Re: Forming a new linux Distrbution
On Mon, 15 Oct 2007, nithi saro wrote: planning to build new linux distribution.We don't have any idea how to start and how to proceed.Soplease give detailed steps to build a new one from scratch (LFS). The first thing what would be really interesting is what your are missing in an existing distribution (for instance Debian) so hardly that you want to do the grunt work that more than 1000 people are currently doing for you voluntarily. Just name three valid reasons to start a distribution from scratch. Kind regards Andreas. -- http://fam-tille.de -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Bits from the Testing Security team
On Sun, Oct 14, 2007 at 11:38:35PM +0200, Stefan Fritsch wrote: > > Embedded code copies > > > There are a number of packages including source code from external > libraries, for example poppler is included in xpdf, kpdf and others. To > ensure that we don't miss any vulnerabilities in packages that do so we > maintain a list[6] of embedded code copies in Debian. It is preferable > that you do not embed copies of code in your packages, but instead link > against packages that already exist in the archive. Please contact us > about any missing items you know about. > Unfortunately this is not always viable, because in some cases embedded libraries are de facto forks of the original ones, or the program depends on a specific version (and API) of the library. I wonder if in those special cases an Embed: tag could be added in debian/control to help tracking things. -- Francesco P. Lovergine -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Bits from the Testing Security team
Hi Francesco, * Francesco P. Lovergine <[EMAIL PROTECTED]> [2007-10-15 11:08]: > On Sun, Oct 14, 2007 at 11:38:35PM +0200, Stefan Fritsch wrote: > > > > Embedded code copies > > > > > > There are a number of packages including source code from external > > libraries, for example poppler is included in xpdf, kpdf and others. To > > ensure that we don't miss any vulnerabilities in packages that do so we > > maintain a list[6] of embedded code copies in Debian. It is preferable > > that you do not embed copies of code in your packages, but instead link > > against packages that already exist in the archive. Please contact us > > about any missing items you know about. > > > > Unfortunately this is not always viable, because in some cases embedded > libraries are de facto forks of the original ones, or the program > depends on a specific version (and API) of the library. Yes true but in most cases the code base is nearly the same and we can check this without knowing ;) > I wonder if in those special cases an Embed: tag could be added in > debian/control to help tracking things. That would be a nice thing, also if this would include information if the code is really included or just statically linked against it. Kind regards Nico -- Nico Golde - http://ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. pgpgKKC2QIzSt.pgp Description: PGP signature
Re: Bits from the Testing Security team
On Sun, Oct 14, 2007 at 11:38:35PM +0200, Stefan Fritsch wrote: > Embedded code copies > > There are a number of packages including source code from external > libraries, for example poppler is included in xpdf, kpdf and others. To > ensure that we don't miss any vulnerabilities in packages that do so we > maintain a list[6] of embedded code copies in Debian. It is preferable > that you do not embed copies of code in your packages, but instead link > against packages that already exist in the archive. Please contact us > about any missing items you know about. > > [6]: > http://svn.debian.org/wsvn/secure-testing/data/embedded-code-copies?op=file&rev=0&sc=0 After a first reading of this, I though you didn't care about statically linked libraries as that can be spotted by looking at build-depends. However, looking at [6] I noticed that some of the embeddings are reported as "(link statically)" or similar. So, question, do you want to have reports also of missing pieces of statically linked code snippets in that list? If so I've recently uploaded (still in NEW) OCaml bindings for syck which statically links parts of libsyck-dev. ATM it is not possible to do any better, since a shared version of libsyck is not produces by the syck source package. I think syck is potentially security risky, since it is often used to parse third party data. You might want to look at syck bindings for other languages; for sure in Debian we also have Python and Perl syck bindings ... Cheers. -- Stefano Zacchiroli -*- PhD in Computer Science ... now what? [EMAIL PROTECTED],debian.org,bononia.it} -%- http://www.bononia.it/zack/ (15:56:48) Zack: e la demo dema ?/\All one has to do is hit the (15:57:15) Bac: no, la demo scema\/right keys at the right time signature.asc Description: Digital signature
Re: Bits from the Testing Security team
On Mon, Oct 15, 2007 at 11:06:32AM +0200, Francesco P. Lovergine wrote: > On Sun, Oct 14, 2007 at 11:38:35PM +0200, Stefan Fritsch wrote: > > > > Embedded code copies > > > > > > There are a number of packages including source code from external > > libraries, for example poppler is included in xpdf, kpdf and others. To > > ensure that we don't miss any vulnerabilities in packages that do so we > > maintain a list[6] of embedded code copies in Debian. It is preferable > > that you do not embed copies of code in your packages, but instead link > > against packages that already exist in the archive. Please contact us > > about any missing items you know about. > > Unfortunately this is not always viable, because in some cases embedded > libraries are de facto forks of the original ones, or the program > depends on a specific version (and API) of the library. Or in rare cases, the shared libraries are forks of embedded code, eg the case of Xpdf which has been forked to make libpoppler. Hamish -- Hamish Moffatt VK3SB <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Bits from the Testing Security team
On Mon, Oct 15, 2007 at 11:20:02AM +0200, Nico Golde wrote: > > Yes true but in most cases the code base is nearly the same > and we can check this without knowing ;) > > > I wonder if in those special cases an Embed: tag could be added in > > debian/control to help tracking things. > > That would be a nice thing, also if this would include > information if the code is really included or just > statically linked against it. > Kind regards > Nico Well, I would consider statically linking a non embedded (i.e. a packaged) library a bug... Are there known cases where this is a required condition? -- Francesco P. Lovergine -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Bits from the Testing Security team
On Mon, Oct 15, 2007 at 11:29:16AM +0200, Stefano Zacchiroli wrote: > So, question, do you want to have reports also of missing pieces of > statically linked code snippets in that list? On request of Steffen Joeris I'm following up here with a chat log between we two: (15:34:40) white: hi (15:36:11) white: i read your mail, can you maybe elaborate it a bit? i am not quite sure, if i get your case of code duplication right (15:36:47) zack: my point is: ocaml-syck (but is just an example) is now statically linked with libsyck (15:37:04) zack: is the security team aware that they need to rebuild ocaml-syck if they found a security bug in libsyck? (15:40:34) white: no, at least i would not think about it (15:40:59) white: that is an interesing (and unfortunate) point (15:41:04) zack: ok, so we actually need a list also of statically linked stuff (15:41:13) zack: please reply on list with this reasoning of ours (15:41:57) white: please do me a favour and paste this log into an email and mail it to the list (15:42:03) white: i will look into it tomorrow (15:42:11) zack: ok (15:42:17) white: thanks Cheers. -- Stefano Zacchiroli -*- PhD in Computer Science ... now what? [EMAIL PROTECTED],debian.org,bononia.it} -%- http://www.bononia.it/zack/ (15:56:48) Zack: e la demo dema ?/\All one has to do is hit the (15:57:15) Bac: no, la demo scema\/right keys at the right time signature.asc Description: Digital signature
Re: Bits from the Testing Security team
Hi Francesco, * Francesco P. Lovergine <[EMAIL PROTECTED]> [2007-10-15 16:05]: > On Mon, Oct 15, 2007 at 11:20:02AM +0200, Nico Golde wrote: > > > > Yes true but in most cases the code base is nearly the same > > and we can check this without knowing ;) > > > > > I wonder if in those special cases an Embed: tag could be added > > > in > > > debian/control to help tracking things. > > > > That would be a nice thing, also if this would include > > information if the code is really included or just > > statically linked against it. > > Well, I would consider statically linking a non embedded (i.e. a packaged) > library a bug... Are there known cases where this is a required condition? Yes, dpkg for example links statically against libbz2 and zlib just to pick a famous example. Kind regards Nico -- Nico Golde - http://ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. pgpqn8CbpaEvl.pgp Description: PGP signature
Bug#446766: ITP: qavimator -- a BVH animation editor for 3D virtual worlds such as secondlife
Package: wnpp Severity: wishlist Owner: robin cornelius <[EMAIL PROTECTED]> * Package name: qavimator Version : 0.0.193 Upstream Author : Zi Ree <[EMAIL PROTECTED]> * URL : http://www.qavimator.org * License : GPL Programming Lang: C++ Description : a BVH animation editor for 3D virtual worlds such as secondlife qavimator is a QT, BVH animation editor and allows the creation and editing of BVH avatar animations. These are commonly used in the 3D metaverse Secondlife (SL) for the in-world animation of avatars. The application allows full control of each joint but is supplied with default SL joint movement limitations. Key frames can be specified and animations interpolated between them. Basic props may also be used to aid the correct positioning of your animations with respect to objects. qavimator is tuned specificly for generation of animations for Secondlife. -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 2.6.21 (SMP w/1 CPU core) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Bits from the Testing Security team
Nico Golde escreveu: Hi Francesco, * Francesco P. Lovergine <[EMAIL PROTECTED]> [2007-10-15 16:05]: On Mon, Oct 15, 2007 at 11:20:02AM +0200, Nico Golde wrote: Yes true but in most cases the code base is nearly the same and we can check this without knowing ;) I wonder if in those special cases an Embed: tag could be added in debian/control to help tracking things. That would be a nice thing, also if this would include information if the code is really included or just statically linked against it. Well, I would consider statically linking a non embedded (i.e. a packaged) library a bug... Are there known cases where this is a required condition? Yes, dpkg for example links statically against libbz2 and zlib just to pick a famous example. Kind regards Nico So ... do as i say, don't do as i do !!! kind regards Luis Matos -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Bits from the Testing Security team
On Mon, Oct 15, 2007 at 04:17:35PM +0200, Nico Golde wrote: > > > > I wonder if in those special cases an Embed: tag could be > > > > added in > > > > debian/control to help tracking things. > > > > > > That would be a nice thing, also if this would include > > > information if the code is really included or just > > > statically linked against it. > > > > Well, I would consider statically linking a non embedded (i.e. a packaged) > > library a bug... Are there known cases where this is a required condition? > > Yes, dpkg for example links statically against libbz2 and zlib just to > pick a famous example. > Kind regards > Nico > So two different fields would be useful, the static related one would be probably better depending on the right -dev package instead of the source package. Maybe something like Embedded-Sources: , ... Static-Build-Depends: , ... with usual version relationships. -- Francesco P. Lovergine -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
ITP: nedi -- A lightweight network management framework
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: wnpp Owner: Hendrik Frenzel <[EMAIL PROTECTED]> Severity: wishlist * Package name: nedi Version : 1.0.w Upstream Author : Remo Rickli <[EMAIL PROTECTED]> * URL : http://nedi.ch * License : GPL Programming Lang: Perl, PHP Description : A lightweight network management framework NeDi is a lightwheight network management framework, which is based on a scheduled discovery, a SQL backend and a web based user interface. - -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (650, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.22-2-vserver-686 (SMP w/1 CPU core) Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15) Shell: /bin/sh linked to /bin/bash - -- I am chaos. I am the substance from which your artists and scientists build rhythms and rhimes. I am the spirit with which your children and clowns laugh in happy anarchy. I am chaos. I am alive, and I tell you that you are free. - Eris, Goddess Of Chaos, Discord & Confusion. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHE5w6jWcQfAgCZA8RCO47AKDJqPZFRvnPSnAHmz2qlQT6waSZVgCgm/GY +UDoP8+6NuCIam+7eIzwN34= =LBb0 -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Bits from the Testing Security team
Nico Golde writes ("Re: Bits from the Testing Security team"):
> Yes, dpkg for example links statically against libbz2 and zlib just to
> pick a famous example.
IMO this is a mistake, and I hope it will be reversed soon ...
Ian.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#446791: ITP: python-pycg -- NVIDIA's Cg 1.4 for Python
Package: wnpp Severity: wishlist Owner: Sandro Tosi <[EMAIL PROTECTED]> * Package name: python-pycg Version : 0.14.1 Upstream Author : Calle Lejdfors <[EMAIL PROTECTED]> * URL : http://www.cs.lth.se/home/Calle_Lejdfors/pygpu/ * License : ? Programming Lang: Python Description : NVIDIA's Cg 1.4 for Python -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.16-2-686-smp (SMP w/2 CPU cores) Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) Shell: /bin/sh linked to /bin/bash -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#446790: ITP: python-pyglew -- GLEW bindings for Python
Package: wnpp Severity: wishlist Owner: Sandro Tosi <[EMAIL PROTECTED]> * Package name: python-pyglew Version : 0.1.2 Upstream Author : Calle Lejdfors <[EMAIL PROTECTED]> * URL : http://www.cs.lth.se/home/Calle_Lejdfors/pygpu/ * License : ? Programming Lang: Python Description : GLEW bindings for Python -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.16-2-686-smp (SMP w/2 CPU cores) Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) Shell: /bin/sh linked to /bin/bash -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Bits from the Testing Security team
Hi Ian,
* Ian Jackson <[EMAIL PROTECTED]> [2007-10-15 19:59]:
> Nico Golde writes ("Re: Bits from the Testing Security team"):
> > Yes, dpkg for example links statically against libbz2 and zlib just to
> > pick a famous example.
>
> IMO this is a mistake, and I hope it will be reversed soon ...
quoting Adam Heath from #debian-devel:
2007-10-15 18:07 dpkg's configure has an option for using shared
libraries or static linking
2007-10-15 18:08 for gzip, it can do a static library link, a dynamic
library link, or a runtime fork/exec of gzip
2007-10-15 18:08 afaicr, when I did the patch
2007-10-15 18:10 the real reason, is dpkg used to only fork/exec gzip
2007-10-15 18:11 for efficiency, I gave it an option to link to zlib
2007-10-15 18:11 however, I didn't want to introduce another
dependency into the base system
2007-10-15 18:11 so I made it link statically
Kind regards
Nico
--
Nico Golde - http://ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgp2j9jaVIqNt.pgp
Description: PGP signature
Re: Bits from the Testing Security team
On Mon, Oct 15, 2007 at 08:48:02PM +0200, Nico Golde wrote:
> Hi Ian,
> * Ian Jackson <[EMAIL PROTECTED]> [2007-10-15 19:59]:
> > Nico Golde writes ("Re: Bits from the Testing Security team"):
> > > Yes, dpkg for example links statically against libbz2 and zlib just to
> > > pick a famous example.
> >
> > IMO this is a mistake, and I hope it will be reversed soon ...
>
> quoting Adam Heath from #debian-devel:
> 2007-10-15 18:07 dpkg's configure has an option for using shared
> libraries or static linking
> 2007-10-15 18:08 for gzip, it can do a static library link, a
> dynamic library link, or a runtime fork/exec of gzip
> 2007-10-15 18:08 afaicr, when I did the patch
> 2007-10-15 18:10 the real reason, is dpkg used to only fork/exec gzip
> 2007-10-15 18:11 for efficiency, I gave it an option to link to zlib
> 2007-10-15 18:11 however, I didn't want to introduce another
> dependency into the base system
> 2007-10-15 18:11 so I made it link statically
Current priority required pacakges having a (pre) depends on zlib1g:
- util-linux
Priority important:
- gnupg
- gpgv
- libgnutls13
- libopencdk10
- libopencdk8
- libssl0.9.8
- man-db
Standard:
- libmagic1
- openssh-client
- pciutils
- w3m
I don't think you'll add much to base.
Kurt
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Forming a new linux Distrbution
On Mon, 15 Oct 2007 09:46:40 +0200 (CEST) Andreas Tille <[EMAIL PROTECTED]> wrote: > Just name three valid reasons > to start a distribution from scratch. 1. It is the home exercise in "Operating Systems" until next week. 2. Why do you want to have all the fun? 3. For any other reason, see 1.) Dirk. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Bits from the Testing Security team
On Mon, Oct 15, 2007 at 09:08:06PM +0200, Kurt Roeckx wrote:
> On Mon, Oct 15, 2007 at 08:48:02PM +0200, Nico Golde wrote:
> > Hi Ian,
> > * Ian Jackson <[EMAIL PROTECTED]> [2007-10-15 19:59]:
> > > Nico Golde writes ("Re: Bits from the Testing Security team"):
> > > > Yes, dpkg for example links statically against libbz2 and zlib just to
> > > > pick a famous example.
> > >
> > > IMO this is a mistake, and I hope it will be reversed soon ...
> >
> > quoting Adam Heath from #debian-devel:
> > 2007-10-15 18:07 dpkg's configure has an option for using shared
> > libraries or static linking
> > 2007-10-15 18:08 for gzip, it can do a static library link, a
> > dynamic library link, or a runtime fork/exec of gzip
> > 2007-10-15 18:08 afaicr, when I did the patch
> > 2007-10-15 18:10 the real reason, is dpkg used to only fork/exec
> > gzip
> > 2007-10-15 18:11 for efficiency, I gave it an option to link to
> > zlib
> > 2007-10-15 18:11 however, I didn't want to introduce another
> > dependency into the base system
> > 2007-10-15 18:11 so I made it link statically
>
> Current priority required pacakges having a (pre) depends on zlib1g:
> - util-linux
>
> Priority important:
> - gnupg
> - gpgv
> - libgnutls13
> - libopencdk10
> - libopencdk8
> - libssl0.9.8
> - man-db
>
> Standard:
> - libmagic1
> - openssh-client
> - pciutils
> - w3m
The same for libbz2-1.0 only returns gnupg.
Kurt
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Forming a new linux Distrbution
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 10/15/07 14:11, Dirk Neumann wrote: > On Mon, 15 Oct 2007 09:46:40 +0200 (CEST) > Andreas Tille <[EMAIL PROTECTED]> wrote: > >> Just name three valid reasons >> to start a distribution from scratch. > > 1. It is the home exercise in "Operating Systems" until next week. If I'm paying University US$5,000/semester for my progeny pun intended?) to learn how to build a distro, then I'm one more-than- slightly upset parent... > 2. Why do you want to have all the fun? > 3. For any other reason, see 1.) - -- Ron Johnson, Jr. Jefferson LA USA Give a man a fish, and he eats for a day. Hit him with a fish, and he goes away for good! -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHE8d7S9HxQb37XmcRAs8JAKDplLSrjBHuTh84ZyihF2PGRSyOUACgsGLy 8EtYuIMFPJAVtRfCOYn854E= =orb+ -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Bug#446791: ITP: python-pycg -- NVIDIA's Cg 1.4 for Python
On Mon, Oct 15, 2007 at 08:15:32PM +0200, Sandro Tosi wrote: > Package: wnpp > Severity: wishlist > Owner: Sandro Tosi <[EMAIL PROTECTED]> > > * Package name: python-pycg > Version : 0.14.1 > Upstream Author : Calle Lejdfors <[EMAIL PROTECTED]> > * URL : http://www.cs.lth.se/home/Calle_Lejdfors/pygpu/ > * License : ? You must specify the license that governs this package. > Programming Lang: Python > Description : NVIDIA's Cg 1.4 for Python You also must write a long description. Please reply to this message with the missing information, so we can have a look at it. The same goes for the PyGLEW package. -- Met vriendelijke groet / with kind regards, Guus Sliepen <[EMAIL PROTECTED]> signature.asc Description: Digital signature
Re: Bug#446791: ITP: python-pycg -- NVIDIA's Cg 1.4 for Python
Hi Guus, > > Package: wnpp > > Severity: wishlist > > Owner: Sandro Tosi <[EMAIL PROTECTED]> > > > > * Package name: python-pycg > > Version : 0.14.1 > > Upstream Author : Calle Lejdfors <[EMAIL PROTECTED]> > > * URL : http://www.cs.lth.se/home/Calle_Lejdfors/pygpu/ > > * License : ? > > You must specify the license that governs this package. > > > Programming Lang: Python > > Description : NVIDIA's Cg 1.4 for Python > > You also must write a long description. Please reply to this message > with the missing information, so we can have a look at it. The same goes > for the PyGLEW package. Thanks for your reply. I know I have to provide licence and long description, but as of now I still don't know them; I've contacted upstream author (the same of pygpu, I'm packaging it and it depends on pyglew and pycg provided by upstream) regarding the packages he provides, since they are only a bunch of binary files (with no source) and an installer python script. I'll surely write down those information as soon as I'll be sure about that. Thanks, Sandro -- Sandro Tosi (aka Morpheus, matrixhasu) My (little) site: http://matrixhasu.altervista.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Bug#446791: ITP: python-pycg -- NVIDIA's Cg 1.4 for Python
On Mon, Oct 15, 2007 at 10:20:34PM +0200, Sandro Tosi wrote: > > You also must write a long description. Please reply to this message > > with the missing information, so we can have a look at it. The same goes > > for the PyGLEW package. > > Thanks for your reply. I know I have to provide licence and long > description, but as of now I still don't know them; I've contacted Maybe you don't know the license (although PyGPU is GPL version 2, it says so in COPYRIGHT.txt), but you can already write a long description. > upstream author (the same of pygpu, I'm packaging it and it depends on > pyglew and pycg provided by upstream) regarding the packages he > provides, since they are only a bunch of binary files (with no source) > and an installer python script. Well, the PyGLEW package should also be GPL version 2. If it has a license incompatible with GPLv2, then you cannot link both that library and PyGPU to an application, and the website says that PyGPU doesn't work without PyGLEW. While you're at it, tell upstream that they should include the full license text in COPYRIGHT.txt, or ask if they really expect everyone to write a letter to the Free Software Foundation :) > I'll surely write down those information as soon as I'll be sure about that. Ok, but next time explicitly mention that you are missing information (and why) in the ITP. -- Met vriendelijke groet / with kind regards, Guus Sliepen <[EMAIL PROTECTED]> signature.asc Description: Digital signature
Re: Bug#446791: ITP: python-pycg -- NVIDIA's Cg 1.4 for Python
> > I'll surely write down those information as soon as I'll be sure about that. > > Ok, but next time explicitly mention that you are missing information > (and why) in the ITP. Hi Guus, I'm sorry if I did some mistakes; these ITP was meant as a "marker" for the intention to package those libs, and I'll fill missing information as soon as I got them in the deb packages themselves. Thanks for pointing out that, Sandro -- Sandro Tosi (aka Morpheus, matrixhasu) My (little) site: http://matrixhasu.altervista.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Bits from the Testing Security team
On 2007-10-15, Stefano Zacchiroli <[EMAIL PROTECTED]> wrote: > > --MGYHOYXEY6WxJCY8 > Content-Type: text/plain; charset=us-ascii > Content-Disposition: inline > Content-Transfer-Encoding: quoted-printable > > On Mon, Oct 15, 2007 at 11:29:16AM +0200, Stefano Zacchiroli wrote: >> So, question, do you want to have reports also of missing pieces of >> statically linked code snippets in that list? Yes, this list has always included apps linking statically. Cheers, Moritz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Forming a new linux Distrbution
> > 1. It is the home exercise in "Operating Systems" until next week. Homework should be left up to the student, and not answered here... -- Shannon Eric Peevey [EMAIL PROTECTED] http://speeves.erikin.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Bits from the Testing Security team
On Mon, Oct 15, 2007 at 08:40:01PM +0200, Moritz Muehlenhoff wrote: > On 2007-10-15, Stefano Zacchiroli <[EMAIL PROTECTED]> wrote: > >> So, question, do you want to have reports also of missing pieces of > >> statically linked code snippets in that list? > > Yes, this list has always included apps linking statically. > > Cheers, > Moritz > Anyway having a way to distinguish source-embedded by statically-linked would be useful. IMHO the second case is almost always an error, but for special cases (static linked shell for instance). -- Francesco P. Lovergine -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Bug#446791: ITP: python-pycg -- NVIDIA's Cg 1.4 for Python
On 15-Oct-07, 15:44 (CDT), Sandro Tosi <[EMAIL PROTECTED]> wrote: > I'm sorry if I did some mistakes; these ITP was meant as a "marker" > for the intention to package those libs, and I'll fill missing > information as soon as I got them in the deb packages themselves. ITPs serve as a marker, but also as way to get some of the package basics right before you upload debs and people spend time translating them. The sooner you find and fix a bug, the easier it is. Steve -- Steve Greenland The irony is that Bill Gates claims to be making a stable operating system and Linus Torvalds claims to be trying to take over the world. -- seen on the net -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Bits from the Testing Security team
On Tue, Oct 16, 2007 at 12:20:52AM +0200, Francesco P. Lovergine wrote: > On Mon, Oct 15, 2007 at 08:40:01PM +0200, Moritz Muehlenhoff wrote: > > On 2007-10-15, Stefano Zacchiroli <[EMAIL PROTECTED]> wrote: > > >> So, question, do you want to have reports also of missing pieces of > > >> statically linked code snippets in that list? > > > > Yes, this list has always included apps linking statically. > > > > Cheers, > > Moritz > > > Anyway having a way to distinguish source-embedded by statically-linked > would be useful. IMHO the second case is almost always an error, but > for special cases (static linked shell for instance). > Additionally, packages with embedded sources require patching, while packages which statically link only require rebuilding. Regards, -Roberto -- Roberto C. Sánchez http://people.connexer.com/~roberto http://www.connexer.com signature.asc Description: Digital signature
why MIA database restricted only for DDs
Hi Is there any reason why the database containing maintainers MIA (missing in action) is available only for DDs? The developers-reference.pdf tells to use mia-query for this (chapter 7). But the command is on a Debian machine which can only be accesses by DDs. Can this be changed? thanks raju -- Kamaraju S Kusumanchi http://www.people.cornell.edu/pages/kk288/ http://malayamaarutham.blogspot.com/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Bits from the Testing Security team
On 15/10/2007 Francesco P. Lovergine wrote: > > > I wonder if in those special cases an Embed: tag could be added > > > in > > > debian/control to help tracking things. > > > > That would be a nice thing, also if this would include > > information if the code is really included or just > > statically linked against it. > > Kind regards > > Nico > > Well, I would consider statically linking a non embedded (i.e. a packaged) > library a bug... Are there known cases where this is a required condition? cryptsetup is statically linked against libgcrypt and libgpg-error, as both are in /usr/lib, and relying on a mounted /usr is not an option for cryptsetup. ... jonas -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: why MIA database restricted only for DDs
On Mon, Oct 15, 2007 at 09:15:27PM -0400, Kamaraju S Kusumanchi wrote: > Is there any reason why the database containing maintainers MIA (missing > in action) is available only for DDs? The developers-reference.pdf tells to > use mia-query for this (chapter 7). But the command is on a Debian machine > which can only be accesses by DDs. Can this be changed? I think it is limited for privacy reasons. The same with vacation and echelon information on db.debian.org. As far as debian.org systems are concerned, maintainers who are non-DDs are indistinguishable from the general public at present. Sorry about that. Perhaps the new debian-maintainers system will allow access to that information to participants. Hamish -- Hamish Moffatt VK3SB <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Bug#446656: ITP: libjbosscache1-java -- cache frequently accessed Java objects
Torsten Werner wrote: > * Package name: libjbosscache1-java Are you aware of #386108 and the rest of the JBoss effort? Regards, Marcus -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Bug#446656: ITP: libjbosscache1-java -- cache frequently accessed Java objects
On 10/16/07, Marcus Better <[EMAIL PROTECTED]> wrote: > Torsten Werner wrote: > > * Package name: libjbosscache1-java > > Are you aware of #386108 and the rest of the JBoss effort? That bug has been closed and archived, perhaps it should be unarchived and reopened if that effort is still active? -- bye, pabs http://wiki.debian.org/PaulWise -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: why MIA database restricted only for DDs
Hi, On Mon, 15 Oct 2007, Kamaraju S Kusumanchi wrote: > Is there any reason why the database containing maintainers MIA (missing > in action) is available only for DDs? The developers-reference.pdf tells to > use mia-query for this (chapter 7). But the command is on a Debian machine > which can only be accesses by DDs. Can this be changed? It's unlikely to change. If you need to make a query about a specific developer, please join on #debian-qa on irc.debian.org and ask someone there to check mia-query for you. They will tell you if he's already recorded in the database or not. Cheers, -- Raphaël Hertzog Premier livre français sur Debian GNU/Linux : http://www.ouaza.com/livre/admin-debian/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
