Re: [SECURITY] [DSA 3027-1] libav security update

On Thu, 18 Sep 2014, Paul Wise wrote: On Thu, Sep 18, 2014 at 7:30 AM, Bruce Eason wrote: YIKES!! can i help? The Debian security team can always use some help finding, fixing and tracking security issues. Please read the following pages and join our IRC channel if you would like to

security issues in backports (Re: [SECURITY] [DSA 3027-1] libav security update

Hi, On Donnerstag, 18. September 2014, Henrique de Moraes Holschuh wrote: There is one thing that would be of great value: We need someone to go over the debian-backports packages for pending security updates, and notify the maintainers of the backports or the backports ML. I'm working on

Re: security issues in backports (Re: [SECURITY] [DSA 3027-1] libav security update

Hi, On Donnerstag, 18. September 2014, Holger Levsen wrote: I'm working on getting https://security-tracker.debian.org/tracker/status/release/stable-backport s meaningful for this task. Give me some more days... ;-) for those not familar with the current security-tracker development: for the

Re: concrete steps for improving apt downloading security and privacy

Holger Levsen wrote: Hi Hans, On Mittwoch, 16. Juli 2014, Hans-Christoph Steiner wrote: What I'm talking about already exists in Debian, but is rarely used. dpkg-sig creates a signature that is embedded in the .deb file. So that means no matter how the .deb file got onto a system, that

RE: [SECURITY] [DSA 3025-2] apt regression update

UNSUBSCRIBE! - From: car...@debian.org To: debian-security-annou...@lists.debian.org Date: Thu, 18 Sep 2014 20:30:42 + Subject: [SECURITY] [DSA 3025-2] apt regression update -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 -

Re: concrete steps for improving apt downloading security and privacy

On Fri, Sep 19, 2014 at 9:30 AM, Hans-Christoph Steiner wrote: Finally did this: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762153 Please note that you proposal to add signatures to .deb files will break reproducible builds because the hash of the .deb will differ depending on who signed

Re: [Reproducible-builds] concrete steps for improving apt downloading security and privacy

On 09/19/2014 12:34 AM, Paul Wise wrote: On Fri, Sep 19, 2014 at 9:30 AM, Hans-Christoph Steiner wrote: Finally did this: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762153 Please note that you proposal to add signatures to .deb files will break reproducible builds because the hash

Bug#479727: marked as done (security-tracker: Show unimportant issues in some way on package overview)

Your message dated Thu, 18 Sep 2014 07:53:49 +0200 with message-id 20140918055349.ga7...@lorien.valinor.li and subject line Re: Bug#479727: security-tracker: Show unimportant issues in some way on package overview has caused the Debian Bug report #479727, regarding security-tracker: Show