Apologies for the top posting, I'm writing this from my phone.
I get a 403 when trying to access via Orbot/Orweb on Android 4.1 phone.
Amusing.
Lesley
On 24 Apr 2014 03:58, "Paul Wise" wrote:
> Hi all,
>
> I have written a non-exhaustive list of goals for hardening the Debian
> distribution, the
On 10:57 Thu 24 Apr 2014, Paul Wise wrote:
> ..[snip]..
> https://wiki.debian.org/Hardening/Goals
Regarding the line (at that page):
> Refuse to install packages that are known to have X number of unplugged
> exploits (i.e. X number of open security bugs in the bug tracker) unless
> e.g. --allow-
Package: wnpp
Severity: wishlist
Owner: Praveen Arimbrathodiyil
* Package name: ruby-omniauth-tumblr
Version : 1.1
Upstream Author : Jamie Wilkinson
* URL : https://rubygems.org/gems/omniauth-tumblr
* License : Expat
Programming Lang: Ruby
Description :
On Jo, 24 apr 14, 11:06:27, Rowan Thorpe wrote:
> On 10:57 Thu 24 Apr 2014, Paul Wise wrote:
> > ..[snip]..
> > https://wiki.debian.org/Hardening/Goals
>
> Regarding the line (at that page):
>
> > Refuse to install packages that are known to have X number of unplugged
> > exploits (i.e. X number
> I suggest it might be better if exploits were each given a quick/approximate
> "ranking" in terms of severity (and if the severity is unknown it could be
> assigned a default median ranking), so that the algorithm you mention wouldn't
> just add number of unplugged exploits, but add them by weigh
On Thu, 24 Apr 2014, Paul Wise wrote:
On Thu, 2014-04-24 at 02:53 -0007, Cameron Norman wrote:
Would the inclusion of more AppArmor profiles be applicable?
Thanks, added along with SELinux/etc.
I second that. Actually, some time ago I tried using both AppArmor and
SELinux, but gave up beca
On Thu, Apr 24, 2014 at 11:45:46AM +0200, Giacomo Mulas wrote:
> On Thu, 24 Apr 2014, Paul Wise wrote:
> >>Would the inclusion of more AppArmor profiles be applicable?
> >Thanks, added along with SELinux/etc.
> I second that. Actually, some time ago I tried using both AppArmor and
> SELinux, but
On Thu, 24 Apr 2014, Steve Langasek wrote:
The apparmor policies in Debian apply a principle of minimal harm, confining
only those services for which someone has taken the time to verify the
correct profile. There are obviously pros and cons to each approach to MAC,
which I'm not interested in
Package: wnpp
Severity: wishlist
Owner: Praveen Arimbrathodiyil
* Package name: ruby-generator-spec
Version : 0.9.2
Upstream Author : Steve Hodgkiss
* URL : https://rubygems.org/gems/generator_spec
* License : Expat
Programming Lang: Ruby
Description :
Just a quick FYI for anyone who missed it.
Following the discussion from a few days ago about Cava (C like language
with no undefined behavior), gcc 4.9 is now out[1]. One of the changes
there is a runtime check for undefined behavior. Just compile with
-fsanitize=undefined, and your program will
Hi,
Moving from debian-devel-games to debian-devel@ for opinions about if this
lintian warning is OK to override or not, or in general about what to do with
lintian warning about minified JS.
2014-04-24 00:33 Bas Wijnen:
lintian is right that the file does not have source, but we don't ship th
Hello fellow developers,
I would like to request your help in testing the new version of the
shadow package (that provides login, passwd and such other important
or base packages).
Debian is upstream for shadow since Nicolas François (with my help)
took over the maintenance of shadow back in 2005
Correction:
2014-04-24 20:48 Manuel A. Fernandez Montecelo:
b) The first lines of the unminified file clearly states the software projects,
^^
minified
version, and URLs to get the non-minified versions, so if users want to
modif
Quoting Manuel A. Fernandez Montecelo (2014-04-24 21:48:47)
> a) the minified .js is still source code, by definition.
Which definition?
- Jonas
--
* Jonas Smedegaard - idealist & Internet-arkitekt
* Tlf.: +45 40843136 Website: http://dr.jones.dk/
[x] quote me freely [ ] ask before reus
Package: wnpp
Owner: Florian Schlichting
Severity: wishlist
X-Debbugs-CC: debian-devel@lists.debian.org,debian-p...@lists.debian.org
* Package name: libdigest-perl-md5-perl
Version : 1.9
Upstream Author : Christian Lackas
* URL : https://metacpan.org/release/Digest-Pe
2014-04-24 21:31 Jonas Smedegaard:
Quoting Manuel A. Fernandez Montecelo (2014-04-24 21:48:47)
a) the minified .js is still source code, by definition.
Which definition?
https://en.wikipedia.org/wiki/Source_code
https://en.wikipedia.org/wiki/Minified
Basically, no matter how much you contor
Package: wnpp
Owner: Florian Schlichting
Severity: wishlist
X-Debbugs-CC: debian-devel@lists.debian.org,debian-p...@lists.debian.org
* Package name: libextutils-makemaker-cpanfile-perl
Version : 0.06
Upstream Author : Kenichi Ishigaki
* URL : https://metacpan.org/rele
Quoting Manuel A. Fernandez Montecelo (2014-04-25 00:23:33)
> 2014-04-24 21:31 Jonas Smedegaard:
> >Quoting Manuel A. Fernandez Montecelo (2014-04-24 21:48:47)
> >> a) the minified .js is still source code, by definition.
> >
> >Which definition?
>
> https://en.wikipedia.org/wiki/Source_code
> htt
Manuel A. Fernandez Montecelo dijo [Thu, Apr 24, 2014 at 11:23:33PM +0100]:
> 2014-04-24 21:31 Jonas Smedegaard:
> >Quoting Manuel A. Fernandez Montecelo (2014-04-24 21:48:47)
> >>a) the minified .js is still source code, by definition.
> >
> >Which definition?
>
> https://en.wikipedia.org/wiki/So
2014-04-25 00:02 Jonas Smedegaard:
Quoting Manuel A. Fernandez Montecelo (2014-04-25 00:23:33)
2014-04-24 21:31 Jonas Smedegaard:
>Quoting Manuel A. Fernandez Montecelo (2014-04-24 21:48:47)
>> a) the minified .js is still source code, by definition.
>
>Which definition?
https://en.wikipedia.or
2014-04-25 01:07 Gunnar Wolf:
And even having a pointer to the upstream project is not enough: We
have to ship full sources, both for (part of) our licenses'
requirements, and to be able to properly support our projects in the
future. If http://some.developer.net/projects/JS-Foo disappears from
* Manuel A. Fernandez Montecelo , 2014-04-25, 01:27:
I don't think that this is different to my example of 'configure'
script without corresponding .ac/.in; and I don't think that anybody is
thinking about adding lintian errors for that or considering those
scripts non-free (??).
I don't know
The following is a listing of packages for which help has been requested
through the WNPP (Work-Needing and Prospective Packages) system in the
last week.
Total number of orphaned packages: 569 (new: 1)
Total number of packages offered up for adoption: 137 (new: 4)
Total number of packages request
On Fri, Apr 25, 2014 at 01:27:02AM +0100, Manuel A. Fernandez Montecelo wrote:
> I don't think that this is different to my example of 'configure'
> script without corresponding .ac/.in; and I don't think that anybody
> is thinking about adding lintian errors for that or considering those
> scripts
Quoting Bas Wijnen (2014-04-25 02:49:56)
> On Fri, Apr 25, 2014 at 01:27:02AM +0100, Manuel A. Fernandez Montecelo wrote:
>> And just to be clear, my idea was to avoid repacking with e.g. JQuery
>> or other very well known libraries, for which we have the sources in
>> other Debian package presen
Le Thu, Apr 24, 2014 at 08:48:47PM +0100, Manuel A. Fernandez Montecelo a écrit
:
>
> The rationaly for overriding this in sdlgfx, after depending on binary jquery
> and using dh_link for the binary packages, is because I think the lintian
> warning *in this case* is a kind of mistake part and th
Manuel A. Fernandez Montecelo dijo [Fri, Apr 25, 2014 at 01:27:02AM +0100]:
> To both things above, I don't think that this is different to my example of
> 'configure' script without corresponding .ac/.in; and I don't think that
> anybody
> is thinking about adding lintian errors for that or consi
On Thu, Apr 24, 2014 at 9:49 AM, Giacomo Mulas
wrote:
> On Thu, 24 Apr 2014, Steve Langasek wrote:
>
>> The apparmor policies in Debian apply a principle of minimal harm,
>> confining
>> only those services for which someone has taken the time to verify the
>> correct profile. There are obviously
28 matches
Mail list logo
