On Tue, Dec 02, 2003 at 10:24:47AM +0100, Stefano Canepa happily wrote:
Io vorrei partecipare all'evento e visto che traduco anche per gnome
rilancer? l'invito nella lista dei traduttori di gnome. Non sono sicuro
Fantastico!
A Genova ? stato distribuito visto che c'era un banchetto Debian.
hola
j'essaye de construire un paquet debian d'une application
dans le repertoire doc, j'ai 2 scripts shell, lorsque je cree l'archi
du paquet, je l'ai retrouve en non executable !
je vois pas pourquoi les permissions changent
une idee ?
merci
--
(concatenate 'string lam (reverse
On Tue, 2 Dec 2003 [EMAIL PROTECTED] wrote:
This package is an empty dummy package that always depends on a package
built for Debian's default Python version.
Why that. It should depend from Debian's Zope version or if explicite
Python dependency is needed for one or the other reason it should
[Gürkan Sengün]
I could not reach [EMAIL PROTECTED] which is mentioned
on the following page:
http://people.debian.org/~apenwarr/popcon/
Are you aware that the popcon project are now on alioth?
URL:https://alioth.debian.org/projects/popcon/
The work stopped up a bit because of the break-in,
On Wed, Dec 03, 2003 at 02:57:11AM +0100, Bernd Eckenfels wrote:
On Wed, Dec 03, 2003 at 10:54:24AM +1000, Andrew Pollock wrote:
The only way to have avoided this kernel vulnerability from day-0 of
discovery/fix release would have been to be constantly upgrading to
pre-release kernels.
On Tue, 02 Dec 2003, Tom wrote:
Yes but the attacker did not steal the DD's computer. He rooted it
remotely.
So the machine is rooted remotely, the DD logs into a debian box even
using our new fangled smart cards, and the attacker still can control
the connection.
In this particular intrusion
On Wed, Dec 03, 2003 at 12:20:59AM -0800, Don Armstrong wrote:
On Tue, 02 Dec 2003, Tom wrote:
Yes but the attacker did not steal the DD's computer. He rooted it
remotely.
So the machine is rooted remotely, the DD logs into a debian box even
using our new fangled smart cards, and the
A levelezm azt hiszi, hogy Matt Zimmerman a kvetkezeket rta:
On Fri, Nov 28, 2003 at 10:08:45AM +0100, Bernd Eckenfels wrote:
In the final announcement I would add also a statement about reducing the
number of trust relations between the machines and perhaps limiting shell
access.
It
[NB: I wanted to take this OT discussion off [EMAIL PROTECTED] and into private
mail, but your e-mail address was munged in some sort of anti-spam
measure, and not trivially un-mungeable. Please consider providing
information on how to demunge it in some X- header, or not using
munging at all.]
On Wed, Dec 03, 2003 at 08:24:09AM +0100, Bernd Eckenfels wrote:
| This is the Proprietary software model, with artificial, government
| imposed (via copyright laws) monopolies, resulting in customer lock-in
| and price maximization.
|
| I dont see a monopol, at least no government imposed.
On Wed, Dec 03, 2003 at 01:03:16AM -0800, Don Armstrong wrote:
[NB: I wanted to take this OT discussion off [EMAIL PROTECTED] and into
private
mail, but your e-mail address was munged in some sort of anti-spam
measure, and not trivially un-mungeable. Please consider providing
information on
On Wed, Dec 03, 2003 at 01:16:39AM -0800, Tom wrote:
If something could have prevented something that actually happened, I
say go for it.
Oh, one last thing: each DD should pay for the device him/her self and
should be required to fly to meet wherever they can pick them up. Why
do you
On Wed, Dec 03, 2003 at 02:00:51PM +1100, Russell Coker wrote:
I agree that smartcards would help a lot. However as has been previously
suggested the cost of 1200+ smart-card readers is probably prohibitive.
What about RSA tokens? This solution does not require any special hardware
to connect
On Wed, 03 Dec 2003, Tom wrote:
each DD should pay for the device him/her self and should be required
to fly to meet wherever they can pick them up. Why do you assume
somebody has to pay for everything? What's wrong with bearing some
of the costs yourself?
Could it possibly be because
On Tue, 2 Dec 2003, John Goerzen wrote:
First of all. This is obviously not a Debian projects
I see it clearly as Debian project and can't find the rationale why
you sais that it is _obviousely_ not.
(since it is not operating within the Debian framework.)
Why.
If I see this right Zenaan is
On Wed, 3 Dec 2003, Fabian Fagerholm wrote:
In my view (as I said), it would be logical to name a further
subdivision of that product flavor.
I like this interpretation of the term flavor and it would be easily applicable
for Debian-Med to flavors like:
- Medical practice
-
On Tue, 2 Dec 2003, Fabian Fagerholm wrote:
Actually, I'd like to see the term Custom Debian Distribution be set
aside because a custom something is created each time someone modifies
an original. Debian Enterprise certainly is an original. By the time a
capable sysadmin has installed it, it
On Tue, Dec 02, 2003 at 02:02:19PM -0600, Steve Langasek wrote:
On Tue, Dec 02, 2003 at 06:05:44PM +0100, Andreas Metzler wrote:
Joey Hess [EMAIL PROTECTED] wrote:
Goswin von Brederlow wrote:
dpkg that it is downgrading the package, and a clever attacker might
avoid even that.
On Tue, Dec 02, 2003 at 10:16:32PM +0100, Matthias Urlichs wrote:
Hi, Henrique de Moraes Holschuh wrote:
On Tue, 02 Dec 2003, Wouter Verhelst wrote:
So unless you have a suggestion that would solve this particular issue,
I'm afraid this idea won't work in practice.
We could verify if
On Wed, 3 Dec 2003 20:34, Artur R. Czechowski [EMAIL PROTECTED] wrote:
On Wed, Dec 03, 2003 at 02:00:51PM +1100, Russell Coker wrote:
I agree that smartcards would help a lot. However as has been previously
suggested the cost of 1200+ smart-card readers is probably prohibitive.
What about
On Wed, Dec 03, 2003 at 06:50:09AM +0100, Goswin von Brederlow wrote:
Bernd Eckenfels [EMAIL PROTECTED] writes:
How often has this person glance over the results? As I understand debian
build daemons run unattended and build continously. Correct me when I am
wrong here.
But if I asume
On Wed, Dec 03, 2003 at 09:49:21PM +1100, Russell Coker wrote:
On Wed, 3 Dec 2003 20:34, Artur R. Czechowski [EMAIL PROTECTED] wrote:
On Wed, Dec 03, 2003 at 02:00:51PM +1100, Russell Coker wrote:
I agree that smartcards would help a lot. However as has been previously
suggested the cost
On Tue, Dec 02, 2003 at 05:19:22PM -0800, Tom wrote:
On Wed, Dec 03, 2003 at 10:54:24AM +1000, Andrew Pollock wrote:
On Wed, Dec 03, 2003 at 11:17:19AM +1100, Russell Coker wrote:
The only way to have avoided this kernel vulnerability from day-0 of
discovery/fix release would have been
On Wed, Dec 03, 2003 at 12:06:33PM +0100, Artur R. Czechowski wrote:
What is a RSA token?
Device used in some internet banks. You have a device, which has only
chipset, digital pad with on/off switch and display, all embedded in small
case. Authentication is made using C/R algorithm: you
On Wed, 2003-12-03 at 12:17, Andreas Tille wrote:
On Tue, 2 Dec 2003, Fabian Fagerholm wrote:
The term suggests that the distribution is not-Debian, which is
unneccessary and confusing.
As non native speaker and also in general I try to avoid joining stupid
naming discussions. But here is
On Wed, Dec 03, 2003 at 12:10:28PM +0100, Wouter Verhelst wrote:
Are you going to pay for all those smartcards plus their readers?
Including any smartcards for possible future DD's?
If not, I suggest we forget about this, as it won't be feasible.
I don't think the USB models cost that much
Hi,
[ I'm Cc-ing Werner Koch on this ]
Wouter Verhelst:
On Tue, Dec 02, 2003 at 10:16:32PM +0100, Matthias Urlichs wrote:
Hi, Henrique de Moraes Holschuh wrote:
On Tue, 02 Dec 2003, Wouter Verhelst wrote:
So unless you have a suggestion that would solve this particular issue,
I'm
On Wed, Dec 03, 2003 at 12:06:33PM +0100, Artur R. Czechowski wrote:
What is a RSA token?
Device used in some internet banks. You have a device, which has only
chipset, digital pad with on/off switch and display, all embedded in small
case. Authentication is made using C/R algorithm: you
On Wed, Dec 03, 2003 at 12:08:10PM +0100, Matthias Urlichs wrote:
Wouter Verhelst:
Especially in the case of larger .debs, that would probably reduce the
actual signature size as well...
?? A hash is a hash, and should be independent of file size.
Obviously, sorry. I don't know how I got
On Sun, Nov 23, 2003 at 06:19:39PM +0100, Tobias Grimm wrote:
Hi!
I'm working on a nvram-wakeup package for a Debian based VDR
distribution (c't vdr). nvram-wakeup needs a special kernel-image, that
forces a shutdown on the next reboot. Normally this image is installed
to /boot and a
* Chad Walstrom [EMAIL PROTECTED] [031202 18:14]:
I'm not following your logic, if that's what you call it. You're saying
that checking the current filesystem on a daily basis is NOT a good way
to verify filesystem integrity?
I say it won't give you an real advantage over checking the
Package: wnpp
Severity: wishlist
* Package name: audiolink
Version : 0.04
Upstream Author : Amit Shah [EMAIL PROTECTED]
* URL : http://audiolink.sourceforge.net/
* License : GPLv2
Description : makes managing and searching for music easier
AudioLink is
On Wed, 3 Dec 2003 22:27:39 +1100, Hamish Moffatt [EMAIL PROTECTED]
wrote:
The RSA SecurID tokens are a bit smarter than that; the output for a
given input changes every minute. My employer uses them for remote
access to their intranet; you have a fixed pin number which you enter
into the card to
Package: wnpp
Severity: wishlist
* Package name: sks
Version : 1.0.5
Upstream Author : Yaron M. Minsky [EMAIL PROTECTED]
* URL : http://www.nongnu.org/sks/
* License : GPL (parts are LGPL, BSD)
Description : Synchronizing OpenPGP Key Server
SKS is an
Hi,
Werner Koch:
There are some minor problems because we don't just sign a hash but
need to add some more data. Creating an incomplete hash on the remote
machine is not the cleanest solution, so I have to come up with a
better way.
You're the GPG expert...
I'm also a bit concerned about
On Wed, 3 Dec 2003, Fabian Fagerholm wrote:
It might be hard, impossible and undesirable to reverse the decision to
use the term.
Exactly.
I think the term can be correctly understood if you
present it as I have in some recent postings to this list:
Debian is the super-project.
On Wed, 3 Dec 2003 23:06, Marc Haber [EMAIL PROTECTED] wrote:
I have no idea what they cost. Also the newest ones are not exactly fit
for carrying around in your wallet. They last 3 years on internal
batteries.
I seriously doubt that the server-side software is DFSG-free. The only
Linux
On Wed, Dec 03, 2003 at 01:06:08PM +0100, Marc Haber wrote:
On Wed, 3 Dec 2003 22:27:39 +1100, Hamish Moffatt [EMAIL PROTECTED]
wrote:
The RSA SecurID tokens are a bit smarter than that; the output for a
given input changes every minute. My employer uses them for remote
access to their
On Wed, Dec 03, 2003 at 01:16:39AM -0800, Tom wrote:
On Wed, Dec 03, 2003 at 01:03:16AM -0800, Don Armstrong wrote:
[NB: I wanted to take this OT discussion off [EMAIL PROTECTED] and into
private
mail, but your e-mail address was munged in some sort of anti-spam
measure, and not
Wouter Verhelst [EMAIL PROTECTED] writes:
On Tue, Dec 02, 2003 at 10:16:32PM +0100, Matthias Urlichs wrote:
Hi, Henrique de Moraes Holschuh wrote:
On Tue, 02 Dec 2003, Wouter Verhelst wrote:
So unless you have a suggestion that would solve this particular issue,
I'm afraid this
On Thu, Dec 04, 2003 at 12:20:57AM +1100, Hamish Moffatt wrote:
How about including your full name somewhere in your posts too then?
I find it a bit off-putting to discuss security with someone who's
obscuring their identity.
Ha Ha Ha what a joke. I don't want to be googled for all
Matthias Urlichs [EMAIL PROTECTED] writes:
Hi,
Werner Koch:
There are some minor problems because we don't just sign a hash but
need to add some more data. Creating an incomplete hash on the remote
machine is not the cleanest solution, so I have to come up with a
better way.
Javier =?iso-8859-15?Q?Fern=E1ndez-Sanguino_Pe=F1a?= [EMAIL PROTECTED] writes:
On Sun, Nov 23, 2003 at 06:19:39PM +0100, Tobias Grimm wrote:
Hi!
I'm working on a nvram-wakeup package for a Debian based VDR
distribution (c't vdr). nvram-wakeup needs a special kernel-image, that
On Thu, 4 Dec 2003 00:19:36 +1100, Hamish Moffatt [EMAIL PROTECTED]
wrote:
On Wed, Dec 03, 2003 at 01:06:08PM +0100, Marc Haber wrote:
I seriously doubt that the server-side software is DFSG-free. The only
Linux Agent that is available from rsa.com is for RedHat 7.3, and I
would be astonished
Hi,
Werner Koch:
On Wed, 3 Dec 2003 13:26:02 +0100, Matthias Urlichs said:
the local side is supposed to sign should probably be encrypted with the
signer's public key, otherwise I can just replace the data packet with
something that ends up signing a totally different file. :-/
And if
On Wed, Dec 03, 2003 at 01:24:24PM +0200, Fabian Fagerholm wrote:
If some of the people who participated in the Debcamp Custom
Distribution BOF (see
http://www.debian.org/devel/debian-nonprofit/News/2003/20030717) are
listening, perhaps you could elaborate? (Cc'ing Mako Hill since he
was
On Wed, Dec 03, 2003 at 01:24:50AM -0800, Tom wrote:
On Wed, Dec 03, 2003 at 01:16:39AM -0800, Tom wrote:
If something could have prevented something that actually happened, I
say go for it.
Oh, one last thing: each DD should pay for the device him/her self and
should be required to
On Wed, Dec 03, 2003 at 08:45:49AM -0600, Steve Langasek wrote:
Share the crack.
In my experience kids in college and right out tend to freak out over
the thought of having to spend a few dollars of disposable income,
because they don't have any :-)
Hey, laugh if you want, most
Steve Greenland [EMAIL PROTECTED] wrote:
[...]
I think the idea of a namespace for usernames used by packages is a good
idea, but rather than debian-, we should take this to the LSB folk, so
that we can get it done once.
The problem with this is time. I need to add a system-user (for exim4)
On Wed, Dec 03, 2003 at 05:42:20AM -0800, Tom wrote:
Let me tell you a story about a job I had one time: I worked for a guy
(in his basement -- don't ask) who bought your personal credit card data
and other publicly available information. He would pay about $10,000 or
$15,000 for lists of
On December 1, 2003 07:05 pm, Enrico Zini wrote:
On Mon, Dec 01, 2003 at 02:33:57PM -0600, Chad Walstrom wrote:
- GNU ERP software project ?name?
GNU Enterprise (gnue) http://www.gnue.org/
I've just learnt of Cubit from South Africa: http://www.cubit.co.za/
Is it free software? They
I think the reason for that is because on old BF days disk space was expensive
(so
lost 32MB for a journal file ou more than that would be a considerable lost).
Joey Hess [EMAIL PROTECTED] escreveu em Sun, 30 Nov 2003 21:43:54 -0500:
Package: partconf
Severity: normal
Most users will want
On Wed, Dec 03, 2003 at 09:06:07AM -0600, Graham Wilson wrote:
So you've aided telemarketers and worked for Microsoft? Is your last
name Darkness, middle name Prince of?
Satan fell because he wanted to know. So do I.
I'm a contrarian. I believe the opposite of whatever I'm confronted
with
Hi,
as co-maintainer for the exim4-packages, I have noticed an issue with
dselect. Currently, exim4 is the default MTA, and exim4, exim4-base,
exim4-config and exim4-daemon-light are Priority: important, while
exim4-daemon-light provides mail-transport-agent. The exact package
dependencies can be
On Wed, Dec 03, 2003 at 04:41:00PM +0100, Marc Haber wrote:
as co-maintainer for the exim4-packages, I have noticed an issue with
dselect. Currently, exim4 is the default MTA, and exim4, exim4-base,
exim4-config and exim4-daemon-light are Priority: important, while
exim4-daemon-light provides
file=main/libp/libpng/libpng2_1.0.12-3.woody.3_i386.deb
wget -q -O 1.deb http://ftp.debian.org/debian/pool/$file
wget -q -O 2.deb http://security.debian.org/pool/updates/$file
diff 1.deb 2.deb
Binary files 1.deb and 2.deb differ
How could this happen? Should I worry about it?
On Thu, Dec 04, 2003 at 02:15:30AM +1000, Anthony Towns wrote:
On Wed, Dec 03, 2003 at 04:41:00PM +0100, Marc Haber wrote:
as co-maintainer for the exim4-packages, I have noticed an issue with
dselect. Currently, exim4 is the default MTA, and exim4, exim4-base,
exim4-config and
On Wed, 2003-12-03 at 18:36, bruce wrote:
hi...
I was talking with Ian Murdock yesterday, and he suggested I pose the
question to this group.
We're interested in creating a development environment that would allow open
source applications to be created. The development environment would
On Wed, 03 Dec 2003 15:01:09 +1100, Zenaan Harkness wrote:
(Really should read ahead further ... here are more, and all laid out
together)
* DFSG Free Software only (I know this one will get debated, but this is
the whole point of Debian Enterprise - if you want proprietary software,
go
On Wed, Dec 03, 2003 at 01:54:22PM +1100, Matthew Palmer wrote:
Nov 28 22:39 Linux 2.4.23 released
^
Bernd is correct, though - if the machines had been running 2.4.23, they
wouldn't have been vulnerable. The fact that it was impossible to do so
* Russell Coker ([EMAIL PROTECTED]) [031203 04:03]:
I have sent a message to Werner asking if the GPG smart-card device could be
re-implemented with a USB interface. I think that a USB dongle with GPG
technology would be a good option as most developer's machines already have
USB support.
On Mon, 1 Dec 2003 19:22:44 -0200, Henrique de Moraes Holschuh [EMAIL
PROTECTED] said:
On Mon, 01 Dec 2003, Thomas Viehmann wrote:
Henrique de Moraes Holschuh wrote:
On Mon, 01 Dec 2003, christophe barbe wrote:
Before mass bug-filling, it would be necessary to make it
mandatory which
On Wed, 2003-12-03 at 05:49, John Goerzen wrote:
* Office Suite - OpenOffice (there's no other near as feature complete)
And OpenOffice is the only one that runs on only two -- yes, two --
architectures that Debian supports.
You missed two. OOo is available on i386, powerpc, sparc and
I demand that Tom may or may not have written...
On Wed, Dec 03, 2003 at 08:45:49AM -0600, Steve Langasek wrote:
Share the crack.
In my experience kids in college and right out tend to freak out over the
thought of having to spend a few dollars of disposable income, because they
don't have
Zenaan Harkness said on Wed, Dec 03, 2003 at 02:58:18PM +1100:
Flavours (and sub-flavours/ tasks/ yadda) is as good a place to start as
any. So here are some proposed flavours:
- Enterprise (base packages and more neutral config)
- Enterprise Desktop - with sub-flavours of:
-
On Wed, 3 Dec 2003, Andreas Tille wrote:
On Wed, 3 Dec 2003, Fabian Fagerholm wrote:
In my view (as I said), it would be logical to name a further
subdivision of that product flavor.
I like this interpretation of the term flavor and it would be easily
applicable for Debian-Med to flavors
On Mon, 1 Dec 2003 18:08:28 +0100, Eduard Bloch [EMAIL PROTECTED] said:
AFAICS the only way to verify the contents of maintainer scripts
automaticaly is to have the binary package, verify its contents via
.changes or Release/Packages path, extract it and compare the
files. Too complicated.
On Wed, Dec 03, 2003 at 04:36:18PM +1100, Zenaan Harkness wrote:
How many financials implementations are ultimately needed - really only
one, perhaps customized for vertical markets.
A healthy market requires competition. And different companies have very
different needs. The IT Infrastructure
On Wed, 2003-12-03 at 01:32, Zenaan Harkness wrote:
Debian is the super-project.
Debian Enterprise is a Debian Subproject that creates
a Custom Debian Distribution,
Subproject and custom debian distribution, here, are the same thing. No
point officially having two terms.
Bernd Eckenfels [EMAIL PROTECTED] writes:
On Wed, Dec 03, 2003 at 03:17:20AM +0100, Goswin von Brederlow wrote:
What the admins signature can gives us is a trusted timestamp and
another pair of eyes reading the changes files.
Well, a trusted timestamp can be added/required by a third
On Wed, 03 Dec 2003 14:45:51 +1100, Zenaan Harkness wrote:
As per the recommendations from Bruce Perens' User Linux paper
http://userlinux.com/white_paper.html, this thread is to discuss the
applications within the bounded set of Debian Enterprise/ User Linux.
I think discussing the favorite
Is there anywhere i can download debian-installer beta images (im getting a
new laptop tommorow), prefereably with support for reiserfs filesystems?
Gluck still isnt working and i cant seem to find mirrors anywhere.
Thanks
Tom
--
^__^| Tom Badran
(oo)\__ | Imperial
Hamish Moffatt [EMAIL PROTECTED] writes:
On Tue, Dec 02, 2003 at 02:10:56PM +, Jonathan Dowland wrote:
On Mon, Dec 01, 2003 at 07:06:41PM -0500, Joey Hess wrote:
Similarly, to check the build depends of a source package file:
apt-get build-dep
On Wednesday 03 December 2003 19:33, Joshua Kwan wrote:
On Wed, Dec 03, 2003 at 09:22:14AM +0100, Werner Wobrowsky wrote:
Debian Installer sarge-i386-bussinescard.iso, httP://freedesktop.or/
Cool, but...
FreeBSD 5.1-RELEASE-p11 #0: Thu Nov 27 15:07:08 CET 2003
[EMAIL
AKL. Mantas Kriauciunas [EMAIL PROTECTED] writes:
Hi,
Debian has a usability problem - it's hard to start lots of programs,
installed from debian packages, because simple users just can't find
them in menu.
Standart debian menu entry isn't good solution for user-friendly
desktops, like
On Wednesday 03 December 2003 18:12, Andreas Metzler wrote:
http://freedesktop.org/~daniel/d-i/
cu andreas
You star ;)
Thanks
Tom
--
^__^| Tom Badran
(oo)\__ | Imperial College
(__)\ )\/\| Department of Computing
||w || ---
On Wed, 3 Dec 2003 12:08:10 +0100, Matthias Urlichs said:
signature algorithm would allow for hashing the data on the remote
machine, and signing that hash locally.
... that would work. It'd probably require a few hooks within GPG
to generate a hash packet / .
Since I moved my actual
On Wed, Dec 03, 2003 at 05:44:36PM +0100, Santiago Vila wrote:
file=main/libp/libpng/libpng2_1.0.12-3.woody.3_i386.deb
wget -q -O 1.deb http://ftp.debian.org/debian/pool/$file
wget -q -O 2.deb http://security.debian.org/pool/updates/$file
diff 1.deb 2.deb
Binary files 1.deb and 2.deb differ
On Wed, Dec 03, 2003 at 06:43:18AM +0100, Goswin von Brederlow wrote:
Matt Zimmerman [EMAIL PROTECTED] writes:
On Wed, Dec 03, 2003 at 03:07:17AM +0100, Goswin von Brederlow wrote:
But this kind of tampering _can_ be checked by apt before installing
the deb simply by adding a
On Wed, 2003-12-03 at 20:15, Herbert Xu wrote:
AKL. Mantas Kriauciunas [EMAIL PROTECTED] wrote:
Solution is to add freedesktop.org standartized menu entry for programs,
which could be started from menu (for example there is no meaning to
start apt-get tool from menu). Then users of
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 2003-12-03 12:24, Fabian Fagerholm wrote:
On Wed, 2003-12-03 at 12:17, Andreas Tille wrote:
On Tue, 2 Dec 2003, Fabian Fagerholm wrote:
The term suggests that the distribution is not-Debian, which is
unneccessary and confusing.
As non
AKL. Mantas Kriauciunas wrote:
Herbert Xu: Please discuss this on debian-devel before filing further
bugs.
IMHO, there's no need to discuss this to death -- .desktop files make
sense, therefore packages should supply them. There's no sane way to ask
maintainers to do so except to file bugs,
Anthony Towns aj@azure.humbug.org.au writes:
On Tue, Dec 02, 2003 at 02:02:19PM -0600, Steve Langasek wrote:
You change the contents of the compromised Packages file, so that
Package: bash
is accompanied by
Filename: pool/main/b/bash/vulnerable-ident-server_1.0-1_i386.deb
which
On Thu, 4 Dec 2003 04:21:55 +1000, Anthony Towns
aj@azure.humbug.org.au wrote:
I'm going to ignore the -config package, since it's not really part of
the problem.
Is it?
Okay, so you want to say:
* any exim4-daemon package should only be installed when exim4-base
is already
On Mon, 1 Dec 2003 17:12:36 -0500, christophe barbe [EMAIL PROTECTED] said:
I don't see why adding a md5dsum_are_mandatory clause to the debian
policy would be difficult (what would be a good reason to not add
md5sum to a package?).
Because it buys little security wise? Because there
On Thu, 2003-12-04 at 01:51, Andreas Metzler wrote:
Steve Greenland [EMAIL PROTECTED] wrote:
[...]
I think the idea of a namespace for usernames used by packages is a good
idea, but rather than debian-, we should take this to the LSB folk, so
that we can get it done once.
The problem
Le Wed, Dec 03, 2003 at 08:58:19AM +0100, Andreas Tille a écrit :
On Tue, 2 Dec 2003 [EMAIL PROTECTED] wrote:
This package is an empty dummy package that always depends on a package
built for Debian's default Python version.
Why that. It should depend from Debian's Zope version or if
On Wed, 3 Dec 2003 06:54:29 -0800, Tom Ballard [EMAIL PROTECTED] said:
On Wed, Dec 03, 2003 at 08:45:49AM -0600, Steve Langasek wrote:
Share the crack.
In my experience kids in college and right out tend to freak out
over the thought of having to spend a few dollars of disposable
income,
On Wed, Dec 03, 2003 at 09:26:15AM -0600, Manoj Srivastava wrote:
Guess what the median age of a Debian developer is.
Don't know, don't care.
Volunteer organization have dues?
Yes, I don't know what planet you're from, but on this planet the
Rotarians, Kiwanas, Civitans, Knights
On Wed, Dec 03, 2003 at 09:28:30AM -0600, Manoj Srivastava wrote:
Sender: Tom Ballard [EMAIL PROTECTED]
Yeah, somebody else pointed that out. It's bullshit that mutt was doing
that to me. My /etc/email-addresses:
# This is /etc/email-addresses. It is part of the exim package
#
# This file
On Tue, Dec 02, 2003 at 05:34:05PM -0800, Don Armstrong wrote:
On Tue, 02 Dec 2003, Tom wrote:
I think the DD's should seriously think about requiring smartcards.
It would have prevented the proxmiate cause of our recent troubles.
Smartcards are not a magical panacea either. The problems
On Wed, Dec 03, 2003 at 05:49:20PM +0100, Andreas Metzler wrote:
exim4 is a metapackage that depends on the other three and is not hit by
the problem. The rest is a straighforward chain.
daemon -base -config.
other possible dependencies would be:
daemon -config -base
On Wed, Dec 03, 2003 at 09:24:07AM -0600, Manoj Srivastava wrote:
Heh. Your grasp of the practicality of the situation is
slipping. Not only do these guys donate a fairly expensive chunk of
billable hours and expertise, they must pay to be able to volunteer?
Sure, if you care about
On Tue, 2 Dec 2003 23:46:45 +, Geoff Richards [EMAIL PROTECTED] said:
On Tue, Dec 02, 2003 at 01:28:28PM -0800, Tom wrote:
I read all the words but took a completely different meaning :-)
I'm from the South, we have different speech patterns...
South of where?
The Mason-Dixon
On Wed, 3 Dec 2003, cobaco wrote:
hm, I've added a definition to the wiki:
A Custom Debian Distribution (CDD) is a version of Debian that is tailored
I do not like the term version. I'd prefer a subset of Debian. You
get a CDD together with main but you get a helping hand to cope with the
On Sun, 2003-11-30 at 07:47, Bernhard R. Link wrote:
Could anyone familar with cups explain why this is no RC-bug?
From when I've seen it do it, for the same reason SWAT and webmin aren't
RC bugs: They do it because the administrator said to change the config.
signature.asc
Description: This
Matt Zimmerman [EMAIL PROTECTED] writes:
On Wed, Dec 03, 2003 at 03:07:17AM +0100, Goswin von Brederlow wrote:
But this kind of tampering _can_ be checked by apt before installing
the deb simply by adding a signature verifyer into the
DPkg::Pre-Install-Pkgs config option, the same
On Wed, Dec 03, 2003 at 05:44:36PM +0100, Santiago Vila wrote:
wget -q -O 1.deb http://ftp.debian.org/debian/pool/$file
wget -q -O 2.deb http://security.debian.org/pool/updates/$file
diff 1.deb 2.deb
Binary files 1.deb and 2.deb differ
How could this happen? Should I worry about it?
$
On Wed, Dec 03, 2003 at 09:22:14AM +0100, Werner Wobrowsky wrote:
Debian Installer sarge-i386-bussinescard.iso, httP://freedesktop.or/
Cool, but...
FreeBSD 5.1-RELEASE-p11 #0: Thu Nov 27 15:07:08 CET 2003
[EMAIL PROTECTED]:/usr/src/sys/i386/compile/NEW
I didn't know the sarge ISOs
Package: wnpp
Severity: wishlist
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
* Package name: distcmd
Version : 0.9
Upstream Author : Anthony DeRobertis [EMAIL PROTECTED]
* URL : http://ntp.derobert.net/DistCmd/
* License : GPL
Description : Distribute
1 - 100 of 175 matches
Mail list logo