-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Michael S Gilbert schrieb:
> On Thu, 17 Sep 2009 21:26:38 +0200 Christoph Anton Mitterer wrote:
>> Hi.
>>
>> Some time ago, I've wrote several bug reports to packages, that download
>> files from some non-apt-secured sources of the web, and install the
On Thu, 17 Sep 2009 21:26:38 +0200 Christoph Anton Mitterer wrote:
> Hi.
>
> Some time ago, I've wrote several bug reports to packages, that download
> files from some non-apt-secured sources of the web, and install them.
i also started a similar discussion a while back, which was met with
mixed
Le Fri, Sep 18, 2009 at 12:51:14AM +0200, Wouter Verhelst a écrit :
>
> What I'm trying to discuss here is that Debian Developers who package
> their own software as Debian native packages should be allowed to do so
Hi Wouter and everybody,
it seems to me that the difficulties in this discussion
The following is a listing of packages for which help has been requested
through the WNPP (Work-Needing and Prospective Packages) system in the
last week.
Total number of orphaned packages: 495 (new: 0)
Total number of packages offered up for adoption: 161 (new: 0)
Total number of packages request
Sigh.
On Thu, Sep 17, 2009 at 09:25:39AM +0200, Giacomo A. Catenazzi wrote:
> Wouter Verhelst wrote:
> >That doesn't follow. You're assuming it's going to be impossible to keep
> >the original debian/changelog file, and/or that the only way to package
> >something that an upstream has packaged as
Patrick Matthäi wrote:
> In the case of geoip it is just a data file (like a .svg etc) with no
> attacking vector. The attacker could only inject a corrupted database
> and geoip will throw errors/false positions.
>
> Is this realy a vector for it?
>
I think it there is an attack vector for it.
On Thu Sep 17, 2009 at 21:26:38 +0200, Christoph Anton Mitterer wrote:
> CURRENT SITUATION:
> One can differ between three classes of packages:
> 0) Packages who do not download anything from the web.
>
> 1) Packages which download stuff but this is just normal data like
> pidgin, firefox (I mean
Processing commands for cont...@bugs.debian.org:
> reassign 547220 release-notes
Bug #547220 [general] general: Lenny Upgrade Documentation Typos
Bug reassigned from package 'general' to 'release-notes'.
>
End of message, stopping processing here.
Please contact me if you need assistance.
Debian
When a binary package is renamed or split, as well as if several packages are
merged under a new name, transitional packages are normally created, which
depend on the new packages, which in turn Replaces and Conflicts with, and
possibly Provides, the old packages. I find those dummy packages as
Limmigration et la citoyenneté canadienne
La population immigrée du Québec
Le Recensement de 2006 a montré que 11,5 % de la population totale du Québec
est immigrante, la proportion la plus forte jamais constatée dans lhistoire
de la province. Cette proportion est de presque 20% pour le Cana
writes:
> Yes true,.. for firefox this is (IMHO) a very big problem,.. many
> plugins out there,.. lots of them are not open source at all, the update
> goes often via the upstream website (AFAIK) and not via
> addons.mozilla.org.. So the ideal way for FF plugins is to have them
> packaged.
Man
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Leo "costela" Antunes schrieb:
> Hi,
>
> Patrick Matthäi wrote:
>> Maybe we should also think about the downloaded files itself.
>> A firmware for Linux or a plugin for firefox could do realy bad things.
>>
>> In the case of geoip it is just a data fi
Package: general
Severity: minor
While doing my first dist-upgrade I noticed a few typos that
may cause some confusion to other users.
In the document referenced at:
http://www.debian.org/releases/lenny/i386/release-notes/ch-upgrading.en.html
Section 4.3. Manually unmarking packages
contains th
Hi,
Patrick Matthäi wrote:
> Maybe we should also think about the downloaded files itself.
> A firmware for Linux or a plugin for firefox could do realy bad things.
>
> In the case of geoip it is just a data file (like a .svg etc) with no
> attacking vector. The attacker could only inject a corru
On Thu, 17 Sep 2009 21:37:24 +0200, Patrick Matthäi
wrote:
> Maybe we should also think about the downloaded files itself.
> A firmware for Linux or a plugin for firefox could do realy bad things.
Yes true,.. for firefox this is (IMHO) a very big problem,.. many plugins
out there,.. lots of them a
On Thu, Sep 17, 2009 at 05:10:45PM +0200, Patrick Schoenfeld wrote:
> On Thu, Sep 17, 2009 at 05:06:02PM +0200, Vincent Danjean wrote:
> > I cannot see a good solution here.
>
> Well, the obvious solution is to include it in the Release Notes.
That would just spam and mud down the Notes.
The "w
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Christoph Anton Mitterer schrieb:
> Hi.
>
> Some time ago, I've wrote several bug reports to packages, that download
> files from some non-apt-secured sources of the web, and install them.
>
> I got more or less positive feedback from maintainers tha
Hi.
Some time ago, I've wrote several bug reports to packages, that download
files from some non-apt-secured sources of the web, and install them.
I got more or less positive feedback from maintainers that happily
accepted my suggestions, to those who thought they were crap and not
necessary ;)
We have added a day trip to the Taiwan Mini-DebConf program, to visit
the Google Corporation, in Taipei 101, the world's tallest building.
http://wiki.debian.org/DebianTaiwan/MiniDebConf2009#Monday2009-09-28
--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "uns
[Vincent Danjean]
> I cannot see a good solution here.
Well, except _not_ to abet the hostile takeover of a project name that
has been around since ... I don't know, but the Debian package goes
back to 1997.
I know git is the awesomest thing since tla, but I'm disappointed that
8 or 9 years of
* Marvin Renich [090917 11:40]:
> I do not know how aptitude deals with the automatic/manual flag in this
> case, though. Suppose a user has etch installed with git 4.3.20-10
> (marked as manual in aptitude). The upgrade to lenny will bring in
> gnuit 4.9.4-1; I think aptitude will mark it autom
* Vincent Danjean [090917 11:05]:
> There is no way APT (or dpkg) knows that git/lenny should be remove
> instead of being 'upgraded' in git/squeeze.
>
> Note that adding a release (squeeze) without a git package will not
> solve the problem: the git/lenny package will not be removed from
> the s
* Leandro Doctors [090917 10:41]:
> 2009/9/17 Marvin Renich :
> > But, if I were a gnuit user and not a git-core user, I would find it
> > annoying (and possibly confusing) when upgrading from lenny to squeeze
> > to have a new package added that I didn't want and that is completely
> > unrelated
Package: wnpp
Severity: wishlist
Owner: Mathieu Malaterre
* Package name: pixelmed
Version : 20090816
Upstream Author : David Clunie
* URL : http://www.pixelmed.com/
* License : BSD
Programming Lang: Java
Description : PixelMed Java DICOM Toolkit
This
On Thu, Sep 17, 2009 at 05:06:02PM +0200, Vincent Danjean wrote:
> I cannot see a good solution here.
Well, the obvious solution is to include it in the Release Notes.
Best Regards,
Patrick
--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Tro
Leandro Doctors wrote:
> 2009/9/17 Marvin Renich :
>> But, if I were a gnuit user and not a git-core user, I would find it
>> annoying (and possibly confusing) when upgrading from lenny to squeeze
>> to have a new package added that I didn't want and that is completely
>> unrelated to anything I ha
2009/9/17 Marvin Renich :
> * Gerrit Pape [090917 05:18]:
>> Hi,
>>
>> thanks to Ian Beckwith, the GNU Interactive Tools package 'git' has been
>> renamed to 'gnuit' in lenny.
:-)
>> I'm about to provide a new git binary package from the git-core (the
>> distributed revision control system) sourc
* Gerrit Pape [090917 05:18]:
> Hi,
>
> thanks to Ian Beckwith, the GNU Interactive Tools package 'git' has been
> renamed to 'gnuit' in lenny. In lenny 'git' is a transitional package
> that depends on gnuit, in squeeze and sid there's no 'git' package
> anymore.
>
> I'm about to provide a new
Guy Hulbert writes:
> On Thu, 2009-17-09 at 14:11 +0200, Dominique Dumont wrote:
>> The other day, I was upgrading cups and dpkg did ask me the usual way
>> if I wanted to keep my cups config file or take the upstream version.
>
> This email looks very familiar. Did you send something quite simi
On Thu, 2009-17-09 at 14:11 +0200, Dominique Dumont wrote:
> The other day, I was upgrading cups and dpkg did ask me the usual way
> if I wanted to keep my cups config file or take the upstream version.
This email looks very familiar. Did you send something quite similar a
few months ago?
I see
Hello
The other day, I was upgrading cups and dpkg did ask me the usual way
if I wanted to keep my cups config file or take the upstream version.
Like always, I asked for a diff and was quite puzzled because I did
not remember anything about editing this file. Then I remembered that
I did a modi
Gerrit Pape (17/09/2009):
> I'm about to provide a new git binary package from the git-core (the
> distributed revision control system) source, so that 'apt-get
> install git' installs the git content tracker in squeeze.
Nice. :)
> For people upgrading from lenny with git (from gnuit) installed,
Package: wnpp
Severity: wishlist
Owner: Alessio Treglia
* Package name: nautilus-pastebin
Version : 0.1.1
Upstream Author : Alessio Treglia
* URL : https://launchpad.net/nautilus-pastebin
* License : GPL
Programming Lang: Python
Description : Nautilus
On Thu, Sep 17, 2009 at 10:25, Ehren Kret wrote:
> Package: wnpp
> Severity: wishlist
> Owner: Ehren Kret
>
>
> * Package name : python-editdist
> Version : 0.3
> Upstream Author : Damien Miller
> * URL : http://www.mindrot.org/projects/py-editdist/
> * License :
Hi,
thanks to Ian Beckwith, the GNU Interactive Tools package 'git' has been
renamed to 'gnuit' in lenny. In lenny 'git' is a transitional package
that depends on gnuit, in squeeze and sid there's no 'git' package
anymore.
I'm about to provide a new git binary package from the git-core (the
dist
Package: wnpp
Severity: wishlist
Owner: Ehren Kret
* Package name: python-editdist
Version : 0.3
Upstream Author : Damien Miller
* URL : http://www.mindrot.org/projects/py-editdist/
* License : ISC
Programming Lang: Python, C
Description : small and f
On Thu, Sep 17, 2009 at 10:55:45AM +0900, Charles Plessy wrote:
> Given that identifiers like ‘Other1’, ’Other2’… are ugly or even confusing,
> and
> that the machine-readable format has the goal to be very human-readable as
> well, I propose to remove the default to ’other’ from the DEP and leave
On Thu, Sep 17, 2009 at 09:25:39AM +0200, Giacomo A. Catenazzi wrote:
> But if we pack as non-native (as it should be: we are not upstream),
> more problems arises:
> we cannot patch anymore debian directory: on 3.0 source format
> the original debian dir will disappear, thus removing the
> debian/
Wouter Verhelst wrote:
On Thu, Sep 17, 2009 at 07:46:08AM +0200, Giacomo A. Catenazzi wrote:
On native package the debian/changelog is also used for upstream
changelog: upstreams tend to package their packages as native.
[...]
Thus non debian specific package, which are also native,
should (mu
On Thu, Sep 17, 2009 at 07:46:08AM +0200, Giacomo A. Catenazzi wrote:
> On native package the debian/changelog is also used for upstream
> changelog: upstreams tend to package their packages as native.
[...]
> Thus non debian specific package, which are also native,
> should (must on GPL licensed p
40 matches
Mail list logo