On Thursday 27 October 2005 23:34, Henrique de Moraes Holschuh wrote:
> To me it is a technical matter, as the changelogs are a tool for a
> technical job.
To me, changelogs are primarily a way of informing the user of changes in
a package. Including references to fixed security issues is definit
Henrique de Moraes Holschuh wrote:
> Found it. From: Martin Schulze <[EMAIL PROTECTED]>, Message-ID:
> <[EMAIL PROTECTED]>, and Message-ID:
> <[EMAIL PROTECTED]> at
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=282681
"Please add this id to the proper changelog entry with the next upload."
T
On Thu, 27 Oct 2005, Frans Pop wrote:
> On Thursday 27 October 2005 22:30, Henrique de Moraes Holschuh wrote:
> > When dealing with Debian matters of a technical nature, yes. When
> > dealing with matters outside Debian, or of a non-technical nature, I
> > may decide to not take such an instance.
On Thu, 27 Oct 2005, Michael Stone wrote:
> You know, you could have just not posted in the first place. Posting a
> personal opinion about someone else's personal preference and then
> ranting about people wasting your time questioning your personal
> preferences is just flat out stupid.
We all m
On Thu, 27 Oct 2005, Henrique de Moraes Holschuh wrote:
> On Thu, 27 Oct 2005, Joey Hess wrote:
> > Henrique de Moraes Holschuh wrote:
> > > 3. The security team's work is helped by adding the CVE
> > > information to the proper changelog entry, to the point that
> > > they have request
On Thursday 27 October 2005 22:30, Henrique de Moraes Holschuh wrote:
> When dealing with Debian matters of a technical nature, yes. When
> dealing with matters outside Debian, or of a non-technical nature, I
> may decide to not take such an instance. And frankly, as long as it is
> a rule of min
On Thu, Oct 27, 2005 at 06:30:10PM -0200, Henrique de Moraes Holschuh wrote:
You are wrong. There ARE technical arguments for that rule: The amount of
time I wasted in threads just like the one you are almost goading me into
was detracting from the amount of useful Debian work. Maybe this will
On Thu, 27 Oct 2005, Thomas Bushnell BSG wrote:
> > When dealing with Debian matters of a technical nature, yes. When dealing
> > with matters outside Debian, or of a non-technical nature, I may decide to
> > not take such an instance. And frankly, as long as it is a rule of mine,
> > applied to
Henrique de Moraes Holschuh <[EMAIL PROTECTED]> writes:
> When dealing with Debian matters of a technical nature, yes. When dealing
> with matters outside Debian, or of a non-technical nature, I may decide to
> not take such an instance. And frankly, as long as it is a rule of mine,
> applied to
On Thu, 27 Oct 2005, Thomas Bushnell BSG wrote:
> Henrique de Moraes Holschuh <[EMAIL PROTECTED]> writes:
>
> > Parse error: "... that one?" I am sorry, I am not sure I understood what
> > you mean. IF I got it right, my reply is simple: I will not change my mind
> > about a technical matter back
On Thu, 27 Oct 2005, Joey Hess wrote:
> Henrique de Moraes Holschuh wrote:
> > 3. The security team's work is helped by adding the CVE
> > information to the proper changelog entry, to the point that
> > they have requested everyone to do so. This requires editing
> > past changel
Henrique de Moraes Holschuh wrote:
> 3. The security team's work is helped by adding the CVE
> information to the proper changelog entry, to the point that
> they have requested everyone to do so. This requires editing
> past changelog entries quite often.
I don't think that the
Henrique de Moraes Holschuh <[EMAIL PROTECTED]> writes:
> Parse error: "... that one?" I am sorry, I am not sure I understood what
> you mean. IF I got it right, my reply is simple: I will not change my mind
> about a technical matter backed by technical reasons, because of the beliefs
> of someo
On Thu, 27 Oct 2005, Thomas Bushnell BSG wrote:
> Henrique de Moraes Holschuh <[EMAIL PROTECTED]> writes:
> > But at least we know that this subthread can end right here, right now. It
> > is useless to discuss beliefs that exist without a technical backing, and I
> > won't waste my time with it.
Henrique de Moraes Holschuh <[EMAIL PROTECTED]> writes:
> But at least we know that this subthread can end right here, right now. It
> is useless to discuss beliefs that exist without a technical backing, and I
> won't waste my time with it.
Do you have a technical backing for your view that it
On Thu, 27 Oct 2005, Horms wrote:
> > > I believe that changelogs should never be changed restrospectively.
> >
> > Why not? Technical reasons only, please. Fixing changelogs so that they
> > are more useful in the future is common in Debian. These are slight edits,
> > always, not entry suppre
On Thu, Oct 27, 2005 at 09:47:15AM -0200, Henrique de Moraes Holschuh wrote:
> On Thu, 27 Oct 2005, Horms wrote:
> > On Wed, Oct 26, 2005 at 11:32:15AM +0200, Thijs Kinkhorst wrote:
> > > Hello people,
> > >
> > > As many of you are probably aware, CVE has changed the naming of their
> > > id's: t
Christophe Chisogne a écrit :
> I guess lynx-ssl is affected too ? Is a lynx-ssl being prepared ?
Ok, it's DSA 876-1, solved :)
DSA-876-1 lynx-ssl -- buffer overflow
http://www.debian.org/security/2005/dsa-876
But I had a problem : I upgraded from Woody to Sarge.
Woody had non-US
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
On Thu, 27 Oct 2005, Horms wrote:
> On Wed, Oct 26, 2005 at 11:32:15AM +0200, Thijs Kinkhorst wrote:
> > Hello people,
> >
> > As many of you are probably aware, CVE has changed the naming of their
> > id's: the temporary "CAN-" prefix has been dropped and an id is now
> > always of the form CVE-y
[EMAIL PROTECTED] (Martin Schulze) wrote:
> The following matrix explains which version in which distribution has
> this problem corrected.
>
> oldstable (woody) stable (sarge) unstable (sid)
> openssl 0.9.6c-2.woody.8 0.9.7e-3sarge1 0.9.8-3
> openssl 0
Martin Schulze a écrit :
> Debian Security Advisory DSA 874-1 [EMAIL PROTECTED]
> (...)
> Package: lynx
> (...)
> For the stable distribution (sarge) this problem has been fixed in
> version 2.8.5-2sarge1.
I guess lynx-ssl is affected too ? Is a lynx-ssl being prepared
22 matches
Mail list logo
