Le Fri, Oct 12, 2012 at 11:47:30AM +0300, Riku Voipio a écrit :
>
> While people want LTS, they still want latest version of various apps
> they use (browser, new gcc and python for some inhouse development, etc),
> as well as support for all the new hardware they buy. Solving these two
> goals at
On Fri, Oct 12, 2012 at 4:45 PM, Christoph Anton Mitterer wrote:
> On Fri, 2012-10-12 at 16:37 -0400, Michael Gilbert wrote:
>> Which is impossible, or at least man-powerwise insurmountable. There
>> are something like 500 million lines of code in a Debian release.
> I wasn't talking about such an
On Fri, 2012-10-12 at 16:37 -0400, Michael Gilbert wrote:
> Which is impossible, or at least man-powerwise insurmountable. There
> are something like 500 million lines of code in a Debian release.
I wasn't talking about such an impossible task,... but there speaks
nothing against relatively easy t
On Fri, Oct 12, 2012 at 4:31 PM, Christoph Anton Mitterer wrote:
> But it's a general security paradigm, that one shouldn't just focus on
> the attack vectors one can think of... but rather trying to secure
> "everything" ;)
Which is impossible, or at least man-powerwise insurmountable. There
are
On Fri, 2012-10-12 at 13:10 +0200, David Kalnischkies wrote:
> Oh, and there is "Description-md5". I can't imagine a scenario in which it
> would be useful to change the English description of a package for an attack
> (which you want to hide by displaying the translations of the not modified
> ver
On Thu, 2012-10-11 at 13:40 +0200, Stefano Zacchiroli wrote:
> I wonder: did upstream developers start to worry when the number of bugs
> report they received *directly* started to decrease, due to Debian
> distributing their software?
Well but that's a different situation isn't it? I mean Debian t
Hey Paul.
On Fri, 2012-10-12 at 20:48 +0800, Paul Wise wrote:
> Sounds like you have a person in the middle hacking your network (or a
> browser bug), it works for me:
*g* guess I somehow deserved that ;) ... and not even SHA-3 would have
protected me from not verifying against Release.asc ^^
Ch
On Thu, 2012-10-11 at 21:45 +0200, Simon Josefsson wrote:
> IMHO, supporting an OS release for only 3 years is not long enough.
I think that such very-long-term security support is quite an illusion.
Of course, problems found get then back-ported,... but software changes
so rapidly while usually
On Fri, Oct 12, 2012 at 09:05:01AM -0600, Wesley J. Landaker wrote:
> On Friday, October 12, 2012 05:10:12 David Kalnischkies wrote:
> > On Thu, Oct 11, 2012 at 7:38 PM, Christoph Anton Mitterer
> > wrote:
> > > algo,... not to mention that newer algos like Keccack are quite fast.
> > I wonder if
On 11/10/12 at 22:18 +, Sam Hartman wrote:
>
> For myself, I'd feel a lot more comfortable with DDs seconding than DMs
> seconding.
>
> In my mind, when you sign up to be a DM, you're signing up to do a good
> job of maintaining one or more packages.
>
> In my mind a part of the additional c
On 11/10/12 at 11:27 +0200, Arno Töll wrote:
> Hi,
>
> On 11.10.2012 07:50, Bart Martens wrote:
> >> - the submitter of the "intent to orphan" bug must Cc
> >> debian...@lists.debian.org, and file the bug with severity:serious (this
> >> was part of the "criterias" proposal).
> > | Anyone
On 11/10/12 at 10:21 +0200, Gergely Nagy wrote:
> Lucas Nussbaum writes:
>
> > On 11/10/12 at 05:50 +, Bart Martens wrote:
> >> | Anyone can mark a package as orphaned after the following steps have
> >> been
> >> | completed : Someone submits an "intent to orphan" (ITO) in the bts
>
On 11/10/12 at 18:44 +0900, Charles Plessy wrote:
> Le Thu, Oct 11, 2012 at 05:50:51AM +, Bart Martens a écrit :
> >
> > | Anyone can mark a package as orphaned after the following steps have
> > been
> > | completed : Someone submits an "intent to orphan" (ITO) in the bts
> > with an
Le Fri, Oct 12, 2012 at 12:06:11PM +0200, Benjamin Drung a écrit :
> Am Freitag, den 12.10.2012, 10:04 +0800 schrieb Paul Wise:
>
> https://dudle.inf.tu-dresden.de/Popularity_of_bzr-builddeb_and_dh-make/
>
> The poll will be closed in one week (if enough votes are collected).
Hello everybody,
i
On Friday, October 12, 2012 05:10:12 David Kalnischkies wrote:
> On Thu, Oct 11, 2012 at 7:38 PM, Christoph Anton Mitterer
>
> wrote:
> > algo,... not to mention that newer algos like Keccack are quite fast.
>
> I wonder if it is really a good idea to search for a security checksum
> based on th
Craig Small writes:
> debhelper has gotten smarter with every release and gradually what
> dh-make has had to do is getting reduced. I'm not sure we're at the
> point of removing dh-make (it's an open question; I'm really not sure)
> but perhaps we will be there one day. As it was written to sol
On 12 October 2012 13:52, Hideki Yamane wrote:
> On Fri, 12 Oct 2012 14:46:41 +0200
> Jelmer Vernooij wrote:
>> The workflow doesn't have to involve Launchpad either - I'm not using
>> Launchpad at all for my Debian packages. Just because the majority of
>> Bazaar users host their branches on Lau
On Fri, 12 Oct 2012 14:46:41 +0200
Jelmer Vernooij wrote:
> The workflow doesn't have to involve Launchpad either - I'm not using
> Launchpad at all for my Debian packages. Just because the majority of
> Bazaar users host their branches on Launchpad, doesn't mean that a
> Bazaar workflow has to in
On Fri, Oct 12, 2012 at 7:49 PM, Christoph Anton Mitterer
wrote:
> Then what's this:
> ftp://ftp.de.debian.org/debian/dists/sid/Release
Sounds like you have a person in the middle hacking your network (or a
browser bug), it works for me:
pabs@chianamo ~ $ GET ftp://ftp.de.debian.org/debian/dist
On Fri, 2012-10-12 at 21:40 +0900, Hideki Yamane wrote:
> On Fri, 12 Oct 2012 14:22:06 +0200
> Benjamin Drung wrote:
> > How does bzr-builddeb depend on Launchpad? bzr is integrated into
> > Launchpad, but you can use bzr without Launchpad as every other DVCS.
>
> Just because I don't imagine us
On Fri, 12 Oct 2012 14:22:06 +0200
Benjamin Drung wrote:
> How does bzr-builddeb depend on Launchpad? bzr is integrated into
> Launchpad, but you can use bzr without Launchpad as every other DVCS.
Just because I don't imagine use bzr without LP ;)
Yes, it can be used as you've pointed out, but
On Fri, 2012-10-12 at 21:13 +0900, Hideki Yamane wrote:
> On Fri, 12 Oct 2012 12:06:11 +0200
> Benjamin Drung wrote:
> > I have setup a poll for it:
> > https://dudle.inf.tu-dresden.de/Popularity_of_bzr-builddeb_and_dh-make/
>
> Thanks! :) voted.
>
> My opinion is as BTSed,
> - dh-make is s
On 12 October 2012 13:03, Adam D. Barratt wrote:
> I'm struggling to see what point you believe you're making here.
>
The point he was trying to make that he either caught a mirror during
update, or his connection was flaky, as he didn't fetch the complete
file, nor verify it's gpg signature.
Re
Hello!
Игорь Пашев has written on Friday, 12 October, at 12:29:
>dh-make should be deprecated :-)
I don't agree with that. dh-make is very useful in some cases. And I have
created a lot of own packages already, some of them without dh-make but I
know good sides of it.
Andriy.
--
To UN
On Fri, Oct 12, 2012 at 12:06:11PM +0200, Benjamin Drung wrote:
> Thanks.
>
> I have setup a poll for it:
>
> https://dudle.inf.tu-dresden.de/Popularity_of_bzr-builddeb_and_dh-make/
I voted, thanks!
Cheers,
Adrian
signature.asc
Description: Digital signature
Am Freitag, den 12.10.2012, 21:13 +0900 schrieb Hideki Yamane:
> - bzr-builddeb is, well, it seems that is useful in UDD (Ubuntu Distributed
> Development, as Ubuntu packaging guide says) way, but now it heavily
> relies on Launchpad in my point of view.
How does bzr-builddeb depend on
Hi,
On Fri, 12 Oct 2012 12:06:11 +0200
Benjamin Drung wrote:
> I have setup a poll for it:
> https://dudle.inf.tu-dresden.de/Popularity_of_bzr-builddeb_and_dh-make/
Thanks! :) voted.
My opinion is as BTSed,
- dh-make is still usable for 1st step. Maybe experienced/skilled developer
don
On 12.10.2012 12:49, Christoph Anton Mitterer wrote:
On Fri, 2012-10-12 at 10:09 +0800, Paul Wise wrote:
> I further looked around:
> e.g. the Release file seems to only use MD5 not so good :(
Wrong, the Release file has had all 3 since sarge. woody had MD5 &
SHA-1.
Then what's this:
ftp:
On Fri, 2012-10-12 at 13:49 +0200, Christoph Anton Mitterer wrote:
> Then what's this:
> ftp://ftp.de.debian.org/debian/dists/sid/Release
Ah... my bad... the file is simply truncated at some point... but I
guess this most be a local error.
On Fri, 2012-10-12 at 08:26 +0100, Adam D. Barratt wrot
On Fri, 2012-10-12 at 09:17 +0200, Bernhard R. Link wrote:
> There is a disadvantage of having longer hashsums, thus making it harder
> for people to compare. The only reason that for those md5 is optimal and
> not crc32 is that there is only one md5 and there is a nice always
> available tool to c
Hi Paul.
On Fri, 2012-10-12 at 10:09 +0800, Paul Wise wrote:
> > I further looked around:
> > e.g. the Release file seems to only use MD5 not so good :(
> Wrong, the Release file has had all 3 since sarge. woody had MD5 & SHA-1.
Then what's this:
ftp://ftp.de.debian.org/debian/dists/sid/Relea
On 12/10/12 12:10, David Kalnischkies wrote:
> I wonder if it is really a good idea to search for a security checksum
> based on the metric that it can be quickly calculated … but off-topic.
It depends what you're using it for: security is not magic pixie dust. A
hashing algorithm that is faster a
On Thu, Oct 11, 2012 at 7:38 PM, Christoph Anton Mitterer
wrote:
> algo,... not to mention that newer algos like Keccack are quite fast.
I wonder if it is really a good idea to search for a security checksum
based on the metric that it can be quickly calculated … but off-topic.
>> To use your e
Am Freitag, den 12.10.2012, 10:04 +0800 schrieb Paul Wise:
> On Fri, Oct 12, 2012 at 5:35 AM, Benjamin Drung wrote:
>
> > A poll is a good idea. Can you recommend a site that allows setting up a
> > poll?
>
> The Debian secretary was at one point going to setup devotee for this
> sort of thing, d
On Thu, Oct 11, 2012 at 09:45:58PM +0200, Simon Josefsson wrote:
> Marco Nenciarini writes:
> > I've seen recently several company I'm working with getting away from
> > Debian in favor of Ubuntu because they have a LTS version. However I
> > don't know if this is a general trend.
> I can confir
On Fri, Oct 12, 2012 at 04:03:53PM +1100, Craig Small wrote:
> Steve with his years of packaging experience is not probably a good
> sample of one to base this upon. I'd be curious to see if newer
> packagers use it or not.
I don't bother with dh-make anymore. Like Steve the (mixed-case! Argh!) .e
dh-make should be deprecated :-)
--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive:
http://lists.debian.org/CALL-Q8yL-UtZ9rDMqkAQim9wZJRM8Bea1=tsyj6bub_t+pt...@mail.gmail.com
On Fri, 12 Oct 2012 16:03:53 +1100
Craig Small wrote:
> On Thu, Oct 11, 2012 at 02:38:46PM -0700, Steve Langasek wrote:
> > dh-make isn't so relevant now that debhelper 7 exists. cp
> > /usr/share/doc/debhelper/examples/rules.tiny debian/rules && dch
> > --create, manually create debian/control
Package: debian-policy
Severity: minor
Charles Plessy writes:
> http://www.debian.org/doc/debian-policy/ch-controlfields.html#s-f-Checksums
>
> In the .dsc file, these fields should list all files that make up the source
> package. In the .changes file, these fields should list all files bein
On 12.10.2012 01:30, Christoph Anton Mitterer wrote:
I further looked around:
e.g. the Release file seems to only use MD5 not so good :(
You didn't look very far / well.
$ wget -O- -q http://ftp.debian.org/debian/dists/squeeze/Release | grep
-v "^ "
Origin: Debian
Label: Debian
Suite: st
* Christoph Anton Mitterer [121011 19:39]:
> On Thu, 2012-10-11 at 11:35 -0500, Peter Samuelson wrote:
> > What makes sense is to use a hash that has the properties that are
> > needed for a particular application.
> Well... I think that's only really required if performance is very
> critical, e.
41 matches
Mail list logo
