Re: orphaning most (of my) packages
Quoting Mako Hill ([EMAIL PROTECTED]): razor ('needed' by spamasassin; needs updating) I've check out the bug list and the package and I'd like to take this on unless some more qualified wants it. Taken - sorry ! :) Greets, Robert -- ( o Linux Generation o ) ///\finger [EMAIL PROTECTED] for my GnuPG/PGP key./\\\ \V_/\_V/ All extremists should be taken out and shot. pgpRxLKmXujIV.pgp Description: PGP signature
Re: orphaning most (of my) packages
Quoting Thorsten Sauter ([EMAIL PROTECTED]): libphp-adodb (a php database abstraction layer, required for 'acidlab') I'll like to adopte the libphp-adodb package from you. Too late :/ Greets, Robert -- ( o Linux Generation o ) ///\finger [EMAIL PROTECTED] for my GnuPG/PGP key./\\\ \V_/\_V/ Invalid element 'rvdm' in content of 'p'. (WAP emulator error) pgpJU3s4BF443.pgp Description: PGP signature
Re: orphaning most (of my) packages
Quoting Kyle McMartin ([EMAIL PROTECTED]): On Thu, Aug 22, 2002 at 11:57:39AM +0200, Robert van der Meulen wrote: Too late :/ Has kernel-patch-int been adopted? As one of the upstream authors I would be glad to take it over. I have agreed with Ivo ([EMAIL PROTECTED]), that he can take over the package. If you're interested - or more suitable, or whatever :) - you should discuss things with him; I Cc'd him on this message. Greets, Robert -- ( o Linux Generation o ) ///\finger [EMAIL PROTECTED] for my GnuPG/PGP key./\\\ \V_/\_V/ Never trust a child farther than you can throw it. pgpK8VEXqAKLR.pgp Description: PGP signature
Re: orphaning most (of my) packages
Quoting Peter Palfrader ([EMAIL PROTECTED]): Please retitle them to RFP (request for package) rather than closing them if you still think they'ld make a worthwhile addition to Debian. Thanks, good point :) Greets, Robert -- ( o Linux Generation o ) ///\finger [EMAIL PROTECTED] for my GnuPG/PGP key./\\\ \V_/\_V/ Laat je in ieder geval nooit imponeren door een hard blaffende advocaat. pgp4T6dYieG6z.pgp Description: PGP signature
Re: orphaning most (of my) packages
Quoting Ivo Timmermans ([EMAIL PROTECTED]): I would like to take over your ITP for cryptoapi. If noone else wants it, I can take kernel-patch-int too. As discussed yesterday night; they're yours. Greets, Robert -- ( o Linux Generation o ) ///\finger [EMAIL PROTECTED] for my GnuPG/PGP key./\\\ \V_/\_V/ Invalid element 'rvdm' in content of 'p'. (WAP emulator error)
orphaning most (of my) packages
Hi, I'm going to orphan most of my packages. Before I upload them with Maintainer: set to QA, i'd like people to look at them and see if they want anything :) Some of the - less intensive - packages I'm keeping, the others I can't keep on maintaining due to several reasons (bought a house, plan to be busy with that, busy time at work, social stuff). Please contact me if you want to take anything; most of them will be first-come, first-serve. Orphaning: kernel-patch-2.2.18-openwall (needs updating to more recent kernel, and general maintenance) libphp-adodb (a php database abstraction layer, required for 'acidlab') lvm-common (this should go to the new lvm maintainer, I think. Cc to him for this reason) razor ('needed' by spamasassin; needs updating) xonix-jahu (ancient game) kernel-patch-int (should be superseded by cryptoapi; i can't find the time). Then there's some ITP's i (enthousiastically) did; i'm going to be closing them too. Interested people can upload and close at will, if they're faster than me: ricochet, loop-aes, cryptoapi, ipsec-tunnel. Greets, Robert -- ( o Linux Generation o ) ///\finger [EMAIL PROTECTED] for my GnuPG/PGP key./\\\ \V_/\_V/ Life is a sexually transmitted disease with 100% mortality. pgpC7VWxy1vys.pgp Description: PGP signature
Re: Spamassassin 2.11 and razor 1.20
Quoting Joey Hess ([EMAIL PROTECTED]): Duncan Findlay wrote: Is there any way of keeping razor out of woody until spamassassin 2.2 can be uploaded? (I could file an RC bug, but is there a better solution?) You could simply make spamassassin conflict with the razor it doesn't work for, and somehow get it into woody first. Or coordinate with the razor author and get it to conflict with the versions of spamassassin it breaks. A couple of days should be just about enough ? Is this a valid reason to use urgency=high on the next spamasassin upload ? Greets, Robert -- ( o Linux Generation o ) ///\finger [EMAIL PROTECTED] for my GnuPG/PGP key./\\\ \V_/\_V/ Reality is a cop-out for people who can't handle drugs. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: spamasassin/razor (do not upgrade)
Quoting Craig Dickson ([EMAIL PROTECTED]): So, since you neglected to supply the version numbers of the faulty packages, I am unsure whether you're referring to an upload that didn't make it into Sid today, or to razor 1.20-1. Should we all downgrade to razor 1.19-1, or is that one okay? (It seems to be working, but you also didn't tell us what the bad package's symptoms are, so I can't evaluate this with certainty either.) Sorry, i was referring to 1.20-1 indeed. I'm glad you take the effort to package these things for us. I use them and appreciate them. But your problem report is so lacking in information that it's basically useless. I only package razor, i can't take credit for spamasassin :) Greets, Robert -- ( o Linux Generation o ) ///\finger [EMAIL PROTECTED] for my GnuPG/PGP key./\\\ \V_/\_V/ doogie 'How to Raise Your I.Q. by Eating Gifted Children' pgpfXq6oS0Rx0.pgp Description: PGP signature
Re: XFree 4.2.0 - again
Quoting Joey Hess ([EMAIL PROTECTED]): Xdm doesn't work, but that's the only breakage I've run into. I'm taking a pretty wild guess that you need X because of a bright shiny new card that's only supported by 4.2 ? I ran into the same problem with a new radeon card, and solved it the same, with one exception: I used the X server included in the gatos [1] ati.2 driver package. This seems not to be a radeon-specific server, but it _is_ 4.2, and works fine with the xfree86.org binaries; furthermore it does support the authentication mechanism that's missing from the xfree86.org binaries (which breaks xdm and others). I'm currently running a rockstable X with xv and DRI support, on a xinerama dualhead 19 (3200x1200) desktop, and haven't experienced any X-related crashes yet (knocks wood). Greets, Robert -- ( o Linux Generation o ) ///\finger [EMAIL PROTECTED] for my GnuPG/PGP key./\\\ \V_/ There are two major products that come out of Berkeley: \_V/ LSD and UNIX. We don't believe this to be a coincidence. --Jeremy Anderson -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
spamasassin/razor (do not upgrade)
Hi, Please don't upgrade spamasassin/razor today, as it, ehm, doesn't work. I made a boo-boo in yesterday's upload, which basically f*cks it up. A new upload will follow later today, adressing these issues. I'm posting this here as the tendency is growing to blindly file bugs, without looking at the BTS first, so i'm hoping this saves some people some annoyances, and some bug-filing :) If you're using spamasassin *without* the razor checking, you can disregard this message, if you don't know if you're using razor checking (or don't know what the f*ck razor is), please don't. Greets, Robert -- ( o Linux Generation o ) ///\finger [EMAIL PROTECTED] for my GnuPG/PGP key./\\\ \V_/\_V/ Never trust a child farther than you can throw it. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: spamasassin/razor (do not upgrade)
Quoting Robert van der Meulen ([EMAIL PROTECTED]): Please don't upgrade spamasassin/razor today, as it, ehm, doesn't work. snip Damn. Ok. I don't know how to use a mailer. Sorry for the reply in the thread, I intended to post a *new* message. I'll get some sleep now. Greets, Robert -- ( o Linux Generation o ) ///\finger [EMAIL PROTECTED] for my GnuPG/PGP key./\\\ \V_/\_V/ Nuke the unborn gay female whales for Jesus. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ITP: arp-fun -- ARP Spoofing utility
Quoting Jerome Petazzoni ([EMAIL PROTECTED]): I'll consolidate this opinion : last time I really NEEDED dsniff's arpspoof, it did not work. I don't know why ; maybe it was because my host had many eth. interfaces, some of them with redundant routes and other crap ; but arpspoof died immediately with a not-very-explicit error message. debugging with strace first, gdb then, did not yield interesting results, so I gave up. I would have been VERY PLEASED to have another arp spoofing program in debian at this time ... I'd be interested in details about that bug. Greets, Robert -- ( o Linux Generation o ) ///\finger [EMAIL PROTECTED] for my GnuPG/PGP key./\\\ \V_/\_V/ Despite all appearances, your boss is a thinking, feeling, human being. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Bug#126498: ITP: spambouncer -- a powerful user-based anti-spam solution
Quoting martin f krafft ([EMAIL PROTECTED]): You grabbed my hand and we fell into it, like a daydream - or a fever. where's that from? 'dead flag blues', by Godspeed you black emperor! Greets, Robert -- Linux Generation encrypted mail preferred. finger [EMAIL PROTECTED] for my GnuPG/PGP key. if you remember the 60's, you weren't there. pgpZjHImJwA72.pgp Description: PGP signature
Re: /bin/ls is impure!
Hi, Quoting Norbert Veber ([EMAIL PROTECTED]): apt-get install purity purity-off # Not sure if the -off package is purity list purity nerd # any test should do from the previous # list Either finish the test, or abort it via ctrl-c or the q command. -- Now run ls. Be prepared to abort it before it consumes all the available memory on your system. I could not reproduce this. Could you give more (factual) info, like package versions, shell, etc ? Greets, Robert -- Linux Generation encrypted mail preferred. finger [EMAIL PROTECTED] for my GnuPG/PGP key. zarq wiggy, wat dacht je van 127.48.112.89 Typh ### Process 0 (host 127.48.112.89) terminated with return code 69 pgpU1ZoGnJN6s.pgp Description: PGP signature
Re: /bin/ls is impure!
Quoting Wichert Akkerman ([EMAIL PROTECTED]): Try this: apt-get install purity purity-off # Not sure if the -off package is # actually necessary What does that do? The description for the purity package is quite useless. 'purity tests' :) Greets, Robert -- Linux Generation encrypted mail preferred. finger [EMAIL PROTECTED] for my GnuPG/PGP key. Save the whales. Collect the whole set.
Re: Request for testers for new gphoto package
Hi, Quoting Paul Slootman ([EMAIL PROTECTED]): snip dependency problems (gphoto2 depends on libusb1, which isn't there) There's some problem there... Apparently libusb1 was removed a couple of weeks ago. PS: Please send copies to me and not to the list, in order to not clobber it (I'm not subscribed so keep that in mind) To the list anyway to prevent others from running into the same problem and wasting their time. I've been using gphoto2 for a while now. 'libusb1' is not present, 'libusb0' is, and works fine with gphoto2. If someone does want to try the package, try it with libusb0 installed, and maybe a pseudopackage providing libusb1 to fix the depends. Maybe the gphoto2 maintainder should depend on libusb0 instead ? Greets, Robert -- Linux Generation encrypted mail preferred. finger [EMAIL PROTECTED] for my GnuPG/PGP key. You must have an IQ of at least half a million. -- Popeye
Re: xfonts-*dpi and reiserfs?
Hi, Quoting Guus Sliepen ([EMAIL PROTECTED]): On Mon, Sep 10, 2001 at 12:01:30PM +0200, Sander Smeenk (CistroN Medewerker) wrote: |Sep 10 11:54:05 replicator kernel: reiserfs_add_entry: Congratulations! |we have got hash function screwed up Really, this is a clear indication that reiserfs is buggy. Send this information to Hans Reiser or the lkml instead of Branden, he has nothing to do with it from the looks of it. I have seen this problem, on his machine. Could you show me where he's sending this to Branden ? You must admit that it's quite a coincidence that this problem keeps occurring when he's upgrading his font packages, so this is a useful factor in his question. There seems to be some kind of link between these package upgrades, and reiserfs weirdnesses, if anyone on debian-devel has these - or similar - problems as well, this would be a good place to ask. Greets, Robert -- Linux Generation encrypted mail preferred. finger [EMAIL PROTECTED] for my GnuPG/PGP key. zarq ik heb net al uitputtende sex gehad met mijn schaapjes
Bug#111167: ITP: loop-aes
Package: wnpp Severity: wishlist http://loop-aes.sourceforge.net/loop-AES-v1.4d.tar.bz2 From the readme: This package provides loadable Linux kernel module (loop.o) that has AES cipher built-in. The AES cipher can be used to encrypt local file systems and disk partitions. Before you ask about the difference(s) between the kerneli patch: This package does *not* modify your kernel in any way, so you are free to use kernels of your choice, with or without cool patches. This package works with all past, present, and future 2.2 and 2.0 kernels, and with recent 2.4 kernels (2.4.3 or later). License is GPL. I have not decided on delivering binary-only modules for this yet. Greets, Robert -- Linux Generation encrypted mail preferred. finger [EMAIL PROTECTED] for my GnuPG/PGP key. Fluor Mijn muck is ook wit!
Bug#111173: ITP: cryptoapi
Package: wnpp Severity: wishlist http://cryptoapi.sourceforge.net/ |This is a repackaged distribution of the international crypto patch, |with the aim to improve adoption of this package by not requiring to |patch the kernel in order to be able to use the cryptoapi and the loop |encrytion. | |License is GPL; Some parts are licensed trough the following license, which |is free according to the DFSG: | |Permission is hereby granted, free of charge, to any person obtaining a |copy of this software and associated documentation files (the |Software), to deal in the Software without restriction, including |without limitation the rights to use, copy, modify, merge, publish, dis- |tribute, sublicense, and/or sell copies of the Software, and to permit |persons to whom the Software is furnished to do so, subject to the fol- |lowing conditions: | |The above copyright notice and this permission notice shall be included |in all copies or substantial portions of the Software. | |THE SOFTWARE IS PROVIDED AS IS, WITHOUT WARRANTY OF ANY KIND, EXPRESS |OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABIL- |ITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT |SHALL THE OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABIL- |ITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, |OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS |IN THE SOFTWARE. | |Except as contained in this notice, the name of the authors shall |not be used in advertising or otherwise to promote the sale, use or |other dealings in this Software without prior written authorization from |the authors. Note: This means i will probably drop the 'kernel-patch-int' package, which is the normal 'international crypto patch'. -- Linux Generation encrypted mail preferred. finger [EMAIL PROTECTED] for my GnuPG/PGP key. Laat je in ieder geval nooit imponeren door een hard blaffende advocaat.
Re: kernel-source
Quoting Matthias Berse ([EMAIL PROTECTED]): expand vanilla-debian kernels for let's say xfs. Since the kernel-source package is rather large compared to the usual kernel-to-kernel patch why do not provide a kernel-patch packet which can patch the kernel up do date? I think you're either meaning kernel-patch-* packages that allow patching of a kernel source tree (which we have), or binary patches to stock kernels (which would be impossible), or packages of patched kernels (which, afaik, we have.) ? Greets, Robert -- Linux Generation encrypted mail preferred. finger [EMAIL PROTECTED] for my GnuPG/PGP key. Insanity is hereditary. You get it from your kids.
Re: kernel-source
Hi, Quoting Matthias Berse ([EMAIL PROTECTED]): No, I mean a way to go from let's say kernel-source-2.4.3 to kernel-source-2.4.4 without the need to download the whole big .deb, but a patch similar to those patches found on kernel.org, but as a debian package which the patches the installed kernel-source-2.4.3 and provides kernel-source-2.4.4. You may ask why I don't take the patches from kernel.org and apply them. Well won't work (at least for debian kernel-source-2.4.3 I wasn't able to patch to 2.4.4...) I'm maintaining www.bzimage.org, which contains kernel patches similar to what you describe (not debian-specific though). IMHO .debs for patches like that are only useful for unstable, not for stable - and there would be quite a lot of them too..Too much package bloat if you ask me. Greets, Robert -- Linux Generation encrypted mail preferred. finger [EMAIL PROTECTED] for my GnuPG/PGP key. I'd rather be led to hell than managed to heaven.
Bug#96777: ITA: libapache-mod-ssl
Package: wnpp Severity: normal I'm adopting libapache-mod-ssl. I have spoken with the current maintainer ( Miquel van Smoorenburg, [EMAIL PROTECTED]), and he knows about/agrees on this. Thanks, Robert -- Linux Generation encrypted mail preferred. finger [EMAIL PROTECTED] for my GnuPG/PGP key. Don't panic.
Re: searchin' for Robert van der Meulen [Mailer-Daemon@smtp.cistron.nl: Mail delivery failed: returning message to sender]
Hi, Quoting Josip Rodin ([EMAIL PROTECTED]): Here's a bug closing message with two bugs in it. First, the closes are done with 'close nnn' command which is not nice to the submitters, and second, the address [EMAIL PROTECTED] bounces. These were NMU-fixed bugs with a 'fixed' tag that weren't closed yet. I was under the impression that setting a bug to 'fixed' already contacts the submitter, so they can be 'acknowledged' and closed by the actual maintainer afterwards, without contacting the original submitters. Right or wrong? Greets, Robert p.s. As wichert's message stated - the bounce problem was NIS-related, and is fixed now. -- Linux Generation encrypted mail preferred. finger [EMAIL PROTECTED] for my GnuPG/PGP key. Never trust a child farther than you can throw it.
Re: snort: someone willing to work a bit on it?
Hi, Quoting Christian Hammers (ch@westend.com): My snort package needs some work, e.g. a better logfile output and the ability to generate customised filters from the snort.org web page. Sadly I'm currently more interested in other things so maybe one of you want's to improve it. If someone likes he can take it over complete (there are enough programs out there for me to package) but maybe someone has only some hours sparetime... I use snort quite a lot, so i wouldn't mind doing some work on it. If you want to give away the package or work on it together - that's your choice ;) (Wouldn't mind taking it over, anyways) Greets, Robert -- Linux Generation Laat je in ieder geval nooit imponeren door een hard blaffende advocaat.
Re: egcs/gcc?
Hi, Quoting J.H.M. Dassen (Ray) ([EMAIL PROTECTED]): For me, 2.4 currently lacks snip sick x25 line ;) - kerneli crypto patches There are preliminary 2.4 kerneli patches available. I will start packaging those as soon as i have the 2.2.18 version cleaned up and up-to-date. Greets, Robert -- Linux Generation Zet mij maar in een hoek, met me kop naar de muur :) -- marijnv
Re: ITP: ttyrec -- a tty recorder
Quoting Joey Hess ([EMAIL PROTECTED]): My little playback program performs better (even though it is written in perl), because it takes the latency of a system call into consideration: Where can we find it ? :) Greets, Robert -- Linux Generation All extremists should be taken out and shot.
Re: Openwall kernel patches
Quoting Matt Zimmerman ([EMAIL PROTECTED]): Has anyone looked into packaging the Openwall patches for the kernel? Their licensing is kosher. If nobody else steps up, I'll probably do it. I wouldn't mind doing it - i'm going to do kernel-patch-int, and openwall fits in nicely.. Greets, Robert -- Linux Generation Laat je in ieder geval nooit imponeren door een hard blaffende advocaat.
Re: Close list
Quoting Carl B. Constantine ([EMAIL PROTECTED]): flame war Now maybe if we were using the RBL, DUL, and RSS lists... :-) /flame war disallow spammers allow posts from outside those subscribed We already allow spammers: The Debian Linux mailing lists accept commercial advertising for payment. We offer a fee waiver if you can show us the canceled check for a $1000 (U.S.) or more donation to Software in the Public Interest (SPI). One donation per advertisement, please. If you don't wish to donate, simply post your advertisement to the list, and the operator of the mailing lists will bill you $1999 (U.S). The list operator will donate this amount, minus the expense of collecting it, to SPI. As someone in an earlier thread 'challenged' me, i wouldn't mind taking care of this for the Debian mailing lists i'm on. I am not a listmaster, so I don't know if i'm allowed to do the billing 'n' stuff. I still think it's a better idea to 'filter' the spam by a closed list, and a couple of people who moderate off-the-list messages, but according to the amount of commentary i recieved back on that, people seem to disagree with it :) Is it a good idea if i do this ? Can i do this ? Can i do this while not being in the US (as most spammers seem to be from the US) ? What do we do with non-paying spammers ? Greets, Robert -- | [EMAIL PROTECTED] - Cistron Internet Services - www.cistron.nl| | php3/c/perl/html/c++/sed/awk/linux/sql/cgi/security | | My statements are mine, and not necessarily cistron's. | Reality is a cop-out for people who can't handle drugs.
Re: Boost Windows Reliability!!!!!
Quoting John Galt ([EMAIL PROTECTED]): You going to send them the bill then? At the bottom off the mailinglist subscription page: snip I think that you have some volunteers to send dunning notices within this thread (myself included). If you already are, could you post a summary of your actions and results on a periodic basis to somewhere that we can refer the close the list thread starters to? Count me in. See also the post in a thread later on in debian-devel. Greets, Robert -- | [EMAIL PROTECTED] - Cistron Internet Services - www.cistron.nl| | php3/c/perl/html/c++/sed/awk/linux/sql/cgi/security | | My statements are mine, and not necessarily cistron's. | Sodomy is a pain in the ass.
Re: Boost Windows Reliability!!!!!
Quoting Ben Collins ([EMAIL PROTECTED]): BTW, I'm on a 28.8, and I get over 1000 emails a day from all the lists I am sub'd to. So I do see a lot of spam, even beyond Debian's lists. If I can ignore it, so can everyone else, IMNHO. Ignoring spam has made the internet the spam-ridden place it is right now. As long as people do not do anything about it, spam will be as commonplace and as 'ignorable' as spam by snailmail. I do not like that, and lots of people don't. Apart from the annoyances, spammers almost regularly clobber up mailservers, network links, and are being _very_ intrusive. Spam is not an ignorable problem, and every spam-account i can manage to get killed, will get killed. If your opinion is that we shouldn't actively try to bring down the spam to a minimum, and just delete it - that's your opinion, but definately not mine, and not a lot of others' too ;) Greets, Robert -- | [EMAIL PROTECTED] - Cistron Internet Services - www.cistron.nl| | php3/c/perl/html/c++/sed/awk/linux/sql/cgi/security | | My statements are mine, and not necessarily cistron's. | If you want divine justice, die. -- Nick Seldon
ITP: sing
SING stands for 'Send ICMP Nasty Garbage'. It is a tool that sends ICMP packets fully customized from command line. Its main purpose is to replace the ping command but adding certain enhancements (Fragmentation, spoofing,...) Sing is released under the GNU public license. It's project page is at http://www.sourceforge.org/projects/sing, it's author is 'slay'. Current version is 1.0-beta7, i will be packaging it starting from v1.0. Greets, Robert -- | [EMAIL PROTECTED] - Cistron Internet Services - www.cistron.nl| | php3/c/perl/html/c++/sed/awk/linux/sql/cgi/security | | My statements are mine, and not necessarily cistron's. | If you remember the 60's, you weren't there. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Security of Debian SuX0r?
Hi, I don't like crossposting to mailinglists, so i post this to debian-devel, as well as a Cc to the original author. Quoting Juhapekka Tolvanen ([EMAIL PROTECTED]): Have you guys and girls seen this? What do you think about it? http://www.securityportal.com/closet/ Before you flame me, please read the entire article. I realize there are a lot of nice things about Debian, but I've also found a lot of problems. The odd thing is that Debian seems to have gotten the niggly little details right, but there are major issues they haven't addressed. The main thing i thought (after reading the article) was that you're mostly right, as far as i know. The package-signing thing has been bothering me as well. But. Your example of rpm's package-signature checking gives an example of a better idea, but i don't want to think about what happens when the vendor key is compromised. If somebody has the key the rpm's are signed with, he/she can create a very real false sense of security ('the signature's right, so the package is 100% certain correct and secure, as well'), by applying the signature to altered/compromised packages. The lilo-security thing seems a little farfetched to me as well. I didn't see a comparison with other distributions, and as far as i know, there are no other distributions that enforce a lilo-password. Did you check the packages of wich you mentioned there was a security hole in them (proftpd, apache) ? A lot of debian packages (and these as well, afaik), are patched to fix those holes. Apart from that, Debian offers (fast) updates to vulnerable packages, in the form of a security.debian.org apt-rule, where fixed/patched versions are available. From your article: This portion could be rather long, so I'll cut the list short. Debian has shipped more than a few daemons that have severe security problems, many of which were fixed well before Debian 2.2 was released. I find this unacceptable, especially in the light that Debian has not released any updates for these packages! I wonder if you actually checked all these 'more than a few daemons'. By my knowledge there are no publicly known vulnerabilities in Debian. Some comments on your summary: Debian's goal of a bug free-release hasn't been met. But to be fair, it's not like any software vendor will ever release bug-free software. Debian has done a particularly bad job in my opinion, shipping out-of-date software and especially publicly available network daemons that have root hacks in them. There is no such thing as a bug-free release. Debian has done a pretty good job in keeping their releases (including the latest one) secure. There is no software shipped in the last Debian distribution with the publicly known root hacks you're talking about. If you do go with Debian, you'll have a lot of manual updating ahead of you to bring it up-to-date and secure it. Unfortunately, the argument apt-get, apt-upgrade won't work, since many of these updates are not available as dpkg's yet. Adding security.debian.org in your apt-rules list works just fine. A lot of Debian maintainers fix security bugs in their packages, often before they become publicly known. An out-of-the-box Debian system will only have the security bugs that have become publicly known after its release date, and these can be fixed with the above-mentioned security updates. Debian has also ignored a lot of work other vendors have put into making their distributions more secure. If you don't learn from the mistakes and improvements of others, there is little hope. This is especially frustrat ing in light of Debian's effort to secure various parts of the distribution, using Exim by default instead of Sendmail. Having seen things like that during the install, I had a lot of hope for Debian, but my hopes were dashed to pieces upon closer inspection. Debian is a distribution that _adds_ to the work other vendors do, making their distributions more secure. If you actually would would have taken a closer look (wich you obviously haven't done), you would've seen there's a lot more work being done on the security of Debian than you're mentioning. Your article shows some knowledge of security in linux systems, but also a very badly-informed, no-research, superficial look on Debian security issues. Greets, Robert -- | [EMAIL PROTECTED] - Cistron Internet Services - www.cistron.nl| | php3/c/perl/html/c++/sed/awk/linux/sql/cgi/security | | My statements are mine, and not necessarily cistron's. | Life is a sexually transmitted disease with 100% mortality.
Re: Strange messages...
Quoting Dale Scheetz ([EMAIL PROTECTED]): Since my last upgrade to potato I've been getting a lot of messages like the following: snip messages There doesn't seem to be any real information here. Can anyone tell me what is triggering these messages? They're postgres debug messages. Somehow, the newest postgres packages are emitting debug messages all the time. I've seen them too, but haven't gotten around to checking where they come from yet. Greets, Robert -- | [EMAIL PROTECTED] - Cistron Internet Services - www.cistron.nl| | php3/c/perl/html/c++/sed/awk/linux/sql/cgi/security | | My statements are mine, and not necessarily cistron's. | Dance is the vertical expression of a horizontal intention.