Hi,
On 04/11/2014 12:55 AM, walt wrote:
> Steve Gibson explained that the heartbeat feature was introduced in openssl to
> allow *UDP* connections to mimic the 'keepalive' function of the TCP protocol.
>
> IIRC Steve didn't explain how UDP bugs can compromise TCP connections.
>
> Anyone here reall
On 4/10/2014 6:59 PM, Alan McKinnon wrote:
Steve Gibson explained that the heartbeat feature was introduced in openssl to
allow *UDP* connections to mimic the 'keepalive' function of the TCP protocol.
IIRC Steve didn't explain how UDP bugs can compromise TCP connections.
Anyone here really unde
On Thu, Apr 10, 2014 at 03:55:47PM -0700, walt wrote:
> On 04/09/2014 05:06 PM, Joseph wrote:
> > Is gentoo effected by this new 'Heartbleed' bug?
> >
> > "The Heartbleed Bug is a serious vulnerability in the popular OpenSSL
> > cryptographic software library"
> >
> > http://heartbleed.com/
On 11/04/2014 00:55, walt wrote:
> On 04/09/2014 05:06 PM, Joseph wrote:
>> Is gentoo effected by this new 'Heartbleed' bug?
>>
>> "The Heartbleed Bug is a serious vulnerability in the popular OpenSSL
>> cryptographic software library"
>>
>> http://heartbleed.com/
>
> This topic was discussed
On 04/09/2014 05:06 PM, Joseph wrote:
> Is gentoo effected by this new 'Heartbleed' bug?
>
> "The Heartbleed Bug is a serious vulnerability in the popular OpenSSL
> cryptographic software library"
>
> http://heartbleed.com/
This topic was discussed in my favorite podcast, http://twit.tv/sn
I would say postfix for sure.
On 10 April 2014 16:52, Alan McKinnon wrote:
> On 10/04/2014 17:41, Volker Armin Hemmann wrote:
> > Am 10.04.2014 17:32, schrieb Grant Edwards:
> >> I use msmtp for outgoing mail, and plan to continue to do so.
> >>
> >> However, I need to temporarily set up an SMT
On 10/04/2014 17:41, Volker Armin Hemmann wrote:
> Am 10.04.2014 17:32, schrieb Grant Edwards:
>> I use msmtp for outgoing mail, and plan to continue to do so.
>>
>> However, I need to temporarily set up an SMTP server to accept
>> incoming mail from "the Internet" for local users. It is not going
On Thu, Apr 10, 2014 at 08:09:48PM +, Grant Edwards wrote:
> qmail hasn't been touched since 2007, so it seems to be abandoned.
That's somewhat of an exaggeration. qmail has been public domain since
2007, and its core hadn't been touched for about a decade before that.
Due to the way the pro
Grant Edwards:
> On 2014-04-10, Peter Humphrey wrote:
>> On Thursday 10 Apr 2014 17:41:05 Volker Armin Hemmann wrote:
>>
>>> well, IMHO postfix is pretty easy to setup up. While sendmail is a
>>> complete nightmare.
>>
>> I've just about got it set up here, so it can't be too hard.
>>
>>> Exim&qma
On 2014-04-10, Peter Humphrey wrote:
> On Thursday 10 Apr 2014 17:41:05 Volker Armin Hemmann wrote:
>
>> well, IMHO postfix is pretty easy to setup up. While sendmail is a
>> complete nightmare.
>
> I've just about got it set up here, so it can't be too hard.
>
>> Exim&qmail - never touched those.
On Thursday 10 Apr 2014 17:41:05 Volker Armin Hemmann wrote:
> well, IMHO postfix is pretty easy to setup up. While sendmail is a
> complete nightmare.
I've just about got it set up here, so it can't be too hard.
> Exim&qmail - never touched those.
Are they even still maintained?
--
Regards
P
Am 10.04.2014 17:32, schrieb Grant Edwards:
> I use msmtp for outgoing mail, and plan to continue to do so.
>
> However, I need to temporarily set up an SMTP server to accept
> incoming mail from "the Internet" for local users. It is not going to
> handle sending of email, and I need it _not_ to i
I use msmtp for outgoing mail, and plan to continue to do so.
However, I need to temporarily set up an SMTP server to accept
incoming mail from "the Internet" for local users. It is not going to
handle sending of email, and I need it _not_ to install something as
/usr/bin/sendmail (that's already
On 10/04/2014 15:26, Tanstaafl wrote:
> On 4/10/2014 7:21 AM, Alan McKinnon wrote:
>> Everything else in that list is routine except maybe pciutils and gpm.
>> Add them to world manually if you use those apps
>
> Thanks Alan/Tom...
>
> Hmmm... what is pciutils used for? From a little googling, i
On Thu, Apr 10, 2014 at 9:26 AM, Tanstaafl wrote:
> Hmmm... what is pciutils used for? From a little googling, it seems like it
> is a tool that I would manually have to use, not something required by the
> system itself for anything that happens automatically (ie, at boot time)?
>
It provides th
On 4/10/2014 7:21 AM, Alan McKinnon wrote:
Everything else in that list is routine except maybe pciutils and gpm.
Add them to world manually if you use those apps
Thanks Alan/Tom...
Hmmm... what is pciutils used for? From a little googling, it seems like
it is a tool that I would manually ha
On Thu, 10 Apr 2014 16:51:39 +0530
Nilesh Govindrajan wrote:
> seems alright except virtual/init
That is a virtual that is no longer used, it is thus safe to remove.
--
With kind regards,
Tom Wijsman (TomWij)
Gentoo Developer
E-mail address : tom...@gentoo.org
GPG Public Key : 6D34E57D
GPG
On 10/04/2014 13:16, Tanstaafl wrote:
> Hi all,
>
> I rarely do this (I know, I should do it periodically at least), so I'd
> like someone to check these...
>
These are the packages that would be unmerged:
>
> dev-python/python-exec
> selected: 1.1 1.2
>protected: none
>
On Apr 10, 2014 4:48 PM, "Tanstaafl" wrote:
>
> Hi all,
>
> I rarely do this (I know, I should do it periodically at least), so I'd
like someone to check these...
>
> >>> These are the packages that would be unmerged:
>
> dev-python/python-exec
> selected: 1.1 1.2
>protected: none
Hi all,
I rarely do this (I know, I should do it periodically at least), so I'd
like someone to check these...
>>> These are the packages that would be unmerged:
dev-python/python-exec
selected: 1.1 1.2
protected: none
omitted: none
perl-core/ExtUtils-Command
select
On Thu, 10 Apr 2014 10:52:21 +, Matthew Finkel wrote:
> Right. heartbleed does not directly affect openssh, but openssh uses
> openssl and it's good practice to keep the shared libraries on-disk and
> the shared libraries in-memory in sync.
The easiest way to do that is with app-admin/checkre
Exactly, OpenSSH depends on OpenSSL, but should never use the buggy code.
Some details in the answer here:
http://superuser.com/questions/739349/does-heartbleed-affect-ssh-keys
On 04/10/2014 07:00 PM, Randolph Maaßen wrote:
> The Heartbleed bug is in the Heartbeat function of TSL (a second keep
The Heartbleed bug is in the Heartbeat function of TSL (a second keep
alive). OpenSSL does not use TLS for transport security, it uses its
own Protokoll for security.
2014-04-10 12:51 GMT+02:00 Nilesh Govindrajan :
> On Thu, Apr 10, 2014 at 4:22 PM, Matthew Finkel
> wrote:
>> On Thu, Apr 10, 2014
On Thu, Apr 10, 2014 at 4:22 PM, Matthew Finkel
wrote:
> On Thu, Apr 10, 2014 at 05:53:44PM +0800, J?n Zahornadsk? wrote:
>> On 04/10/2014 05:03 PM, Adam Carter wrote:
>> >
>> > What surprises me here is OpenSSH. It's not supposed to use OpenSSL
>> > but Debian update process suggests to r
On Thu, Apr 10, 2014 at 05:53:44PM +0800, J?n Zahornadsk? wrote:
> On 04/10/2014 05:03 PM, Adam Carter wrote:
> >
> > What surprises me here is OpenSSH. It's not supposed to use OpenSSL
> > but Debian update process suggests to restart it after updating
> > OpenSSL to a fixed version.
Am Wed, 9 Apr 2014 18:06:35 -0600
schrieb Joseph :
> Is gentoo effected by this new 'Heartbleed' bug?
>
> "The Heartbleed Bug is a serious vulnerability in the popular OpenSSL
> cryptographic software library"
>
> http://heartbleed.com/
Just FYI: security issues such as this get announced
On 04/10/2014 05:03 PM, Adam Carter wrote:
>
> What surprises me here is OpenSSH. It's not supposed to use OpenSSL
> but Debian update process suggests to restart it after updating
> OpenSSL to a fixed version. Is it an overkill on their part? It
> might confuse admins.
>
>
> ada
On Wednesday 09 Apr 2014 09:49:40 I wrote:
> On Tuesday 08 Apr 2014 18:25:34 Tom Wijsman wrote:
> > On Tue, 08 Apr 2014 15:25:31 +0100
> >
> > Peter Humphrey wrote:
> > > I just wanted to save some time and confusion for anyone wanting to
> > > dip a toe into the muddy snort waters.
> >
> > You
> What surprises me here is OpenSSH. It's not supposed to use OpenSSL but
> Debian update process suggests to restart it after updating OpenSSL to a
> fixed version. Is it an overkill on their part? It might confuse admins.
>
>
> adam@proxy ~ $ ldd /usr/sbin/sshd
linux-vdso.so.1 (0x7fffb068
29 matches
Mail list logo
