Re: ITP Fidelio (0.9.2)

[Clay Crouch]

On Mon, 7 Aug 2000, Bernd Eckenfels wrote:

> On Sun, Aug 06, 2000 at 10:17:32PM -0500, Clay Crouch wrote:
> > I Intend To Package the Hotline client, 'fidelio'.
> 
> yes thats a good idea, i already compiled it cleanly on my potato box so you
> wont have much problems.. are u going to include some default trackers in
> the setup?

Well I have finally gotten around to doing the (trivial) -2
of Fidelio, which checks for a system-wide default bookmark file
at /usr/share/doc/fidelio/default/bookmarks.

I just uploaded it about 5 mins ago

The default bookmark file I am shipping with it is rather basic.
It contains only 15 trackers and the single default bookmark.
But it does allow the local sysadmin to adjust the system-wide
defaults, now, and the user can actually find a number of servers
on their first run. :^)

Cheers!
 
/ Clay Crouch, UNIX Weenie ;^> |    \
| Linux Administration/Consulting  | <[EMAIL PROTECTED]>   |
| Debian Package Maintainer| <[EMAIL PROTECTED]>  |
+--+-+
|"Away put your weapon; I mean you no harm." -- Master Yoda  |
+|
| 1024D/7D2AD631: 2319 2356 FEDF 4631 63F3 762A E443 1C2A 7D2A D631  |
\/



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: gpm and X problem investigated

[Gerd Knorr]

> Do we need to start collecting a database of what combinations of
> configurations work in which situations?

iMac + logitech usb wheel mouse:

XFree86 3.3.x:
Protocol   "imps/2"
Device "/dev/usbmouse"
works fine - including mouse wheel.

Protocol"mousesystems"
Device  "/dev/gpmdata"
works too, but without mouse wheel.  Trying any other repeater
protocol did'nt work at all.

XFree86 4:
Protocol"mousesystems"
Device  "/dev/gpmdata"
The only way I could make the mouse work.  No working mouse
wheel here too.

  Gerd

-- 
Protecting the children is a good way to get a lot of adults who cant
stand up for themselves.-- seen in some sig on /.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Free Pine?

[Raul Miller]

On Fri, Sep 01, 2000 at 01:26:53PM -0500, Steve Greenland wrote:
> That to me says Debian has permission to re-distribute our modified
> version, but that people who recieve it from us do not, unless they
> too ask permission ("We do expect and appreciate..."). Non-free. If
> she had written just "We appreciate..." I'd be comfortable putting it
> in free.

There's no legal difference between "Debian" and "people who recieve it
from us".  [Legally, there's no such entity as "Debian".]

Nor is there a difference from the viewpoint of our social contract.

Trying to divide us up, by drawing a line where there isn't one, is very
much against what we're about.

-- 
Raul


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: gpm and X problem investigated

[tony mancill]

On Sat, 2 Sep 2000, Massimo Dal Zotto wrote:

> I had the same problems when using the new defaults (-R ms3 and Intellimouse
> on /dev/gpmdata).



> 2)use the default gpm repeater type (msc). It is compatible with
>   the old behavior of slink and gpm, and works without problems.
>   The default gpm repeater type is `msc' an not `raw'. Setting it
>   to raw would force the user to configure it also in XF86config,
>   while with msc it could be configured automatically (see next
>   point).

After probably a good hour of mucking about with this when I installed
potato from scratch about 6 months ago, I concur with using msc as the
default repeater.  On my Thinkpad 600E, this is not only the only
configuration that worked, but the Z-axis button worked automatically as a
middle mouse button (which according to the Linux Laptops page
documentation at the time wasn't supposed to work at all).

Do we need to start collecting a database of what combinations of
configurations work in which situations?  Perhaps there are other
configurations that simply won't work using msc (or ms3) repeater types.  
If we knew about them, we could make gpmconfig a bit smarter.

  [EMAIL PROTECTED] |  She who says, does not know.
http://www.debian.org  |  She who knows, does not say.
   |- Tao Te Ching


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Project Gutenberg

[viral]

On Sat, Sep 02, 2000 at 06:10:18PM +0200, Andreas Fuchs wrote:
> A gutenberg index and retrieval program, OTOH...
> (mental note: must write this)

A search on freshmeat reveals a neat program called gutenbook.
Its in perl, and uses perl-gtk.
It does indexing and retrieving, and although still in beta, is quite a nice
tool. 

And it is GPL.

viral


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: gpm and X problem investigated

[Massimo Dal Zotto]

> 
> Hi!
> 
> In the recent past, there have been multiple (bug) reports about the behaviour
> of potato (& woody?) gpm in the presence of X (or vice versa, really). I've
> done some research, with these results: 
> 
> 1. On slink and probably before (because I don't remember things being
>differently), gpm did not default to be in repeater mode or even
>ask about that. In the X config, you would mention your real /dev/mouse
>and your real protocol.
> 
> 2. On any->potato upgrades, the config file is not touched, and gpm and X
>continue to behave as before. In an upgraded potato system, X still
>needs your real /dev/mouse and your real protocol.
> 
> 3. On new potato installs, gpm defaults to be in repeater mode, and to
>repeat in the ms3 protocol.
> 
> 4. When gpm is in repeater mode, it does not release the mouse device
>when switching to X, but expects X to read data from /dev/gpmdata.
>So, in the current potato default install, IF you install gpm,
>X config must use /dev/gpmdata and ms protocol always, regardless
>of mouse type.
> 
> 5. In the current potato install, IF you do NOT install gpm, X config
>needs your real /dev/mouse with your real protocol.
> 
> 6. My personal experience shows that, with gpm repeating in the ms3
>protocol, the middle mouse button is very hard to get working in X, if
>at all. Also, movement data of the mouse appears to get lost, resulting
>in erratic and uncomfortable mouse behaviour.
> 
> 7. The solution to the repeating problem in 6. is to default to
>repeating in the "raw" = "untranslated" protocol. Then, X config
>would need /dev/gpmdata always, but your real protocol.
> 
> So, on a potato system, the X configuration may require three different
> settings, dependent on your personal history:
> 
>   real /dev/mouse + real protocolwhen upgraded from slink or before
>   OR on new potato install without gpm
> 
>   /dev/gpmdata+ ms protocol  on "unmodified" new potato install w/gpm
> 
>   /dev/gpmdata+ real protocolon "modified" new potato install w/gpm
> 
> This situation seems highly undesirable to me, if only because this is not
> documented properly anywhere -- and even documenting the current situation in
> a way that is clear to the average user (i.e. M$Win convert) is a daunting
> task. 
> 
> Apart from changing nothing and leaving our users completely in the dark,
> there seem to be two options:
> 
> a. Let gpm default to repeating in raw mode (to solve 6.), and add a very
>clear notice that X should be (re)configured with /dev/gpmdata but using
>the real protocol -- but when gpm is either stopped or removed/purged, that
>the X config should be changed again (!! I don't know any package that
>requires _another_ package to be _manually_ reconfigured on install/
>remove).
> 
> b. Let gpm default to not repeating at all, without needing any further
>documentation (AFAIK; I don't remember questions on gpm <-> X behaviour
>in slink).
> 
> Obviously, b. is the right choice (IMHO ;-). Furthermore, a fix to this effect
> seems more than necessary to go into 2.2r1.
> 
> Or... is there a flaw in my logic? Or is there some very important reason for
> gpm's current behaviour? 
> 
> 
> Regards,
>   Anne Bezemer
> 
> 
> -- 
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
> 

I had the same problems when using the new defaults (-R ms3 and Intellimouse
on /dev/gpmdata).

Another nasty thing is that if you use the task-selection interface gpm
is not installed by default and there is no way to add it manually to the
package list.

So if you configure X for MouseSystem on /dev/gpmdata, as I have always
done on my installations, you have a non working X system. The same happens
if you choose "Logitech Intellimouse or GPM Repeater" in anXious, because
gpm is missing anyway.

I suggest that in the future we choose a third (and better) option:

1)  install gpm by default or even better add it to the base system
since it is very useful also in text mode

2)  use the default gpm repeater type (msc). It is compatible with
the old behavior of slink and gpm, and works without problems.
The default gpm repeater type is `msc' an not `raw'. Setting it
to raw would force the user to configure it also in XF86config,
while with msc it could be configured automatically (see next
point).

3)  in new installlation don't ask for X mouse configuration and
use by default MouseSystem on /dev/gpmdata, after displaying a
note to the user explaining the relationships between gpm and X.
This has the advantage that the user must configure the mouse
only in one place, even if later he wants to change the mouse
model or port. This is a big win expecially for novices, while
the experienced users alway

Re: Debian Port to x86-64

[Wichert Akkerman]

Previously Gerhard Poul wrote:
> Was there already a discussion about a x86-64 (64-bit AMDs) port on
> this list?

Somewhat. We've talked with AMD about getting resources for the port.
There is a group of people doing the ABI, toolchain and kernel work
already, see http://www.x86-64.org/ .

> What do you think? - Is it worth/needed to make this a port with it's
> own port information page and mailing list?

Debian can't do a lot now, we're waiting for the kernel and toolchain
to stabilize before we can really do anything.

Wichert.

-- 
   
 / Generally uninteresting signature - ignore at your convenience  \
| [EMAIL PROTECTED]http://www.liacs.nl/~wichert/ |
| 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0  2805 3CB8 9250 2FA3 BC2D |


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Debian Port to x86-64

[Gerhard Poul]

Was there already a discussion about a x86-64 (64-bit AMDs) port on
this list?

I haven't found anything and I would like to get some opinions.

What do you think? - Is it worth/needed to make this a port with it's
own port information page and mailing list?


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Project Gutenberg

[Chris Gray]

On Sat, Sep 02, 2000 at 06:10:18PM +0200, Andreas Fuchs wrote:
> A gutenberg index and retrieval program, OTOH...
> (mental note: must write this)

Have a look at www.gutenbook.org  

Cheers,
Chris

-- 
pick, pack, pock, puck: like drops of water in a fountain falling
softly in the brimming bowl.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Project Gutenberg

[Andreas Fuchs]

Today, Ralf Treinen <[EMAIL PROTECTED]> wrote:
> [EMAIL PROTECTED] wrote
>> I was wondering that the work done by Project Gutenberg
>> (http://sailor.gutenberg.org) should be made available through debian.
> This came already to discussion some months ago when someone proposed to
> package the constitution of Finland.

Yes. The same point was made when "anarchism" was packaged. Gutenberg
seems to be a nice argument when it comes to massive data that is not
really debian-rele^W^W^W^W^W^W.
(No, I will not go there, and I hope that you won't, either (-8)

> The point is that packaging all of the Gutenberg files would take huge
> disk space, and the "added value" of debian packaging would be quite small
> since downloading files from Gutenberg is very easy.

A gutenberg index and retrieval program, OTOH...
(mental note: must write this)

> Ralf.

regards,
-- 
Andreas Stefan Fuchs in Real Life aka
[EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] in NNTP and 
SMTP,
antifuchsin IRCNet and
Relf Herbstfresser, Male 1/2 Elf Priest  in AD&D


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: My recent bug's and continuing effort to debconf-ize Debian

[Steve Robbins]

On Fri, 1 Sep 2000, Sean 'Shaleh' Perry wrote:

> c) *eventually* there will be a debconf server(right word?) which network
> admins can install.  This will have the answers stored in it and then when
> boxes need to know an asnwer, they query debconf and it queries the server.
> This way, you can do unattended installs of an entire computer lab.

Until that happens, is there a quick 'n' dirty way to replicate answers?

I'd be happy just copying the file(s) that make up the database from
an installed machine to the new machine.  Is it possible?  Which files?

-S




-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Project Gutenberg

[Robert D. Hilliard]

Followup to: debian-legal@lists.debian.org
Bcc: [EMAIL PROTECTED]
From: [EMAIL PROTECTED] (Robert D. Hilliard)
Date: 02 Sep 2000 11:00:12 -0400
In-Reply-To: [EMAIL PROTECTED]'s message of Sat, 2 Sep 2000 14:32:08 +0530
Message-ID: <[EMAIL PROTECTED]>
Lines: 55
X-Mailer: Gnus v5.3/Emacs 19.34

[EMAIL PROTECTED] writes:

> Hello,
> 
> I was wondering that the work done by Project Gutenberg
> (http://sailor.gutenberg.org) should be made available through debian.
> 
> It would be great to use 'apt' to get all the great work done there.
> 
> It shouldn't be difficult at all to package. I don't know if this has been
> discussed earlier (sorry, I didn't check the archives) but I'd like to know
> of what other people think about it.

 Not all Project Gutenberg documents are DFSG free.  They use a
file called `SMALL PRINT' as a license document.  There are currently
several versions of `SMALL PRINT' in their archive.  Ver.04.29.93,  and
Ver.03.08.92 require a royalty for commercial distribution.  I believe
I have seen versions that do not restrict commercial distribution, but
I can't locate an example at the moment.

 Most, if not all versions of `SMALL PRINT' include the following:

This PROJECT GUTENBERG-tm etext, like most PROJECT GUTENBERG-
tm etexts, is a "public domain" work distributed by Professor
Michael S. Hart through the Project Gutenberg Association at
Carnegie-Mellon University (the "Project").  Among other
things, this means that no one owns a United States copyright
on or for this work, so the Project (and you!) can copy and
distribute it in the United States without permission and
without paying copyright royalties.  Special rules, set forth
below, apply if you wish to copy and distribute this etext
under the Project's "PROJECT GUTENBERG" trademark.

 . . . . .

DISTRIBUTION UNDER "PROJECT GUTENBERG-tm"
You may distribute copies of this etext electronically, or by
disk, book or any other medium if you either delete this
"Small Print!" and all other references to Project Gutenberg,
or:
(Followed by license conditions,including the royalty requirement.)


 It appears that if the `SMALL PRINT' is deleted, the remainder of
the document is DFSG free.  However, there would be no copyright
notice or license attached to that copy.  I am not sure if it could be
distributed in Debian without a copyright notice or license.  I have
copied this to debian-legal for an opinion on this.

Bob
-- 
   _
  |_)  _  |_   Robert D. Hilliard  <[EMAIL PROTECTED]>
  |_) (_) |_)  1294 S.W. Seagull Way   <[EMAIL PROTECTED]>
   Palm City, FL  USA   PGP Key ID: A8E40EB9


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: ITP: penguin command

[Hugo van der Merwe]

> Is it possible to play the game without the music? If so you might
> consider placing it in main with a Recommends: or Suggests: for
> the non-free music.
>

I read in the policy:

   In addition, the packages in "main"
 * must not require a package outside of "main" for compilation or
   execution (thus, the package must not declare a "Depends" or
   "Recommends" relationship on a non-main package),

That makes me think that if it goes in main, with music in non-free, it must
Suggest, not Recommend. If it wishes to Recommend, it must go in contrib. (?)

Hugo van der Merwe


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Security of Debian SuX0r?

[Peter Palfrader]

Hi Ethan!

On Fri, 01 Sep 2000, Ethan Benson wrote:

> On Sat, Sep 02, 2000 at 01:25:09AM -0400, Adam McKenna wrote:
> > > 
> > > my home directory is mode 710 and ssh works fine, on other systems my
> > > home is mode 755 and ssh still works fine (all with RSA auth and
> > > StrictModes yes)
> > 
> > Actually, sshd only cares about ~/.ssh and ~/.ssh/authorized_keys and that
> > they're not group or world writable.

> 
> how much do you want to bet?

You really wanna bet?


> [EMAIL PROTECTED] eb]$ chmod 770 .

Hmm. I'ld think home is now /group writeable/.



[EMAIL PROTECTED]:~$ dpkg -l ssh
ii  ssh1.2.3-9Secure rlogin/rsh/rcp replacement (OpenSSH)


once again:

[EMAIL PROTECTED]:~$ l -d . .ssh .ssh/authorized_keys 
drwxr-sr-x   20 weasel   weasel   2048 Sep  1 04:09 ./
drwxr-sr-x2 weasel   weasel   1024 Aug 12 01:04 .ssh/
-rw-r--r--1 weasel   weasel332 Aug 12 01:03 .ssh/authorized_keys

| [EMAIL PROTECTED]:~$ ssh defiant
| [...]
| [EMAIL PROTECTED]:~$ 

[EMAIL PROTECTED]:~$ chmod g+w .ssh/ 
[EMAIL PROTECTED]:~$ l -d . .ssh .ssh/authorized_keys 
drwxr-sr-x   20 weasel   weasel   2048 Sep  1 04:09 ./
drwxrwsr-x2 weasel   weasel   1024 Aug 12 01:04 .ssh/
-rw-r--r--1 weasel   weasel332 Aug 12 01:03 .ssh/authorized_keys

| [EMAIL PROTECTED]:~$ ssh -v defiant
[...]
| debug: Trying RSA authentication via agent with '[EMAIL PROTECTED]'
| debug: Remote: RSA authentication refused for weasel: bad ownership or modes 
for '/home/weasel/.ssh/authorized_keys'.
[...]
| [EMAIL PROTECTED]'s password: 

[EMAIL PROTECTED]:~$ chmod g-w .ssh/ 
[EMAIL PROTECTED]:~$ chmod g+w .ssh/authorized_keys 
[EMAIL PROTECTED]:~$ l -d . .ssh .ssh/authorized_keys 
drwxr-sr-x   20 weasel   weasel   2048 Sep  1 04:09 ./
drwxr-sr-x2 weasel   weasel   1024 Aug 12 01:04 .ssh/
-rw-rw-r--1 weasel   weasel332 Aug 12 01:03 .ssh/authorized_keys

| [EMAIL PROTECTED]:~$ ssh defiant
| [EMAIL PROTECTED]'s password: 

[EMAIL PROTECTED]:~$ l -d . .ssh .ssh/authorized_keys 
drwxrwsr-x   20 weasel   weasel   2048 Sep  1 04:09 ./
drwxr-sr-x2 weasel   weasel   1024 Aug 12 01:04 .ssh/
-rw-r--r--1 weasel   weasel332 Aug 12 01:03 .ssh/authorized_keys

| [EMAIL PROTECTED]:~$ ssh defiant
| [EMAIL PROTECTED]'s password: 

[EMAIL PROTECTED]:~$ chmod g-w .
[EMAIL PROTECTED]:~$ l -d . .ssh .ssh/authorized_keys 
drwxr-sr-x   20 weasel   weasel   2048 Sep  1 04:09 ./
drwxr-sr-x2 weasel   weasel   1024 Aug 12 01:04 .ssh/
-rw-r--r--1 weasel   weasel332 Aug 12 01:03 .ssh/authorized_keys

| [EMAIL PROTECTED]:~$ ssh defiant
| [...]
| [EMAIL PROTECTED]:~$ 


So ssh checks wheter the chain homedir, ~/.ssh, and authorized_keys is
writeable only by the owner.

yours,
peter

-- 
PGP encrypted messages preferred.
http://www.cosy.sbg.ac.at/~ppalfrad/
[please CC me on lists]

Re: Project Gutenberg

[Craig Sanders]

On Sat, Sep 02, 2000 at 02:32:08PM +0530, [EMAIL PROTECTED] wrote:
> I was wondering that the work done by Project Gutenberg
> (http://sailor.gutenberg.org) should be made available through debian.
>
> It would be great to use 'apt' to get all the great work done there.
>
> It shouldn't be difficult at all to package. I don't know if this has
> been discussed earlier (sorry, I didn't check the archives) but I'd
> like to know of what other people think about it.

feel free to make your own apt-gettable repository for project gutenberg
packages.

personally, i think that a script which regularly downloaded the index
of available texts, providing a searchable database, and capable of
automatically fetching any one or more of them for you would be more
useful...

and it would be useful to non debian users too. think of it as the apt
equivalent for project gutenberg :)

craig

--
craig sanders


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Project Gutenberg

[Ralf Treinen]

[EMAIL PROTECTED] wrote
> I was wondering that the work done by Project Gutenberg
> (http://sailor.gutenberg.org) should be made available through debian.

This came already to discussion some months ago when someone proposed to
package the constitution of Finland.

The point is that packaging all of the Gutenberg files would take huge
disk space, and the "added value" of debian packaging would be quite small
since downloading files from Gutenberg is very easy.

Ralf.



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Project Gutenberg

[viral]

Hello,

I was wondering that the work done by Project Gutenberg
(http://sailor.gutenberg.org) should be made available through debian.

It would be great to use 'apt' to get all the great work done there.

It shouldn't be difficult at all to package. I don't know if this has been
discussed earlier (sorry, I didn't check the archives) but I'd like to know
of what other people think about it.

viral


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Security of Debian SuX0r?

[Bernhard R. Link]

On Fri, 1 Sep 2000, Roland Bauerschmidt wrote:

> While we are at it. Kurt critizes that adduser creates home
> directories readable for all users by default. The woody version has
> an option in /etc/adduser.conf to change it to any value you
> want. Shall we make something like 700 default? 


I think the current standard is quite reasonable.

Perhaps a non-world-readability would please very bloody beginers,
but is would give the not so bloody beginers a false fealing of
security. 

Hochachtungsvoll,
  Bernhard R. Link


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: My recent bug's and continuing effort to debconf-ize Debian

[Herbert Xu]

Roland Bauerschmidt <[EMAIL PROTECTED]> wrote:
> On Fri, Sep 01, 2000 at 07:10:30PM -0700, Joey Hess wrote:
>> As I said above, debconf is in standard.

> Sorry. I didn't know that. Dpkg and apt-cache still claim that it is
> in optional:

Someone needs to update the override file for debconf to become standard.
-- 
Debian GNU/Linux 2.2 is out! ( http://www.debian.org/ )
Email:  Herbert Xu ~{PmV>HI~} <[EMAIL PROTECTED]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

ITP: hlins -- Insert URLs into html documents

[Ralf Treinen]

package: wnpp
Severity: wishlist

 Hlins is a tool to insert hypertext links into HTML documents,
 using a database with entries of the form "name = url". It is   
 designed for inserting urls of real persons: it knows about
 abbreviations of first and middle names and tolerates dropping
 the second part of a composite last name.

Licence: GPL

Home page: http://www.lri.fr/~treinen/hlins


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Security of Debian SuX0r?

[Joseph Carter]

On Sat, Sep 02, 2000 at 03:06:16AM +0200, Peter Palfrader wrote:
> > > 751 seems more reasonable IMO.
> > 
> > This sounds also reasonable for me. And because of the x-bit UserDirs,
> > etc. should work. Does anyone objects if I change this with the next
> > upload of adduser? Consider that this is only the default behaviour,
> > if you still want 755 home-directories you just have to change the
> > value in /etc/adduser.conf.
> 
> I'ld prefer keeping 755 as a default.

As I haven't looked at the configurability of adduser, I may be barking up
the wrong tree here..  Would it be possible to allow the sysadmin to add
new users to a given group or set of groups on creation of the account?
This way you could choose to have your ~ created as you.users 751 or
you.you if you want to make the user decide explicitly to change it to
group users or whatever.  I see other uses for a users group as some web
CGI scripts have files that need to be world writable and you can only
maintain security that way if you make the files you.users 646 or 642.

Obviously, no default is going to be acceptable to everyone, that's why
it's a default that can be changed.

-- 
Joseph Carter <[EMAIL PROTECTED]>   GnuPG key 1024D/DCF9DAB3
Debian GNU/Linux (http://www.debian.org/) 20F6 2261 F185 7A3E 79FC
The QuakeForge Project (http://quakeforge.net/)   44F9 8FF7 D7A3 DCF9 DAB3

 is a surgical war where you go give the foreign troops nose jobs?


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Security of Debian SuX0r?

[Ethan Benson]

On Sat, Sep 02, 2000 at 01:25:09AM -0400, Adam McKenna wrote:
> > 
> > my home directory is mode 710 and ssh works fine, on other systems my
> > home is mode 755 and ssh still works fine (all with RSA auth and
> > StrictModes yes)
> 
> Actually, sshd only cares about ~/.ssh and ~/.ssh/authorized_keys and that
> they're not group or world writable.

how much do you want to bet?

[EMAIL PROTECTED] eb]$ chmod 770 .
[EMAIL PROTECTED] eb]$ ls -ld ~
drwxrwx---   56 eb   users4096 Sep  1 23:04 /home/eb
[EMAIL PROTECTED] eb]$

[EMAIL PROTECTED] eb]$ ssh -v socrates
SSH Version OpenSSH-1.2.3, protocol version 1.5.
Compiled with SSL.
debug: Reading configuration data /home/eb/.ssh/config
[snip]
debug: Connection established.
debug: Remote protocol version 1.5, remote software version OpenSSH-1.2.3
[snip]
debug: Trying RSA authentication with key '[EMAIL PROTECTED]'
debug: Remote: RSA authentication refused for eb: bad ownership or
modes for '/home/eb/'.
debug: Server refused our key.
debug: Trying RSA authentication with key '[EMAIL PROTECTED]'
debug: Remote: RSA authentication refused for eb: bad ownership or
modes for '/home/eb/'.
debug: Server refused our key.
Permission denied.
debug: Calling cleanup 0x8056820(0x0)
[EMAIL PROTECTED] eb]$

[EMAIL PROTECTED] eb]$ chmod 710 .
[EMAIL PROTECTED] eb]$ ls -ld .
drwx--x---   56 eb   users4096 Sep  1 23:10 .
[EMAIL PROTECTED] eb]$

[EMAIL PROTECTED] eb]$ ssh socrates
Enter passphrase for RSA key '[EMAIL PROTECTED]':
Last login: Fri Sep  1 19:09:40 2000 on tty9
[...]
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
You have mail.
[EMAIL PROTECTED] eb]$

i also tried it with my home directory group set to my private group
`eb' same deal.

perhaps you have a different version of ssh?

-- 
Ethan Benson
http://www.alaska.net/~erbenson/


pgp4bkUmaIT9B.pgp
Description: PGP signature

Re: APT problem

[Jason Gunthorpe]

On 1 Sep 2000, Alex Romosan wrote:

> with 'apt-get source -b '. what's the point in having the
> ability to download the source and recompile it automatically if the
> next upgrade will wipe it out. if i choose to recompile a package, apt

Mostly to compile versions that are not available for 'stable' but are
available for slink. All other recompiles really should bump the version
number to keep things sane.

Jason


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: APT problem

[Alex Romosan]

Craig Sanders <[EMAIL PROTECTED]> writes:

> On Wed, Aug 30, 2000 at 09:31:57PM -0600, Jason Gunthorpe wrote:
> > [Alex Romosan wrote:]
> > > which are not on by default and then i have to put the packages on
> > > hold because apt wants to get the remote ones.
> >
> > You have to do this anyhow, otherwise the package will get upgraded
> > and you will loose your changes. In all cases I can think of where
> > a package is locally recompiled and has not been placed on hold you
> > would indeed want the 'newer' archive package to be installed. The
> > motivating factor here is local slink recompiles of potato packages.
> 
> i may be missing something here, but why not change the debian revision
> number when you recompile the package? takes a few seconds to edit the
> changelog. that's what i do...it works for me.
> 

i usually do that, but sometimes i forget and i find it annoying that
apt assumes by default that the mirror packages are "newer" than my
local packages. it just doesn't feel right. also, this doesn't work
with 'apt-get source -b '. what's the point in having the
ability to download the source and recompile it automatically if the
next upgrade will wipe it out. if i choose to recompile a package, apt
should leave it alone until a newer version comes along. to me, at
least, this idea of always fetching the mirror package, feels too much
like microsoft. also, before apt, dselect use to leave the packages
alone, maybe that's when i got used to the idea that my local packages
shouldn't be touched if they have the same version number.

--alex--

-- 
| I believe the moment is at hand when, by a paranoiac and active |
|  advance of the mind, it will be possible (simultaneously with  |
|  automatism and other passive states) to systematize confusion  |
|  and thus to help to discredit completely the world of reality. |


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: APT problem

[Craig Sanders]

On Wed, Aug 30, 2000 at 09:31:57PM -0600, Jason Gunthorpe wrote:
> [Alex Romosan wrote:]
> > which are not on by default and then i have to put the packages on
> > hold because apt wants to get the remote ones.
>
> You have to do this anyhow, otherwise the package will get upgraded
> and you will loose your changes. In all cases I can think of where
> a package is locally recompiled and has not been placed on hold you
> would indeed want the 'newer' archive package to be installed. The
> motivating factor here is local slink recompiles of potato packages.

i may be missing something here, but why not change the debian revision
number when you recompile the package? takes a few seconds to edit the
changelog. that's what i do...it works for me.

e.g. if the package is version 1.0-1, change it to something like
version 1.0-1ZZZlocal

then it will only be upgraded by apt or dselect if -2 comes out. you'll
still need to hold the package if you don't want that to happen (that's
a feature, not a bug :)



if you think that running dselect just to put a package on hold is a
PITA, use my little dpkg-hold script:

#! /bin/bash

# dpkg-hold  --  command line tool to flag package(s) as held.
#
# by Craig Sanders, 1998-10-26.  This script is hereby placed into the 
# public domain.
#
# BUGS: this script has absolutely no error checking.  this is not good.

if [ -z "$*" ] ; then
echo "Usage:"
echo "  dpkg-hold "
exit 1
fi

for i in $@ ; do
echo "$ihold"
done | dpkg --set-selections


FWIW, i think this script should probably be included with dpkg, or
similar command line functionality be added to dpkg. cc-ed to Wichert
for his wishlist.

craig

--
craig sanders


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Machine-specific optimizations

[Craig Sanders]

On Fri, Sep 01, 2000 at 05:45:05PM +0200, Arthur Korn wrote:
> Is there a convenient way to put a package on hold? I couldn't
> figure anything out form the dpkg and apt-get manpages. If I
> have to start dselect every time I want to put something on hold
> this is certainly not how it should be. (Ever used dselect on a
> 9600 serial console? It's fun ;).

twice in one day...this must be the 4th or 5th time i've posted this
script to this list over the years.

---cut here---
#! /bin/bash

# dpkg-hold  --  command line tool to flag package(s) as held.
#
# by Craig Sanders, 1998-10-26.  This script is hereby placed into the 
# public domain.
#
# BUGS: this script has absolutely no error checking.  this is not good.

if [ -z "$*" ] ; then
echo "Usage:"
echo "  dpkg-hold "
exit 1
fi

for i in $@ ; do
echo "$ihold"
done | dpkg --set-selections
---cut here---

craig

--
craig sanders


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Machine-specific optimizations

[Craig Sanders]

On Fri, Sep 01, 2000 at 12:04:20PM -0400, Robert D. Hilliard wrote:
> Despite the disclaimer about error checking, I have had good
> results with it.  

just paranoia. i've never had a problem with it. the message is there
mostly to let people know that it's the kind of tool which makes it real
easy to shoot off your own foot.

> I have also reversed it to make dpkg-unhold.

yep, and i've made a "dpkg-purge" too which i occasionally find
useful (mostly when semi-auto building servers by merging in various
--get-selections lists, which i have to do nowadays because going
through dselect just takes too long).

craig

--
craig sanders


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Security of Debian SuX0r?

[Adam McKenna]

On Fri, Sep 01, 2000 at 09:03:10PM -0800, Ethan Benson wrote:
> On Fri, Sep 01, 2000 at 08:06:20PM -0400, Jonathan D. Proulx wrote:
> > 
> > Anything less than 700 breaks RSA authentication for ssh.  A point to
> > consider though I'll gladly concede that anyone using RSA keys ought
> > to know what permissions they want on their home directory and how to
> > change them.
> 
> wrong, ssh only cares if the home directory is *WRITABLE* by other
> users then the owner, not if its readable.  
> 
> my home directory is mode 710 and ssh works fine, on other systems my
> home is mode 755 and ssh still works fine (all with RSA auth and
> StrictModes yes)

Actually, sshd only cares about ~/.ssh and ~/.ssh/authorized_keys and that
they're not group or world writable.

--Adam


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Security of Debian SuX0r?

[Ethan Benson]

On Fri, Sep 01, 2000 at 08:06:20PM -0400, Jonathan D. Proulx wrote:
> 
> Anything less than 700 breaks RSA authentication for ssh.  A point to
> consider though I'll gladly concede that anyone using RSA keys ought
> to know what permissions they want on their home directory and how to
> change them.

wrong, ssh only cares if the home directory is *WRITABLE* by other
users then the owner, not if its readable.  

my home directory is mode 710 and ssh works fine, on other systems my
home is mode 755 and ssh still works fine (all with RSA auth and
StrictModes yes)

-- 
Ethan Benson
http://www.alaska.net/~erbenson/


pgplKUvwwNxmm.pgp
Description: PGP signature

ITP: hanzim

[Roger So]

I intend to package Hanzi Master, a Chinese character dictionary and 
learning aid.  I haven't yet passed the NM process; however Anthony
Fok ([EMAIL PROTECTED]) has agreed to sponsor this package for me.

License: GPL
URL: http://cogsci.ucsd.edu/~arobert/hanzim.html

It builds fairly cleanly on my system. (woody, i386)

Thanks,

-- 
  Roger Sotelnet://e-fever.org
  spacehunt at e-fever dot org  SysOp, e-Fever BBS
  GnuPG  1024D/98FAA0AD  F2C3 4136 8FB1 7502 0C0C 01B1 0E59 37AC 98FA A0AD


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

RE: Smart BootManager

[Yu Guanghui]

hi
It's really a nice tool.:-)
And it could be installed from linux !
saka

-Original Message-
From: hashao [mailto:[EMAIL PROTECTED]
Sent: Saturday, September 02, 2000 11:00 AM
To: debian-devel@lists.debian.org
Subject: CFP: Smart BootManager


Hello debian-devel,
Smart BootManager is a tiny, powerful and multi-language boot manager
written in assembler. SBM supports many features in only 30K bytes
including multi-languages and themes, a user friendly menu system,
partition auto scan, boot schedule, password protection, and more. SBM
is the first GPLed boot manager to embed an IDE ATAPI CD-ROM driver,
it can boot Win95/98/2K, Linux, FreeBSD, OpenBSD, and BeOS from
CD-ROM. Multi-bootable image CDs are supported as well.

It is GPLed.
HomePage: http://www.gnuchina.org/~suzhe/

It is easier to use and work well with lilo. Good for newbie users.

--
Best regards,
 hashao  mailto:[EMAIL PROTECTED]

--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact
[EMAIL PROTECTED]



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

CFP: Smart BootManager

[hashao]

Hello debian-devel,

Smart BootManager is a tiny, powerful and multi-language boot manager
written in assembler. SBM supports many features in only 30K bytes
including multi-languages and themes, a user friendly menu system,
partition auto scan, boot schedule, password protection, and more. SBM
is the first GPLed boot manager to embed an IDE ATAPI CD-ROM driver,
it can boot Win95/98/2K, Linux, FreeBSD, OpenBSD, and BeOS from
CD-ROM. Multi-bootable image CDs are supported as well.

It is GPLed.
HomePage: http://www.gnuchina.org/~suzhe/

It is easier to use and work well with lilo. Good for newbie users.

-- 
Best regards,
 hashao  mailto:[EMAIL PROTECTED]



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: My recent bug's and continuing effort to debconf-ize Debian

[Roland Bauerschmidt]

On Fri, Sep 01, 2000 at 07:10:30PM -0700, Joey Hess wrote:
> As I said above, debconf is in standard.

Sorry. I didn't know that. Dpkg and apt-cache still claim that it is
in optional:

[EMAIL PROTECTED]:~% apt-cache show debconf | grep \^Priority:  
   
Priority: optional
[EMAIL PROTECTED]:~% dpkg -p debconf | grep \^Priority: 
   
Priority: optional
[EMAIL PROTECTED]:~% dpkg-deb -I
/var/cache/apt/archives/debconf_0.3.66_i386.deb | grep Priority: 
 Priority: standard

Never mind, Roland

-- 
Roland Bauerschmidt <[EMAIL PROTECTED]>


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: My recent bug's and continuing effort to debconf-ize Debian

[Joey Hess]

Roland Bauerschmidt wrote:
> On Fri, Sep 01, 2000 at 12:45:07PM -0700, Joey Hess wrote:
> > Debconf is already in standard. Three packages of > standard priority
> > use debconf (console-tools, console-data, setserial). All are priority
> > required.
> 
> What is with lynx? Lynx is standard and _depends_ on debconf.

As I said above, debconf is in standard.

-- 
see shy jo


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: ITP: penguin command

[Bernhard Josef Rieder]

On Sat, Sep 02, 2000 at 03:44:29AM +0200, Peter Palfrader wrote:
> 
> Is it possible to play the game without the music? If so you might
> consider placing it in main with a Recommends: or Suggests: for
> the non-free music.
> 

It seems to work. I think only the *.MODs are copyrighted and the
soun effects (*.WAV) are free but I have to ask the author about that

Bernhard



pgpnADVCIaz6S.pgp
Description: PGP signature

Re: My recent bug's and continuing effort to debconf-ize Debian

[Roland Bauerschmidt]

On Fri, Sep 01, 2000 at 12:45:07PM -0700, Joey Hess wrote:
> Debconf is already in standard. Three packages of > standard priority
> use debconf (console-tools, console-data, setserial). All are priority
> required.

What is with lynx? Lynx is standard and _depends_ on debconf. I would
also appreciate to increase debconf's importance.

Package: lynx
Version: 2.8.3-1
Priority: standard
Section: web
Maintainer: Christian Hudon <[EMAIL PROTECTED]>
Depends: libc6 (>= 2.1.2), libz1, slang1 (>> 1.3.0-0), debconf
Recommends: mime-support
Provides: www-browser, news-reader
Architecture: i386
Filename: dists/unstable/main/binary-i386/web/lynx_2.8.3-1.deb
Size: 972618
MD5sum: e2916eee86441c85adc8bea3db74a8cc
Description: Text-mode WWW Browser
 Lynx is a fully-featured World Wide Web (WWW) client for
 users running cursor-addressable, character-cell display
 devices (e.g., vt100 terminals, vt100 emulators running on
 PCs or Macs, or any other "curses-oriented" display). It
 will display hypertext markup language (HTML) documents
 containing links to files residing on the local system, as
 well as files residing on remote systems running Gopher,
 HTTP, FTP, WAIS, and NNTP servers.


-- 
Roland Bauerschmidt <[EMAIL PROTECTED]>


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: ITP: penguin command

[Peter Palfrader]

Hi Bernhard!

On Sat, 02 Sep 2000, Bernhard Josef Rieder wrote:

> Package: penguin-command  
>  
> Section: non-free/games   
>  
> Depends: ${shlibs:Depends}
>  
> Description: Penguin Command  
>  
>  This is a clone of the classic "Missile Command" Game,   
>  
>  but it has better graphics and music. The gameplay has   
>  
>  only been slightly modified. Penguin Command is  
>  
>  completely licensed under the GPL, excluding the music.  
>  

Is it possible to play the game without the music? If so you might
consider placing it in main with a Recommends: or Suggests: for
the non-free music.

yours,
peter

PS: Did you file your ITP as a bug against wnpp?
-- 
PGP encrypted messages preferred.
http://www.cosy.sbg.ac.at/~ppalfrad/
[please CC me on lists]

ITP: penguin command

[Bernhard Josef Rieder]

Package: penguin-command
   
Section: non-free/games 
   
Depends: ${shlibs:Depends}  
   
Description: Penguin Command
   
 This is a clone of the classic "Missile Command" Game, 
   
 but it has better graphics and music. The gameplay has 
   
 only been slightly modified. Penguin Command is
   
 completely licensed under the GPL, excluding the music.
   
 If you have any suggestions or comments, then write a mail 
   


I hope there was no ITP for this one before. The packages are
ready and I am waiting for the OK from the author.


Help: I NEED A SPONSOR!


Bernhard



pgpWwZoFITsco.pgp
Description: PGP signature

Re: Free Pine?

[Anthony Towns]

On Fri, Sep 01, 2000 at 07:47:57PM -0500, Branden Robinson wrote:
> On Fri, Sep 01, 2000 at 01:26:53PM -0500, Steve Greenland wrote:
> > > First of all, by this message you have our permission to distribute a
> > > modified version of IMAPD.
> > That to me says Debian has permission to re-distribute our modified
> > version, but that people who recieve it from us do not, unless they too
> > ask permission ("We do expect and appreciate..."). Non-free.
> Right, it fails DFSG 7.  Anthony Towns and Raul Miller don't seem too
> concerned about it (see their followups to my -legal message of August
> 23rd), however.

Huh?

I replied to your assertion that ``Otherwise, I think we will in fact
be unable to distribute UW's IMAPD, and should never have done so in
the first place.''. We're not unable to distribute it, we'd just have
to distribute it in non-free.

And no, I'm not too concerned about it, I don't care about IMAP at all,
and I'm not overly worried about software being in non-free.

Cheers,
aj

-- 
Anthony Towns <[EMAIL PROTECTED]> 
I don't speak for anyone save myself. GPG signed mail preferred.

  ``We reject: kings, presidents, and voting.
 We believe in: rough consensus and working code.''
  -- Dave Clark


pgpRlYInTNxcQ.pgp
Description: PGP signature

Re: Free Pine?

[Branden Robinson]

On Fri, Sep 01, 2000 at 01:26:53PM -0500, Steve Greenland wrote:
> > First of all, by this message you have our permission to distribute a
> > modified version of IMAPD.
> 
> That to me says Debian has permission to re-distribute our modified
> version, but that people who recieve it from us do not, unless they too
> ask permission ("We do expect and appreciate..."). Non-free.

Right, it fails DFSG 7.  Anthony Towns and Raul Miller don't seem too
concerned about it (see their followups to my -legal message of August
23rd), however.

> If she had written just "We appreciate..." I'd be comfortable putting it
> in free.

Yes, as I said in that same message, they really are quite close to a
DFSG-free license.  The trouble is, they don't appear to know it.

-- 
G. Branden Robinson |A committee is a life form with six or
Debian GNU/Linux|more legs and no brain.
[EMAIL PROTECTED]  |-- Robert Heinlein
http://www.debian.org/~branden/ |


pgpnHFFy3gJ31.pgp
Description: PGP signature

Re: Security of Debian SuX0r?

[Peter Palfrader]

Hi Roland!

On Fri, 01 Sep 2000, Roland Bauerschmidt wrote:

> On Fri, Sep 01, 2000 at 06:21:51PM -0500, Joseph Carter wrote:
> > 751 seems more reasonable IMO.
> 
> This sounds also reasonable for me. And because of the x-bit UserDirs,
> etc. should work. Does anyone objects if I change this with the next
> upload of adduser? Consider that this is only the default behaviour,
> if you still want 755 home-directories you just have to change the
> value in /etc/adduser.conf.

I'ld prefer keeping 755 as a default.

yours,
peter
[Mail-Fup2 honored]
-- 
PGP encrypted messages preferred.
http://www.cosy.sbg.ac.at/~ppalfrad/
[please CC me on lists]

Re: Security of Debian SuX0r?

[Roland Bauerschmidt]

On Fri, Sep 01, 2000 at 06:21:51PM -0500, Joseph Carter wrote:
> 751 seems more reasonable IMO.

This sounds also reasonable for me. And because of the x-bit UserDirs,
etc. should work. Does anyone objects if I change this with the next
upload of adduser? Consider that this is only the default behaviour,
if you still want 755 home-directories you just have to change the
value in /etc/adduser.conf.

Roland

-- 
Roland Bauerschmidt <[EMAIL PROTECTED]>


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Security of Debian SuX0r?

[Jonathan D. Proulx]

On Fri, Sep 01, 2000 at 05:40:15PM -0500, Roland Bauerschmidt wrote:
:On Wed, Aug 30, 2000 at 02:57:20PM +0300, Juhapekka Tolvanen wrote:
:> Kurt Seifried
:
:While we are at it. Kurt critizes that adduser creates home
:directories readable for all users by default. The woody version has
:an option in /etc/adduser.conf to change it to any value you
:want. Shall we make something like 700 default? It would break some
:things like "UserDir public_html" in Apache, etc.

Anything less than 700 breaks RSA authentication for ssh.  A point to
consider though I'll gladly concede that anyone using RSA keys ought
to know what permissions they want on their home directory and how to
change them.

-Jon


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Security of Debian SuX0r?

[Bob Bernstein]

On Fri, Sep 01, 2000 at 05:40:15PM -0500, Roland Bauerschmidt wrote:

> Shall we make something like 700 default?

No. Resist the urge to dumb things down. Better to insist on intelligent,
responsible users who have been educated, and have educated themselves,
about the realities of computer security rather than lull them into a false
sense of security. chmod 700 will set them up for nasty surprises on other
Unix accounts they may come to use.

The reality is that if you must keep something private then encrypt it (pgp
-c my_secrets.txt). Anything less than that represents ceding control over
your privacy to other parties, whether it be the operating system, the
network configuration, or whatever. Encourage users to be responsible for
security *themselves*.

My $0.02 worth...

-- 
Bob Bernstein
at
Esmond, R.I., USA


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Security of Debian SuX0r?

[Joseph Carter]

On Sat, Sep 02, 2000 at 10:07:04AM +1100, Herbert Xu wrote:
> > want. Shall we make something like 700 default? It would break some
> > things like "UserDir public_html" in Apache, etc. In my school server
> 
> You could make it 711.

751 seems more reasonable IMO.

-- 
Joseph Carter <[EMAIL PROTECTED]>   GnuPG key 1024D/DCF9DAB3
Debian GNU/Linux (http://www.debian.org/) 20F6 2261 F185 7A3E 79FC
The QuakeForge Project (http://quakeforge.net/)   44F9 8FF7 D7A3 DCF9 DAB3

"What is striking, however, is the general layout and integration of the
system.  Debian is a truly elegant Linux distribution; great care has
been taken in the preparation of packages and their placement within the
system.  The sheer number of packages available is also impressive"


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Security of Debian SuX0r?

[Herbert Xu]

Roland Bauerschmidt <[EMAIL PROTECTED]> wrote:

> want. Shall we make something like 700 default? It would break some
> things like "UserDir public_html" in Apache, etc. In my school server

You could make it 711.
-- 
Debian GNU/Linux 2.2 is out! ( http://www.debian.org/ )
Email:  Herbert Xu ~{PmV>HI~} <[EMAIL PROTECTED]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Bug#70269: automatic build fails for potato

[Antti-Juhani Kaijanaho]

On 2901T104626-0500, Steve Greenland wrote:
> find. The policy manual says look in build-essential. The control
> file for Build-essential says look in policy manual

The policy manual says look for the *informational* list in
build-essential.  build-essential says look for the *definition* in the
policy manual.  I don't see the problem.

> and includes two
> different list files, one of which is completely pointless, the other of
> which has the needed info buried in the middle of a bunch of definitions
> and syntax. 

I wonder why I haven't seen a bug report from you about this.

> Just put the list on the
> website,

It is in the website, starting yesterday.

> Why are people determined to make information so hard to find?

Why are people determined to make pointless rants instead of filing
useful bugs?

-- 
%%% Antti-Juhani Kaijanaho % [EMAIL PROTECTED] % http://www.iki.fi/gaia/ %%%


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Security of Debian SuX0r?

[Roland Bauerschmidt]

On Wed, Aug 30, 2000 at 02:57:20PM +0300, Juhapekka Tolvanen wrote:
> Kurt Seifried

While we are at it. Kurt critizes that adduser creates home
directories readable for all users by default. The woody version has
an option in /etc/adduser.conf to change it to any value you
want. Shall we make something like 700 default? It would break some
things like "UserDir public_html" in Apache, etc. In my school server
I put all public stuff on some other location and create symlinks in
the home-directories and use "UserDir /foo/bar/*/public_html" which
works absolutely perfect. Any comments?

Roland

-- 
Roland Bauerschmidt <[EMAIL PROTECTED]>


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Bug#70269: automatic build fails for potato

[Hamish Moffatt]

On Fri, Sep 01, 2000 at 01:55:09PM -0500, Steve Greenland wrote:
> Those people would be equally well served by a note or check at the
> beginning of the debian/rules file; we didn't need policy and a new
> control file headers for that.

That sounds like an ideal addition to debhelper; wouldn't that be ironic?

Hamish
-- 
Hamish Moffatt VK3SB <[EMAIL PROTECTED]> <[EMAIL PROTECTED]>


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Bug#70269: automatic build fails for potato

[Hamish Moffatt]

On Fri, Sep 01, 2000 at 04:35:53AM -0500, Branden Robinson wrote:
> On Fri, Sep 01, 2000 at 12:04:23AM +1100, Hamish Moffatt wrote:
> > On Tue, Aug 29, 2000 at 10:37:01PM -0500, Branden Robinson wrote:
> > > Purists happen to be whoever disagrees with Hamish Moffat.  Cf. his

> > By the way, please watch your spelling.
> 
> If you'd proofread all my package descriptions for me I'd appreciate it.

I was referring to your hideous misspelling of my name.
It's common courtesy to spell someone's name correctly,
a courtesy I have always extended to you.


Hamish
-- 
Hamish Moffatt VK3SB <[EMAIL PROTECTED]> <[EMAIL PROTECTED]>


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: multiple dependancies on the same package?

[Roland Bauerschmidt]

On Fri, Sep 01, 2000 at 01:59:00PM -0400, Richard A Nelson wrote:
> Would the following work as expected:
> Depends: sendmail (>= 8.9.3), sendmail (<< 8.9.4)

libapache-mod-ssl does it:

Package: libapache-mod-ssl
Version: 2.6.4-1.3.12-1
Priority: optional
Section: non-US
Maintainer: Miquel van Smoorenburg <[EMAIL PROTECTED]>
Depends: libc6 (>= 2.1.2), libdb2 (>= 1:2.4.14-7), libssl09, openssl, apache 
(>= 1.3.12-1) | apache-perl (>= 1.3.12-1), apache (<= 1.3.12-99) | apache-perl 
(<= 1.3.12-99), make
Suggests: libapache-mod-ssl-doc
Architecture: i386
Filename: 
dists/unstable/non-US/main/binary-i386/libapache-mod-ssl_2.6.4-1.3.12-1.deb
Size: 228730
MD5sum: bb7b536e6fde97253a6a5a5c0df33bed
Description: Strong cryptography for Apache
 This Apache module provides strong cryptography for the Apache 1.3 webserver
 via the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS
 v1) protocols.
 .
 [...]

Roland

-- 
Roland Bauerschmidt <[EMAIL PROTECTED]>


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Bug#70269: automatic build fails for potato

[Joey Hess]

Steve Greenland wrote:
> So I'm supposed to go back and figure out if my packages can be
> successfully built with debhelper 2.0.58? If so, how can I -- is there
> a complete archive of all released debhelpers somewhere?

Please read the bottom of http://cgi.debian.org/cgi-bin/bugreport.cgi?bug=51898
There's a 5 step checklist, and a slighlty longer checklist, depending
on how well you want to do it. If you want to do it at all.

> this is going to happen. Instead, I'll just (probably automatically)
> update my build-depends line to the version of debhelper that's
> installed on my machine. So the de-facto requirement is going to be
> "a nearly current version of debhelper". The same is true for the
> build-essential packages -- nobody is going to go back and check their
> stuff against old versions of gcc and make. Admittedly, those are much
> slower moving targets...but dpkg-dev isn't, necessarily.

I agree. I actually don't see much evidence that they're slower moving.

Since we all arn't experts on incomapatable changes added to make, gcc,
debhelper, etc, etc, and we probably don't have an unlimited amount of
time to research them, document them, or write automated tools to detect
them, I think the best we can do is add versions to the build-depends 
line if bugs are filed.

> Mine don't. Or rather, the version needed is sufficiently old that I
> have no idea what it might be. 

It's probably approximatly 2 years old. That's how far back I had to go
to find versions of debhelper that my packages.

-- 
see shy jo


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Bug#70269: automatic build fails for potato

[Joey Hess]

Manoj Srivastava wrote:
>   I think that since every package using a helper package seems
>  to need a versioned dependency

I don't see any reason why versioned build-dependancies on debhelper are
any more common that versioned build dependancies on say, the C
compiler. Not to mention the C++ complier!

FWIW, the build dependancies of my packages on debhelper are, I believe,
pretty close to correct. Out of 72 packages, 4 have versioned debhelper
build dependancies. Small sample, but it doesn't seem particularly
overwhelming. I have a like number of versioned build-depends on other 
packages, and I doubt I've caught as many of the places versioned
build-depends are needed with non-debhelper packages.

See my response to bug #51898 for a more comprehensive discussion
of the type of situation where versioned debhelper build dependancies 
are needed. FWIW, a quick peek at make's NEWS file finds that between 
the current version and version 3.78, about 7 changes have been 
made to make that, if used, could result in similar situations. For
example:
  - If you use $(if ...) in a makefile, you must build-depend on make
3.78.
  - If you use dh_shlibdeps -X, you must build-depend on debhelper
2.0.76

I really don't see the difference, I really don't see any evidence that
debhelper is more guilty of this type of change than make, or the C/C++
compilers, and so I really don't see where you're coming from.

-- 
see shy jo, sick of unsubstantiated, FUD


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Bug#70269: automatic build fails for potato

[Joey Hess]

Wichert Akkerman wrote:
> dpkg-dev is an extremely stable interface, something you can not
> say for debhelper.

Prove it. (See my earlier message about make.)

-- 
see shy jo, pissed off


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

ITP hodie

[Christian T. Steigies]

Been tortured by your latin teacher with Asterix, the Gaulle? You always
wanted to impress him? Well, then hodie is for you.

What does it do?
 It has the same functionality as the date (1) program, only... It
 has it in grammatically correct latin.

It is distributed under the MIT license.

Christian


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]