Re: donations link not working

to the web master at SPI > for them to investigate. Already fixed yesterday. > > by the way, is there a way to donate by credit card in europe? > > The donations page (when it returns) should have this information. It is not possible. Wichert. -- Wichert Akkerman <[EMA

Re: [GDS-NOC-TKT:443214] Note Added [gc-noc] routing problem in gblx.net (security.debian.org)?

for 24.94 either which could cause problems. Wichert. -- Wichert Akkerman <[EMAIL PROTECTED]>It is simple to make things. http://www.wiggy.net/ It is hard to make things simple.

Bug#190837: favicon.ico has wrong Content-Type

. -- System Information: Debian Release: testing/unstable Architecture: i386 Kernel: Linux tornado 2.5.68 #1 Tue Apr 22 02:36:22 CEST 2003 i686 Locale: LANG=C, LC_CTYPE=en_GB.UTF-8 -- Wichert Akkerman <[EMAIL PROTECTED]> http://www.wiggy.net/ A random hacker

Re: [SECURITY] [DSA-257-1] sendmail remote exploit

to say is that security updates will also be installed in proposed-updates before being included in a stable revision. That does not mean that the security team provides security fixes for packages that are in proposed-updates. Wichert. -- Wichert Akkerman <[EMAIL PROTECTED]> http:

Re: dsa-257

e security team. I have no idea how those data and wml files work, we just make the advisories. Wichert. -- Wichert Akkerman <[EMAIL PROTECTED]> http://www.wiggy.net/ A random hacker

Re: dsa-257

(different source package). It is the exact same issue which just happens to be present in multiple source packages. To me it makes perfect since to do that in a single advisory. Wichert. -- Wichert Akkerman <[EMAIL PROTECTED]> http://www.wiggy.net/ A random hacker

[security-news@wanadoo.fr: Translation of advisory]

x27;m looking in your web page to find a french transalation of bulletin. Can you say me why all advisory are not translate in french ? Thanks in advance, MC - End forwarded message - -- Wichert Akkerman <[EMAIL PROTECTED]> http://www.wiggy.net/ A random hacker

Re: [SECURITY] [DSA-210-1] lynx CRLF injection

Previously Ulf Harnhammar wrote: > On Fri, 13 Dec 2002, Wichert Akkerman wrote: > > > - > > Debian Security Advisory DSA-210-1 [EMAIL PROTECTED] > > http:/

Re: unoffical debian logos, banners and covers

Previously Raphael Hertzog wrote: > Le Wed, Sep 25, 2002 at 04:21:19PM +0300, Volkan YAZICI ?crivait: > > there are currently 9 logos, 13 banners, 3 vertical banners, > > 5 cd covers, 2 workouts > > > > adress is http://www.linuks.mine.nu/volkany/ > > They are really nice, I like them. Wow, I ju

Re: DSA scripts

Previously Javier Fern?ndez-Sanguino Pe?a wrote: > Are the advisories themselves in rdf format? Not afaik, but hopefully someone from debian-www (cc'ed) can arrange for that to be done. Wichert. -- _ /[EMAIL PROTECTED]

Re: lack of space on www-master

Previously Josip Rodin wrote: > I guess the log file size got out of hand, they cluttered up / and wml wrote > empty files to /tmp and then to /org/www.debian.org/www... Is someone going to fix the webpage generation to properly abort when it encounters an error so this won't happen again? Wicher

[michael@mind.be: invalid html]

- Forwarded message from Michael Devogelaere <[EMAIL PROTECTED]> - From: Michael Devogelaere <[EMAIL PROTECTED]> To: debian-security@lists.debian.org Subject: invalid html Date: 17 Apr 2002 14:50:33 +0200 X-Spam-Status: No, hits=0.0 required=5.0 tests= version=2.11 Hi, The html-code of D

Debian OID space

Can a link to http://people.debian.org/~wakkerma/oid.html be added somewhere in the developers? That page lists the policies for OID assignments in the IANA assigned Debian OID space as well as the current assigned numbers. Wichert. -- __

Re: Link error

Previously Josip Rodin wrote: > How come a DSA-089-2 wasn't released if this package was changed? Ah, hmm, `oops' Are you SURE you want this advisory: [DSA-089-2] updated i386 icecast-server package If so enter "yes": yes --

Re: Can I get DSA announce in a rdf-like form?

Previously Josip Rodin wrote: > We have a preliminary solution in the works, why wouldn't it be viable? I think the average delay between the release of a DSA and it appearing on the webpages is a good indication. Wichert. -- _

Re: Can I get DSA announce in a rdf-like form?

Previously Matt Hope wrote: > I can't speak for anyone else, but I'd find this handy - I wouldn't mind > being able to syndicate this info - and I guess debianplanet.org would > also like it. I"ll see if I can redo it and get the sidebar and rdf on security.debian.org itself, doing it through www.

Re: Can I get DSA announce in a rdf-like form?

Previously Martin Schulze wrote: > Please poll www.debian.org/security/ and/or cvs.debian.org/... > by a script on your own, I guess that's more feasable. I actually did implement that at some point along with a mozilla sidebar for DSAs, but there seemed to be no interest in putting that on our we

Re: fixed MD5 sum for dsa-091-1 advisory

Previously James A. Treacy wrote: > It seems wrong to go around changing mailing list archives. This doesn't > help those that compare the checksum using the original announcement. http://www.debian.org/security/ is not a mailinglist archive, it needs to be done manually there. > Shouldn't an up

fixed MD5 sum for dsa-091-1 advisory

It seems an incorrect md5sum managed to get into dsa-091-1. The checksum for the dsc file is wrong, it should be: 4d7fb3727479974637b7a7d5a0fec725 Can someone please fix that on the webpage? Wichert. -- _ /[EMAIL PROTECTED]

new security advisories

Can someone add the new security advisories to the website? It is lagging about 4 advisories at the moment. Wichert. -- _ /[EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://

Re: [SECURITY] [DSA-087-1] wu-ftpd buffer overflow in glob code

Previously Josip Rodin wrote: > scp: /org/security.debian.org/advisories/DSA/dsa-087-1.wu-ftpd: Permission > denied Not true! (not anymore anyway) While you're at it, can you also fix the layout for the latest SPI board meeting minutes? I put them online myself yesterday but the attendance list

Re: [SECURITY] [DSA-087-1] wu-ftpd buffer overflow in glob code

Previously Matt Zimmerman wrote: > This doesn't appear to be posted at yet. I can't fix that, debian-www has to. Wichert. -- _ /[EMAIL PROTECTED] This space intentionally left occupied \

Re: Addition http://www.debian.org/security/faq/

Previously peter karlsson wrote: > you do not only remove unsecure packages, but also packages that have > been superseded by newer versions, so perhaps that sentence should be > slightly rephrased? Feel free to come up with a better wording. I couldn't come up with one I liked better and was hopi

Addition http://www.debian.org/security/faq/

Since I just removed a bunch of old packages from security.debian.org I suspect this may be a useful addition to the faq: Q: I am trying to download a package that is listed in one of the security advisories and I get a file not found error. A: If a newer fix is available for a package we rem

Re: security faq addition

Previously Javier Fern?ndez-Sanguino Pe?a wrote: > Even if it's in CVS. Could you please ask me first? Not that I'm inactive > in Debian mailing lists... after all I'm the maintainer and that was not > an urgent matter. I'm not aware there is a specific maintainer. I wrote the initial FAQ and had

security faq addition

Can someone please add this to the security FAQ? Q: The version number for a package indicates that I am still running a vulnerable version! A: Instead of upgrading to a new release we backport security fixes to the version that was shipped in the stable release. The reason we do this is

Re: archive.debian.org

Previously Christian Surchi wrote: > BTW, we should say that archive.d.o is dead with saens from so many time and > maybe list other archives. Someone should just fix DNS, samosa.debian.org has all the data and can act as archive.debian.org just fine it seems. Wichert. -- ___

[lez@sch.bme.hu: Re: [SECURITY] [DSA-058-1] exim printf format attack]

attack Date: Tue, 12 Jun 2001 11:21:58 +0200 'morning On Sun, Jun 10, 2001 at 01:46:42AM +0200, Wichert Akkerman wrote: > > Package: exim > Problem type : remote printf format attack > Debian-specific: no You are absolutely kind, but it's NOT a remote vulnerabili

Update for security FAQ

Can someone please add the following to the first item on /security/faq: Known culprits are fetchmail (with the mimedecode option enabled) and formail (from procmail 3.14 only). Wichert. -- _ / Nothing is fool-proof t

dsa-054-1 addition

Can someone please update the dsa-054-1 text on the webpages to note that this problem was discovered by Sebastian Krahmer? I completely forgot to do that and he's understandigly a bit upset about that. Wichert. -- / Generally

Re: request

Previously Sergio Brandano wrote: > I agree. I propose a very simple solution: to archive and index > emails as usual, as far as the date of these emails is no older than > six (6) months. This is also in line with the need for our mailing > lists to allow other friends to benefit from our

Re: Debian security FAQ

Previously Martin Schulze wrote: > I'll do it later, assuming nobody does it before. Josip already made the changes. Wichert. -- / Generally uninteresting signature - ignore at your convenience \ | [EMAIL PROTECTED]

Debian security FAQ

Can we put the text below online somewhere on the security pages? I get those questions a bit too often these days so it would be nice if there was a page I could point people to. Wichert. security FAQ thingies Q: The signature on your advisories does not verify correctly A: This is most likely

Re: Is there a free license which prohibits commercial derived works?

Previously Peter S Galbraith wrote: > : Authors of free software on the other hand are generally looking > : for some combination of the following: > : > : - Not allowing use of their code in commercial software. Since > :they are releasing the code for others to use without any > :prof

[dreamwvr@dreamwvr.com: FYI -hyperlinks broken]

Can someone look into this? I just checked and the links for DSA-041 to 043 are indeed broken. Also, the title for the gnuserv advisory is incomplete, it's missing the DSA-042 code. Wichert. - Forwarded message from dreamwvr <[EMAIL PROTECTED]> - From: dreamwvr <[EMAIL PROTECTED]> To: [

[mduncan@unt.edu: Incorrect link on Security Info Page]

Can someone fix this? Wichert. - Forwarded message from Matt Duncan <[EMAIL PROTECTED]> - From: Matt Duncan <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Incorrect link on Security Info Page Date: Tue, 21 Nov 2000 08:24:47 -0600 The i386 link on the cron Security Information page

Account for Dutch web translations has been disabled

Someone had the bright idea to post the password for `dutch' CVS account for webwml on debian-l10n-dutch.. I've asked Jason to disable that account. Wichert. -- _ / Nothing is fool-proof to a sufficiently talented fool

Re: ipv6 overview

Previously Bernd Eckenfels wrote: > sure, you should visit our ipv6 pages :) > http://people.debian.org/~csmall/ipv6/packages.html Is this linked somewhere from http://www.debian.org/devel/ ? If not it probably should.. (an ongoing development page perhaps?) Wichert.

Bug#76187: The web site is too impersonal

Previously Martin Michlmayr wrote: > The web site is too impersonal and formal. I'd like to see the faces > behind Debian. At least the officers should have a page on www.d.o > with a short description and a picture. Hmmm. I'm not sure if I should enjoy that people want to know about me or worry

Re: Debian banner

Previously Egon Willighagen wrote: > I can confirm the a Debian 2.1 banner is going around... i think i saw it > on freshmeat or slashdot, or maybe linuxtoday.com... And this was definately > after 2.2 was released... The OSDN sites still use an outdated banner; a new banner has been made (http://

Re: people.debian.org

Previously Jason Gunthorpe wrote: > The usual common entry points (debian.org and www.debian.org) have been > resetup to be redirects to this domain, and in future I encourage the > above to be used as the cannonical name. Euhm, thanks for not announcing that. So will I put the bugscan output now

[mtominaga@cmp.com: Web Tools Awards nomination]

Anyone interested in going? Wichert. - Forwarded message from [EMAIL PROTECTED] - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Web Tools Awards nomination Date: Fri, 13 Oct 2000 14:53:51 -0700 hi, I'm pleased to inform GNU/Linux 2.2 has been selected for consideration for a

Re: permissions in ~debian/lists on master

Previously Remco van de Meent - Debian Listmaster wrote: > There've been a couple of messages on debian-www indicating that the > debwww team is going to maintain the archives (at least the web > archives). The search engine should work again soon and a lot of bugs > have been fixed IIRC (I don't f

[rms@gnu.org: [cwither@aloha.net: Re: GNU/Linux Cookbook addendum to addendum]]

- Forwarded message from Richard Stallman <[EMAIL PROTECTED]> - From: Richard Stallman <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: [EMAIL PROTECTED]: Re: GNU/Linux Cookbook addendum to addendum] Date: Sat, 5 Aug 2000 15:03:35 -0600 (MDT) Reply-to: [EMAIL PROTECTED] http://www.debia

Bug#67637: www.debian.org: robots.txt has too many entries

Previously Nicolás Lichtmaier wrote: > Current /robots.txt prohibits indexing of many resources that should be > indexed. Probably because search engines would overload www.debian.org otherwise. Wichert. -- _ / Generally unint

Linux Magazine award

I heard earlier today that www.debian.org was chosen as one of the top 100 Linux sites in the June issue of Linux Magazine. Congratulations to our www team! If we want we can put a top 100 icon somewhere on our website; if someone wants to do that please email me and I'll forward the icon. Wiche

Re: to reiterate, why are there no security updates on the front page? (Or, 17 security holes the security team hasn't told you about)

Previously Joey Hess wrote: > Why is the last security update listed on the www.debian.org web page, > and the last security announcement posted to debian-security-announce, > from way back in March? One reason: we probably need one or two extra people in the security team. We had someone join th

Re: DMUP should be on the web somewhere

Previously James A. Treacy wrote: > Check out http://www.debian.org/devel/dmup after tomorrow's mirror > update. If the formatting is ok, I'll add a link from the developers' > page. Looks just fine., Wichert. -- _ / Generally u

[dave@guardiandigital.com: Linux Security]

This is a request from one of the guys running linuxsecurity.com. He said he would like a link on our security webpage to their site; currently we don't have any links to other sites and I don't want to give him a special posistion. However it might make sense to collect a couple of security-relat

new CD vendor (was: Re: COLABORATION DONATION)

Can someone add these guys to the list of CD vendors? Previously compuclick wrote: > Dear friends: > > We have made a small donation to the project DEBIAN through LINUXCENTRAL and > we have also bought some copies of the official cd to reproduce in Colombia > and to help this way to their diffus

[autodoc@acun.com: ]

- Forwarded message from Terry Moreland <[EMAIL PROTECTED]> - From: Terry Moreland <[EMAIL PROTECTED]> To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]> Subject: Date: Mon, 27 Dec 1999 13:28:16 -0500 Sirs; I have included links to your site through mine, and would like you to check them to

Re: Do Linux full-time... Hiring Linux specialists

Previously Karl M. Hegbloom wrote: > I have no objections to job postings here. > I think the web page idea is a good one. That webpage is supposed to be there already, I talked with the webteam about that a while ago. Can someone from the webteam comment on this? Wichert. --

DMUP should be on the web somewhere

Can this be put on the webpages? Wichert. -- / Generally uninteresting signature - ignore at your convenience \ | [EMAIL PROTECTED]http://www.liacs.nl/~wichert/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0

the Y2K page

I think we need to revamp the Y2K page; the list that is currently has is IMHO almost useless; I suggest replacing it with the list of Y2k updates that have been included in 2.1r4 and a link to the GNU Y2K page. Wichert. -- /

Re: search engine to web pages? Re: no link to the y2k page?

Previously James A. Treacy wrote: > Let's hear what they are proposing and then decide. For example, > many people would object to the use of a non-free product. They'll set it up this week so you can give it a try. Wichert. -- _

Re: search engine to web pages? Re: no link to the y2k page?

Previously James A. Treacy wrote: > Let's hear what they are proposing and then decide. For example, > many people would object to the use of a non-free product. Debian package running on a Debian server. I think using ht:dig iirc. Wichert. -- _

Re: no link to the y2k page?

Previously James A. Treacy wrote: > We thought it was important enough that a link is right on the > main page. Scroll down a page and you'll see it. Duh! We completely missed that. On a related note: Cistron (the people hosting www.nl.debian.org) appears to be willing to setup a searchengine for

no link to the y2k page?

I just had somebody ask me if there was any y2k-info for Debian.. a quick search of the site revealed absolutely nothing.. Some looking around on va produce http://www.debian.org/y2k/, which has some info but seems really incomplete. Is that page still intended to be our y2k-page, and if so why

Re: job offers from partners

.. Wichert. -- == This combination of bytes forms a message written to you by Wichert Akkerman. E-Mail: [EMAIL PROTECTED] WWW: http://www.wi.leidenuniv.nl/~wichert/ pgpIvJF7oqOwf.pgp Description: PGP signature

job offers from partners

e sure the information doesn't become stale). Any opinions on this? Wichert. -- == This combination of bytes forms a message written to you by Wichert Akkerman. E-Mail: [EMAIL PROTECTED] WWW: http://www.wi.leidenu

[thompson@wpi.com: Show Favorites Awards--logo pickup]

Francisco, CA 94107 phone: 415.267.1780 fax: 415.267.1732 - End forwarded message - -- ========== This combination of bytes forms a message written to you by Wichert Akkerman. E-Mail: [EMAIL PROTECTED] WWW: http://www.wi.leidenuniv.nl/~wichert/

new logo VA

=== This combination of bytes forms a message written to you by Wichert Akkerman. E-Mail: [EMAIL PROTECTED] WWW: http://www.wi.leidenuniv.nl/~wichert/ pgpjm6fRHtGNX.pgp Description: PGP signature

Re: new logo announcement

to a > "Debian certified" stamp of approval. Right? Right. Wichert. -- ====== This combination of bytes forms a message written to you by Wichert Akkerman. E-Mail: [EMAIL PROTECTED] WWW: http://www.wi.leidenuniv.nl/~wichert/ pgpQPZ3G4QiyH.pgp Description: PGP signature

link suggestion

, etc. He himself would be willing to do some management if wanted, but I don't think we need that, right? Wichert. -- == This combination of bytes forms a message written to you by Wichert Akkerman. E-Mail: [EMAIL

Re: license for the webpages

Previously Joey Hess wrote: > I think we should just change the license to something DFSG free. FWIW, I agree with this. Wichert. -- == This combination of bytes forms a message written to you by Wichert Akkerman

license for the webpages

resolved by the webteam and a license put on the webpages. Wichert. -- == This combination of bytes forms a message written to you by Wichert Akkerman. E-Mail: [EMAIL PROTECTED] WWW: http://www.wi.leidenuniv.nl/~wichert