-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Mon, 27 Apr 2020 01:26:29 -0400
Source: refmac-dictionary
Architecture: source
Version: 5.41-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Science Maintainers
Changed-By: Andrius Merkys
Changes:
refmac-dictionary
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Mon, 27 Apr 2020 07:18:20 +0200
Source: debian-edu-config
Architecture: source
Version: 2.11.23
Distribution: unstable
Urgency: medium
Maintainer: Debian Edu Developers
Changed-By: Holger Levsen
Changes:
debian-edu-config
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Mon, 27 Apr 2020 08:15:57 +0300
Source: can-utils
Architecture: source
Version: 2020.02.04-2
Distribution: unstable
Urgency: medium
Maintainer: Alexander GQ Gerasiov
Changed-By: Alexander GQ Gerasiov
Closes: 956530
Changes:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Sun, 26 Apr 2020 19:54:51 -0700
Source: asciidoc
Architecture: source
Version: 9.0.0~rc2-1
Distribution: unstable
Urgency: medium
Maintainer: Joseph Herlant
Changed-By: Joseph Herlant
Closes: 956729
Changes:
asciidoc
❦ 26 avril 2020 15:04 -07, Russ Allbery:
>> This is not how this is implemented. I am using GitHub and GitLab with
>> 2FA enabled and I am rarely asked to enter any token. Once you get
>> authenticated on a device, it remains for a long time.
>
> Pretty much every time I go to salsa.debian.org,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Sun, 26 Apr 2020 21:28:21 -0400
Source: notcurses
Architecture: source
Version: 1.3.3+dfsg.1-1
Distribution: unstable
Urgency: medium
Maintainer: Nick Black
Changed-By: Nick Black
Changes:
notcurses (1.3.3+dfsg.1-1) unstable;
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Mon, 27 Apr 2020 10:26:35 +0900
Source: python-graphviz
Architecture: source
Version: 0.14-1
Distribution: unstable
Urgency: medium
Maintainer: Diane Trout
Changed-By: TANIGUCHI Takaki
Changes:
python-graphviz (0.14-1) unstable;
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA384
Format: 1.8
Date: Sun, 26 Apr 2020 18:37:06 -0400
Source: xfce4-whiskermenu-plugin
Architecture: source
Version: 2.4.4-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Xfce Maintainers
Changed-By: Unit 193
Changes:
Thomas Goirand wrote on 27/04/2020:
> On 4/27/20 12:18 AM, Paride Legovini wrote:
>> It's still one static shared secret you need to enter every time. If it
>> gets stolen, because your browser or your computer is compromised, or in
>> a MITM attack where the attacker gained access to a valid
Russ Allbery writes:
> That's effectively what a password manager simulates, albeit trading off
> local secure storage for convenience while limiting the strong passwords
> someone has to memorize to one. I would argue that the only functional
> difference between a properly-configured password
Thomas Goirand writes:
> Now, if you want something safer, maybe we could implement something
> that involves crypto a smarter way, like SQRL, so we avoid storing any
> password in Salsa, even hashed:
> https://www.grc.com/sqrl/sqrl.htm
I don't know anything about SQRL (and am too lazy to try
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Sun, 26 Apr 2020 19:35:37 -0400
Source: xml2rfc
Architecture: source
Version: 2.44.0-1
Distribution: unstable
Urgency: medium
Maintainer: Daniel Kahn Gillmor
Changed-By: Scott Kitterman
Changes:
xml2rfc (2.44.0-1) unstable;
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Sun, 26 Apr 2020 19:38:13 -0400
Source: ncbi-blast+
Architecture: source
Version: 2.10.0-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Med Packaging Team
Changed-By: Aaron M. Ucko
Closes: 957581
Changes:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Mon, 27 Apr 2020 08:31:13 +0900
Source: growl-for-linux
Architecture: source
Version: 0.8.5-7
Distribution: unstable
Urgency: medium
Maintainer: Kentaro Hayashi
Changed-By: Kentaro Hayashi
Closes: 955899
Changes:
growl-for-linux
On 4/27/20 12:18 AM, Paride Legovini wrote:
> It's still one static shared secret you need to enter every time. If it
> gets stolen, because your browser or your computer is compromised, or in
> a MITM attack where the attacker gained access to a valid certificate
> for salsa.debian.org [1,2],
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Mon, 27 Apr 2020 00:46:54 +0200
Source: pocl
Architecture: source
Version: 1.5-3
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenCL Maintainers
Changed-By: Andreas Beckmann
Closes: 958700
Changes:
pocl (1.5-3)
On 4/26/20 8:34 PM, Bernd Zeimetz wrote:
>
>
> On 4/26/20 12:41 AM, Thomas Goirand wrote:
>> On 4/25/20 11:14 PM, Bernd Zeimetz wrote:
>>> Actually I think 2FA should be enforced for everybody.
>>> Even debian.org related passwords might get lost.
>>
>> I use strong password, stored with
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Mon, 20 Apr 2020 12:33:35 +0200
Source: k4dirstat
Architecture: source
Version: 3.2.1-1
Distribution: unstable
Urgency: medium
Maintainer: Jerome Robert
Changed-By: Jerome Robert
Closes: 950322 950323
Changes:
k4dirstat
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Mon, 27 Apr 2020 00:36:59 +0200
Source: tomcat9
Architecture: source
Version: 9.0.34-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers
Changed-By: Emmanuel Bourg
Changes:
tomcat9 (9.0.34-1) unstable;
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Sat, 25 Apr 2020 20:23:35 +0200
Source: nova
Architecture: source
Version: 2:21.0.0~rc1-3
Distribution: experimental
Urgency: medium
Maintainer: Debian OpenStack
Changed-By: Thomas Goirand
Changes:
nova (2:21.0.0~rc1-3)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Mon, 27 Apr 2020 00:25:19 +0200
Source: equinox-p2
Architecture: source
Version: 4.15-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers
Changed-By: Emmanuel Bourg
Changes:
equinox-p2 (4.15-1)
Paride Legovini writes:
> It's still one static shared secret you need to enter every time. If it
> gets stolen, because your browser or your computer is compromised, or in
> a MITM attack where the attacker gained access to a valid certificate
> for salsa.debian.org [1,2], your account is gone.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Sun, 26 Apr 2020 22:45:17 +0200
Source: construct
Architecture: source
Version: 2.10.56-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Python Modules Team
Changed-By: Henry-Nicolas Tourneur
Closes: 880113 943656
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Sun, 26 Apr 2020 23:59:29 +0200
Source: tellico
Architecture: source
Version: 3.3-2
Distribution: unstable
Urgency: medium
Maintainer: Debian KDE Extras Team
Changed-By: Pino Toscano
Changes:
tellico (3.3-2) unstable;
Thomas Goirand wrote on 26/04/2020:
> On 4/25/20 11:14 PM, Bernd Zeimetz wrote:
>> Actually I think 2FA should be enforced for everybody.
>> Even debian.org related passwords might get lost.
>
> I use strong password, stored with keepassxc, with the password db
> encrypted using the HMAC of my
Hello,
On Sun 26 Apr 2020 at 10:53PM +02, Vincent Bernat wrote:
> ❦ 26 avril 2020 20:29 +00, Jeremy Stanley:
>
>> You're already seeing quite a few folks responding that being
>> required to use an additional application or device each time they
>> authenticate would be an inconvenience to
Am 26.04.2020 um 23:47 schrieb Paride Legovini:
>
> Another good one with builtin backup functionality is Aegis [1,2]. It's
> GPLv3 and available via f-droid.
>
Thanks, haven't heard of it before but looks interesting.
Michael
--
Why is it that all of the instruments seeking intelligent life
Vincent Bernat writes:
> This is not how this is implemented. I am using GitHub and GitLab with
> 2FA enabled and I am rarely asked to enter any token. Once you get
> authenticated on a device, it remains for a long time.
Pretty much every time I go to salsa.debian.org, I have to log back in
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Sun, 26 Apr 2020 18:45:06 -0300
Source: ruby-prof
Architecture: source
Version: 1.3.1-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Ruby Extras Maintainers
Changed-By: Antonio Terceiro
Closes: 861676
Changes:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Sun, 26 Apr 2020 23:52:04 +0200
Source: eclipse-jdt-core
Architecture: source
Version: 4.15-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers
Changed-By: Emmanuel Bourg
Changes:
eclipse-jdt-core
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Sun, 26 Apr 2020 17:46:49 -0400
Source: nautilus
Architecture: source
Version: 3.36.2-2
Distribution: unstable
Urgency: medium
Maintainer: Debian GNOME Maintainers
Changed-By: Jeremy Bicha
Changes:
nautilus (3.36.2-2) unstable;
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Sun, 26 Apr 2020 23:41:48 +0200
Source: eclipse-platform-ua
Architecture: source
Version: 4.15-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers
Changed-By: Emmanuel Bourg
Changes:
eclipse-platform-ua
Mattia Rizzolo writes:
> Since I sometimes I don't really know my passwords, I suppose at that
> point the "something I know" instead of being the actual password is the
> GPG passphrase used to decrypt the file that actually contains the
> password, but it's still 2fa.
By equivalent logic, a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Sun, 26 Apr 2020 17:36:00 -0400
Source: evolution-data-server
Architecture: source
Version: 3.36.2-1
Distribution: unstable
Urgency: medium
Maintainer: Debian GNOME Maintainers
Changed-By: Jeremy Bicha
Changes:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Sun, 26 Apr 2020 23:30:05 +0200
Source: eclipse-platform-team
Architecture: source
Version: 4.15-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers
Changed-By: Emmanuel Bourg
Changes:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Sun, 26 Apr 2020 23:28:38 +0200
Source: nodejs
Architecture: source
Version: 12.16.2~dfsg-2
Distribution: experimental
Urgency: medium
Maintainer: Debian Javascript Maintainers
Changed-By: Jérémy Lal
Changes:
nodejs
Michael Biebl wrote on 26/04/2020:
> Am 26.04.20 um 14:36 schrieb Mattia Rizzolo:
>> On Sun, Apr 26, 2020 at 02:07:54PM +0200, Bernd Zeimetz wrote:
>>> There are even cli tools that do the same stuff. I'd guess there is at
>>> least one on Debian.
>>
>> Indeed, after I first lost a phone, and a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Sun, 26 Apr 2020 23:08:39 +0200
Source: golang-github-satta-ifplugo
Architecture: source
Version: 0.0~git20191008.ec0007a-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Go Packaging Team
Changed-By: Sascha Steinbiss
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Sun, 26 Apr 2020 17:16:50 -0400
Source: dconf-editor
Architecture: source
Version: 3.36.2-1
Distribution: unstable
Urgency: medium
Maintainer: Debian GNOME Maintainers
Changed-By: Jeremy Bicha
Changes:
dconf-editor (3.36.2-1)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Sun, 26 Apr 2020 17:14:13 -0400
Source: devhelp
Architecture: source
Version: 3.36.2-1
Distribution: unstable
Urgency: medium
Maintainer: Debian GNOME Maintainers
Changed-By: Jeremy Bicha
Changes:
devhelp (3.36.2-1) unstable;
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Sun, 26 Apr 2020 17:06:42 -0400
Source: gnome-getting-started-docs
Architecture: source
Version: 3.36.2-1
Distribution: unstable
Urgency: medium
Maintainer: Debian GNOME Maintainers
Changed-By: Jeremy Bicha
Changes:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Sun, 26 Apr 2020 16:50:41 -0400
Source: gnome-user-docs
Architecture: source
Version: 3.36.2-1
Distribution: unstable
Urgency: medium
Maintainer: Debian GNOME Maintainers
Changed-By: Jeremy Bicha
Changes:
gnome-user-docs
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Sun, 26 Apr 2020 22:23:02 +0200
Source: hercules
Architecture: source
Version: 3.13-2
Distribution: sid
Urgency: medium
Maintainer: Philipp Kern
Changed-By: Philipp Kern
Changes:
hercules (3.13-2) unstable; urgency=medium
.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Sun, 26 Apr 2020 21:45:17 +0200
Source: speech-dispatcher
Binary: cl-speech-dispatcher libspeechd-dev libspeechd2 libspeechd2-dbgsym
python3-speechd speech-dispatcher speech-dispatcher-audio-plugins
❦ 26 avril 2020 20:29 +00, Jeremy Stanley:
> You're already seeing quite a few folks responding that being
> required to use an additional application or device each time they
> authenticate would be an inconvenience to them. This is a signal. I
> personally wouldn't enjoy being prompted to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Sun, 26 Apr 2020 16:00:00 -0400
Source: golang-github-howeyc-gopass
Architecture: source
Version: 0.0~git20190910.7cb4b85+dfsg.1-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Go Packaging Team
Changed-By: Taowa
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Sun, 26 Apr 2020 21:57:14 +0200
Source: logbook
Architecture: source
Version: 1.5.3-4
Distribution: unstable
Urgency: medium
Maintainer: Agustin Henze
Changed-By: Iñaki Malerba
Closes: 954151
Changes:
logbook (1.5.3-4) unstable;
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Sun, 26 Apr 2020 21:59:25 +0200
Source: python-icecream
Architecture: source
Version: 2.0.0-1
Distribution: unstable
Urgency: medium
Maintainer: Iñaki Malerba
Changed-By: Iñaki Malerba
Changes:
python-icecream (2.0.0-1)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Sun, 26 Apr 2020 16:00:37 -0400
Source: dbab
Architecture: source
Version: 1.3.3-2
Distribution: unstable
Urgency: low
Maintainer: Tong Sun
Changed-By: Tong Sun
Changes:
dbab (1.3.3-2) unstable; urgency=low
.
* Debian
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Sun, 26 Apr 2020 22:08:56 +0200
Source: fai
Architecture: source
Version: 5.9.4
Distribution: unstable
Urgency: low
Maintainer: Thomas Lange
Changed-By: Thomas Lange
Closes: 956364
Changes:
fai (5.9.4) unstable; urgency=low
.
On 2020-04-26 21:02:34 +0200 (+0200), Bernd Zeimetz wrote:
> On 4/26/20 8:30 PM, Bastian Blank wrote:
> > On Sat, Apr 25, 2020 at 11:14:39PM +0200, Bernd Zeimetz wrote:
> >> Actually I think 2FA should be enforced for everybody.
> >
> > No, we don't enforce 2FA for everybody. And I don't
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Sun, 26 Apr 2020 21:48:35 +0200
Source: django-auth-ldap
Architecture: source
Version: 2.1.1-1
Distribution: unstable
Urgency: low
Maintainer: Debian Python Modules Team
Changed-By: Michael Fladischer
Changes:
django-auth-ldap
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Sun, 26 Apr 2020 21:14:52 +0200
Source: tmux
Architecture: source
Version: 3.1-1
Distribution: unstable
Urgency: medium
Maintainer: Romain Francoise
Changed-By: Romain Francoise
Changes:
tmux (3.1-1) unstable; urgency=medium
.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Sun, 26 Apr 2020 21:28:37 +0200
Binary: speech-dispatcher-baratinoo speech-dispatcher-baratinoo-dbgsym
speech-dispatcher-ibmtts speech-dispatcher-ibmtts-dbgsym speech-dispatcher-kali
speech-dispatcher-kali-dbgsym
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Sun, 26 Apr 2020 21:38:16 +0200
Source: nodejs
Architecture: source
Version: 12.16.2~dfsg-1
Distribution: experimental
Urgency: medium
Maintainer: Debian Javascript Maintainers
Changed-By: Jérémy Lal
Closes: 952629
Changes:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Sun, 26 Apr 2020 21:28:37 +0200
Source: speech-dispatcher
Binary: cl-speech-dispatcher libspeechd-dev libspeechd2 libspeechd2-dbgsym
python3-speechd speech-dispatcher speech-dispatcher-audio-plugins
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Sun, 26 Apr 2020 13:10:00 -0300
Source: python-coverage-test-runner
Architecture: source
Version: 1.13.1-4
Distribution: unstable
Urgency: medium
Maintainer: Debian QA Group
Changed-By: Jair Reis
Changes:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Sun, 26 Apr 2020 20:55:44 +0200
Source: python-django-otp
Architecture: source
Version: 0.9.0-1
Distribution: unstable
Urgency: low
Maintainer: Debian Python Modules Team
Changed-By: Michael Fladischer
Changes:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Sun, 26 Apr 2020 21:05:17 +0200
Source: rust-serde
Architecture: source
Version: 1.0.106-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Rust Maintainers
Changed-By: Wolfgang Silbermayr
Changes:
rust-serde
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Sun, 26 Apr 2020 20:55:02 +0200
Source: rust-serde-derive
Architecture: source
Version: 1.0.106-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Rust Maintainers
Changed-By: Wolfgang Silbermayr
Changes:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Sun, 26 Apr 2020 21:09:15 +0200
Source: ifenslave
Architecture: source
Version: 2.10
Distribution: unstable
Urgency: medium
Maintainer: Guus Sliepen
Changed-By: Guus Sliepen
Closes: 878601 914308 926881
Changes:
ifenslave (2.10)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Sun, 26 Apr 2020 17:15:08 +0200
Source: brutespray
Architecture: source
Version: 1.6.8-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Security Tools
Changed-By: Stephane Neveu
Changes:
brutespray (1.6.8-1) unstable;
On 4/26/20 8:46 PM, Johannes Schauer wrote:
> Quoting Bernd Zeimetz (2020-04-26 20:34:12)
>> On 4/26/20 12:41 AM, Thomas Goirand wrote:
>>> On 4/25/20 11:14 PM, Bernd Zeimetz wrote:
Actually I think 2FA should be enforced for everybody.
Even debian.org related passwords might get
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Sun, 26 Apr 2020 12:10:21 +0300
Source: meson
Architecture: source
Version: 0.54.1-1
Distribution: unstable
Urgency: medium
Maintainer: Jussi Pakkanen
Changed-By: Jussi Pakkanen
Changes:
meson (0.54.1-1) unstable; urgency=medium
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Sun, 26 Apr 2020 20:49:35 +0200
Source: eas4tbsync
Binary: webext-eas4tbsync
Architecture: source all
Version: 1.14-2~exp1
Distribution: experimental
Urgency: medium
Maintainer: Debian Mozilla Extension Maintainers
Changed-By:
On 4/26/20 8:30 PM, Bastian Blank wrote:
> On Sat, Apr 25, 2020 at 11:14:39PM +0200, Bernd Zeimetz wrote:
>> Actually I think 2FA should be enforced for everybody.
>
> No, we don't enforce 2FA for everybody. And I don't consider it
> appropriate to raise the option.
Could you explain why?
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Mon, 27 Apr 2020 02:23:57 +0800
Source: node-mqtt
Architecture: source
Version: 3.0.0-3
Distribution: unstable
Urgency: low
Maintainer: Debian Javascript Maintainers
Changed-By: Ying-Chun Liu (PaulLiu)
Closes: 958382
Changes:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Sun, 26 Apr 2020 13:55:26 -0400
Source: taglib
Architecture: source
Version: 1.11.1+dfsg.1-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Multimedia Maintainers
Changed-By: Boyuan Yang
Closes: 915281
Changes:
taglib
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Sun, 26 Apr 2020 20:16:20 +0200
Source: dav4tbsync
Binary: webext-dav4tbsync
Architecture: source all
Version: 1.9-2~exp1
Distribution: experimental
Urgency: medium
Maintainer: Debian Mozilla Extension Maintainers
Changed-By:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Sun, 26 Apr 2020 20:26:29 +0200
Source: django-oauth-toolkit
Architecture: source
Version: 1.3.2-1
Distribution: unstable
Urgency: low
Maintainer: Debian Python Modules Team
Changed-By: Michael Fladischer
Changes:
On Sat, Apr 25, 2020 at 11:14:39PM +0200, Bernd Zeimetz wrote:
> Actually I think 2FA should be enforced for everybody.
No, we don't enforce 2FA for everybody. And I don't consider it
appropriate to raise the option.
However, you may choose to enforce 2FA for all users of your groups.
Regards,
Quoting Bernd Zeimetz (2020-04-26 20:34:12)
> On 4/26/20 12:41 AM, Thomas Goirand wrote:
> > On 4/25/20 11:14 PM, Bernd Zeimetz wrote:
> >> Actually I think 2FA should be enforced for everybody.
> >> Even debian.org related passwords might get lost.
> > I use strong password, stored with
On 4/26/20 12:31 AM, Gard Spreemann wrote:
> Right, but what's the threat model here? For some of us, losing the
> Salsa password is essentially only possible if we have had our PGP
> dongle or offline private key backup compromised. In this case, the
> attacker can sign uploads to the archive
On 4/26/20 2:40 PM, Michael Biebl wrote:
> Am 26.04.20 um 14:36 schrieb Mattia Rizzolo:
>> On Sun, Apr 26, 2020 at 02:07:54PM +0200, Bernd Zeimetz wrote:
>>> There are even cli tools that do the same stuff. I'd guess there is at
>>> least one on Debian.
>>
>> Indeed, after I first lost a
On 4/26/20 12:41 AM, Thomas Goirand wrote:
> On 4/25/20 11:14 PM, Bernd Zeimetz wrote:
>> Actually I think 2FA should be enforced for everybody.
>> Even debian.org related passwords might get lost.
>
> I use strong password, stored with keepassxc, with the password db
> encrypted using the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Sun, 26 Apr 2020 19:55:04 +0200
Source: tbsync
Binary: webext-tbsync
Architecture: source all
Version: 2.11-2~exp1
Distribution: experimental
Urgency: medium
Maintainer: Debian Mozilla Extension Maintainers
Changed-By: Mechtilde
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Sun, 26 Apr 2020 20:04:00 +0200
Source: choose-mirror
Architecture: source
Version: 2.105
Distribution: unstable
Urgency: medium
Maintainer: Debian Install System Team
Changed-By: Julien Cristau
Changes:
choose-mirror (2.105)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Sun, 26 Apr 2020 19:57:18 +0200
Source: choose-mirror
Architecture: source
Version: 2.104
Distribution: unstable
Urgency: medium
Maintainer: Debian Install System Team
Changed-By: Julien Cristau
Changes:
choose-mirror (2.104)
On 4/26/20 7:12 PM, Sean Whitton wrote:
> In such a case, though, haven't you essentially turned it back into one
> factor authentication (the single factor being your laptop)?
Still better than losing a single password in whatever way in the
internet. Targeted phishing attacks for example.
Le 26/04/2020 à 14:07, Bernd Zeimetz a écrit :
> Hi,
>
> Google Authenticator is a software-based authenticator by Google that
> implements two-step verification services using the Time-based One-time
> Password Algorithm (TOTP; specified in RFC 6238) and HMAC-based One-time
> Password algorithm
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Sun, 26 Apr 2020 19:39:35 +0200
Source: yapet
Architecture: source
Version: 2.4-1
Distribution: unstable
Urgency: medium
Maintainer: Salvatore Bonaccorso
Changed-By: Salvatore Bonaccorso
Closes: 958008
Changes:
yapet (2.4-1)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Sun, 26 Apr 2020 19:52:18 +0200
Source: choose-mirror
Architecture: source
Version: 2.103
Distribution: unstable
Urgency: medium
Maintainer: Debian Install System Team
Changed-By: Julien Cristau
Changes:
choose-mirror (2.103)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Sun, 26 Apr 2020 10:34:37 -0700
Source: arm-trusted-firmware
Architecture: source
Version: 2.3-1
Distribution: unstable
Urgency: medium
Maintainer: Vagrant Cascadian
Changed-By: Vagrant Cascadian
Changes:
arm-trusted-firmware
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Wed, 25 Mar 2020 09:32:24 +0100
Source: mate-hud
Binary: mate-hud
Architecture: source all
Version: 19.10.1-2
Distribution: unstable
Urgency: medium
Maintainer: Debian+Ubuntu Debian MATE Packaging Team
Changed-By: Mike Gabriel
Package: wnpp
Severity: wishlist
Owner: Doug Torrance
* Package name: mpsolve
Version : 3.1.8
Upstream Author : Leonardo Robol
* URL : https://numpi.dm.unipi.it/software/mpsolve
* License : GPL
Programming Lang: C
Description : multiprecision
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Sun, 26 Apr 2020 19:32:28 +0200
Source: choose-mirror
Architecture: source
Version: 2.102
Distribution: unstable
Urgency: medium
Maintainer: Debian Install System Team
Changed-By: Julien Cristau
Changes:
choose-mirror (2.102)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Mon, 27 Apr 2020 00:57:29 +0800
Source: runc
Architecture: source
Version: 1.0.0~rc10+dfsg2-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Go Packaging Team
Changed-By: Shengjing Zhu
Closes: 958866
Changes:
runc
On Sun, Apr 26, 2020 at 10:12:41AM -0700, Sean Whitton wrote:
> On Sun 26 Apr 2020 at 02:36PM +02, Mattia Rizzolo wrote:
> > On Sun, Apr 26, 2020 at 02:07:54PM +0200, Bernd Zeimetz wrote:
> >> There are even cli tools that do the same stuff. I'd guess there is at
> >> least one on Debian.
> >
Hello,
On Sun 26 Apr 2020 at 02:36PM +02, Mattia Rizzolo wrote:
> On Sun, Apr 26, 2020 at 02:07:54PM +0200, Bernd Zeimetz wrote:
>> There are even cli tools that do the same stuff. I'd guess there is at least
>> one on Debian.
>
> Indeed, after I first lost a phone, and a second one broke,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Sun, 26 Apr 2020 18:50:04 +0200
Source: debian-edu-doc
Architecture: source
Version: 2.11.5
Distribution: unstable
Urgency: medium
Maintainer: Debian Edu Developers
Changed-By: Holger Levsen
Changes:
debian-edu-doc (2.11.5)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Sun, 26 Apr 2020 18:44:02 +0200
Source: developers-reference
Architecture: source
Version: 11.0.11
Distribution: unstable
Urgency: medium
Maintainer: Developers Reference Maintainers
Changed-By: Holger Levsen
Closes: 955094
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Sun, 26 Apr 2020 18:32:17 +0200
Source: maxflow
Architecture: source
Version: 3.0.5-3
Distribution: unstable
Urgency: medium
Maintainer: Debian Med Packaging Team
Changed-By: Gert Wollny
Changes:
maxflow (3.0.5-3) unstable;
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Sun, 26 Apr 2020 17:50:54 +0200
Source: rakudo
Architecture: source
Version: 2020.02.1-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Rakudo Maintainers
Changed-By: Dominique Dumont
Changes:
rakudo (2020.02.1-1)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Sun, 26 Apr 2020 17:26:28 +0200
Source: moarvm
Architecture: source
Version: 2020.02.1+dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Rakudo Maintainers
Changed-By: Dominique Dumont
Changes:
moarvm
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Sun, 26 Apr 2020 17:29:03 +0200
Source: nqp
Architecture: source
Version: 2020.02.1+dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Rakudo Maintainers
Changed-By: Dominique Dumont
Changes:
nqp (2020.02.1+dfsg-1)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Sun, 26 Apr 2020 16:59:36 +0200
Source: castxml
Architecture: source
Version: 0.3.3-3
Distribution: unstable
Urgency: medium
Maintainer: Steve M. Robbins
Changed-By: Gert Wollny
Changes:
castxml (0.3.3-3) unstable;
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Sun, 26 Apr 2020 18:09:14 +0200
Source: ifscheme
Architecture: source
Version: 1.7-6
Distribution: unstable
Urgency: medium
Maintainer: Guus Sliepen
Changed-By: Guus Sliepen
Closes: 958603
Changes:
ifscheme (1.7-6) unstable;
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Sun, 26 Apr 2020 17:39:00 +0200
Source: libdc1394
Architecture: source
Version: 2.2.6-2
Distribution: unstable
Urgency: medium
Maintainer: Guus Sliepen
Changed-By: Guus Sliepen
Changes:
libdc1394 (2.2.6-2) unstable;
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Sun, 26 Apr 2020 17:29:40 +0200
Source: libraw1394
Architecture: source
Version: 2.1.2-2
Distribution: unstable
Urgency: medium
Maintainer: Guus Sliepen
Changed-By: Guus Sliepen
Closes: 955787
Changes:
libraw1394 (2.1.2-2)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Sun, 26 Apr 2020 17:29:06 +0200
Source: vim-pathogen
Architecture: source
Version: 2.4-5
Distribution: unstable
Urgency: medium
Maintainer: Andrea Capriotti
Changed-By: Andrea Capriotti
Changes:
vim-pathogen (2.4-5) unstable;
1 - 100 of 184 matches
Mail list logo