RE: Updating Kernel Using make-kpkg - Not Intuitive ?

On Tuesday, 23 March 2004 7:28 AM, s. keeling wrote: [snip] > "Hi. This is the kernel install helper thingy. As I've detected that > you did NOT move your old kernel modules to somewhere safe before > trying to install new ones (as anyone familiar with kernel installs

Cron - was Known vulnerabilities left open in Debian?

On Tue, 23 Mar 2004 08:19, Florian Weimer <[EMAIL PROTECTED]> wrote: > No, it's another example for a package which heavily deviates from > upstream (AFAIK, upstream is defunct) and is now developed by the > GNU/Linux distributions (and each variant has a slightly different > features).  Despite th

RE: Updating Kernel Using make-kpkg - Not Intuitive ?

On Tuesday, 23 March 2004 7:28 AM, s. keeling wrote: [snip] > "Hi. This is the kernel install helper thingy. As I've detected that > you did NOT move your old kernel modules to somewhere safe before > trying to install new ones (as anyone familiar with kernel installs

Re: Updating Kernel Using make-kpkg - Not Intuitive ?

On Mon, 22 Mar 2004 12:27:52 -0700, Stephen Keeling wrote: >Incoming from Nick Boyce: >> >> Otherwise, I suggest you move /lib/modules/2.4.18 out of the way, >> perhaps to /lib/modules/2.4.18.old or something, and then try >> re-installing this image. >> [snip] >> What on earth is this trying to

Re: Updating Kernel Using make-kpkg - Not Intuitive ?

On Mon, 22 Mar 2004 12:27:52 -0700, Stephen Keeling wrote: >Incoming from Nick Boyce: >> >> Otherwise, I suggest you move /lib/modules/2.4.18 out of the way, >> perhaps to /lib/modules/2.4.18.old or something, and then try >> re-installing this image. >> [snip] >> What on earth is this trying to

Re: Known vulnerabilities left open in Debian?

On Mon, Mar 22, 2004 at 10:38:35PM +0100, Jan Lühr wrote: ehem. What about critics? Am I not allowed to critices their work? Not unless you have a cogent criticism. Otherwise you cross the line from criticism to assertion or even trolling. Mike Stone

Re: Known vulnerabilities left open in Debian?

On Mon, Mar 22, 2004 at 02:31:14PM -0800, Matt Zimmerman wrote: > On Mon, Mar 22, 2004 at 01:56:48PM -0800, Jamie Heilman wrote: > > > Matt Zimmerman wrote: > > > If you have concrete information about unfixed bugs, bring it forth. > > > Otherwise this is just more FUD. > > http://bugs.debian.org/

Re: Known vulnerabilities left open in Debian?

On Mon, Mar 22, 2004 at 01:56:48PM -0800, Jamie Heilman wrote: > Matt Zimmerman wrote: > > If you have concrete information about unfixed bugs, bring it forth. > > Otherwise this is just more FUD. > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=196590 Thanks; this is something that needs to be

Re: Known vulnerabilities left open in Debian?

Matt Zimmerman wrote: > > If you have concrete information about unfixed bugs, bring it forth. > Otherwise this is just more FUD. > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=196590 Now. To be fair, these bugs probably aren't the end of the world as long as you understand what all of them

Re: Known vulnerabilities left open in Debian?

Jan Lühr wrote: Sorry, there was a misunderstanding between Florian and me (in a previous e-mail correspondence). I'd like to cancel my statements about cron - my apologies. Keep smiling yanoszu Ya, right... Reminds me of typical behavior in another sort of politix. So, after this useless

Re: Known vulnerabilities left open in Debian?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Greetings, Am Montag, 22. März 2004 21:20 schrieb Nathan Eric Norman: > On Mon, Mar 22, 2004 at 10:01:14PM +0100, Jan Lühr wrote: > > Greetings, > > > > Am Montag, 22. März 2004 21:16 schrieb Bryan Allen: > > > On Mar 22, 2004, at 2:57 PM, Jan Lühr wr

Re: Known vulnerabilities left open in Debian?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Greetings, Am Montag, 22. März 2004 21:52 schrieb Ramon Kagan: > Every so often another set of tirades goes across this list. So I wish > only to give my 2 cents. > > 1. If you don't like the way debian conducts it's FREE business, my > opinion is g

Re: Known vulnerabilities left open in Debian?

On Mon, 2004-03-22 at 16:05, Matt Zimmerman wrote: > On Mon, Mar 22, 2004 at 09:45:00PM +0100, Jan L?hr wrote: > > -BEGIN PGP SIGNED MESSAGE- > > Hash: SHA1 > > > > Greetings,... > > > > Am Montag, 22. M?rz 2004 21:05 schrieb Matt Zimmerman: > > > On Mon, Mar 22, 2004 at 08:57:26PM +0100,

Re: Known vulnerabilities left open in Debian?

Jan Lühr wrote: > > That's the only example I know but that doesn't mean much. > > Cron is another example - No, it's another example for a package which heavily deviates from upstream (AFAIK, upstream is defunct) and is now developed by the GNU/Linux distributions (and each variant has a slight

Re: Known vulnerabilities left open in Debian?

On Mon, Mar 22, 2004 at 10:38:35PM +0100, Jan Lühr wrote: ehem. What about critics? Am I not allowed to critices their work? Not unless you have a cogent criticism. Otherwise you cross the line from criticism to assertion or even trolling. Mike Stone -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] w

Re: Known vulnerabilities left open in Debian?

On Mon, Mar 22, 2004 at 10:01:14PM +0100, Jan Lühr wrote: > Greetings, > > Am Montag, 22. März 2004 21:16 schrieb Bryan Allen: > > On Mar 22, 2004, at 2:57 PM, Jan Lühr wrote: > > > Cron is another example - the be honest, the debian security team > > > seems to be > > > crippled by the debian rel

Re: Known vulnerabilities left open in Debian?

On Mon, Mar 22, 2004 at 09:45:00PM +0100, Jan L?hr wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Greetings,... > > Am Montag, 22. M?rz 2004 21:05 schrieb Matt Zimmerman: > > On Mon, Mar 22, 2004 at 08:57:26PM +0100, Jan L?hr wrote: > > > Cron is another example > > > > Cron is ano

Re: Known vulnerabilities left open in Debian?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Greetings, Am Montag, 22. März 2004 21:16 schrieb Bryan Allen: > On Mar 22, 2004, at 2:57 PM, Jan Lühr wrote: > > Cron is another example - the be honest, the debian security team > > seems to be > > crippled by the debian release policy. > > Because

Re: Known vulnerabilities left open in Debian?

On Mon, Mar 22, 2004 at 02:31:14PM -0800, Matt Zimmerman wrote: > On Mon, Mar 22, 2004 at 01:56:48PM -0800, Jamie Heilman wrote: > > > Matt Zimmerman wrote: > > > If you have concrete information about unfixed bugs, bring it forth. > > > Otherwise this is just more FUD. > > http://bugs.debian.org/

Re: Known vulnerabilities left open in Debian?

Every so often another set of tirades goes across this list. So I wish only to give my 2 cents. 1. If you don't like the way debian conducts it's FREE business, my opinion is go find another volunteer group to haggle. 2. If you are going to complain about something you don't like, then either

Re: Known vulnerabilities left open in Debian?

On Mon, Mar 22, 2004 at 09:45:00PM +0100, Jan Lühr wrote: > Am Montag, 22. März 2004 21:05 schrieb Matt Zimmerman: > > On Mon, Mar 22, 2004 at 08:57:26PM +0100, Jan L?hr wrote: > > > Cron is another example > > > > Cron is another example of what? By all means, please elaborate. > > Of a package

Re: Known vulnerabilities left open in Debian?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Greetings,... Am Montag, 22. März 2004 21:05 schrieb Matt Zimmerman: > On Mon, Mar 22, 2004 at 08:57:26PM +0100, Jan L?hr wrote: > > Cron is another example > > Cron is another example of what? By all means, please elaborate. Of a package of the dis

Re: Known vulnerabilities left open in Debian?

On Mon, Mar 22, 2004 at 01:56:48PM -0800, Jamie Heilman wrote: > Matt Zimmerman wrote: > > If you have concrete information about unfixed bugs, bring it forth. > > Otherwise this is just more FUD. > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=196590 Thanks; this is something that needs to be

Re: Known vulnerabilities left open in Debian?

On Mar 22, 2004, at 2:57 PM, Jan Lühr wrote: Cron is another example - the be honest, the debian security team seems to be crippled by the debian release policy. Because of this policy debian stable is insecure by definition. http://security.debian.org/ You are asked on install if you would

Re: Known vulnerabilities left open in Debian?

Matt Zimmerman wrote: > > If you have concrete information about unfixed bugs, bring it forth. > Otherwise this is just more FUD. > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=196590 Now. To be fair, these bugs probably aren't the end of the world as long as you understand what all of them

Re: Known vulnerabilities left open in Debian?

Jan Lühr wrote: Sorry, there was a misunderstanding between Florian and me (in a previous e-mail correspondence). I'd like to cancel my statements about cron - my apologies. Keep smiling yanoszu Ya, right... Reminds me of typical behavior in another sort of politix. So, after this useless diver

Re: Known vulnerabilities left open in Debian?

On Mon, Mar 22, 2004 at 08:57:26PM +0100, Jan L?hr wrote: > Cron is another example Cron is another example of what? By all means, please elaborate. > - the be honest, the debian security team seems to be crippled by the > debian release policy. Because of this policy debian stable is insecure

Re: Known vulnerabilities left open in Debian?

On Mon, Mar 22, 2004 at 06:57:39PM +0100, Giacomo Mulas wrote: > There is a \begin{sarcasm} nice \end{sarcasm} article in > linuxworld Australia (see > http://www.linuxworld.com.au/index.php/id;1607539824;fp;2;fpid;1) which, > among other things, claims that "Debian (Debian GNU/Linux) has le

Re: Known vulnerabilities left open in Debian?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Greetings, Am Montag, 22. März 2004 19:30 schrieb Sven Hoexter: > On Mon, Mar 22, 2004 at 06:57:39PM +0100, Giacomo Mulas wrote: > > There is a \begin{sarcasm} nice \end{sarcasm} article in > > linuxworld Australia (see > > http://www.linuxworld.c

Re: Known vulnerabilities left open in Debian?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Greetings, Am Montag, 22. März 2004 21:20 schrieb Nathan Eric Norman: > On Mon, Mar 22, 2004 at 10:01:14PM +0100, Jan Lühr wrote: > > Greetings, > > > > Am Montag, 22. März 2004 21:16 schrieb Bryan Allen: > > > On Mar 22, 2004, at 2:57 PM, Jan Lühr wr

Re: Known vulnerabilities left open in Debian?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Greetings, Am Montag, 22. März 2004 21:52 schrieb Ramon Kagan: > Every so often another set of tirades goes across this list. So I wish > only to give my 2 cents. > > 1. If you don't like the way debian conducts it's FREE business, my > opinion is g

Re: Updating Kernel Using make-kpkg - Not Intuitive ?

Incoming from Nick Boyce: > > Otherwise, I suggest you move /lib/modules/2.4.18 out of the way, > perhaps to /lib/modules/2.4.18.old or something, and then try > re-installing this image. > [snip] > What on earth is this trying to say to me ? "Hi. This is the kernel install helper thingy. As I'

Re: Known vulnerabilities left open in Debian?

On Mon, 2004-03-22 at 16:05, Matt Zimmerman wrote: > On Mon, Mar 22, 2004 at 09:45:00PM +0100, Jan L?hr wrote: > > -BEGIN PGP SIGNED MESSAGE- > > Hash: SHA1 > > > > Greetings,... > > > > Am Montag, 22. M?rz 2004 21:05 schrieb Matt Zimmerman: > > > On Mon, Mar 22, 2004 at 08:57:26PM +0100,

Re: Known vulnerabilities left open in Debian?

Jan Lühr wrote: > > That's the only example I know but that doesn't mean much. > > Cron is another example - No, it's another example for a package which heavily deviates from upstream (AFAIK, upstream is defunct) and is now developed by the GNU/Linux distributions (and each variant has a slight

Re: Known vulnerabilities left open in Debian?

On Mon, Mar 22, 2004 at 10:01:14PM +0100, Jan Lühr wrote: > Greetings, > > Am Montag, 22. März 2004 21:16 schrieb Bryan Allen: > > On Mar 22, 2004, at 2:57 PM, Jan Lühr wrote: > > > Cron is another example - the be honest, the debian security team > > > seems to be > > > crippled by the debian rel

Re: Known vulnerabilities left open in Debian?

On Mon, Mar 22, 2004 at 09:45:00PM +0100, Jan L?hr wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Greetings,... > > Am Montag, 22. M?rz 2004 21:05 schrieb Matt Zimmerman: > > On Mon, Mar 22, 2004 at 08:57:26PM +0100, Jan L?hr wrote: > > > Cron is another example > > > > Cron is ano

Re: Known vulnerabilities left open in Debian?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Greetings, Am Montag, 22. März 2004 21:16 schrieb Bryan Allen: > On Mar 22, 2004, at 2:57 PM, Jan Lühr wrote: > > Cron is another example - the be honest, the debian security team > > seems to be > > crippled by the debian release policy. > > Because

Re: Known vulnerabilities left open in Debian?

Every so often another set of tirades goes across this list. So I wish only to give my 2 cents. 1. If you don't like the way debian conducts it's FREE business, my opinion is go find another volunteer group to haggle. 2. If you are going to complain about something you don't like, then either

Re: Known vulnerabilities left open in Debian?

On Mon, Mar 22, 2004 at 09:45:00PM +0100, Jan Lühr wrote: > Am Montag, 22. März 2004 21:05 schrieb Matt Zimmerman: > > On Mon, Mar 22, 2004 at 08:57:26PM +0100, Jan L?hr wrote: > > > Cron is another example > > > > Cron is another example of what? By all means, please elaborate. > > Of a package

Re: Known vulnerabilities left open in Debian?

On Mon, 22 Mar 2004, Cristian Ionescu-Idbohrn wrote: > Well... Why should you? Because, as it is written, it implies negligence on their part. I am at least partly aware of the quality and sheer amount of work that they do, I can think of many adjectives for it, and "negligent" is not one. Bye G

Re: Known vulnerabilities left open in Debian?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Greetings,... Am Montag, 22. März 2004 21:05 schrieb Matt Zimmerman: > On Mon, Mar 22, 2004 at 08:57:26PM +0100, Jan L?hr wrote: > > Cron is another example > > Cron is another example of what? By all means, please elaborate. Of a package of the dis

Re: Known vulnerabilities left open in Debian?

On Mar 22, 2004, at 2:57 PM, Jan Lühr wrote: Cron is another example - the be honest, the debian security team seems to be crippled by the debian release policy. Because of this policy debian stable is insecure by definition. http://security.debian.org/ You are asked on install if you would like

Re: Known vulnerabilities left open in Debian?

On Mon, Mar 22, 2004 at 06:57:39PM +0100, Giacomo Mulas wrote: > There is a \begin{sarcasm} nice \end{sarcasm} article in > linuxworld Australia (see > http://www.linuxworld.com.au/index.php/id;1607539824;fp;2;fpid;1) which, > among other things, claims that "Debian (Debian GNU/Linux) has lef

Re: Known vulnerabilities left open in Debian?

On Mon, 22 Mar 2004, Giacomo Mulas wrote: [snip] > linuxworld Australia (see > http://www.linuxworld.com.au/index.php/id;1607539824;fp;2;fpid;1) [snip] > if I were in the Debian Security Team I would definitely be pissed off > by something like this, Well... Why should you? The article also pr

Re: Known vulnerabilities left open in Debian?

On Mon, Mar 22, 2004 at 08:57:26PM +0100, Jan L?hr wrote: > Cron is another example Cron is another example of what? By all means, please elaborate. > - the be honest, the debian security team seems to be crippled by the > debian release policy. Because of this policy debian stable is insecure

Re: Known vulnerabilities left open in Debian?

On Mon, Mar 22, 2004 at 06:57:39PM +0100, Giacomo Mulas wrote: > There is a \begin{sarcasm} nice \end{sarcasm} article in > linuxworld Australia (see > http://www.linuxworld.com.au/index.php/id;1607539824;fp;2;fpid;1) which, > among other things, claims that "Debian (Debian GNU/Linux) has le

Known vulnerabilities left open in Debian?

There is a \begin{sarcasm} nice \end{sarcasm} article in linuxworld Australia (see http://www.linuxworld.com.au/index.php/id;1607539824;fp;2;fpid;1) which, among other things, claims that "Debian (Debian GNU/Linux) has left vulnerabilities there and didn't release any patches for them". Whi

Re: Known vulnerabilities left open in Debian?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Greetings, Am Montag, 22. März 2004 19:30 schrieb Sven Hoexter: > On Mon, Mar 22, 2004 at 06:57:39PM +0100, Giacomo Mulas wrote: > > There is a \begin{sarcasm} nice \end{sarcasm} article in > > linuxworld Australia (see > > http://www.linuxworld.c

Re: Updating Kernel Using make-kpkg - Not Intuitive ?

Incoming from Nick Boyce: > > Otherwise, I suggest you move /lib/modules/2.4.18 out of the way, > perhaps to /lib/modules/2.4.18.old or something, and then try > re-installing this image. > [snip] > What on earth is this trying to say to me ? "Hi. This is the kernel install helper thingy. As I'

Re: Known vulnerabilities left open in Debian?

On Mon, 22 Mar 2004, Cristian Ionescu-Idbohrn wrote: > Well... Why should you? Because, as it is written, it implies negligence on their part. I am at least partly aware of the quality and sheer amount of work that they do, I can think of many adjectives for it, and "negligent" is not one. Bye G

Re: Known vulnerabilities left open in Debian?

On Mon, Mar 22, 2004 at 06:57:39PM +0100, Giacomo Mulas wrote: > There is a \begin{sarcasm} nice \end{sarcasm} article in > linuxworld Australia (see > http://www.linuxworld.com.au/index.php/id;1607539824;fp;2;fpid;1) which, > among other things, claims that "Debian (Debian GNU/Linux) has lef

Re: Known vulnerabilities left open in Debian?

On Mon, 22 Mar 2004, Giacomo Mulas wrote: [snip] > linuxworld Australia (see > http://www.linuxworld.com.au/index.php/id;1607539824;fp;2;fpid;1) [snip] > if I were in the Debian Security Team I would definitely be pissed off > by something like this, Well... Why should you? The article also pr

Known vulnerabilities left open in Debian?

There is a \begin{sarcasm} nice \end{sarcasm} article in linuxworld Australia (see http://www.linuxworld.com.au/index.php/id;1607539824;fp;2;fpid;1) which, among other things, claims that "Debian (Debian GNU/Linux) has left vulnerabilities there and didn't release any patches for them". Whi

RE: [SECURITY] [DSA 465-1] New openssl packages fix multiple vulnerabilities

Hallo Herr Hellmer, ein update ist nicht akut notwendig, wird aber beim nächsten Routinemäßigen Update durchgeführt. Die SSL Binaries werden auf dem Proxy ohnehin nicht verwendet. MfG Jan Völkers -- Pelikan & Partner WWW : http://www.ppp.net PPP Internetdienstleistungen

RE: [SECURITY] [DSA 465-1] New openssl packages fix multiple vulnerabilities

Hallo Herr Hellmer, ein update ist nicht akut notwendig, wird aber beim nächsten Routinemäßigen Update durchgeführt. Die SSL Binaries werden auf dem Proxy ohnehin nicht verwendet. MfG Jan Völkers -- Pelikan & Partner WWW : http://www.ppp.net PPP Internetdienstleistungen

Re: Slightly OT: Setting the primary NIC

On Sunday 21 March 2004 10:20, Sven Riedel wrote: > Hi, > > Can anyone tell me how I can tell the machine which NIC is the primary? If your looking for a way to determine which NIC is which then maybe nameif(8) is what your looking for. -- Ole-Christian S. Hagenes