On Sun, 2 Apr 2000, Julian Gilbey wrote:
> On Sat, Apr 01, 2000 at 03:16:23PM -0700, Jason Gunthorpe wrote:
> > How many people
> > foward ssh agents and put that key in their home .ssh/authorized_keys?
>
> What does that mean? It could easily be that I am doing something
> wrong without even r
On Fri, Mar 31, 2000 at 11:19:40PM -0500, Branden Robinson wrote:
> Blacklisters may have the right to speak and *say* what they think I should
> do, but they have no right to be heard.
Your post only rated a 1.5 on my trollometer. Please try harder.
Hamish
--
Hamish Moffatt VK3SB <[EMAIL PROTE
On Sat, Apr 01, 2000 at 10:13:38AM -0800, esoR ocsirF wrote:
> Caution, IANAD. Just tring to help
>
> Package: cricket (debian/main)
> Maintainer: Matt Zimmerman <[EMAIL PROTECTED]>
> 56948 cricket depends on non-existant package
>
> Package: ftp.debian.org (pseudo)
> Maintainer: Guy Maor <[EM
On Sat, Apr 01, 2000 at 10:14:47AM +0200, Josip Rodin wrote:
> On Fri, Mar 31, 2000 at 02:43:19PM -0800, Seth R Arnold wrote:
> > > > The ballots came from:
> > >
> > > 216 people, if I counted right (wc(1) :). So much for the `300 active
> > > developers' vaporware, even if you include dissidents
On Sat, Apr 01, 2000 at 04:00:20PM +0200, Marcus Brinkmann wrote:
> On Sat, Apr 01, 2000 at 12:55:53PM +1000, Anthony Towns wrote:
> > But unfortunately that's not quite the choice I have either, since for
> > some reason that I can't fathom, people seem to think that a dinstall
> > key would be an
On Sat, Apr 01, 2000 at 03:38:29PM +0200, Marcus Brinkmann wrote:
> I could not trust either. The former, because it is stored on a network
> connected machine, the latter because it is transfered over the net (if it
> is shared among the security team). Of course, if the security team use
> their
On Sat, Apr 01, 2000 at 10:36:44PM -0600, Zed Pobre wrote:
> > Also, what's so fundamentally wrong with transferring a secret key over
> > the net? Hint: PGP does it every time you send an encrypted email.
> Either you are using the phrase "secret key" in a context with
> which I am unfamiliar,
I have had some serious bug reports about this release (see bugs 61515
and 61573).
If you are tracking woody (unstable) this may affect you.
Please do not let the postgresql packages be upgraded automatically; put them
on hold. If you decide to upgrade, make absolutely sure you have a backup
of $
On 00-03-26 Matt Zimmerman wrote:
> On Sat, Mar 25, 2000 at 03:39:24PM +0100, Christian Kurz wrote:
> > as jsut discussed on debian-devel, I would like to package John the
> > Ripper. If someone already has done or is working on it, please mail me,
> > then I will stop packing it. Otherwise I will
On Sat, Mar 25, 2000 at 05:34:20PM +0100, Robert Varga wrote:
>
>
> On Thu, 23 Mar 2000, Steve Greenland wrote:
>
>
> However I don't really like 8i, since it needs much more (and it should be
> written as MUCH MORE) resources than 8.0.5. I know there is one aspect of
> using 8i on linux when c
On Sat, 1 Apr 2000, Ben Collins wrote:
> On Sat, Apr 01, 2000 at 10:13:38AM -0800, esoR ocsirF wrote:
> > Caution, IANAD. Just tring to help
> >
> > Package: cricket (debian/main)
> > Maintainer: Matt Zimmerman <[EMAIL PROTECTED]>
> > 56948 cricket depends on non-existant package
> >
> > Pack
On Sun, Apr 02, 2000 at 02:46:30PM +1000, Anthony Towns wrote:
> PGP (v2.x, I'm not uptodate with the recent OpenPGP stuff), generates a
> secret (albeit symmetric, rather than public/private keypair) IDEA key
> everytime you try to encrpt a message. It encrypts the message with this
> key, then en
On Sun, Apr 02, 2000 at 01:36:56PM +1000, Anthony Towns wrote:
> On Sat, Apr 01, 2000 at 03:38:29PM +0200, Marcus Brinkmann wrote:
> > I could not trust either. The former, because it is stored on a network
> > connected machine, the latter because it is transfered over the net (if it
> > is shared
On Sat, Apr 01, 2000 at 02:49:40PM -0700, Jason Gunthorpe wrote:
>
> On Sat, 1 Apr 2000, Marcus Brinkmann wrote:
>
> > In the signed .debs case, I, as a developer, assert that the package comes
> > from me. A user can directly verify this by checking the signature.
>
> No, the user cannot verify
On Sat, Apr 01, 2000 at 03:16:23PM -0700, Jason Gunthorpe wrote:
>
> On Sat, 1 Apr 2000, Marcus Brinkmann wrote:
>
> > Wrong. If you have signed debs, and you are careful when updating the
> > debian-keyring package, there is no risk even if master is compromised.
>
> Hahha!
>
> Sorry, your are
On Sat, Apr 01, 2000 at 03:18:17PM -0700, Jason Gunthorpe wrote:
> > Now link 2. It is currently absent. What you seem to suggest is to add a key
> > (dinstall-key) here, so the user can verify the archive. This adds a point
> > of weakness. As the dinstall key can't be used automatically and kept
Hi,
On Sun, Apr 02, 2000 at 01:33:53PM +1000, Anthony Towns wrote:
> > As dinstall verifies the keys on the packages (which already exist, btw,
> > they are just not propagated), it puts itself in the middle of the chain:
>
> Well, as Jason points out, they are propogated: by the -devel-changes
>
On Sat, Apr 01, 2000 at 04:56:59PM -0700, Jason Gunthorpe wrote:
>
> On Sun, 2 Apr 2000, Julian Gilbey wrote:
>
> > On Sat, Apr 01, 2000 at 03:16:23PM -0700, Jason Gunthorpe wrote:
> > > How many people
> > > foward ssh agents and put that key in their home .ssh/authorized_keys?
> >
> > What doe
Hello,
Sorry for sending this message again and sorry for sending to
devel (I don't know if I should). I really need your help, I tried
everything I know and I can't make my Emacs work with END key, when it
is in Xterm.
- All programs have right key configuration
- Emacs
> "Rodrigo" == Rodrigo Castro <[EMAIL PROTECTED]> writes:
> Hello, Sorry for sending this message again and sorry for
> sending to devel (I don't know if I should). I really need your
> help, I tried everything I know and I can't make my Emacs work
> with END key, when it is in
Hi all,
I've been working on javawrapper, a utility which uses the binfmt_misc
kernel module to let you execute Java classes like any other program -
'./MyProgram.class' instead of 'java MyProgram.class'. For those of you
unfamiliar with binfmt_misc, the documentation is in
Documentation/binfmt_mi
On Thu, Mar 30, 2000 at 10:03:14AM -0500, Daniel Martin wrote:
> Well, if I do a
> $process | file -b - | magic2mime
>
> where "$process" is anything that produces a large amount of output
> slowly, then the process is killed by a SIGPIPE in short order.
>
> If, however, I do:
> $process | (file
Marcus Brinkmann <[EMAIL PROTECTED]> writes:
> Yes, but you have not "the right" (what loaded words!) to close the bug
> reports. Feel free to ignore them, but don't close them without a better
> reason.
If communication with the reporter is necessary to fix the bug, and
this communication is bro
On Sat, Apr 01, 2000 at 10:48:54PM +0200, Marcus Brinkmann wrote:
> No. Currently there is NO chain of verification (I should not have said
> "trust", it's the wrong term. Sorry).
So you agree that it would be an improvement?
> However, it doesn't establish a complete chain of verification from
Anthony Towns writes:
> There is an existing single-point vulnerability in *every*
> mirror. Compromise the mirror and you can compromise every single Debian
> user who upgrades from that mirror. You don't even have to try touching
> anything at *.debian.org.
Yes, and I'd very much see this vuln
On Sun, Apr 02, 2000 at 04:36:00PM +0100, Colin Watson wrote:
> 3) Where should this go? The obvious place is dpkg, but am I being too
>arrogant there? It feels too small for its own package, though.
I like the idea, but I think it should go in its own package, like
menu. For one thing, a lot
Hi,
I think the answer is this: it is felt by debian developers that pgcc
deserves more: it should be included in its own architecture, You may
know that we have the architecture called 'i386', well, pgcc would come
in the architecture called 'i586' with the idea that all packages in
debian would
On Sun, Apr 02, 2000 at 11:14:16AM -0400, Marshal Kar-Cheung Wong wrote:
> > "Rodrigo" == Rodrigo Castro <[EMAIL PROTECTED]> writes:
>
> > Hello, Sorry for sending this message again and sorry for
> > sending to devel (I don't know if I should). I really need your
> > help, I tried
On Sun, Apr 02, 2000 at 10:11:44AM -0700, Jim Lynch wrote:
> I think the answer is this: it is felt by debian developers that pgcc
> deserves more: it should be included in its own architecture, You may
> know that we have the architecture called 'i386', well, pgcc would come
> in the architecture
Julian Gilbey <[EMAIL PROTECTED]> writes:
> On my home machine, I have an identity in .ssh/identity.pub.
> I copied that into .ssh/authorized_keys on master (possibly using the
> LDAP system).
> I *also* copied it into .ssh/authorized_keys on my home machine.
>
> That extra copy on my home machin
[EMAIL PROTECTED] wrote:
>On Sun, Apr 02, 2000 at 04:36:00PM +0100, Colin Watson wrote:
>> 3) Where should this go? The obvious place is dpkg, but am I being too
>>arrogant there? It feels too small for its own package, though.
>
>I like the idea, but I think it should go in its own package, li
Hi,
So the original question remains: is there a simple pgcc available somewhere?
-Jim
---
Jim Lynch Finger for pgp key
as Laney College CIS admin: [EMAIL PROTECTED] http://www.laney.edu/~jim/
as Debian developer: [EMAIL PROTECTED] http://www.debian.org/~jwl/
On 30-Mar-00, 13:01 (CST), Steve Greenland <[EMAIL PROTECTED]> wrote:
> On 30-Mar-00, 05:43 (CST), Richard Braakman <[EMAIL PROTECTED]> wrote:
> > Package: debianutils (debian/main).
> > Maintainer: Guy Maor <[EMAIL PROTECTED]>
> > 59121 run-parts hangs during /etc/cron.daily runs
>
> There's
On 2 Apr 2000, Robert Bihlmeyer wrote:
> > Solution: remove the identity from .ssh/authorized_keys on my home
> > machine.
> Note that *any* keys that your agent holds can be snarfed by the
> admin(s) of any hosts where you ssh-in with agent forwarding enabled.
No, that is the point of ssh-age
Hi Marcus,
On Sun, Apr 02, 2000 at 02:32:04PM +0200, Marcus Brinkmann wrote:
> > No, the user cannot verify that. The user can check the signature against
> > our keyring but they have no idea who *should* have signed it.
>
> It seems to be hard to understand, so I will explain it one more time
On Sat, 1 Apr 2000, Craig Sanders wrote:
> On Fri, Mar 31, 2000 at 11:08:53PM -0500, Branden Robinson wrote:
> > On Fri, Mar 31, 2000 at 11:18:47PM +1000, Craig Sanders wrote:
> > > your right to free speech does not include the right to force anyone
> > > else to listen.
> >
> > Then this prin
On Sun, 2 Apr 2000, Marcus Brinkmann wrote:
> This is a seperate problem. I agree that this should not be the case, but it
> has no place in this discussion. If individual developer keys are
> compromised, we have a problem no matter what. Developers should not store
> secret keys on net connecte
On Sun, Apr 02, 2000 at 10:48:24AM -0300, Rodrigo Castro wrote:
> Sorry for sending this message again and sorry for sending to
> devel (I don't know if I should). I really need your help, I tried
> everything I know and I can't make my Emacs work with END key, when it
> is in Xterm.
If you'
I have packaged LIRC and will upload it later today or tomorrow if
noone objects.
LIRC is Linux Infra-red Remote Control support, see
http://fsinfo.cs.uni-sb.de/~columbus/lirc/index.html
Similarly, I have packaged devfsd (http://www.atnf.csiro.au/~rgooch/linux/).
This one still needs a couple of
Chris Frey wrote:
> I'm curious how this issue is going to be handled now that it has been
> discussed. (The archives don't seem to be seeing any new messages on this
> topic.) What has to occur before this cryptographic signing of
> Packages actually happens?
Oops, the recent mail archive upda
Hello Branden,
On Sun, Apr 02, 2000 at 05:07:11PM -0400, Branden Robinson wrote:
> On Sun, Apr 02, 2000 at 10:48:24AM -0300, Rodrigo Castro wrote:
> > Sorry for sending this message again and sorry for sending to
> > devel (I don't know if I should). I really need your help, I tried
> > everyt
Quoting Steve Greenland:
:Raphael and Ingo, if you get a chance, can you confirm I didn't screw
:this up? Rainer, I think this fixes your bug too (#57464). Guy, if you
:don't object by ~22:00 Tuesday, April 4th (CDT), I'm going to go ahead
:and upload it to Incoming.
Unfortunately, I'm leaving tom
>
> So the original question remains: is there a simple pgcc available somewhere?
>
> -Jim
Yes ! is there a simple pgcc available somewhere?
I'm going to tell you why I want a pgcc package: I want to build a
customized
version of the potato.
I have the sources, I compile the sources with pgcc i
43 matches
Mail list logo
