orewall-init.log
>
> Nothing interesting in the logs.
>
> Shorewall doesn't start at system boot and no problem starting
> interactively.
>
What about /etc/default/shorewall? And does 'systemctl status shorewall'
show that it is enabled?
Regards,
-Roberto
--
Roberto C. Sánchez
> https://lists.debian.org/debian-lists-test/
>
TIL.
I have been a Debian Developer for going on 20 years and I never knew
about this list. It seems super handy.
Regards,
-Roberto
--
Roberto C. Sánchez
gt;
No worries. We are all here to help and learn.
Regards,
-Roberto
--
Roberto C. Sánchez
uot; or any other package based on vulnerable "zlib1g" in
> bookworm, that may be a security risk, right?
The minizip package in bookworm does not come from zlib1g, so this
particular vulnerability still does not apply.
Regards,
-Roberto
--
Roberto C. Sánchez
a vulnerability.
If fixing it is important to you personally, then you are welcome to
figure out the patch or patches that apply, apply them, test the
resulting package, and the communicate with the security team and
release managers to have it included in the next stable point release
(which will probably be sometime in March).
Regards,
-Roberto
--
Roberto C. Sánchez
On Wed, Jan 29, 2025 at 08:43:12AM -0500, Dan Ritter wrote:
>
> Most recently: https://daniel.haxx.se/blog/2025/01/23/cvss-is-dead-to-us/
I was going to post a link to this very article when I saw that you
already had :-)
Regards,
-Roberto
--
Roberto C. Sánchez
vileges). And for "stable" it definitely leans hard
toward "no behavior change at all when possible, and only minimal change
when change is unavoidable".
If your needs for "secure" and "stable" don't line up with how the
Debian Security Team approaches those things, then it is worth
considering alternatives.
I hope this helps you to understand the overall approach.
Regards,
-Roberto
--
Roberto C. Sánchez
e rest of us would thank you
kindly for availing yourself of one or more of those options.
Regards,
-Roberto
--
Roberto C. Sánchez
ially from
what was released in Debian stable. In other words, they may break your
existing whatever (programs you are compiling in the case of a library,
scripts you've written in the case of an interperter, etc).
Regards,
-Roberto
--
Roberto C. Sánchez
t; >
>
> I know the answer, the question was to the person I replied to.
>
> Can YOU answer that question?
>
> It is why I use a rolling release distribution for anything important
>
And that is your choice.
Others, for various reasons, choose a stable distribution to which
security patches are backported.
Each has its place.
Regards,
-Roberto
--
Roberto C. Sánchez
\] ]]; then BAD=1; break; fi;
done < /proc/mdstat;
echo $BAD
Note that I changed to a regex match, and also added a 'break;' after
assigning BAD=1, because there is no need to continue processing the
input at that point.
Regards and Merry Christmas,
-Roberto
--
Roberto C. Sánchez
affic,
perform whatever filtering the organization's policy requires, and then
pass it on to the destination.
Does the same sort of prompt appear when attempting to view a web page
over HTTPS?
If that is what is going on, most likely a self-signed certificate is
being used and you would need to explicitly trust the certificate.
Regards,
-Roberto
--
Roberto C. Sánchez
transition:
https://tracker.debian.org/pkg/dolphin
What you have done is, well, not a generally good approach. Testing
transitions are done for good reason and if as a user you choose to use
testing then it is best to exercise patience when it comes to
transitions.
Regards,
-Roberto
--
Roberto C. Sánchez
to
tweak the behavior of debconf.
Regards,
-Roberto
[0] https://manpages.debian.org/buster/debconf-doc/debconf.7.en.html
--
Roberto C. Sánchez
present (e.g., specific MAC address on the
network hardware, specific USB devices present, etc) then those things
may break. However, you should have a sufficiently functional system to
be able to deal with those things.
Regards,
-Roberto
--
Roberto C. Sánchez
On Tue, Aug 20, 2024 at 08:18:44PM -0400, Greg Wooledge wrote:
> On Tue, Aug 20, 2024 at 20:04:11 -0400, Roberto C. Sánchez wrote:
> > sync && sync && sync && swapoff
> >
> > I couldn't tell why I have sync 3 times, but I know that it's
amp;& swapoff
I couldn't tell why I have sync 3 times, but I know that it's how I've
called swapoff since as far back as I can remember.
Regards,
-Roberto
--
Roberto C. Sánchez
3, 4, or 5 years old Debian
release, you should really question whether that is a good idea. And
then realize that if you decide to install anyways that support will
become progressively more challenging.
Regards,
-Roberto
--
Roberto C. Sánchez
On Fri, Aug 02, 2024 at 10:45:21AM -0400, Jeffrey Walton wrote:
> On Fri, Aug 2, 2024 at 10:37 AM Roberto C. Sánchez wrote:
> >
> > On Fri, Aug 02, 2024 at 10:16:51AM -0400, Jeffrey Walton wrote:
> > > On Fri, Aug 2, 2024 at 9:13 AM Brian wrote:
> > > >
> &
might be "bind9 update 9.16.50 -- too many record" from
> the debian-security mailing list at
> <https://lists.debian.org/debian-security/2024/07/msg3.html>.
>
Which seems unlikely on a system running buster.
--
Roberto C. Sánchez
On Fri, Aug 02, 2024 at 10:55:55AM -0300, Eduardo M KALINOWSKI wrote:
> On 02/08/2024 10:44, Roberto C. Sánchez wrote:
> > On Fri, Aug 02, 2024 at 10:15:38AM -0300, Eduardo M KALINOWSKI wrote:
> > > Maybe related to https://kb.isc.org/docs/rrset-limits-in-zones ?
> > >
ced in that particular DSA.
Brian, can you provide more details about what specific packages were
updated and from what version to what version? You can find that
information in /var/log/dpkg.log*.
Regards,
-Roberto
--
Roberto C. Sánchez
Apart from that, you look like you are configured properly and should be
able to use bullseye until the end of its LTS support period
(2026-08-31) [0].
Regards,
-Roberto
[0] https://wiki.debian.org/LTS
--
Roberto C. Sánchez
;
> does date command has this option?
>
> Thanks.
>
You probably want:
$ date +%a
Mon
$ date +%A
Monday
--
Roberto C. Sánchez
t;
It seems like an extremely obvious thing, the sort of thing that we
wouldn't let happen. But then this XKCD from a year or two ago wouldn't
be such an accurate representation of so many projects:
https://xkcd.com/2347/
(I'm sure it's probably been linked in a 1,000 different threads in a
1,000 different forums related to this problem by now.)
Regards,
-Roberto
--
Roberto C. Sánchez
c4ad3b
>
> https://metadata.ftp-master.debian.org/changelogs//main/u/util-linux/util-linux_2.39.3-11_changelog
>
The fix has also been made to stable and oldstable:
https://lists.debian.org/debian-security-announce/2024/msg00058.html
Regards,
-Roberto
--
Roberto C. Sánchez
id and other leading edge distros.)
> >
> > Thanks,
> > Andy
>
> O-o, is there any simple test to check if I have infected version or
> not?
> KJ
Yes. It is mentioned in Andres' email and provided as an attachement at
the end.
Regards,
-Roberto
--
Roberto C. Sánchez
re not subscribed to
debian-security-announce.
Regards,
-Roberto
--
Roberto C. Sánchez
tes-local/
Regards,
-Roberto
--
Roberto C. Sánchez
https://packages.debian.org/search?keywords=firmware-nvidia-gsp
You won't get version 525.147.05 in stable (which is what 12.3 is).
Regards,
-Roberto
--
Roberto C. Sánchez
, so I wanted dual
storage. If you can get by without that, then this much cheaper machine
might work for you:
https://www.newegg.com/p/2SW-006Y-00079
I haven't purchased either one yet, but I plan to purchase the first in
the coming weeks.
Regards,
-Roberto
--
Roberto C. Sánchez
n the internet (and which is free as in beer)?
>
KeePassXC (or KeePassX if you're still on buster).
Regards,
-Roberto
--
Roberto C. Sánchez
lines coming out of grep, but that feels somewhat
ugly.
Essentially, your pipeline probably needs to be something more like
this:
sed -r -e "s+.*${DESC_DIR}++" "${IFL}" | tail
Or drop the tail entirely if what you really want is the last part of
each line, regardless of how many there are.
Regards,
-Roberto
--
Roberto C. Sánchez
ormation, but that is probably the
simplest.
Regards,
-Roberto
--
Roberto C. Sánchez
our use case? What will you
do with that information? What decision will you make? What action will
you take?
Regards,
-Roberto
--
Roberto C. Sánchez
the account from the device, re-install the
CA root cert (the one that issued the server cert), and re-add the
account to the device. At that point it started to work. :shrug:
Regards,
-Roberto
--
Roberto C. Sánchez
again.
One thing, however, that I can point out is that upgrading by skipping
major releases is not recommended or supported at all. You should really
upgrade from 9.9 -> 9.13 first, then to 10, then to 11.
Regards,
-Roberto
[0] https://www.catb.org/esr/faqs/smart-questions.html
--
Roberto C. Sánchez
cess the server and the account without issue.
Regards,
-Roberto
--
Roberto C. Sánchez
oject Funding initiative and it was accepted and work was done on it
for several months:
https://salsa.debian.org/freexian-team/project-funding/-/issues/19
However, it seems like there are rather serious blocking issues that
have halted progress.
Regards,
-Roberto
--
Roberto C. Sánchez
All of that to say, Andy, that you are 100% right that if someone wants
things the Debian way, they can use Debian and if someone wants things
not-the-Debian way, there are a great multitude of non-Debian options
out there.
Regards,
-Roberto
--
Roberto C. Sánchez
wishlist a bug against the libembree-dev
requesting inclusion of the static .a. When static archives are shipped
they are generally shipped in the -dev package.
Regards,
-Roberto
--
Roberto C. Sánchez
wnloaded data will contain all updates in a format understood by APT and
this data can be used by apt-offline to update the non-networked machine.
That sounds to me like your exact use case.
Regards,
-Roberto
--
Roberto C. Sánchez
but you might find other parts of the discussion
illuminating as well.
Regards,
-Roberto
--
Roberto C. Sánchez
orrectly (or at all), and so you are forced to start by
unpacking each team in order to have a clean build. The correct
solution is to fix the 'clean' target so that you can repeatedly run the
build without having to remove the package directory and unpack it
again.
Regards,
-Roberto
--
Roberto C. Sánchez
specific or detailed
recommendation.
Regards,
-Roberto
--
Roberto C. Sánchez
icon in the top left and type in
"click". That should get you the accessbility-releated options in one
of the results and you can adjust it there.
Regards,
-Roberto
--
Roberto C. Sánchez
erparts in $HOME for setting it
on a per-user basis.
Regards,
-Roberto
--
Roberto C. Sánchez
heir
dependencies (which can happen when mixing packages from different
Debian releases).
Regards,
-Roberto
--
Roberto C. Sánchez
nks
>Tim
>--
>⢀⣴⠾⠻⢶⣦⠀
>⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system
>⢿⡄⠘⠷⠚⠋⠀ [1]https://www.debian.org/
>⠈⠳⣄⠀⠀
>
> References
>
>Visible links
> 1. https://www.debian.org/
--
Roberto C. Sánchez
r/CVE-2022-24675
>7. https://security-tracker.debian.org/tracker/CVE-2022-28327
>8. https://www.servicenow.com/
>9. https://www.linkedin.com/company/servicenow
> 10. https://twitter.com/servicenow
> 11. https://www.youtube.com/user/servicenowinc
> 12. https://www.facebook.com/servicenow
--
Roberto C. Sánchez
on what
you mean by "lastest available version". If you mean "latest available
version from the sources configured on my system", then 'apt-cache
madison' will do just that. If you mean "latest available version in
the Debian archive", then you need 'rmadison'.
Regards,
-Roberto
--
Roberto C. Sánchez
without downloading the package and parsing the
> dsc?
>
If you are not opposed to installing the devscripts package, then you
can do this:
$ rmadison -u debian -a source -s unstable firefox-esr
firefox-esr | 91.10.0esr-1 | unstable | source
Regards,
-Roberto
--
Roberto C. Sánchez
abilities. That information is necessary for the Debian security
team to properly support packages in a stable release.
Regards,
-Roberto
--
Roberto C. Sánchez
e, requesting
> opinion or suggestions here.
>
Have you read the release notes? That should be considered an
obligatory step.
Regards,
-Roberto
--
Roberto C. Sánchez
are getting?
Regards,
-Roberto
--
Roberto C. Sánchez
On Thu, May 19, 2022 at 10:31:44PM -0400, Roberto C. Sánchez wrote:
> For those following along, a little while ago the problem "went away".
> That is, context menus, tooltips, and application menus now all show in
> the expected places in Firefox. I really hope that this i
On Wed, May 18, 2022 at 04:17:12PM -0400, Roberto C. Sánchez wrote:
> On Wed, May 18, 2022 at 10:09:10PM +0200, Linux-Fan wrote:
> > Roberto C. Sánchez writes:
> >
> > > I have recently decommissioned my main desktop workstation and switched
> > > to using my l
On Wed, May 18, 2022 at 10:09:10PM +0200, Linux-Fan wrote:
> Roberto C. Sánchez writes:
>
> > I have recently decommissioned my main desktop workstation and switched
> > to using my laptop for daily work (rather than only when travelling). I
> > acquired a USB-C &q
so how to resolve
it.
Regards,
-Roberto
--
Roberto C. Sánchez
18 in
>Debian? It was released last month.
>[1]https://jdk.java.net/18/
>--
>Dale Harris
>[2]rod...@gmail.com
>/.-)
>
> References
>
>Visible links
>1. https://jdk.java.net/18/
>2. mailto:rod...@gmail.com
--
Roberto C. Sánchez
hine
> "into the wild" :-)
>
I very much agree with Tomas. After having tried a few different
solutions years ago, I have settled on this one and I am convinced it is
still the best available solution to this particular problem.
Regards,
-Roberto
--
Roberto C. Sánchez
On Sat, Apr 09, 2022 at 05:42:43PM -0400, Felix Miata wrote:
> Roberto C. Sánchez composed on 2022-04-09 17:16 (UTC-0400):
>
> > Have you tried the option to manually enter the mirror information? In
> > the past I have successfully used this point at archive.debian.org for
&
n
archive sub-directory. The contents of archive.debian.org are not the
installers themselves, but the actual package archive.
Regards,
-Roberto
--
Roberto C. Sánchez
ian.org for
an installation of an older version of Debian. You should be able to
use the URL http://archive.debian.org/debian/ (IIRC).
Regards,
-Roberto
--
Roberto C. Sánchez
ackage installed, but you would need to keep the database
updated manually.
Regards,
-Roberto
--
Roberto C. Sánchez
Regards,
-Roberto
--
Roberto C. Sánchez
now what the next logcheck report will contain
(e.g., because you've tweaked the ignore filters and you want to make
sure that it excludes the right thing), you can do something like this:
sudo -u logcheck -s /usr/sbin/logcheck -t -o
Regards,
-Roberto
--
Roberto C. Sánchez
age [0].
Regards,
-Roberto
[0] https://packages.debian.org/gcc-doc
--
Roberto C. Sánchez
, embedded Perl interpreter,
and the content scanning extension (formerly known as "exiscan-acl") for
integration of virus scanners and spamassassin."
Perhaps you installed exim4-daemon-heavy when you intended to install
exim4-daemon-light.
Regards,
-Roberto
--
Roberto C. Sánchez
particular
invidual in a somewhat threatning way.
Regards,
-Roberto
--
Roberto C. Sánchez
roblem in
this case in addition to delpotes.
Could you perhaps describe precisely what offense was caused or what
boundary was skirted in this instance?
In the future, messages such as yours would appear less menacing and
more constructive with this additional bit of information added.
Regards,
-Roberto
--
Roberto C. Sánchez
On Fri, Jan 21, 2022 at 04:08:00PM +0100, Jerome BENOIT wrote:
>
>
> On 21/01/2022 15:59, Roberto C. Sánchez wrote:
> > On Fri, Jan 21, 2022 at 02:49:09PM +0100, Steve Keller wrote:
> > > I see that on my Debian systems there is a user group "users" with GID
know the group "users" which every user was
> a member of, by default.
>
New users have gid 100 set as their primary group by default. So, new
users are members of the group without having to be added to the group
in /etc/groups.
Regards,
-Roberto
--
Roberto C. Sánchez
me.
In FF, click on 'SSL_ERROR_BAD_CERT_DOMAIN', which should take you to
the full error output. Then click 'Copy text to clipboard' and paste
the full text into an email. Someone on the list ought to be able to
help diagnose further from there.
Regards,
-Roberto
--
Roberto C. Sánchez
ads)
> Locale: LANG=ko_KR.UTF-8, LC_CTYPE=ko_KR.UTF-8 (charmap=UTF-8), LANGUAGE not
> set
> Shell: /bin/sh linked to /usr/bin/dash
> Init: systemd (via /run/systemd/system)
> LSM: AppArmor: enabled
>
> Sincerely, Byung-Hee
>
--
Roberto C. Sánchez
plicable, even if the precise implementation
is a little different as compared to a few years ago.
Regards,
-Roberto
--
Roberto C. Sánchez
ent that you decide to switch to sssd (I recommend it, as it is
more flexible and less buggy than the PAM and NSS solution), then its
configuration provides explicit options for filtering specific users
and/or groups.
Regards,
-Roberto
--
Roberto C. Sánchez
has slightly different objectives, operating frameworks, etc. Debian's
goals are different from Ubuntu's goals, are different from Fedora's
goals, are different from Mozilla upstream's goals. Let's just accept
that (or work constructively to adjust the goals to better suit you) and
support the people doing the work.
Regards,
-Roberto
--
Roberto C. Sánchez
ared specifically for stable,
oldstable, and LTS. Each will be uploaded to the -security archive for
the respective distribution.
Regards,
-Roberto
--
Roberto C. Sánchez
On Thu, Dec 09, 2021 at 07:49:01PM +0200, Georgi Naplatanov wrote:
> On 12/9/21 19:09, Roberto C. Sánchez wrote:
> > On Thu, Dec 09, 2021 at 06:59:07PM +0200, Georgi Naplatanov wrote:
> >> On 12/9/21 18:43, Roberto C. Sánchez wrote:
> >>>
> >>> Please n
On Thu, Dec 09, 2021 at 05:11:05PM +, piorunz wrote:
> https://www.phoronix.com/scan.php?page=news_item&px=Web-Browser-Packages-Debian
>
> :(
>
What utter trash.
--
Roberto C. Sánchez
On Thu, Dec 09, 2021 at 06:59:07PM +0200, Georgi Naplatanov wrote:
> On 12/9/21 18:43, Roberto C. Sánchez wrote:
> >
> > Please note that Mozilla is constantly updating to newer rustc and LLVM
> > versions. That means that preparing a new major ESR release for Debian
>
LVM
versions. That means that preparing a new major ESR release for Debian
requires not just the packaging of the firefox-esr and thunderbird
updates, but also some very complex toolchain components. Those
components are usually already in unstable/testing, but for stable,
oldstable, and LTS, the toolchain must be backported first.
Regards,
-Roberto
--
Roberto C. Sánchez
ds="ls -la /var/cache/apt/archives/") - but I couldn't see any .deb
> files inside the schroot.
>
You might want to look at cowbuilder. It does this automatically
without any additional components that need to be configured.
Regards,
-Roberto
--
Roberto C. Sánchez
stances where more advanced techniques might
be required.
Regards,
-Roberto
--
Roberto C. Sánchez
out"
in a place like debian-user. If you wish to have a degree of anonimity
while blending into the background, then a Gmail account using a
pseudonym would probably attract far less notice.
Regards,
-Roberto
--
Roberto C. Sánchez
g, attacking, and so on, without risk to their real reputation.
Regards,
-Roberto
--
Roberto C. Sánchez
> happening again, so I assume that the mouse hardware is fine. (I have
> > also tried another mouse - same behaviour).
Regards,
-Roberto
--
Roberto C. Sánchez
backporting
security-specific fixes.
[0] https://lists.debian.org/debian-lts-announce/2019/02/msg2.html
--
Roberto C. Sánchez
adly also all too common. I have seen the same
thing it is quite infuriating.
Regards,
-Roberto
[0] https://wiki.debian.org/LTS
[1] https://www.debian.org/consultants/
--
Roberto C. Sánchez
experimental/
--
Roberto C. Sánchez
On Fri, Sep 03, 2021 at 04:25:39PM +0100, piorunz wrote:
> On 03/09/2021 15:17, Roberto C. Sánchez wrote:
> > If you change all instances of bullseye -> testing, then you are not
> > mixing. Go ahead with that (...)
>
> Yep, that's all there is to say. tes
On Fri, Sep 03, 2021 at 10:40:32AM -0400, The Wanderer wrote:
> On 2021-09-03 at 10:17, Roberto C. Sánchez wrote:
>
> > On Fri, Sep 03, 2021 at 04:11:49PM +0200, Richard Forst wrote:
> >
> >> I just installed Debian using netinstall image. I thought I install
> >
to use the specific release code name
rather than stable or testing.
Regards,
-Roberto
--
Roberto C. Sánchez
On Fri, Sep 03, 2021 at 03:41:00PM +0200, Harald Dunkel wrote:
> On 9/3/21 13:57, Roberto C. Sánchez wrote:
> > That sounds like potentially buggy behavior. Can you give a specific
> > example?
> >
>
> ntp (Debian)
> sane (Debian)
> gitlab-r
On Fri, Sep 03, 2021 at 08:33:25AM -0400, Greg Wooledge wrote:
> On Fri, Sep 03, 2021 at 08:23:07AM -0400, Roberto C. Sánchez wrote:
> > On Fri, Sep 03, 2021 at 08:03:23AM -0400, Greg Wooledge wrote:
> > > Out of curiosity, I checked my system to see if there were any system
>
On Fri, Sep 03, 2021 at 08:03:23AM -0400, Greg Wooledge wrote:
> On Fri, Sep 03, 2021 at 07:57:44AM -0400, Roberto C. Sánchez wrote:
> > On Fri, Sep 03, 2021 at 11:14:45AM +0200, Harald Dunkel wrote:
> > > Hi folks,
> > >
> > > how can I tell the debhelper scr
potentially buggy behavior. Can you give a specific
example?
Regards,
-Roberto
--
Roberto C. Sánchez
em-provided binary).
Either way, the simplicity of the tool (in terms of it being a single
binary artifact that is deployed) makes it unlikely that you would
encounter any issues in doing this.
Regards,
-Roberto
--
Roberto C. Sánchez
fter the upgrade to buster to keep
> my network names.
>
Since nobody else has mentioned this link, here is where I recommend you
start: https://wiki.debian.org/NetworkInterfaceNames
Regards,
-Roberto
--
Roberto C. Sánchez
1 - 100 of 1149 matches
Mail list logo
