On Tue, Aug 02, 2016 at 03:55:58PM +0200, Nicolas Braud-Santoni wrote:
> Please do not upload right now, I am uploading an updated version to
> mentors (updated patch metadata & clarified the changelog)
Updated on mentor.
It might take a few monutes for it to show up on the web interfa
Please do not upload right now, I am uploading an updated version to
mentors (updated patch metadata & clarified the changelog)
signature.asc
Description: PGP signature
Package: sponsorship-requests
Severity: normal
Dear mentors,
I am looking for a sponsor for the package "pam-u2f"
* Package name: pam-u2f
Version : 1.0.4-0.3
Upstream Author : Yubico AG
* URL : https://developers.yubico.com/pam-u2f/
* License :
Hi Lucas,
Your report is in essence a duplicate of #832877 (which is assigned to
ssreflect).
There is an upload pending that solves this issue ;)
Best,
nicoo
PS: I'm not merging those bugs, since they are assigned to different
source packages; after the upload, ssreflect will be
On Sat, Jul 30, 2016 at 01:09:27AM +0200, Nicolas Braud-Santoni wrote:
>
> I fixed those packages and pushed the fixed to the packaging repository.
> Now, a DD form pkg-ocaml needs to review and upload those.
This should obviously be:
> I fixed those packages and pushed the fix to t
Control: tag -1 pending
On Fri, Jul 29, 2016 at 11:08:08PM +0200, Santiago Vila wrote:
> On Fri, Jul 29, 2016 at 10:06:46PM +0200, Nicolas Braud-Santoni wrote:
> > I misunderstood the initial report, sorry about that.
>
> Surprisingly, it happened several times in this
Control: tags -1 - moreinfo unreproducible
On Fri, Jul 29, 2016 at 08:39:33PM +0200, Santiago Vila wrote:
> [...]
>
> You have to do "dpkg-buildpackage -A" in a clean chroot as the bug says.
> [...]
> Please don't mark this as "unreproducible" unless you are really
> unable to reproduce it the
Control: tag -1 unreproducible moreinfo
Hi Santiago,
I have been unable to reproduce this issue (in a sid pbuilder).
Could you confirm it is still ongoing?
Best,
nicoo
On Thu, Jul 14, 2016 at 10:08:57PM +, Santiago Vila wrote:
> Greetings.
>
> I have the ok from the Release Managers
Control: close -1
Hi,
This bug seems to have been fixed a long time ago,
given that we now have Make 4.1, and I can confirm
that the package builds perfectly fine.
Best,
nicoo
On Sat, Aug 24, 2013 at 08:47:02AM -0700, Daniel Schepler wrote:
>
> From my pbuilder build log, using a chroot
Control: close -1
Hi,
Given that advi is meant purely for previewing and presenting DVIs,
it is likely called on trusted inputs.
In any case, I do not think it makes sense to keep around a 6 years old
security bug.
Best,
nicoo
On Tue, Jun 01, 2010 at 11:01:00AM +1000, Paul Szabo wrote:
>
Control: tag -1 upstream
On Sat, Jul 23, 2016 at 08:35:15PM +0200, Ralf Treinen wrote:
>
> Why also does not compile with the current vesion of why3. I talked
> to why upstream about this a few days ago. There will be a new upstream
> release of why soon which will fix this. I suspect this will
Hi Stéphane,
camlduce is not compilable since 2013, and requires an update upstream
to make it work with recent versions of OCaml.
Since you are the upstream developer, I would like to ask you if there
are any plans to make this happen in the forseeable future.
If not, would you be OK with
Control: tag -1 pending
Hi,
I prepared an upload for a new upstream version of camlpdf.
As part of this, I updated the copyright information.
Best,
nicoo
Control: tag -1 pending
Hi,
I prepared an upload for an up-to-date version of aac-tactics,
which (obviously) solves the FTBFS.
I should push it to alioth in the evening.
Best,
nicoo
Control: tag -1 pending
Hi,
I prepared a patch for this, and will push it to the packaging repo
tonight.
Best,
nicoo
Hi,
coq-float and why cannot build under Coq 8.5, leading to two FTBFS bugs.
(Note: This is about why, not why3)
I confirmed that (beyond some mild build-system breakage) the issues
are due to changes in Coq, and neither are still maintained upstream.
As such, I would like to suggest we delete
Package: wnpp
Severity: wishlist
Owner: Nicolas Braud-Santoni <nico...@braud-santoni.eu>
Control: block 813502 by -1
* Package name: golang-github-ovh-go-ovh
Version : 0.0~git20160604.0.d2b2eae-1
Upstream Author : OVH SAS
* URL : https://github.com/ovh/go-ovh
* L
Package: wnpp
Severity: wishlist
Owner: Nicolas Braud-Santoni <nico...@braud-santoni.eu>
Control: block 832080 by -1
* Package name: golang-github-jawher-mow.cli
Version : 0.0~git20160720.0.0de8a76-1
Upstream Author : Jawher Moussa
* URL : https://github.com/
Package: wnpp
Severity: wishlist
Owner: Nicolas Braud-Santoni <nico...@braud-santoni.eu>
Control: block 813502 by -1
* Package name: golang-github-weppos-dnsimple-go
Version : 0.0~git20160204.0.65c1ca7-1
Upstream Author : Scott Barron
* URL : https://github.com/
Package: wnpp
Severity: wishlist
Owner: Nicolas Braud-Santoni <nico...@braud-santoni.eu>
Control: block 813502 by -1
* Package name: golang-github-miekg-dns
Version : 0.0~git20160614.0.5d001d0-1
Upstream Author : Miek Gieben <m...@miek.nl>
* URL : https:
Package: wnpp
Severity: wishlist
Owner: Nicolas Braud-Santoni <nico...@braud-santoni.eu>
Control: block 813502 by -1
* Package name: golang-github-jamesclonk-vultr
Version : 1.8-1
Upstream Author : Fabio Berchtold
* URL : https://github.com/jamesclonk/vultr
* L
On Thu, Jul 21, 2016 at 05:32:24AM +0200, Zlatan Todoric wrote:
>
> All sounds fine but I wish you notified me few days earlier before
> pushing ITPs. I for example have uploaded the shlex package to mentors
> which you seem you're going to duplicate now (it was once in newqueue
> and reject
Package: wnpp
Severity: wishlist
Owner: Nicolas Braud-Santoni <nico...@braud-santoni.eu>
Control: block 810890 by -1
* Package name: golang-github-jimstudt-http-authentication
Version : 0.0~git20140401.0.3eca13d-1
Upstream Author : Jim Studt <j...@studt.n
Package: wnpp
Severity: wishlist
Owner: Nicolas Braud-Santoni <nico...@braud-santoni.eu>
Control: block 810890 by -1
* Package name: golang-github-flynn-archive-go-shlex
Version : 0.0~git20150515.0.3f9db97-1
Upstream Author : Steven Thurgood
* URL : https://gith
Package: wnpp
Severity: wishlist
Owner: Nicolas Braud-Santoni <nico...@braud-santoni.eu>
Control: block 810890 by -1
* Package name: lego
Version : 0.3.1+git20160721.44.b12ce5e-1
Upstream Author : Sebastian Erhart <erh...@lsr.ei.tum.de>
* URL : https:
Hi Zlatan,
I'm taking the liberty to start packaging caddy and its dependencies,
as part of the pkg-go team.
I would be happy to see this package be co-maintained, though,
whether it is by you or Iain.
Best,
nicoo
Thanks a bunch.
Given that this is blocking for another bug,
would it be possible to have a new upload soon-ish?
Best,
nicoo
On Mon, Jul 18, 2016 at 11:15:12AM -0700, Tianon Gravi wrote:
>
> Thanks! I've applied this in Git, and it'll go out with the next upload. :)
Ping?
On Wed, Jul 06, 2016 at 08:05:32PM +0200, Nicolas Braud-Santoni wrote:
>
> Hi,
>
> I backported the upstream commit that solves the issue and tested it
> (by building the package, then rebuilding the Go compiler and standard
> library using the produced compiler).
>
.
Thanks again for the review and sponsoring, and thanks to lamby for
telling me about incoming.debian.org and what to do in this situation.
Best,
nicoo
On Thu, Jul 14, 2016 at 06:57:43PM +0200, Nicolas Braud-Santoni wrote:
> Control: tags -1 - moreinfo
>
> Hi Gianfranco,
>
&g
Control: tags -1 - moreinfo
Hi Gianfranco,
Thanks again for reviewing this.
I have to admit I wasn't aware special care has to be taken for moving files,
now I know!
In any case, I uploaded a new version to mentors.debian.net which takes your
comments
into account.
Best,
nicoo
Control: tags -1 - moreinfo
On Thu, Jul 14, 2016 at 03:39:27PM +, Gianfranco Costamagna wrote:
>
> I opened an upstream ticket, lets see how they feel about this and in case
> I'll sponsor
> it (or please ping if they don't reply)
Hi Gianfranco,
Thanks for taking the time to review and
ge is being upgraded from an old version, since:
- it is a sane permission;
- it should avoid trampling on user-set permissions in most cases.
Please find attached a patch that implements this.
Best,
nicoo
From db11b7fe90ed0367cc6728202208a52bc19fb0c3 Mon Sep 17 00:00:00 2001
From: Nicolas Braud-San
case, and uploaded
an updated version of my fix for docker-registry.
Best,
nicoo
From 2f5bdde25ff5145521e749ae1f0199269dda8297 Mon Sep 17 00:00:00 2001
From: Nicolas Braud-Santoni <nico...@braud-santoni.eu>
Date: Thu, 14 Jul 2016 16:42:48 +0200
Subject: [PATCH] Fix /etc/docker per
-8 (charmap=UTF-8) (ignored: LC_ALL
set to en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
>From bd4355bce6ccea582bf01226060ac1bc53d34cf9 Mon Sep 17 00:00:00 2001
From: Nicolas Braud-Santoni <nico...@braud-santoni.eu>
Date: Thu, 14 Jul 2016 16:42
Package: sponsorship-requests
Severity: normal
Dear mentors,
I am looking for a sponsor for my package "libu2f-server"
* Package name: libu2f-server
Version : 1.0.1-1.3
Upstream Author : [fill in name and email of upstream]
* URL : [fill in URL of upstreams web
Package: sponsorship-requests
Severity: normal
Dear mentors,
I am looking for a sponsor for my package "pam-u2f"
* Package name: pam-u2f
Version : 1.0.4-0.1
Upstream Author : Yubico AG
* URL : https://developers.yubico.com/pam-u2f/
* License : BSD
X-Debbugs-CC: codeh...@debian.org, jw...@debian.org, locutusofb...@debian.org
Hi,
Thanks everyone for the feedback and comments, especially the
explanations regarding symbol versionning.
Sorry for the time it took to reply in here, DebConf kept me
away from my inbox (though I got quite a lot of
Control: block -1 by 830478
Hi,
I attempted to fix this, and it seems to be a simple missing
Build-Depends. However, I discovered that the dependency installs
its source in the wrong directory.
The fix is thus blocked on #830478
Best,
nicoo
Package: golang-github-docker-docker-dev
Severity: serious
Dear Maintainer,
While working on #829237 (FTBFS on systemd-docker), I discovered that
golang-github-docker-docker-dev installs its source under
/usr/share/gocode/${DH_GOPKG} rather than /usr/share/gocode/src/${DH_GOPKG}.
Best,
Package: dh-make
Version: 2.201606
Severity: normal
Dear Maintainer,
When creating a new package with dh-make, it creates in the debian/control
file (commented out) entries for Vcs-Git and Vcs-Browser, as follows:
#Vcs-Git: git://anonscm.debian.org/collab-maint/foo.git
#Vcs-Browser:
gt; mwh
From 4994af5e5f2020fdfade632e238fe263ac799fc9 Mon Sep 17 00:00:00 2001
From: Nicolas Braud-Santoni <nico...@braud-santoni.eu>
Date: Wed, 6 Jul 2016 18:51:41 +0200
Subject: [PATCH 1/2] Make builds deterministic
---
...cmd-go-cmd-link-make-builds-deterministic.patch | 151 +
deb
Control: tags -1 pending
Hi Eduard,
I fixed your patch and pushed it to the packaging repo.
Thanks a lot for making golang-github-kr-binarydist reproducible.
Best,
nicoo
signature.asc
Description: PGP signature
Control: tags -1 + moreinfo
Control: severity -1 important
Control: retitle -1 unison fails to synchronize FS modified under Windows
Hi,
According to the documentation, only file timestamps are
used, not directory timestamps, and fastchecks can be disabled:
X-Debbugs-CC: codeh...@debian.org
Package: sponsorship-requests
Severity: wishlist
Dear mentors,
I am looking for a sponsor for a NMU to the package libu2f-host.
* Package name: libu2f-host
Version : 1.1.2-0.1
Upstream Author : Yubico AG
* URL :
Control: tag -1 help
I didn't realise until now, but dealing with this will require
first getting rid of iniparser (vendored in the upstream repo).
iniparser is a sufficiently vile piece of software that other
prospective packagers have already patched software to use
something saner, as in
X-Debbugs-Cc: debian-de...@lists.debian.org
Package: wnpp
Severity: wishlist
Owner: Nicolas Braud-Santoni <nico...@braud-santoni.eu>
* Package name: cava
Version : 0.4.1
Upstream Author : Karl Stravestrand <k...@stavestrand.no>
* URL : http://karlstav.gi
Control: tag -1 fixed-upstream
On Mon, May 16, 2016 at 10:57:09PM +0200, ge...@riseup.net wrote:
> On 16-05-09 15:13:36, Holger Levsen wrote:
> > > Which suites are we talking about: unstable, testing, ...? Something
> > > else?
> >
> > unstable mostly, jessie is good to know as well :)
>
>
Control: close -1
Upstream Linux kernel now made newinstances the default (and only)
option starting with 4.7-rc2:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=eedf265aa003b4781de24cfed40a655a664457e6
Since bwh told me this will definitely be included in
Control: tags -1 patch
On Tue, Jun 28, 2016 at 11:06:57AM +0200, Nicolas Braud-Santoni wrote:
>
> It seems to me we have two issues at play here:
> - auditd violating the adm group convention;
> - apparmor-notify using a suboptimal mechanism to stream auditd logs.
>
Source: audit
Severity: normal
Dear Maintainer,
The audit source package ships a (custom, patched) copy of libev.
Moreover, it is not listed in the security team's list of code copies:
https://anonscm.debian.org/viewvc/secure-testing/data/embedded-code-copies?view=markup
I discovered
Hi,
On Wed, May 11, 2016 at 08:36:44AM -0400, Steve Grubb wrote:
> On Wednesday, May 11, 2016 09:55:33 AM Laurent Bigonville wrote:
> > Le 09/05/16 à 21:07, intrigeri a écrit :
> > > in Debian, the convention for many log files is to make them readable
> > > by members of the adm group. We're
Package: git-buildpackage
Version: 0.7.5
Severity: minor
Dear Maintainer,
In the gbp-buildpackage(1) manpage, I can read the following:
> All options in the config files must be specified without the 'git-'
> prefix. So e.g. --git-debian-branch=debian/sid becomes in gbp.conf:
>
>
Package: sponsorship-requests
Severity: wishlist
Dear mentors,
I am looking for a sponsor for my package "no-new-privs":
* Package name: no-new-privs
Version : 0.0.2-1
Upstream Author : Nicolas Braud-Santoni <nico...@braud-santoni.eu>
* URL : ht
Package: wnpp
Severity: wishlist
Owner: Nicolas Braud-Santoni <nico...@braud-santoni.eu>
X-Debbugs-Cc: debian-de...@lists.debian.org
* Package name: no-new-privs
Version : 0.0.2
Upstream Author : Nicolas Braud-Santoni <nico...@braud-santoni.eu>
* URL
Control: close -1
Hi,
OK, then it was my fault for not installing headers.
Best,
nicoo
On Mon, May 23, 2016 at 02:51:55PM -0500, Richard Laager wrote:
>
> This is the case with all dkms modules, so the dependency belongs on dkms,
> if anywhere.
>
> I believe it's intentional that it's
On Fri, Jun 24, 2016 at 11:45:27PM +0200, Adam Borowski wrote:
>
> I'm afraid that your upload removes data about an upload from the changelog:
>
> .--
> libu2f-host (1.0.0-1.1) unstable; urgency=medium
Yes indeed.
It turns out that this upload wasn't commited in the packaging repo,
which
Control: tags -1 - moreinfo
Hi Adam,
Sorry for having been kept away from this bug for the last few weeks;
life happened :(
On Thu, Jun 02, 2016 at 06:48:41AM +0200, Adam Borowski wrote:
> control: tags -1 moreinfo
>
> On Thu, Jun 02, 2016 at 01:31:02AM +0200, Nicolas Braud-Sant
Control: close -1
Hi,
Sorry for the late reply, life somehow got in the way of solving the bug.
The machine on which I was encountering the issue died on Friday,
and the x230 that replaces it (the system was dd'ed over without
modification) does not exhibit the problem anymore, so I will assume
Hi,
First, sorry for not answering earlier,
I somehow didn't notice your last message.
I had already run memtest86+.
However, I didn't notice the first time that it froze after ~3 minutes.
I will test again this afternoon with another pair of RAM sticks.
Best,
nicoo
PS: Tag “moreinfo”
Package: sponsorship-requests
Severity: important
Dear mentors,
I am looking for a sponsor for my upload for the libu2f-host package.
It fixes the following RC bug:
#820686: FTBFS - missing build-dep libglib2.0-dev
The package's maintainer team, the Debian Authentication Maintainers, has
Package: sponsorship-requests
Severity: important
Dear mentors,
I am looking for a sponsor for my upload for the libu2f-server package.
It fixes the following RC bug:
#820690: FTBFS - missing build-dep libglib2.0-dev
The package's maintainer team, the Debian Authentication Maintainers, has
Control: tags -1 - patch + pending
The patch was merged in the packaging repo a month ago.
Please upload the updated package.
signature.asc
Description: PGP signature
Control: tags -1 patch
Hi Lunar,
Since the collab-maint process is a tad slower than expected,
I'm sending you the patch here instead.
Best,
nicoo
From 3b953d9f1ad3c2c4941acf26db1bd25f7fa9ce17 Mon Sep 17 00:00:00 2001
From: Nicolas Braud-Santoni <nico...@braud-santoni.eu>
Date: F
Package: zfs-initramfs
Version: 0.6.5.6-2
Severity: important
Dear Maintainer,
After having installed zfs-initramfs, update-initramfs
started failing, indicating that I need to install either
busybox or busybox-static.
Installing the later solved the issue.
-- System Information:
Debian
Package: grub-pc
Version: 2.02~beta2-36
Severity: normal
Dear Maintainer,
On my freshly setup Stretch system, update-grub fails with the following error:
> /usr/sbin/grub-probe: error: failed to get canonical path of
> `/dev/vacuum-crypt'.
This led me to having no grub.cfg file (until I wrote
Package: zfs-dkms
Version: 0.6.5.6-2
Severity: important
Dear Maintainer,
The zfs-dkms module fails to build without kernel headers,
yet there seem to be no dependency set on that package.
The problem was encountered while setting up a root-on-ZFS
stretch system from scratch (using Debian
Control: tags -1 - moreinfo
Hello Francesco,
Sorry for the wrong severity, I'm still somewhat new to contributing to Debian.
Here is the test you wanted, which seems to come back clean:
> % irb
> irb(main):001:0> require 'unicode'
> => true
> irb(main):002:0> Unicode.width("that is")
> => 7
>
Control: tags -1 moreinfo
Holger, what is the expected security improvement?
It's not as if a self-signed cert would make impersonating the onion service
harder, and forward-secrecy on the exchange is provided by the Tor circuit
(using the ntor KEX on Curve25519, if I'm not mistaken).
Hi,
It has been 21 months now, and the portable branch upstream seem to be
again actively maintained. Is it time to revisit this bug?
Regarding packaging in Debian, I use openntpd on most of my systems,
and would be very glad to help maintain the package.
Best,
nicoo
signature.asc
Control: found -1 1.5.8-1~bpo8+1
Hi,
I can confirm that this issue prevents systemd from detecting Unbound failing
- either at startup (for instance due to bad configuration);
- while running;
- because it was stopped with unbound-control.
Could you expand a bit on what is required, re:
Package: lvm2
Version: 2.02.151-1
Severity: important
Dear Maintainer,
Installing lvm2 and immediately attempting to use it fails.
It seems several lvm-related systemd units were installed but not started.
Reloading the systemd units and starting those services (and socket units)
solved the
Control: retitle -1 poco: please upgrade to v1.7.1 or later
Hi Rene,
I contacted the maintainers.
In the absence of any answer, I will push an update to the packaging repo
and request a sponsored NMU.
Best,
nicoo
signature.asc
Description: PGP signature
Control: fixed -1 1.9.1-2
Control: fixed -1 1.9.1-3
Control: close -1 1.9.1-2
thanks
Nevermind, this is implicit when PrivateDevices is set.
Cf systemd.exec(5)
signature.asc
Description: PGP signature
Package: haveged
Version: 1.9.1-3
Severity: important
Dear Lunar,
systemd starts haveged before AppArmor policies are loaded,
making the policy shipped with the package mostly ineffective.
(Shame on me for not noticing when #796374 was closed)
I will push a patch as soon as I get added to
Source: lxc
Severity: normal
User: pkg-apparmor-t...@lists.alioth.debian.org
Usertags: ux
Dear Maintainer,
Packages should not depend on (or recommend) AppArmor.
Please replace the recommendation by a suggestion in future versions.
Best,
nicoo
X-Debbugs-CC: Bastien Roucaries
What's the status on this?
Is it really necessary to wait for a policy decision?
signature.asc
Description: PGP signature
Control: tags -1 patch
Hi,
A patch was submitted, as a pull request against the packaging repo[0].
[0] https://github.com/Yubico/libu2f-server-dpkg/pull/1
signature.asc
Description: PGP signature
Control: tags -1 patch
The previous patch contained a typo in the changelog.
Please find enclosed a fixed version.
Best,
nicoo
From e8a764087c88dc569f5d264cf9e28845499a0efb Mon Sep 17 00:00:00 2001
From: Nicolas Braud-Santoni <nico...@braud-santoni.eu>
Date: Mon, 9 May 2016 00:23:54
cb99d35f7cb0abf91d40403201a66895ee8f6c35 Mon Sep 17 00:00:00 2001
From: Nicolas Braud-Santoni <nico...@braud-santoni.eu>
Date: Mon, 9 May 2016 00:23:54 +0200
Subject: [PATCH] Fix dependencies and bump Standards-Version
---
debian/changelog | 6 ++
debian/control | 5 +++--
2 files chan
PS: I didn't notice #791571.
Here is a fixed patch (that assumes the current socket location)
On Sun, May 08, 2016 at 07:18:16PM +0200, Nicolas Braud-Santoni wrote:
> Control: tags -1 patch
>
> Dear dererk,
>
> Here is a patch that implements the suggested change.
> Note
issue (it wouldn't be sent to stable anyhow).
Best,
nicoo
From 1ebb3d50a35d2163b22a6e514ccb8d4687cbfead Mon Sep 17 00:00:00 2001
From: Nicolas Braud-Santoni <nico...@braud-santoni.eu>
Date: Sun, 8 May 2016 19:13:45 +0200
Subject: [PATCH] Use systemd sandboxing
---
debian/changelog
Package: openntpd
Version: 1:5.7p4-4
Severity: wishlist
Dear dererk,
To resolve #769146, you stopped shipping an AppArmor profile with openntpd.
Now that the aa-profiles-extra/ntp snafu has been fixed (cf. #805183),
could you ship it again?
Best, and thanks for maintaining the openntpd
Package: wnpp
Severity: wishlist
Owner: Nicolas Braud-Santoni <nico...@braud-santoni.eu>
* Package name: golang-github-fhs-go-netrc
Version : 0.0~git20160504.0.4ffed54-1
Upstream Author : Fazlul Shahriar
* URL : https://github.com/fhs/go-netrc
* License
Package: wnpp
Severity: wishlist
Owner: Nicolas Braud-Santoni <nico...@braud-santoni.eu>
* Package name: golang-github-kr-binarydist
Version : 0.0~git20120828.0.9955b0a-1
Upstream Author : Keith Rarick
* URL : https://github.com/kr/binarydist
* License
control: close -1
Hi,
The remote URL was indeed `gcrypt::curl://antartica/pass/`,
as I was following some documentation which seems to have
been either outdated or plain wrong.
Sorry for the spurious bug report.
Best,
nicoo
On Fri, Apr 01, 2016 at 05:30:36PM -0700, Sean Whitton wrote:
Package: haveged
Version: 1.9.1-3
Severity: wishlist
Hi Lunar,
I think the unit file for haveged should include DevicePolicy=closed,
reducing the impact of it having CAP_SYS_ADMIN.
I tested that here, and it works fine.
What do you think?
Best,
nicoo
-- System Information:
Debian
On Thu, Mar 31, 2016 at 10:14:20AM +0300, Christos Trochalakis wrote:
> I also believe it makes sense to enable the security features for
> systemd users. `ProtectHome` is a bit tricky as it could possibly break
> some setups, we could use `read-only` there.
>
> Currently we are a bit overwhelmed
Package: wnpp
Severity: wishlist
Owner: Nicolas Braud-Santoni <nico...@braud-santoni.eu>
* Package name: golang-github-jtacoma-uritemplates
Version : 0.0~git20151014.16.802b8e2-1
Upstream Author : Joshua Tacoma
* URL : https://github.com/jtacoma/uritemplates
* L
Package: wnpp
Severity: wishlist
Owner: Nicolas Braud-Santoni <nico...@braud-santoni.eu>
* Package name: golang-github-octokit-go-octokit
Version : 0.3.0+git20160312.364.812e91d-1
Upstream Author :
* URL : https://github.com/octokit/go-octokit
* License
Package: wnpp
Severity: wishlist
Owner: Nicolas Braud-Santoni <nico...@braud-santoni.eu>
* Package name: golang-github-inconshreveable-go-update
Version : 0.0~git20160112.0.8152e7e-1
Upstream Author : Alan Shreve
* URL : https://github.com/inconshreveable/go-
Package: wnpp
Severity: wishlist
Owner: Nicolas Braud-Santoni <nico...@braud-santoni.eu>
* Package name: golang-github-jingweno-go-sawyer
Version : 0.0~git20140729.0.1999ae5-1
Upstream Author : Jingwen Owen Ou
* URL : https://github.com/jingweno/go-sawyer
* L
Package: wnpp
Severity: wishlist
Owner: Nicolas Braud-Santoni <nico...@braud-santoni.eu>
* Package name: golang-github-howeyc-gopass
Version : 0.0~git20160303.0.66487b2-1
Upstream Author : Chris Howey
* URL : https://github.com/howeyc/gopass
* License
Oh, indeed.
Thanks a lot for the swift reply, and sorry for the erroneous bug report.
Best,
nicoo
pgpcb93RXAL_x.pgp
Description: PGP signature
Control: retitle -1 nginx: Please mention systemd confinement features in the
documentation
Control: tags -1 - wontfix
On Tue, Mar 01, 2016 at 02:35:39PM -0800, Michael Lustfield wrote:
> I have three significant issues with adding systemd confinement to
> nginx out of the box:
They are all
Oops, the comments were not meant to be in French:
> # CAP_KILL : Nginx signals its child processes that have a different UID
> # CAP_SETUID CAP_SETGID : Nginx drops privileges
> # CAP_NET_BIND_SERVICE : Nginx clearly listens to ports <1024
> # CAP_SYSLOG : Nginx sends logs to syslog
>
In an out-of-band conversation with corsac, it appeared that I didn't
make my point clearly enough, so here is a recap:
- It is known that nation-state adversaries, interested in mass
surveillance, are currently recording encrypted traffic they observe,
in the hope of being able to decrypt
Package: python-twitter
X-Debbugs-CC: python-modules-t...@lists.alioth.debian.org
Dear maintainers,
This issue has been open for almost two years, and there has been significant
changes in upstream that applications rely on. It makes it impossible to
deploy such applications on Debian
Control: severity -1 wishlist
Control: merge -1 745513
pgpcOUnj3l0bs.pgp
Description: PGP signature
On Thu, Nov 05, 2015 at 04:37:47PM +0100, Michael Biebl wrote:
> Hi Nicolas,
> [..]
> systemd.postinst creates that user. This is from systemd.postinst:
>
> adduser --quiet --system --group --no-create-home --home
> /run/systemd/netif \
> --gecos "systemd Network Management"
Hello,
On Mon, Nov 02, 2015 at 09:06:38PM +0100, Yves-Alexis Perez wrote:
> On lun., 2015-11-02 at 20:36 +0100, Nicolas Braud-Santoni wrote:
> > The NTRU and BLISS post-quantum cryptosystems are available in strongswan
> > (releases 5.1.2 and 5.2.2, respectively).
>
> T
401 - 500 of 503 matches
Mail list logo