Package: wnpp
Severity: wishlist
Owner: Andreas Tille
* Package name: r-cran-sendmailr
Version : 1.1-2
Upstream Author : Olaf Mersmann
* URL : http://cran.r-project.org/web/packages/sendmailR/
* License : GPL
Programming Lang: R
Description : send emai
On Thu, 12 Jun 2014, David Kalnischkies wrote:
> For your attack to be (always) successful, you need a full-sources
> mirror on which you modify all tarballs, so that you can build a valid
> Sources file. You can't just build your attack tarball on demand as the
Erm, no? You can just cache a work
Russell Stuart debian.org> writes:
> messages. One of the reasons raised for not doing it is some felt
> uncomfortable carrying around their GPG keys when travelling.
>
> My initial reaction was "that's being overly cautious" particularly
> given there signing every message doesn't mean you hav
Gunnar Wolf gwolf.org> writes:
> using entropy to seed a PRNG, if you have several shitty entropy
> sources and one _really_ good one, and you xor them all together, the
> resulting output is as random as the best of them. If your hardware
Your theory may be good, but we are talking about a scen
On Thu, Jun 12, 2014 at 07:31:14PM +0200, Thijs Kinkhorst wrote:
> I think a better way than to create such a policy would be to create a simple
> framework that does in-package downloading "right" and that downloader
> packages can depend on and call from their scripts (a bit like dbconfig-
> co
Package: wnpp
Severity: wishlist
Owner: Colin Watson
* Package name: haskell-shake
Version : 0.13.1
Upstream Author : Neil Mitchell
* URL : http://hackage.haskell.org/package/shake
* License : BSD-3-clause
Programming Lang: Haskell
Description : build
Thorsten Glaser writes:
> Your theory may be good, but we are talking about a scenario in which at
> least one of the other sources may be not just “shitty entropy” but “a
> bytestream specifically designed to counteract entropy in the output
> stream of the XOR” (independence is needed).
> You’
On 2014-06-16 14:01, Thorsten Glaser wrote:
> Russell Stuart debian.org> writes:
>
>> messages. One of the reasons raised for not doing it is some felt
>> uncomfortable carrying around their GPG keys when travelling.
>>
>> My initial reaction was "that's being overly cautious" particularly
>> gi
Hey Thijs.
On Thu, 2014-06-12 at 19:31 +0200, Thijs Kinkhorst wrote:
> You raise a lot of broad concerns under the header "holes in secure apt"
> which
> I'm afraid does not much to get us closer to a more secure Debian.
Well I admit, that first this is just a lot of words... but I think
that's
On Thu, 2014-06-12 at 20:16 +0200, Tollef Fog Heen wrote:
> > Supplying the Debian Root CA to people not using Debian could have been
> > easily done by a *single* site that uses a cert available in all
> > browsers... which offers the Debian Root CA for secure and "trusted"
> > download.
>
> Tha
On Thu, 2014-06-12 at 19:43 +0100, Wookey wrote:
> So it does default to signed downloads and SFAIK will always do this
> wether or not any keys are installed/available, unless explicitly disabled.
What I meant was the discussion here:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=432309
i.e.
On Thu, 2014-06-12 at 23:06 +0200, Holger Levsen wrote:
> both flashplugin-nonfree and torbrowser-launcher are (or will be) in contrib
> (and thus not be part of Debian) for exactly those reasons you described.
Well I guess the reason for flash is rather the license, isn't it?
Anyway... just bec
* Christoph Anton Mitterer , 2014-06-16, 19:50:
Thomas mentioned that things would have been more secure if the buildds
and e.g. pbuilder pulls in debian-keyring automatically and verify
maintainer signatures.
debian-keyring is not useful for automatic authentication of source
packages. The s
On Mon, Jun 16, 2014 at 07:54:40PM +0200, Christoph Anton Mitterer wrote:
> On Thu, 2014-06-12 at 20:16 +0200, Tollef Fog Heen wrote:
> > > Supplying the Debian Root CA to people not using Debian could have been
> > > easily done by a *single* site that uses a cert available in all
> > > browsers.
On Mon, 2014-06-16 at 12:01 +, Thorsten Glaser wrote:
> You completely miss http://xkcd.com/538/ and the fact that some
> legislations may require you, with jail penalty, to hand over
> any encryption keys, passwords, etc. you have with you when
> inside their territory.
Quoting the man page:
Hi,
Christian Kastner:
> While that is sadly true, AFAIK all those legislations still require at
> least good cause, but more usually a court order, to do so.
>
You have no legal protection whatsoever on the "international" side of many
countries' airports (sea ports, too, for that matter).
If a
On Tue, 17 Jun 2014, Matthias Urlichs wrote:
> > While that is sadly true, AFAIK all those legislations still require at
> > least good cause, but more usually a court order, to do so.
> >
> You have no legal protection whatsoever on the "international" side of many
> countries' airports (sea port
Excerpts from Norbert Preining's message of 2014-06-16 20:49:26 -0700:
> On Tue, 17 Jun 2014, Matthias Urlichs wrote:
> > > While that is sadly true, AFAIK all those legislations still require at
> > > least good cause, but more usually a court order, to do so.
> > >
> > You have no legal protecti
On Mon, 16 Jun 2014, Clint Byrum wrote:
> While they can try, they ultimately cannot get away with such illegal
> searches. The border is where our sovreignty begins and ends, not 100
> miles in:
>
> http://scholar.google.com/scholar_case?case=6933260753627774699
This is a very different reading
19 matches
Mail list logo
