On Sat, Apr 06, 2002 at 08:48:59AM +, Martin WHEELER wrote:
On Fri, 5 Apr 2002, Petro wrote:
You *like* upgrading 100 servers every few days?
You'll have to ask the scripts that do that stuff for me :)
So you don't mind verifying ever couple days that none of your
On Fri, 2002-04-05 at 21:54, Petro wrote:
On Thu, Apr 04, 2002 at 06:24:18PM +, Martin WHEELER wrote:
Fine. You wear the same size suit from birth to death; me, I'll adjust
according to circumstances.
You *like* upgrading 100 servers every few days?
Certainly. Compared to
On Fri, 5 Apr 2002, Petro wrote:
You *like* upgrading 100 servers every few days?
You'll have to ask the scripts that do that stuff for me :)
--
Martin Wheeler [EMAIL PROTECTED] gpg key 01269BEB @ the.earth.li
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of
On Sat, Apr 06, 2002 at 08:48:59AM +, Martin WHEELER wrote:
On Fri, 5 Apr 2002, Petro wrote:
You *like* upgrading 100 servers every few days?
You'll have to ask the scripts that do that stuff for me :)
So you don't mind verifying ever couple days that none of your
On Fri, 2002-04-05 at 21:54, Petro wrote:
On Thu, Apr 04, 2002 at 06:24:18PM +, Martin WHEELER wrote:
Fine. You wear the same size suit from birth to death; me, I'll adjust
according to circumstances.
You *like* upgrading 100 servers every few days?
Certainly. Compared to
On Thu, Apr 04, 2002 at 06:24:18PM +, Martin WHEELER wrote:
On Wed, Apr 03, 2002 at 09:22:34AM +, Martin WHEELER wrote:
Release early; release often.
On Wed, 3 Apr 2002, Petro wrote:
bemfont size=7blinkNO/font/em/b
Measure twice, cut once.
Fine. You wear the same
also sprach Andrew Pimlott [EMAIL PROTECTED] [2002.04.04.0135 +0200]:
this problem is understood by the developers of proftpd
Wichert said that nobody has explained why the current fix on s.d.o
doesn't work. If the problem is understood, why hasn't someone
explained this? That's all that
On Wed, Apr 03, 2002 at 09:22:34AM +, Martin WHEELER wrote:
Release early; release often.
On Wed, 3 Apr 2002, Petro wrote:
bemfont size=7blinkNO/font/em/b
Measure twice, cut once.
Fine. You wear the same size suit from birth to death; me, I'll adjust
according to circumstances.
also sprach Michael Stone [EMAIL PROTECTED] [2002.04.04.0211 +0200]:
because it will prevent s.d.o from serving a buggy package. it's not
fixed perfectly, but at least it's not subject to a known exploit.
Could you be a little more careful with your terms? A DOS is not an
exploit, it's a
also sprach Andrew Pimlott [EMAIL PROTECTED] [2002.04.04.0135 +0200]:
this problem is understood by the developers of proftpd
Wichert said that nobody has explained why the current fix on s.d.o
doesn't work. If the problem is understood, why hasn't someone
explained this? That's all that
Release early; release often.
--
Martin Wheeler [EMAIL PROTECTED] gpg key 01269BEB @ the.earth.li
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
On Wed, Apr 03, 2002 at 03:22:39AM +0200, martin f krafft wrote:
but give me at least one argument why these acts cannot combine with
a *temporary* fix uploaded to the so-called security archives.
There are several good reasons:
- If a band-aid fix is allowed, there is less incentive to
On Wed, Apr 03, 2002 at 10:56:32AM +0900, Howland, Curtis wrote:
I would bet that the vast majority of flame wars begin because someone mistakes
terse or concise for hostility.
The reverse, being the endless spewing of meaningless words, all the while saying
nothing at all or even the
On Wed, Apr 03, 2002 at 09:22:34AM +, Martin WHEELER wrote:
Release early; release often.
bemfont size=7blinkNO/font/em/b
Measure twice, cut once.
--
Share and Enjoy.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL
On Wed, Apr 03, 2002 at 02:43:10PM -0800, Petro wrote:
On Wed, Apr 03, 2002 at 09:22:34AM +, Martin WHEELER wrote:
Release early; release often.
bemfont size=7blinkNO/font/em/b
Measure twice, cut once.
i haven't really been following this thread, but i like analogies as
also sprach Andrew Pimlott [EMAIL PROTECTED] [2002.04.03.1754 +0200]:
There are several good reasons:
- If a band-aid fix is allowed, there is less incentive to find
the correct fix.
true. doesn't mean that we have to fall into that hole.
- If the problem isn't understood, there
also sprach Nathan E Norman [EMAIL PROTECTED] [2002.04.03.0732 +0200]:
well, i am calm, but i disagree. sure, it boils down to the question
who debian's audience are, but for all i am concerned, debian's
reputation _used_ to include security, and the reason why i'd (as in
would and had)
On Thu, Apr 04, 2002 at 01:09:27AM +0200, martin f krafft wrote:
this problem is understood by the developers of proftpd
Wichert said that nobody has explained why the current fix on s.d.o
doesn't work. If the problem is understood, why hasn't someone
explained this? That's all that is asked,
On Thu, Apr 04, 2002 at 01:06:26AM +0200, martin f krafft wrote:
because it will prevent s.d.o from serving a buggy package. it's not
fixed perfectly, but at least it's not subject to a known exploit.
Could you be a little more careful with your terms? A DOS is not an
exploit, it's a DOS. By
Release early; release often.
--
Martin Wheeler [EMAIL PROTECTED] gpg key 01269BEB @ the.earth.li
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
On Wed, Apr 03, 2002 at 03:22:39AM +0200, martin f krafft wrote:
but give me at least one argument why these acts cannot combine with
a *temporary* fix uploaded to the so-called security archives.
There are several good reasons:
- If a band-aid fix is allowed, there is less incentive to find
[ Followup to incomplete send. ]
On Wed, Apr 03, 2002 at 10:54:25AM -0500, Andrew Pimlott wrote:
I think Wichert's position
... reflects appropriate discipline, given the (relatively modest)
severity of the problem.
Andrew
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of
On Wed, Apr 03, 2002 at 10:56:32AM +0900, Howland, Curtis wrote:
I would bet that the vast majority of flame wars begin because someone
mistakes terse or concise for hostility.
The reverse, being the endless spewing of meaningless words, all the while
saying nothing at all or even the
also sprach Andrew Pimlott [EMAIL PROTECTED] [2002.04.03.1754 +0200]:
There are several good reasons:
- If a band-aid fix is allowed, there is less incentive to find
the correct fix.
true. doesn't mean that we have to fall into that hole.
- If the problem isn't understood, there is
also sprach Andrew Pimlott [EMAIL PROTECTED] [2002.04.03.1805 +0200]:
On Wed, Apr 03, 2002 at 10:54:25AM -0500, Andrew Pimlott wrote:
I think Wichert's position
... reflects appropriate discipline, given the (relatively modest)
severity of the problem.
i also have to agree with you here
also sprach Nathan E Norman [EMAIL PROTECTED] [2002.04.03.0732 +0200]:
well, i am calm, but i disagree. sure, it boils down to the question
who debian's audience are, but for all i am concerned, debian's
reputation _used_ to include security, and the reason why i'd (as in
would and had)
On Wed, Apr 03, 2002 at 02:43:10PM -0800, Petro wrote:
On Wed, Apr 03, 2002 at 09:22:34AM +, Martin WHEELER wrote:
Release early; release often.
bemfont size=7blinkNO/font/em/b
Measure twice, cut once.
i haven't really been following this thread, but i like analogies as
much
On Thu, Apr 04, 2002 at 01:09:27AM +0200, martin f krafft wrote:
this problem is understood by the developers of proftpd
Wichert said that nobody has explained why the current fix on s.d.o
doesn't work. If the problem is understood, why hasn't someone
explained this? That's all that is asked,
On Thu, Apr 04, 2002 at 01:06:26AM +0200, martin f krafft wrote:
because it will prevent s.d.o from serving a buggy package. it's not
fixed perfectly, but at least it's not subject to a known exploit.
Could you be a little more careful with your terms? A DOS is not an
exploit, it's a DOS. By
also sprach Wichert Akkerman [EMAIL PROTECTED] [2002.03.31.2009 +0200]:
Because it might impact other packages as well.
sure, but the upload won't.
I'ld rather make sure we don't have a bug in multiple packages then
a reasonably harmless semi-bug in a single package.
that's a purist
Previously martin f krafft wrote:
that's a purist approach which doesn't work with security.
I does, and in fact it's a very good approach: make sure you study
what the real problem is instead of trying to fix things with bandaid.
With all the energy wasted on this someone could have found the
also sprach Wichert Akkerman [EMAIL PROTECTED] [2002.04.02.1250 +0200]:
I does, and in fact it's a very good approach: make sure you study
what the real problem is instead of trying to fix things with bandaid.
wrong. fix things with bandaid to give you more time to find the real
problem. i am
dear list,
look, i am really not here to start a flame war and heck no, i don't
want one. please excuse if my behaviour has been leading you onto this
belief (or maybe not). i am simply failing to grasp the arguments laid
out by wichert. that is, i don't disagree with him per se, but i have
the
I would bet that the vast majority of flame wars begin because someone mistakes
terse or concise for hostility.
The reverse, being the endless spewing of meaningless words, all the while saying
nothing at all or even the opposite of what it sounds like, is the art of politicians
and
On Wed, Apr 03, 2002 at 03:22:39AM +0200, martin f krafft wrote:
dear list,
look, i am really not here to start a flame war and heck no, i don't
want one. please excuse if my behaviour has been leading you onto this
belief (or maybe not). i am simply failing to grasp the arguments laid
out
also sprach Wichert Akkerman [EMAIL PROTECTED] [2002.03.31.2009 +0200]:
Because it might impact other packages as well.
sure, but the upload won't.
I'ld rather make sure we don't have a bug in multiple packages then
a reasonably harmless semi-bug in a single package.
that's a purist approach
Previously martin f krafft wrote:
that's a purist approach which doesn't work with security.
I does, and in fact it's a very good approach: make sure you study
what the real problem is instead of trying to fix things with bandaid.
With all the energy wasted on this someone could have found the
also sprach Wichert Akkerman [EMAIL PROTECTED] [2002.04.02.1250 +0200]:
I does, and in fact it's a very good approach: make sure you study
what the real problem is instead of trying to fix things with bandaid.
wrong. fix things with bandaid to give you more time to find the real
problem. i am
Previously martin f krafft wrote:
wrong. fix things with bandaid to give you more time to find the real
problem. i am not saying that this is the final fix. put it this way,
you aren't going to wait for intruders to make use of the opportunity
while you search the drunkbold who broke your
dear list,
look, i am really not here to start a flame war and heck no, i don't
want one. please excuse if my behaviour has been leading you onto this
belief (or maybe not). i am simply failing to grasp the arguments laid
out by wichert. that is, i don't disagree with him per se, but i have
the
I would bet that the vast majority of flame wars begin because someone
mistakes terse or concise for hostility.
The reverse, being the endless spewing of meaningless words, all the while
saying nothing at all or even the opposite of what it sounds like, is the art
of politicians and diplomats.
On Wed, Apr 03, 2002 at 03:22:39AM +0200, martin f krafft wrote:
dear list,
look, i am really not here to start a flame war and heck no, i don't
want one. please excuse if my behaviour has been leading you onto this
belief (or maybe not). i am simply failing to grasp the arguments laid
out
Previously martin f krafft wrote:
i don't get it. will someone please push this package ivo made as an
NMU into security.debian.org ASAP? i'd do it myself, but i am still
waiting for DAM approval...
I'ld like someone to answer my question first: how come the glob
fix in glibc doesn't fix
also sprach Wichert Akkerman [EMAIL PROTECTED] [2002.03.31.1602 +0200]:
i don't get it. will someone please push this package ivo made as an
NMU into security.debian.org ASAP? i'd do it myself, but i am still
waiting for DAM approval...
I'ld like someone to answer my question first: how
On Sun, Mar 31, 2002 at 05:53:35PM +0200, martin f krafft wrote:
why should we discuss this before pushing the temporary fix into the
security archives???
Maybe because, as you say, the fix (read: workaround) is only temporary? :)
Including a new rule in the conffile won't automatically fix
Previously martin f krafft wrote:
wichert, it didn't. why should we discuss this before pushing the
temporary fix into the security archives???
Because it might impact other packages as well.
i'd also like to see answered, but right now, debian's got a semi-bug
in a package found on
Previously martin f krafft wrote:
i don't get it. will someone please push this package ivo made as an
NMU into security.debian.org ASAP? i'd do it myself, but i am still
waiting for DAM approval...
I'ld like someone to answer my question first: how come the glob
fix in glibc doesn't fix
also sprach Wichert Akkerman [EMAIL PROTECTED] [2002.03.31.1602 +0200]:
i don't get it. will someone please push this package ivo made as an
NMU into security.debian.org ASAP? i'd do it myself, but i am still
waiting for DAM approval...
I'ld like someone to answer my question first: how
On Sun, Mar 31, 2002 at 05:53:35PM +0200, martin f krafft wrote:
why should we discuss this before pushing the temporary fix into the
security archives???
Maybe because, as you say, the fix (read: workaround) is only temporary? :)
Including a new rule in the conffile won't automatically fix
Previously martin f krafft wrote:
wichert, it didn't. why should we discuss this before pushing the
temporary fix into the security archives???
Because it might impact other packages as well.
i'd also like to see answered, but right now, debian's got a semi-bug
in a package found on
martin f krafft wrote:
also sprach Noah Meyerhans [EMAIL PROTECTED] [2002.03.29.2332 +0100]:
Such a package has existed at http://people.debian.org/~ivo/ for over a
year.
okay, but noone knows about it. why isn't it on security.debian.org
yet???
Beats me...
Ivo
--
Hey, it
also sprach Ivo Timmermans [EMAIL PROTECTED] [2002.03.30.0845 +0100]:
okay, but noone knows about it. why isn't it on security.debian.org
yet???
Beats me...
i don't get it. will someone please push this package ivo made as an
NMU into security.debian.org ASAP? i'd do it myself, but i am
so proftpd_1.2.0pre10-2.0potato1_i386.deb is buggy. and that's known
for over a year, supposedly. i can't NMU yet, so someone please
rebuild the package, add the following to the Global context of
/etc/proftpd.conf
DenyFilter \*.*/
and then NMU it, or Johnie's listening and will do it
On Fri, Mar 29, 2002 at 10:47:18PM +0100, martin f krafft wrote:
so proftpd_1.2.0pre10-2.0potato1_i386.deb is buggy. and that's known
for over a year, supposedly. i can't NMU yet, so someone please
rebuild the package, add the following to the Global context of
/etc/proftpd.conf
also sprach Noah Meyerhans [EMAIL PROTECTED] [2002.03.29.2332 +0100]:
Such a package has existed at http://people.debian.org/~ivo/ for over a
year.
okay, but noone knows about it. why isn't it on security.debian.org
yet???
--
martin; (greetings from the heart of the sun.)
martin f krafft wrote:
also sprach Noah Meyerhans [EMAIL PROTECTED] [2002.03.29.2332 +0100]:
Such a package has existed at http://people.debian.org/~ivo/ for over a
year.
okay, but noone knows about it. why isn't it on security.debian.org
yet???
Beats me...
Ivo
--
Hey, it
so proftpd_1.2.0pre10-2.0potato1_i386.deb is buggy. and that's known
for over a year, supposedly. i can't NMU yet, so someone please
rebuild the package, add the following to the Global context of
/etc/proftpd.conf
DenyFilter \*.*/
and then NMU it, or Johnie's listening and will do it himself.
On Fri, Mar 29, 2002 at 10:47:18PM +0100, martin f krafft wrote:
so proftpd_1.2.0pre10-2.0potato1_i386.deb is buggy. and that's known
for over a year, supposedly. i can't NMU yet, so someone please
rebuild the package, add the following to the Global context of
/etc/proftpd.conf
also sprach Noah Meyerhans [EMAIL PROTECTED] [2002.03.29.2332 +0100]:
Such a package has existed at http://people.debian.org/~ivo/ for over a
year.
okay, but noone knows about it. why isn't it on security.debian.org
yet???
--
martin; (greetings from the heart of the sun.)
\
59 matches
Mail list logo