On Sun, 2 Apr 2000, Julian Gilbey wrote:
On Sat, Apr 01, 2000 at 03:16:23PM -0700, Jason Gunthorpe wrote:
How many people
foward ssh agents and put that key in their home .ssh/authorized_keys?
What does that mean? It could easily be that I am doing something
wrong without even
On Fri, Mar 31, 2000 at 11:19:40PM -0500, Branden Robinson wrote:
Blacklisters may have the right to speak and *say* what they think I should
do, but they have no right to be heard.
Your post only rated a 1.5 on my trollometer. Please try harder.
Hamish
--
Hamish Moffatt VK3SB [EMAIL
On Sat, Apr 01, 2000 at 10:13:38AM -0800, esoR ocsirF wrote:
Caution, IANAD. Just tring to help
Package: cricket (debian/main)
Maintainer: Matt Zimmerman [EMAIL PROTECTED]
56948 cricket depends on non-existant package
Package: ftp.debian.org (pseudo)
Maintainer: Guy Maor [EMAIL
On Sat, Apr 01, 2000 at 10:14:47AM +0200, Josip Rodin wrote:
On Fri, Mar 31, 2000 at 02:43:19PM -0800, Seth R Arnold wrote:
The ballots came from:
216 people, if I counted right (wc(1) :). So much for the `300 active
developers' vaporware, even if you include dissidents et al...
On Sat, Apr 01, 2000 at 04:00:20PM +0200, Marcus Brinkmann wrote:
On Sat, Apr 01, 2000 at 12:55:53PM +1000, Anthony Towns wrote:
But unfortunately that's not quite the choice I have either, since for
some reason that I can't fathom, people seem to think that a dinstall
key would be an
On Sat, Apr 01, 2000 at 03:38:29PM +0200, Marcus Brinkmann wrote:
I could not trust either. The former, because it is stored on a network
connected machine, the latter because it is transfered over the net (if it
is shared among the security team). Of course, if the security team use
their
On Sat, Apr 01, 2000 at 10:36:44PM -0600, Zed Pobre wrote:
Also, what's so fundamentally wrong with transferring a secret key over
the net? Hint: PGP does it every time you send an encrypted email.
Either you are using the phrase secret key in a context with
which I am unfamiliar, or you
I have had some serious bug reports about this release (see bugs 61515
and 61573).
If you are tracking woody (unstable) this may affect you.
Please do not let the postgresql packages be upgraded automatically; put them
on hold. If you decide to upgrade, make absolutely sure you have a backup
of
On 00-03-26 Matt Zimmerman wrote:
On Sat, Mar 25, 2000 at 03:39:24PM +0100, Christian Kurz wrote:
as jsut discussed on debian-devel, I would like to package John the
Ripper. If someone already has done or is working on it, please mail me,
then I will stop packing it. Otherwise I will try
On Sat, Mar 25, 2000 at 05:34:20PM +0100, Robert Varga wrote:
On Thu, 23 Mar 2000, Steve Greenland wrote:
However I don't really like 8i, since it needs much more (and it should be
written as MUCH MORE) resources than 8.0.5. I know there is one aspect of
using 8i on linux when compared
On Sat, 1 Apr 2000, Ben Collins wrote:
On Sat, Apr 01, 2000 at 10:13:38AM -0800, esoR ocsirF wrote:
Caution, IANAD. Just tring to help
Package: cricket (debian/main)
Maintainer: Matt Zimmerman [EMAIL PROTECTED]
56948 cricket depends on non-existant package
Package:
On Sun, Apr 02, 2000 at 02:46:30PM +1000, Anthony Towns wrote:
PGP (v2.x, I'm not uptodate with the recent OpenPGP stuff), generates a
secret (albeit symmetric, rather than public/private keypair) IDEA key
everytime you try to encrpt a message. It encrypts the message with this
key, then
On Sun, Apr 02, 2000 at 01:36:56PM +1000, Anthony Towns wrote:
On Sat, Apr 01, 2000 at 03:38:29PM +0200, Marcus Brinkmann wrote:
I could not trust either. The former, because it is stored on a network
connected machine, the latter because it is transfered over the net (if it
is shared among
On Sat, Apr 01, 2000 at 02:49:40PM -0700, Jason Gunthorpe wrote:
On Sat, 1 Apr 2000, Marcus Brinkmann wrote:
In the signed .debs case, I, as a developer, assert that the package comes
from me. A user can directly verify this by checking the signature.
No, the user cannot verify that.
On Sat, Apr 01, 2000 at 03:16:23PM -0700, Jason Gunthorpe wrote:
On Sat, 1 Apr 2000, Marcus Brinkmann wrote:
Wrong. If you have signed debs, and you are careful when updating the
debian-keyring package, there is no risk even if master is compromised.
Hahha!
Sorry, your are deluded
On Sat, Apr 01, 2000 at 03:18:17PM -0700, Jason Gunthorpe wrote:
Now link 2. It is currently absent. What you seem to suggest is to add a key
(dinstall-key) here, so the user can verify the archive. This adds a point
of weakness. As the dinstall key can't be used automatically and kept
Hi,
On Sun, Apr 02, 2000 at 01:33:53PM +1000, Anthony Towns wrote:
As dinstall verifies the keys on the packages (which already exist, btw,
they are just not propagated), it puts itself in the middle of the chain:
Well, as Jason points out, they are propogated: by the -devel-changes
list.
On Sat, Apr 01, 2000 at 04:56:59PM -0700, Jason Gunthorpe wrote:
On Sun, 2 Apr 2000, Julian Gilbey wrote:
On Sat, Apr 01, 2000 at 03:16:23PM -0700, Jason Gunthorpe wrote:
How many people
foward ssh agents and put that key in their home .ssh/authorized_keys?
What does that mean?
Hello,
Sorry for sending this message again and sorry for sending to
devel (I don't know if I should). I really need your help, I tried
everything I know and I can't make my Emacs work with END key, when it
is in Xterm.
- All programs have right key configuration
- Emacs
Rodrigo == Rodrigo Castro [EMAIL PROTECTED] writes:
Hello, Sorry for sending this message again and sorry for
sending to devel (I don't know if I should). I really need your
help, I tried everything I know and I can't make my Emacs work
with END key, when it is in Xterm.
Hi all,
I've been working on javawrapper, a utility which uses the binfmt_misc
kernel module to let you execute Java classes like any other program -
'./MyProgram.class' instead of 'java MyProgram.class'. For those of you
unfamiliar with binfmt_misc, the documentation is in
On Thu, Mar 30, 2000 at 10:03:14AM -0500, Daniel Martin wrote:
Well, if I do a
$process | file -b - | magic2mime
where $process is anything that produces a large amount of output
slowly, then the process is killed by a SIGPIPE in short order.
If, however, I do:
$process | (file -b -;
Marcus Brinkmann [EMAIL PROTECTED] writes:
Yes, but you have not the right (what loaded words!) to close the bug
reports. Feel free to ignore them, but don't close them without a better
reason.
If communication with the reporter is necessary to fix the bug, and
this communication is broken
On Sat, Apr 01, 2000 at 10:48:54PM +0200, Marcus Brinkmann wrote:
No. Currently there is NO chain of verification (I should not have said
trust, it's the wrong term. Sorry).
So you agree that it would be an improvement?
However, it doesn't establish a complete chain of verification from the
Anthony Towns aj@azure.humbug.org.au writes:
There is an existing single-point vulnerability in *every*
mirror. Compromise the mirror and you can compromise every single Debian
user who upgrades from that mirror. You don't even have to try touching
anything at *.debian.org.
Yes, and I'd very
On Sun, Apr 02, 2000 at 04:36:00PM +0100, Colin Watson wrote:
3) Where should this go? The obvious place is dpkg, but am I being too
arrogant there? It feels too small for its own package, though.
I like the idea, but I think it should go in its own package, like
menu. For one thing, a lot
Hi,
I think the answer is this: it is felt by debian developers that pgcc
deserves more: it should be included in its own architecture, You may
know that we have the architecture called 'i386', well, pgcc would come
in the architecture called 'i586' with the idea that all packages in
debian
On Sun, Apr 02, 2000 at 11:14:16AM -0400, Marshal Kar-Cheung Wong wrote:
Rodrigo == Rodrigo Castro [EMAIL PROTECTED] writes:
Hello, Sorry for sending this message again and sorry for
sending to devel (I don't know if I should). I really need your
help, I tried everything I
On Sun, Apr 02, 2000 at 10:11:44AM -0700, Jim Lynch wrote:
I think the answer is this: it is felt by debian developers that pgcc
deserves more: it should be included in its own architecture, You may
know that we have the architecture called 'i386', well, pgcc would come
in the architecture
Julian Gilbey [EMAIL PROTECTED] writes:
On my home machine, I have an identity in .ssh/identity.pub.
I copied that into .ssh/authorized_keys on master (possibly using the
LDAP system).
I *also* copied it into .ssh/authorized_keys on my home machine.
That extra copy on my home machine
[EMAIL PROTECTED] wrote:
On Sun, Apr 02, 2000 at 04:36:00PM +0100, Colin Watson wrote:
3) Where should this go? The obvious place is dpkg, but am I being too
arrogant there? It feels too small for its own package, though.
I like the idea, but I think it should go in its own package, like
Hi,
So the original question remains: is there a simple pgcc available somewhere?
-Jim
---
Jim Lynch Finger for pgp key
as Laney College CIS admin: [EMAIL PROTECTED] http://www.laney.edu/~jim/
as Debian developer: [EMAIL PROTECTED] http://www.debian.org/~jwl/
On 30-Mar-00, 13:01 (CST), Steve Greenland [EMAIL PROTECTED] wrote:
On 30-Mar-00, 05:43 (CST), Richard Braakman [EMAIL PROTECTED] wrote:
Package: debianutils (debian/main).
Maintainer: Guy Maor [EMAIL PROTECTED]
59121 run-parts hangs during /etc/cron.daily runs
There's a reasonable
On 2 Apr 2000, Robert Bihlmeyer wrote:
Solution: remove the identity from .ssh/authorized_keys on my home
machine.
Note that *any* keys that your agent holds can be snarfed by the
admin(s) of any hosts where you ssh-in with agent forwarding enabled.
No, that is the point of ssh-agent.
Hi Marcus,
On Sun, Apr 02, 2000 at 02:32:04PM +0200, Marcus Brinkmann wrote:
No, the user cannot verify that. The user can check the signature against
our keyring but they have no idea who *should* have signed it.
It seems to be hard to understand, so I will explain it one more time:
On Sat, 1 Apr 2000, Craig Sanders wrote:
On Fri, Mar 31, 2000 at 11:08:53PM -0500, Branden Robinson wrote:
On Fri, Mar 31, 2000 at 11:18:47PM +1000, Craig Sanders wrote:
your right to free speech does not include the right to force anyone
else to listen.
Then this principle must
On Sun, 2 Apr 2000, Marcus Brinkmann wrote:
This is a seperate problem. I agree that this should not be the case, but it
has no place in this discussion. If individual developer keys are
compromised, we have a problem no matter what. Developers should not store
secret keys on net connected
On Sun, Apr 02, 2000 at 10:48:24AM -0300, Rodrigo Castro wrote:
Sorry for sending this message again and sorry for sending to
devel (I don't know if I should). I really need your help, I tried
everything I know and I can't make my Emacs work with END key, when it
is in Xterm.
If you're
I have packaged LIRC and will upload it later today or tomorrow if
noone objects.
LIRC is Linux Infra-red Remote Control support, see
http://fsinfo.cs.uni-sb.de/~columbus/lirc/index.html
Similarly, I have packaged devfsd (http://www.atnf.csiro.au/~rgooch/linux/).
This one still needs a couple of
Chris Frey wrote:
I'm curious how this issue is going to be handled now that it has been
discussed. (The archives don't seem to be seeing any new messages on this
topic.) What has to occur before this cryptographic signing of
Packages actually happens?
Oops, the recent mail archive update
40 matches
Mail list logo