* Anthony Towns:
Viewed this way, wordpress definitely appears to have one of the /highest/
rates of security holes for webapps of its class.
14 bugs per year versus 12 for moodle and phpbb2 doesn't seem that big
a difference to me.
I'm not sure that bug counts like this are really useful
* Anthony Towns:
I don't agree with making a decision to go against an IETF standard
RFC 3484 is not an IETF standard.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
* Clint Adams:
On Tue, Sep 18, 2007 at 08:41:45PM +0200, Kurt Roeckx wrote:
glibc is the only implementation I know of that does this.
I have heard, though not confirmed first-hand, that modern
versions of FreeBSD, Windows, and Solaris do as well.
FreeBSD 6.2-RELEASE doesn't do it. And
* Kurt Roeckx:
- A simular case is that you have 2 segments, 1.0.0.0/24 and 1.0.1.0/24,
and you add a 1.0.0.2 and 1.0.1.2. Now you want clients to connect
to the one from it's own segment, and fall back to the other if it
fails.
In this case rule 9 might be useful. But I would
* Anthony Towns:
Updating the proposed standard has not been tried.
Just to give you an idea of the time scale involved: moving RFC 3484
to HISTORIC (which is the most likely result, at least for the Rule 9
part) will take at least a year.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a
* Marc Haber:
On Sat, Dec 01, 2007 at 07:34:58PM +0200, Jari Aalto wrote:
From Admin's point of view dealing with symlinks is much more
uncomfortable to control the initial start/stop status.
If one is not comfortable with a sysvinit scheme, one should not be
adminning a Debian system.
* Kurt Roeckx:
On Sun, Dec 02, 2007 at 10:10:38PM +, Ian Jackson wrote:
Florian Weimer writes (Re: Bug#412976 repoened - reassign tech-ctte
(mixmaster /etc/default/*)):
Really? Won't upgrades re-enable disabled services if update-rc.d is
used?
Only if you delete _all_ of the links
* Bdale Garbee:
The second is whether it's acceptable for a Debian package to
*require* a specific username.
There are a couple of setuid binaries which might have problems
switching to a more flexible scheme. I fear such a requirement might
actually reduce overall security.
--
To
* Kurt Roeckx:
For those that didn't notice this yet, 2.7-5 reverted the change of
2.7-4. So testing and unstable uses rule 9 again.
I'm confused. Was this intentional?
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
* Ian Jackson:
On the other hand, the behaviour of a round robin honouring host
depends on the frequency of DNS retries, past network topology
history, etc., in a way that may be difficult to predict.
Sure, but round-robin behavior is not tied to the bit pattern of
addresses, so it's less
* Kalle Kivimaa:
Steve Langasek vor...@debian.org writes:
Can you expand here on the consequences of ignoring RFC1894? I'm aware that
qmail delivery failure mails look different (and, I might argue,
gratuitously so) than those of other mail systems, but does this cause
interoperability
* Steve Langasek:
On Tue, Feb 03, 2009 at 08:32:20AM +, Gerrit Pape wrote:
2.1 I'd suggest not to change that, it's a good compromise between
performance and reliability.
2.1. Bounce message contents are not crash-proof.
Qmail does not value the contents of a bounce message. Dan
* Theodore Ts'o:
The most basic is the idea that whether you can control (via shell
scrpit fragments) whether or not a service should start at all, and
what options or environments should be enabled by pasing some file.
Curiously, a lot of system administrators do not do this correctly
using
* Adrian Bunk:
> On Wed, Oct 05, 2016 at 10:00:53AM -0400, Sam Hartman wrote:
>>...
>> I think it's clear that the TC believes that this package is not DFSG
>> free.
>> I think it's clear that the TC believes perl would be better if the
>> situation was improved.
>> I thought it was clear we
* Moritz Mühlenhoff:
> * Follow a scheme similar to Firefox ESR where in case of a security
> the update either happens to the latest minor release of
> the current branch or if that has stopped, happens to the next
> major release. To map this to specific k8s releases: Let's assume
* Moritz Mühlenhoff:
> On Sun, Nov 08, 2020 at 10:49:31PM +0100, Florian Weimer wrote:
>> * Moritz Mühlenhoff:
>>
>> > * Follow a scheme similar to Firefox ESR where in case of a security
>> > the update either happens to the latest minor release of
>>
* Elana Hashman:
> You and the original report mention "tooling issues". Can you please
> provide some examples of tools that do not currently support working
> with compressed symbols and the resulting effects on developer workflow?
dwz still can't process compressed debuginfo sections, I
17 matches
Mail list logo