Re: UPG and the default umask

On Mon, May 17, 2010 at 3:34 PM, Marvin Renich wrote: > * Reinhard Tartler [100517 08:56]: >> Let's have a look at the source. Note that options->usergroups is set >> iff the option "usergroups" is used. >> >> ,[modules/pam_umask/pam_umask.c] >> | /* Set the process nice, ulimit, and umask fr

Re: UPG and the default umask

On Mon, 17 May 2010, Bernhard R. Link wrote: > * Peter Palfrader [100517 16:41]: > > The main problem with a default 002 umask, IMHO, is that as soon as you > > copy your files from a host with 002 and usergroups to one without, or > > untar a tarball created on a 002 host with usergroups on a sy

Re: snapshot.debian.org implications for you

On Wed, 12 May 2010, Felipe Sateler wrote: > On 11/05/10 03:26, Peter Palfrader wrote: >> >> Short version: >> -- >> >> If you uploaded stuff to debian that is not redistributable you >> will have to let the snapshot people know to remove it. > > Would it be feasible to have some sort

Re: snapshot.debian.org implications for you

On Tue, 18 May 2010, Peter Palfrader wrote: > On Wed, 12 May 2010, Felipe Sateler wrote: > > Would it be feasible to have some sort of automation surrounding this? > > Breaches that are fixed by a subsequent upload will very likely contain > > some strings in the changelog: strip, distributable,

Re: SRWare Iron: Chromium without the data-mining

On 2010-05-18, Ryan Oram wrote: > http://www.srware.net/en/software_srware_iron_chrome_vs_iron.php > > This should become a full open source project with a community behind > it. With Mozilla disregarding H.264, the community needs a full > browser capable of H.264 video playback without the priva

Re: SRWare Iron: Chromium without the data-mining

With Mozilla disregarding H.264, the community needs a full browser capable of H.264 video playback without the privacy issues of Chrome. You may need to install some additional gstreamer plugins, though. Cheers, Fabian -- To UNSUBSCRIBE, ema

Re: UPG and the default umask

* Peter Palfrader [100518 09:48]: > Not exactly true. Untarring as root preserves these things by default. Tar also preserves users. As one user name (or id) might be trusted on one system, but be an other person on an other system, that is already dangerous. > Also, using rsync with -avz is pr

Re: UPG and the default umask

Hi Peter. On Tue, 18 May 2010 09:48:15 +0200, Peter Palfrader wrote: > Anyway, my point remains: Procedures that were perfectly fine and > secure up until now would suddenly be broken and dangerous. I guess you're wasting your time... the many arguments which either showed concrete technical (se

DASIP 2010 > Call for Papers - Extended Deadline - May 28, 2010

== CALL FOR CONTRIBUTIONS == EXTENDED SUBMISSION DEADLINE: MAY 28, 2010

Bug#582090: (no subject)

Subject: ITP: viewnior -- simple, fast and elegant image viewer Package: wnpp Owner: "Kan-Ru Chen" Severity: wishlist * Package name: viewnior Version : 1.0 Upstream Author : Siyan Panayotov * URL : http://xsisqox.github.com/Viewnior/ * License : GPLv3 Progr

Re: UPG and the default umask

On 2010-05-18, Christoph Anton Mitterer wrote: > Not to speak about, that UPG is anyway a questionable abuse of the > user/group concept. > > Neither to speak about the fact, that in the 17 years debian exists > now,... no majority missed that "feature" (apparently). So you present that as univer

Re: UPG and the default umask

[Christoph Anton Mitterer] > Neither to speak about the fact, that in the 17 years debian exists > now,... no majority missed that "feature" (apparently). Well, a minority in Debian Edu have missed it since the Debian Edu project started integrating our configuration into Debian, and are very hap

Re: UPG and the default umask

On Tue, 18 May 2010 10:08:17 + (UTC), Philipp Kern wrote: > So you present that as universal facts as if you've booked the truth > (possibly a bad translation of a German saying). No,.. and normally I would simply shut up, as I'm not even DD... but this here breaks simply so much which I belie

Re: UPG and the default umask

Quoting Christoph Anton Mitterer (cales...@scientia.net): > Neither to speak about the fact, that in the 17 years debian exists > now,... no majority missed that "feature" (apparently). I bet this will improve over time, until the day nobody is using Debian anymore (hence nobody missing the featu

Re: UPG and the default umask

On Tue, 18 May 2010 12:32:56 +0200, Christian PERRIER wrote: > evolutions that are apparently an evidence for all > other distros. Apart from whether everything what other do or do not is automatically an evolutions (e.g. dotnet/mono)... is there a list of distros that have UPGs fully deployed?

Re: APT do not work with Squid as a proxy because of pipelining default

* Robert Collins [100517 22:03]: > Given that pipelining is broken by design, that the HTTP WG has > increased the number of concurrent connections that are recommended, > and removed the upper limit - no. I don't think that disabling > pipelining hurts anyone - just use a couple more concurrent >

Re: APT do not work with Squid as a proxy because of pipelining default

* Goswin von Brederlow [100518 02:53]: > Marvin Renich writes: > > Documenting this problem somewhere that an admin would look when seeing > > the offending "Hash sum mismatch" message would also help. Turning off > > pipelining by default for everybody seems like the wrong solution to > > this

Re: APT do not work with Squid as a proxy because of pipelining default

On Mon, May 17, 2010 at 09:54:28PM +0200, Florian Weimer wrote: > * Petter Reinholdtsen: > > > I am bothered by http://bugs.debian.org/56 >, and the fact > > that apt(-get,itude) do not work with Squid as a proxy. I would very > > much like to have apt work out of the box with Squid in Squeez

Re: APT do not work with Squid as a proxy because of pipelining default

Il giorno 17/mag/2010, alle ore 09.02, Goswin von Brederlow ha scritto: > Given that squid already has a patch, although only for newer versions, > this really seems to be a squid bug. As such it should be fixed in > squid as not only apt might trigger the problem. Goswin, can you please point me

Re: UPG and the default umask

On Tue, May 18, 2010 at 10:49:08AM +, Christoph Anton Mitterer wrote: > On Tue, 18 May 2010 10:08:17 + (UTC), Philipp Kern > wrote: > > So you present that as universal facts as if you've booked the truth > > (possibly a bad translation of a German saying). > No,.. and normally I would sim

Re: UPG and the default umask

On Tue, May 18, 2010 at 11:34:47AM +, Christoph Anton Mitterer wrote: > is there a list of distros that have UPGs fully deployed? This is not Q&A list, you are allowed to do research yourself and present it here. Michael -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org wi

Re: UPG and the default umask

On Tue, May 18, 2010 at 02:13:46PM +0200, Michael Banck wrote: > On Tue, May 18, 2010 at 10:49:08AM +, Christoph Anton Mitterer wrote: > > On Tue, 18 May 2010 10:08:17 + (UTC), Philipp Kern > > wrote: > > > So you present that as universal facts as if you've booked the truth > > > (possibl

Selling Text Ads and Media Ads

Hello, I am Jenny Michael from Link Builders Associated group we have a new offer for you we are selling link on more then 20 different niche with a very good offer On a quality sites If interested then pm me back with your contact Id and phone number on my mail id jenny.lba...@gmail.com and linkb

Re: UPG and the default umask

On Tue, May 18, 2010 at 10:08:17AM +, Philipp Kern wrote: > On 2010-05-18, Christoph Anton Mitterer wrote: > > Not to speak about, that UPG is anyway a questionable abuse of the > > user/group concept. > > > > Neither to speak about the fact, that in the 17 years debian exists > > now,... no m

Re: UPG and the default umask

On 2010-05-18, Harald Braumann wrote: > If the umask is 022 and you create a setgid > directory and forget to change the umask, you will quickly realise > that things are not working as expected and fix it. If the umask is > 002 and you add your Debian system to a non-UPG environment and forget >

Re: UPG and the default umask

On Tue, May 18, 2010 at 3:12 PM, Harald Braumann wrote: > On Tue, May 18, 2010 at 10:08:17AM +, Philipp Kern wrote: >> On 2010-05-18, Christoph Anton Mitterer wrote: >> > Not to speak about, that UPG is anyway a questionable abuse of the >> > user/group concept. >> > >> > Neither to speak abo

Bug#582119: ITP: zathura -- zathura is a highly customizable and functional PDF viewer

Package: wnpp Severity: wishlist Owner: "André Paramés Pereira" * Package name: zathura Version : 0.0.3 Upstream Author : neldoreth * URL : http://zathura.pwmt.org/ * License : zlib/libpng Programming Lang: C Description : zathura is a highly customiz

Bug#582120: ITP: lightspark -- High-performance SWF player (experimental)

Package: wnpp Severity: wishlist Owner: Didier Raboud -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Package name: lightspark Version : 0.3.1 Upstream Author : Alessandro Pignotti and others URL : http://lightspark.sourceforge.net/ License : GPLv3+ Pro

Re: UPG and the default umask

On Tue, May 18, 2010 at 03:40:06PM +0200, Bastien ROUCARIES wrote: > On Tue, May 18, 2010 at 3:12 PM, Harald Braumann wrote: > > On Tue, May 18, 2010 at 10:08:17AM +, Philipp Kern wrote: > >> On 2010-05-18, Christoph Anton Mitterer wrote: > >> > Not to speak about, that UPG is anyway a questi

Re: APT do not work with Squid as a proxy because of pipelining default

On Tue, May 18, 2010 at 02:09:13PM +0200, Mike Hommey wrote: > Mozilla browsers have had pipelining disabled for years, because > reality is that a whole lot of servers don't implement it properly if at > all. Actually, I've had pipelining enabled for some time, and it works just fine for me. I h

Re: UPG and the default umask

Am Dienstag 18 Mai 2010, 12:49:08 schrieb Christoph Anton Mitterer: > > If you are not allowed to use ACLs > > That's no reason for UPGs to exist, is it? > All important filesystems support ACLs, right? All kernels in Debian and > do so, right? So technically, no problem. > So being "not allowed"

Bug#582133: ITP: libpod-weaver-perl -- Perl module to weave together a Pod document from an outline

Package: wnpp Severity: wishlist Owner: Ansgar Burchardt Owner: Ansgar Burchardt * Package name: libpod-weaver-perl Version : 3.101270 Upstream Author : Ricardo SIGNES * URL : http://search.cpan.org/dist/Pod-Weaver/ * License : Artistic or GPL-1+ (like Perl)

Bug#582135: ITP: freespacenotifier -- free space notification module for KDE

Package: wnpp Severity: wishlist Owner: Sune Vuorela * Package name: freespacenotifier Version : svn snapshot Upstream Author : Ivo Anjo and others * URL : * License : GPL Programming Lang: C++ Description : free space notification module for KDE T

Bug#582138: ITP: libdist-zilla-plugin-podweaver-perl -- Dist::Zilla plugin to use Pod::Weaver to generate Pod documentation

Package: wnpp Severity: wishlist Owner: Ansgar Burchardt Owner: Ansgar Burchardt * Package name: libdist-zilla-plugin-podweaver-perl Version : 3.100710 Upstream Author : Ricardo SIGNES * URL : http://search.cpan.org/dist/Dist-Zilla-Plugin-PodWeaver/ * License

Bug#582140: ITP: django-permissions -- generic per-object permissions for Django

Package: wnpp Severity: wishlist Owner: Fladischer Michael -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 * Package name: django-permissions Version : 1.0b2 Upstream Author : Kai Diefenbach * URL : http://pypi.python.org/pypi/django-permissions/ * License : BS

Re: SRWare Iron: Chromium without the data-mining

On Tue, May 18, 2010 at 4:32 AM, Fabian Greffrath wrote: >> With Mozilla disregarding H.264, the community needs a full >> browser capable of H.264 video playback without the privacy issues of >> Chrome. > > > > You may need to install some additio

Re: UPG and the default umask

On Tue,18.May.10, 16:16:06, Harald Braumann wrote: > A umask of 022 is the right choice for most people and at least > doesn't put the others at risk. Everyone, who knows what a setgid > directory is and how it works, will also know, that there are certain > requirements on the umask. And the oth

Re: APT do not work with Squid as a proxy because of pipelining default

Luigi Gangitano writes: > Il giorno 17/mag/2010, alle ore 09.02, Goswin von Brederlow ha scritto: >> Given that squid already has a patch, although only for newer versions, >> this really seems to be a squid bug. As such it should be fixed in >> squid as not only apt might trigger the problem. >

Re: SRWare Iron: Chromium without the data-mining

"Chrome Incognito Tracks Visited Sites" http://www.lewiz.org/2010/05/chrome-incognito-tracks-visited-sites.html This seems to be becoming a theme. As Chromium has much of the same privacy issues as Chrome (SRWare Iron is made from Chromium and the code is striped from Chromium), this "feature" is

Re: SRWare Iron: Chromium without the data-mining

On 18 May 2010, Philipp Kern wrote: >No, we don't (unless trademark rules apply). It's Chromium, not Chrome btw, >that site doesn't speak a word about Chromium. > >Kind regards, >Philipp Kern Most of the privacy issues of Chrome are present in Chromium as well. These "features" need to be remove

Re: UPG and the default umask

On Tue, 2010-05-18 at 17:38 +0200, Hendrik Sattler wrote: > Do e.g. backup system deal well with ACLs? Definitely not all,... but I guess those should be fixed anyway (totally regardless of UPGs/umask issues)... > The standard tar doesn't, except > when you script around it... or if you use sta

Re: SRWare Iron: Chromium without the data-mining

Shut up. You're whining like a raving politicized lune and nobody is listening to your monologue. Apply some critical thinking skills. It's a bug in a special mode of a browser, a mode that doesn't store history/cookies. It's not (known to be) sharing anything with the 'net, so it's innocuous a

Re: SRWare Iron: Chromium without the data-mining

Don't hold back, John. Tell us how you really feel. On Tue, May 18, 2010 at 1:30 PM, John Moser wrote: > Shut up.  You're whining like a raving politicized lune and nobody is > listening to your monologue. > > Apply some critical thinking skills.  It's a bug in a special mode of a > browser, a mo

Re: SRWare Iron: Chromium without the data-mining

On Tue, May 18, 2010 at 1:12 PM, Ryan Oram wrote: > "Chrome Incognito Tracks Visited Sites" > http://www.lewiz.org/2010/05/chrome-incognito-tracks-visited-sites.html > > This seems to be becoming a theme. As Chromium has much of the same > privacy issues as Chrome (SRWare Iron is made from Chromiu

MusicBrainz transition may be required

I noticed a potentially serious problems with MusicBrainz support in Debian. MusicBrainz provides two interfaces: the old RDF interface and a new one based on XML. According to their wiki, RDF support will go away in the near future: http://musicbrainz.org/doc/Web_Service http://blog.musicbrainz

Re: UPG and the default umask

If you want to answer, please do it on the list. I'm not interested in a private discussion. On Tue, May 18, 2010 at 04:23:24PM +0200, Bernhard R. Link wrote: > * Harald Braumann [100518 16:16]: > > There is already an upstream bug [0], but even if it get's > > implemented, that wouldn't magicall

caudium package up for discussion removal or adoption

Hi all! I've maintained caudium for a while. I've now stopped using it, partly because I work with apache and I've decided to switch my private installations to apache also but also because upstream is not very active but not all dead (whats the definition of dead upstream?). So is there a

Re: SRWare Iron: Chromium without the data-mining

Hi. AFAIK, even Chrome has disabled most tracking stuff per default (except those things which FF/etc. do too). With chromium, it was regarded to be a (reportable) bug if anything that is privacy sensitive could not be disabled, IIRC. And regarding Iron,... the following might be interesting: ht

Re: UPG and the default umask

On 18/05/10 11:00, Christoph Anton Mitterer wrote: > Not to speak about, that UPG is anyway a questionable abuse of the > user/group concept. > > Neither to speak about the fact, that in the 17 years debian exists > now,... no majority missed that "feature" (apparently). Debian has been using UPG

Bug#582181: ITP: libspring-security-3.0-java -- modular Java/J2EE application security framework

Package: wnpp Severity: wishlist Owner: Miguel Landaeta Owner: Miguel Landaeta * Package name: libspring-security-3.0-java Version : 3.0.2.RELEASE Upstream Author : SpringSource Inc. * URL : http://static.springsource.org/spring-security/site/index.html * License

Re: SRWare Iron: Chromium without the data-mining

Il 18/05/2010 19:12, Ryan Oram ha scritto: > "Chrome Incognito Tracks Visited Sites" > http://www.lewiz.org/2010/05/chrome-incognito-tracks-visited-sites.html I just backported upstream commit that fixes this huge privacy killer bug... > This seems to be becoming a theme. As Chromium has much of

Re: APT do not work with Squid as a proxy because of pipelining default

On 18/05/10 03:10, Robert Collins wrote: > Given that pipelining is broken by design, that the HTTP WG has > increased the number of concurrent connections that are recommended, > and removed the upper limit - no. I don't think that disabling > pipelining hurts anyone - just use a couple more concu

Re: SRWare Iron: Chromium without the data-mining

>From the Ubuntu mailing list, in case of you aren't subscribed there: On Tue, May 18, 2010 at 8:27 PM, Dane Mutters wrote: > I think some of you would be interested in reading this page that > (allegedly) documents some of the (allegedly) somewhat shady > beginnings of Iron: > > http://neugierig

Re: APT do not work with Squid as a proxy because of pipelining default

Well, I don't know why something has 'suddenly' become a problem: its a known issue for years. The HTTP smuggling [http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf] attacks made that very obvious 5 years ago now. http://en.wikipedia.org/wiki/HTTP_pipelining has a decent overview. Its

Re: APT do not work with Squid as a proxy because of pipelining default

On 19 May 2010 13:51, Robert Collins wrote: > Well, I don't know why something has 'suddenly' become a problem: its > a known issue for years. The HTTP smuggling > [http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf] > attacks made that very obvious 5 years ago now. >From my Internet c

Bug#582202: ITP: gedit-r-plugin -- Gedit plugin for R statistical computing language

Package: wnpp Severity: wishlist Owner: Mateusz Kaduk * Package name: gedit-r-plugin Version : 0.7.0 Upstream Author : Dan Dediu * URL : http://rgedit.sourceforge.net/ * License : GPL3 Programming Lang: Python Description : Gedit plugin for R statisti

Re: APT do not work with Squid as a proxy because of pipelining default

Bah, link staleness. http://www.cgisecurity.com/lib/HTTP-Request-Smuggling.pdf just worked for me. Also, I realise that there may be a disconnect here: squid *shouldn't* break if a client attempts to pipeline through it - if it is, thats a bug to be fixed, squid just will not read the second requ

Re: APT do not work with Squid as a proxy because of pipelining default

[Roger Lynn] > But apt has been using pipelining for years. Why has this only just > become a problem? It has been a problem in Debian Edu for years. Just recently I figured out the cause and a workaround. Happy hacking, -- Petter Reinholdtsen -- To UNSUBSCRIBE, email to debian-devel-requ..

Re: About new source formats for packages without patches

Hi! On Fri, 2010-03-26 at 09:25:38 +0100, Raphael Hertzog wrote: > On Fri, 26 Mar 2010, Neil Williams wrote: > > Now all I need is for dpkg to accept that the absence of > > debian/source/format is declarative of source format 1.0. > > That's the case _for now_. > > > packages don't need to be

Re: SRWare Iron: Chromium without the data-mining

On Wed, May 19, 2010 at 2:39 AM, Ryan Oram wrote: > >From the Ubuntu mailing list, in case of you aren't subscribed there: > > On Tue, May 18, 2010 at 8:27 PM, Dane Mutters wrote: > > I think some of you would be interested in reading this page that > > (allegedly) documents some of the (alleged