Hi Samuel and Team,
On Sun, 2024-03-03 at 18:10 +, Samuel Henrique wrote:
> Peter Wienemann and Sven Geuer just started their DD application:
> https://nm.debian.org/process/1264
> https://nm.debian.org/process/1268
>
> They are long time contributors and I'm happy we are having them as DDs.
Hi Samuel,
Thank you for your time, actually the reviewers on mentors started only few
days ago, it's the first time that I submit a package to debian, so pardon
me if I didn't follow all the best practices.
I think I have catched your point, as long as the package is going on on
mentors it is
Hello Carmine,
> Anyway could you simply use the package that I have generated on mentors?
Now I understand it better, yes the one on mentors does build, and in your
sources you put the packaging under deb-packaging.
>From a technical standpoint, the package has a few lintian findings that have
Hi Samuel,
I just updated the repo both on git and on mentors with your hints:
https://mentors.debian.net/package/hexwalk
For packaging I'm using a different method than yours,
I use "pdebuild --debbuildopts -sa --debsign-k xx"
Effectively I noticed that "debian" folder is not
Hello Carmine,
On Tue, 21 May 2024 at 05:41, Carmine wrote:
> Thank you for your time, I'll try to fix the issues by myself and will return
> to you asap.
> The strange thing is that I already generated the package here:
> https://mentors.debian.net/package/hexwalk/
>
> and I didn't face all
Hi Samuel,
Thank you for your time, I'll try to fix the issues by myself and will
return to you asap.
The strange thing is that I already generated the package here:
https://mentors.debian.net/package/hexwalk/
and I didn't face all these issues
Am I missing something?
Thank you again,
Carmix
Hello Alicherif,
On Mon, 20 May 2024 at 14:54, Alicherif Samir wrote:
> I'm working on the Wapiti web scanner with a team of motivated people, and we
> want to see our work published on the Salsa repositories.
That's great, feel free to send an MR against the debian branch, you can skip
doing
Hello Simon,
On Sat, 11 May 2024 at 10:59, Simon Josefsson wrote:
> I'm not up to speed on all the pkg-security tooling, so please review
> and fix anything that needs fixing. I feel uncomfortable having a salsa
> write permission token in plain text on my laptop, which seemed required
> to use
Hello Simon,
On Sat, 11 May 2024 at 11:51, Simon Josefsson wrote:
> Following up on the namespace question separately. To clarify: I'm not
> proposing any change. I'm mostly trying to learn and understand why
> some decisions were made and if the rationale still apply.
No worries, I think
Hello carmix,
I've had some time to review the package today, I didn't review everything in
depth so there might be more comments after these changes.
1) d/changelog: unstable distribution
I see that you're targeting "stable" in the changelog, but in Debian we do
uploads to unstable or
Hello everyone,
Just wondering if the Security team could spend some time availiating my
proposal.
Feedback from others is always welcomed too, but in order to go ahead I would
like to understand where the team stands.
Cheers,
--
Samuel Henrique
Arnaud Rebillout writes:
> On 11/05/2024 16:59, Simon Josefsson wrote:
>> I feel uncomfortable having a salsa
>> write permission token in plain text on my laptop, which seemed required
>> to use some of the suggested tools
>
> Just passing by.
>
> What are you referring to, why is a salsa token
On 11/05/2024 16:59, Simon Josefsson wrote:
I feel uncomfortable having a salsa
write permission token in plain text on my laptop, which seemed required
to use some of the suggested tools
Just passing by.
What are you referring to, why is a salsa token required? Often enough,
you can store
Thanks for adding me to the pkg-security group! To get started, I have
moved libntlm's git repo from the pkg-auth-maintainers group on Salsa to
the pkg-security. I did an upload updating debian/control, together
with some other fixes.
I'm not up to speed on all the pkg-security tooling, so
Hello Samuel,
On Thu, 2024-05-09 at 23:51 +0100, Samuel Henrique wrote:
> Hello Sven,
>
> > Would you do a final review and grant DM rights to me?
>
> Done, I suggest in the future you try to minimize the amount of
> "update
> changelog" commits by only running gbp dch once you're about to
>
I've sent this to Aquila last month but CC'ed the wrong list, sending it to the
right one for tracking purposes now.
Hello Aquila,
> I have taken the initiative to package assetfinder for Debian, and the
> package is
> readily accessible in my Salsa repository at
>
I've sent this to Aquila last month but CC'ed the wrong list, sending it to the
right one for tracking purposes now.
Hello Aquila,
> I have taken the initiative to package paramspider for Debian, and the
> package is readily accessible in my Salsa repository at
>
Hello carmix,
> I didn't receive any response from you on my last mail. I added the
> debian material on github.
Sorry, I didn't have time to look into this yet, but it's on my todo list.
Regards,
--
Samuel Henrique
Hello Sven,
> Would you do a final review and grant DM rights to me?
Done, I suggest in the future you try to minimize the amount of "update
changelog" commits by only running gbp dch once you're about to upload. This
will help considerably reduce the amount of commits (would be half of them for
Hello Samuel,
I hope you find the time to deal with my request below soonish.
On Thu, 2024-04-25 at 16:04 +0200, Sven Geuer wrote:
> Hello Samuel,
>
> [...]
>
>
> The vpnc package has been moved to the group recently [1] and I
> updated
> this repo with the changes from my personal repository
Hello Samuel,
On Sun, 2024-03-03 at 20:35 +0100, Sven Geuer wrote:
> Hello Samuel,
>
> On Sun, 2024-03-03 at 18:23 +, Samuel Henrique wrote:
> > Hello Sven,
> >
> > > Would you be kind enough to review my work under my personal repo
> > > [3]?
> > >
> > > If everything looks good to you,
Hi Security team,
There's a third party patch for this CVE[2], and at least testing locally with
the
PoC in[1] seems to mitigate the issue. Do you think this is OK to pick and
upload?
Maytham Alsudany wrote:
> Hi Anthony,
>
> As you are the uploader for golang-github-disintegration-imaging,
Hello everyone,
I've done some small updates to the proposal, mostly improving readability and
making my suggestion more clear.
v2 below:
I would like to propose something which will lower the amount
of reported false-positive CVEs to our users by about 20%.
# tl;dr
We don't have a unique way
Hi Samuel,
I didn't receive any response from you on my last mail. I added the
debian material on github.
As for adding also to Salsa I don't have rights to register to your
gitlab, anyway if it is enough I would proceed with github.
I keep waiting for your indications,
Thank you,
Hello Gürkan,
> I would like to help out. Read all about me on my wiki.d.o page or
> github.com/alexmyczko.
> IRC regular user (office hours/europe).
I've just noticed you're a DD, so you should get instant approval :).
> At the moment I saw radare2 and how outdated it is, thus updated it (but
ned by gbp.
1.3) There should be an "upstream" or "upstream/latest" branch with the
upstream code, automatically generated and maintained by gbp, without the
debian/folder.
There are multiple ways this can be solved, but the simplest one is by
re-creating the git repo, with a si
Hi Samuel,
thank you for your response,
I just added the debian folder content to the repository on github as
you asked.
It's the first time for me in packaging for the official debian
repository, so I appreciate your help in this task.
There is no problem for me to put the project also
Hello carmix,
> I would like to have it into Debian and I have started following the guides
> so I packaged it on mentors:
>
> https://mentors.debian.net/package/hexwalk/
>
> I made a ITP and a RFS, now I need a sponsor, I saw that in this
> team there is ImHex software that is something similar
Hello Simon,
I've just realized I forgot to reply to this, sorry about that.
On Sat, 16 Dec 2023 at 11:04, Simon Josefsson wrote:
> I help maintain a couple of security-related packages in the pkg-auth-
> maintainers, pkg-sssd, pkg-xmpp-devel, oath-toolkit-help groups; gsasl,
> libntlm,
Hello Aquila,
> I have taken the initiative to package paramspider for Debian, and the
> package is readily accessible in my Salsa repository at
> https://salsa.debian.org/aquilamacedo/paramspider
>
> I would be grateful if you would consider sponsoring the paramspider
> package. I am confident
Hello Aquila,
> I have taken the initiative to package assetfinder for Debian, and the
> package is
> readily accessible in my Salsa repository at
> https://salsa.debian.org/aquilamacedo/assetfinder
I see that the package is currently in NEW by Josenilson.
Me and you spoke about this but I'm
Hello Sven,
> I would be pleased if one of the DDs would review my work and upload
> the package to unstable.
Uploaded, thank you for contributing!
Cheers,
--
Samuel Henrique
* [Wed, Apr 03, 2024 at 11:11:20PM +0100] Samuel Henrique:
On the proposed solution I also mention that we can use the "(free text
comment)" section to indicate that, while sticking to "not-affected", this
would simplify things as no new value is needed. But parsing the cases where
only the
On Wed, 3 Apr 2024 at 17:04, Gian Piero Carrubba wrote:
>
> * [Wed, Apr 03, 2024 at 09:21:41AM +0100] Samuel Henrique:
> ># Alternative solutions:
> >If we really want to distinguish the case when we don't produce any affected
> >packages but the source contains the vulnerability (a build with
* [Wed, Apr 03, 2024 at 09:21:41AM +0100] Samuel Henrique:
# Alternative solutions:
If we really want to distinguish the case when we don't produce any affected
packages but the source contains the vulnerability (a build with different
flags might result in an affected package), we can create a
* [Sun, Mar 31, 2024 at 09:28:46PM +] Nick Sal:
With respect to debian testing, assume we filter SSH access only to a
subnet using the files host.{deny,allow} (see below).
Would this prevent the attack if a malicious payload was not sent from
the allowed subnet?
I've not seen any
On 17184 March 1977, Gian Piero Carrubba wrote:
Due to recent events, the point release has been postponed. A new date
will be announced when possible.
Given the centrality of xz, and standing that AFAIK the intricacies of
the attack are not yet fully understood, should we expect a complete
* [Fri, Mar 29, 2024 at 10:24:09PM +] Adam D. Barratt:
Due to recent events, the point release has been postponed. A new date
will be announced when possible.
Given the centrality of xz, and standing that AFAIK the intricacies of
the attack are not yet fully understood, should we expect a
Hi Aquila,
As promised, here's my review. Please Cc me when replying :-).
- lintian is complaining that there's no manual page for the program.
As I've recently reviewed some of your packages and I know you do a
great job at writing these missing upstream manpages, could you do it
for
On Fri, 2024-02-16 at 17:35 +, Jonathan Wiltshire wrote:
> The next point release for "bookworm" (12.6) is scheduled for
> Saturday, April 6th. Processing of new uploads into bookworm-
> proposed-updates will be frozen during the preceeding weekend.
Due to recent events, the point release has
Hello, I might have added you
G.
Il lunedì 11 marzo 2024 alle ore 16:57:15 CET, Nilson Silva
ha scritto:
Hello team members.
I hope you are well!
I come through this email to request my membership to the team.
My contribution to the team was to bring Kali packages
On 23/06/2023 10:21, Moritz Muehlenhoff wrote:
But in fact the view in the Debian security is a little misleading, given
that it displays "vulnerable" all over the place, e.g.
https://security-tracker.debian.org/tracker/CVE-2023-31147
It would be nice if that "unimportant" issues it would
On 10/03/2024 21:23, StealthMode Hu wrote:
Im just going to state this and let yall figure it out.
Security Exploits / CVE?
Look no matter what OS, or SOFTWARE you run on your electronics hardware.
At the end of the day, Electronics has a fatal flaw. And cannot be secured.
That flaw has been
On Fri, 2023-09-29 at 22:12 +0100, Samuel Henrique wrote:
> Hello Debora,
Hello. Apologies for my absense on this, I had some personal life
changing event at the end of last year but am now able to focus on this
project again.
>
> > > If you agree, I can create the repo on salsa and give you
Im just going to state this and let yall figure it out.
Security Exploits / CVE?
Look no matter what OS, or SOFTWARE you run on your electronics hardware.
At the end of the day, Electronics has a fatal flaw. And cannot be secured.
That flaw has been known about since Electronics was invented /
Hi,
On Fri, Mar 01, 2024 at 09:11:34AM +0100, Richard van den Berg wrote:
> Dear security team,
>
> May I ask why CVE-2023-41105 was marked as " (Minor issue)"[1] ?
>
> As the CVE description says there are plausible cases where this can lead to
> security issues.
>
> There is a backport
Hello Carlos,
On Sun, 2024-03-03 at 16:10 -0300, Carlos Henrique Lima Melara wrote:
> Hi,
>
> On Sun, Mar 03, 2024 at 06:23:55PM +, Samuel Henrique wrote:
> > Hello Sven,
> >
> > > Would you be kind enough to review my work under my personal repo
> > > [3]?
> > >
> > > If everything looks
Hello Samuel,
On Sun, 2024-03-03 at 18:23 +, Samuel Henrique wrote:
> Hello Sven,
>
> > Would you be kind enough to review my work under my personal repo
> > [3]?
> >
> > If everything looks good to you, would you state you're agreeing to
> > moving the repository from the Debian group to
Hi,
On Sun, Mar 03, 2024 at 06:23:55PM +, Samuel Henrique wrote:
> Hello Sven,
>
> > Would you be kind enough to review my work under my personal repo [3]?
> >
> > If everything looks good to you, would you state you're agreeing to
> > moving the repository from the Debian group to the
Hello Sven,
> Would you be kind enough to review my work under my personal repo [3]?
>
> If everything looks good to you, would you state you're agreeing to
> moving the repository from the Debian group to the Debian Security
> Tools Packaging Team? I would raise a ticket with the Salsa Team
Hi,
On Fri, Feb 23, 2024 at 02:51:34AM +0100, Christoph Anton Mitterer wrote:
> Hey there.
>
> I've just noted that:
>
> https://security-tracker.debian.org/tracker/source-package/libgit2
>
> lists CVE-2024-24577 as fixed for unstable (and CVE-2024-24575 is only
> listed in the resolved list).
On 29/02/2024 6:13 pm, Sven Geuer wrote:
On Thu, 2024-02-29 at 08:37 +0700, Arnaud Rebillout wrote:
-t, --trailing-comma: Add a trailing comma at the end of the
sorted
fields. This minimizes future differences in the VCS commits when
additional dependencies are appended or removed.
Hello Arnaud,
On Thu, 2024-02-29 at 08:37 +0700, Arnaud Rebillout wrote:
> Hello Sven,
>
> Regarding your commit "Apply 'wrap-and-sort -a' to d/control": did
> you
> consider using the option -t of wrap-and-sort as well? From the man
> page:
>
> -t, --trailing-comma: Add a trailing comma
Hello Sven,
On 29/02/2024 6:13 am, Sven Geuer wrote:
Hello Team,
I have been working on the ccrypt package [1] and pushed the result to
salsa, the CI pipeline was processed without any complaint.
I would be pleased if one of the DDs would review my work and upload
the package to unstable.
Hi Samuel,
On Wed, 07 Feb 2024 15:23:16 +0100 Sven Geuer
wrote:
> [...]
>
> I forked the vpnc package from the Debian group [1] to my personal
> projects [2] and started to work on it.
>
> In the end I would like to maintain the package under the umbrella of
> the Debian Security Tools
On Wed, 2024-01-24 at 18:21 +, Adam D. Barratt wrote:
> Hi,
>
> The next point release for "bullseye" (11.9) is scheduled for
> Saturday,
> February 10th. Processing of new uploads into bullseye-proposed-
> updates
> will be frozen during the preceding weekend.
The archive side of the point
On Wed, 2024-01-24 at 18:20 +, Adam D. Barratt wrote:
> Hi,
>
> The next point release for "bookworm" (12.5) is scheduled for
> Saturday,
> February 10th. Processing of new uploads into bookworm-proposed-
> updates
> will be frozen during the preceding weekend.
The archive side of the point
Hi Will,
On Wed, Feb 07, 2024 at 04:34:11PM +, Will Sewell wrote:
> Hello,
>
> Your security tracker claims that the CVEs related to "Leaky Vessels" (
> https://snyk.io/blog/leaky-vessels-docker-runc-container-breakout-vulnerabilities/)
> are NOT-FOR-US:
>
> -
Hi,
I've misunderstood the intent of that security-tracker.d.o
Your explanation make me understand.
Thanks!
2024年1月9日(火) 23:41 Moritz Muehlenhoff :
>
> Hi Kentaro,
>
> > I've found a bit strange status about some tracked issue
> > on security-tracker.debian.org.
> >
> > 1. CVE-2023-36054 krb5
>
Hi Kentaro,
> I've found a bit strange status about some tracked issue
> on security-tracker.debian.org.
>
> 1. CVE-2023-36054 krb5
> https://security-tracker.debian.org/tracker/CVE-2023-36054
>
> it shows like:
>
> bullseye 1.18.3-6+deb11u4 fixed
> bullseye (security) 1.18.3-6+deb11u3
Dear Sven,
On 2024-01-06 10:58:41 +0100, Sven Geuer wrote:
On Fri, 2024-01-05 at 20:59 +, Peter Wienemann wrote:
The suggested fix for #1048666 works but it is
not particularly nice. If someone knows a smarter way how to address
this issue, I am eager to learn about it.
Instead of
Hi again,
On Sat, 2024-01-06 at 10:58 +0100, Sven Geuer wrote:
> Hi Peter,
>
> On Fri, 2024-01-05 at 20:59 +, Peter Wienemann wrote:
> > Dear security tools packaging team,
> >
> > I pushed two commits to the ncrack repository [0] fixing two bugs:
> >
> > https://bugs.debian.org/1058286
>
Hi Peter,
On Fri, 2024-01-05 at 20:59 +, Peter Wienemann wrote:
> Dear security tools packaging team,
>
> I pushed two commits to the ncrack repository [0] fixing two bugs:
>
> https://bugs.debian.org/1058286
> https://bugs.debian.org/1048666
>
> #1058286 is an RC bug. The suggested fix
Hi Thomas,
On Fri, Jan 05, 2024 at 12:06:58AM +0100, Thomas Lange wrote:
> Hi all,
>
> we now redirect all DSA/DLA URLs under security and lts/security with
> or without having the year in the path and with or without a version
> to their announcement mail:
> Examples:
> /security/dsa-5576
>
Hello,
On 02/01/2024 16:39, Robert Haist wrote:
Hi team,
As I initially introduced the radare2-cutter package into Debian I would like
to bring up the proposal to remove it.
The upstream situation around the two projects and their front-ends is still
flaky and I don't see any value to keep
Hi!
Daniel thanks for all your work on the OpenPGP working group,
and on SOP! :)
On Wed, 2023-12-20 at 22:16:28 -0500, Daniel Kahn Gillmor wrote:
> # What Can Debian Do About This?
>
> I've attempted to chart one possible path out of part of this situation
> by proposing a minimized, simplified
Hi,
On Thu, Dec 21, 2023 at 05:28:51PM +0100, Ingo Brückl wrote:
> Hi,
>
> neither buster nor buster (security) is affected by bug #1059163.
>
> Thanks to debian/patches/CVE-2015-1197.patch, Debian cpio 2.12 isn't
> vulnerable.
Thanks, I have adjusted the security-tracker entry.
Regards,
Hi Daniel,
Quick backstory: I stayed away from hardware crypto for a long while
since there were so many incompatibilities, partial support, or side
patches to get basic things to work. Over time, it seems it got to a
point where it's mainstream enough that you can buy a Yubikey without
much of a
Hi Gioele--
On Thu 2023-12-21 11:02:06 +0100, Gioele Barabucci wrote:
> On 21/12/23 04:16, Daniel Kahn Gillmor wrote:
> As the Uploader of rust-sequoia-openpgp, what do you think of the
> related sequoia-chameleon-gnupg project [1] (drop-in replacement for gpg
> that uses sequoia internally)?
>
Interesting point in this talk: The APT team is already working on non-
PGP signatures.
https://wiki.debian.org/Teams/Apt/Spec/AptSign
I can see the advantages of that for release signatures which use a
rarely changing set of keys.
However, I do not see any good alternative for PGP for personal
On Wed, Dec 20, 2023 at 10:16:28PM -0500, Daniel Kahn Gillmor wrote:
> # Why is GnuPG on Debian's Critical Path?
>
> In 2023, I believe GnuPG is baked into our infrastructure largely due to
> that project's idiosyncratic interface. It is challenging even for a
> sophisticated engineer to figure
On 21/12/23 04:16, Daniel Kahn Gillmor wrote:
# What Can Debian Do About This?
I've attempted to chart one possible path out of part of this situation
by proposing a minimized, simplified interface to some common baseline
OpenPGP semantics -- in particular, the "Stateless OpenPGP" interface,
or
Thank you very much for your explanation On Thu, Dec 21, 2023 at 2:13 AM, Christoph Biedl wrote: Daniel Kahn Gillmor wrote...(...)Thanks for your exhaustive description. I'd just like to point out onepoint:> In practice, i think it makes the most sense to
Daniel Kahn Gillmor wrote...
(...)
Thanks for your exhaustive description. I'd just like to point out one
point:
> In practice, i think it makes the most sense to engage with
> well-documented, community-reviewed, interoperably-tested standards, and
> the implementations that try to follow
hey folks--
[ This message won't make sense unless the reader distinguishes clearly
between OpenPGP the protocol and GnuPG the implementation! As a
community we have a history of fuzzily conflating the two terms, which
is one of the reasons that we're in this mess today. Please read
On Tue, Dec 19, 2023 at 05:13:34PM +0100, Sylvain Beucler wrote:
> On 16/12/2023 11:15, ChangZhuo Chen (陳昌倬) wrote:
> > I am jq maintainer, and right now CVE-2023-49355 is listed in security
> > tracker [0]. However, this CVE is equal to CVE-2023-50246 according to
> > upstream [1], which has been
Hi,
On 16/12/2023 11:15, ChangZhuo Chen (陳昌倬) wrote:
I am jq maintainer, and right now CVE-2023-49355 is listed in security
tracker [0]. However, this CVE is equal to CVE-2023-50246 according to
upstream [1], which has been fixed in 1.7.1-1 [2].
In this case, how should I handle
On 17077 March 1977, Stephan Verbücheln wrote:
How can Debian deal with this? Should Debian intervene to prevent the
worst?
We, as Debian, look and wait what comes out. And then *MAY* at some
point decide to add (or switch to) a new thing, if that appears better.
Also, it will be a high bar
Hi,
Personal view here.
Stephan Verbücheln wrote on 14/12/2023 at 11:29:17+0100:
> [[PGP Signed Part:No public key for 603542590A3C7C62 created at
> 2023-12-14T11:29:17+0100 using EDDSA]]
> Hello everyone
>
> As you probably know, Debian relies heavily on GnuPG for various
> purposes,
On Thu, Dec 14, 2023 at 09:26:09AM +0100, Salvatore Bonaccorso wrote:
>Hi,
>
>On Wed, Dec 13, 2023 at 10:45:01PM +0100, Bastian Blank wrote:
>> Hi
>>
>> Over six years ago, support for VFIO without IOMMU was enabled for
>> arm64. This is a breach of the integrity lockdown requirement of secure
Hi,
On Wed, Dec 13, 2023 at 10:45:01PM +0100, Bastian Blank wrote:
> Hi
>
> Over six years ago, support for VFIO without IOMMU was enabled for
> arm64. This is a breach of the integrity lockdown requirement of secure
> boot.
>
> VFIO is a framework for handle devices in userspace. To make
>
On Sun, 2023-11-12 at 17:46 +, Adam D. Barratt wrote:
> The next point release for "bookworm" (12.3) is scheduled for
> Saturday,
> December 9th. Processing of new uploads into bookworm-proposed-
> updates
> will be frozen during the preceding weekend.
The archive side of the point release
Hello,
On Thu, Nov 09, 2023 at 09:09:47AM +0100, Christian Fischer wrote:
> Hello,
>
> i would like to request an update of the status for the following CVE:
>
> https://security-tracker.debian.org/tracker/CVE-2023-5561
>
> Currently it has:
>
> > NOT-FOR-US: WordPress plugin
>
> which was
Processing control commands:
> tags -1 + confirmed
Bug #1053702 [security-tracker] NIST data feed to be retired in December 2023
Added tag(s) confirmed.
--
1053702: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053702
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
Hello Samuel,
On Sun, 2023-10-29 at 18:05 +, Samuel Henrique wrote:
> $ dcut dm --uid "Sven Geuer" --allow argon2
> Uploading commands file to ftp.upload.debian.org (incoming:
> /pub/UploadQueue/)
> Picking DM Sven Geuer with fingerprint
> 3DF5E8AA43FC9FDFD086F195ADF50EDAF8ADD585
> Uploading
Hello Sven,
> Can you please review my work [1]? If it is sound, would you mind to
> grant me DM rights for the package?
The changes are all looking good, I appreciate the attention to
details and I can see you have put a lot of effort into it.
$ dcut dm --uid "Sven Geuer" --allow argon2
Hello Samuel,
On Fri, 2023-10-27 at 01:00 +0100, Samuel Henrique wrote:
> From Sven:
> > To comply with DEP-14, I just created the branch debian/latest and
> > intend to drop the branch debian/sid eventually.
> > Can you please set debian/latest to 'default' and 'protected'? I
> > don't
> > have
On Fri, Oct 27, 2023 at 10:55:48AM +0200, Bastian Blank wrote:
> On Fri, Oct 27, 2023 at 08:43:46AM +0200, Julian Andres Klode wrote:
> > > > ## Image packages contains more version info
> > > >
> > > > Example: linux-image-6.5.3-cloud-arm64
> > >
> > > > It will not longer be possible to
On Fri, Oct 27, 2023 at 08:43:46AM +0200, Julian Andres Klode wrote:
> > > ## Image packages contains more version info
> > >
> > > Example: linux-image-6.5.3-cloud-arm64
> >
> > > It will not longer be possible to reliably derive the package name from
> > > kernel release (see above), as both
Hello Samuel and Peter,
On Fri, 2023-10-27 at 01:00 +0100, Samuel Henrique wrote:
> From Sven:
> > To comply with DEP-14, I just created the branch debian/latest and
> > intend to drop the branch debian/sid eventually.
> > Can you please set debian/latest to 'default' and 'protected'? I don't
> >
OK,
it seems my original email got lost somewhere in tech hickups,
it's possible the kernel crashed before sending the email, AMD
just crashes once or twice a day.
So I'm writing this email a bit in a hurry, so it's not quite
as thought out as the last one weeks ago, but yesterday's email
was
Hello Peter and Sven,
>From Sven:
> To comply with DEP-14, I just created the branch debian/latest and
> intend to drop the branch debian/sid eventually.
> Can you please set debian/latest to 'default' and 'protected'? I don't
> have the rights to do this.
Awesome, I've done these changes and
On Thu, Oct 05, 2023 at 07:59:54AM -0600, Sam Hartman wrote:
> I think that's what you mean by the first-level error.
> If not, I'm still confused.
> In the second level error case you are talking about is:
No, the first level is always: but the new kernel does not work.
The second is: I need to
Hi Sven,
On 24.10.23 01:13, Sven Geuer wrote:
Thanks for pointing this out. However, I am unsure if lintian would
still complain in regards to argon2 (and also dnstwist) as the package
is not a new one anymore. The explanation in [1] cleary states
This package appears to be the first
Hello Peter,
On Mon, 2023-10-23 at 17:26 +, Peter Wienemann wrote:
> Dear Sven,
>
> On 23.10.23 17:19, Sven Geuer wrote:
> > I would prefer to remove the 0~ prefix from the package version,
> > resulting in an upcoming version of 20190702+dfsg-4 instead of
> > 0~20190702+dfsg-4. This would
Dear Sven,
On 23.10.23 17:19, Sven Geuer wrote:
I would prefer to remove the 0~ prefix from the package version,
resulting in an upcoming version of 20190702+dfsg-4 instead of
0~20190702+dfsg-4. This would align the version in Debian to other
distros, see [1] for details.
Are there arguments
One more thing...
I would prefer to remove the 0~ prefix from the package version,
resulting in an upcoming version of 20190702+dfsg-4 instead of
0~20190702+dfsg-4. This would align the version in Debian to other
distros, see [1] for details.
Are there arguments to not change the versioning in
Hi Samuel,
may I ping you about the my below request?
On Mon, 2023-10-16 at 11:08 +0200, Sven Geuer wrote:
> Hello Samuel,
>
> On Fri, 2023-10-13 at 13:37 +0200, Sven Geuer wrote:
> > [...]
> > I am fine with the salsa admins moving the package. Here's the
> > issue
> > I logged:
> >
t; > kernel release (see above), as both values are not really related
> > anymore.
> What should work: We define a new control field. It contains both the
> kernel name and a version prefix.
Or would it be easier to re-use normal dependency resolving, like:
Kernel-Provides: linux (&g
Am Sat, Oct 14, 2023 at 07:33:36PM -0400 schrieb Boyuan Yang:
> Dear Team,
>
> Just a friendly reminder that CVE-2023-39616 was fixed in Trixie
> and Sid, and that https://security-tracker.debian.org/tracker/CVE-2023-39616
> should be updated accordingly. I mentioned it in the package changelog
1 - 100 of 31120 matches
Mail list logo