On Sat, 2023-07-22 at 17:45 +0200, Hannes von Haugwitz wrote:
> What about to add a warning to apt if *-security or *-updates is
> configured in the sources list and `APT::Default-Release` is set but
> does not match the security or updates repo?
That seems like the right solution here, please
On Fri, 2023-07-21 at 11:04 +0200, Daniel Gröber wrote:
> Do you have any references on how this decision came to be?
I think it was about making the suite naming more intuitive, consistent
with other suites and possibly also some dak implementation concerns.
> One mention I found is in Raphaël
On Thu, 2023-07-20 at 22:12 +0200, Daniel Gröber wrote:
> It seems packages from the debian-security repository are not affected by
> this increased priority and will not get intalled as a result.
This was documented in the release notes for Debian bullseye:
Dear readers,
The bookworm release is in it's final stages. Please expect the release
to happen in several hours from now which means that updates of systems
will see new metadata, e.g. switching bullseye from stable to oldstable.
On behalve of the Release Team.
Paul
OpenPGP_signature
versions and dates. Is that all?
Paul
Current version jumping straight to the security section:
https://www.debian.org/releases/testing/amd64/release-notes/ch-information.en.html#limited-security-support
or the source:
https://salsa.debian.org/ddp-team/release-notes/
OpenPGP_signature
Description
, or even backports.
Obviously that will only be solved if it's more used (and/or if
eventually it can be moved to the debian.org namespace.) But indeed.
Paul
OpenPGP_signature
Description: OpenPGP digital signature
supportable, let's keep it out of stable. I guess
fasttrack [1] is currently the best forum to supply
singularity-container to our users.
Paul
[1] https://fasttrack.debian.net/
OpenPGP_signature
Description: OpenPGP digital signature
On Fri, 2022-09-09 at 22:41 +0200, Ola Lundqvist wrote:
> I see that I was not clear what I meant with "in general" :-)
Woops, sorry for the noise :)
> Here I found how the generic source code looks like:
> https://rubydoc.info/gems/thin/1.3.1/Thin%2FBackends%2FUnixServer:connect
>
> You can
On Mon, 2022-09-05 at 21:38 +0200, Ola Lundqvist wrote:
> I agree that it is good to fix the pcs package, but shouldn't we fix
> the default umask in general?
> I would argue that the default umask is insecure.
bookworm login sets new user home directories to secure permissions:
$ grep -E
On Tue, 2022-05-24 at 16:27 +0100, piorunz wrote:
> Important note: Disabling bullseye-updates is actually causing
> point-release updates to be delivered on one, predetermined date,
> bundled all together. By disabling this entry you still get them all,
> but in controlled fashion, you are not
On Tue, 2022-04-12 at 05:59 +0200, Friedhelm Waitzmann wrote:
> And if it is indeed possible, how can I switch from i386 to
> amd64? Can this be done with the apt tools? Then during the
> migrating some packages will be from amd64 already while others
> will be still i386. How does that go
STIGs are maintained by DISA, not by Debian
Paul
On Wed, Mar 2, 2022 at 9:42 AM Stephanie Hall wrote:
> Good morning,
>
> Do you have an excel version of a STIG for Debian 9 & 10 that you would be
> willing to share?
>
> Thank you in advance!
>
> --
>
> Step
On Fri, 2022-01-28 at 20:23 +, Zoom Video Communications wrote:
> if a critical CVE is discovered at some point after we release, it’s
> best not to publish which specific Zoom client version contains the
> vulnerability, as that essentially gives a roadmap to exploitation
> for hackers.
On Tue, 2022-01-11 at 11:20 +, Neil Williams wrote:
> I might need to brush up on my Perl and make a patch for lintian which
> downloads the sec tracker JSON and checks the CVE list in the .changes
> file - warnings from lintian are more likely to get fixed prior to
> upload. Depends if you
On Thu, 2021-12-30 at 11:04 -0500, Silas Cutler wrote:
> I'd also like to see information on both how to submit
> vulnerabilities as well as how to contribute to getting them fixed.
These are addressed in the FAQ:
https://www.debian.org/security/faq#discover
On Tue, 2021-12-28 at 19:46 +0100, max wrote:
> Debian's security updates are created by volunteers working in their
> spare time. Some packages may receive more attention than others. To
> view the current list of known unfixed vulnerabilities see
>
Package: security-tracker
Severity: wishlist
It would be nice to include some more information in page titles, so
that records of those page titles in search engine results, browser
tabs and browser history are more useful to visitors to the site.
Here are examples of the potential changes that
On Sat, Jul 3, 2021 at 9:31 PM Salvatore Bonaccorso wrote:
> I have pushed
> https://salsa.debian.org/webmaster-team/webwml/-/commit/4ca2253325130f7e96bf2644d31cf5a95fdf7bcc
Note that updating translations at the same time as the English page
causes more work for the translation teams, who have
On Tue, May 11, 2021 at 11:12 PM Andrew Bartlett wrote:
> I'm keen to discuss the thought process behind a number of the no-dsa
> flags on Samba security releases. Does this list reach those involved
> in that, or is this more a general 'interest in security' list?
It tends to be more of a
On Tue, Mar 16, 2021 at 4:42 AM Gunnar Wolf wrote:
> Thank you for your offer. The Debian project is not interested in this
> kind of collaboration.
That was clearly a spammer, best get listmasters to ban them rather
than responding.
--
bye,
pabs
https://wiki.debian.org/PaulWise
On Tue, Oct 13, 2020 at 7:14 AM Knieling, Christian (IANM) wrote:
> I don't know if this messages reaches the right persons, but someone may
> forward it. You may at least remove the files which are accessible on
> paste.debian.net.
I forwarded this to the paste.d.n admin and they removed them.
On Fri, May 1, 2020 at 7:12 PM Rebecca N. Palmer wrote:
> Around 200 packages [0] include upstream scripts that download code via
> (non-secure) http, then run it without an integrity check.
A lot of these appear to be in documentation, dependency installation
scripts (such as in docker) or
On Fri, May 1, 2020 at 8:18 PM Rebecca N. Palmer wrote:
> This is already policy (and enforced by blocking network access) for
> official Debian package builds: dependencies must be installed by the
> package manager, not the build script.
Correction: the debian.org buildds do not at this time
On Wed, Apr 1, 2020 at 6:01 PM vi...@vheuser.com wrote:
> Did the discussion of continuing support for DANE end??
In case I mislead anyone, a clarification:
Debian itself isn't going to actively work on removing support for
DANE from anything nor removing our DANE/DNSSEC records.
Support for
On Tue, 2020-03-24 at 15:48 +0100, Elmar Stellnberger wrote:
> I hope this is gonna happen anytime soon. DANE and thus a valid TLSA
> record is of very high value and importance for getting a genuine
> download of Debian. As I have mentioned before downloads via Tor can be
> spoofed like my
On Tue, Mar 24, 2020 at 3:33 AM Paul Wise wrote:
> I've forwarded this to the Debian sysadmins IRC channel. I think it is
> related to the fact that the cdimage.d.o server is not managed by the
> Debian sysadmins, so the UMU ACC admins probably used Lets Encrypt to
> get certs, and th
On Mon, Mar 23, 2020 at 4:00 PM Elmar Stellnberger wrote:
> The only site which is still making problems is cdimage.debian.org.
> Could any good Christ from the Debian community have a look at this
> issue. The server maintainers would need to complain about the rogue cert!
I've forwarded this
On Sat, Mar 7, 2020 at 9:30 AM Russell Coker wrote:
> I think it would be good to have a package for improving system security.
...
> What do you think about this idea?
There are a number of other tools for this sort of thing already,
usually they get written and become outdated at some point
On Sun, Jan 19, 2020 at 3:05 AM Dmitry Smirnov wrote:
> It might be nice to add "cvedetails.com" to CVE Source links.
> https://www.cvedetails.com/cve/CVE-2019-13072/
This doesn't appear to add any details that aren't on Mitre:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13072
--
On Wed, 2020-01-01 at 10:29 +0100, Elmar Stellnberger wrote:
>Up to now I did not see any notable effort to support malware reverse
> engineering under Linux. The only program I knew was boomerang for
> decompiling malware but it seems to be unsupported since long. I would
> really be in
On Wed, Jan 1, 2020 at 1:00 PM Florian Weimer wrote:
> Doesn't lintian on ftp-master use disposable VMs?
No mention of qemu/kvm in dak.git nor any qemu processes running on
ftp-master.d.o, so I don't think so.
> Some of its checks look inherently dangerous, e.g. the bash -n check for
> shell
On Tue, Dec 31, 2019 at 9:47 AM Florian Weimer wrote:
> BFD and binutils have not been designed to process untrusted data.
> Usually, this does not matter at all. For example, no security
> boundary is crossed when linking object files that have been just been
> compiled.
There are definitely
On Tue, Nov 19, 2019 at 7:30 PM Georgi Guninski wrote:
> * What do linux vendors to avoid malicious packages?
Some folks do audits of changes to upstream code, some folks run
static analysis tools on upstream code.
> * As end user what can I do to mitigate malicious packages?
Compartmentalise
On Mon, Nov 4, 2019 at 7:57 AM Lindsey Lassen wrote:
> Hello, I am unsure if I am contacting the correct department for my concern.
> I have had your open source software added on my cell phone and I have never
> authorized your company nor anyone else for that matter. It would be a great
>
On Sun, Oct 27, 2019 at 05:05:44PM -0400, Craig wrote:
>Can you get grub to appear? If you can an easy way to get in
>
>Go to the end of the line with options and add to the end I think
>shell=/bin/sh
`init=/bin/sh` is what you're thinking of, but it won't work here,
since the drive
On Sun, 2019-10-27 at 10:24 +0330, Mostaf Faridi wrote:
> After type password several times. Busybox boot.
> Can busybox solve this problem?
That sounds like an initramfs shell, which isn't helpful here.
You will need to boot a Debian live image, install bruteforce-luks and
then try to crack the
On Sat, Oct 26, 2019 at 8:51 PM Mostaf Faridi wrote:
> I installed Debian on HDD with encryption two years ago and when Debian want
> boot need password.
> I forgot that password.
> Do I have chance for recover my Data?
If you remember some part of your password it might be possible to use
the
On Tue, Sep 17, 2019 at 11:48 PM Alexandros Toptsoglou wrote:
> Could you please change this and from now on point to SUSE bugs using
> bugzilla.suse.com which is the correct and basically the one that we
> always reference?
I've made a commit changing all bugzilla.novell.com references to
quot;. But all those aspects are a
> relatively minor detail IMO.
in the discussion that Pirate had with the backports masters, it was my
interpretation that they didn't like it.
Paul
signature.asc
Description: OpenPGP digital signature
On Tue, Aug 13, 2019 at 3:30 PM Rebecca N. Palmer wrote:
> but at least some USB flash drives instead use an SCSI command [1],
> which usbguard won't catch.
This seems like a significant missing feature, but I guess it would
require a fair bit of Linux kernel work to support filtering such
On Wed, Mar 13, 2019 at 11:00 AM Paul Wise wrote:
> Debian 10 buster will ship with secure boot support and I seem to
> remember that there are plans to backport that to Debian 9 stretch.
PS: if you would like to test this, details are here:
https://wiki.debian.org/SecureBoot/Testing
-
On Wed, Mar 13, 2019 at 7:00 AM Matthew Crews wrote:
> On 3/12/19 5:37 AM, Srinivas Rao wrote:
> > could you please tell me , secure boot is available in Debian 9 stretch
> > or not ?
>
> It is not.
Debian 10 buster will ship with secure boot support and I seem to
remember that there are plans to
On Fri, Jan 18, 2019 at 1:55 PM Reed Black wrote:
> To answer my own question, after PHP 5.5 the easter egg was removed already.
So the issue would only be present in wheezy. I guess the ELTS folks
might like to disable them.
--
bye,
pabs
https://wiki.debian.org/PaulWise
On Fri, Jan 18, 2019 at 2:00 AM Reed Black wrote:
> PHP includes an easter egg. On any PHP page, one can add any of these after
> the .php part of the path in order to display special results:
I can't seem to reproduce this with Debian's PHP pages, I wonder if it
is already disabled by default:
On Tue, 2018-12-04 at 21:34 +0100, Ruslanas Gžibovskis wrote:
> Paul Wise, what help is needed? I would like to commit, but not sure
> how, never done that, but would LOVE TO! Could you guide?
Check the pages I mentioned and look through each of them, there should
be enough documen
On Mon, Dec 3, 2018 at 7:10 PM Jérôme Bardot wrote:
> Why debian is not more harden by default ?
We need more people who are interested in working on this topic, some
links for anyone who is interested in contributing:
https://security-tracker.debian.org/tracker/data/report
On Wed, Nov 7, 2018 at 6:28 AM Moritz Mühlenhoff wrote:
> E.g. your specific example of busybox/CVE-2011-5325 is fixed in the
> upcoming stretch point release.
I noticed that this isn't reflected in the security tracker website
but it is in data/next-point-update.txt.
If anyone wants to get
On Tue, Nov 6, 2018 at 7:01 PM Holger Levsen wrote:
> is there a bug or wiki page describing the issues/requirements for that and
> what has been tried / the status?
Woops, I should have included that in the mail:
Bug#908678: security-tracker - Breaks salsa.d.o
https://bugs.debian.org/908678
On Mon, 2018-11-05 at 20:52 -0600, John Goerzen wrote:
> That is good advice, thanks. I've been a DD for a long while, but it's
> been awhile (years) since I've been involved in the security process and
> wasn't quite sure what the flow was anymore.
It is still mostly the same but the security
On Mon, Nov 5, 2018 at 10:29 PM John Goerzen wrote:
> Hi folks,
FTR, in case you were trying to contact the Debian Security Team
directly I suggest using secur...@debian.org or
t...@security.debian.org instead, debian-security is more of a general
security discussion list than a Debian Security
On Tue, Oct 23, 2018 at 12:33 AM bo0od wrote:
> yay! , yeah it worked thx alot :)
In addition, we have some Tor-based Onion services available:
https://onion.debian.org/
PS: this mailing list is about the security-tracker.debian.org site,
not about Debian mirrors or their security so please
On Thu, Sep 13, 2018 at 7:37 PM, Salvatore Bonaccorso wrote:
> Do you have any hints at us on what we could look at to faciliate/help
> more salsa maintainers?
I think I read on IRC that the main thing is that the design of git is
not optimised for having large and growing files that change on
On Sat, Sep 1, 2018 at 5:53 PM, Holger Levsen wrote:
> On Sat, Sep 01, 2018 at 12:43:58PM +0800, Paul Wise wrote:
>> > So, I always go to [1] with my web browser, copy the URL of the .dsc file
>> > and then dget that .dsc file.
>> This misses out verifying apt si
On Sat, Sep 1, 2018 at 5:48 AM, Mike Gabriel wrote:
> when working for the LTS team, I regularly need to download source packages
> from the LTS version of Debian. My development machine normally runs a newer
> Debian version, having deb-src URLs for Debian LTS in sources.list is
> possible but
On Thu, Aug 16, 2018 at 8:50 AM, shirish शिरीष wrote:
> First of all thank you for the whole team for keeping Debian as secure
> as the people on the team do to keep Debian free from controversy ( at
> least from the security viewpoint) .
A few clarifications:
debian-security@lists.debian.org
Source: python-arrow
Version: 0.12.1-1
Severity: serious
Control: affects -1 src:python-jsonext
Control: affects -1 src:rekall
User: debian...@lists.debian.org
Usertags: breaks
On 08-05-18 13:28, Paul Gevers wrote:
> Dear maintainers,
>
> [This e-mail is automatically sent. V1
Resent again because the original e-mail bounced for the Debian Forensic
team and the second address I got was wrong.
On 08-05-18 13:28, Paul Gevers wrote:
> Dear maintainers,
>
> [This e-mail is automatically sent. V1 (20180508)]
>
> As recently announced [1] Debian is now runni
On Thu, May 3, 2018 at 4:53 PM, richard lucassen wrote:
> There is also an big increase in time before random is initialized:
...
> One of the consequences is that openntpd (or a program like
> rdate) hangs until the crng is initialized.
What do these two programs require entropy for?
--
bye,
On Mon, 2018-04-23 at 22:17 +0200, Julien Muchembled wrote:
> I suggest to update embedded-code-copies because this package forks
> the 'pickle' modules of Python 2.7.6 and 3.3.2
> python2.7
> - zodbpickle (embed)
> NOTE: embeds stdlib modules: pickle, cpickle
>
> I am
On Thu, 2018-01-25 at 11:05 -0500, Antoine Beaupré wrote:
> I'm not sure what to say to nodesecurity.io folks
I've already contacted them multiple times in 2014 and once in 2016,
about incorporating CVEs into their workflow. The responses were
positive but didn't result in much change, except
Transform the given identifier to a standard one and
redirect to the standard form if it is in the database:
* convert spaces to dashes
* convert lowercase to uppercase
---
bin/tracker_service.py | 21 -
1 file changed, 12 insertions(+), 9 deletions(-)
diff --git
On Fri, Jan 12, 2018 at 4:59 PM, Mattia Dorigatti wrote:
> I have a question. Why do the security tracker sites have the
> X-Frame-Options:sameorigin header set? Because I've wanted to keep an eye on
> some CVEs I've created a simple html site with three iframes and the refresh
> meta tag so
On Sat, Dec 2, 2017 at 7:15 PM, Davide Prina wrote:
> If I don't mistake the automatic package build system don't require that the
> source signature is verified correctly.
To clarify what Adam said; there are two times where source package
verification can happen during builds. The first is
On Thu, 2017-11-09 at 11:30 +0100, Marek Sebera wrote:
> Is this up-to-date repository or manually synced mirror?
Neither, it is a pair of CDNs, hosted by Fastly and Amazon, although
only the Amazon CDN supports https.
> Also note I had to set ... as trused in system certificates
Normally it
On Thu, Nov 9, 2017 at 5:57 PM, Marek Sebera wrote:
> Thank you for support, so is the https enabled repository coming up?
One of the CDNs backing deb.d.o supports https, see the last para here:
http://deb.debian.org/
--
bye,
pabs
https://wiki.debian.org/PaulWise
On Thu, Oct 26, 2017 at 4:43 PM, Marek Sebera wrote:
> please advise, is there any repository, that is both official mirror of
> security.debian.org and enabled with SSL (HTTPS) access?
One of the CDNs backing deb.d.o supports https, see the last para here:
http://deb.debian.org/
--
bye,
pabs
On Sun, Sep 3, 2017 at 9:17 AM, x9p wrote:
> the differences between both files doesn't look that much (vimdiff on xxd
> output below), just wondering what might have caused such differences
> between the same kernel module, from the same package, same distribution.
A better tool to compare
On Thu, Jun 29, 2017 at 6:19 PM, Samson wrote:
> I'm Samson-W, the "Captain" of the STIG-4-DEBIAN project in the
> HardenedLinux community. We basically implemented the similar functions of
> STIG RHEL-07 v1r1 to Debian 9. The project is located at github at:
>
On Mon, Jun 12, 2017 at 3:37 AM, Salvatore Bonaccorso wrote:
> I'm attaching the *preliminary* set of changes which I plan to
> activate once stretch is released.
Wow, there really is a horribly large amount of hard-coding of things
that should be fetched from the archive instead. I've added a
On Sat, May 27, 2017 at 5:06 PM, Chris Lamb wrote:
> Can you briefly explain what changes you are refering to?
If appropriate, please document the hard-coding here too:
https://wiki.debian.org/SuitesAndReposExtension
--
bye,
pabs
https://wiki.debian.org/PaulWise
On Sun, Jan 15, 2017 at 1:41 PM, Tea Wrex wrote:
> I am unable to make HTTPS connections to https://security.debian.org/
security.d.o has never supported https. Some of the machines behind it
also host other services, some of which support https, which is why
you get certificate errors.
--
On Fri, Dec 16, 2016 at 4:33 AM, Patrick Schleizer wrote:
> Is it possible to disable InRelease processing by apt-get?
The answer from #debian-apt is that there is no setting for this.
Your options are:
Use an intercepting proxy that replies with 404 to InRelease files.
Do an apt update to
On Wed, 2016-11-09 at 16:17 +0100, W. Martin Borgert wrote:
> Would NEWS.Debian be sufficient?
My intuition says that there are users who don't have apt-listchanges
installed or don't read the NEWS files. The most likely place folks
will see the notification is in the UI of the malware package
On Mon, Oct 24, 2016 at 9:02 PM, Omar Abu Ajamieh wrote:
> i have multiple Debian servers with this kernel version ( 3.2.0-4-amd64 #1
> SMP Debian 3.2.63-2 ) and i’m trying to fix the CVE-2016-5195 on it ,so
> could please help me in how i can determine if my server is vulnerable or
> not and
On Sun, Oct 2, 2016 at 7:28 PM, jm33_m0 wrote:
> What the hell...
Please don't reply to spam nor quote it.
--
bye,
pabs
https://wiki.debian.org/PaulWise
On Tue, Sep 6, 2016 at 7:32 AM, Raúl Cuza wrote:
> Is there a web link with this info?
https://www.debian.org/security/2016/dsa-3660 (not yet online)
https://security-tracker.debian.org/tracker/DSA-3660-1
--
bye,
pabs
https://wiki.debian.org/PaulWise
On Fri, Sep 2, 2016 at 5:59 PM, Ivan Vasylivskyi wrote:
> Why some vulnerabilities listed by Ubuntu Security Tracker which are public
> and populated marked as RESERVED on mitre.org ?
This mailing list is for the Debian Security Tracker, not the Ubuntu
security tracker.
A lot of the time the
On Tue, Aug 16, 2016 at 2:42 AM, Sam Morris wrote:
> And if you like the article, consider subscribing to LWN!
Especially since they are in need of new subscribers:
https://lwn.net/Articles/696017/
> I'm pretty sure there's a group membership available to all DDs anyway.
That is for both
On Wed, Aug 3, 2016 at 8:29 AM, Nick Boyce wrote:
> I have emailed the maintainer (Bart Martens, at his debian.org address)
> twice about this (30th.July and 1st.Aug), but there has been no reply as
> yet. Do I need to post to the bug report Francesco mentioned:
>
On Tue, Aug 2, 2016 at 11:27 PM, donoban wrote:
> Not so world-writable:
> "Account creation failed: Due to an ongoing spam attack, this wiki is
> configured to not automatically create wiki accounts for some users.
> Please contact w...@debian.org first if you wish to create an account,
> and
Yeah.
https://twitter.com/CVaillance/status/752613020325425153
Either a solid troll, keeping this up as a 24/7 persona, or isn't there,
mentally.
Please stop responding.
On Jul 16, 2016 10:25 AM, "Jakub Wilk" wrote:
> * Kyle Lussier , 2016-07-16,
Am 2016-07-02 um 15:00 schrieb Edgar Pettijohn:
Can we remove Jung from the list. This is quite annoying.
Sent from my iPhone
I'd appreciate it if someone who is responsible for the
debian-security-announcements mailing list could care for bug #821113 [1].
The amount of auto-responder spam
On Thu, Jun 9, 2016 at 5:50 PM, Joel Rees wrote:
> Can I suggest to those who responded to these that kneejerk reactions
> aren't useful?
The people who got the spam with a spoofed address are unlikely to be
subscribed to this list.
> FTR, we assume that someone was spoofing luciano's email
On Sat, May 21, 2016 at 1:34 PM, Ralph Sanchez wrote:
> I was just wandering, as what Ive read thus far doesn't explicitly
> say, when you configure encryption during the install, does that
> implement LUKS or must that be done after wards during normal use??>
It uses LUKS, you can read more
On Fri, May 20, 2016 at 12:42 AM, Paul Wise wrote:
> Debian probably needs a privacy team to audit all packages that send
> data to the network and develop mitigation, configuration or patches
> to counter these.
Looks like there are a few related teams but they are mostly about tool
On Wed, May 18, 2016 at 11:50 PM, Patrick Schleizer wrote:
> Hello we are a privacy-centric distro based on Debian and wanted to know
> what Debian packages leak information about the system to the network
> without a user's consent/expectation.
Debian probably needs a privacy team to audit all
On Thu, May 19, 2016 at 7:56 AM, georg wrote:
> On 16-05-18 16:54:27, Holger Levsen wrote:
>> gnome-calculator contacts a web page/service with currency exchange
>> information *on every start*,
>
> Is this "publicly" known? Is this discussed with the upstream devs?
On Wed, May 18, 2016 at 9:20 PM, Daniel Pocock wrote:
> Can anybody comment on how Debian users will be impacted by SHA-1
> deprecation?
There is some info related to that in these two wiki pages:
https://wiki.debian.org/SHA-1
https://wiki.debian.org/Teams/Apt/Sha1Removal
--
bye,
pabs
On Mon, May 16, 2016 at 5:17 AM, Sascha Steinbiss wrote:
> as the maintainer, I’d like to let you know the package ‘icdiff’ (new in
> unstable) contains a modified fork of Python’s difflib code. According to
> upstream, it’s "based on Python's difflib.HtmlDiff, with changes to provide
>
On Fri, May 13, 2016 at 8:12 PM, Elmar Stellnberger wrote:
> Hi! Would anyone mind to re-post the following bug reports at
> https://savannah.gnu.org/bugs/?
That URL gives a 404 message.
> * https://debbugs.gnu.org/cgi/bugreport.cgi?bug=23498
> *
On Mon, Mar 28, 2016 at 10:34 PM, Andrew Deck wrote:
> On a related note, does anyone know what happened to OSF and the OSVDB?
> There still seem to be blog updates, but I remember OSVDB having a web
> UI, and the OSF website seems to be down.
They have officially closed the OSVDB site:
On Mon, Mar 28, 2016 at 10:34 PM, Andrew Deck wrote:
> On a related note, does anyone know what happened to OSF and the OSVDB?
> There still seem to be blog updates, but I remember OSVDB having a web
> UI, and the OSF website seems to be down.
They have officially closed the OSVDB site:
Unsubscribe please
On 26 Apr 2016 10:28 pm, "Moritz Muehlenhoff" wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> - -
> Debian Security Advisory DSA-3558-1 secur...@debian.org
On Mon, Apr 25, 2016 at 6:28 PM, Davide Prina wrote:
> I think this is a very bad solution.
..
> I think the actual policy is the best one.
Debian already uses RBLs to block spam from the lists, another one
wouldn't be anything new.
--
bye,
pabs
https://wiki.debian.org/PaulWise
On Fri, Apr 22, 2016 at 6:14 PM, SZÉPE Viktor wrote:
> Please consider using http://psky.me/ to keep spam out of the list.
The people running the Debian lists can be contacted here:
https://www.debian.org/MailingLists/#maintenance
I've forwarded your suggestion to them.
--
bye,
pabs
On Fri, Apr 22, 2016 at 6:56 AM, james robinson wrote:
> Oooo
Please do not reply to spam and especially do not quote spam in your own mails.
The from address in the spam you received was obviously forged. Press
the junk button in your MUA and move on.
--
bye,
pabs
On Fri, Apr 15, 2016 at 2:40 AM, jack wrote:
> Has this subscriber (list-abuser) been de-listed and banned, or do I
> need to take action on my own behalf?
Please do not reply to spam and especially do not quote spam in your own mails.
To report spam on the mailing lists, please click the
On Thu, Apr 14, 2016 at 6:03 PM, Vladislav Kurz wrote:
> I have noticed that samba-common-bin now depends on samba. It didn't before
> the upgrade. Is there any special reason for that? I just need nmblookup on
> some servers (and smbclient/cifs) but not the server package.
This has been fixed
On Wed, Apr 6, 2016 at 2:08 AM, donoban wrote:
> Of course I would like to help
Some links to ways you can help with Debian security:
https://security-tracker.debian.org/tracker/data/report
https://www.debian.org/security/audit/
Thanks!
Paul
On Thu, Mar 31, 2016 at 11:07 AM, DANIEL ROMO <danielromogar...@gmail.com>
wrote:
> mv tiffanyryan2...@gmail.com /dev/null
>
> 2016-03-31 9:42 GMT-05:00 Tiffany Ryan <tiffanyryan2...@gmail.com>:
>
>> Please remove my email from you system
&
1 - 100 of 412 matches
Mail list logo