package: developers-reference
x-debbugs-cc: debian-security@lists.debian.org
hi,
On Tue, Jul 11, 2023 at 10:46:20PM +0200, Moritz Mühlenhoff wrote:
> > I found the Securing Debian Manual
> > (https://www.debian.org/doc/manuals/securing-debian-manual/index.en.html).
> > This version is from 2017.
On Wed, Mar 30, 2022 at 09:36:58AM +0200, Sylvestre Ledru wrote:
> Le 30/03/2022 à 07:07, Salvatore Bonaccorso a écrit :
> > Sylvestre and Holger, would you have time to include the bugfix as
> > well in the future bullseye point release?
> Sure, should be easy.
> Is there a timeline?
as the last
hey hey, hear hear!
On Mon, Nov 01, 2021 at 07:44:34PM +, Moritz Muehlenhoff wrote:
> -
> Debian Security Advisory DSA-5000-1 secur...@debian.org
WHHO!
that's *something* to *celebrate*!!1 Very
On Sun, Jun 27, 2021 at 04:52:26PM -0400, Boyuan Yang wrote:
> Besides, I believe end users are not supposed to know deb-src line for
> security repos.
sure, they do! and of course we provide source for our security updates!
> Adding such info provides zero benefit except for confusing
> users.
Package: libwebkit2gtk-4.0-37
Version: 2.32.1-1~deb10u1
Severity: normal
Dear Maintainer,
from #debian-security today, Salvatore asked me to file this as a bug.
< h01ger> DSA 4923 causes xdg-desktop-portal(-gtk) to be installed here, much
to my surprise and unhappyness
< h01ger> its a
On Sun, May 16, 2021 at 05:21:50PM +0300, Serkan Özkan wrote:
> We are using Debian OVAL definitions but there are many tests, and states,
> that test for dpkg versions being less than 0.0 which is impossible in
> practice (right?).
no, it's possible:
0~1 is a valid version. It's smaller than
On Fri, Nov 13, 2020 at 12:06:50PM +0200, Georgi Guninski wrote:
> On Fri, Nov 13, 2020 at 10:21 AM Pavlos Ponos wrote:
> > BUT we should not forget to say a THANK YOU to these guys which give their
> > best in order all of us to use this OS for free ;-)
> I believe I am debian contributor too,
hi,
(this started as a discussion whether to update radare2 in (old)stable
and has since then evolved into a discussion about the problem
summarized well by Raphael.)
On Thu, Aug 29, 2019 at 01:48:14PM +0200, Raphael Hertzog wrote:
> On Thu, 29 Aug 2019, Moritz Mühlenhoff wrote:
> > The upstream
On Fri, Aug 16, 2019 at 08:11:58PM +, Markus Koschany wrote:
> Markus Koschany pushed to branch master at Debian Security Tracker /
> security-tracker
>
> Commits:
> bc35662f by Markus Koschany at 2019-08-16T20:11:47Z
> Add radare2 to dla-needed.txt with comments.
>
> - - - - -
> 1 changed
Hi Roman,
the security team is not responsible for Debian LTS, I've thus added
debian-lts@lists.d.o to the mail recipients, so that they become aware
of your issue.
On Thu, Feb 14, 2019 at 06:06:34PM +0100, Roman Medina-Heigl Hernandez wrote:
> Hi security-fellows,
>
> I applied recent rssh
Hi Salvatore,
On Tue, Feb 12, 2019 at 08:13:18AM +0100, Salvatore Bonaccorso wrote:
> I have the attached patch commited in a local branch, but want first
> to confirm is this the final intended URL to reach the DLAs?
> -return
>
package: security-tracker
x-debbugs-cc: debian-...@lists.debian.org
Hi,
this is a bug to track fixing this small glitch in the new
www.debian.org/lts/security/ area:
On Mon, Feb 11, 2019 at 04:26:38PM -0500, Antoine Beaupré wrote:
> >> * Adaptation in the security tracker so the new URL paths
On Fri, Jan 18, 2019 at 01:58:12PM +0800, Paul Wise wrote:
> > To answer my own question, after PHP 5.5 the easter egg was removed already.
> So the issue would only be present in wheezy. I guess the ELTS folks
> might like to disable them.
I don't think the behaviour of php should be changed at
On Wed, Nov 14, 2018 at 07:45:59PM +0100, Moritz Muehlenhoff wrote:
> Nearly all the tasks of actually editing the data require a look at the
> complete
> data, e.g. to check whether something was tracked before, whether there's an
> ITP
> for something, whether something was tracked as NFU in
On Tue, Nov 06, 2018 at 07:08:20PM +0800, Paul Wise wrote:
> Bug#908678: security-tracker - Breaks salsa.d.o
thank you.
--
cheers,
Holger
---
holger@(debian|reproducible-builds|layer-acht).org
On Tue, Nov 06, 2018 at 07:45:24AM +0100, Salvatore Bonaccorso wrote:
> > DLA link is broken.
> > e.g. https://security-tracker.debian.org/tracker/DLA-1445-1 page
> > "SourceDebian LTS" points to
> > https://www.debian.org/security/2018/dla-1445
> > but there's no such page.
> Cf. #762255
On Tue, Nov 06, 2018 at 02:42:59PM +0800, Paul Wise wrote:
> Also, a much more important task is restructuring the git repo so that
> it doesn't cause responsiveness and resource usage issues with salsa.
is there a bug or wiki page describing the issues/requirements for that and
what has been
On Sat, Sep 01, 2018 at 12:43:58PM +0800, Paul Wise wrote:
> > So, I always go to [1] with my web browser, copy the URL of the .dsc file
> > and then dget that .dsc file.
> This misses out verifying apt signatures.
the .dsc file is signed and dget verifies it.
--
cheers,
Holger
On Sun, Mar 04, 2018 at 04:07:14PM +0100, SZÉPE Viktor wrote:
> Why should one using an amd64 hardware update its kernel/reboot when changes
> are only for powerpc?
you should not. (or maybe you should so your monitoring will not
complain about running an outdated kernel.)
however, because the
On Sat, Feb 17, 2018 at 02:35:22PM +0100, Moritz Mühlenhoff wrote:
> The update for gcc-4.9 has just been released.
> Test packages for gcc-6/stretch are now available at
> https://people.debian.org/~jmm/gcc6/
Thanks for your work on this, Moritz.
I have a stupid/uninformed question: is this
On Tue, Dec 26, 2017 at 03:29:08PM +0100, Salvatore Bonaccorso wrote:
> FTR, so now that the beta for salsa.d.o has been announced I started
> to look on what further is needed and recorded further findings in
> TODO.gitmigration.
\o/
thanks for doing this work!
> [...] Personally I still would
On Sun, Dec 03, 2017 at 01:11:50PM +0100, Bastian Blank wrote:
> It would still only need to compromise one machine: The one from where
> the keys are handled and distributed.
I rest my case. I'd secure the front door even if the side door (atm
still) can be compromised easy.
--
cheers,
On Sun, Dec 03, 2017 at 12:05:51PM +0100, Bastian Blank wrote:
> > in practice, this also has obvious flaws.
> Please elaborate.
for a start: one only needs to compromise one machine instead of many...
> > what's the technical reason
> > the buildds are
On Sun, Dec 03, 2017 at 12:38:24PM +0800, Paul Wise wrote:
> The Debian buildds only do the first verification (due to all Debian
> package uploader keys not being installed) but the Debian archive
> verifies that all uploads match a known developer key before passing
> packages to the buildds. So
On Sat, May 13, 2017 at 10:48:18PM +0200, Aurelien Jarno wrote:
> The above change should now be deployed on most jessie based buildds,
> it's only missing on the buildds that are currently down.
cool, thank you!
--
cheers,
Holger
signature.asc
Description: Digital signature
On Sat, May 13, 2017 at 05:52:04PM +0200, Mattia Rizzolo wrote:
> On Sat, May 13, 2017 at 03:44:57PM +0100, Chris Lamb wrote:
> > a) Has anything changed in the meantime?
>
> Yes: sbuild stopped repeating the changelog time taking it from the last
> entry, and will instead generate a new
On Wed, Mar 29, 2017 at 07:29:06AM +0200, Salvatore Bonaccorso wrote:
> The security-tracker side of this has been implemented now, Paul Wise
> did the corresponding work.
cool! thanks Paul!
--
cheers,
Holger
signature.asc
Description: Digital signature
On Mon, Jan 30, 2017 at 02:47:45PM +0100, Johannes Schauer wrote:
> > (the sbuild maintainer reads the above list which has been cc:ed so he
> > should be able to comment…)
>
> You were talking about buildd-tools-de...@lists.alioth.debian.org
yes
> You forgot to CC that one (I understood that
On Mon, Jan 30, 2017 at 01:10:12PM +0100, Mattia Rizzolo wrote:
> > Would reproducible-bui...@lists.alioth.debian.org be the correct mailing
> > list to discuss this?
the debian-buildd list or a bug against sbuild might be more
appropriate…
(the sbuild maintainer reads the above list which has
On Sat, Jan 28, 2017 at 03:04:56PM +0100, Daniel Reichelt wrote:
> I highly suspect this stems from packages' rules files supporting
> reproducible builds.
I rather think this is due to binNMUs not modifying debian/changelog…
(in the source package while it's modified in the binary packages…)
On Wed, Nov 09, 2016 at 07:14:45PM +0100, W. Martin Borgert wrote:
> If users of testing or unstable have the malware installed now and
> the package gets removed from the archive, users are left with the
> malware, right?
yes
> That's why I thought about uploading an empty package to unstable,
On Wed, Nov 09, 2016 at 04:17:58PM +0100, W. Martin Borgert wrote:
> Would NEWS.Debian be sufficient?
I think so. And I also think this should be done.
and, who's gonna file the RM bug for unstable?
--
cheers,
Holger
signature.asc
Description: Digital signature
On Thu, Aug 04, 2016 at 02:14:55AM +, Nick Boyce wrote:
> > Just don't use that crap. With the amount of zero days in Flash
> > you're subject to serious vulnerabilities even with an up-to-date
> > plugin.
> [...] Also I
> believe there are quite a few corporate intranet use-cases that
On Wed, Aug 03, 2016 at 10:46:33PM +0200, Stefan Fritsch wrote:
> Maybe the flashplugin-nonfree package should even be replaced by a package
> that
> installs the ubuntu archive signing key, sets up the sources.list line, and
> tweaks the unattended-updates config to allow automatic updates
On Tue, Aug 02, 2016 at 04:37:31PM +0200, Jakub Wilk wrote:
> Wiki is world-writable. It's safe to assume that everything there is
> nonsense unless proven otherwise.
It's also safe to assume that we'll al die one day, though that's also
not very helpful.
A useful first step to assess the
Hi Christoph,
your email doesnt mention whether you searched the BTS for relevant bugs
about these issues. Have you?
And if there are no bugs filed yet, someone should file bugs.
:-)
--
cheers,
Holger
signature.asc
Description: Digital signature
Hi Drake,
On Tue, May 24, 2016 at 01:32:08PM +0800, Paul Wise wrote:
> > Lacking any obvious way to talk to the security team without potentially
> > making my
> > message look more urgent than it was, I leave it to whoever else can
> > navigate the
> > Debian social structure to take it up in
On Wed, May 18, 2016 at 06:33:52PM +0200, Jakub Wilk wrote:
> Could you explain how any of these tools leak any information "without a
> user's consent/expectation"?
gnome-calculator contacts a web page/service with currency exchange
information *on every start*, I think that's a good example of
Hi,
On Samstag, 13. Februar 2016, Paul Wise wrote:
> On Sat, Feb 13, 2016 at 2:51 AM, Wheeler, David A wrote:
> > Should Debian's security team ask for a Common Platform Enumeration (CPE)
> > id when a related CVE is found/reported fixed?
>
> The debian-security list is a general Debian security
Hi Wolfgang,
On Dienstag, 2. Februar 2016, Wolfgang Jeltsch wrote:
> • Where does the tracker talk about security policies? (I actually
> doubt that such information is in the tracker at all.)
That's out of scope for the tracker indeed, however right now I dont know
where to find such
Hi,
On Mittwoch, 20. Januar 2016, Bjoern Nyjorden wrote:
> Most appreciated. So, just to confirm; my take away on this is:
>
> * 1. "Wheezy" Linux kernels are NOT AFFECTED.
>
> * 2. "Wheezy" & "Jessie" BACKPORTS Linux kernels are VUNERABLE.
>
> If I have understood correctly?
yes!
Hi Bjoern (bcc:ed),
On Mittwoch, 20. Januar 2016, Bjoern Nyjorden wrote:
> Are the "Wheezy" Linux kernels affected as well, or are they currently
> okay as far as you know?
on debian-backports@l.d.o Ben wrote:
> [...] It's fixed in jessie and sid,
> and doesn't affect anything older.
Hi Grant,
On Donnerstag, 7. Januar 2016, Grant Murphy wrote:
> I'm trying to build a tool that monitors security issues across a
> number of different sources. One of which was the Debian security
> tracker.
cool!
> I had hoped to periodically poll this url:
>
package: security-tracker
x-debbugs-cc: Raphael Geissert geiss...@debian.org
Hi Raphael,
httpredir as used for security-tracker.debian.org has some problems updating
some Packages files, _sometimes_. IOW: i've seen this working on my laptop,
but not when deployed on soler. The url exists... (or
Hi Salvatore,
On Dienstag, 5. Mai 2015, Salvatore Bonaccorso wrote:
I think two more changes were actually needed to get the testing
status view show the correct information: r34072 and 34073.
good catch, thanks!
cheers,
Holger
signature.asc
Description: This is a digitally signed
package: security-tracker
severity: wishlist
Hi,
3fa31ab2a22a7e6db606899ca3ee6cb45a7884d1 / svnr33868 is commit showing what
needs to be done on upgrades, specifically these files need to be updated:
Makefile# search for release-names
bin/tracker_data.py # search for
Hi Francesco,
On Montag, 27. April 2015, Francesco Poli wrote:
3fa31ab2a22a7e6db606899ca3ee6cb45a7884d1 / svnr33868 is commit showing
I am sorry to ask, but... is this commit supposed to be already live?
yes it is.
I am asking since I still see a tracker situation inconsistent with the
Hi Raphael,
On Montag, 20. April 2015, Raphael Hertzog wrote:
I just noticed that DLA/DSA end up referenced as security issues. See
for example DLA-204-1 and DLA-27-1 assigned to file.
That's a bug, thanks for notifying. I will fix it soon, latest on saturday
when I'll add oldoldstable
x-debbugs-cc: 761859, hert...@debian.org
package: security-tracker
severity: wishlist
Hi,
On Montag, 16. März 2015, Raphael Hertzog wrote:
Another nice thing to add in the generated file is whether the package is
listed in dsa-needed.txt and dla-needed.txt.
That would be two boolean fields
Hi,
I think you probably just need to run apt-get update before apt-get
install...
It's definitly not a security issue deserving the attention of the security
team.
cheers,
Holger
signature.asc
Description: This is a digitally signed message part.
Hi,
On Donnerstag, 19. März 2015, Patrick Schleizer wrote:
I think you probably just need to run apt-get update before apt-get
install...
I did that, I am sure of it. Reproduced this on two different systems.
can you put the output of apt-get update and apt-cache policy on
Hi Raphael,
On Montag, 16. März 2015, Raphael Hertzog wrote:
I'm currently trying to use the generated json but the data below the
releases field doesn't correspond to what we discussed. It contains
entries like wheezy-security or squeeze-security when it was supposed
to have only the
Hi,
unless someone objects profoundly I'll switch the links from the security-
tracker to to tracker.debian.org instead of pointing to the old PTS in the
coming days.
cheers,
Holger
signature.asc
Description: This is a digitally signed message part.
Hi,
On Freitag, 27. Februar 2015, Paul Wise wrote:
To clarify, I was suggesting keep the version numbers in the
repositories section but only keep fixed version numbers in the
releases section. Also, the fixed version numbers appear to be
incorrect, for example the website says CVE-2012-6656
Hi,
On Montag, 9. März 2015, Raphael Hertzog wrote:
But I wonder why you have such problems? Aren't you storing the result
in memory and then letting a json lib output the data?
I dont, as I've converted the previous yaml output to json, because I liked
the humand readability of the result...
Hi,
On Montag, 9. März 2015, Raphael Hertzog wrote:
I don't understand. IIRC we said the content of repositories and
releases was supposed to have the same structure. The only difference
was that it applied to different versions of packages.
I think the confusion might be because you stated
Hi,
I have deployed this now. It might be that fixed_version=0 means not
affected but i'm not sure yet and my mind wants a break (for a moment)...
cheers,
Holger
signature.asc
Description: This is a digitally signed message part.
Hi Florian,
On Donnerstag, 26. Februar 2015, Florian Weimer wrote:
There used to be a job that downloaded the full description from the
NVD web service and put it into the nvd_data table (update-nvd and
DB.updateNVD()). The web service looks at this table and prefers the
descriptions found
Hi Paul,
On Donnerstag, 26. Februar 2015, Paul Wise wrote:
I noticed the description fields are truncated, is that intentional?
that's all that is stored in the db...
What about making the structure like this?
why? :)
I'm guessing the code only
produces one instance of each package.
yes
control: tags -1 + pending
Hi,
so I've deployed my patches now and you can get json at
https://security-tracker.debian.org/tracker/data/json now.
I haven't tested the output against a json validator yet... so feedback
welcome and I do expect some more work to do...
Important change:
- CVEs
Hi Raphael,
thanks for your feedback! I got a consistent idea now.
On Mittwoch, 25. Februar 2015, Raphael Hertzog wrote:
- if a CVE is neither fixed in lts/security/(squeeze|wheezy), but the
version in lts/security differs from squeeze|wheezy, which version+suite
to display as affected?
Hi,
On Dienstag, 24. Februar 2015, Paul Wise wrote:
I think it would be useful to provide the non-aggregated version for
folks who only use some of the stable suites. Not sure if the sectracker
has information about stable-proposed-updates but if so it would be good
to include it too.
it
Hi,
On Dienstag, 24. Februar 2015, Richard Hartmann wrote:
Depending on your layout, you don't really need two different JSON
files, though.
how would you distinguish between squeeze, which includes lts and security,
and squeeze, which doesnt? Same for wheezy (and security and not).
cheers,
Hi,
On Montag, 23. Februar 2015, Raphael Hertzog wrote:
The only missing data I see is the Debian bug report assigned to each CVE.
I'll add that.
And you call the file json but it contains YAML :-)
yeah, fixed in the last attached patch, but I will rewrite it to actually
output json...
Hi,
On Montag, 23. Februar 2015, Paul Wise wrote:
Hmm, it appears that these are the default urgency from NVD and the ones
without asterisks are ones set by SVN committers. That doesn't appear to
be a distinction worth preserving but it is fine to do so.
I kept it under the premise of
: Holger Levsen hol...@layer-acht.org
Date: Sun, 22 Feb 2015 00:39:00 +0100
Subject: [PATCH] Dump data as .yaml via /tracker/data/yaml (Closes: #761859)
---
bin/tracker_service.py | 48
1 file changed, 48 insertions(+)
diff --git a/bin
On Samstag, 7. Februar 2015, Jan Wagner wrote:
it would be great if you would open a bug against the
debian-security-support package if there isn't one pending yet.
#776904 please mark chromium as unsupported in wheezy
signature.asc
Description: This is a digitally signed message part.
Hi,
On Donnerstag, 5. Februar 2015, Paul van der Vlis wrote:
There was always a year security support for oldstable.
you are right with that.
cheers,
Holger
signature.asc
Description: This is a digitally signed message part.
Hi,
On Donnerstag, 5. Februar 2015, Paul van der Vlis wrote:
Iceweasel support for oldstable stopped at 24 Mar 2009:
Icedove support for oldstable stopped at 12 Jul 2009:
Icedove security support for oldstable stopped at 09 Mar 2011:
The security support of Iceweasel for oldstable stopped at
updated in r30231, thanks Scott!
signature.asc
Description: This is a digitally signed message part.
Hi,
On Dienstag, 23. September 2014, Michael Gilbert wrote:
There is a page that lists candidates for DTSA (Debian Testing
Security Announcements), which aren't actually done anymore
I can remove it, if it's really not used at all anymore.
, but
something like that would be very useful for
Hi Raphael,
thanks for your work on triaging oldstable related CVEs!
On Montag, 22. September 2014, Raphael Hertzog wrote:
1/ is there a page on the security tracker that lists packages with
open vulnerabilities in stable/oldstable which are neither unimportant,
nor marked no-dsa and not
Hi,
On Montag, 22. September 2014, Christoph Biedl wrote:
While the new appearence of the security tracker is a *huge*
improvemnt, both in information details and design, thanks for that,
thanks!
As a suggestion for the above issue:
+ squeeze, squeeze (security) 5.04-5+squeeze5 [gray]No
here, and the EOL code can also be refactored, once the modell is redone :)
cheers,
Holger
From a96948b3ef4e4a40107cc8f00b9af584b6d26fb6 Mon Sep 17 00:00:00 2001
From: Holger Levsen hol...@layer-acht.org
Date: Sat, 13 Sep 2014 02:02:42 +0200
Subject: [PATCH] Display end-of-life information
by release, subrelease
and archive.
Shall I push this patch into SVN?
cheers,
Holger, finally finished chasing what he thought was a low hanging
fruit ;)
From f1841ee6be909cd6c8e8c8bf94385edf9637954f Mon Sep 17 00:00:00 2001
From: Holger Levsen hol...@layer-acht.org
Date: Fri, 19 Sep 2014 17:02
Hi Salvatore,
On Donnerstag, 18. September 2014, Salvatore Bonaccorso wrote:
Disclaimer, only gave a quick look. Thanks again for the work :).
:-)
I noticed when checking some random packages, that the version
information tough is not correct. I take again the bind9 example for
Hi,
On Donnerstag, 18. September 2014, Henrique de Moraes Holschuh wrote:
There is one thing that would be of great value: We need someone to go
over the debian-backports packages for pending security updates, and
notify the maintainers of the backports or the backports ML.
I'm working on
Hi,
On Donnerstag, 18. September 2014, Holger Levsen wrote:
I'm working on getting
https://security-tracker.debian.org/tracker/status/release/stable-backport
s meaningful for this task. Give me some more days... ;-)
for those not familar with the current security-tracker development
control: tags -1 - pending
# rather help is welcome to fix improve the regex as described in the bug log
# (see previous mail to the bug)
signature.asc
Description: This is a digitally signed message part.
package: security-tracker
Hi,
the ordering of the releases (sid, jessie, wheezy...) and issues (open and
resolved CVEs, DSAs, etc) is not consistent in the tracker web ui (and was
undeterministic in parts).
So what do we have, there are basically two views:
package-centric, like
Hi,
On Montag, 15. September 2014, Thijs Kinkhorst wrote:
What would be the actual benefits of moving to Git and I'm not talking
git log, git show, git stash and git branch and cherry-pick...!!
Working with a decentralized and fast(!) version control system locally is
so much more fun +
Hi Salvatore,
On Samstag, 13. September 2014, Salvatore Bonaccorso wrote:
This changes the ordering in the 'Security announcements section,
ordering it by release date of the DSA/DLA, right? So for example
file will show with your patch:
DSA / DLA Description
DLA-50-1 file - security
Hi,
On Montag, 15. September 2014, Salvatore Bonaccorso wrote:
Hmm, would something wrapping around of the following work?
sounds like a good start...
Considering there might be more than one matching group in each line,
so the example holds only for a simplest case again :(
are there
control: tags -1 + pending
Hi,
see attached. This version also deals with several URLs in one note :)
It also works for all three recent examples of Salvatore.
cheers,
Holger
From 7b4ea6cc46ffc1a507d94c2a13ef3c27e3123031 Mon Sep 17 00:00:00 2001
From: Holger Levsen hol...@layer
Hi Salvatore,
On Montag, 15. September 2014, Salvatore Bonaccorso wrote:
https://security-tracker.debian.org/tracker/CVE-2011-2825
hmpf, that works for 1 out 3, the other 2 are detected as one :/
We only have a handfull of those, so: If you find a solution to catch
also these then good.
Hi,
updated patch attached.
cheers,
Holger
commit da14dc2780b7f3e3a1bde8cbd526eb271497fde2
Author: Holger Levsen hol...@layer-acht.org
Date: Sat Sep 13 02:02:42 2014 +0200
Display end-of-life information in the web view. (Closes: #642987)
diff --git a/bin/tracker_service.py b
control: tags -1 + pending
signature.asc
Description: This is a digitally signed message part.
package: tracker.debian.org
severity: wishlist
x-debbugs-cc: debian-security-tracker@lists.debian.org
Hi,
the information gathered in the security-tracker should be displayed in the
package tracker.d.o.
There is an interface for it, see
https://security-tracker.debian.org/tracker/data/pts/1
Hi,
we really need to refactor the codebase eventually ;-)
I've thought about treating backports as subrelease, but I've came to the
conclusion that would be wrong.
See attached.
cheers,
Holger
From aaee1f290a7d96f8dcdff412fd9207b0a5a77bc2 Mon Sep 17 00:00:00 2001
From: Holger
control: tags -1 + pending
# *lalala*
# preview in ssh://git.debian.org/git/collab-maint/secure-testing.git
# not yet merge ready though, but a nice preview
thanks
# mostly not my work, just very *lalala* :)
signature.asc
Description: This is a digitally signed message part.
!
Holger
From 1317d0e6a710195c3012f6b84afeebddfddfde20 Mon Sep 17 00:00:00 2001
From: Holger Levsen hol...@layer-acht.org
Date: Sun, 14 Sep 2014 22:36:54 +0200
Subject: [PATCH 1/4] tracker_service.py: add support for external css files
---
bin/tracker_service.css | 0
bin
on top. The reasoning because it has been
like this since always is not so convincing.
cheers,
Holger
cheers,
Holger
From 808d4d51b67cf8a756c3bfbd290c2ade2d8a Mon Sep 17 00:00:00 2001
From: Holger Levsen hol...@layer-acht.org
Date: Sat, 13 Sep 2014 01:47:11 +0200
Subject: [PATCH
Hi,
attached are three small no brainer fixes I'd like to apply, please confirm :)
cheers,
Holger
Index: lib/python/bugs.py
===
--- lib/python/bugs.py (Revision 28738)
+++ lib/python/bugs.py (Arbeitskopie)
@@ -886,8 +886,9
Hi,
On Freitag, 12. September 2014, Thijs Kinkhorst wrote:
Looks good to me.
I've commited these now.
Personally, I'd be fine with you just committing your stuff. People will
be looking at commit messages anyway. And in case of trouble things are
easily rolled back...
I could do that, but
Hi,
I think this is clearly a bugfix ;-) Please comment.
Both open and resolved issues will be inverse sorted, so that newest CVEs will
be on top of the list.
cheers,
Holger
commit dd7b75472e00cea9759eb6554decf26c6fe8eb11
Author: Holger Levsen hol...@layer-acht.org
Date: Sat Sep 13
Hi,
commit baa7d44e460efe2b24e7b029633701cd29986d0d
Author: Holger Levsen hol...@layer-acht.org
Date: Sat Sep 13 01:23:35 2014 +0200
Sort releases correctly in tabular view. (Closes: #742855)
diff --git a/lib/python/security_db.py b/lib/python/security_db.py
index 9a25ad6..8580d5b 100644
Hi,
commit b22f1ba0cd9499e716f7b729f546a98bd4950dda
Author: Holger Levsen hol...@layer-acht.org
Date: Sat Sep 13 01:47:11 2014 +0200
Display oldstable/stable security and olstable-lts repositories
in tabular view. (Closes: #742382)
diff --git a/bin/tracker_service.py b/bin
',
- 'partially-fixed', 'todo')),
+ 'partially-fixed', 'todo', 'end-of-life')),
I left it in for now.
commit 07399db5abecc0e5b79b70f2a0b47bb3519dabdd
Author: Holger Levsen hol...@layer-acht.org
Date: Sat Sep 13 02:02:42 2014 +0200
Display end
Hi,
On Mittwoch, 10. September 2014, Moritz Muehlenhoff wrote:
It's only that noone has come around to change this. But since you now
have experience with the code base... :-)
grummel, this seems to be true ;)
from what I've said on irc just now:
* | h01ger is happy to report that he has
Hi,
On Donnerstag, 11. September 2014, Holger Levsen wrote:
(oh, and it now just shows squeeze and squeeze-lts, as it would show wheezy
and wheezy-security if that were in source_packages... I'm tempted to debug
this now, but really need to do other stuff first :)
grummel. and so
1 - 100 of 136 matches
Mail list logo