Re: Ubuntu Patches

On Tue, Mar 22, 2005 at 03:02:32AM +, Henning Makholm wrote: > Then I'm having trouble parsing what you are saying, too. Like > Thomas, the only sense I can make of your description is that > you are are describing an algorithm that goes roughly like > > 0 Bug is discovered > 1 Patch

Re: Ubuntu Patches

On Mon, Mar 21, 2005 at 11:31:01PM -0500, Andres Salomon wrote: > These seem like excellent fodder for a FAQ/wiki, if there isn't one > already (a quick scan around Ubuntu's official and wiki FAQs didn't turn > up anything). Perhaps "How Ubuntu relates to Debian", or "How Ubuntu > changes find the

Re: Ubuntu Patches

On Mon, Mar 21, 2005 at 07:04:04PM -0800, Thomas Bushnell BSG wrote: > So can you explain what I'm misunderstanding? What sort of patches > are we talking about, and what is the publishing you're talking about? The only distinction here is between merely publishing the patches on our website, an

Re: Ubuntu Patches

On Mon, Mar 21, 2005 at 06:43:45PM -0800, Thomas Bushnell BSG wrote: > Matt Zimmerman <[EMAIL PROTECTED]> writes: > > Many Debian maintainers would consider this unwelcome noise. In cases where > > we can be certain that this is welcome (i.e., a bug is open in debbugs), th

Re: Ubuntu Patches

On Tue, Mar 22, 2005 at 12:28:36AM +, Roger Leigh wrote: > One suggestion: if any Ubuntu patches were CC'd to the Debian > maintainer, or filed in the BTS, they would get applied quicker. I've > now put your gimp-print changes back into my packages, but I would > have been happy to do this la

Re: Ubuntu Patches

On Mon, Mar 21, 2005 at 12:36:42PM +0100, Norbert Tretkowski wrote: > That helps a lot, thanks Scott! What about offering a way to subscribe > to packages, so you'll get informed by mail if a package in Ubuntu is > changed, maybe with an interdiff applied to that mail? This isn't possible yet, bu

Re: Bits (Nybbles?) from the Vancouver release team meeting

On Tue, Mar 15, 2005 at 11:04:09AM +0100, Julien BLACHE wrote: > Matt Zimmerman <[EMAIL PROTECTED]> wrote: > > > Details about Ubuntu and its goals can be found on the website. In many > > respects there is more information available about Ubuntu activity, and the > &

Re: debian/kernel security issues (Was: Re: Bits (Nybbles?) from the Vancouver release team meeting)

On Tue, Mar 15, 2005 at 09:50:22AM +0100, Sven Luther wrote: > On Mon, Mar 14, 2005 at 04:51:55PM -0800, Matt Zimmerman wrote: > > On Tue, Mar 15, 2005 at 01:14:30AM +0100, Sven Luther wrote: > > > > > On Mon, Mar 14, 2005 at 06:10:30PM -0500, Andres Salomon wrote: >

Re: Bits (Nybbles?) from the Vancouver release team meeting

On Tue, Mar 15, 2005 at 01:14:30AM +0100, Sven Luther wrote: > On Mon, Mar 14, 2005 at 06:10:30PM -0500, Andres Salomon wrote: > > Yes, I would like to reiterate that coordination between Martin Pitt, the > > Ubuntu kernel team, and the Debian kernel team has been an invaluable > > resource for De

Re: Bits (Nybbles?) from the Vancouver release team meeting

On Mon, Mar 14, 2005 at 11:42:10PM +0100, Julien BLACHE wrote: > Scott James Remnant <[EMAIL PROTECTED]> wrote: > > There's no particular reason for Ubuntu developers to try and impose > > Canonical's agenda on Debian; we have our own distro for (and because we > > have) our own agenda. > > How c

Re: mplayer 1.0pre6a-4 for i386 and PowerPC and sparc

On Mon, Mar 14, 2005 at 11:02:40PM +0100, Sven Luther wrote: > Ok, so why doesn't mplayer get's accepted in debian now ? I have no idea, nor is it my responsibility to know. I can only say that your claims so far are all either extremely implausible, or demonstrably false. -- - mdz -- To

Re: mplayer 1.0pre6a-4 for i386 and PowerPC and sparc

On Mon, Mar 14, 2005 at 10:50:42PM +0100, Sven Luther wrote: > On Mon, Mar 14, 2005 at 10:40:01AM -0800, Matt Zimmerman wrote: > > I don't know who rejected mplayer, so I can't answer this directly, but I am > > confident that "many" is exagerrated FUD

Re: mplayer 1.0pre6a-4 for i386 and PowerPC and sparc

On Mon, Mar 14, 2005 at 07:06:15PM +0100, Sven Luther wrote: > Yeah, ok, but mplayer was rejected, and is now in many-year-NEW-limbo, for > licencing reasons, which i believe are the same for ubuntu and debian, maybe > worse for ubuntu evem. No, Ubuntu has quite different licensing criteria than

Re: mplayer 1.0pre6a-4 for i386 and PowerPC and sparc

On Mon, Mar 14, 2005 at 11:17:55AM +0100, Sven Luther wrote: > Like said, since ubuntu has mplayer, there is really no reason to stale it for > debian now. I cannot speak for anyone regarding the specific case of mplayer, but the above is not a valid inference for any package. Ubuntu and Debian

Re: Bits (Nybbles?) from the Vancouver release team meeting

On Mon, Mar 14, 2005 at 04:51:30PM +0100, Marc Haber wrote: > On Mon, 14 Mar 2005 15:41:16 +, Scott James Remnant > <[EMAIL PROTECTED]> wrote: > >Are you thinking of any particular developers here? > > For example, it suspiciously looks like the Security Team only has one > public active mem

Re: debian/NEWS.Debian / apt-listchanges woes

On Sat, Mar 12, 2005 at 11:30:54AM -0600, Dirk Eddelbuettel wrote: > Ok, so I just did the following > > 1) Run 'wajig reconfigure apt-listchanges' to ensure apt-listchanges shows >everything, even on versions we've seen before > 2) 'wajig purge r-gnome' > 3) 'wajig install r-gnome' and verif

Re: Ubuntu for packaging for Debian

On Wed, Feb 16, 2005 at 02:04:17AM -0400, Maykel Moya wrote: > I'd recently adquire a little laptop (p3 900, 256 MB RAM). I'm been > thinking to install Ubuntu in it cause Ubuntu is optimized for desktop, > but I'd like to package some stuff for Debian. > > Is it advisable to use a pure Debian in

Re: UML packages for sarge: likelyhood of making it to stable

On Thu, Feb 10, 2005 at 11:42:13AM +, Jon Dowland wrote: > I am emailing to ask your opinion on the likely hood of UML packages > making it into sarge/stable. > > We (the University of Newcastle upon Tyne) are experimenting with using > UML to manage multiple secure web servers on a single

Re: Any objections? -- Bug#293149: Please install libsysfs in /lib

On Tue, Feb 01, 2005 at 04:10:16PM +0100, Martin Pitt wrote: > libsysfs is small (about 39 KB), does not have any dependencies other > than libc6, and tools querying /sys during bootup (when /usr/ is not > yet available) are reasonable, so I'm not opposed to doing this. > > Is there any opposing

Re: If *-module depends on *-utils, should *-source recommend it?

On Sat, Jan 15, 2005 at 08:40:56AM +0100, Goswin von Brederlow wrote: > Afaik neither debootstrap, cdebootstrap nor rootstrap use dpkg -i to > partially install packages. They explicitly use --unpack and > --configure and use --force-* options to exactly say what they need. rootstrap doesn't inst

Re: RunDinstallHourly

On Mon, Jan 10, 2005 at 10:54:34PM +, Steve McIntyre wrote: > Tollef Fog Heen wrote: > > > >FWIW, our experiences with Ubuntu shows that having fast dinstall > >cycles is very helpful. You can sit and codevelop with people > >uploading to the archive as you go and letting other people in on w

Re: $HOME/.dotfiles and FHS 2.3 (was: Comparing FHS 2.3 and 2.1)

On Fri, Oct 29, 2004 at 04:53:29PM +0200, Frank Küster wrote: > "Marcelo E. Magallon" <[EMAIL PROTECTED]> wrote: > > * bash reads and writes a number of files in ~/ (.bash_profile, > > .bashrc, .bash_history) > > * there are several directories related to GNOME (at least ~/.gnome2 >

Re: Comparing FHS 2.3 and 2.1

On Tue, Oct 26, 2004 at 05:59:18PM -0400, Joey Hess wrote: > Note that new sarge installs should be basically /media compliant, > although I don't know if we have every subdir the FHS may require in > there. And we still have a /cdrom link to /media since some programs > (like apt) have not transi

Re: Apt-Torrent project

(CCing the BTS, where this feature request is already tracked) On Sat, Oct 30, 2004 at 10:35:53AM +0200, Arnaud Kyheng wrote: > I love the Debian project, and I have worked on a new development for > it: Apt-Torrent :) > > Apt-Torrent is an apt proxy to the Bittorrent network. For security, the

Re: Apt-Torrent project

On Sun, Oct 31, 2004 at 12:01:30AM -0500, Adam Majer wrote: > BT doesn't make too much sense here. It is only useful for large files > that do not change often, like woody iso images. I think there are ways that the bittorrent model can be applied successfully. http://bugs.debian.org/cgi-bin/bug

Re: Apt-Torrent project

On Sat, Oct 30, 2004 at 07:05:12PM +1000, Matthew Palmer wrote: > If we can get individually-signed .debs, you won't even need to worry so > much about getting the torrent files off a trusted mirror... You don't need individually-signed .debs for that; the existing (experimental) archive signing

Re: Ubuntu discussion at planet.debian.org

On Sun, Oct 24, 2004 at 05:42:23PM -0600, Marcelo E. Magallon wrote: > Testing is by design all-or-nothing. As long as a single architecture > hasn't buildd support for t-p-u, the buildd support for t-p-u is as > good as missing. This isn't "by design", it's simply the policy which is current

Re: Python executables inside libraries

On Thu, Oct 21, 2004 at 11:41:09PM +0200, Magnus Therning wrote: > Well, they can't go into /usr/bin, they are part of the library. > However, for some reason upstream decided to put the python equivalent > of a main() in some of the files that make up the library. That's a reasonable thing to do

Re: Reproducible, precompiled .o files: what say policy+gpl?

On Tue, Oct 19, 2004 at 09:16:17AM -0700, John H. Robinson, IV wrote: > The only difference is in *performance*. If there are other differences, > then there is a bug in one of the two compilers. First, both of the compilers involved are known to have bugs. Second, this is not necessarily true.

Re: Reproducible, precompiled .o files: what say policy+gpl?

On Mon, Oct 18, 2004 at 07:22:12PM +0200, Wesley W. Terpstra wrote: > Can this go into main? This risks serious practical problems. If your package is routinely built with a compiler other than the Debian default, problems which would arise from doing so can go easily undetected. Someday, someo

Re: an idea for next generation APT archive caching

On Wed, Oct 20, 2004 at 02:11:44AM +0200, martin f krafft wrote: > Here's an idea I just had about apt-proxy/apt-cacher NG. Maybe this > could be interesting, maybe it's just crap. Your call. My position on special-purpose proxy caches for APT is that general-purpose proxy caches (like squid) see

Re: Maintenance of User-Mode Linux packages

On Tue, Oct 19, 2004 at 11:14:55PM +0200, Sven Mueller wrote: > I would be interested to help. Due to my own real-life restrictions (I > don't have huge amounts of time to spend) I would probably try helping > with uml-utilities though. IANADD yet though. These packages need someone with a lot

Maintenance of User-Mode Linux packages

Is anyone (other than martin f krafft) interested in co-maintaining some or all of the UML-oriented packages in Debian? This includes the following source packages which I currently maintain: - user-mode-linux - kernel-patch-uml - uml-utilities Things are a bit chaotic upstream at the moment, an

Re: proposal: 'xterm' alternatives entry

On Sun, Oct 10, 2004 at 08:32:12PM +0200, martin f krafft wrote: > Right, and I don't want to beat on this issue. user-mode-linux does > fix it, but Manoj's kernel-package can also create UML kernels, > which then call xterm. Thus, I would have thought this is best fixed > in kernel-patch-uml. >

Re: proposal: 'xterm' alternatives entry

On Sun, Oct 10, 2004 at 08:27:34PM +0200, Frank Lichtenheld wrote: > On Sun, Oct 10, 2004 at 08:11:42PM +0200, martin f krafft wrote: > > also sprach Frank Lichtenheld <[EMAIL PROTECTED]> [2004.10.10.2005 +0200]: > > > Wouldn't it be better to file bugs against the packages that don't > > > use x-

Re: security enhanced debian branch?

On Thu, Dec 18, 2003 at 09:07:02AM -0400, Ben Armstrong wrote: > Second, any such effort shouldn't be a branch, but should be mainstreamed in > Debian proper. Please see http://wiki.debian.net/CustomDebian for a > possible approach for this sort of project. For cases where the added functional

Re: Services I'd like from auric

On Sun, Dec 14, 2003 at 11:51:05PM +, Scott James Remnant wrote: > On Sat, 2003-12-13 at 22:56, Kevin Rosenberg wrote: > > > I certainly miss the varied and up-to-date information that I was able > > to get from auric. Taking James Troup's advice from his announcement > > of discussing inform

Generating ~/.ssh/known_hosts from LDAP

t suitable for an # ssh known_hosts file # # BUGS: has no way to authenticate db.debian.org # # Matt Zimmerman <[EMAIL PROTECTED]>, 12/13/2003 # import ldap conn = ldap.ldapobject.SmartLDAPObject('ldap://db.debian.org') msgid = conn.search('dc=deb

Re: How to avoid multiple dependencies with shlibdeps

On Tue, Dec 09, 2003 at 07:44:48PM +0100, Adam Byrtek / alpha wrote: > I maintain a program which needs to depend on certain version of some > library (the earlier ones are incompatibile, despite soname wasn't > changed), but I would also like to use shlib:Depends for other > libraries. Shared li

Re: Building Debian Completely From Source

On Tue, Dec 09, 2003 at 08:54:45AM -0500, Anthony DeRobertis wrote: > > On Dec 8, 2003, at 11:48, Matt Zimmerman wrote: > > >On Sun, Dec 07, 2003 at 04:10:36PM +, Scott James Remnant wrote: > > > >>make? You'll need make installed to make make.

Re: Building Debian Completely From Source

On Tue, Dec 09, 2003 at 09:52:39AM +1100, Herbert Xu wrote: > Matt Zimmerman <[EMAIL PROTECTED]> wrote: > > > > There are quite a few, but make is a bad example, as it has included a > > shell script to build itself for just this purpose. > > But its debian/rul

Re: Building Debian Completely From Source

On Sun, Dec 07, 2003 at 04:10:36PM +, Scott James Remnant wrote: > make? You'll need make installed to make make. There are a huge number > of legitimate circular build dependencies, outlawing them won't help. There are quite a few, but make is a bad example, as it has included a shell scri

Re: debsums for maintainer scripts

On Sun, Dec 07, 2003 at 10:42:10PM +0100, Goswin von Brederlow wrote: > Having or not having is of the order of several 100MB. The shear > number of debs makes the impact. Fortunately, the actual effect is much smaller since nearly all packages have md5sums already. -- - mdz

Re: Building Debian Completely From Source

On Fri, Dec 05, 2003 at 01:53:11PM -0600, John Goerzen wrote: > The nearest I have seen is fink, but I know little about it. > > Am I missing something? apt-src, apparently. -- - mdz

Re: Revival of the signed debs discussion

On Fri, Dec 05, 2003 at 12:24:07AM +0100, Goswin von Brederlow wrote: > Matt Zimmerman <[EMAIL PROTECTED]> writes: > > > Release signing protects against a hostile or compromised mirror, > > network, DNS server, proxy server, and a host of other, similar attacks, > >

Re: Backport of the integer overflow in the brk system call

On Thu, Dec 04, 2003 at 11:55:26AM -0800, Tom wrote: > Yes, but the reason it would have been efficiacious in this *particular* > instance is the hacker sniffed the password, and then logged on to > Debian's servers later at his leisure from a different PC. With a > smartcard, he would have had t

Re: Revival of the signed debs discussion

On Wed, Dec 03, 2003 at 08:07:53AM +0100, Goswin von Brederlow wrote: > I wrote a little script that checks what apt things its installing > against what the control files of the debs say. I will test it with > some more fakes and then file it in the BTS. Why would you do this with a script rathe

Re: Revival of the signed debs discussion

On Thu, Dec 04, 2003 at 03:58:38PM -0500, Daniel Jacobowitz wrote: > On Thu, Dec 04, 2003 at 02:41:43PM -0500, Matt Zimmerman wrote: > > What kind of real world attacks do signed debs prevent? > > > > The only one which comes to mind is a rogue Debian developer that you do

Re: apt-rpm article -- the features we don't have

Just making another pass over this to associate the bug numbers for those who are interested (especially in helping with the merge effort). On Mon, Dec 01, 2003 at 07:06:41PM -0500, Joey Hess wrote: > To install a package directly, with apt downloading any necessary > dependencies: > apt-get in

Re: Revival of the signed debs discussion

On Thu, Dec 04, 2003 at 12:28:41PM -0600, Manoj Srivastava wrote: > On Thu, 4 Dec 2003 11:47:50 -0500, Matt Zimmerman <[EMAIL PROTECTED]> said: > > > What kind of real world attacks do signed debs prevent? Not a > > compromised buildd, or a compromised maintainer'

Re: Backport of the integer overflow in the brk system call

On Tue, Dec 02, 2003 at 05:19:22PM -0800, Tom wrote: > Smartcards would have avoided the Debian compromise: merely having a > compromised DD box would have prevented bad guy from getting on the box. > > It's all about layers of defense. > > I think the DD's should seriously think about requirin

Re: Revival of the signed debs discussion

On Thu, Dec 04, 2003 at 03:03:39AM +0100, Goswin von Brederlow wrote: > Signed debs establish a trust chain from the buildd to the user and > from the buildd-admin/maintainer to the user as well as copy the > existing trust chain from ftp-master to the user into the deb itself. > > The Release.gp

Re: Revival of the signed debs discussion

On Wed, Dec 03, 2003 at 06:43:18AM +0100, Goswin von Brederlow wrote: > Matt Zimmerman <[EMAIL PROTECTED]> writes: > > > On Wed, Dec 03, 2003 at 03:07:17AM +0100, Goswin von Brederlow wrote: > > > > > But this kind of tampering _can_ be checked by apt before i

Re: [RFC] adding system users: which is the best way??

On Sun, Nov 30, 2003 at 01:47:29PM +0100, Bernhard R. Link wrote: > * Russell Coker <[EMAIL PROTECTED]> [031130 05:53]: > > Some daemons such as cups are written in a way that requires that they be > > able to write to their own configuration files. If such a daemon is run as > > non-root then

Re: more details on the recent compromise of debian.org machines

On Fri, Nov 28, 2003 at 10:08:45AM +0100, Bernd Eckenfels wrote: > In the final announcement I would add also a statement about reducing the > number of trust relations between the machines and perhaps limiting shell > access. It seems fairly clear that this was not an issue because the compromis

Re: Revival of the signed debs discussion

On Wed, Dec 03, 2003 at 03:07:17AM +0100, Goswin von Brederlow wrote: > But this kind of tampering _can_ be checked by apt before installing > the deb simply by adding a signature verifyer into the > DPkg::Pre-Install-Pkgs config option, the same mechanism > apt-listchanges already uses to display

Re: [debian enterprise] sub-project planning

On Mon, Dec 01, 2003 at 01:12:52PM -0500, Andres Salomon wrote: > For packages, we may want to focus on apt-secure > (http://monk.debian.net/apt-secure/); I'm not sure the status of it, [...] You could easily find out here: http://bugs.debian.org/203741 -- - mdz

Re: apt-rpm article -- the features we don't have

On Mon, Dec 01, 2003 at 07:06:41PM -0500, Joey Hess wrote: > Interesting article on LWN: http://lwn.net/Articles/60650/ (subscription > required) In summary, apparently apt-rpm users can now do some things > with apt that we cannot. This has been true for some time; merging the applicable parts o

Re: MIPS port backlog, autobuilder machines and some arrogance

On Thu, Nov 20, 2003 at 12:54:07AM +0100, Goswin von Brederlow wrote: > Matt Zimmerman <[EMAIL PROTECTED]> writes: > > The whole point of signing packages is that it is not anonymous at all, but > > traceable back to the signer. Assuming the keyholder protects his key >

Re: MIPS port backlog, autobuilder machines and some arrogance

On Mon, Nov 17, 2003 at 03:56:44PM +0100, Goswin von Brederlow wrote: > DDs have to sign and upload a package with a backdoor. > > On the buildd I can install a gcc or other tool that will silently add > a backdoor to anything getting compiled and the buildd admin will sign > and upload the packa

Re: Some observations regardig the progress towards Debian 3.1

On Tue, Nov 18, 2003 at 06:06:08PM +0100, Adrian Bunk wrote: > This might work on pure servers, but how do you manage to run XFree86 > 4.1.0 on brand-new graphics cards (e.g. integrated graphics of brand-new > Intel systems) in non-Vesa resolutions? I don't, because I don't buy motherboards with

Re: keysigning at SCALE 2X?

On Tue, Nov 18, 2003 at 01:14:26AM -0800, Eric Wong wrote: > I'll be attending SCALE 2X in Los > Angeles and I'm wondering if I could meet some Debian developers to get > my GPG key signed and get myself going along the New Maintainer process. Southern California D

emacs20 obsolete? (Re: How to find all reverse depends of a package?)

On Mon, Nov 17, 2003 at 06:33:52PM -0500, Nathanael Nerode wrote: > I'm curious, for instance, as to why emacs20 hasn't managed to be removed > yet. Perhaps the maintainer hasn't requested its removal? I don't see a bug report open against ftp.debian.org. -- - mdz

Re: Some observations regardig the progress towards Debian 3.1

(trimming -release) On Tue, Nov 18, 2003 at 02:14:49AM +0100, Adrian Bunk wrote: > On Sun, Nov 16, 2003 at 11:53:36PM -0500, Matt Zimmerman wrote: > > So instead, we have a system where people take individual (or small > > group) responsibility for a particular piece of softwar

Re: Debian Enterprise?

On Mon, Nov 17, 2003 at 01:45:05AM -0500, Andres Salomon wrote: > I can think of a few ways to offer the above. The first is a standalone > distribution, based on debian but with various enhancements (not a novel > idea, by any means). We could either base this on testing, doing snapshot > relea

Re: Some observations regardig the progress towards Debian 3.1

On Sat, Nov 15, 2003 at 05:42:20PM +0100, Adrian Bunk wrote: > Today, it's only 17 days until the officially announced "aggressive goal" > for the release of Debian 3.1 [1]. That's a date many users know about, > but I don't see any real progress towards Debian 3.1 during the last > months. I sup

Re: ftpmaster accepts packages that have been rejected a few days ago

On Fri, Nov 14, 2003 at 08:28:16AM +0100, Marc Haber wrote: > How long did Eray wait for formal rejection? Did he receive regular > updates about the state of affairs? I don't know what Eray received via private mail, but he certainly kept the rest of debian-devel up-to-date on the process by com

Re: Bug#155583: radiusd-freeradius history and future

On Thu, Nov 13, 2003 at 11:16:59PM -0500, Sam Hartman wrote: > >>>>> "Matt" == Matt Zimmerman <[EMAIL PROTECTED]> writes: > > Matt> I think a single "Will you be using NIS?" question would be > Matt> justified; this could p

Re: Bug#155583: radiusd-freeradius history and future

On Thu, Nov 13, 2003 at 09:26:09PM +0100, Andreas Metzler wrote: > Matt Zimmerman <[EMAIL PROTECTED]> wrote: > > On Wed, Nov 12, 2003 at 05:59:09PM +0100, Andreas Metzler wrote: > > The code does this: > > > if (strcmp(pwd->pw_pa

Re: Bug#155583: radiusd-freeradius history and future

On Wed, Nov 12, 2003 at 05:59:09PM +0100, Andreas Metzler wrote: > You are wrong, unix_chkpwd does NIS (at least in the szenario I just > tested). After changing unix_chkpwd from 4755 root:root to 2755 > root:shadow a NIS user can not unlock the terminal he has just locked > himself with vlock any

Re: radiusd-freeradius history and future

On Thu, Nov 13, 2003 at 05:52:13PM +1100, Russell Coker wrote: > On Thu, 13 Nov 2003 12:54, Steve Langasek <[EMAIL PROTECTED]> wrote: > > > This is so ugly. > > > > Last I looked, there wasn't much in NIS that wasn't.  I think the amount > > of pain we should put other users through on account of

Re: apt-get problems

On Thu, Nov 13, 2003 at 10:25:13AM +1100, Russell Coker wrote: > Below are the errors I am getting from apt-get on some machines running > recent unstable. Is this a known bug or have I screwed up something? http://bugs.debian.org/199653 It would be greatly appreciated if you could track this d

Re: gimp1.2: gimp package suggest non-free software

On Thu, Nov 13, 2003 at 08:32:21AM +0100, Mathieu Roy wrote: > Adam Heath <[EMAIL PROTECTED]> a tapoté : > > > On Wed, 12 Nov 2003, Mathieu Roy wrote: > > > >> I think this is a serious bug: the functionality of the free version > >> has been lowered to promote patent emcumbered package. > > > >

Re: gimp1.2: gimp package suggest non-free software

On Thu, Nov 13, 2003 at 11:19:54AM -0600, Gunnar Wolf wrote: > But our users should not be expected to look at control files in order > to know what to install, should they? Users do this all the time, with tools like aptitude, apt-cache and dpkg which display [information from] the control file.

Re: gimp1.2: gimp package suggest non-free software

On Wed, Nov 12, 2003 at 07:37:58PM +0200, Riku Voipio wrote: > 4) Patch apt-listchanges so that id doesn't mail about suggestions >on packages that are not available. apt-listchanges neither knows nor cares about suggests or recommends. -- - mdz

Re: gimp1.2: gimp package suggest non-free software

On Wed, Nov 12, 2003 at 09:25:23AM +0100, Mathieu Roy wrote: > Do you really think that I'm the only person to find UNACCEPTABLE that > a package in mail suggests packages in non-free, which ARE NOT PART OF > DEBIAN? Packages are free to suggest whatever the maintainer wishes; I wouldn't even con

Re: radiusd-freeradius history and future

On Wed, Nov 12, 2003 at 03:36:40PM +1100, Russell Coker wrote: > On Wed, 12 Nov 2003 13:47, Matt Zimmerman wrote: > > We already have such a group, named "shadow". In fact, I don't know why > > unix_chkpwd is setuid root rather than setgid shadow. > > Bug rep

Re: radiusd-freeradius history and future

On Wed, Nov 12, 2003 at 04:11:38AM +0100, Javier Fernández-Sanguino Peña wrote: > On Wed, Nov 12, 2003 at 01:23:02PM +1100, Russell Coker wrote: > > Allowing a RADIUS server to authenticate local users against /etc/shadow > > is standard and expected functionality IMHO. I consider any RADIUS > >

Re: radiusd-freeradius history and future

On Wed, Nov 12, 2003 at 01:23:02PM +1100, Russell Coker wrote: > Allowing a RADIUS server to authenticate local users against /etc/shadow > is standard and expected functionality IMHO. I consider any RADIUS server > which can't authenticate against the local accounts database to be > severely bro

Re: radiusd-freeradius history and future

On Wed, Nov 12, 2003 at 02:07:27AM +0100, Javier Fernández-Sanguino Peña wrote: > Also, just another question. Is there any reason why it needs to run as > root? (as I believe it does in the current Debian package) Would it be > unreasonable to ask it to run as a 'radiusd' user? I can almost gua

Security liabilities (Re: radiusd-freeradius history and future)

On Wed, Nov 12, 2003 at 09:18:38AM +1100, Paul Hampson wrote: > On Tue, Nov 11, 2003 at 04:30:50PM -0500, Matt Zimmerman wrote: > > CAN-2001-1376 and CAN-2001-1377 made the rounds last Spring, with advisories > > from Red Hat, FreeBSD, SuSE, Conectiva, CERT, etc. These af

Re: radiusd-freeradius history and future

On Wed, Nov 12, 2003 at 08:03:28AM +1100, Paul Hampson wrote: > On Tue, Nov 11, 2003 at 02:02:49PM -0500, Matt Zimmerman wrote: > > This thing is packed full of strcpy() and strcat(), which is the sort of > > sloppiness that I don't like to see in a network server. It was a g

Re: radiusd-freeradius history and future

On Tue, Nov 11, 2003 at 11:52:00AM -0600, Steve Langasek wrote: > The packages at will be sponsored into > the archive as soon as I've had a chance to review them (this week). This thing is packed full of strcpy() and strcat(), which is the sort of sloppiness th

Re: ftpmaster accepts packages that have been rejected a few days ago

On Tue, Nov 11, 2003 at 08:18:51AM +0100, Marc Haber wrote: > In early November, people asked me to package br2684ctl, a new program > that has not been officially released by the linux-atm upstream. So I > would have to pull br2684ctl from upstream CVS and include it in my > package that contains

Re: Problem with libc6 and 'chgrp / chown' remains ...

On Tue, Nov 11, 2003 at 12:09:42PM -0500, Daniel Jacobowitz wrote: > On Mon, Nov 10, 2003 at 11:49:42PM -0500, Matt Zimmerman wrote: > > On Mon, Nov 10, 2003 at 10:18:46PM -0600, Jesse Yurkovich wrote: > > > > > With the recent libc6 bugs closed, I tried upgrading b

Re: Problem with libc6 and 'chgrp / chown' remains ...

On Mon, Nov 10, 2003 at 10:18:46PM -0600, Jesse Yurkovich wrote: > With the recent libc6 bugs closed, I tried upgrading both a testing and > an unstable machine to the latest deb. You failed to specify which version exhibited the problem, and which version you upgraded to. If you are still

Re: Why you are wrong [Was: On linux kernel packaging issue]

On Tue, Nov 11, 2003 at 08:46:50AM +1100, Glenn McGrath wrote: > A program that is CPU bound will benefit from compiler optimisations. It is not wise to make generalizations about the effects of compiler optimizations, because they vary widely from one chunk of code to the next. > Other than exp

Re: problems with dpkg, apt, perl etc. ( wait/waitpid)

On Mon, Nov 10, 2003 at 09:56:04AM +0200, Cristian Rauta wrote: > I know, maybe -devel is inappropriate list for my problems, but i don`t > know another list for that. > I think that problem was some time ago with woody ( see bug # 206187) > > btw my debian version is sid Yes, see bug #206187

Re: Looking for apt-get internals guide

On Thu, Nov 06, 2003 at 06:31:44PM -0500, Stephen Gran wrote: > > On Thu, Nov 06, 2003 at 04:46:39PM -0500, Stephen Gran wrote: > > But, I don't see why you should need to hook into apt at all in order to do > > what you want. If the files you change are conffiles, your changes should > > be pres

Re: binary patch

On Thu, Nov 06, 2003 at 12:50:03AM +0100, Martin Pitt wrote: > On 2003-11-05 17:37 -0500, Matt Zimmerman wrote: > > It has been suggested many times in the past to apply a similar idea to > > the .debs themselves, rather than their contents. > > But isn't rsync suppose

Re: binary patch

On Wed, Nov 05, 2003 at 09:52:53PM +, Anthraxz __ wrote: > When doing a package upgrade, I wondy if it should be possible to > implement a mecanism for patching binaries instead of replacing the new > one ? This could be usefull for use on a slow network connection. This would require calcula

Re: A case study of a new user turned off debian

On Wed, Nov 05, 2003 at 05:20:18PM +, Darren Salt wrote: > I keep some around. I'd prefer better management of this, though: ATM all > that I can do (with apt-get/aptitude) is remove all older versions or > purge the cache. I use a dead simple cron.daily script which prunes packages with an a

Re: A case study of a new user turned off debian

On Tue, Nov 04, 2003 at 01:11:43AM -0500, Joey Hess wrote: > Suggested project: Create a package that, a-l-apt-move, pulls packages > out of the apt cache and creates apt repositories from them. But make it > create a new repository after every upgrade, by hooking into apt. And > auto-add these re

Re: A case study of a new user turned off debian

On Tue, Nov 04, 2003 at 12:47:30AM -0500, Greg Stark wrote: > So all it would take to make the tools handle this would be to somehow > make apt aware of more revisions of packages. They're all in the pool > after all. Short of making some king of humongous mega-Packages file with > every revision

Re: apcupsd && apcupsd-devel

On Mon, Nov 03, 2003 at 11:39:20PM +0100, Samuele Giovanni Tonon wrote: > apcupsd was uploaded on 28 of October. > It has been divided in two packages: the main and the doc. > The doc is new so it should be added to the override file but > apcupsd (which suggest but doesn't depend on apcupsd-doc)

Re: faster boot

On Tue, Oct 21, 2003 at 05:08:11AM +0200, Thomas Hood wrote: > System V initscripts must not return until the services they start are > ready to use. Otherwise running initscript Y after initscript X from > /etc/rc?.d/ doesn't guarantee that Y can make use of X. Providing such > guarantees is th

Re: Source only uploads?

On Tue, Oct 21, 2003 at 09:52:14AM +1000, Brian May wrote: > On Mon, Oct 20, 2003 at 02:17:40PM -0400, Matt Zimmerman wrote: > > If a broken package is not noticed in unstable, the package must not be > > particularly important to anyone. > > I disagree. > > 1. A pack

Re: ttf Depends ??

On Mon, Oct 20, 2003 at 03:06:14PM -0500, Steve Greenland wrote: > On 20-Oct-03, 13:22 (CDT), Matt Zimmerman <[EMAIL PROTECTED]> wrote: > > What font does the program use by default? I would Depend on that one. > > If it's an X program, then it shouldn't Depend o

Re: ttf Depends ??

On Mon, Oct 20, 2003 at 07:15:47PM +0200, Alexander Sack wrote: > what Depends are best to guarantee that after package installation at > least one True Type font package is installed?? > Should I add a best guess font package or is there a kind of meta > package available for ttf packages? What

Re: Source only uploads?

On Mon, Oct 20, 2003 at 10:51:20AM +0200, Matthias Urlichs wrote: > c) The package is uploaded from the real-world environment where it works, > built on the architecture 99% of the users have. The breakage in the > other architectures' autobuilt packages is not noticed until after Sarge, > and/or

<    1   2   3   4   5   6   7   8   9   >