Just FYI: The well-known German Heise Newsticker (IT related) has an
article today with the title Debian without security update for
several weeks: http://www.heise.de/newsticker/meldung/61076
Hm, bad reputation for us...
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of
On Monday 27 June 2005 15:25, W. Borgert wrote:
Just FYI: The well-known German Heise Newsticker (IT related) has an
article today with the title Debian without security update for
several weeks: http://www.heise.de/newsticker/meldung/61076
Hm, bad reputation for us...
This was only a
On Mon, 27 Jun 2005 15:50:19 +0200, Jan Wagner [EMAIL PROTECTED] said:
On Monday 27 June 2005 15:25, W. Borgert wrote:
Just FYI: The well-known German Heise Newsticker (IT related) has an
article today with the title Debian without security update for
several weeks:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Carl-Eric Menzel wrote:
Does anybody know what the actual problem is, i.e. why there are no
updates?
Carl-Eric
Hi,
problem: http://www.infodrom.org/~joey/log/?200506142140
In the discussion on the heise.de article people mentioned [1] the
Greetings,
Am Montag, 27. Juni 2005 15:54 schrieb Carl-Eric Menzel:
On Mon, 27 Jun 2005 15:50:19 +0200, Jan Wagner [EMAIL PROTECTED] said:
On Monday 27 June 2005 15:25, W. Borgert wrote:
Just FYI: The well-known German Heise Newsticker (IT related) has an
article today with the title
On Monday 27 June 2005 09:53 am, Martin Lohmeier wrote:
time to get s.d.o working -- not enough active member in the security
team.
How would one go about getting on the security team?
If the entry into the security team is as convoluted as becoming a debian
developer I understand why the
Bob Tanner wrote:
How would one go about getting on the security team?
If the entry into the security team is as convoluted as becoming a debian
developer I understand why the security team does not have enough active
members.
I would assume you need to be a DD before you can join the
[cc'ing -project]
also sprach W. Borgert [EMAIL PROTECTED] [2005.06.27.1525 +0200]:
Just FYI: The well-known German Heise Newsticker (IT related) has an
article today with the title Debian without security update for
several weeks: http://www.heise.de/newsticker/meldung/61076
Hm, bad
also sprach Bob Tanner [EMAIL PROTECTED] [2005.06.27.1939 +0200]:
How would one go about getting on the security team?
Current practice is: you don't. The security team advises you to
send notices and patches their way. At any point, they may invite
people who have made significant contributions
On Mon, Jun 27, 2005 at 01:10:10PM -0500, Adam Majer wrote:
are happy the fix will not mess up current functionality. How many
people do we need on the actual security team? The current listing states,
# Security Team -- [EMAIL PROTECTED]
/member/ Martin Schulze
/member/ Wichert
On Monday 27 June 2005 20:26, Matt Zimmerman wrote:
I expect it would be enough if they were all active, but that has
never been the case for this group. Wichert, Daniel, Michael and
myself are all de facto inactive for various reasons, and have been
for some time.
And according to Steve
On Mon, Jun 27, 2005 at 11:26:37AM -0700, Matt Zimmerman wrote:
The security team has always been a difficult one to expand. A strong level
of trust is necessary due to confidentiality issues, and security support is
a lot of (mostly boring and thankless) work. However, expanding it seems
On Mon, 27 Jun 2005, Matt Zimmerman wrote:
The security team has always been a difficult one to expand. A strong level
of trust is necessary due to confidentiality issues, and security support is
a lot of (mostly boring and thankless) work. However, expanding it seems
like the only way to
On Mon, Jun 27, 2005 at 02:36:12PM -0400, Noah Meyerhans wrote:
Even allowing uploads from the secretaries could be helpful.
Definitely.
I've got fixed packages available right now for some of the
bugs which have been raised in this thread, but until somebody
can push out the
On Mon, Jun 27, 2005 at 08:39:43PM +0200, Marek Olejniczak wrote:
I don't understand the philosophy of Debian security team. It's really so
difficult to push into sarge spamassassin 3.0.4 which is not vulnerable?
This version is in Debian testing and why this version can't be push into
Matt Zimmerman wrote on 27/06/2005 20:26:
On Mon, Jun 27, 2005 at 01:10:10PM -0500, Adam Majer wrote:
are happy the fix will not mess up current functionality. How many
people do we need on the actual security team? The current listing states,
# Security Team -- [EMAIL PROTECTED]
also sprach Matt Zimmerman [EMAIL PROTECTED] [2005.06.27.2026 +0200]:
I expect it would be enough if they were all active, but that has
never been the case for this group. Wichert, Daniel, Michael and
myself are all de facto inactive for various reasons, and have
been for some time.
I, for
On Monday 27 June 2005 20:39, Marek Olejniczak wrote:
I don't understand the philosophy of Debian security team. It's really
so difficult to push into sarge spamassassin 3.0.4 which is not
vulnerable? This version is in Debian testing and why this version
can't be push into stable?
Seems that
also sprach Noah Meyerhans [EMAIL PROTECTED] [2005.06.27.2036 +0200]:
Part of the problem with security updates has to do with the fact
that it's just difficult to coordinate the work. Even when
Wichert, mdz, and others were more active, Joey still did most of
the work because it was often
also sprach Frans Pop [EMAIL PROTECTED] [2005.06.27.2105 +0200]:
Even if 3.0.4 contains only the security fix, it will still be backported
and released as 3.0.3-1sarge1 or something like that.
That's actually not guaranteed. If 3.0.4 contains only the security
fix and really nothing else, I
Greetings,
Am Montag, 27. Juni 2005 20:10 schrieb Adam Majer:
Jan Lühr wrote:
Greetings,
Am Montag, 27. Juni 2005 15:54 schrieb Carl-Eric Menzel:
Does anybody know what the actual problem is, i.e. why there are no
updates?
This is not an actual problem, this problem is rather imho
On Mon, Jun 27, 2005 at 09:05:53PM +0200, martin f krafft wrote:
How much information can be disclosed about the inner workings of
the security team without damage?
Most, but not all, of the security team's work is rather routing and
very uninteresting. Often it is necessary to review code
At the same time, though, I think we need to take immediate action.
Among the first steps would be the analysis of the status quo. I am
going through the list of CVEs right now. There are *loads*. And
I could need help. I'll ping out to joeyh to see if we could put his
scripts for
also sprach Noah Meyerhans [EMAIL PROTECTED] [2005.06.27.2116 +0200]:
of a secretary. (though, when trying to do that kind of work,
I've always found that I'm a whole lot better at hacking than I am
at secretarial work; I suspect that's the case with a lot of
developers)
Barring that I don't
Adam Majer [EMAIL PROTECTED] wrote:
Jan Lühr wrote:
In it's last one to two years Woody was starving out of security
updates. (Samba, Mozilla, Kernel, etc.).
These are much less of a problem since they deal with either Intranet
only applications (Samba),
Intranet is not a synonym for
Steve Kemp wrote:
On Mon, Jun 27, 2005 at 02:36:12PM -0400, Noah Meyerhans wrote:
Even allowing uploads from the secretaries could be helpful.
Definitely.
I've got fixed packages available right now for some of the
bugs which have been raised in this thread, but until
On Mon, Jun 27, 2005 at 02:36:12PM -0400, Noah Meyerhans wrote:
Part of the problem with security updates has to do with the fact that
it's just difficult to coordinate the work. Even when Wichert, mdz, and
others were more active, Joey still did most of the work because it was
often easier for
On Mon, Jun 27, 2005 at 07:43:50PM +0100, Steve Kemp wrote:
In some cases fixing a problem, which an upstream will not, or
which the package maintainer cannot is *very* hard work. (eg. Mozilla/
Kernel images).
Damn near impossible, in the case of mozilla. I trolled several times on
On Mon, Jun 27, 2005 at 07:36:50PM +, Paul Hink wrote:
Having one's workstation compromised (e.g. due to some vulnerability of
Mozilla) is a serious thing. There might be confidential data (e.g.
private e-mails) stored on it and in many cases it makes compromising a
server much easier as
On Mon, Jun 27, 2005 at 09:05:20PM +0200, Frans Pop wrote:
Even if 3.0.4 contains only the security fix
It doesn't, BTW:
http://wiki.apache.org/spamassassin/changes304
// Ulf
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
also sprach Michael Stone [EMAIL PROTECTED] [2005.06.27.2251 +0200]:
On Mon, Jun 27, 2005 at 02:36:12PM -0400, Noah Meyerhans wrote:
Part of the problem with security updates has to do with the fact that
it's just difficult to coordinate the work. Even when Wichert, mdz, and
others were more
also sprach martin f krafft [EMAIL PROTECTED] [2005.06.27.2100 +0200]:
There is a problem with that, namely responsible disclosure. The
team cannot be too big or else the other organisations in the
consortium will object for danger of leakage.
I think what we do need though is an
On Tue, Jun 28, 2005 at 12:00:28AM +0200, martin f krafft wrote:
Do you guys see this as a de facto state with no solution, or is
a good solution simply waiting to be found?
The security secretaries were originally going to be part of the
solution, and there was talk from some people about
also sprach Michael Stone [EMAIL PROTECTED] [2005.06.28.0044 +0200]:
The security secretaries were originally going to be part of the
solution, and there was talk from some people about writing
a tracking system that didn't materialize. Mostly I think it just
needs recognition that it's a
In gmane.linux.debian.devel.security, you wrote:
Part of the problem with security updates has to do with the fact that
it's just difficult to coordinate the work. Even when Wichert, mdz, and
others were more active, Joey still did most of the work because it was
often easier for one person to
On Tue, Jun 28, 2005 at 01:29:12AM +0200, martin f krafft wrote:
So if we all recognise it as a problem, it will solve itself?
Nothing's useful if people won't use it.
Mike Stone
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
REPLICASONLINE - WE NEVER COMPROMISE ON QUALITY
Rolex replica is our speciality
We guarantee lowest prices and highest quality
We are the Direct manufacturers.
For top quality rolex watchs pleas visit:
http://www.chooseyourwatch4u.net
tidbit nk thiocyanate ifv [2
--
To UNSUBSCRIBE,
37 matches
Mail list logo