NIS et propagation de groupes
Bonjour à tous, J'utilise NIS 3.9-6 sur une woody (noyau 2.4.18). J'aimerait savoir comment faire pour que les gid 1000 soient propagés et non pas ceux 1000. Le problème est survenu suite à une mise à jour avec passage de patate à woody. Merci d'avance à celui ou ceux qui me répondront. Bonne fin de journée. :-) -- - \\\|/// \\ - - // ( @ @ ) -oOOo-(_)-oOOo- | | |Sebastien Picard | | Assistant Ingenieur | | de | | Recherche et Formation| |Departement Informatique | |IUT Belfort-Montbeliard| | [EMAIL PROTECTED] | |03.84.58.77.79 | --- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
FIX: Chunk fix for Apache 1.3.24 i386 .deb + source .dsc and .diff.gz available.
Hi All!
Source and an i386 .deb are now up on:
http://people.debian.org/~grantma
MD5sums:
$ md5sum apache_1.3.24-3.0.anathoth.1*
2694e435fcc5a8197d4942d38a651b43 apache_1.3.24-3.0.anathoth.1.diff.gz
b84b0f106079ab7f66f40d135f5ed3f9 apache_1.3.24-3.0.anathoth.1.dsc
561f18885c58b8302d3039accea8e8bf
apache_1.3.24-3.0.anathoth.1_i386.changes
5b0cf3f2a12b36063c7c19c8adbc450a apache_1.3.24-3.0.anathoth.1_i386.deb
Here is a rehashed version of the patch cert_vucert944335 chunk fix
patch used in apache_1.3.9-14.1 for potato which works for apache in
woody and sid.
The only thing stopping it was a comment about EBCDIC!
Got to go - test this thing on s390 as well!
Uploading .debs to fix apache chunk size stuff for i386 on woody and sid
NOW! Source .dsc and .diff is there if others want to build for other
architectures. The i386 .deb works on my home system.
Did not know how to do NMU with new security system, or someone else can
look after it. Matthew? Steve?
Best Regards,
Matthew Grant
--
===
Matthew Grant/\ ^/\^ [EMAIL PROTECTED] /\
A Linux Network Guy /~~\^/~~\_/~\___/~~\/**\
===GPG KeyID: 2EE20270 FingerPrint:
8C2535E1A11DF3EA5EA19125BA4E790E2EE20270==
--- build-tree/apache_1.3.24/src/main/http_protocol.c.cert_vucert944335 Fri Mar
22 02:49:46 2002
+++ build-tree/apache_1.3.24/src/main/http_protocol.c Thu Jun 20 19:50:31 2002
@@ -2019,21 +2019,35 @@
static long get_chunk_size(char *b)
{
long chunksize = 0;
+long chunkbits = sizeof(long) * 8;
-while (ap_isxdigit(*b)) {
+/* Skip leading zeros */
+while (*b == '0') {
+++b;
+}
+
+while (ap_isxdigit(*b) (chunkbits 0)) {
int xvalue = 0;
/* This works even on EBCDIC. */
-if (*b = '0' *b = '9')
+if (*b = '0' *b = '9') {
xvalue = *b - '0';
-else if (*b = 'A' *b = 'F')
+}
+else if (*b = 'A' *b = 'F') {
xvalue = *b - 'A' + 0xa;
-else if (*b = 'a' *b = 'f')
+}
+else if (*b = 'a' *b = 'f') {
xvalue = *b - 'a' + 0xa;
+}
chunksize = (chunksize 4) | xvalue;
+chunkbits -= 4;
++b;
}
+if (ap_isxdigit(*b) (chunkbits = 0)) {
+/* overflow */
+return -1;
+}
return chunksize;
}
@@ -2117,6 +2131,10 @@
return 0;
}
r-remaining = -1; /* Indicate footers in-progress */
+}
+else if (len_to_read 0) {
+r-connection-keepalive = -1;
+return -1;
}
else {
r-remaining = len_to_read;
signature.asc
Description: This is a digitally signed message part
Re: NIS et propagation de groupes
Hallo! Sprich Englisch, Mann! On Thursday, 2002-06-20 at 09:28:11 +0200, Sebastien Picard wrote: Bonjour à tous, J'utilise NIS 3.9-6 sur une woody (noyau 2.4.18). J'aimerait savoir comment faire pour que les gid 1000 soient propagés et non pas ceux 1000. Le problème est survenu suite à une mise à jour avec passage de patate à woody. Merci d'avance à celui ou ceux qui me répondront. Bonne fin de journée. :-) -- - \\\|/// \\ - - // ( @ @ ) -oOOo-(_)-oOOo- | | |Sebastien Picard | | Assistant Ingenieur | | de | | Recherche et Formation| |Departement Informatique | |IUT Belfort-Montbeliard| | [EMAIL PROTECTED] | |03.84.58.77.79 | --- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] --- Also sprach Sebastien Picard --- And a shorter signature would also be appreciated. Thank you, Lupe Christoph -- | [EMAIL PROTECTED] | http://www.lupe-christoph.de/ | | I have challenged the entire ISO-9000 quality assurance team to a | | Bat-Leth contest on the holodeck. They will not concern us again. | | http://public.logica.com/~stepneys/joke/klingon.htm| -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Apache chunk handling vulnerability and Apache 1.3.24-3
On Wed, 2002-06-19 at 06:57, René Seindal wrote: If you use 32 bit machines you are 'only' vulnerable to a DoS attack, not a real compromise of your servers. Apache version 1.3.24 is vulnerable. The later version 1.3.26 is a security fix to this issue and it would seem it shall be available for download shortly[1]. It would be worth noting that there has been later evidence to show a remote root exploit using this vulnerability[2] as demonstrated with an actual exploit against OpenBSD. The source code[3] to the exploit includes comments that claim successful testing against Linux 2.4, among others. [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=150284repeatmerged=yes [2] http://online.securityfocus.com/bid/5033/info/ [3] http://downloads.securityfocus.com/vulnerabilities/exploits/apache-scalp.c -- .: Paul Hosking . [EMAIL PROTECTED] .: InfoSec .: PGP KeyID: 0x42F93AE9 .: 7B86 4F79 E496 2775 7945 FA81 8D94 196D 42F9 3AE9 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
[translation] NIS and propagation of groups
On Thu, 2002-06-20 at 08:28, Sebastien Picard wrote: Hi all, I'm using NIS 3.9-6 on woody (kernel 2.4.18). I'd like to know how to make the gids 1000 propagate, and not those 1000. The problem appeared after an update with an upgrade from potato to woody. Thank you in advance to any and all who reply. Have a nice evening :-) -- Chris Boyle - Winchester College - http://archives.wincoll.ac.uk/~chrisb/ GPG: B7D86E0F, MSN: [EMAIL PROTECTED], ICQ: 24151961, AIM: kerneloops, Yahoo: kerneloops, IRC: cmb on openprojects.net -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Cross-references to public security databases now available for the DSAs
I'm proud to announce a slight, but significant change, in the published security announcements (DSA) availables at security.debian.org. Starting tomorrow (as you can appreciate from Apache's DSA at http://www.debian.org/security/2002/dsa-131). Published DSAs now include cross references to vulnerability databases (currently supported are CVE, CERT, and Bugtraq). This will, hopefully, make Debian user's easier to see an track which general advisories have already been covered by Debian. It can also be used as a way to retrieve more information (non-Debian specific) regarding the vulnerabilities that the DSAs report as fixed in Debian. I have just commited to CVS (and should be available tomorrow) security references to most DSAs published in the year 2001. We will be working on providing this same information to this year's advisories. Best regards Javier Fernández-Sanguino Peña pgp71bja2Lget.pgp Description: PGP signature
Re: PATCH: apache 1.3.24 chunk size thingy - cert_vucert944335_1.3.24
Matthew Grant [EMAIL PROTECTED] writes: Here is a rehashed version of the patch cert_vucert944335 chunk fix patch used in apache_1.3.9-14.1 for potato which works for apache in woody and sid. The German publish Heise claims that this patch does not fix the vulnerability, see: http://www.heise.de/newsticker/data/pab-20.06.02-000/ But I hope this is an editorial error. :-/ -- Florian Weimer[EMAIL PROTECTED] University of Stuttgart http://CERT.Uni-Stuttgart.DE/people/fw/ RUS-CERT fax +49-711-685-5898 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: FIX: Chunk fix for Apache 1.3.24 i386 .deb + source .dsc and .diff.gz available.
Hello Matthew, I'm a little confused as to why you're cc:ing me on these messages? Steve Langasek postmodern programmer On Thu, Jun 20, 2002 at 08:20:56PM +1200, Matthew Grant wrote: Source and an i386 .deb are now up on: http://people.debian.org/~grantma MD5sums: $ md5sum apache_1.3.24-3.0.anathoth.1* 2694e435fcc5a8197d4942d38a651b43 apache_1.3.24-3.0.anathoth.1.diff.gz b84b0f106079ab7f66f40d135f5ed3f9 apache_1.3.24-3.0.anathoth.1.dsc 561f18885c58b8302d3039accea8e8bf apache_1.3.24-3.0.anathoth.1_i386.changes 5b0cf3f2a12b36063c7c19c8adbc450a apache_1.3.24-3.0.anathoth.1_i386.deb Here is a rehashed version of the patch cert_vucert944335 chunk fix patch used in apache_1.3.9-14.1 for potato which works for apache in woody and sid. The only thing stopping it was a comment about EBCDIC! Got to go - test this thing on s390 as well! Uploading .debs to fix apache chunk size stuff for i386 on woody and sid NOW! Source .dsc and .diff is there if others want to build for other architectures. The i386 .deb works on my home system. Did not know how to do NMU with new security system, or someone else can look after it. Matthew? Steve? Best Regards, Matthew Grant pgpYt8q6Mk6wc.pgp Description: PGP signature
Re: [translation] NIS and propagation of groups
This should probably have gone to the lists and the poster, not me. On Thu, 2002-06-20 at 15:02, Bertrand Orvoine wrote: see in /var/yp/Makefile : # We do not put password entries with lower UIDs (the root and system # entries) in the NIS password database, for security. MINUID is the # lowest uid that will be included in the password maps. # MINGID is the lowest gid that will be included in the group maps. MINUID=1000 MINGID=1000 it was 100 in potato. -- Chris Boyle - Debian Developer - aewm++, sapphire, xmmsarts GPG: B7D86E0F, MSN: [EMAIL PROTECTED], ICQ: 24151961, AIM: kerneloops, Yahoo: kerneloops, IRC: cmb on openprojects.net -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [translation] NIS and propagation of groups
Thanks and excuse me for using french Chris Boyle wrote: This should probably have gone to the lists and the poster, not me.On Thu, 2002-06-20 at 15:02, Bertrand Orvoine wrote: see in /var/yp/Makefile :# We do not put password entries with lower UIDs (the root and system# entries) in the NIS password database, for security. MINUID is the# lowest uid that will be included in the password maps.# MINGID is the lowest gid that will be included in the group maps.MINUID=1000MINGID=1000it was 100 in potato. -- - \\\|/// \\ - - // ( @ @ ) -oOOo-(_)-oOOo- | | |Sebastien Picard | | Assistant Ingenieur | | de | | Recherche et Formation| |Departement Informatique | |IUT Belfort-Montbeliard| | [EMAIL PROTECTED] | |03.84.58.77.79 | ---
Re: PATCH: apache 1.3.24 chunk size thingy - cert_vucert944335_1.3.24
The German publish Heise claims that this patch does not fix the vulnerability, see: http://www.heise.de/newsticker/data/pab-20.06.02-000/ But I hope this is an editorial error. :-/ Do you means the one-line patch from ISS ? That patch don't work. The one in apache offical 1.3.26 works. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
DSA 131: Apache Vulnerability
Hi there I got a little question, a bit silly perhaps. When will there be any packages of Apache 1.3.26 or a backported patch for 1.3.24 for woody? Will it be in the next time or would it make sense to upgrade by hand, say by compiling one's own binaries. Well yes I know, that there is some testing going on of the new security infrastructure for woody, etc. But shame on me, I have some woody systems running in a productive environment... Marcel -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: DSA 131: Apache Vulnerability
On Thu, 2002-06-20 at 17:40, Marcel Weber wrote: Hi there I got a little question, a bit silly perhaps. When will there be any packages of Apache 1.3.26 or a backported patch for 1.3.24 for woody? Will it be in the next time or would it make sense to upgrade by hand, say by compiling one's own binaries. Well yes I know, that there is some testing going on of the new security infrastructure for woody, etc. But shame on me, I have some woody systems running in a productive environment... apache 1.3.26 is currently in http://incoming.debian.org so you can get it from there. apache-perl is on the way. I don't know about apache-ssl -- René Seindal ([EMAIL PROTECTED]) http://www.seindal.dk/rene/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: DSA 131: Apache Vulnerability
On Thu, 20 Jun 2002, Marcel Weber wrote: Hi there I got a little question, a bit silly perhaps. When will there be any packages of Apache 1.3.26 or a backported patch for 1.3.24 for woody? Will it be in the next time or would it make sense to upgrade by hand, say by compiling one's own binaries. Well yes I know, that there is some testing going on of the new security infrastructure for woody, etc. But shame on me, I have some woody systems running in a productive environment... On http://www.renardias.com/debian/ you'll find: - my unofficial fixed 1.3.24 version. - the official 1.3.26 Debian packages from Matthew Wilcox that are currently propagating on FTP mirrors. Cordialement, -- Vincent RENARDIAS Directeur Technique StrongHoldNET / http://www.strongholdnet.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Upload speed of Apache 1.3.26?
As Paul Hosking pointed out today [1] a debian package for apache 1.3.26 might be available soon for everybody to download. In fact the bug [2] is already closed and packages might have been uploaded yesterday. Given the importance of the problem I thought I'd ask how long it will approximately take until these packages will be available from the public ftp servers? Bernhard [1] http://lists.debian.org/debian-security/2002/debian-security-200206/msg00236.html [2] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=150284repeatmerged=yes pgpjKVvGgj6oM.pgp Description: PGP signature
Re: PATCH: apache 1.3.24 chunk size thingy - cert_vucert944335_1.3.24
SDiZ \(UHome\) [EMAIL PROTECTED] writes: The German publish Heise claims that this patch does not fix the vulnerability, see: http://www.heise.de/newsticker/data/pab-20.06.02-000/ But I hope this is an editorial error. :-/ Do you means the one-line patch from ISS ? That patch don't work. Yes, that's known, of course. The one in apache offical 1.3.26 works. The article above claims that only this one works, a previous version explicitly claimed that the Debian fix was incorrect. -- Florian Weimer[EMAIL PROTECTED] University of Stuttgart http://CERT.Uni-Stuttgart.DE/people/fw/ RUS-CERT fax +49-711-685-5898 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
New Product Announcement
NEW PRODUCT ANNOUNCEMENT From: OUTSOURCE ENG. MFG. INC. Sir/Madam; This note is to inform you of new watchdog board technology for maintaining continuous unattended operation of PC/Servers etc. that we have released for distribution. We are proud to announce Watchdog Control Center featuring MAM (Multiple Applications Monitor) capability. The key feature of this application enables you to monitor as many applications as you have resident on any computer as well as the operating system for continuous unattended operation. The Watchdog Control Center featuring MAM capability expands third party application control of a Watchdog as access to the application's source code is no longer needed. Here is how it all works: Upon installation of the application and Watchdog, the user may select many configuration options, based on their model of Watchdog, to fit their operational needs. If the MAM feature is enabled, the user may select any executable program that they wish for monitoring. A lock up of the operating system or if any one of the selected applications is not running, the MAM feature, in conjunction with the Watchdog, will reset the system allowing for continuous operation. It's that simple! Watchdog Control Center is supported on most Microsoft Windows platforms (Win9x/WinNT/Win2k) and includes a Linux version for PCI Programmable Watchdogs. Watchdog Control Center Features: - Automated installation - Controls all Outsource Engineering Watchdogs - User selectable Watchdog timeout period - User selectable Watchdog stroke interval - Multiple Application Monitoring Included on the Installation CD: - Watchdog Control Center - Watchdog Drivers - Documentation For more information, please visit out website at http://www.outsrc-em.com/ or send an e-mail to [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: DSA 131: Apache Vulnerability
On Thu, 2002-06-20 at 17:40, Marcel Weber wrote: Hi there I got a little question, a bit silly perhaps. When will there be any packages of Apache 1.3.26 or a backported patch for 1.3.24 for woody?... As the list archive from 7 hrs and 20 mins ago says - the packages are out. Look above. Hi All! Source and an i386 .deb are now up on: http://people.debian.org/~grantma MD5sums: $ md5sum apache_1.3.24-3.0.anathoth.1* 2694e435fcc5a8197d4942d38a651b43 apache_1.3.24-3.0.anathoth.1.diff.gz b84b0f106079ab7f66f40d135f5ed3f9 apache_1.3.24-3.0.anathoth.1.dsc 561f18885c58b8302d3039accea8e8bf apache_1.3.24-3.0.anathoth.1_i386.changes 5b0cf3f2a12b36063c7c19c8adbc450a apache_1.3.24-3.0.anathoth.1_i386.deb -- Med venlig hilsen / Regards Klaus Agnoletti Junior Geek Engineer Xenux - The Linux People Bredgade 35A, 2. 1260 København K Tel: +45 3315 8202 Fax: +45 3332 1832 http://www.xenux.dk signature.asc Description: This is a digitally signed message part
Re: DSA 131: Apache Vulnerability
Quoting Ren? Seindal ([EMAIL PROTECTED]): I don't know about apache-ssl libapache-mod-ssl is in incoming. Greets, Robert -- ( o Linux Generation o ) ///\finger [EMAIL PROTECTED] for my GnuPG/PGP key./\\\ \V_/\_V/ Despite all appearances, your boss is a thinking, feeling, human being. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Upload speed of Apache 1.3.26?
On Don, 20 Jun 2002, Bernhard Reiter wrote: Hello, Given the importance of the problem I thought I'd ask how long it will approximately take until these packages will be available from the public ftp servers? Yesterday it was available from http://incoming.debian.org/ and moved today to the mirrors. I just saw it on http://ftp.se.debian.org/debian/pool/main/a/apache/ Other mirrors will follow soon. -- Noèl Köthe -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
AW: DSA 131: Apache Vulnerability
Cool, thank you all! Marcel -Ursprungliche Nachricht- Von: Vincent Renardias [mailto:[EMAIL PROTECTED] Gesendet: Donnerstag, 20. Juni 2002 20:51 An: Marcel Weber Cc: debian-testing@lists.debian.org; debian-security@lists.debian.org Betreff: Re: DSA 131: Apache Vulnerability On Thu, 20 Jun 2002, Marcel Weber wrote: Hi there I got a little question, a bit silly perhaps. When will there be any packages of Apache 1.3.26 or a backported patch for 1.3.24 for woody? Will it be in the next time or would it make sense to upgrade by hand, say by compiling one's own binaries. Well yes I know, that there is some testing going on of the new security infrastructure for woody, etc. But shame on me, I have some woody systems running in a productive environment... On http://www.renardias.com/debian/ you'll find: - my unofficial fixed 1.3.24 version. - the official 1.3.26 Debian packages from Matthew Wilcox that are currently propagating on FTP mirrors. Cordialement, -- Vincent RENARDIAS Directeur Technique StrongHoldNET / http://www.strongholdnet.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
sources.list for potato
Hate to beat a dead horse, but deb http://http.us.debian.org/debian potato main contrib non-free deb http://http.us.debian.org/debian dists/potato-proposed-updates/ deb http://non-us.debian.org/debian-non-US potato/non-US main contrib non-free deb http://non-us.debian.org/debian-security potato/updates main contrib non-free deb http://security.debian.org/debian-security potato/updates main contrib non-free is all I need on my sources.list for potato, right? And when I move to woody someday, just s/potato/woody/, correct? Mike -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: sources.list for potato
Mike Dresser [EMAIL PROTECTED] writes: Hate to beat a dead horse, but deb http://http.us.debian.org/debian potato main contrib non-free deb http://http.us.debian.org/debian dists/potato-proposed-updates/ deb http://non-us.debian.org/debian-non-US potato/non-US main contrib non-free deb http://non-us.debian.org/debian-security potato/updates main contrib non-free deb http://security.debian.org/debian-security potato/updates main contrib non-free is all I need on my sources.list for potato, right? And when I move to woody someday, just s/potato/woody/, correct? For a truly stable Debian system, drop deb http://http.us.debian.org/debian dists/potato-proposed-updates/ (wait for official release updates) and then just s/potato/stable/g. Note that non-US is being phased out. -- Olaf MeeuwissenEPSON KOWA Corporation, CID GnuPG key: 6BE37D90/AB6B 0D1F 99E7 1BF5 EB97 976A 16C7 F27D 6BE3 7D90 LPIC-2 -- I hack, therefore I am -- BOFH -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: sources.list for potato
On Thu, 20 Jun 2002 23:22, Olaf Meeuwissen wrote: (wait for official release updates) and then just s/potato/stable/g. Note that non-US is being phased out. Can you point me to the mail-archive thread that discusses this?(I haven't been following debian lists for very long). Cheers Geoff Crompton -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: sources.list for potato
For a truly stable Debian system, drop deb http://http.us.debian.org/debian dists/potato-proposed-updates/ (wait for official release updates) and then just s/potato/stable/g. Note that non-US is being phased out. I've seen way too many packages that take too long to get into stable when there's security holes. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: sources.list for potato
On Fri, 21 Jun 2002 00:36, Olaf Meeuwissen wrote: Geoff Crompton [EMAIL PROTECTED] writes: On Thu, 20 Jun 2002 23:22, Olaf Meeuwissen wrote: (wait for official release updates) and then just s/potato/stable/g. Note that non-US is being phased out. Can you point me to the mail-archive thread that discusses this?(I haven't been following debian lists for very long). Oops! I confused the crypto in main issue with non-US being phased out. Of course, the patented bits will stay in non-US so it will not disappear in the foreseeable future. What is the 'cypto in main' issue? (Or better, have you got a URL on it?) I searched the devel mailing archive for 'crypto AND in AND main' to no avail. Cheers Geoff Crompton -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: DSA 131: Apache Vulnerability
I have two relative policies: 1. Always use a firewall to filter out everything but what is absolutely necessary, ie web, email, etc. 2. Always build stuff filtered to the internet from source that way when a vulnerability is released, you can update it rather quickly, no matter what the distro you are running is. -- Arthur H. Johnson II, Debian GNU/Linux Advocate Catechist, St John Catholic Church, Davison MI USA President, Genesee County Linux Users Group IRC: [EMAIL PROTECTED],#debian YIM: arthurjohnson AIM: bytor4232 ICQ: 31770438 On Thu, 20 Jun 2002, Marcel Weber wrote: Hi there I got a little question, a bit silly perhaps. When will there be any packages of Apache 1.3.26 or a backported patch for 1.3.24 for woody? Will it be in the next time or would it make sense to upgrade by hand, say by compiling one's own binaries. Well yes I know, that there is some testing going on of the new security infrastructure for woody, etc. But shame on me, I have some woody systems running in a productive environment... Marcel -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: sources.list for potato
Geoff Crompton [EMAIL PROTECTED] writes: Oops! I confused the crypto in main issue with non-US being phased out. Of course, the patented bits will stay in non-US so it will not disappear in the foreseeable future. What is the 'cypto in main' issue? (Or better, have you got a URL on it?) I searched the devel mailing archive for 'crypto AND in AND main' to no avail. Try again for the debian-legal mailing archive and at http://www.debian.org/legal/cryptoinmain HTH, -- Olaf MeeuwissenEPSON KOWA Corporation, CID GnuPG key: 6BE37D90/AB6B 0D1F 99E7 1BF5 EB97 976A 16C7 F27D 6BE3 7D90 LPIC-2 -- I hack, therefore I am -- BOFH -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: sources.list for potato
Mike Dresser [EMAIL PROTECTED] writes: For a truly stable Debian system, drop deb http://http.us.debian.org/debian dists/potato-proposed-updates/ (wait for official release updates) and then just s/potato/stable/g. Note that non-US is being phased out. I've seen way too many packages that take too long to get into stable when there's security holes. That's why you have deb http://security.debian.org/ stable/updates main at the top of your /etc/apt/sources.list, not? -- Olaf MeeuwissenEPSON KOWA Corporation, CID GnuPG key: 6BE37D90/AB6B 0D1F 99E7 1BF5 EB97 976A 16C7 F27D 6BE3 7D90 LPIC-2 -- I hack, therefore I am -- BOFH -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
