On 06/08/2012 12:23 PM, Pacho Ramos wrote:
> El vie, 08-06-2012 a las 12:16 -0700, Zac Medico escribió:
>> On 06/08/2012 01:38 AM, Pacho Ramos wrote:
>>> El jue, 07-06-2012 a las 12:33 -0700, Zac Medico escribió:
On 06/07/2012 12:24 PM, Pacho Ramos wrote:
> El jue, 07-06-2012 a las 12:09 -
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 08/06/12 03:23 PM, Pacho Ramos wrote:
> El vie, 08-06-2012 a las 12:16 -0700, Zac Medico escribió:
>> It's close enough to ABI_SLOT that it would make more sense just
>> to use ABI_SLOT because it's more flexible.
>
> In that case, I think it's c
El vie, 08-06-2012 a las 12:16 -0700, Zac Medico escribió:
> On 06/08/2012 01:38 AM, Pacho Ramos wrote:
> > El jue, 07-06-2012 a las 12:33 -0700, Zac Medico escribió:
> >> On 06/07/2012 12:24 PM, Pacho Ramos wrote:
> >>> El jue, 07-06-2012 a las 12:09 -0700, Zac Medico escribió:
> On 06/07/201
On 06/08/2012 01:38 AM, Pacho Ramos wrote:
> El jue, 07-06-2012 a las 12:33 -0700, Zac Medico escribió:
>> On 06/07/2012 12:24 PM, Pacho Ramos wrote:
>>> El jue, 07-06-2012 a las 12:09 -0700, Zac Medico escribió:
On 06/07/2012 12:00 PM, Pacho Ramos wrote:
> El jue, 07-06-2012 a las 19:44 +
The following packages will be removed from the tree:
# Masked for removal (#420075)
# The Phalanx Project is finished and no longer active
dev-perl/CPAN-Mini-Phalanx
# Masked for removal (#249786,#331675,#420211)
# No release since 2005, not needed.
dev-perl/gimp-perl
# Masked for removal (#420
On Fri, Jun 08, 2012 at 03:40:57PM +0200, Michael Weber wrote:
> I'd suggest to generate an tarball (containing an keyring) to sign by
> an master key (member of trustee/council/..) to be deployed on all
> systems (like it's done on archlinux and debian).
>
> But the current vulnerability is expor
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 06/08/2012 04:24 PM, Michał Górny wrote:
> On Fri, 08 Jun 2012 16:06:27 +0200 hasufell
> wrote:
>
>>
>> On 06/08/2012 03:55 PM, Michał Górny wrote:
>>> On Fri, 08 Jun 2012 15:34:32 +0200 Is there a need for that?
>>
>> I don't know, do you?
>
>
On Fri, 08 Jun 2012 16:06:27 +0200
hasufell wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On 06/08/2012 03:55 PM, Michał Górny wrote:
> > On Fri, 08 Jun 2012 15:34:32 +0200 Is there a need for that?
>
> I don't know, do you?
Estimated to three packages, two in gx86, one in betag
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 06/08/2012 03:55 PM, Michał Górny wrote:
> On Fri, 08 Jun 2012 15:34:32 +0200 Is there a need for that?
I don't know, do you?
This reduces the amount of archives the eclass can handle. Unless
gentoo decides to drop zip support I don't see a reason
On Fri, Jun 8, 2012 at 3:06 PM, Nirbheek Chauhan wrote:
> On Fri, Jun 8, 2012 at 2:58 PM, Pacho Ramos wrote:
>> As talked with him via mail, thanks for taking it
>
> I think you missed the list of packages?
>
Hum, sorry about that. I got a bit confused there. :)
--
~Nirbheek Chauhan
Gentoo GN
On Fri, Jun 8, 2012 at 2:58 PM, Pacho Ramos wrote:
> As talked with him via mail, thanks for taking it
I think you missed the list of packages?
--
~Nirbheek Chauhan
Gentoo GNOME+Mozilla Team
On Thu, 7 Jun 2012 23:49:52 +0200
Michał Górny wrote:
> Of course, if the community insists, I could just update the old
> eclass and fix the ebuilds broken that way.
The following ebuilds would need fixing if -r1 is to replace -r0
in place:
a) naming the tarball ${P}-src.tar.gz:
- dev-java/jna
As talked with him via mail, thanks for taking it
signature.asc
Description: This is a digitally signed message part
On Fri, 08 Jun 2012 15:34:32 +0200
hasufell wrote:
> What is with zipballs from github for example? They are not supported
> by this method afais.
Is there a need for that? Considering that I can't name any snapshot
provider which does offer .zip but doesn't offer .tar*, and the fact
that .tar*
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 06/08/2012 01:36 PM, Rich Freeman wrote:
> I doubt any dev checks the signatures on manifest files before
> they overwrite them with a new signature. If they did it wouldn't
> matter since those signatures aren't even mandatory anyway.
> Certain
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 06/07/2012 11:49 PM, Michał Górny wrote:
> Hello,
>
> As it was pointed out, vcs-snapshot is unable to handle multiple
> tarballs nicely. As fixing this would involve changing eclass API
> (and they are packages which are known to break thanks to
As talked with him via mail, he will concentrate in gnome work and won't
have time to take care of the following packages:
app-admin/logrotate
sys-apps/usermode-utilities
Feel free to get them
Thanks
signature.asc
Description: This is a digitally signed message part
# Bernard Cafarelli (08 Jun 2012)
# Masked for removal in 30 days, bug #417357
# Dead upstream (last release in 2006), buggy
# Use gnustep-apps/projectcenter instead
gnustep-apps/projectmanager
gnustep-apps/keyarcher
gnustep-apps/plconv
gnustep-libs/wizardkit
On Fri, Jun 8, 2012 at 7:01 AM, W. Trevor King wrote:
> When the breach is discovered, you can then isolate the dev (or devs)
> who implicitly signed the hack (2) by pulling the ToT without checking
> for a valid signature (3). Then you yell at them for sloppy security,
> and tell them to install
On Mon, Jun 04, 2012 at 04:57:42PM -0400, Rich Freeman wrote:
> 2. Hacker commits something to the tree. Top of tree is not signed.
> No need for preimage attacks or whatever on sha1 - they just log into
> the server and do a git commit or whatever right into the tree.
> 3. Gentoo dev commits a
El jue, 07-06-2012 a las 12:33 -0700, Zac Medico escribió:
> On 06/07/2012 12:24 PM, Pacho Ramos wrote:
> > El jue, 07-06-2012 a las 12:09 -0700, Zac Medico escribió:
> >> On 06/07/2012 12:00 PM, Pacho Ramos wrote:
> >>> El jue, 07-06-2012 a las 19:44 +0100, Ciaran McCreesh escribió:
> On Thu,
21 matches
Mail list logo
