Re: Check for revocation certificates before running apt-get?

On Sun, Dec 15, 2013 at 2:13 PM, Darius Jahandarie wrote: > This thread is probably not the most apropos place to bring this up, > but I've found parcimonie to be an terribly over-complex > implementation of the (good) design document that they wrote. It > requires pulling in dozens of perl module

Re: Check for revocation certificates before running apt-get?

On Sun, Dec 15, 2013 at 12:17 AM, Paul Wise wrote: > That would probably be fine for most Debian users but at that point I > remembered that the Riseup OpenGPG best practices document has > something to say about keyring refreshes; that keyring refreshes > should happen using parcimonie to make co

Re: Check for revocation certificates before running apt-get?

On Sun, Dec 15, 2013 at 11:15 AM, adrelanos wrote: > I can try that. Should that become a separate package or part of, well > apt-get? It would probably just be three files, a config file, an > /etc/apt/apt.conf.d/ config fragment and a bash script. I'm guessing the apt package would be the place

Re: Check for revocation certificates before running apt-get?

Paul Wise: > On Sat, Dec 14, 2013 at 6:47 AM, adrelanos wrote: > >> is it possible to hook apt-get somehow to do some action done before >> apt-get starts any network activity? > > Based on a quick grep of the apt package, APT::Update::Pre-Invoke > might be what you want. That seems perfect. >

Re: possible /dev/random compromise (misplaced trust in RDRAND / Padlock entropy sources)

On Sat, 2013-12-14 at 19:00 -0200, Henrique de Moraes Holschuh wrote: > On Sat, 14 Dec 2013, Steven Chamberlain wrote: > > On 14/12/13 01:08, Henrique de Moraes Holschuh wrote: > > > Yeah, I think Linux went through similar blindness braindamage sometime > > > ago, > > > but blind trust on rdrand

Re: possible /dev/random compromise (misplaced trust in RDRAND / Padlock entropy sources)

On Sat, 14 Dec 2013, Steven Chamberlain wrote: > On 14/12/13 01:08, Henrique de Moraes Holschuh wrote: > > Yeah, I think Linux went through similar blindness braindamage sometime ago, > > but blind trust on rdrand has been fixed for a long time now, and it never > > trusted any of the other HRNGs (

Re: possible /dev/random compromise (misplaced trust in RDRAND / Padlock entropy sources)

On 14/12/13 11:18, Cyril Brulebois wrote: > If you're talking about this: > | commit c2557a303ab6712bb6e09447df828c557c710ac9 > | Author: Theodore Ts'o > | Date: Thu Jul 5 10:35:23 2012 -0400 > | > | random: add new get_random_bytes_arch() function > | […] > > it was backported into 3.2.y,

Re: Upcoming stable point release (7.3)

On Tue, 2013-12-03 at 20:30 +, Adam D. Barratt wrote: > The next point release for "wheezy" (7.3) is scheduled for Saturday > December 14th. Stable NEW will be frozen during the preceding weekend. The archive side of the point release has finished and an early mirror push is running, so pack

Re: possible /dev/random compromise (misplaced trust in RDRAND / Padlock entropy sources)

Steven Chamberlain (2013-12-14): > On 14/12/13 01:08, Henrique de Moraes Holschuh wrote: > > Yeah, I think Linux went through similar blindness braindamage sometime ago, > > but blind trust on rdrand has been fixed for a long time now, and it never > > trusted any of the other HRNGs (or used them

Re: possible /dev/random compromise (misplaced trust in RDRAND / Padlock entropy sources)

Hi, On 14/12/13 01:08, Henrique de Moraes Holschuh wrote: > Yeah, I think Linux went through similar blindness braindamage sometime ago, > but blind trust on rdrand has been fixed for a long time now, and it never > trusted any of the other HRNGs (or used them for anything at all without a > trip