Re: flash plugin from ubuntu (was: flashplugin-nonfree and latest Flash security updates)
On Mittwoch, 3. August 2016 22:55:25 CEST Luedtke, Nicholas (HPE Linux Security) wrote: > This sounds like a bad idea and if done needs to be accompanied by a lot of > documentation. Why? It's certainly less of a security hazard than the current flashplugin- nonfree package. > > -Nicholas > > From: Holger Levsen > Sent: Wednesday, August 3, 2016 4:03:32 PM > To: debian-security@lists.debian.org > Cc: Bart Martens > Subject: Re: flash plugin from ubuntu (was: flashplugin-nonfree and latest > Flash security updates) > On Wed, Aug 03, 2016 at 10:46:33PM +0200, Stefan Fritsch wrote: > > Maybe the flashplugin-nonfree package should even be replaced by a package > > that installs the ubuntu archive signing key, sets up the sources.list > > line, and tweaks the unattended-updates config to allow automatic updates > > from that repo. > please, no. > > > -- > cheers, > Holger
Re: Call for testing: upcoming wordpress security update
I probably should login and fix that. On Wed, Aug 3, 2016 at 12:09 AM donoban wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > On 08/01/2016 11:30 AM, donoban wrote: > > On 08/01/2016 10:28 AM, Salvatore Bonaccorso wrote: > >> Hi > > > >> We would like to expose the packages for the upcoming wordpress > >> update a bit for additional testing. Please find them at > > > >> https://people.debian.org/~carnil/tmp/wordpress > > > >> and report any problem *introduced* by updating to these packages > >> directly to t...@security.debian.org and including Craig Small > >> . > > > >> Thanks in advance, > > > >> Regards, Salvatore > > > > > > Hi, > > > > Pretty off-topic, time ago I read this on Debian wiki: > > > > wiki.debian.org/WordPress#Upgrading_the_installed_WordPress_version > > > > When I saw it I thought, "this breaks the Debian package upgrade > > policy, but maybe this package is an exception". > > > > Now your email confirms WordPress packages respect Debian policy > > and the Wiki is wrong. > > > > Regards. > > > > You spend a lot of time and effort backporting bugfixes for old > versions of programs and then your Wiki says: "Ey dude, delete all > this stuff an download it from upstream". > -BEGIN PGP SIGNATURE- > Version: GnuPG v2 > > iQIcBAEBCAAGBQJXoKmDAAoJEBQTENjj7Qilz/UP/iGtpDZJ69JJByXMnxNa/7eS > Axe+wbbrVtsrhVENOvF5QkS8O4oASEnonx3IuWT7ZDN2T4SuYTNwaKIPfYk0Hhlj > pS3qh/7oyp2g/VPAWpU5u20NMIVTpMXlvJrqFgoyans5/f1N+YBKkYbAv11p9ok3 > JDnYYzuWvZFUGdL4exvvmXJ9VZpngH5N6NE2k/8g1TSsKq4WI68El5f3QFgboZZv > s3powMQQld1C4YeTxkw4UISBQ7GJPC8QRO+zDE0ekBGtkPvME4gVQBsRpgMCtAGC > MBHbhWOwUTCAl7TSIBwEw3GxigVgnYEG6s4D9DA8iE5FB+oXt4Kmb2B0XHbiyLTN > VYZ7js/f4WMqNncadfLCGKpJn4QfJHXhI6StZ0szqoJwspyXTshFHneaqZCXNCJ3 > 82qnNEVAkXhV5/95U3YJ1bYUSVv63P/ynV10/XuYPRU6h2Q8yzGHX1SNoWr/yfdl > g59jEIGLMqjA0D/aA5fIgohP/MVgPFuGoNvxRR13fTgF3JtgnDw9eksgQCKY1GzG > IoTygfa/l35ICcV5Cvbz7UugHx4hjnZvMSnlTpuel+t/EQPKf5B/mFeRdGDNGxGD > /90oisr9Zp3QlIOiBRjOAkpm7tvA6bHBP3dNtVXWvav1Ob7IItVKTEwoT/ebEAez > uRSucg2npQIVSdXaEwTT > =ArAe > -END PGP SIGNATURE- >