > > derivatives¹ and b) can operate with
Replying to myself...
On 1/26/18 11:48 PM, Lionel Debroux wrote:
> Hi Scott,
>
> On 1/26/18 7:05 AM, Scott Kitterman wrote:
> > On Thursday, January 25, 2018 11:59:06 PM Lionel Debroux wrote:
> > >
> > > [...]
> > > ---
> > > Do you think we should start the journey of getting rid of
> > > libdb5.
2018-01-27 13:53 GMT+01:00 David Kalnischkies :
> On Fri, Jan 26, 2018 at 12:24:26PM +0100, Miriam Ruiz wrote:
>> 2018-01-26 12:02 GMT+01:00 Colin Watson :
>> >> Finding someone performing the daunting task of actually switching code,
>> >> documentation and existing databases over on the other han
On Sat, Jan 27, 2018 at 01:53:54PM +0100, David Kalnischkies wrote:
>...
> I guess you can kill both birds with one stone if you go for a "write
> libdb-api-compatibility layer for your favorite other db", but that
> wouldn't really be a Debian task anymore. Without even thinking a split-
> second
On Sat, Jan 27, 2018 at 12:22:59PM +0100, Lionel Debroux wrote:
>...
> On 1/27/18 1:42 AM, Guillem Jover wrote:
> > On Thu, 2018-01-25 at 23:59:06 +0100, Lionel Debroux wrote:
> > > Several days ago, jmm from the security team suggested that I start
> > > a discussion on debian-devel about Berkeley
On Fri, Jan 26, 2018 at 12:24:26PM +0100, Miriam Ruiz wrote:
> 2018-01-26 12:02 GMT+01:00 Colin Watson :
> >> Finding someone performing the daunting task of actually switching code,
> >> documentation and existing databases over on the other hand… I at least
> >> don't see me enthusiastically rais
On Sat, Jan 27, 2018 at 12:25:20PM +0100, Lionel Debroux wrote:
> Hi Adrian,
Hi Lionel,
> On 1/27/18 6:27 AM, Adrian Bunk wrote:
>...
> > There doesn't seem to be any disagreement on the general idea,
> > the only thing missing is a person doing the work on getting
> > all Debian packages ported
On Fri, Jan 26, 2018 at 11:49:41PM +0100, Lionel Debroux wrote:
> > Anyway, the only util in apt-utils making use of libdb is
> > apt-ftparchive which a) isn't used much in Debian – but by some
> > derivatives¹ and b) can operate without the backing of a db, but you
> > don't want to run a large ar
Hi Adrian,
On 1/27/18 6:27 AM, Adrian Bunk wrote:
> On Fri, Jan 26, 2018 at 11:49:41PM +0100, Lionel Debroux wrote:
> > ...
> > On 1/26/18 11:39 AM, David Kalnischkies wrote:
> > ...
> > > Finding someone performing the daunting task of actually switching
> > > code, documentation and existing dat
Hi Guillem,
On 1/27/18 1:42 AM, Guillem Jover wrote:
> On Thu, 2018-01-25 at 23:59:06 +0100, Lionel Debroux wrote:
> > Several days ago, jmm from the security team suggested that I start
> > a discussion on debian-devel about Berkeley DB, which has known
> > security issues, because doing so may e
On Fri, Jan 26, 2018 at 11:49:41PM +0100, Lionel Debroux wrote:
>...
> On 1/26/18 11:39 AM, David Kalnischkies wrote:
>...
> > Finding someone performing the daunting task of actually switching
> > code, documentation and existing databases over on the other hand… I
> > at least don't see me enthus
Hi!
On Thu, 2018-01-25 at 23:59:06 +0100, Lionel Debroux wrote:
> Several days ago, jmm from the security team suggested that I start a
> discussion on debian-devel about Berkeley DB, which has known security
> issues, because doing so may enable finding a consensus on how to move
> away from it i
Hi,
On 1/26/18 11:39 AM, David Kalnischkies wrote:
> On Thu, Jan 25, 2018 at 11:59:06PM +0100, Lionel Debroux wrote:
> > In practice, Berkeley DB is a core component of most *nix distros.
> > Debian popcon indicates that libdb5.3 is installed on ~80% of the
> > computers which report to popcon.
>
Hi Scott,
On 1/26/18 7:05 AM, Scott Kitterman wrote:
> On Thursday, January 25, 2018 11:59:06 PM Lionel Debroux wrote:
> >
> > [...]
> > ---
> > Do you think we should start the journey of getting rid of libdb5.3
> > at a wide scale ? And if so, how to optimize resource usage in
> > general ? :)
>
Hi Timo,
On 1/26/18 12:21 PM, Timo Aaltonen wrote:
> On 26.01.2018 00:59, Lionel Debroux wrote:
> > ---
> > Do you think we should start the journey of getting rid of libdb5.3
> > at a wide scale ? And if so, how to optimize resource usage in
> > general ? :)
> > ---
>
> I asked 389-ds-base upstre
Hi Marco,
On 1/26/18 1:46 AM, Marco d'Itri wrote:
> On Jan 25, Lionel Debroux wrote:
> > Several days ago, jmm from the security team suggested that I start
> > a discussion on debian-devel about Berkeley DB, which has known
> > security issues, because doing so may enable finding a consensus on
Hi Ryan,
On 1/26/18 1:02 AM, Ryan Tandy wrote:
> On Thu, Jan 25, 2018 at 11:59:06PM +0100, Lionel Debroux wrote:
> > the vast majority of the ~170 reverse dependencies of libdb5.3
> > listed by `apt-cache rdepends libdb5.3` on sid will require (much)
> > more work to get rid of that dependency, wi
On 26.01.2018 00:59, Lionel Debroux wrote:
> ---
> Do you think we should start the journey of getting rid of libdb5.3 at a
> wide scale ? And if so, how to optimize resource usage in general ? :)
> ---
I asked 389-ds-base upstream about their plans, and got this draft plan
of getting rid of bdb f
2018-01-26 12:02 GMT+01:00 Colin Watson :
>> Finding someone performing the daunting task of actually switching code,
>> documentation and existing databases over on the other hand… I at least
>> don't see me enthusiastically raising my arm crying "let me, let me, …".
>
> I don't blame you!
Might
On Fri, Jan 26, 2018 at 11:39:29AM +0100, David Kalnischkies wrote:
> On Thu, Jan 25, 2018 at 11:59:06PM +0100, Lionel Debroux wrote:
> > In practice, Berkeley DB is a core component of most *nix distros.
> > Debian popcon indicates that libdb5.3 is installed on ~80% of the
> > computers which repo
On Thu, Jan 25, 2018 at 11:59:06PM +0100, Lionel Debroux wrote:
> In practice, Berkeley DB is a core component of most *nix distros.
> Debian popcon indicates that libdb5.3 is installed on ~80% of the
> computers which report to popcon.
I wonder how many of this ~80% is only due to having installe
On Thursday, January 25, 2018 11:59:06 PM Lionel Debroux wrote:
> Hi,
>
> Several days ago, jmm from the security team suggested that I start a
> discussion on debian-devel about Berkeley DB, which has known security
> issues, because doing so may enable finding a consensus on how to move
> away f
On Jan 25, Lionel Debroux wrote:
> Several days ago, jmm from the security team suggested that I start a
> discussion on debian-devel about Berkeley DB, which has known security
> issues, because doing so may enable finding a consensus on how to move
Can you clarify the threat model?
E.g. is libd
On Thu, Jan 25, 2018 at 11:59:06PM +0100, Lionel Debroux wrote:
the vast majority of the ~170 reverse dependencies of libdb5.3 listed by
`apt-cache rdepends libdb5.3` on sid will require (much) more work to
get rid of that dependency, with impact on backwards compatibility...
Among those packages
Hi,
Several days ago, jmm from the security team suggested that I start a
discussion on debian-devel about Berkeley DB, which has known security
issues, because doing so may enable finding a consensus on how to move
away from it in Debian (which is hard). So here's a post :)
Please keep me CC'ed,
27 matches
Mail list logo
