again!
An upload to s-p-u would be great.
Thanks,
--
Matt Taggart
m...@lackof.org
what the package is supposed to do (at least when using
riseup as provider, maybe there is a way to point it elsewhere?) I think
this is grave. Also I think it might be a good candidate for being fixed
in a stable release update.
Thanks,
--
Matt Taggart
m...@lackof.org
oved error and maybe point to documentation about how it works.
In my case it was "no EFI partition", but others in this bug report have
alluded to things like efivars, the BIOS locking things down, etc. So
some additional sanity checks of these things would be nice.
Thanks,
--
Matt Taggart
m...@lackof.org
ient large cohorts genome-wide Bayesian mixed-model
association testing
bolt-16 - Post-link optimizer
golang-github-boltdb-bolt-dev - low-level key/value database for Go
So it's a popular name it seems.
WNPP doesn't list anything related.
--
Matt Taggart
m...@lackof.org
.
Thanks,
--
Matt Taggart
m...@lackof.org
plications. So maybe the first step is a clear
policy of what is appropriate for popcon to do, and the things that
aren't should be WONTFIX.
Thanks,
--
Matt Taggart
m...@lackof.org
Depends? But I guess it's possible to use
virt-manager to manage VMs without ever needing to launch virt-viewer,
so maybe Suggests is correct there as well.
For those running into this, the work around is to use
'--no-install-recommends' as Karl mentioned in the original report.
Thanks,
--
Matt
-cache search virt-builder' find it. But I guess I would not list
them _all_, so maybe the ones that are often mentioned in documentation
and maybe a generic catch-all like "contains many virt-* utilities for
interacting with and manipulating VM disk images".
Thanks,
--
Matt
(at least for a while,
eventually some sort of logged warning might be nice).
Thanks,
--
Matt Taggart
m...@lackof.org
microcode if that is
still installed, and then newer)
Please report back what you find and also lscpu output so we know what
CPU this is in particular.
Thanks,
--
Matt Taggart
m...@lackof.org
://comsec.ethz.ch/research/microarch/inception/
https://github.com/speed47/spectre-meltdown-checker/issues/466
--
Matt Taggart
m...@lackof.org
/6f47a22906b2899412e79a2727355efa9cc8f5bd
Debian needs to figure out if this is something we want in chromium (at
all, disabled at build time, disabled at runtime, etc).
Thanks,
--
Matt Taggart
m...@lackof.org
d to someone
making an extension to disable. "disable-google-search-text-highlights"
I have not attempted to determine if the privacy concerns have been
addressed or the level of potential threat, someone more familiar with
this area should do that.
Thanks,
--
Matt Taggart
m...@lackof.org
On 4/25/23 01:59, Pascal Hambourg wrote:
On 25/04/2023 at 03:24, Matt Taggart wrote:
When in the partitioning and editing a partition, if I am on the
"bootable" option and select, it does not toggle but remains "no". The
screen flashes, bot no change. I have not yet
On 4/26/23 06:16, Cyril Brulebois wrote:
Control: severity -1 important
Matt Taggart (2023-04-25):
As reported in #999811 the haveged package is obsolete starting in
linux 5.6 and newer, as the kernel adopted a similar algorithm and
also stopped blocking /dev/random reads.
I am upgrading
let people know.
If it's going to be removed from Debian, I'm not sure if it's better to
have one last version that informs the user, to silently go away, or
maybe something in the release notes?
Thanks,
--
Matt Taggart
m...@lackof.org
but mark it do not use
and then finish the setup by hand after install.
Thanks,
--
Matt Taggart
m...@lackof.org
artition table after the install.
Sorry for the crappy report, I will try to provide more details when I
get a chance to repeat it.
--
Matt Taggart
m...@lackof.org
ould be
interesting to have something in the Bookworm release notes?
--
Matt Taggart
m...@lackof.org
e, but I think
for SSD based systems it is losing out on the benefits of TRIM/discard
(improved i/o latency, flash wear). Given that it only runs once a week,
I think also there is minimal risk (but it might cause a multiple
seconds decrease in i/o speed depending on drive).
Can you think of a way this could be enabled for upgraded systems as well?
Thanks,
--
Matt Taggart
m...@lackof.org
stable proposed updates or backports soon?
Thanks,
--
Matt Taggart
m...@lackof.org
, disabling it on
systems that don't need it is still worthwhile
Thanks,
--
Matt Taggart
m...@lackof.org
(and know that the answer still might be "sorry, the manufacturer
stopped updating it and we can't support connecting to it").
Good luck,
--
Matt Taggart
m...@lackof.org
d security as the status quo."
* sk-ssh-ed25...@openssh.com is the defaults lists now
The rest of ssh-audit's recommendations from your report are still
valid, see #774711 for more info
--
Matt Taggart
m...@lackof.org
ent
surprises (at the risk of continuing to support something that upstream
drops from the default).
When I set out to write this, I was hoping everything in the original
report had been dealt with by now, there has been a lot of progress
upstream. But it seems there are still a few things left, let push to
get this done!
Thanks,
--
Matt Taggart
m...@lackof.org
/ points to the following:
https://github.com/draios/sysdig
So maybe:
* update the Homepage in debian/control to https://sysdig.com
* adjust Source in debian/copyright to https://github.com/draios/sysdig
Thanks,
--
Matt Taggart
m...@lackof.org
guide
https://www.ssh-audit.com/hardening_guides.html
that was inspired by the original stribika.github.io page mentioned here.
I like Mathew's idea of aiming for a config that scores well, with
commented out configs for enabling compatibility for older clients.
--
Matt Taggart
m...@lackof.org
iles in /etc/sysfs.d/... I checked to see
what sysctl does and they have separate manpages for sysctl.conf and
sysctl.d, so I guess that's an option too.
Thanks,
--
Matt Taggart
m...@lackof.org
those commits fix the leaks (and maybe
confirm there aren't any others introduced since 2014) and then also for
upstream to release a new version with the fixes.
Thanks,
--
Matt Taggart
m...@lackof.org
installed on all systems with systemd like procps is. So now
I am unsure which is the best way to implement.
What do you think?
Thanks,
--
Matt Taggart
m...@lackof.org
expecting that once
a new /sys/ interface shows up, if there exist things in
/etc/sysfs.{conf,d/*} that match it should apply them? I'm not sure how
that should be implemented.
--
Matt Taggart
m...@lackof.org
, mostly the
comments already in the default file and some pointers to the other places.
--
Matt Taggart
m...@lackof.org
support on the other inetd servers.
So I think this can be closed, yay!
--
Matt Taggart
m...@lackof.org
platforms as well
https://doc.coreboot.org/contributing/project_ideas.html#libpayload-based-memtest-payload
That would be a great goal (but maybe just getting a common working code
base would be a good start).
--
Matt Taggart
tagg...@debian.org
I found this idea in
the coreboot wiki to make a memory tester payload that wasn't x86
specific (well, might still have x86 specific support, but would also
work elsewhere)
https://doc.coreboot.org/contributing/project_ideas.html#libpayload-based-memtest-payload
Thanks,
--
Matt Taggart
tagg
o nowadays…
When I run that on a vc I get a brief error flash by about not being
able to open an audio device and then BB runs, but no audio (even though
I selected it). But at least it doesn't hang.
--
Matt Taggart
tagg...@debian.org
When will this get fixed in buster? I had thought it might go into the
buster stable release update but I don't see it (but also it's non-free
so weird).
--
Matt Taggart
tagg...@debian.org
quickly with 99% of system libraries being under 1MB.
strip(1) doesn't seem to reduce it, but maybe there is some bloat in
there that's not supposed to be?
Thanks,
--
Matt Taggart
tagg...@debian.org
in Debian. The best docs I've
found so far was this Arch wiki link
https://wiki.archlinux.org/index.php/VLAN
but that seems like maybe it's more complicated than it needs to be. So
this is also a wishlist for better docs of the "right" way to be doing
this in buster and newer.
Thanks
you want me to try anything.
This seems important enough to fix in a stable update.
--
Matt Taggart
tagg...@debian.org
needs to
happen for this to change?
Thanks,
--
Matt Taggart
tagg...@debian.org
versions have happened since the current debian
latest (this might require info about multiple uscan results?).
* delta from debian version to upstream version (arbitrary and can't be
compared package to package, but might still be interesting)
Maybe there are more?
Thanks,
--
Matt Taggart
tagg
On 4/23/20 4:24 PM, Noah Meyerhans wrote:
On Thu, Apr 23, 2020 at 03:34:06PM -0700, Matt Taggart wrote:
fq_codel is better in every way than pfifo_fast and I am unaware of any
reason why it would not be a better default. (but don't trust me, ask the
kernel networking experts)
Isn't CAKE
defaults that should change too? like tcp_ecn,
syncookies, BBR, etc
* what are upstream kernel defaults and why?
--
Matt Taggart
tagg...@debian.org
libmikmod3: 3.3.11.1-4
--
Matt Taggart
tagg...@debian.org
://
https://github.com/WICG/ScrollToTextFragment
Based on those I then searched for "TextFragment" which found a lot more
(but I don't know which are relevent).
Maybe someone who understands the chromium source can investigate further.
Thanks,
--
Matt Taggart
tagg...@debian.org
t
/etc/apache2/conf-available/smokeping.conf that is enabled by default."
and the talk about the needed modules and maybe how to a2disconf it and
Include it in another conf instead, etc.
Thanks,
--
Matt Taggart
tagg...@debian.org
On 1/25/20 9:31 AM, Sean Whitton wrote:
Hello Matt, others,
On Mon 13 Jan 2020 at 02:05PM -08, Matt Taggart wrote:
I am working on creating a new package and I have chosen use the
'dgit-maint-merge' method of packaging (see dgit-maint-merge(7) in the
dgit package).
This method (and some
akes sense that the generated image is not listed in
/boot/grub/device.map
Thanks,
--
Matt Taggart
tagg...@debian.org
but that it didn't make it in the current version in unstable. So when
it makes sense, please consider a new version in unstable (and maybe a
buster backport when it goes into testing).
Thanks,
--
Matt Taggart
tagg...@debian.org
debian/source/patch-header with a description of how to get
changes to the upstream source. I guess this should be a template that
fills in package name and git repo?
For #3 and #4 see the dgit-maint-merge(7) manpage for examples and
explanation.
--
Matt Taggart
tagg...@debian.org
do you think?
Thanks,
--
Matt Taggart
tagg...@debian.org
on solving #314 first?
Anyway hopefully a new upstream is coming soon and it would be good to
make available for stretch/buster.
Thanks,
--
Matt Taggart
tagg...@debian.org
On 10/8/19 2:06 PM, Moritz MĂĽhlenhoff wrote:
> On Mon, Sep 30, 2019 at 09:34:46AM -0700, Matt Taggart wrote:
>> Hi,
>>
>>
>> I think it's fine for check-mk to be removed from unstable, if it does
>> end up in Debian again it will be repackaged and should go thro
k. What I need to do next is investigate icinga2's equivalent
functionality and see if that's a good replacement option.
I think it's fine for check-mk to be removed from unstable, if it does
end up in Debian again it will be repackaged and should go through NEW
again anyway.
Thanks,
-
I have also confirmed the patch to fix serial console that was sent to
#695873 works. I was applying it to 5.01-3, building on buster,
installed and booted fine. Please apply.
Thanks,
--
Matt Taggart
tagg...@debian.org
: warning: please specify --no-rename explicitly, the default
will change to --rename in 1.20.x
Removing 'diversion of /usr/bin/ldd to /usr/bin/ldd.REAL by fakechroot'
Buster released with dpkg 1.19.7, so probably this will break once dpkg
development resumes in testing.
Thanks,
--
Matt Taggart
ot/lib/klibc-*': No such
file or directory
--
Matt Taggart
tagg...@debian.org
l, chownat https://samy.pl/chownat/ ,
which might make sense for whomever packages this to also package.
--
Matt Taggart
tagg...@debian.org
there is one that is being maintained and is generic
enough to replace what the others do so we don't need to maintain all
these things.
Submitters/participants, please reply to your bugs (trim cc list
accordingly) and let us know what's going on with these.
--
Matt Taggart
tagg...@debian.org
it.
Thanks,
--
Matt Taggart
tagg...@debian.org
signature.asc
Description: OpenPGP digital signature
e.
Thanks!
--
Matt Taggart
tagg...@debian.org
on
moving to it by default
https://www.phoronix.com/scan.php?page=news_item=Fedora-30-LUKS2-Default
Thanks,
--
Matt Taggart
tagg...@debian.org
7f196eaad000)
libvorbisenc.so.2 => /usr/lib/x86_64-linux-gnu/libvorbisenc.so.2
(0x7f196e804000)
libresolv.so.2 => /lib/x86_64-linux-gnu/libresolv.so.2
(0x7f196e5ed000)
libgpg-error.so.0 => /lib/x86_64-linux-gnu/libgpg-error.so.0
(0x7f196e3d9000)
===
So it seems to be using 1.62 boost libraries (rather than the 1.67 also
provided in stretch).
--
Matt Taggart
tagg...@debian.org
on debirf, includes stress-ng
and some other good tools. that might be a reason for/against debirf
doing so)
Thanks,
--
Matt Taggart
tagg...@debian.org
components make
sense to include in debian in order to provide a reasonable support for
developing and deploying Solid applications.
On https://solid.inrupt.com/community under "Packaging" they state they
would like to get distro packages created.
--
Matt Taggart
tagg...@debian.org
/faircoin/faircoin
--
Matt Taggart
tagg...@debian.org
/ now redirects to
https://metacpan.org/release/Cache-Memcached-Fast
https://github.com/kroki/Cache-Memcached-Fast now now redirects to
https://github.com/JRaspass/Cache-Memcached-Fast
For Homepage I guess use the metacpan page?
Thanks,
--
Matt Taggart
tagg...@debian.org
signature.asc
[0403]: Intel Corporation Xeon E3-1200 v3/4th Gen
Core Processor HD Audio Controller [8086:0c0c] (rev 06)
00:1b.0 Audio device [0403]: Intel Corporation 8 Series/C220 Series
Chipset High Definition Audio Controller [8086:8c20] (rev 04)
--
Matt Taggart
tagg...@debian.org
or if secure session cookies in non-SSL environments are required.
Is that always used or optional?
--
Matt Taggart
tagg...@debian.org
re IP like "url=10.0.0.5"
3) I guess IPv6 is possible too? "url=fd00:9:152:48:1822::162:199"
(or maybe it's "url=[fd00:9:152:48:1822:ffff:162:199]"?)
Thanks,
--
Matt Taggart
tagg...@debian.org
).
Then with 'gnt-instance add -o ' one could use debootstrap+whatever to
get the various things.
The only downside I can think of is having to maintain that list over time.
What do you think?
Thanks,
--
Matt Taggart
tagg...@debian.org
128-...@openssh.com,hmac-sha2-512,hmac-sha2-256,\
umac-...@openssh.com
===
--
Matt Taggart
tagg...@debian.org
, download the netboot.tar.gz/SHA256SUMS and stick them in the
cache, and then use the --offline flag.
--
Matt Taggart
tagg...@debian.org
allow for calling di-netboot-assistant
from other tools (scripts, puppet, etc)
* update the comments in di-sources.list explaining dailys aren't signed
and will result in the warning prompt
* the 'Today' URL in the comments no longer exists, I couldn't find a
good replacement
--
Matt Taggart
m
ript exist with an error
/usr/bin/di-netboot-assistant: line 56: HOME: unbound variable
It's easy to repeat, just 'unset HOME'. Removing the -u from the set
allows it to work fine (since the if on line 56 is just false when $HOME
isn't set).
--
Matt Taggart
tagg...@debian.org
ess if you
go that route, wait until one of them needs another change anyway?
--
Matt Taggart
tagg...@debian.org
/main/installer...
I don't know if this is just some mirrors or everywhere, but not having
it resulted in an error for me (it resolved to cdn-aws.deb.debian.org)
Thanks,
--
Matt Taggart
tagg...@debian.org
canonical.
The Download URL listed in the source README is
http://www.kernel.org/pub/linux/utils/net/iproute2/
and that works and appears to be up to date.
FYI- The wikipedia page also has the same broken links
https://en.wikipedia.org/wiki/Iproute2
Probably upstream needs to fix things?
--
Matt
/speculativeexecution
https://access.redhat.com/articles/3311301
But I couldn't find any reference to microcode versions.
--
Matt Taggart
tagg...@debian.org
suspect that URL might be specific to the 20171117 version.
Hopefully you can find a more generic URL for the latest version.
Thanks,
--
Matt Taggart
tagg...@debian.org
this will be and when it will happen?
Thanks,
--
Matt Taggart
tagg...@debian.org
There is a similar bug in Red Hat Bugzilla,
https://bugzilla.redhat.com/show_bug.cgi?id=1306522
which is "CLOSED WONTFIX" and indicates that upstream doesn't support
badblocks on large devices (maybe doesn't support badblocks at all?)
Maybe #76636 should do the same?
--
Matt Ta
please let us know when people can
help test.
Thanks,
--
Matt Taggart
tagg...@debian.org
mentions it should become available in samba 4.8 (currently not
yet released or in Debian).
--
Matt Taggart
tagg...@debian.org
providing _some_ support?
BTW when poking around I found references to this github page
https://github.com/Netatalk/Netatalk
Did upstream move there? Or is it a fork/clone? There are issues in the
issue tracker there too.
Thanks,
--
Matt Taggart
tagg...@debian.org
Package: knot-resolver
Version: 1.3.3-1
Severity: wishlist
Hi,
It looks like knot-resolver has it's own Homepage now
https://www.knot-resolver.cz/
Please consider updating debian/{control,copyright}
Thanks,
--
Matt Taggart
tagg...@debian.org
Package: getdns
Version: 1.1.0-2
Severity: wishlist
Hi,
It looks like there is a new getdns upstream version 1.2.0 with some
cool new features
https://getdnsapi.net/releases/
Please consider updating, and also backporting to stretch once it enters
testing.
Thanks!
--
Matt Taggart
tagg
here in order to at least have something working without the security bugs.
--
Matt Taggart
tagg...@debian.org
on these remaining things and close it, opening another
if needed.
Thanks,
--
Matt Taggart
tagg...@riseup.net
signature.asc
Description: PGP signature
.
Is there another way to accomplish those things? Adding 'set mouse=' to
/etc/vim/vimrc doesn't seem to work.
--
Matt Taggart
tagg...@debian.org
ensuring the data is
unrecoverable before reusing/recycling the drive.
If you know of better options for these tasks I'm happy to switch to
something other than badblocks.
Thanks,
--
Matt Taggart
tagg...@debian.org
,
--
Matt Taggart
tagg...@debian.org
pgp0xF0cpiIyb.pgp
Description: PGP signature
ls within
the orig.tar.gz, so using a normal debian package diff, or even
patching at configure time doesn't work, it has to happen after the
install step runs setup.sh. I am happy for the LTS team to prepare the
wheezy update and I can help with testing. I will work on uploading a
fixed 1.4 version to sid in the next day.
Sound OK?
--
Matt Taggart
tagg...@debian.org
Having popcon gather information about used kernel modules would be
very helpful for a wishlist bug I just filed, #860570
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860570
(in addition to the other reasons previously mentioned)
Thanks,
--
Matt Taggart
tagg...@debian.org
ns. Let me know if I can help.
Thanks,
--
Matt Taggart
tagg...@debian.org
:
* NIST curves
* diffie-hellman-group14-sha1
* diffie-hellman-group-exchange-sha1 (min 2048 now at least)
Ciphers: done!
MACs:
* sha1
* umac-64
Anyone know the upstream status of these remaining things?
Thanks,
--
Matt Taggart
tagg...@debian.org
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package check-mk
The most recent upload fixes #846848 which is the only open RC bug.
Thanks!
unblock check-mk/1.2.8p16-1
--
Matt Taggart
tagg...@debian.org
efore_ stretch releases, but right now I
want to provide a path for people to upgrade via the backport without
needing to change everything at once.
Thanks,
--
Matt Taggart
tagg...@debian.org
pgpMu9DTe_izs.pgp
Description: PGP signature
Daniel Kahn Gillmor writes:
> On Mon 2016-08-29 19:21:49 -0400, Matt Taggart wrote:
> > diskscan would be another good package for the rescue image. It's better
> > testing tool than badblocks (but I'd still keep badblocks in the image).
>
> I'm pretty sure diskscan is
1 - 100 of 694 matches
Mail list logo