Hi, I'm responding to myself because I'd a look to this link : http://ubuntuforums.org/showthread.php?p=4813109#post4813109 and it's good.
Phg 2008/7/25 <[EMAIL PROTECTED]>: > Send ubuntu-server mailing list submissions to > [email protected] > > To subscribe or unsubscribe via the World Wide Web, visit > https://lists.ubuntu.com/mailman/listinfo/ubuntu-server > or, via email, send a message with subject or body 'help' to > [EMAIL PROTECTED] > > You can reach the person managing the list at > [EMAIL PROTECTED] > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of ubuntu-server digest..." > > > Today's Topics: > > 1. Re: Server Team 20080722 meeting minutes (Ante Karamatic) > 2. Re: Server Team 20080722 meeting minutes (Soren Hansen) > 3. Re: Server Team 20080722 meeting minutes (Etienne Goyer) > 4. Re: SSLv2 - do we really need it? (Michael Casadevall) > 5. Re: Server Team 20080722 meeting minutes (Steve Langasek) > 6. Re: SSLv2 - do we really need it? (Scott Kitterman) > 7. Re: Server Team 20080722 meeting minutes (David Portwood) > 8. Re: Server Team 20080722 meeting minutes (Soren Hansen) > 9. How to change the kernel (Philippe Gayot) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Thu, 24 Jul 2008 13:09:39 +0200 > From: Ante Karamatic <[EMAIL PROTECTED]> > Subject: Re: Server Team 20080722 meeting minutes > To: [EMAIL PROTECTED] > Cc: [email protected] > Message-ID: <[EMAIL PROTECTED]> > Content-Type: text/plain; charset=US-ASCII > > On Wed, 23 Jul 2008 12:50:22 -0700 > Scott Kitterman <[EMAIL PROTECTED]> wrote: > > > Definitely. Let's drop it and drop it soon so we have some time to > > deal with any packages that have problems. > > Patch is located here: > > http://www.init.hr/dev/openssl-nossl2.patch > > > > ------------------------------ > > Message: 2 > Date: Thu, 24 Jul 2008 15:05:32 +0200 > From: Soren Hansen <[EMAIL PROTECTED]> > Subject: Re: Server Team 20080722 meeting minutes > To: Steve Langasek <[EMAIL PROTECTED]>, > [EMAIL PROTECTED], [email protected] > Message-ID: <[EMAIL PROTECTED]> > Content-Type: text/plain; charset="us-ascii" > > On Wed, Jul 23, 2008 at 12:26:43PM -0700, Steve Langasek wrote: > > On Wed, Jul 23, 2008 at 02:11:05PM -0400, Mathias Gug wrote: > >> ivoks prepared patches for a couple of packages to disable sslv2 in > >> their configuration. He also sent an email on ubuntu-devel about > >> disabling sslv2 directly in the openssl package. Discussion is > >> ongoing, with a proposal to create an openssl-sslv2 package in > >> universe that would be built with sslv2 enabled. > > FWIW, I think creating an openssl-sslv2 package would be the worst > > possible solution: duplicating security-sensitive code, and making it > > available with lesser security support. I think dropping SSLv2 > > support would be better. > > Err.. I don't think I follow. I imagine, we'd build the SSLv2-enabled > packages from the same source package and just put the binary in > universe? I believe someone in another thread gave specific examples of > 3rd party stuff that needed SSLv2 to function. Forcing them to compile > OpenSSL themselves seems worse to me. > > -- > Soren Hansen | > Virtualisation specialist | Ubuntu Server Team > Canonical Ltd. | http://www.ubuntu.com/ > -------------- next part -------------- > A non-text attachment was scrubbed... > Name: not available > Type: application/pgp-signature > Size: 307 bytes > Desc: Digital signature > Url : > https://lists.ubuntu.com/archives/ubuntu-server/attachments/20080724/71dfe6cd/attachment-0001.pgp > > ------------------------------ > > Message: 3 > Date: Thu, 24 Jul 2008 08:52:45 -0400 > From: Etienne Goyer <[EMAIL PROTECTED]> > Subject: Re: Server Team 20080722 meeting minutes > To: [email protected] > Message-ID: <[EMAIL PROTECTED]> > Content-Type: text/plain; charset=ISO-8859-1 > > Mathias Gug wrote: > > ==== RAILS integration ==== > > > > macd reported that mod_rails has been packaged and uploaded to REVU. > mathiaz > > reviewed it and sent his feedback to Neil (the packager). Overall it > looks > > good. > > > > macd also mentioned the discussions he's having with the Debian > maintainers > > for ruby/rubygems that is taking place in bug 145267[8]. There was some > > discussion about the issue which boils down to a PATH issue. The debian > gems > > and the source installed gems don't end up in the same place. Rails apps > looks > > in a specific place and rails isn't capable of looking in more than one > place. > > soren, macd and persia discussed the path issue and deferred it to > #ubuntu- > > server after the meeting. > > > > [8]: https://launchpad.net/bugs/145267 > > There was a guy speaking at Ubuntu Live 2007 about how he deployed Rails > on Ubuntu. He have a blog post about some of the stuff he do to > automate the work. He is working outside the packaging framework, so I > do not know how much of it is applicable for us, but there it is: > > http://blog.railsmachine.com/2007/5/25/ann-machinify-stack-toolkit > > > Right now, I understand he deploy mostly on CentOS + KVM, but does his > development on Ubuntu + KVM so he must have a clue. I will try to poke > him in joining the list and sharing his experience. > > > -- > Etienne Goyer, Senior Ubuntu System Support Analyst > Ubuntu Certified Instructor > Canonical, Ltd > > > > ------------------------------ > > Message: 4 > Date: Wed, 23 Jul 2008 21:50:38 -0400 > From: "Michael Casadevall" <[EMAIL PROTECTED]> > Subject: Re: SSLv2 - do we really need it? > To: "Ante Karamatic" <[EMAIL PROTECTED]> > Cc: [email protected], [EMAIL PROTECTED] > Message-ID: > <[EMAIL PROTECTED]> > Content-Type: text/plain; charset="iso-8859-1" > > Well, if a user has both Universe and Main enabled, if we have a > openssl-sslv2, which is the same package expect with SSLv2 compiled in, all > it needs is a Replaces/Conflicts/Provides which removes the sslv3-only > package. > > That way, any users who need it (and those who need likely already know) > are > simply an aptitiude command away from having the necessary support. > > On Tue, Jul 22, 2008 at 9:43 AM, Ante Karamatic <[EMAIL PROTECTED]> wrote: > > > On Tue, 22 Jul 2008 08:22:13 -0500 > > "Dustin Kirkland" <[EMAIL PROTECTED]> wrote: > > > > > And as soon as we get to the point where no packages depend on that, > > > we remove it? > > > > Our packages shouldn't be the problem (I doubt we have sslv2-only > > clients or servers). If there are problematic packages, then by > > definition those problems are bugs. > > > > Problems are third party packages, like XYZ IMAP client from ABCD > > company which supports only SSLv2 (I'm not aware of any program like > > that, but you get my point). For sysadmins of servers which have > > clients like that, openssl with SSLv2 is must have. > > > > I like the idea of additional package in universe. But how much > > problems could that produce? > > > > -- > > ubuntu-devel mailing list > > [EMAIL PROTECTED] > > Modify settings or unsubscribe at: > > https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel > > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > https://lists.ubuntu.com/archives/ubuntu-server/attachments/20080723/9ff85d0c/attachment-0001.htm > > ------------------------------ > > Message: 5 > Date: Thu, 24 Jul 2008 11:02:44 -0700 > From: Steve Langasek <[EMAIL PROTECTED]> > Subject: Re: Server Team 20080722 meeting minutes > To: [EMAIL PROTECTED], [email protected] > Message-ID: <[EMAIL PROTECTED]> > Content-Type: text/plain; charset=us-ascii > > On Thu, Jul 24, 2008 at 03:05:32PM +0200, Soren Hansen wrote: > > On Wed, Jul 23, 2008 at 12:26:43PM -0700, Steve Langasek wrote: > > > On Wed, Jul 23, 2008 at 02:11:05PM -0400, Mathias Gug wrote: > > >> ivoks prepared patches for a couple of packages to disable sslv2 in > > >> their configuration. He also sent an email on ubuntu-devel about > > >> disabling sslv2 directly in the openssl package. Discussion is > > >> ongoing, with a proposal to create an openssl-sslv2 package in > > >> universe that would be built with sslv2 enabled. > > > FWIW, I think creating an openssl-sslv2 package would be the worst > > > possible solution: duplicating security-sensitive code, and making it > > > available with lesser security support. I think dropping SSLv2 > > > support would be better. > > > Err.. I don't think I follow. I imagine, we'd build the SSLv2-enabled > > packages from the same source package and just put the binary in > > universe? I believe someone in another thread gave specific examples of > > 3rd party stuff that needed SSLv2 to function. Forcing them to compile > > OpenSSL themselves seems worse to me. > > Oh. That's much more sensible than the strawman I'd apparently constructed > in my mind. > > :-) > > Do you have a pointer to the examples of stuff still needing SSLv2? I > hadn't seen any listed on ubuntu-devel. > > -- > Steve Langasek Give me a lever long enough and a Free OS > Debian Developer to set it on, and I can move the world. > Ubuntu Developer http://www.debian.org/ > [EMAIL PROTECTED] [EMAIL PROTECTED] > > > > ------------------------------ > > Message: 6 > Date: Thu, 24 Jul 2008 16:03:47 -0400 > From: Scott Kitterman <[EMAIL PROTECTED]> > Subject: Re: SSLv2 - do we really need it? > To: [email protected] > Message-ID: <[EMAIL PROTECTED]> > Content-Type: text/plain; charset="utf-8" > > On Wednesday 23 July 2008 21:50, Michael Casadevall wrote: > Top posting fixed ... > > On Tue, Jul 22, 2008 at 9:43 AM, Ante Karamatic <[EMAIL PROTECTED]> wrote: > > > On Tue, 22 Jul 2008 08:22:13 -0500 > > > > > > "Dustin Kirkland" <[EMAIL PROTECTED]> wrote: > > > > And as soon as we get to the point where no packages depend on that, > > > > we remove it? > > > > > > Our packages shouldn't be the problem (I doubt we have sslv2-only > > > clients or servers). If there are problematic packages, then by > > > definition those problems are bugs. > > > > > > Problems are third party packages, like XYZ IMAP client from ABCD > > > company which supports only SSLv2 (I'm not aware of any program like > > > that, but you get my point). For sysadmins of servers which have > > > clients like that, openssl with SSLv2 is must have. > > > > > > I like the idea of additional package in universe. But how much > > > problems could that produce? > > > > > Well, if a user has both Universe and Main enabled, if we have a > > openssl-sslv2, which is the same package expect with SSLv2 compiled in, > all > > it needs is a Replaces/Conflicts/Provides which removes the sslv3-only > > package. > > > > That way, any users who need it (and those who need likely already know) > > are simply an aptitiude command away from having the necessary support. > > > So SSLv2 is not sufficiently cryptographically secure for Main, but it's OK > for Universe? I know Canonical does not promise security support for > Universe and it's mostly done by the community, but I don't think there is > a > difference in the desired security level between Main and Universe. > > My view is that if SSLv2 is OK for Universe, we should just leave it as is > and > suck up the pain of updating the individual applications. > > Scott K > > > > ------------------------------ > > Message: 7 > Date: Thu, 24 Jul 2008 16:55:52 -0500 > From: David Portwood <[EMAIL PROTECTED]> > Subject: Re: Server Team 20080722 meeting minutes > To: Etienne Goyer <[EMAIL PROTECTED]> > Cc: [email protected] > Message-ID: <[EMAIL PROTECTED]> > Content-Type: text/plain > > On Thu, 2008-07-24 at 08:52 -0400, Etienne Goyer wrote: > > Mathias Gug wrote: > > > ==== RAILS integration ==== > > > > > > macd reported that mod_rails has been packaged and uploaded to REVU. > mathiaz > > > reviewed it and sent his feedback to Neil (the packager). Overall it > looks > > > good. > > > > > > macd also mentioned the discussions he's having with the Debian > maintainers > > > for ruby/rubygems that is taking place in bug 145267[8]. There was some > > > discussion about the issue which boils down to a PATH issue. The debian > gems > > > and the source installed gems don't end up in the same place. Rails > apps looks > > > in a specific place and rails isn't capable of looking in more than one > place. > > > soren, macd and persia discussed the path issue and deferred it to > #ubuntu- > > > server after the meeting. > > > > > > [8]: https://launchpad.net/bugs/145267 > > > > There was a guy speaking at Ubuntu Live 2007 about how he deployed Rails > > on Ubuntu. He have a blog post about some of the stuff he do to > > automate the work. He is working outside the packaging framework, so I > > do not know how much of it is applicable for us, but there it is: > > > > http://blog.railsmachine.com/2007/5/25/ann-machinify-stack-toolkit > > > > > > Right now, I understand he deploy mostly on CentOS + KVM, but does his > > development on Ubuntu + KVM so he must have a clue. I will try to poke > > him in joining the list and sharing his experience. > > > Would be great to get another head in this. His post does seem to > indicate he is outside of packaging, but may have osme insight on the > deployment side of a sample app. > > > > > > -- > > Etienne Goyer, Senior Ubuntu System Support Analyst > > Ubuntu Certified Instructor > > Canonical, Ltd > > > > > > > ------------------------------ > > Message: 8 > Date: Fri, 25 Jul 2008 08:29:25 +0200 > From: Soren Hansen <[EMAIL PROTECTED]> > Subject: Re: Server Team 20080722 meeting minutes > To: [email protected], [EMAIL PROTECTED] > Cc: Steve Langasek <[EMAIL PROTECTED]> > Message-ID: <[EMAIL PROTECTED]> > Content-Type: text/plain; charset="us-ascii" > > On Thu, Jul 24, 2008 at 11:02:44AM -0700, Steve Langasek wrote: > >> I believe someone in another thread gave specific examples of 3rd > >> party stuff that needed SSLv2 to function. Forcing them to compile > >> OpenSSL themselves seems worse to me. > > Do you have a pointer to the examples of stuff still needing SSLv2? I > > hadn't seen any listed on ubuntu-devel. > > I've tried looking through the ubuntu-server and ubuntu-devel{,-discuss} > mailing list archives, and I can't seem to find it. Same for my > irclogs. I appear to be making it all up. I suppose if noone can come up > with a single example of anything that requires SSLv2, then I guess it's > all a moot point and we can just disable it, and deal with the fallout > if any should turn up. > > -- > Soren Hansen | > Virtualisation specialist | Ubuntu Server Team > Canonical Ltd. | http://www.ubuntu.com/ > -------------- next part -------------- > A non-text attachment was scrubbed... > Name: not available > Type: application/pgp-signature > Size: 307 bytes > Desc: Digital signature > Url : > https://lists.ubuntu.com/archives/ubuntu-server/attachments/20080725/75a3ff3f/attachment-0001.pgp > > ------------------------------ > > Message: 9 > Date: Fri, 25 Jul 2008 12:29:02 +0200 > From: "Philippe Gayot" <[EMAIL PROTECTED]> > Subject: How to change the kernel > To: [email protected] > Message-ID: > <[EMAIL PROTECTED]> > Content-Type: text/plain; charset="utf-8" > > Hi, > > To learn about "ubuntu-server", I want to install this OS on a notebook > Dell > D505 (Pentium M) and I have this error : > "This kernel requires the following features not present on the CPU : 0:6 > Unable to boot - please use a kernel appropriate for your CPU" > > How to choose & to install the good kernel ? > > Thanks > > -- > Ph. Gayot > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > https://lists.ubuntu.com/archives/ubuntu-server/attachments/20080725/819986a1/attachment.htm > > ------------------------------ > > -- > ubuntu-server mailing list > [email protected] > https://lists.ubuntu.com/mailman/listinfo/ubuntu-server > More info: https://wiki.ubuntu.com/ServerTeam > > End of ubuntu-server Digest, Vol 31, Issue 29 > ********************************************* > -- Ph. Gayot
-- ubuntu-server mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
