Re: HELP WANTED: security review / pam experts for su transition

On 08/12/2018 04:58 PM, Andreas Henriksson wrote: > Hello again, > > My previous mail didn't result in any feedback, so let me try again > with some more detailed questions that might be easier to discuss > related to the PAM configuration of su (and su-l). > FWIW I'm not sure -devel is very like

Re: HELP WANTED: security review / pam experts for su transition

Hello again, My previous mail didn't result in any feedback, so let me try again with some more detailed questions that might be easier to discuss related to the PAM configuration of su (and su-l). As people are likely aware, the su takeover has now happened and login (src:shadow) no longer ships

HELP WANTED: security review / pam experts for su transition

Hello, as previously discussed it seems all stakeholders are pretty much in agreement that it would be better for debian to use the implementation of login tools from src:util-linux instead of from src:shadow. Investigations about implementation differences has been done and remaining work is basi

Re: Newcomer to Debian: Help wanted

One of the best ways to start IMHO, is to get one of these packages[1] (don't get the old ones, as they're probably harder to work on) and prepare a QA upload fixing easy things, like: DH bump Standards Version bump Fix/bump d/watch Convert d/copyright to DEP-5 Change maintainer to QA Group Fix typ

Re: Newcomer to Debian: Help wanted

Quoting Vijeth T Aradhya (2017-01-08 13:23:41) > Firstly, thank you so much for such a quick response! It's really nice > when the community responds to you so quickly, hopefully I can be a > part of it in the coming near future :) > >> Mentioned briefly in first URL above, but I'd like to empha

Re: Newcomer to Debian: Help wanted

Hi, Firstly, thank you so much for such a quick response! It's really nice when the community responds to you so quickly, hopefully I can be a part of it in the coming near future :) Mentioned briefly in first URL above, but I'd like to emphasize one > suggestion: Cosnider join (or at list get in

Re: Newcomer to Debian: Help wanted

Quoting Paul Wise (2017-01-08 10:19:06) > On Sun, Jan 8, 2017 at 5:05 PM, Vijeth T Aradhya wrote: > > > Hey guys I'd like to start contributing to Debian and be a part of the > > community. I just need some help getting started! > > Great! Here are some ideas for things to work on: > > https://w

Re: Newcomer to Debian: Help wanted

On Sun, Jan 8, 2017 at 5:05 PM, Vijeth T Aradhya wrote: > Hey guys I'd like to start contributing to Debian and be a part of the > community. I just need some help getting started! Great! Here are some ideas for things to work on: https://www.debian.org/intro/help > When I looked at the bug tra

Newcomer to Debian: Help wanted

Hi, Hey guys I'd like to start contributing to Debian and be a part of the community. I just need some help getting started! When I looked at the bug tracker system, it was very difficult for a *newcomer* to Debian like me, to get started to solve easy bugs. I have already looked at many links f

Re: goals for hardening Debian: ideas and help wanted

Hi Paul, On Sun, Jun 08, 2014 at 10:13:27AM +0800, Paul Wise wrote: > We kind-of already support that; Debian Live is essentially that. What > would official support for read-only root look like to you? Option in > the installer? Probably fix the last bits of details that makes a read-only insta

Re: goals for hardening Debian: ideas and help wanted

On Sat, Jun 7, 2014 at 9:31 PM, Xavier Roche wrote: > Would a read-only root filesystem goal be feasible ? We kind-of already support that; Debian Live is essentially that. What would official support for read-only root look like to you? Option in the installer? > https://wiki.debian.org/Readonl

Re: goals for hardening Debian: ideas and help wanted

On Thu, Apr 24, 2014 at 10:57:39AM +0800, Paul Wise wrote: > I have written a non-exhaustive list of goals for hardening the Debian > distribution, the Debian project and computer systems of the Debian > project, contributors and users. > If you have more ideas, please add them to the wiki page. W

Re: goals for hardening Debian: ideas and help wanted

Hi, Giacomo Mulas wrote (24 Apr 2014 16:49:20 GMT) : > Good to know, actually I had tried apparmor quite some time ago and did not > try again. I will give it another spin as soon as I can. https://wiki.debian.org/AppArmor/HowTo :) > However, I do not agree that I should file bugs against apparm

Re: arm64 update - help wanted

On Sun, May 18, 2014 at 12:48 AM, Adam Borowski wrote: > The page is obsolete, since a month ago that code is already in unstable. > It's qemu-user only, though, so you can use it to build and run stuff but > not to debug bootloaders, the kernel or such. Full aarch64 system emulation is in qemu u

Re: arm64 update - help wanted

On Sat, May 17, 2014 at 05:24:38PM +0100, Luke Kenneth Casson Leighton wrote: > > is there a clear set of instructions > > somewhere - a wiki page for example - on how to debootstrap an arm64 > > qemu so that even if it's dead slow it's still possible to help out? > > https://wiki.debian.org/Arm64

Re: arm64 update - help wanted

On Thu, May 15, 2014 at 2:10 AM, Wookey wrote: > The debian-port arm64 rebootstrap is progressing nicely, and we just > passed 4200 source packages built, with another few hundred > pending. There are now 2 buildds running. awesome > Thus I'd love it if anyone else could help go through the fai

Re: arm64 update - help wanted

> suggestion, wookey: i'd love to help... but obviously with no > hardware that's kinda hard: is there a clear set of instructions > somewhere - a wiki page for example - on how to debootstrap an arm64 > qemu so that even if it's dead slow it's still possible to help out? https://wiki.debian.org/

Re: arm64 update - help wanted

On Sat, May 17, 2014 at 10:19:26AM +0100, Ian Campbell wrote: > On Fri, 2014-05-16 at 20:44 -0300, Antonio Terceiro wrote: > > On Fri, May 16, 2014 at 07:43:18AM +0100, Ian Campbell wrote: > > > On Thu, 2014-05-15 at 22:49 -0300, Antonio Terceiro wrote: > > > > On Thu, May 15, 2014 at 08:20:53PM +0

Re: arm64 update - help wanted

On Fri, 2014-05-16 at 20:44 -0300, Antonio Terceiro wrote: > On Fri, May 16, 2014 at 07:43:18AM +0100, Ian Campbell wrote: > > On Thu, 2014-05-15 at 22:49 -0300, Antonio Terceiro wrote: > > > On Thu, May 15, 2014 at 08:20:53PM +0100, Ian Campbell wrote: > > > > On Thu, 2014-05-15 at 02:10 +0100, Wo

Re: arm64 update - help wanted

On Fri, May 16, 2014 at 07:43:18AM +0100, Ian Campbell wrote: > On Thu, 2014-05-15 at 22:49 -0300, Antonio Terceiro wrote: > > On Thu, May 15, 2014 at 08:20:53PM +0100, Ian Campbell wrote: > > > On Thu, 2014-05-15 at 02:10 +0100, Wookey wrote: > > > > Also if anyone has expertise in language portin

Re: arm64 update - help wanted

On Thu, 2014-05-15 at 22:49 -0300, Antonio Terceiro wrote: > On Thu, May 15, 2014 at 08:20:53PM +0100, Ian Campbell wrote: > > On Thu, 2014-05-15 at 02:10 +0100, Wookey wrote: > > > Also if anyone has expertise in language porting we'd like to hear > > > from you. Below is the list of languages we

Re: arm64 update - help wanted

On Thu, May 15, 2014 at 08:20:53PM +0100, Ian Campbell wrote: > On Thu, 2014-05-15 at 02:10 +0100, Wookey wrote: > > Also if anyone has expertise in language porting we'd like to hear > > from you. Below is the list of languages we believe still need porting to > > arm64: > > Ruby wasn't on the l

Re: arm64 update - help wanted

Am 15.05.2014 03:10, schrieb Wookey: > Go (we have gccgo, but not gcgo) this is not arm64 specific. Debian has a serious problem in that the current Go maintainers are focused on gc only, which only supports amd64, i386, armhf, and probably armel. > Mono needs porting > GCL > CLISP need porti

Re: arm64 update - help wanted

On Thu, May 15, 2014 at 02:10:39AM +0100, Wookey wrote: > GHCi (ghc is done, but not ghci - is this hard?) This is hard. You need either an LLVM-based port or a native code generator, and in either case I think you need some linker support in GHC. Both of these are serious compiler engineer proj

Re: arm64 update - help wanted

Le jeudi 15 mai 2014 à 02:10 +0100, Wookey a écrit : > Also if anyone has expertise in language porting we'd like to hear > from you. Below is the list of languages we believe still need porting to > arm64: > Julia Note that currently Julia is only available on i386/amd64 (so no armel/armhf for

Re: arm64 update - help wanted

2014-05-15 02:10 Wookey: The debian-port arm64 rebootstrap is progressing nicely, and we just passed 4200 source packages built, with another few hundred pending. There are now 2 buildds running. In the course of that 344 have failed to build, (see http://buildd.debian-ports.org/status/architect

Re: arm64 update - help wanted

On Thu, 2014-05-15 at 02:10 +0100, Wookey wrote: > Also if anyone has expertise in language porting we'd like to hear > from you. Below is the list of languages we believe still need porting to > arm64: Ruby wasn't on the list, is that under control? Ruby seems to be at the bottom of the build-d

arm64 update - help wanted

The debian-port arm64 rebootstrap is progressing nicely, and we just passed 4200 source packages built, with another few hundred pending. There are now 2 buildds running. In the course of that 344 have failed to build, (see http://buildd.debian-ports.org/status/architecture.php?a=arm64&suite=sid

Re: [Pkg-shadow-devel] Help wanted: test new shadow source package (login, passwd, uidmap, etc.)

Quoting Steve Langasek (vor...@debian.org): > On Fri, May 02, 2014 at 04:38:15AM +, Serge Hallyn wrote: > > Quoting Christian PERRIER (bubu...@debian.org): > > > Quoting Christian PERRIER (bubu...@debian.org): > > > > Hello fellow developers, > > > > > > > > I would like to request your help i

Re: [Pkg-shadow-devel] Help wanted: test new shadow source package (login, passwd, uidmap, etc.)

Quoting Christian PERRIER (bubu...@debian.org): > Quoting Serge Hallyn (serge.hal...@ubuntu.com): > > Quoting Christian PERRIER (bubu...@debian.org): > > > Quoting Christian PERRIER (bubu...@debian.org): > > > > Hello fellow developers, > > > > > > > > I would like to request your help in testing

Re: goals for hardening Debian: ideas and help wanted

previously on this list Kevin Chadwick contributed: > all sorts of stuff that would make any chroot > in this way pointless. "more powerful" I expect means less secure in > this usage. p.p.s. why implement yet more code and complexity into systemd for preventing device files when you can just use

Re: goals for hardening Debian: ideas and help wanted

On Fri, 02 May 2014 10:55:15 +0200 Aaron Zauner wrote: > Bashing on Tor does not help here. The page suggests all devs use Tor to avoid being targetted. I am saying, does it accomplish that and is is best practice. Should they be hackable even if they are targetted or stumbled upon. I find that

Re: goals for hardening Debian: ideas and help wanted

previously on this list Tzafrir Cohen contributed: > > A wide misconception. Chroots are easily implemented and add security > > almost for free > > Not completely for free. You now have an extra mini-system to maintain. > > (often /dev/log is all that is needed) and so can be You completely

Re: goals for hardening Debian: ideas and help wanted

Hi Kevin, Kevin Chadwick wrote: > Debian developers not being able to upload security fixes is part of > the mix but then I would guess you could more easily bring down the TOR > network too than a private VPN and filtering would be much more > difficult so I would say TOR is not *optimum* for sec

Re: [Pkg-shadow-devel] Help wanted: test new shadow source package (login, passwd, uidmap, etc.)

Quoting Serge Hallyn (serge.hal...@ubuntu.com): > Quoting Christian PERRIER (bubu...@debian.org): > > Quoting Christian PERRIER (bubu...@debian.org): > > > Hello fellow developers, > > > > > > I would like to request your help in testing the new version of the > > > shadow package (that provides l

Re: make 4.0: archive rebuild resulted in 73 packages broken (help wanted)

On Thu, May 01 2014, Paul Smith wrote: > On Wed, 2014-04-30 at 10:55 -0700, Manoj Srivastava wrote: >> Opened bug in Savannah BTS: >> https://savannah.gnu.org/bugs/?42249 > I pushed a fix for this. See if it helps. I have built a new version into experimental with that patch. Of

Re: Help wanted: test new shadow source package (login, passwd, uidmap, etc.)

On Fri, May 02, 2014 at 04:38:15AM +, Serge Hallyn wrote: > Quoting Christian PERRIER (bubu...@debian.org): > > Quoting Christian PERRIER (bubu...@debian.org): > > > Hello fellow developers, > > > > > > I would like to request your help in testing the new version of the > > > shadow package (t

Re: goals for hardening Debian: ideas and help wanted

On Tue, Apr 29, 2014 at 11:24:19AM +0100, Kevin Chadwick wrote: > previously on this list people contributed: > > > > - easy create and run programs from chroot and alternate users > > > > Could you detail what you mean by this? It sounds like you want either > > virtual machines or something l

Re: Help wanted: test new shadow source package (login, passwd, uidmap, etc.)

Quoting Christian PERRIER (bubu...@debian.org): > Quoting Christian PERRIER (bubu...@debian.org): > > Hello fellow developers, > > > > I would like to request your help in testing the new version of the > > shadow package (that provides login, passwd and such other important > > or base packages).

Re: goals for hardening Debian: ideas and help wanted

On Wed, 30 Apr 2014 18:33:56 +0200 Aaron Zauner wrote: > > It adds a lot of complexity for privacy benefit. Integrity is often > > muddled into security too. As far as I am concerned they can actually > > counter each other and are seperate entities. > No they are not. Integrity should be part

Re: make 4.0: archive rebuild resulted in 73 packages broken (help wanted)

On Wed, 2014-04-30 at 10:55 -0700, Manoj Srivastava wrote: > On Wed, Apr 30 2014, Paul Smith wrote: > > > On Wed, 2014-04-30 at 18:19 +0200, Guillem Jover wrote: > >> build-stamp: > >> echo $@ > >> > >> build-arch: build-stamp > > > >> $ make --version | head -n1 > >> GNU Make 4.0 > >> $

Re: Help wanted: test new shadow source package (login, passwd, uidmap, etc.)

Quoting Christian PERRIER (bubu...@debian.org): > Hello fellow developers, > > I would like to request your help in testing the new version of the > shadow package (that provides login, passwd and such other important > or base packages). I haven't got much feedbackwhich is indeed what I was

Re: make 4.0: archive rebuild resulted in 73 packages broken (help wanted)

On Wed, 2014-04-30 at 10:55 -0700, Manoj Srivastava wrote: > On Wed, Apr 30 2014, Paul Smith wrote: > > > On Wed, 2014-04-30 at 18:19 +0200, Guillem Jover wrote: > >> build-stamp: > >> echo $@ > >> > >> build-arch: build-stamp > > > >> $ make --version | head -n1 > >> GNU Make 4.0 > >> $

Re: make 4.0: archive rebuild resulted in 73 packages broken (help wanted)

On Wed, Apr 30 2014, Paul Smith wrote: > On Wed, 2014-04-30 at 18:19 +0200, Guillem Jover wrote: >> build-stamp: >> echo $@ >> >> build-arch: build-stamp > >> $ make --version | head -n1 >> GNU Make 4.0 >> $ make -f detect.mk -qn build-arch; echo $? >> 2 > > This is definitely a bug in GN

Re: make 4.0: archive rebuild resulted in 73 packages broken (help wanted)

On Wed, 2014-04-30 at 18:19 +0200, Guillem Jover wrote: > build-stamp: > echo $@ > > build-arch: build-stamp > $ make --version | head -n1 > GNU Make 4.0 > $ make -f detect.mk -qn build-arch; echo $? > 2 This is definitely a bug in GNU make 4.0 in handling -q (note the -n is not relevant

Re: goals for hardening Debian: ideas and help wanted

Kevin Chadwick wrote: >> I'm confused, what? How does Tor lower security and at the same time, >> it provides privacy? > > Just like antivirus scanners bring greater exploitability especially > if you are not vulnerable to detectable viruses then so does Tor. What?! I don't even,.. > It adds a

Re: make 4.0: archive rebuild resulted in 73 packages broken (help wanted)

Hi! On Wed, 2014-04-30 at 16:22:37 +0200, Guillem Jover wrote: > I think we should first understand why the detection is failing with > the newer make. I'm taking a look now. Once that's done we might just > be able to fix (or workaround) one of: > > * make > * dpkg-buildpackage > * affecte

Re: make 4.0: archive rebuild resulted in 73 packages broken (help wanted)

On 2014-04-30 16:39 +0200, Roger Leigh wrote: > On Wed, Apr 30, 2014 at 04:22:37PM +0200, Guillem Jover wrote: >> I think we should first understand why the detection is failing with >> the newer make. I'm taking a look now. Once that's done we might just >> be able to fix (or workaround) one of:

Re: make 4.0: archive rebuild resulted in 73 packages broken (help wanted)

On Wed, Apr 30, 2014 at 04:22:37PM +0200, Guillem Jover wrote: > I think we should first understand why the detection is failing with > the newer make. I'm taking a look now. Once that's done we might just > be able to fix (or workaround) one of: > > * make > * dpkg-buildpackage > * affected

Re: make 4.0: archive rebuild resulted in 73 packages broken (help wanted)

Hi! On Tue, 2014-04-29 at 21:53:31 -0700, Russ Allbery wrote: > Manoj Srivastava writes: > > I will cut a normal bug on dpkg, and a serious one on make, and > > make the former block the latter while we figure otu what to do. The > > options, as I see it are: > > > 1) Do nothing. reta

Re: make 4.0: archive rebuild resulted in 73 packages broken (help wanted)

FWIW, I can't determine what the issue is from this email thread. Please file a bug on Savannah or start a thread with a repro case on the bug-m...@gnu.org mailing list. Thanks! -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact

Re: goals for hardening Debian: ideas and help wanted

On Tue, 29 Apr 2014, Jakub Wilk wrote: > > > A wide misconception. Chroots are easily implemented and add security ^^^ > > > almost for free (often /dev/log is all that is needed) and so can be used > > > by default without an

Re: make 4.0: archive rebuild resulted in 73 packages broken (help wanted)

On 29/04/2014 07:01, Manoj Srivastava wrote: > Hi, > > David Suárez kindly did an archive rebuild with the new > version of make in experimental, and the results of the build are at: > http://aws-logs.debian.net/ftbfs-logs/results-make4/ > > The summary: 73 packages have faile

Re: make 4.0: archive rebuild resulted in 73 packages broken (help wanted)

On Tue, Apr 29, 2014 at 09:53:31PM -0700, Russ Allbery wrote: > Manoj Srivastava writes: > > On Tue, Apr 29 2014, Felipe Sateler wrote: > >> On Mon, 28 Apr 2014 23:01:58 -0700, Manoj Srivastava wrote: > > 3) We state that packages must provide build-arch and build-indep for > > Jessie. This

Re: make 4.0: archive rebuild resulted in 73 packages broken (help wanted)

On Mon, 28 Apr 2014 23:01:58 -0700, Manoj Srivastava wrote: > Stephen Kitt >mingw-w64 This one is due to missing B-D-I... Regards, Stephen signature.asc Description: PGP signature

Re: make 4.0: archive rebuild resulted in 73 packages broken (help wanted)

Manoj Srivastava writes: > On Tue, Apr 29 2014, Felipe Sateler wrote: >> On Mon, 28 Apr 2014 23:01:58 -0700, Manoj Srivastava wrote: >> >> >>> Felipe Sateler >>>csound (U) >>>pulseaudio (U) > Add to that: >> Kari Pahula >>gecode >> Russ Allbery >>krb5 (U) > Missing Buil

Re: make 4.0: archive rebuild resulted in 73 packages broken (help wanted)

On Tue, Apr 29 2014, Felipe Sateler wrote: > On Mon, 28 Apr 2014 23:01:58 -0700, Manoj Srivastava wrote: > > >> Felipe Sateler >>csound (U) >>pulseaudio (U) Add to that: > Kari Pahula >gecode > Russ Allbery >krb5 (U) Missing Build-Depends-Indep is a common pattern among

Re: goals for hardening Debian: ideas and help wanted

Le mardi 29 avril 2014 à 15:35 +, Thorsten Glaser a écrit : > > A wide misconception. Chroots are easily implemented and add security > > almost for free > Bwahahahahahahahahahahahahahahahahahaha! > > (To casual observers: the entire paragraph is very wrong.) Maybe you should go read a book

Re: goals for hardening Debian: ideas and help wanted

previously on this list Marko Randjelovic contributed: > Well, we have the word "hardening" in the subject, I'm not sure > what OP meant, probably he ment more "security" then "hardening", > but grsecurity which is mentioned in wiki[1] contains features to > prevent breaking out of chroot, so comb

Re: goals for hardening Debian: ideas and help wanted

On Tue, April 29, 2014 18:45, Russ Allbery wrote: > Marko Randjelovic writes: > >> I added this: > >> "Debian policy should require that in every source package all security >> packages should be clearly marked as such in standard and easily >> parsable way with optional further references." > > I

Re: make 4.0: archive rebuild resulted in 73 packages broken (help wanted)

* Manoj Srivastava , 2014-04-28, 23:01: Moritz Muehlenhoff fbi A bashism ("echo -e") in mk/Autoconf.mk slightly corrupts the first line of Make.config: -e LIB := lib Apparently the new make doesn't like it. Beware of #584233 when fixing this bug. -- Jakub Wilk -- To UNSUBSCR

Re: make 4.0: archive rebuild resulted in 73 packages broken (help wanted)

On Mon, Apr 28, 2014 at 11:01:58PM -0700, Manoj Srivastava wrote: > David Suárez kindly did an archive rebuild with the new > version of make in experimental, and the results of the build are at: > http://aws-logs.debian.net/ftbfs-logs/results-make4/ > > The summary: 73 packag

Re: make 4.0: archive rebuild resulted in 73 packages broken (help wanted)

On Mon, 28 Apr 2014 23:01:58 -0700, Manoj Srivastava wrote: > Felipe Sateler >csound (U) >pulseaudio (U) On both I'm getting this: dpkg-buildpackage: warning: debian/rules must be updated to support the 'build-arch' and 'build-indep' targets (at least 'build-arch' seems to be missing

Re: goals for hardening Debian: ideas and help wanted

* Thorsten Glaser , 2014-04-29, 15:35: A wide misconception. Chroots are easily implemented and add security almost for free (often /dev/log is all that is needed) and so can be used by default without any potential problems, they also never bring new risks and always make life difficult for an

Re: goals for hardening Debian: ideas and help wanted

Marko Randjelovic writes: > I added this: > "Debian policy should require that in every source package all security > packages should be clearly marked as such in standard and easily > parsable way with optional further references." I don't agree with this statement. I think there are far more

Re: goals for hardening Debian: ideas and help wanted

previously on this list Thorsten Glaser contributed: > > A wide misconception. Chroots are easily implemented and add security > > almost for free (often /dev/log is all that is needed) and so can be > > used by default without any potential problems, they also never bring > > new risks and always

Re: goals for hardening Debian: ideas and help wanted

On Tue, 29 Apr 2014 11:52:14 + Patrick Schleizer wrote: > Marko Randjelovic: > > I was thinking about some kind > > of wizard: > > > > - create a chroot if doesn't already exist > > - create a launcher for your DE > > - create a shell script to run a program from terminal or a simple WM > >

Re: make 4.0: archive rebuild resulted in 73 packages broken (help wanted)

On Mon, Apr 28, 2014 at 23:01:58 -0700, Manoj Srivastava wrote: > Debian X Strike Force >xserver-xorg-video-vmware > I've split the rule in http://anonscm.debian.org/gitweb/?p=pkg-xorg/driver/xserver-xorg-video-vmware.git;a=commitdiff;h=f9208ee13d7ecb6efac784514897c824c65e9365 Hopefully that

Re: make 4.0: archive rebuild resulted in 73 packages broken (help wanted)

Manoj Srivastava writes: > Russ Allbery >krb5 (U) Missing build dependency on Python, unrelated to make. I'll file a bug to make sure this gets fixed. -- Russ Allbery (r...@debian.org) -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.

Re: goals for hardening Debian: ideas and help wanted

previously on this list Thorsten Glaser contributed: > > "Debian policy should require that in every source package all security > > packages should be clearly marked as such in standard and easily parsable > > way with optional further references." > > Veto because the security impact of bugs

Re: make 4.0: archive rebuild resulted in 73 packages broken (help wanted)

On Mon, Apr 28, 2014 at 11:01:58PM -0700, Manoj Srivastava wrote: > Kari Pahula >gecode That one failed due to missing Build-Depends-Indep and the build attempted to call debian/rules build-indep. I don't think that make 4.0 had anything to do with that failure. -- To UNSUBSCRIBE, email t

Re: goals for hardening Debian: ideas and help wanted

Kevin Chadwick yahoo.co.uk> writes: > > > > > Security and chroots aren't things I would associate, you need better. > > A wide misconception. Chroots are easily implemented and add security > almost for free (often /dev/log is all that is needed) and so can be > used by default without any pote

Re: goals for hardening Debian: ideas and help wanted

Marko Randjelovic eunet.rs> writes: > On Tue, 29 Apr 2014 11:35:26 +0800 > Paul Wise debian.org> wrote: > > On Tue, Apr 29, 2014 at 8:07 AM, Marko Randjelovic wrote: > > > > > - security patches should be clearly marked as such in every *.patch > > > file > > > > That sounds like a good idea,

Re: goals for hardening Debian: ideas and help wanted

On Tue, 29 Apr 2014 00:20:05 + Jacob Appelbaum wrote: > > > > Tor provides privacy and more likely lowers security so which threat > > against contributors or contributor actions is the Tor policy aimed to > > protect? > > I'm confused, what? How does Tor lower security and at the same time

Re: goals for hardening Debian: ideas and help wanted

previously on this list people contributed: > > - easy create and run programs from chroot and alternate users > > Could you detail what you mean by this? It sounds like you want either > virtual machines or something like docker.io: > > https://packages.debian.org/sid/docker.io > > > > > > h

Re: goals for hardening Debian: ideas and help wanted

* Jacob Appelbaum , 2014-04-29, 00:20: On 4/25/14, Kevin Chadwick wrote: Tor provides privacy and more likely lowers security so which threat against contributors or contributor actions is the Tor policy aimed to protect? I'm confused, what? How does Tor lower security and at the same time,

Re: goals for hardening Debian: ideas and help wanted

On Tue, Apr 29, 2014 at 4:22 PM, Marko Randjelovic wrote: > Cencerely, I never heard about Docker before, I didn't mean > about VMs and I meant about chrooting. I was thinking about some kind > of wizard: > > - create a chroot if doesn't already exist > - create a launcher for your DE > - create a

Re: goals for hardening Debian: ideas and help wanted

On Tue, 29 Apr 2014 11:35:26 +0800 Paul Wise wrote: > On Tue, Apr 29, 2014 at 8:07 AM, Marko Randjelovic wrote: > > > - security patches should be clearly marked as such in every *.patch > > file > > That sounds like a good idea, could you add it to the wiki page? I added this: "Debian poli

Re: make 4.0: archive rebuild resulted in 73 packages broken (help wanted)

On 29/04/14 08:01, Manoj Srivastava wrote: > Debian GNOME Maintainers >libgksu (U) make[1]: Entering directory '/«PKGBUILDDIR»' Makefile:733: *** missing separator (did you mean TAB instead of 8 spaces?). Stop. That's a problem in libgksu using spaces rather than tabs in ./Makefile.am. Pre

Re: make 4.0: archive rebuild resulted in 73 packages broken (help wanted)

Hi, Am Montag, den 28.04.2014, 23:01 -0700 schrieb Manoj Srivastava: > Debian Haskell Group >haskell-tasty-golden >haskell-terminal-progress-bar related to dependencies on the systems locale, it seems. Not related to make. Greetings, Joachim -- Joachim "nomeata" Breitner Debian Develo

Re: goals for hardening Debian: ideas and help wanted

On Tue, Apr 29, 2014 at 11:35:26AM +0800, Paul Wise wrote: > On Tue, Apr 29, 2014 at 8:07 AM, Marko Randjelovic wrote: > > > - security patches should be clearly marked as such in every *.patch > > file > > That sounds like a good idea, could you add it to the wiki page? It's not always easy t

make 4.0: archive rebuild resulted in 73 packages broken (help wanted)

Hi, David Suárez kindly did an archive rebuild with the new version of make in experimental, and the results of the build are at: http://aws-logs.debian.net/ftbfs-logs/results-make4/ The summary: 73 packages have failed, though not all seem obviously related to make. Out of

Re: goals for hardening Debian: ideas and help wanted

On Tue, Apr 29, 2014 at 8:07 AM, Marko Randjelovic wrote: > - security patches should be clearly marked as such in every *.patch > file That sounds like a good idea, could you add it to the wiki page? > - easy create and run programs from chroot and alternate users Could you detail what you m

Re: goals for hardening Debian: ideas and help wanted

On 4/25/14, Kevin Chadwick wrote: > previously on this list Paul Wise contributed: > >> I have written a non-exhaustive list of goals for hardening the Debian >> distribution, the Debian project and computer systems of the Debian >> project, contributors and users. >> >> https://wiki.debian.org/Ha

Re: goals for hardening Debian: ideas and help wanted

On Thu, 24 Apr 2014 10:57:39 +0800 Paul Wise wrote: > Hi all, > > I have written a non-exhaustive list of goals for hardening the Debian > distribution, the Debian project and computer systems of the Debian > project, contributors and users. > > https://wiki.debian.org/Hardening/Goals > > If y

Re: goals for hardening Debian: ideas and help wanted

previously on this list Paul Wise contributed: > I have written a non-exhaustive list of goals for hardening the Debian > distribution, the Debian project and computer systems of the Debian > project, contributors and users. > > https://wiki.debian.org/Hardening/Goals > > If you have more ideas,

Re: goals for hardening Debian: ideas and help wanted

On Thu, Apr 24, 2014 at 9:49 AM, Giacomo Mulas wrote: > On Thu, 24 Apr 2014, Steve Langasek wrote: > >> The apparmor policies in Debian apply a principle of minimal harm, >> confining >> only those services for which someone has taken the time to verify the >> correct profile. There are obviously

Help wanted: test new shadow source package (login, passwd, uidmap, etc.)

Hello fellow developers, I would like to request your help in testing the new version of the shadow package (that provides login, passwd and such other important or base packages). Debian is upstream for shadow since Nicolas François (with my help) took over the maintenance of shadow back in 2005

Re: goals for hardening Debian: ideas and help wanted

On Thu, 24 Apr 2014, Steve Langasek wrote: The apparmor policies in Debian apply a principle of minimal harm, confining only those services for which someone has taken the time to verify the correct profile. There are obviously pros and cons to each approach to MAC, which I'm not interested in

Re: goals for hardening Debian: ideas and help wanted

On Thu, Apr 24, 2014 at 11:45:46AM +0200, Giacomo Mulas wrote: > On Thu, 24 Apr 2014, Paul Wise wrote: > >>Would the inclusion of more AppArmor profiles be applicable? > >Thanks, added along with SELinux/etc. > I second that. Actually, some time ago I tried using both AppArmor and > SELinux, but

Re: goals for hardening Debian: ideas and help wanted

On Thu, 24 Apr 2014, Paul Wise wrote: On Thu, 2014-04-24 at 02:53 -0007, Cameron Norman wrote: Would the inclusion of more AppArmor profiles be applicable? Thanks, added along with SELinux/etc. I second that. Actually, some time ago I tried using both AppArmor and SELinux, but gave up beca

Re: goals for hardening Debian: ideas and help wanted

> I suggest it might be better if exploits were each given a quick/approximate > "ranking" in terms of severity (and if the severity is unknown it could be > assigned a default median ranking), so that the algorithm you mention wouldn't > just add number of unplugged exploits, but add them by weigh

Re: goals for hardening Debian: ideas and help wanted

On Jo, 24 apr 14, 11:06:27, Rowan Thorpe wrote: > On 10:57 Thu 24 Apr 2014, Paul Wise wrote: > > ..[snip].. > > https://wiki.debian.org/Hardening/Goals > > Regarding the line (at that page): > > > Refuse to install packages that are known to have X number of unplugged > > exploits (i.e. X number

Re: goals for hardening Debian: ideas and help wanted

On 10:57 Thu 24 Apr 2014, Paul Wise wrote: > ..[snip].. > https://wiki.debian.org/Hardening/Goals Regarding the line (at that page): > Refuse to install packages that are known to have X number of unplugged > exploits (i.e. X number of open security bugs in the bug tracker) unless > e.g. --allow-

Re: goals for hardening Debian: ideas and help wanted

Apologies for the top posting, I'm writing this from my phone. I get a 403 when trying to access via Orbot/Orweb on Android 4.1 phone. Amusing. Lesley On 24 Apr 2014 03:58, "Paul Wise" wrote: > Hi all, > > I have written a non-exhaustive list of goals for hardening the Debian > distribution, the

Re: goals for hardening Debian: ideas and help wanted

2014-04-24 4:57 GMT+02:00 Paul Wise : > Hi all, > > I have written a non-exhaustive list of goals for hardening the Debian > distribution, the Debian project and computer systems of the Debian > project, contributors and users. > > https://wiki.debian.org/Hardening/Goals > > If you have more ideas

Re: goals for hardening Debian: ideas and help wanted

On Thu, 2014-04-24 at 02:53 -0007, Cameron Norman wrote: > Would the inclusion of more AppArmor profiles be applicable? Thanks, added along with SELinux/etc. -- bye, pabs http://wiki.debian.org/PaulWise signature.asc Description: This is a digitally signed message part

Re: goals for hardening Debian: ideas and help wanted

El Wed, 23 de Apr 2014 a las 7:57 PM, Paul Wise escribió: Hi all, I have written a non-exhaustive list of goals for hardening the Debian distribution, the Debian project and computer systems of the Debian project, contributors and users. https://wiki.debian.org/Hardening/Goals If you have mor

goals for hardening Debian: ideas and help wanted

Hi all, I have written a non-exhaustive list of goals for hardening the Debian distribution, the Debian project and computer systems of the Debian project, contributors and users. https://wiki.debian.org/Hardening/Goals If you have more ideas, please add them to the wiki page. If you have more

Re: lxdoom: help wanted

On Mon, 2005-05-23 at 00:50 -0400, Joe Drew wrote: > For some time I've been more or less MIA, but in the past month or so > it became impossible for me to do debian work: the processor in my > desktop, my only Debian machine (the only other machine I own has a > proprietary, non-Linux compat

  1   2   >