Hi,
how about the following compromise:
Instead of having a md5sums file inside the control.tar.gz the md5sums
file is added to the end deb archive as "md5sums". The file would
contain a sorted list of all files in data.tar.gz _and_ control.tar.gz
(moved into /var/lib/dpkg/info where they end up)
特大好消息:现代影院---把电影院搬回家
部分电影名:陷阱(韩语新片)
处女洞房艳潭
私家秘密处女
爱抚乳房秘籍
美丽女人_钢管舞
桌球裸女
女人那话儿
水浒传之英雄好色
色欲城市之绝色网吧
唐朝旖丽男
On Friday 05 December 2003 08:03 pm, Goswin von Brederlow wrote:
> John Goerzen <[EMAIL PROTECTED]> writes:
[snip]
> > In other words, at no time would a .deb be downloaded. All .debs would
> > be built locally and installed locally.
I did on-target-system builds of personal backports for quite a
On Sun, 7 Dec 2003 01:05:24 +1000, Anthony Towns
wrote:
>On Sat, Dec 06, 2003 at 10:34:45AM +0100, Andreas Barth wrote:
>> > Seriously, I think you need to reconsider having the configuration in
>> > a separate package.
>> > What're you trying to achieve exactly?
>> Allowing for different configur
tryingto search with apt-file gives me this error message:
Can't locate object method "host" via package "URI::_foreign" at /usr/bin/
apt-file line 225
How can I solve it?
--
Don't go around saying the world owes you a living. The world owes you
nothing. It was here first.
-- Ma
On Fri, 2003-12-05 at 22:42, Goswin von Brederlow wrote:
>
> The only reason attackers don't do it is because with rpm noone cares
> about the md5sums.
Would you care to provide some evidence as to why Debian having md5sums
on all pacakges would be any different for attackers than RedHat having
On Fri, 2003-12-05 at 22:46, Goswin von Brederlow wrote:
> > No it isn't. For it to be non-repudiable, you'd have to demonstrate that
> > the key has not been compromised; that the developer knew what he was
> > signing (as opposed to a trojaned gpg telling him one thing while doing
> > another);
fwÎÒµÄÇ×Éí¾Àú
Fw: ¹ØÓÚÍø׬
ÄúºÃ£¡
> ÎÒÀûÓÃÒµÓàʱ¼ä×öÁË´ó°ëÄêµÄÍø׬,¸÷ÖÖ¸÷ÑùÍø׬¶¼³¢ÊÔ¹ý£¬Ò²¼á³Ö¹ý£¬¿ÉÄÜÒ²ÏòÄãÃÇÍƼö
¹ý£¬×ۺϿ´À´£¬µÃ³öÒÔϽáÂÛ£º
> ¹úÍâµÄ¶¼ÊÇÆÈ˵Ķࣻ
> µã»÷¹ã¸æÔò¼«ÉÙÈËÄÜ´ïµ½×îµÍ¸¶½ð¶î£»
> ¸¶·Ñ·¢Õ¹Ï¼¶´úÀí50Ԫ̫¸ß£»
> Ö»ÓÐÒ»¸öÍø׬³É¹¦µÄ£¬ÄǾÍÊÇÒÚÁªÍøÂ磬ֻÐ踶³ö10Ôª£¬´ó¶àÊýÈ˶¼Ä
Anthony Towns wrote:
> On Fri, Dec 05, 2003 at 05:46:30PM +0100, Marc Haber wrote:
>> On Thu, 4 Dec 2003 13:43:39 +1000, Anthony Towns
>> wrote:
>>> The one that gets installed later, Pre-Deps the one that gets installed
>>> earlier. exim4-daemon Pre-Depends: exim4-config; exim4-config Depends:
>
Re: Debian Bug Tracking System in <[EMAIL PROTECTED]>
>* Added de debconf translation. Thanks to the german Skolelinux team
> (closes: bug#2223114).
Well, I don't think we are *that* far yet...
Christoph
--
Christoph Berg <[EMAIL PROTECTED]>, http://www.df7cb.de/
Wohnheim D, 2405, Unive
Anthony DeRobertis <[EMAIL PROTECTED]> writes:
> On Fri, 2003-12-05 at 22:42, Goswin von Brederlow wrote:
>
> >
> > The only reason attackers don't do it is because with rpm noone cares
> > about the md5sums.
>
> Would you care to provide some evidence as to why Debian having md5sums
> on all p
On Sat, 2003-12-06 at 02:24, Manoj Srivastava wrote:
> I am (probably) getting a Zaurus for christmas this year. I
> would like to run Debian on it. You think that the PDA has gobs of
> disk space to throw around?
I think if you're worried about an extra few bytes per file from
md5sums,
On Sat, Dec 06, 2003 at 03:27:31PM -0800, Brian Nelson wrote:
> > if not: why was aspell _removed_ from stable and not replaced by a
> > backport of the version in unstable ?
> The upgrade to Aspell 0.50 is too big of a change for stable and would
> break a ton of stuff.
but just removing it doesn'
[Lukas Geyer]
> The free software community would profit much more from making gcc's
> Fortran compiler compatible with the Fortran 95 standard.
Someone is already working on that. Check
http://g95.sourceforge.net/>. I'm sure more man-power would be
welcome. :)
* Tollef Fog Heen
> It also makes it possible for packages such as clamav, spamassassin
> and mailman to seamlessly drop in support in a fairly clean way.
Which (possibly) makes the configuration break in a whole new way, if
you decide to actually change the logic of stuff inside conf.d/.
Steve Langasek wrote:
> Hmm, I'm pretty sure the box is running stable, so this should be a
> non-issue (for now).
I see; thanks for the clarification. I just wanted to make sure...
Roland
On Sat, Dec 06, 2003 at 08:29:54PM -0500, Lukas Geyer wrote:
> Of course, if somebody (maybe you?) sends Intel some patches to make
> their compiler work on Debian systems, that can not be bad. As an
> aside, I don't quite understand why Fortran is still so popular in the
> numerical mathematics co
On 20031206T145904-0600, John Goerzen wrote:
> Obviously gcc is the #1 example of this. However, gcc packages should
> not need to depend on themselves; in our distribution, we tend to have
> many different versions of gcc available, and any of them should be able
> to build a newer gcc.
Neverthe
Marc Wilson wrote:
>Just as a data point, you do realize that freedesktop.org is a wholly owned
>and operated subsidiary of RedHat, right?
Now this just isn't true.
>Oh, you don't think so? Take a look at who their god-king is. Take a look
>at where their mailing lists are hosted. Karsten has d
On Sun, Dec 07, 2003 at 12:37:45PM +0100, Christoph Berg wrote:
> Re: Debian Bug Tracking System in <[EMAIL PROTECTED]>
> >* Added de debconf translation. Thanks to the german Skolelinux team
> > (closes: bug#2223114).
>
> Well, I don't think we are *that* far yet...
Hopefully we are not
Hi!
The upstream sources of a package I maintain provide
changelogs in different subdirectories. What can I do
to handle them?
The only idea I've come up with is to put the name of
the corresponding subdirectory before each changelog.
Is there anyone who has resolved this problem in another
way
On Sun, Dec 07, 2003 at 03:18:54PM +0100, Tommaso Moroni wrote:
> The only idea I've come up with is to put the name of
> the corresponding subdirectory before each changelog.
> Is there anyone who has resolved this problem in another
> way?
I just took the "main" one and used that.
Some pa
Sehr geehrte(r) Frau, Herr,
Ich bin derzeit in einer Computerausbildung zum Projektleiter im Bereich
Informatik in Frankreich und möchte ab März 2004 ein Praktikum absolvieren. Ich
habe schon während 3 Jahre im EDV-Bereich gearbeitet. Ich spräche ein gut
Englisch (3 Monate in Liverpool Universi
Hi Eric!
On 2003-12-07 15:38 +0100, [EMAIL PROTECTED] wrote:
> Ich bin derzeit in einer Computerausbildung zum Projektleiter im Bereich
> Informatik in Frankreich und möchte ab März 2004 ein Praktikum absolvieren.
> Ich habe schon während 3 Jahre im EDV-Bereich gearbeitet. Ich spräche ein gut
>
Sarah
El-Deghiedy
HR Department
FedEx Express -
Egypt
Licensee
Of Federal Express Corporation
Phone : + 202 268 7999
Fax
: + 202 268 7555
Mob
: + 20105148266
E-mail: Sarah [EMAIL PROTECTED]
Sarah.doc
Description: MS-Word document
Sarah
El-Deghiedy
HR Department
FedEx Express -
Egypt
Licensee
Of Federal Express Corporation
Phone : + 202 268 7999
Fax
: + 202 268 7555
Mob
: + 20105148266
E-mail: Sarah [EMAIL PROTECTED]
Sarah.doc
Description: MS-Word document
On Sat, 2003-12-06 at 20:59, John Goerzen wrote:
> On Sat, Dec 06, 2003 at 09:31:54PM +0200, Antti-Juhani Kaijanaho wrote:
> > For example, every self-hosting compiler build-depends on itself
> > (many of them can be bootstrapped, but I'm not sure we want to require
> > bootstrapping on every buil
On Sat, 2003-12-06 at 02:15, Brian May wrote:
> All large uploads (ie greater then several kb) hang when I try to
> upload them, so I can't test this...
>
> Hmmm... Wonder if this is a local problem with my Internet connection or
> a problem with the remote system... Probably a local problem.
>
On Sun, Dec 07, 2003 at 10:09:04AM +0100, Marc Haber wrote:
> For example, the place I work has a package exim4-config-ilkserver
> based on exim4-config-medium. That package installs without debconf
> questions and contains a configuration that is suitable to our
> non-main servers. It, for example
Hi,
I made a proposal of an updated deb format definition. I based that on
the manpage deb (part of dpkg-dev), and on reverse engineering of
dpkg-deb/build.c. I hope I've written the standard in a right and easy
to understandable way. I did (by purpose) not add anything about
signatures etc, but I
* Andreas Barth ([EMAIL PROTECTED]) [031206 18:10]:
> I've tried to write down a list of requirements for the signature
> names (and what should be signed). I'll update the web version of this
> on http://debsigs.turmzimmer.net/policy.html
After some discussions, I updated my proposal (and also th
On Sun, Dec 07, 2003 at 09:27:53PM +0100, Tollef Fog Heen wrote:
> father's windows 2000 laptop when it's only connected to a NAT-ed
> internet connection.
How do you know it is not trojaned when u use it?
Greetings
Bernd
--
(OO) -- [EMAIL PROTECTED] --
( .. ) [EMAIL PROTECTED],linux.de
* Matt Zimmerman
| (Please follow up on a public list)
done, -devel has M-F-T set to.
| On Sun, Dec 07, 2003 at 06:26:48PM +0100, Tollef Fog Heen wrote:
|
| > * Matt Zimmerman
| >
| > | You would type a Debian password into a system that you do not trust
| > | with an ssh private key?
| >
|
On Mon, 8 Dec 2003 03:29:31 +1000, Anthony Towns
wrote:
>So, why can't this be done without an exim4-config package in Debian, with
>something like the following arrangement:
>
> exim4-daemon
> provides/conflicts: mail-transport-agent
> postinst:
>
On Fri, 5 Dec 2003, cobaco wrote:
> > That's why I feeled obliged to add the remark that I greatly appreciate
> > the work of the SkoleLinux people and that they probably did more for
> > Debian than any CDD is out of any question.
>
> In the above sentence you seem to refer to Skolelinux as a CDD
On Sun, 2003-12-07 at 06:45, Goswin von Brederlow wrote:
> Anthony DeRobertis <[EMAIL PROTECTED]> writes:
>
> > On Fri, 2003-12-05 at 22:42, Goswin von Brederlow wrote:
> >
> > >
> > > The only reason attackers don't do it is because with rpm noone cares
> > > about the md5sums.
> >
> > Would y
* Bernd Eckenfels
| On Sun, Dec 07, 2003 at 09:27:53PM +0100, Tollef Fog Heen wrote:
| > father's windows 2000 laptop when it's only connected to a NAT-ed
| > internet connection.
|
| How do you know it is not trojaned when u use it?
I don't. Just like I don't know that my Debian laptop isn't
Anthony DeRobertis <[EMAIL PROTECTED]> writes:
> On Sun, 2003-12-07 at 06:45, Goswin von Brederlow wrote:
> > Anthony DeRobertis <[EMAIL PROTECTED]> writes:
> >
> > > On Fri, 2003-12-05 at 22:42, Goswin von Brederlow wrote:
> > >
> > > >
> > > > The only reason attackers don't do it is because
Andreas Barth <[EMAIL PROTECTED]> writes:
> Hi,
>
> I made a proposal of an updated deb format definition. I based that on
> the manpage deb (part of dpkg-dev), and on reverse engineering of
> dpkg-deb/build.c. I hope I've written the standard in a right and easy
> to understandable way. I did (b
On Sun, Dec 07, 2003 at 09:27:53PM +0100, Tollef Fog Heen wrote:
> * Matt Zimmerman
> | (Please follow up on a public list)
> done, -devel has M-F-T set to.
> | On Sun, Dec 07, 2003 at 06:26:48PM +0100, Tollef Fog Heen wrote:
> |
> | > * Matt Zimmerman
> | >
> | > | You would type a Debian pa
Previously Andreas Barth wrote:
> IMHO this definition should become part of the policy; I propose
> either an new chapter 12, or an addition to chapter 3 Binary packages,
It should be part of the dpkg reference manual (partially online at
www.dpkg.org). Patches against the text as you can find in
Scott James Remnant <[EMAIL PROTECTED]> writes:
> On Sat, 2003-12-06 at 20:59, John Goerzen wrote:
>
> > On Sat, Dec 06, 2003 at 09:31:54PM +0200, Antti-Juhani Kaijanaho wrote:
> > > For example, every self-hosting compiler build-depends on itself
> > > (many of them can be bootstrapped, but I'm
On Sat, Dec 06, 2003 at 05:05:02AM +0100, smurfd said
> Seems that gcc 3.3 and kernel 2.4.18 (with grsec patch) dont like
> eachother.
Yes, this is a well-known problem. Use gcc 2.95.4 (which is still the
recommended compiler for 2.4, anyway) or upgrade to 2.4.23. Also,
2.4.18 has at least two l
On Thu, Dec 04, 2003 at 11:55:26AM -0800, Tom wrote:
> instance is the hacker sniffed the password, and then logged on to
> Debian's servers later at his leisure from a different PC. With a
Instead of a smartcard/token/whatever physical device, this incident
could possibly have been thwarted by
On Mon, 8 Dec 2003 13:16, Patrick Ouellette <[EMAIL PROTECTED]> wrote:
> On Thu, Dec 04, 2003 at 11:55:26AM -0800, Tom wrote:
> > instance is the hacker sniffed the password, and then logged on to
> > Debian's servers later at his leisure from a different PC. With a
>
> Instead of a smartcard/toke
Steve Langasek wrote:
>But an ssh key on removable media is not vulnerable to keysniffing
>alone, where a password is.
If such behaviour becomes common, the keysniffers will simply copy
anything that looks like an SSH key that exists on an item of removable
media. There's no inherent increase in
On Mon, Dec 08, 2003 at 01:28:20PM +1100, Russell Coker wrote:
>
> But this still leaves the issue of how to deal with dial-up machines. Even
> if
> we restrict connections to a single ISP as often dial-up machines are not
> used with multiple machines, this still isn't necessarily much good,
47 matches
Mail list logo
