Re: Bug#413926: wordpress: Should not ship with Etch

2007-03-12 Thread Florian Weimer
* Anthony Towns: Viewed this way, wordpress definitely appears to have one of the /highest/ rates of security holes for webapps of its class. 14 bugs per year versus 12 for moodle and phpbb2 doesn't seem that big a difference to me. I'm not sure that bug counts like this are really useful

Re: glibc's getaddrinfo() sort order

2007-09-22 Thread Florian Weimer
* Anthony Towns: I don't agree with making a decision to go against an IETF standard RFC 3484 is not an IETF standard. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: glibc's getaddrinfo() sort order

2007-09-23 Thread Florian Weimer
* Clint Adams: On Tue, Sep 18, 2007 at 08:41:45PM +0200, Kurt Roeckx wrote: glibc is the only implementation I know of that does this. I have heard, though not confirmed first-hand, that modern versions of FreeBSD, Windows, and Solaris do as well. FreeBSD 6.2-RELEASE doesn't do it. And

Re: glibc's getaddrinfo() sort order

2007-09-24 Thread Florian Weimer
* Anthony Towns: FreeBSD 6.2, Jan 2007: stable, but not rule 9 10:00 gjb {'96.96.96.96': 1000} 10:00 aj what os? 10:00 gjb Python 2.4.3 (#2, Nov 8 2006, 23:56:15) 10:00 gjb FreeBSD 6.2-RELEASE-p5 i386 SMP-GENERIC 10:34 gjb aj: it was 172.16.x.x, nat'd behind 203.y.y.y On

Re: A comment about RFC 3484 address selection

2007-09-30 Thread Florian Weimer
* Kurt Roeckx: - A simular case is that you have 2 segments, 1.0.0.0/24 and 1.0.1.0/24, and you add a 1.0.0.2 and 1.0.1.2. Now you want clients to connect to the one from it's own segment, and fall back to the other if it fails. In this case rule 9 might be useful. But I would

Re: getaddrinfo() behaviour

2007-10-02 Thread Florian Weimer
* Anthony Towns: Updating the proposed standard has not been tried. Just to give you an idea of the time scale involved: moving RFC 3484 to HISTORIC (which is the most likely result, at least for the Rule 9 part) will take at least a year. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a

Re: Bug#412976 repoened - reassign tech-ctte (mixmaster /etc/default/*)

2007-12-02 Thread Florian Weimer
* Marc Haber: On Sat, Dec 01, 2007 at 07:34:58PM +0200, Jari Aalto wrote: From Admin's point of view dealing with symlinks is much more uncomfortable to control the initial start/stop status. If one is not comfortable with a sysvinit scheme, one should not be adminning a Debian system.

Re: Bug#412976 repoened - reassign tech-ctte (mixmaster /etc/default/*)

2007-12-21 Thread Florian Weimer
* Kurt Roeckx: On Sun, Dec 02, 2007 at 10:10:38PM +, Ian Jackson wrote: Florian Weimer writes (Re: Bug#412976 repoened - reassign tech-ctte (mixmaster /etc/default/*)): Really? Won't upgrades re-enable disabled services if update-rc.d is used? Only if you delete _all_ of the links

Re: Package-created usernames

2007-12-21 Thread Florian Weimer
* Bdale Garbee: The second is whether it's acceptable for a Debian package to *require* a specific username. There are a couple of setuid binaries which might have problems switching to a more flexible scheme. I fear such a requirement might actually reduce overall security. -- To

Re: Bug#438179: RFC3484 rule 9 active again in glibc 2.7-5.

2008-01-23 Thread Florian Weimer
* Kurt Roeckx: For those that didn't notice this yet, 2.7-5 reverted the change of 2.7-4. So testing and unstable uses rule 9 again. I'm confused. Was this intentional? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: Processed: destruction of round-robin functionality is fucking up our mirrors and making Debian suck for many people, hence fixing this is a release-critical wish

2008-01-28 Thread Florian Weimer
* Ian Jackson: On the other hand, the behaviour of a round robin honouring host depends on the frequency of DNS retries, past network topology history, etc., in a way that may be difficult to predict. Sure, but round-robin behavior is not tied to the bit pattern of addresses, so it's less

Re: Bug#510415: tech-ctte: Qmail inclusion (or not) in Debian

2009-01-11 Thread Florian Weimer
* Kalle Kivimaa: Steve Langasek vor...@debian.org writes: Can you expand here on the consequences of ignoring RFC1894? I'm aware that qmail delivery failure mails look different (and, I might argue, gratuitously so) than those of other mail systems, but does this cause interoperability

Re: Bug#510415: tech-ctte: Qmail inclusion (or not) in Debian

2009-08-28 Thread Florian Weimer
* Steve Langasek: On Tue, Feb 03, 2009 at 08:32:20AM +, Gerrit Pape wrote: 2.1 I'd suggest not to change that, it's a good compromise between performance and reliability. 2.1. Bounce message contents are not crash-proof. Qmail does not value the contents of a bounce message. Dan

Bug#717076: tech-ctte: Decide what jpeg library the Debian project will use

2013-07-17 Thread Florian Weimer
* Simon McVittie: That package might have been ioquake3, which needs the jpeg_mem_src from libjpeg8 (I think it was actually added in libjpeg7) to allow decoding JPEGs from a memory buffer instead of a libc FILE*. I suspect that's a somewhat common use-case, and it isn't part of the libjpeg62

Bug#727708: tech-ctte: Decide which init system to default to in Debian.

2013-10-31 Thread Florian Weimer
* Theodore Ts'o: The most basic is the idea that whether you can control (via shell scrpit fragments) whether or not a service should start at all, and what options or environments should be enabled by pasing some file. Curiously, a lot of system administrators do not do this correctly using

Re: Bug#839570: Browserified javascript and DFSG 2 (reopening)

2016-10-18 Thread Florian Weimer
* Adrian Bunk: > On Wed, Oct 05, 2016 at 10:00:53AM -0400, Sam Hartman wrote: >>... >> I think it's clear that the TC believes that this package is not DFSG >> free. >> I think it's clear that the TC believes perl would be better if the >> situation was improved. >> I thought it was clear we