On Fri, 2002-04-05 at 21:54, Petro wrote:
> On Thu, Apr 04, 2002 at 06:24:18PM +, Martin WHEELER wrote:
> > Fine. You wear the same size suit from birth to death; me, I'll adjust
> > according to circumstances.
>
> You *like* upgrading 100 servers every few days?
Certainly. Compared to
On Fri, 2002-04-05 at 21:54, Petro wrote:
> On Thu, Apr 04, 2002 at 06:24:18PM +, Martin WHEELER wrote:
> > Fine. You wear the same size suit from birth to death; me, I'll adjust
> > according to circumstances.
>
> You *like* upgrading 100 servers every few days?
Certainly. Compared t
On Sat, Apr 06, 2002 at 08:48:59AM +, Martin WHEELER wrote:
> On Fri, 5 Apr 2002, Petro wrote:
>
> > You *like* upgrading 100 servers every few days?
>
> You'll have to ask the scripts that do that stuff for me :)
So you don't mind verifying ever couple days that none of your
qu
On Sat, Apr 06, 2002 at 08:48:59AM +, Martin WHEELER wrote:
> On Fri, 5 Apr 2002, Petro wrote:
>
> > You *like* upgrading 100 servers every few days?
>
> You'll have to ask the scripts that do that stuff for me :)
So you don't mind verifying ever couple days that none of your
q
On Fri, 5 Apr 2002, Petro wrote:
> You *like* upgrading 100 servers every few days?
You'll have to ask the scripts that do that stuff for me :)
--
Martin Wheeler <[EMAIL PROTECTED]> gpg key 01269BEB @ the.earth.li
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubsc
On Fri, 5 Apr 2002, Petro wrote:
> You *like* upgrading 100 servers every few days?
You'll have to ask the scripts that do that stuff for me :)
--
Martin Wheeler <[EMAIL PROTECTED]> gpg key 01269BEB @ the.earth.li
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubs
On Thu, Apr 04, 2002 at 06:24:18PM +, Martin WHEELER wrote:
> On Wed, Apr 03, 2002 at 09:22:34AM +, Martin WHEELER wrote:
> > "Release early; release often."
>
> On Wed, 3 Apr 2002, Petro wrote:
> >
> > NO
> >
> > Measure twice, cut once.
>
> Fine. You wear the same size suit fro
On Thu, Apr 04, 2002 at 06:24:18PM +, Martin WHEELER wrote:
> On Wed, Apr 03, 2002 at 09:22:34AM +, Martin WHEELER wrote:
> > "Release early; release often."
>
> On Wed, 3 Apr 2002, Petro wrote:
> >
> > NO
> >
> > Measure twice, cut once.
>
> Fine. You wear the same size suit fr
also sprach Andrew Pimlott <[EMAIL PROTECTED]> [2002.04.04.0135 +0200]:
> > this problem is understood by the developers of proftpd
>
> Wichert said that nobody has explained why the current fix on s.d.o
> doesn't work. If the problem is understood, why hasn't someone
> explained this? That's al
also sprach Michael Stone <[EMAIL PROTECTED]> [2002.04.04.0211 +0200]:
> > because it will prevent s.d.o from serving a buggy package. it's not
> > fixed perfectly, but at least it's not subject to a known exploit.
>
> Could you be a little more careful with your terms? A DOS is not an
> exploit,
On Wed, Apr 03, 2002 at 09:22:34AM +, Martin WHEELER wrote:
> "Release early; release often."
On Wed, 3 Apr 2002, Petro wrote:
>
> NO
>
> Measure twice, cut once.
Fine. You wear the same size suit from birth to death; me, I'll adjust
according to circumstances.
--
Martin Wheeler <[E
also sprach Andrew Pimlott <[EMAIL PROTECTED]> [2002.04.04.0135 +0200]:
> > this problem is understood by the developers of proftpd
>
> Wichert said that nobody has explained why the current fix on s.d.o
> doesn't work. If the problem is understood, why hasn't someone
> explained this? That's a
also sprach Michael Stone <[EMAIL PROTECTED]> [2002.04.04.0211 +0200]:
> > because it will prevent s.d.o from serving a buggy package. it's not
> > fixed perfectly, but at least it's not subject to a known exploit.
>
> Could you be a little more careful with your terms? A DOS is not an
> exploit,
On Wed, Apr 03, 2002 at 09:22:34AM +, Martin WHEELER wrote:
> "Release early; release often."
On Wed, 3 Apr 2002, Petro wrote:
>
> NO
>
> Measure twice, cut once.
Fine. You wear the same size suit from birth to death; me, I'll adjust
according to circumstances.
--
Martin Wheeler <[
On Thu, Apr 04, 2002 at 01:06:26AM +0200, martin f krafft wrote:
> because it will prevent s.d.o from serving a buggy package. it's not
> fixed perfectly, but at least it's not subject to a known exploit.
Could you be a little more careful with your terms? A DOS is not an
exploit, it's a DOS. By s
On Thu, Apr 04, 2002 at 01:09:27AM +0200, martin f krafft wrote:
> this problem is understood by the developers of proftpd
Wichert said that nobody has explained why the current fix on s.d.o
doesn't work. If the problem is understood, why hasn't someone
explained this? That's all that is asked,
On Wed, Apr 03, 2002 at 02:43:10PM -0800, Petro wrote:
> On Wed, Apr 03, 2002 at 09:22:34AM +, Martin WHEELER wrote:
> > "Release early; release often."
>
> NO
>
> Measure twice, cut once.
i haven't really been following this thread, but i like analogies as
much as the next person,
also sprach Nathan E Norman <[EMAIL PROTECTED]> [2002.04.03.0732 +0200]:
> > well, i am calm, but i disagree. sure, it boils down to the question
> > who debian's audience are, but for all i am concerned, debian's
> > reputation _used_ to include "security", and the reason why i'd (as in
> > "would
also sprach Andrew Pimlott <[EMAIL PROTECTED]> [2002.04.03.1805 +0200]:
> On Wed, Apr 03, 2002 at 10:54:25AM -0500, Andrew Pimlott wrote:
> > I think Wichert's position
>
> ... reflects appropriate discipline, given the (relatively modest)
> severity of the problem.
i also have to agree with you
also sprach Andrew Pimlott <[EMAIL PROTECTED]> [2002.04.03.1754 +0200]:
> There are several good reasons:
>
> - If a band-aid fix is allowed, there is less incentive to find
> the correct fix.
true. doesn't mean that we have to fall into that hole.
> - If the problem isn't understood, th
On Wed, Apr 03, 2002 at 09:22:34AM +, Martin WHEELER wrote:
> "Release early; release often."
NO
Measure twice, cut once.
--
Share and Enjoy.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
On Wed, Apr 03, 2002 at 10:56:32AM +0900, Howland, Curtis wrote:
> I would bet that the vast majority of "flame wars" begin because someone
> mistakes "terse" or "concise" for hostility.
>
> The reverse, being the endless spewing of meaningless words, all the while
> saying nothing at all or eve
On Thu, Apr 04, 2002 at 01:06:26AM +0200, martin f krafft wrote:
> because it will prevent s.d.o from serving a buggy package. it's not
> fixed perfectly, but at least it's not subject to a known exploit.
Could you be a little more careful with your terms? A DOS is not an
exploit, it's a DOS. By
On Thu, Apr 04, 2002 at 01:09:27AM +0200, martin f krafft wrote:
> this problem is understood by the developers of proftpd
Wichert said that nobody has explained why the current fix on s.d.o
doesn't work. If the problem is understood, why hasn't someone
explained this? That's all that is asked,
On Wed, Apr 03, 2002 at 02:43:10PM -0800, Petro wrote:
> On Wed, Apr 03, 2002 at 09:22:34AM +, Martin WHEELER wrote:
> > "Release early; release often."
>
> NO
>
> Measure twice, cut once.
i haven't really been following this thread, but i like analogies as
much as the next person,
also sprach Nathan E Norman <[EMAIL PROTECTED]> [2002.04.03.0732 +0200]:
> > well, i am calm, but i disagree. sure, it boils down to the question
> > who debian's audience are, but for all i am concerned, debian's
> > reputation _used_ to include "security", and the reason why i'd (as in
> > "woul
also sprach Andrew Pimlott <[EMAIL PROTECTED]> [2002.04.03.1805 +0200]:
> On Wed, Apr 03, 2002 at 10:54:25AM -0500, Andrew Pimlott wrote:
> > I think Wichert's position
>
> ... reflects appropriate discipline, given the (relatively modest)
> severity of the problem.
i also have to agree with you
also sprach Andrew Pimlott <[EMAIL PROTECTED]> [2002.04.03.1754 +0200]:
> There are several good reasons:
>
> - If a band-aid fix is allowed, there is less incentive to find
> the correct fix.
true. doesn't mean that we have to fall into that hole.
> - If the problem isn't understood, t
On Wed, Apr 03, 2002 at 09:22:34AM +, Martin WHEELER wrote:
> "Release early; release often."
NO
Measure twice, cut once.
--
Share and Enjoy.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
On Wed, Apr 03, 2002 at 10:56:32AM +0900, Howland, Curtis wrote:
> I would bet that the vast majority of "flame wars" begin because someone mistakes
>"terse" or "concise" for hostility.
>
> The reverse, being the endless spewing of meaningless words, all the while saying
>nothing at all or even
[ Followup to incomplete send. ]
On Wed, Apr 03, 2002 at 10:54:25AM -0500, Andrew Pimlott wrote:
> I think Wichert's position
... reflects appropriate discipline, given the (relatively modest)
severity of the problem.
Andrew
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "uns
On Wed, Apr 03, 2002 at 03:22:39AM +0200, martin f krafft wrote:
> but give me at least one argument why these acts cannot combine with
> a *temporary* fix uploaded to the so-called "security archives".
There are several good reasons:
- If a band-aid fix is allowed, there is less incentive to f
[ Followup to incomplete send. ]
On Wed, Apr 03, 2002 at 10:54:25AM -0500, Andrew Pimlott wrote:
> I think Wichert's position
... reflects appropriate discipline, given the (relatively modest)
severity of the problem.
Andrew
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "un
On Wed, Apr 03, 2002 at 03:22:39AM +0200, martin f krafft wrote:
> but give me at least one argument why these acts cannot combine with
> a *temporary* fix uploaded to the so-called "security archives".
There are several good reasons:
- If a band-aid fix is allowed, there is less incentive to
"Release early; release often."
--
Martin Wheeler <[EMAIL PROTECTED]> gpg key 01269BEB @ the.earth.li
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
"Release early; release often."
--
Martin Wheeler <[EMAIL PROTECTED]> gpg key 01269BEB @ the.earth.li
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
On Wed, Apr 03, 2002 at 03:22:39AM +0200, martin f krafft wrote:
> dear list,
>
> look, i am really not here to start a flame war and heck no, i don't
> want one. please excuse if my behaviour has been leading you onto this
> belief (or maybe not). i am simply failing to grasp the arguments laid
>
On Wed, Apr 03, 2002 at 03:22:39AM +0200, martin f krafft wrote:
> dear list,
>
> look, i am really not here to start a flame war and heck no, i don't
> want one. please excuse if my behaviour has been leading you onto this
> belief (or maybe not). i am simply failing to grasp the arguments laid
I would bet that the vast majority of "flame wars" begin because someone
mistakes "terse" or "concise" for hostility.
The reverse, being the endless spewing of meaningless words, all the while
saying nothing at all or even the opposite of what it sounds like, is the art
of politicians and diplo
well, you make sense to me.
2c from an end-user.
martin f krafft wrote:
dear list,
look, i am really not here to start a flame war and heck no, i don't
want one. please excuse if my behaviour has been leading you onto this
belief (or maybe not). i am simply failing to grasp the arguments laid
dear list,
look, i am really not here to start a flame war and heck no, i don't
want one. please excuse if my behaviour has been leading you onto this
belief (or maybe not). i am simply failing to grasp the arguments laid
out by wichert. that is, i don't disagree with him per se, but i have
the fe
I would bet that the vast majority of "flame wars" begin because someone mistakes
"terse" or "concise" for hostility.
The reverse, being the endless spewing of meaningless words, all the while saying
nothing at all or even the opposite of what it sounds like, is the art of politicians
and dipl
well, you make sense to me.
2c from an end-user.
martin f krafft wrote:
> dear list,
>
> look, i am really not here to start a flame war and heck no, i don't
> want one. please excuse if my behaviour has been leading you onto this
> belief (or maybe not). i am simply failing to grasp the argum
dear list,
look, i am really not here to start a flame war and heck no, i don't
want one. please excuse if my behaviour has been leading you onto this
belief (or maybe not). i am simply failing to grasp the arguments laid
out by wichert. that is, i don't disagree with him per se, but i have
the f
Previously martin f krafft wrote:
> wrong. fix things with bandaid to give you more time to find the real
> problem. i am not saying that this is the final fix. put it this way,
> you aren't going to wait for intruders to make use of the opportunity
> while you search the drunkbold who broke your w
also sprach Wichert Akkerman <[EMAIL PROTECTED]> [2002.04.02.1250 +0200]:
> I does, and in fact it's a very good approach: make sure you study
> what the real problem is instead of trying to fix things with bandaid.
wrong. fix things with bandaid to give you more time to find the real
problem. i a
Previously martin f krafft wrote:
> wrong. fix things with bandaid to give you more time to find the real
> problem. i am not saying that this is the final fix. put it this way,
> you aren't going to wait for intruders to make use of the opportunity
> while you search the drunkbold who broke your
also sprach Wichert Akkerman <[EMAIL PROTECTED]> [2002.04.02.1250 +0200]:
> I does, and in fact it's a very good approach: make sure you study
> what the real problem is instead of trying to fix things with bandaid.
wrong. fix things with bandaid to give you more time to find the real
problem. i
Previously martin f krafft wrote:
> that's a purist approach which doesn't work with security.
I does, and in fact it's a very good approach: make sure you study
what the real problem is instead of trying to fix things with bandaid.
With all the energy wasted on this someone could have found the
also sprach Wichert Akkerman <[EMAIL PROTECTED]> [2002.03.31.2009 +0200]:
> Because it might impact other packages as well.
sure, but the upload won't.
> I'ld rather make sure we don't have a bug in multiple packages then
> a reasonably harmless semi-bug in a single package.
that's a purist appr
Previously martin f krafft wrote:
> that's a purist approach which doesn't work with security.
I does, and in fact it's a very good approach: make sure you study
what the real problem is instead of trying to fix things with bandaid.
With all the energy wasted on this someone could have found the
also sprach Wichert Akkerman <[EMAIL PROTECTED]> [2002.03.31.2009 +0200]:
> Because it might impact other packages as well.
sure, but the upload won't.
> I'ld rather make sure we don't have a bug in multiple packages then
> a reasonably harmless semi-bug in a single package.
that's a purist app
Previously martin f krafft wrote:
> wichert, it didn't. why should we discuss this before pushing the
> temporary fix into the security archives???
Because it might impact other packages as well.
> i'd also like to see answered, but right now, debian's got a semi-bug
> in a package found on secur
On Sun, Mar 31, 2002 at 05:53:35PM +0200, martin f krafft wrote:
> why should we discuss this before pushing the temporary fix into the
> security archives???
Maybe because, as you say, the fix (read: workaround) is only temporary? :)
Including a new rule in the conffile won't automatically fix e
also sprach Wichert Akkerman <[EMAIL PROTECTED]> [2002.03.31.1602 +0200]:
> > i don't get it. will someone please push this package ivo made as an
> > NMU into security.debian.org ASAP? i'd do it myself, but i am still
> > waiting for DAM approval...
>
> I'ld like someone to answer my question fir
Previously martin f krafft wrote:
> wichert, it didn't. why should we discuss this before pushing the
> temporary fix into the security archives???
Because it might impact other packages as well.
> i'd also like to see answered, but right now, debian's got a semi-bug
> in a package found on secu
On Sun, Mar 31, 2002 at 05:53:35PM +0200, martin f krafft wrote:
> why should we discuss this before pushing the temporary fix into the
> security archives???
Maybe because, as you say, the fix (read: workaround) is only temporary? :)
Including a new rule in the conffile won't automatically fix
also sprach Wichert Akkerman <[EMAIL PROTECTED]> [2002.03.31.1602 +0200]:
> > i don't get it. will someone please push this package ivo made as an
> > NMU into security.debian.org ASAP? i'd do it myself, but i am still
> > waiting for DAM approval...
>
> I'ld like someone to answer my question fi
Previously martin f krafft wrote:
> i don't get it. will someone please push this package ivo made as an
> NMU into security.debian.org ASAP? i'd do it myself, but i am still
> waiting for DAM approval...
I'ld like someone to answer my question first: how come the glob
fix in glibc doesn't fix pro
Previously martin f krafft wrote:
> i don't get it. will someone please push this package ivo made as an
> NMU into security.debian.org ASAP? i'd do it myself, but i am still
> waiting for DAM approval...
I'ld like someone to answer my question first: how come the glob
fix in glibc doesn't fix pr
also sprach Ivo Timmermans <[EMAIL PROTECTED]> [2002.03.30.0845 +0100]:
> > okay, but noone knows about it. why isn't it on security.debian.org
> > yet???
>
> Beats me...
i don't get it. will someone please push this package ivo made as an
NMU into security.debian.org ASAP? i'd do it myself, but
also sprach Ivo Timmermans <[EMAIL PROTECTED]> [2002.03.30.0845 +0100]:
> > okay, but noone knows about it. why isn't it on security.debian.org
> > yet???
>
> Beats me...
i don't get it. will someone please push this package ivo made as an
NMU into security.debian.org ASAP? i'd do it myself, but
martin f krafft wrote:
> also sprach Noah Meyerhans <[EMAIL PROTECTED]> [2002.03.29.2332 +0100]:
> > Such a package has existed at http://people.debian.org/~ivo/ for over a
> > year.
>
> okay, but noone knows about it. why isn't it on security.debian.org
> yet???
Beats me...
Ivo
--
He
martin f krafft wrote:
> also sprach Noah Meyerhans <[EMAIL PROTECTED]> [2002.03.29.2332 +0100]:
> > Such a package has existed at http://people.debian.org/~ivo/ for over a
> > year.
>
> okay, but noone knows about it. why isn't it on security.debian.org
> yet???
Beats me...
Ivo
--
H
also sprach Noah Meyerhans <[EMAIL PROTECTED]> [2002.03.29.2332 +0100]:
> Such a package has existed at http://people.debian.org/~ivo/ for over a
> year.
okay, but noone knows about it. why isn't it on security.debian.org
yet???
--
martin; (greetings from the heart of the sun.)
\_
On Fri, Mar 29, 2002 at 10:47:18PM +0100, martin f krafft wrote:
> so proftpd_1.2.0pre10-2.0potato1_i386.deb is buggy. and that's known
> for over a year, supposedly. i can't NMU yet, so someone please
> rebuild the package, add the following to the context of
> /etc/proftpd.conf
>
> DenyFilter
so proftpd_1.2.0pre10-2.0potato1_i386.deb is buggy. and that's known
for over a year, supposedly. i can't NMU yet, so someone please
rebuild the package, add the following to the context of
/etc/proftpd.conf
DenyFilter \*.*/
and then NMU it, or Johnie's listening and will do it himself. this
w
also sprach Noah Meyerhans <[EMAIL PROTECTED]> [2002.03.29.2332 +0100]:
> Such a package has existed at http://people.debian.org/~ivo/ for over a
> year.
okay, but noone knows about it. why isn't it on security.debian.org
yet???
--
martin; (greetings from the heart of the sun.)
\
On Fri, Mar 29, 2002 at 10:47:18PM +0100, martin f krafft wrote:
> so proftpd_1.2.0pre10-2.0potato1_i386.deb is buggy. and that's known
> for over a year, supposedly. i can't NMU yet, so someone please
> rebuild the package, add the following to the context of
> /etc/proftpd.conf
>
> DenyFilte
so proftpd_1.2.0pre10-2.0potato1_i386.deb is buggy. and that's known
for over a year, supposedly. i can't NMU yet, so someone please
rebuild the package, add the following to the context of
/etc/proftpd.conf
DenyFilter \*.*/
and then NMU it, or Johnie's listening and will do it himself. this
70 matches
Mail list logo
