On Thu, 2003-12-04 at 04:42, Andres Salomon wrote:
> On Wed, 03 Dec 2003 14:45:51 +1100, Zenaan Harkness wrote:
>
> > As per the recommendations from Bruce Perens' User Linux paper
> > http://userlinux.com/white_paper.html, this thread is to discuss the
> > applications within the bounded set of D
On Wed, Dec 03, 2003 at 08:37:06PM +0100, Marc Haber wrote:
> >the other
> >is to ensure that exim4-base (and config) is "configured" first, which
> >can be done by having them not have a postinst script. That mightn't be
> >good enough.
> Both -base and -config have non-trivial postinst scripts.
On Thu, 2003-12-04 at 07:04, Russell Coker wrote:
> On Thu, 4 Dec 2003 08:07, "David Palmer." <[EMAIL PROTECTED]> wrote:
> > I note also that Adamantix developers, when a present priority project
> > reaches completion, have expressed a willingness to commit in the
> > process of assisting with Pax
On Wed, 2003-12-03 at 22:44, VEROK Istvan wrote:
> On Wed, 3 Dec 2003, Andreas Tille wrote:
> > On Wed, 3 Dec 2003, Fabian Fagerholm wrote:
> >
> > > In my view (as I said), it would be logical to name a further
> > > subdivision of that product "flavor".
> > I like this interpretation of the term
On Wed, 03 Dec 2003 23:29:22 +0100, Tore Anderson <[EMAIL PROTECTED]>
wrote:
>* Marc Haber
>> The way -config does the configuration is something that is questioned
>> by a lot of people. Most conservative eximists hate the configuration
>> being split out in several files,
>Absolutely, this is a
On Wed, Dec 03, 2003 at 05:38:11PM -0500, Nathanael Nerode wrote:
> The security advisory does not mention these (the current 2.4.x kernels
> available in sarge), and the upstream fix is apparently not until 2.4.23.
No offense... but (a) why would the DSA mention Sarge, and (b) isn't it
obvious th
Sebastien Bacher <[EMAIL PROTECTED]> writes:
> I'm not sure that's a good idea. I'm using Gnome and I'd like to keep a
> simple applications' menu, not having hundred entries like in my
> debian's menu. Having too many entries in a menu is an usability problem
> imho (it's very annoying to search a
Hi!
AGD_ADM.1 Administrator guidance (all EALs)
AGD_ADM.1.1D The developer shall provide administrator guidance
addressed to system administrative personnel.
(This is man 8, and the various administrators' guides
and HOWTOs. We do have it in most cases. Thanks to the
On Tue, Dec 02, 2003 at 10:49:20PM -0600, John Goerzen wrote:
> If you think you can get every large enterprise worldwide to standardize
> on a single scripting language -- much less get even ONE to do that --
> then you will surely be nominated for several nobel prizes.
Rather, the most you'll ge
On Wed, 2003-12-03 at 16:02, Benj. Mako Hill wrote:
> If you apt-get install the subproject-howto you will get something
> talking *only* about creating a custom Debian-distribution -- not
> about creating a subproject for any other sort of work. The folks at
> the BOF saw a real lack of interactio
On Wed, Dec 03, 2003 at 12:44:17PM +0100, VEROK Istvan wrote:
> Due to the unclear connotations, there is a great deal of confusion over
> the terms "internal project", "subproject", "flavor", "custom Debian
> distribution" and the like. To clarify my own thinking, I started using
> just "subset"
On Thu, Dec 04, 2003 at 03:07:52AM +0100, Goswin von Brederlow wrote:
> Anthony DeRobertis <[EMAIL PROTECTED]> writes:
>
> > On Wed, 2003-12-03 at 05:23, Manoj Srivastava wrote:
> >
> > > Because it buys little security wise?
> >
> > I can take a rescue disk, a CD with relevant packages on it
* Marc Haber
> Well, I am only paid to work on the exim4 package if my employer gets
> to use the package as well. Since we don't want debconf questions to
> pop up during installation and we found the pre-fabricated -config too
> inflexible for our needs, -config needs to be split out.
So
ËÍÄãÒ»ÕŹú¼ÊÐÅÓÿ¨£¡£¡Íø׬´Ó´Ë²»Óó£¡£¡£¡
Freecashcards¹ú¼ÊÐÅÓÿ¨£¬ÒÔÇ°ÉêÇëÐèÒªÊÖÐø·Ñ39.5$£¬ÎªÁËÔÚÈ«ÊÀ½çѸËÙÆÕ¼°£¬ÏÖÔÚÊÖÐø·ÑÈ«·Ñ£¬¶øÇÒ×¢²á¾ÍËÍÄã5$
£¡Äã¿ÉÒÔ
½«ACH, wire, cashiers checks, money orders, e-gold, NetPayµÈÕÊ»§µÄǮתÈë
FreecashcardsÊÇÒ»¼ÒÃÀ¹úµÄÍøÉÏÒøÐУ¬¿ÉÈ«Çò°ìÀíÉêÇë¹ú¼ÊÐÅÓÿ¨ÒµÎñ
On Thu, 4 Dec 2003, Fabian Fagerholm wrote:
> Can you say who the flavors people, the metadistros people and the
> subproject people were? I'd like to make contact with all of these to
> get more details about their respective projects and their view on this.
Here on debian-devel. (Can you hear me
On Thu, 2003-12-04 at 20:23, Fabian Fagerholm wrote:
> On Wed, 2003-12-03 at 13:44, VEROK Istvan wrote:
> > Subsets can also have subsets, or a subset may even come from the
> > confluence of other subsets, so there is no need to name one level a
> > "custom Debian distro" and another level a "flav
Peter Palfrader <[EMAIL PROTECTED]> wrote:
> On Wed, 03 Dec 2003, Andreas Metzler wrote:
>> Steve Greenland <[EMAIL PROTECTED]> wrote:
>> [...]
>>> I think the idea of a namespace for usernames used by packages is a good
>>> idea, but rather than "debian-", we should take this to the LSB folk, so
>
On Wed, 2003-12-03 at 13:44, VEROK Istvan wrote:
> Subsets can also have subsets, or a subset may even come from the
> confluence of other subsets, so there is no need to name one level a
> "custom Debian distro" and another level a "flavor".
I'll elaborate more in a later post, but I just want to
On Thu, 2003-12-04 at 19:25, Fabian Fagerholm wrote:
> I want to collect knowledge and pieces of text from all who have some
> experience with subprojects, and work that material into the HOWTO. I
> will contact some subproject people shortly to get their input. Any
> pointers will be appreciated.
On Wed, Dec 03, 2003 at 09:32:37AM -0600, Manoj Srivastava wrote:
> Laptops with biometric print readers are supposed to be around
> the horizon as well.
If you're talking about laptops with fingerprint readers, they're
consumer items right now. The sales manager at my ex-employer had one
f
Anthony Towns wrote:
* #203339 - freeswan - Rene Mayrhofer
FTBFS, patch in the bug log since July, no further activity
I feel that I need to respond to that, after being mentioned here :)
I fully admit that I have simply overlooked this one, because it is very
easy to fix (and in
Zenaan Harkness <[EMAIL PROTECTED]> wrote:
> On Thu, 2003-12-04 at 01:51, Andreas Metzler wrote:
[...]
>> The problem with this is time. I need to add a system-user (for exim4)
>> _now_. Shall I go for namespace, and if yes which one? _debian-exim,
>> debian-dexim, DEB-exim?
> This might be pointi
> I don't mean any offense to you or your terms but I think that the
> major source of the confusion is not the the imprecision of the terms
> because (as other have pointed out) all terms are imprecise. The major
> problem is the *number* of these terms. Adding one or two more, even
> with their
#include
* Manoj Srivastava [Wed, Dec 03 2003, 04:19:59AM]:
> > - current md5sums file in control.tar.gz should contain checksums of
> >really all files
>
> Hard to do for conffiles. Now, if the md5sums were generated
Then only add the m5sums of the control.tar.gz contents and add it
* Goswin von Brederlow <[EMAIL PROTECTED]> [031204 02:46]:
> "Bernhard R. Link" <[EMAIL PROTECTED]> writes:
> > I don't think so. md5-calculation it not the fastest thing (especially
> > on non-i386 it often feels like downloading and installing together
> > needs less time than the md5sum-verifica
On Thu, 4 Dec 2003 16:44, "David Palmer." <[EMAIL PROTECTED]> wrote:
> On Thu, 2003-12-04 at 07:04, Russell Coker wrote:
> > Please point out where the Adamantix developers expressed a willingness
> > to help in any way.
That message was intentionally to you not the list. Now we will have another
* Wouter Verhelst ([EMAIL PROTECTED]) [031203 23:10]:
> Op wo 03-12-2003, om 10:09 schreef Andreas Barth:
> > > > file back signed by the build admin. The debian archive scripts
> > > > accepts packages signed by a buildd-key only if it is a binary package
> > > > for this architecture, the key is
* Tore Anderson ([EMAIL PROTECTED]) [031203 23:55]:
> * Marc Haber
> > The way -config does the configuration is something that is questioned
> > by a lot of people. Most conservative eximists hate the configuration
> > being split out in several files,
> Absolutely, this is a slight conven
On Thu, Dec 04, 2003 at 12:19:28PM +, Andrew Suffield wrote:
| On Thu, Dec 04, 2003 at 12:34:22AM +0100, Raphael Goulais wrote:
| > On Wednesday 03 December 2003 21:31, Zenaan Harkness wrote:
| > > I agree. I would like to see .desktop standard adopted. There have been
| > > a few threads I hav
On Thu, Dec 04, 2003 at 12:34:22AM +0100, Raphael Goulais wrote:
> On Wednesday 03 December 2003 21:31, Zenaan Harkness wrote:
> > I agree. I would like to see .desktop standard adopted. There have been
> > a few threads I have seen so far, and there seems to be some level of
> > resistance to the
On Thu, 2003-12-04 at 19:58, Russell Coker wrote:
> On Thu, 4 Dec 2003 16:44, "David Palmer." <[EMAIL PROTECTED]> wrote:
> > On Thu, 2003-12-04 at 07:04, Russell Coker wrote:
> > > Please point out where the Adamantix developers expressed a willingness
> > > to help in any way.
>
> That message wa
Zenaan Harkness, on 2003-12-03, 14:58, you wrote:
> To give limits to Debian Enterprise/ User Linux we need to define some
> areas of focus.
>
> Flavours (and sub-flavours/ tasks/ yadda) is as good a place to start as
> any. So here are some proposed flavours:
>
> - Enterprise (base packages and
"Bernhard R. Link" <[EMAIL PROTECTED]> writes:
> * Goswin von Brederlow <[EMAIL PROTECTED]> [031204 02:46]:
> > "Bernhard R. Link" <[EMAIL PROTECTED]> writes:
> > > I don't think so. md5-calculation it not the fastest thing (especially
> > > on non-i386 it often feels like downloading and installi
Andreas Barth <[EMAIL PROTECTED]> writes:
> * Wouter Verhelst ([EMAIL PROTECTED]) [031203 23:10]:
> > Op wo 03-12-2003, om 10:09 schreef Andreas Barth:
> > > > > file back signed by the build admin. The debian archive scripts
> > > > > accepts packages signed by a buildd-key only if it is a binary
请天津、北京的朋友一定来看看,如果您闲下边文字乱,请您直接点击:
http://www.cityxf.com/lan2.htm或; http://www.cityxf.com/eshop
?
? 京津MP3、CD数码总批发?
?┤ ├?
?
On Thursday 04 December 2003 13:19, Andrew Suffield wrote:
> > The silly question is : What does our actual menu system provide that
> > shouldn't be achieved by using .desktop file ?
> >
> > As those are going to be a standard, we should deal with them.
>
> You could swap "our menu system" and ".d
* Goswin von Brederlow ([EMAIL PROTECTED]) [031204 15:10]:
> Andreas Barth <[EMAIL PROTECTED]> writes:
> > Ok?
> Sounds ok but the upload rules can be tightened much much later. First
> we have to get signing started, which means fixing apt-utils or
> debsigs or preferably both. And of cause cha
On Thu, Dec 04, 2003 at 03:53:54PM +0900, Miles Bader wrote:
> Sebastien Bacher <[EMAIL PROTECTED]> writes:
> > I'm not sure that's a good idea. I'm using Gnome and I'd like to keep a
> > simple applications' menu, not having hundred entries like in my
> > debian's menu. Having too many entries in
Andreas Barth <[EMAIL PROTECTED]> writes:
> * Goswin von Brederlow ([EMAIL PROTECTED]) [031204 15:10]:
> > Andreas Barth <[EMAIL PROTECTED]> writes:
>
> > > Ok?
>
> > Sounds ok but the upload rules can be tightened much much later. First
> > we have to get signing started, which means fixing ap
On Wed, Dec 03, 2003 at 08:19:24AM +0100, Goswin von Brederlow wrote:
> Hamish Moffatt <[EMAIL PROTECTED]> writes:
>
> > ... apt-get build-dep somesourcepackage" ...
>
> apt-get build-deb ...
Just to clarify, build-dep is the proposed action rather than build-deb?
--
Jon Dowland
http://jon.dow
On Wed, Dec 03, 2003 at 06:10:27PM +1100, Hamish Moffatt wrote:
> On Tue, Dec 02, 2003 at 02:10:56PM +, Jonathan Dowland wrote:
> > Should this be the job of apt-get? Fetching a list of build-depends is a
> > similar job to that performed by apt-cache for other fields. I always
> > associate ap
"Nikita V. Youshchenko" <[EMAIL PROTECTED]> wrote:
>> On Tue, Dec 02, 2003 at 05:32:59PM +1100, Zenaan Harkness wrote:
>>> Can "requesting removal from archive" be automated, to occur say after 3
>>> weeks of inactivity of rc/grave/serious bug?
>>>
>>> As a DD, I assume there is some pride and/ o
Anthony Towns wrote on debian-devel-announce:
> I think the best way is to
> file a RFA (which we're redefining as "Request For Assistance" instead
> of just "Request For Adoption") report against wnpp
[cut]
> Third, personnel deployment. As a complem
Package: wnpp
Severity: wishlist
* Package name: dap
Version : 2.1.5
Upstream Author : Richard Kent <[EMAIL PROTECTED]>
* URL : http://www.cee.hw.ac.uk/~richardk/
* License : GPL
Description : Comprehensive audio sample editing and processing suite
DAP is
On Wed, 3 Dec 2003 23:19:58 +0100, Bernhard R Link <[EMAIL PROTECTED]> said:
> * Manoj Srivastava <[EMAIL PROTECTED]> [031203 20:12]:
>> Before we make such a push, we should at least ensure that it is
>> something we really want to do. I think locally generated checksums
>> are a better solution
On 04 Dec 2003 02:44:31 +0100, Goswin von Brederlow <[EMAIL PROTECTED]> said:
> "Bernhard R. Link" <[EMAIL PROTECTED]> writes:
>> * Manoj Srivastava <[EMAIL PROTECTED]> [031203 20:12]:
>> >Before we make such a push, we should at least ensure that it
>> > is something we really want to do. I
On Thu, 4 Dec 2003 13:02:57 +0100, Bernhard R Link <[EMAIL PROTECTED]> said:
> * Goswin von Brederlow <[EMAIL PROTECTED]>
> [031204 02:46]:
>> "Bernhard R. Link" <[EMAIL PROTECTED]> writes:
>> > I don't think so. md5-calculation it not the fastest thing
>> > (especially on non-i386 it often fee
On Thu, Dec 04, 2003 at 03:03:39AM +0100, Goswin von Brederlow wrote:
> Signed debs establish a trust chain from the buildd to the user and
> from the buildd-admin/maintainer to the user as well as copy the
> existing trust chain from ftp-master to the user into the deb itself.
>
> The Release.gp
Manoj Srivastava wrote:
> Before we make such a push, we should at least ensure that it
> is something we really want to do. I think locally generated
> checksums are a better solution.
To me, the main use of md5sums seems to be verifying nothing bad (as in
accident, not malicious manipulat
On Thu, Dec 04, 2003 at 10:38:10AM -0500, Peter S Galbraith wrote:
> Anthony Towns wrote on debian-devel-announce:
>
> > I think the best way is to
> > file a RFA (which we're redefining as "Request For Assistance" instead
> > of just "Request For Ado
Package: wnpp
Severity: wishlist
Package name: djohn
Version : 0.9.8.1
Upstream Author : Luis Parravicini [EMAIL PROTECTED]
URL : http://ktulu.com.ar/en/djohn.php
License : GPL
Description : Distributed password cracker
This is a little program to p
* Manoj Srivastava <[EMAIL PROTECTED]> [031204 18:00]:
> >> The md5sum file should be generated at build time, signed and only
> >> the signature kept. The signature is small enough not to cause
> >> bloat, it can be included in the Package file or a Signatures.gz
> >> file containing all signature
* Goswin von Brederlow <[EMAIL PROTECTED]> [031204 15:05]:
> > I also think it is hardly possible to regenerate the .md5sums file
> > in a way the signature will be kept. It would need to never change
> > which files are included and how they are sorted. It could also
> > cause problems with more s
On Wed, Dec 03, 2003 at 02:46:59PM -0600, Chad Walstrom wrote:
> On Wed, Dec 03, 2003 at 06:30:16PM +0100, Jeroen van Wolffelaar wrote:
> > On Wed, Dec 03, 2003 at 05:44:36PM +0100, Santiago Vila wrote:
> > > file=main/libp/libpng/libpng2_1.0.12-3.woody.3_i386.deb
> > > wget -q -O 1.deb http://ftp.
On Dec 3, 2003, at 22:35, Graham Wilson wrote:
On Wed, Dec 03, 2003 at 10:20:14AM -0500, Anthony DeRobertis wrote:
Please, please, use debian- or some other prefix! That shouldn't
confuse
any rational person
What about sys- as a prefix?
I'm not particularly tied to any prefix, though something
On Wed, 03 Dec 2003 17:40:51 -0500, Anthony DeRobertis <[EMAIL PROTECTED]>
said:
> On Wed, 2003-12-03 at 05:23, Manoj Srivastava wrote:
>> Because it buys little security wise?
> I can take a rescue disk, a CD with relevant packages on it, boot
> the suspect server from the rescue disk, and qui
On Dec 3, 2003, at 21:07, Goswin von Brederlow wrote:
You can just as well just check all the debs. gunzip doesn't take
longer, the slowest thing usually is the cdrom.
True, so I should probably just put the md5sums files on my CD, and
check those. That'd be far faster.
I could even put the md5su
On Thu, 4 Dec 2003 02:29:29 +0100, Javier Fernández-Sanguino Peña <[EMAIL
PROTECTED]> said:
> On Wed, Dec 03, 2003 at 04:23:33AM -0600, Manoj Srivastava wrote:
>> On Mon, 1 Dec 2003 17:12:36 -0500, christophe barbe
>> <[EMAIL PROTECTED]> said:
>>
>> > I don't see why adding a md5dsum_are_mandato
Peter S Galbraith <[EMAIL PROTECTED]> writes:
> another package's was using convert in the build stage to convert
> some images and it was failing. The bug was elevated to
> release-critical. I don't think it would be fair to remove
> imagemagick from the distribution for such a case.
>From the
On Thu, 4 Dec 2003 12:43:18 +0100, Eduard Bloch <[EMAIL PROTECTED]> said:
>> include
> * Manoj Srivastava [Wed, Dec 03 2003, 04:19:59AM]:
>> > - current md5sums file in control.tar.gz should contain checksums
>> > of
>> >really all files
>>
>> Hard to do for conffiles. Now, if the md5sums
On Wed, 3 Dec 2003 13:34:51 -0800, Tom <[EMAIL PROTECTED]> said:
> On Wed, Dec 03, 2003 at 09:26:15AM -0600, Manoj Srivastava wrote:
>> Guess what the median age of a Debian developer is.
> Don't know, don't care.
>> Volunteer organization have dues?
> Yes, I don't know what planet you're fro
On Thu, Dec 04, 2003 at 09:01:27PM +0800, Cameron Patrick wrote:
> On Thu, Dec 04, 2003 at 12:19:28PM +, Andrew Suffield wrote:
> | On Thu, Dec 04, 2003 at 12:34:22AM +0100, Raphael Goulais wrote:
> | > On Wednesday 03 December 2003 21:31, Zenaan Harkness wrote:
> | > > I agree. I would like to
On Wed, 3 Dec 2003 13:36:58 -0800, Tom <[EMAIL PROTECTED]> said:
> On Wed, Dec 03, 2003 at 09:24:07AM -0600, Manoj Srivastava wrote:
>> Heh. Your grasp of the practicality of the situation is slipping.
>> Not only do these guys donate a fairly expensive chunk of billable
>> hours and expertise,
On Thu, 04 Dec 2003 10:20:16 +0100, Tore Anderson <[EMAIL PROTECTED]>
wrote:
>* Marc Haber
> > Well, I am only paid to work on the exim4 package if my employer gets
> > to use the package as well. Since we don't want debconf questions to
> > pop up during installation and we found the pre-fabricate
On Thu, 4 Dec 2003 13:43:39 +1000, Anthony Towns
wrote:
>Maybe an easy way of answering that is to instead answer this: why can't
>you just make the -config package a bunch of files and a script that
>doesn't get executed until the daemon package is installed?
That's a nice idea. The -base init s
On Wed, 3 Dec 2003 13:36:58 -0800, Tom <[EMAIL PROTECTED]> said:
> On Wed, Dec 03, 2003 at 09:24:07AM -0600, Manoj Srivastava wrote:
>> Heh. Your grasp of the practicality of the situation is slipping.
>> Not only do these guys donate a fairly expensive chunk of billable
>> hours and expertise,
[Manoj, I'm going to concentrate on this example, it's probably a corner
case and I'm probably digressing here ... oh well]
On Thu, Dec 04, 2003 at 11:17:46AM -0600, Manoj Srivastava wrote:
> > Finally, there's one thing md5sums in packages can provide that no
> > other solution proposed in th
On Dec 4, 2003, at 10:56, Peter S Galbraith wrote:
But another package's was using convert
in the build stage to convert some images and it was failing. The bug
was elevated to release-critical. I don't think it would be fair to
remove imagemagick from the distribution for such a case.
More impor
On Sat, Nov 29, 2003 at 10:49:11AM +0100, Florent Rougon wrote:
> Yes. Now, you have the problem that Policy maintainers want
> implementation prior to the rule appearing in Policy and some people
> won't follow rules unless they are stated in Policy (or are themselves
> convinced that the rule is
On Thu, 2003-12-04 at 15:20, Joerg Wendland wrote:
> When such a system is available, then having a "fileserver flavor" is
> just a matter of typing "apt-get install samba".
> So what I (and my clients) need is an operating system for the real
> big boxen. This is of course Debian but I expect of
On Thu, 4 Dec 2003 11:47:50 -0500, Matt Zimmerman <[EMAIL PROTECTED]> said:
> What kind of real world attacks do signed debs prevent? Not a
> compromised buildd, or a compromised maintainer's workstation.
It would allow me to copy .debs around with other people, or
use .debs not made a
> On Thursday 04 December 2003 13:19, Andrew Suffield wrote:
> > > The silly question is : What does our actual menu system provide that
> > > shouldn't be achieved by using .desktop file ?
> > >
> > > As those are going to be a standard, we should deal with them.
> >
> > You could swap "our menu s
On Tue, Dec 02, 2003 at 05:19:22PM -0800, Tom wrote:
> Smartcards would have avoided the Debian compromise: merely having a
> compromised DD box would have prevented bad guy from getting on the box.
>
> It's all about layers of defense.
>
> I think the DD's should seriously think about requirin
On Thu, Dec 04, 2003 at 12:28:41PM -0600, Manoj Srivastava wrote:
> On Thu, 4 Dec 2003 11:47:50 -0500, Matt Zimmerman <[EMAIL PROTECTED]> said:
>
> > What kind of real world attacks do signed debs prevent? Not a
> > compromised buildd, or a compromised maintainer's workstation.
>
> It wo
On Thu, Dec 04, 2003 at 04:49:45PM -0200, Felipe Almeida Lessa wrote:
> I think only one thing is blocking the whole idea of moving from
> Debian Menu style to freedesktop.org style: the work that need to be
> done. In other words, people don't wanna use the .desktop format
> because the have alrea
On Thu, 2003-12-04 at 11:42, Zenaan Harkness wrote:
> I could almost cut and paste your email into the wiki it was so clear
> (at least Debian parent(super) project -> CDD -> Flavor).
>
> I hope I haven't misunderstood you,
No, I was just in a hurry and expressed myself inadequately.
The discuss
On Thu, Dec 04, 2003 at 11:43:21AM -0600, Manoj Srivastava wrote:
> Snippy, aren't we? Usually it is better to have basic logic
> straight before you try for a mistaken sense of haughtiness.
My logic is correct; apparently my understanding of the goals of the
Debian project is not. I al
On Thu, Dec 04, 2003 at 02:23:54PM -0500, Matt Zimmerman wrote:
> On Tue, Dec 02, 2003 at 05:19:22PM -0800, Tom wrote:
> You must be joking. If the developer's system is compromised, and he logs
> into another system after that time, that system can be easily compromised
> also.
Yes, but the rea
> On Dec 4, 2003, at 10:56, Peter S Galbraith wrote:
>
> > But another package's was using convert
> > in the build stage to convert some images and it was failing. The bug
> > was elevated to release-critical. I don't think it would be fair to
> > remove imagemagick from the distribution for su
On Fri, 2003-12-05 at 05:49, Felipe Almeida Lessa wrote:
> > On Thursday 04 December 2003 13:19, Andrew Suffield wrote:
> > The other question is "how hard could it be to adapt menu to desktop files
> > ?".
> I think only one thing is blocking the whole idea of moving from Debian Menu
> style to
Just making another pass over this to associate the bug numbers for those
who are interested (especially in helping with the merge effort).
On Mon, Dec 01, 2003 at 07:06:41PM -0500, Joey Hess wrote:
> To install a package directly, with apt downloading any necessary
> dependencies:
> apt-get in
Felipe Almeida Lessa ([EMAIL PROTECTED]):
> It would be *very* hard to make the developers agree, but we need to
> think in the Open Source Community as a whole. The Debian Menu is used
> only by Debian, but the .desktop is or may be used by any
> distribution.
>
> Now just imagine what would ha
On Thu, Dec 04, 2003 at 02:41:43PM -0500, Matt Zimmerman wrote:
> On Thu, Dec 04, 2003 at 12:28:41PM -0600, Manoj Srivastava wrote:
>
> > On Thu, 4 Dec 2003 11:47:50 -0500, Matt Zimmerman <[EMAIL PROTECTED]> said:
> >
> > > What kind of real world attacks do signed debs prevent? Not a
> > > com
Andrew Suffield wrote:
>That wasn't his argument. However, it's similar, and the response is
>the same: why not simply add these features to the Debian menu system?
Why be gratuitously different?
There's now a standard used by KDE and GNOME which has more features than the
Debian menu system.
W
* Marc Haber
> Splitting up the config file in small files was necessary to do
> debconf support, which is a Debian requirement.
Debconf support is now required? I'm flabbergasted. Could you
please point me to this section of our policy? I certainly cannot
find it.
* Tore Anderson
>
On Thu, Dec 04, 2003 at 03:58:38PM -0500, Daniel Jacobowitz wrote:
> On Thu, Dec 04, 2003 at 02:41:43PM -0500, Matt Zimmerman wrote:
> > What kind of real world attacks do signed debs prevent?
> >
> > The only one which comes to mind is a rogue Debian developer that you do
> > not wish to trust,
Tore Anderson wrote:
> > Splitting up the config file in small files was necessary to do
> > debconf support, which is a Debian requirement.
>
> Debconf support is now required? I'm flabbergasted.
debconf support is a requirement if you want to be supported
(reconfigured) by base-config, whi
On 04-Dec-03, 09:26 (CST), Jonathan Dowland <[EMAIL PROTECTED]> wrote:
> It has been bashed around a lot but I think the menu system needs to be
> discussed thoroughly, as everyone seems to have reserved opinions on how
> it should be developed.
No it doesn't need to be discussed thorougly, it h
On Thu, Dec 04, 2003 at 03:44:56PM -0500, Nathanael Nerode wrote:
> Andrew Suffield wrote:
> >That wasn't his argument. However, it's similar, and the response is
> >the same: why not simply add these features to the Debian menu system?
>
> Why be gratuitously different?
Why not? Why waste effort
On 04-Dec-03, 14:44 (CST), Nathanael Nerode <[EMAIL PROTECTED]> wrote:
> There's now a standard used by KDE and GNOME which has more features than the
> Debian menu system.
And missing one key one: working with menu sysems other than KDE and GNOME.
> Which makes more sense:
> * Investing time i
On Wed, Dec 03, 2003 at 08:07:53AM +0100, Goswin von Brederlow wrote:
> I wrote a little script that checks what apt things its installing
> against what the control files of the debs say. I will test it with
> some more fakes and then file it in the BTS.
Why would you do this with a script rathe
* Marc Haber
> Splitting up the config file in small files was necessary to do
> debconf support, which is a Debian requirement.
* Tore Anderson
> Debconf support is now required? I'm flabbergasted.
* Joey Hess
> debconf support is a requirement if you want to be supported
> (reconfig
It's clear that it's important to fix the brk vulnerability.
It is intended to release sarge with a 2.4 kernel as the default, I believe.
Therefore, it is imperative that there be a 2.4 kernel in sarge which has
the brk vulnerability patched.
Currently, none of the 2.4 kernels in sarge or sid ha
Steve Greenland ([EMAIL PROTECTED]):
> On 04-Dec-03, 14:44 (CST), Nathanael Nerode <[EMAIL PROTECTED]> wrote:
> > There's now a standard used by KDE and GNOME which has more features
> > than the Debian menu system.
>
> And missing one key one: working with menu sysems other than KDE and
> GNOME
On Thu, Dec 04, 2003 at 11:55:26AM -0800, Tom wrote:
> Yes, but the reason it would have been efficiacious in this *particular*
> instance is the hacker sniffed the password, and then logged on to
> Debian's servers later at his leisure from a different PC. With a
> smartcard, he would have had t
On Thu, Dec 04, 2003 at 06:13:49PM -0500, Matt Zimmerman wrote:
>
> Not really; he just has to set things up ahead of time. This is like
> claiming the attacker has to be present in order to sniff your password from
> a telnet session (he doesn't; he just has to have been around at any time
> bef
Andrew Suffield ([EMAIL PROTECTED]):
> > Are there any technical complaints about it? (Apart from "I don't
> > like the .desktop extension", which I consider unimportant.)
>
> It doesn't support anything but gnome or kde. We have a system that
> works for everything, and it is unlikely that anyb
I wasn't going to post this, but it might be relevent to the
ongoing custom distribution stuff that's happening.
I've been experimenting with producing a hardened Debian derivitive
as a small piece of paid work. This mostly means compiling things with
a stackguard compiler, using format
http://www1.cs.columbia.edu/~spotter/debian/kernel/
those are Herbert's packages, archive isn't processing yet, so can get
them from the above link.
On Thu, 2003-12-04 at 17:49, Nathanael Nerode wrote:
> It's clear that it's important to fix the brk vulnerability.
>
> It is intended to release s
On Fri, 5 Dec 2003 10:39, Steve Kemp <[EMAIL PROTECTED]> wrote:
> I've been experimenting with producing a hardened Debian derivitive
> as a small piece of paid work. This mostly means compiling things with
> a stackguard compiler, using format guard, and enforcing policies, etc.
Are you usin
1 - 100 of 120 matches
Mail list logo
