what we'd need is a nagios check that tells us for a given host
whether its (security) mirror is current.
Stop by in #debian-admin on OFTC if you want to help.
Cheers,
--
| .''`. ** Debian **
Peter Palfrader | : :' : The universal
https://www.palf
s.debian.org/ (dsa-guest:*).
https://anonscm.debian.org/cgit/mirror/dsa-nagios.git/ has the nagios
config and checks.
--
| .''`. ** Debian **
Peter Palfrader | : :' : The universal
https://www.palfrader.org/ | `.
On Wed, 13 Apr 2016, Henrique de Moraes Holschuh wrote:
> On Wed, Apr 13, 2016, at 02:32, Peter Palfrader wrote:
> > There's also nothing inherently wrong with just having a single address
> > in an RRSet.
>
> It means a single point of failure for that region:
A desynch
[1]
https://anonscm.debian.org/cgit/mirror/dsa-mini-nag.git/tree/
also see
https://anonscm.debian.org/cgit/mirror/dsa-auto-dns.git/tree/
--
| .''`. ** Debian **
Peter Palfrader | : :' : The universal
https://www.palfrader.org/ | `. `' Oper
ning your issues (e.g., lack of IPv6
> connectivity)? Advising people to hard code security mirrors isn't the right
> solution.
There's also nothing inherently wrong with just having a single address
in an RRSet.
--
| .''`. ** Debi
We derotate mirrors regularly for maintenance work. We don't want
users to pick their security.d.o mirror.
--
| .''`. ** Debian **
Peter Palfrader | : :' : The universal
https://www.palfrader.org/ | `. `' Operating System
mirrors. In fact, we actively
discourage them. Don't use them.
--
| .''`. ** Debian **
Peter Palfrader | : :' : The universal
https://www.palfrader.org/ | `. `' Operating System
| `-https://www.debian.org/
may be
> causing other people issues as well - is anybody able to resolve
> this?
Thanks for the report. Fixed now, I think.
Cheers,
--
| .''`. ** Debian **
Peter Palfrader | : :' : The universal
https://www.palfrade
Hi,
we'd like to upgrade soler.d.o jessie shortly.
Any objections? Should we just do it and let you pick up the pieces, if
any, or would you rather stop by in #debian-admin on IRC to coordinate?
Cheers,
--
| .''`. ** Debian **
Peter Palfrader
syncing protocols.
--
| .''`. ** Debian **
Peter Palfrader | : :' : The universal
http://www.palfrader.org/ | `. `' Operating System
| `-http://www.debian.org/
--
To UNSUBSCRIBE, email to debian-security-requ
*.debian.org
wildcard from the cartell and spread it far and wide.
This actually *reduces* security, but it will stop people from
complaining. Win?
-- weasel
--
| .''`. ** Debian **
Peter Palfrader | : :' : The universal
http://www.palfrader.org
.
--
| .''`. ** Debian **
Peter Palfrader | : :' : The universal
http://www.palfrader.org/ | `. `' Operating System
| `-http://www.debian.org/
--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject
the security.debian.org infrastructure. The updates are
currently not available. We hope to resolve that soon.
Looks like all is well now.
Cheers,
--
| .''`. ** Debian GNU/Linux **
Peter Palfrader | : :' : The universal
http://www.palfrader.org
.
I'm sure the interested parties can butcher it for parts if they don't
want all it does (i.e. maybe not everyone wants the get_avail magic).
Cheers,
weasel
--
| .''`. ** Debian GNU/Linux **
Peter Palfrader | : :' : The universal
http
?
Not amused,
Peter
--
| .''`. ** Debian GNU/Linux **
Peter Palfrader | : :' : The universal
http://www.palfrader.org/ | `. `' Operating System
| `-http://www.debian.org/
--
To UNSUBSCRIBE, email to debian
**
Peter Palfrader | : :' : The universal
http://www.palfrader.org/ | `. `' Operating System
| `-http://www.debian.org/
--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact
On Sun, 08 Jun 2008, Jim Popovitch wrote:
I would think that neither of those cases immediately passes muster
with concerned security minded folks. And, just because you are OK
with it, it doesn't mean I have to be. ;-)
Clearly the people in charge are. Can we move on to relevant stuff now?
On Mon, 05 May 2008, Bernd Eckenfels wrote:
In article [EMAIL PROTECTED] you wrote:
Apropos. Is there a way to get that information from a vmlinuz file on
disk? Without booting it, that is.
Interesting enough my (somewhat older) file command does only print x86
boot sector, but I think
On Mon, 05 May 2008, Peter Palfrader wrote:
On Mon, 05 May 2008, Bernd Eckenfels wrote:
In article [EMAIL PROTECTED] you wrote:
Apropos. Is there a way to get that information from a vmlinuz file on
disk? Without booting it, that is.
Interesting enough my (somewhat older) file
On Sat, 03 May 2008, Dominic Hargreaves wrote:
cat /proc/version
will give you the full version of the booted kernel.
Apropos. Is there a way to get that information from a vmlinuz file on
disk? Without booting it, that is.
Peter
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a
On Mon, 05 May 2008, Bernd Eckenfels wrote:
In article [EMAIL PROTECTED] you wrote:
Apropos. Is there a way to get that information from a vmlinuz file on
disk? Without booting it, that is.
Interesting enough my (somewhat older) file command does only print x86
boot sector, but I think
On Thu, 24 Nov 2005, Patrick wrote:
I have an server running sshd on Sarge. I want all users to be able to
access the computer from within the internal network - but restrict
access from the internet (to users in a particular group). Can this be
achieved by combining the /etc/hosts.allow or
On Tue, 11 Oct 2005, Benjamin Maerte wrote:
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact
[EMAIL PROTECTED]
Learn to read the mails you're replying to, will you?
Peter
--
Gurer fubhyq or fbzr fbeg bs vagryyvtrapr grfg orsber lbh'er
On Mon, 19 Sep 2005, Florian Weimer wrote:
Is there a reason not to simply read the Precedence: list header
and simply not respond at all ?
Precedence: list is non-standard. Technically speaking,
RFC-compliant software should not use it. 8-/
That's not quite correct, software MAY use
Program
#
# Author: Peter Palfrader [EMAIL PROTECTED]
#
# TODO: the different uucp subsystems should really be in different domains
# uucico, cu, uuxqt, rmail, rnews etc
#
# This policy file only allows my most basic mail usage
# the configuration uses an ssh port and postfix's rmail
# Type
On Tue, 02 Dec 2003, Russell Coker wrote:
On Tue, 2 Dec 2003 18:32, Peter Palfrader [EMAIL PROTECTED] wrote:
There is currently no uucp policy (it seems that no SE Linux users are
using it).
I have one, but it does only allow what I need for uucp, which is
certainly just a small
Hi Christian!
On Wed, 27 Dec 2000, Christian Kurz wrote:
You probably misconfigured your mutt.
No, I mixed up Mail-Followup-To and Mail-Copies-To. Now this mail has
the correct "Mail-Copies-To: never", which means that I don't want any
copies of the answers.
Your mail followup2 header
Hi Christian!
On Wed, 27 Dec 2000, Christian Kurz wrote:
On 00-12-27 David Wright wrote:
Quoting Christian Kurz ([EMAIL PROTECTED]):
[ Stop sending me unnecessary Ccs.]
| Date: Tue, 26 Dec 2000 16:02:30 +0100
| From: Christian Kurz [EMAIL PROTECTED]
| To:
Hi Michael!
On Fri, 03 Nov 2000, Michael Meskes wrote:
On Thu, Nov 02, 2000 at 01:17:21PM +0100, Peter Palfrader wrote:
It is. For a (not so) small set of hosts. Assuming your box is 62.1.2.3 you
will be an open relay for the entire _class_A_ net 62.
Unfortunately not just
Hi!
On Thu, 02 Nov 2000, Borut Mrak wrote:
On Thu, Nov 02, 2000 at 02:24:36AM -0900, Ethan Benson wrote:
so my question now is postfix a open relay by default or not?
No.
It is. For a (not so) small set of hosts. Assuming your box is 62.1.2.3 you
will be an open relay for the entire
Hi Ethan!
On Thu, 02 Nov 2000, Ethan Benson wrote:
If you do not set mynetworks postfix guesses it from the interfaces and allows
all hosts on the classful subnets of those interfaces to relay through you.
ah! i see didn't think of that one... so you need to specify
mynetworks with the
Hi!
On Thu, 02 Nov 2000, Borut Mrak wrote:
On Thu, Nov 02, 2000 at 02:24:36AM -0900, Ethan Benson wrote:
so my question now is postfix a open relay by default or not?
No.
It is. For a (not so) small set of hosts. Assuming your box is 62.1.2.3 you
will be an open relay for the entire
Hi Ethan!
On Thu, 02 Nov 2000, Ethan Benson wrote:
If you do not set mynetworks postfix guesses it from the interfaces and
allows
all hosts on the classful subnets of those interfaces to relay through you.
ah! i see didn't think of that one... so you need to specify
mynetworks with
Hi David!
On Tue, 26 Sep 2000, David Wright wrote:
Quoting Simon Huggins ([EMAIL PROTECTED]):
There used to be an annoying dependency that stopped portmap being
removed at all. I think this has gone now (*removes portmap*) yep, but
the policy of Debian IMHO wrt open ports/daemons
Hi Alexander!
On Mon, 25 Sep 2000, Alexander Hvostov wrote:
Mo,
Red Hat security is always lousy ;)
Unlike Red Hat, Debian gets security bugs and such fixed in a timely
manner, especially if you are using the current `unstable' distribution
(which is presently `woody'); `at' should be
Hi David!
On Tue, 26 Sep 2000, David Wright wrote:
Quoting Simon Huggins ([EMAIL PROTECTED]):
There used to be an annoying dependency that stopped portmap being
removed at all. I think this has gone now (*removes portmap*) yep, but
the policy of Debian IMHO wrt open ports/daemons
Hi Carlos, Hi List!
On Tue, 19 Sep 2000, Carlos Carvalho wrote:
Lots of people are replying about the advantages/disadvantages of
using ssh **OR** otp. I fully agree; in fact I installed both here.
What I said is that it's nonsense to use ssh **AND** otp at the same
time, for the same
Hi Carlos, Hi List!
On Tue, 19 Sep 2000, Carlos Carvalho wrote:
Lots of people are replying about the advantages/disadvantages of
using ssh **OR** otp. I fully agree; in fact I installed both here.
What I said is that it's nonsense to use ssh **AND** otp at the same
time, for the same
Hi,
I just set up libpam-opie and it works quite well from the console as
well as with ssh. Unfortunatly it does not show wich OTPasswd it expects
with ssh login but this is another story.
In order to get it working I had to change /etc/pam.d/ssh from:
| auth required pam_nologin.so
|
Hi,
I just set up libpam-opie and it works quite well from the console as
well as with ssh. Unfortunatly it does not show wich OTPasswd it expects
with ssh login but this is another story.
In order to get it working I had to change /etc/pam.d/ssh from:
| auth required pam_nologin.so
|
Hi Steve!
On Mon, 11 Sep 2000, Steve wrote:
# losetup -e serpent /dev/loop0 cryptfile
Unsupported encryption type serpent
My feeling is that the versions of the binaries for util-linux are not
patched to handle crypto. However, I installed from the non-US disks
(ala
Hi Pollywog!
On Sun, 30 Apr 2000, Pollywog wrote:
Where does one get the extensions?
You'll find it at your local gpg mirror.
e.g:
http://gd.tuwien.ac.at/privacy/gnupg/contrib/
You want {idea,rsa{,ref}}.c
Don't forget to put
load-extension idea
load-extension rsa
into your
Hi Pollywog!
mutt thinks:
[-- PGP output follows (current time: Sun Apr 30 03:33:11 2000) --]
gpg: Signature made Sun Apr 30 02:17:24 2000 CEST using DSA key ID 2C447AFC
gpg: BAD signature from Ethan R. Benson [EMAIL PROTECTED]
[-- End of PGP output --]
What might be the reason?
On Sun, 30
Hi Pollywog!
mutt thinks:
[-- PGP output follows (current time: Sun Apr 30 03:33:11 2000) --]
gpg: Signature made Sun Apr 30 02:17:24 2000 CEST using DSA key ID 2C447AFC
gpg: BAD signature from Ethan R. Benson [EMAIL PROTECTED]
[-- End of PGP output --]
Argl. I really should read more
Hi Ethan!
On Sat, 29 Apr 2000, Ethan Benson wrote:
mutt thinks:
[-- PGP output follows (current time: Sun Apr 30 03:33:11 2000) --]
gpg: Signature made Sun Apr 30 02:17:24 2000 CEST using DSA key ID
2C447AFC
gpg: BAD signature from Ethan R. Benson [EMAIL PROTECTED]
[-- End of
Hi Brian!
On Sun, 30 Apr 2000, Brian May wrote:
Peter == Peter Palfrader [EMAIL PROTECTED] writes:
Peter Pollywog, you really should not include signatures of other
Peter mails in replies :)
but that mail was PGP/MIME formatted. So I don't think it is quite as simple
as what you
Hi Jure!
On Tue, 02 May 2000, Jure Mercun wrote:
I don't have a lot of experiences with
PGP and GPG but it seems that PGP doesn't
recognize GPG's keys and vice versa. Is
there some way, to make a key that would
work on both?
GPG cannot handle RSA keys (pgp 2.6.x) out of the box. Install
47 matches
Mail list logo