Re: UPG and the default umask

[Bastien ROUCARIES]

On Mon, May 17, 2010 at 3:34 PM, Marvin Renich  wrote:
> * Reinhard Tartler  [100517 08:56]:
>> Let's have a look at the source. Note that options->usergroups is set
>> iff the option "usergroups" is used.
>>
>> ,[modules/pam_umask/pam_umask.c]
>> | /* Set the process nice, ulimit, and umask from the
>> |    password file entry.  */
>> | static void
>> | setup_limits_from_gecos (pam_handle_t *pamh, options_t *options,
>> |                      struct passwd *pw)
>> | {
>> |   char *cp;
>> |
>> |   if (options->usergroups)
>> |     {
>> |       /* if not root, and UID == GID, and username is the same as
>> |      primary group name, set umask group bits to be the same as
>> |      owner bits (examples: 022 -> 002, 077 -> 007).  */
>> |       if (pw->pw_uid != 0 && pw->pw_uid == pw->pw_gid)
>> |     {
>> |       struct group *grp = pam_modutil_getgrgid (pamh, pw->pw_gid);
>> |       if (grp && (strcmp (pw->pw_name, grp->gr_name) == 0))
>> |         {
>> |           mode_t oldmask = umask (0777);
>> |           umask ((oldmask & ~070) | ((oldmask >> 3) & 070));
>> |         }
>> |         }
>> |     }
>> `

Another bug is the code does not check if they are only one user on the group.

Regards

Bastien


--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/aanlktiljeb7l0vnlvyz-q3kij4fvrmxldjpkkz6v3...@mail.gmail.com

Re: UPG and the default umask

[Peter Palfrader]

On Mon, 17 May 2010, Bernhard R. Link wrote:

> * Peter Palfrader  [100517 16:41]:
> > The main problem with a default 002 umask, IMHO, is that as soon as you
> > copy your files from a host with 002 and usergroups to one without, or
> > untar a tarball created on a 002 host with usergroups on a system where
> > you don't have a usergroup, Bad Things can happen, depending on the
> > exact method you use to copy things.
> 
> Every usual copy method should not have that problem (after all, umask
> is about bits not to set with any new files explicitly created).
> 
> Only way to get something like that is cp -a or tar -xp.

Not exactly true.  Untarring as root preserves these things by default.
Also, using rsync with -avz is pretty standard.

Anyway, my point remains:  Procedures that were perfectly fine and
secure up until now would suddenly be broken and dangerous.

-- 
   |  .''`.  ** Debian GNU/Linux **
  Peter Palfrader  | : :' :  The  universal
 http://www.palfrader.org/ | `. `'  Operating System
   |   `-http://www.debian.org/


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20100518074815.gi8...@anguilla.noreply.org

Re: snapshot.debian.org implications for you

[Peter Palfrader]

On Wed, 12 May 2010, Felipe Sateler wrote:

> On 11/05/10 03:26, Peter Palfrader wrote:
>>
>> Short version:
>> --
>>
>> If you uploaded stuff to debian that is not redistributable you
>> will have to let the snapshot people know to remove it.
>
> Would it be feasible to have some sort of automation surrounding this?
> Breaches that are fixed by a subsequent upload will very likely contain  
> some strings in the changelog: strip, distributable, dfsg-free or 
> non-free.
> Also, a significant part of the breaches would have to be fixed by a  
> repacked tarball. Thus, detecting changes in the version string (adding  
> dfsg or repack) would give a good pointer on packages that need to go  
> from snapshot.debian.org.

Maybe.  Hard to tell.  Do you want to try it?

-- 
   |  .''`.  ** Debian GNU/Linux **
  Peter Palfrader  | : :' :  The  universal
 http://www.palfrader.org/ | `. `'  Operating System
   |   `-http://www.debian.org/


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20100518074947.gj8...@anguilla.noreply.org

Re: snapshot.debian.org implications for you

[Raphael Hertzog]

On Tue, 18 May 2010, Peter Palfrader wrote:
> On Wed, 12 May 2010, Felipe Sateler wrote:
> > Would it be feasible to have some sort of automation surrounding this?
> > Breaches that are fixed by a subsequent upload will very likely contain  
> > some strings in the changelog: strip, distributable, dfsg-free or 
> > non-free.
> > Also, a significant part of the breaches would have to be fixed by a  
> > repacked tarball. Thus, detecting changes in the version string (adding  
> > dfsg or repack) would give a good pointer on packages that need to go  
> > from snapshot.debian.org.
> 
> Maybe.  Hard to tell.  Do you want to try it?

Most of the repackaging is done because we don't _want_ to redistribute
those files not because we do not have the right to redistribute them.

The check would be mostly useless IMO.

Cheers,
-- 
Raphaël Hertzog

Like what I do? Sponsor me: http://ouaza.com/wp/2010/01/05/5-years-of-freexian/
My Debian goals: http://ouaza.com/wp/2010/01/09/debian-related-goals-for-2010/


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20100518081321.ga4...@rivendell

Re: SRWare Iron: Chromium without the data-mining

[Philipp Kern]

On 2010-05-18, Ryan Oram  wrote:
> http://www.srware.net/en/software_srware_iron_chrome_vs_iron.php
>
> This should become a full open source project with a community behind
> it. With Mozilla disregarding H.264, the community needs a full
> browser capable of H.264 video playback without the privacy issues of
> Chrome.
>
> We need to "Iceweasel" Chromium.

No, we don't (unless trademark rules apply).  It's Chromium, not Chrome btw,
that site doesn't speak a word about Chromium.

Kind regards,
Philipp Kern


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/slrnhv4jhi.5r2.tr...@kelgar.0x539.de

Re: SRWare Iron: Chromium without the data-mining

[Fabian Greffrath]

With Mozilla disregarding H.264, the community needs a full
browser capable of H.264 video playback without the privacy issues of
Chrome.




You may need to install some additional gstreamer plugins, though.

Cheers,
Fabian


--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/4bf250ad.6060...@leat.rub.de

Re: UPG and the default umask

[Bernhard R. Link]

* Peter Palfrader  [100518 09:48]:
> Not exactly true.  Untarring as root preserves these things by default.

Tar also preserves users. As one user name (or id) might be trusted on
one system, but be an other person on an other system, that is already
dangerous.

> Also, using rsync with -avz is pretty standard.

That already preserves the group names if possible. So it means that if
you are in a group with the same name on two computers but with
different meaning you can give permissions to people you have not
intended. So rsync -a is already dangerous in the way you describe.

Hochachtungsvoll,
Bernhard R. Link


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/20100518093631.ga18...@pcpool00.mathematik.uni-freiburg.de

Re: UPG and the default umask

[Christoph Anton Mitterer]

Hi Peter.

On Tue, 18 May 2010 09:48:15 +0200, Peter Palfrader 
wrote:
> Anyway, my point remains:  Procedures that were perfectly fine and
> secure up until now would suddenly be broken and dangerous.
I guess you're wasting your time... the many arguments which either showed
concrete technical (security) problems (e.g. your tar issue here or the
ugly need to patch stuff like ssh) as well as more general (security)
concepts which speaks against those changes (and although I'm in minority,
I was not the only one with strong concerns) are simply ignored.

Not to speak about, that UPG is anyway a questionable abuse of the
user/group concept.

Neither to speak about the fact, that in the 17 years debian exists
now,... no majority missed that "feature" (apparently).

Best wishes,
Chris.


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/d25e0d5acb17eaa35b79d8519fe5b...@imap.dd24.net

DASIP 2010 > Call for Papers - Extended Deadline - May 28, 2010

[training]

==
   CALL FOR CONTRIBUTIONS
==

  EXTENDED SUBMISSION DEADLINE: MAY 28, 2010
==

The 2010 Conference on Design and Architectures
for Signal and Image Processing (DASIP)

26-28 October 2010
Edinburgh, United Kingdom

Details on author schedules, submission, registration, program and venue
are available on the conference website:

http://www.ecsi.org/dasip

==
Call for Papers

The historical city of Edinburgh, the capital of Scotland and home to some 
half a million people, will host the 2010 Conference on Design and 
Architectures for Signal and Image Processing (DASIP) from the 26th to the 
28th of October 2010. DASIP provides an inspiring international forum for 
latest innovations and developments in the field of leading edge embedded 
signal processing systems. Prospective authors are invited to submit 
manuscripts on topics including, but not limited to:

Design methods and tools
- Design verification and fault tolerance
- Embedded system security and security validation
- System-level design and hardware/software co-design
- Communication synthesis, architectural and logic synthesis
- Embedded real-time systems and real-time operating systems
- Rapid system prototyping, performance analysis and estimation
- Formal models, transformations, algorithm transformations and metrics

Development platforms, architectures and technologies
- Embedded platforms for multimedia and telecom
- Many-core and multi-processor systems, SoCs, and NoCs
- Reconfigurable ASIPs, FPGAs, and dynamically reconfigurable systems
- Asynchronous (self-timed) circuits and analog and mixed-signal circuits
- Digital biosignal processing, biologically based and/or inspired systems

Use-cases and applications
- Ambient intelligence, ubiquitous and wearable computing
- Global navigation satellite systems, smart cameras, and PDAs
- Security systems, cryptography, object recognition and tracking
- Embedded systems for automotive, aerospace, and health applications

Smart sensing systems
- Sensor networks, environmental and system monitoring
- Vision, audio, fingerprint, health monitoring, and biosensors
- Structurally-embedded, distributed, and multiplexed sensors
- Sensing for active control systems, adaptive and evolutionary sensors

The conference program will include keynote speeches, contributed paper
sessions, and demonstrations. DASIP 2010 will feature Special Sessions 
that will run throughout the conference. These Special Sessions have the 
purpose of introducing the DASIP community to relevant hot topics that 
were not sufficiently covered by previous editions of the conference. 
The sessions can also continue with a special topic from former editions 
of DASIP providing for a continued exchange of ideas and a place to meet.

Five Special Sessions are planned. Prospective authors are invited to 
submit manuscripts on the following topics:
- Reliable Multi-Processor Scheduling and HW/SW Resource Management
- Reconfigurable Computing Architectures
- Image and Signal Processing on GPU
- Advances in Reconfigurable Video Coding (RVC)
- Smart Image Sensors

--

Authors should submit their full papers (up to 8 pages, double-column IEEE 
format) in PDF through the web based submission system. Proceedings of 
DASIP 2010 will be included in the IEEE Xplore Digital Library. Authors of 
the best papers will be invited to submit an extended version of their work 
to the International Journal of Embedded and Real-Time Communication 
Systems (IJERTCS), in which a special issue on DASIP will be published on 
the third quarter of 2011.

All submitted papers should be done online, following the paper submission 
guidelines. 

For those interested in submitting a paper for one of the special sessions, 
please take care to select the special session corresponding to your 
choice.

http://www.ecsi.org/dasip/submissions

--
Important Dates

Paper Submission: May 28, 2010
Acceptance Notification: July 15, 2010

--
Steering Committee

Mohamed Abid, Ecole nationale d'ingénieurs de Sfax, TN
Ahmet Erdogan, University of Edinburgh, UK
Guy Gogniat, Université de Bretagne Sud, FR
Bertrand Granado, Ecole Nationale Supérieure de l'Electronique et de ses
Applications, FR
Jean-Didier Legat, Université catholique de Louvain, BE
Stéphane Mancini, Institut polytechnique de Grenoble, FR
Marco Mattavelli, Ecole Polytechnique Fédérale de Lausanne, CH
Dragomir Milojevic, Université Libre de Bruxelles, BE
Adam Morawiec, Electronic Chips & Systems design Initiative, FR
Mi

Bug#582090: (no subject)

[Kan-Ru Chen]

Subject: ITP: viewnior -- simple, fast and elegant image viewer
Package: wnpp
Owner: "Kan-Ru Chen" 
Severity: wishlist

* Package name: viewnior
  Version : 1.0
  Upstream Author : Siyan Panayotov 
* URL : http://xsisqox.github.com/Viewnior/
* License : GPLv3
  Programming Lang: C
  Description : simple, fast and elegant image viewer

This is Viewnior, an image viewer program. Created to be simple, fast
and elegant. It's minimalistic interface provides more screenspace for
your images. Among its features are:

 * Fullscreen & Slideshow
 * Rotate, flip, crop, save, delete images
 * Animation support
 * Browse only selected images
 * Navigation window
 * Set image as wallpaper (only under GNOME)
 * Simple interface
 * Configurable mouse actions

Viewnior is insipred by big projects like Eye of Gnome, because of
it's usability and richness,and by GPicView, because of it's
lightweight design and minimal interface. So here comes Viewnior -
small and light, with no compromise with the quality of it's
functions. The program is made with better integration in mind
(follows Gnome HIG2)

Viewnior is written in C (GTK+) and uses modified version of the
GtkImageView library by Bjourn Lindqvist.


- - Kanru
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkvyUTYACgkQsbdbXzZcx6IoOwCgkOMIcK0IZoGL8FxL7MyXytQZ
LN8AnRIQagWUTvllHlG02Nukz27lVXfY
=FuXv
-END PGP SIGNATURE-



-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/20100518083519.22507.37683.report...@anar.kanru.info

Re: UPG and the default umask

[Philipp Kern]

On 2010-05-18, Christoph Anton Mitterer  wrote:
> Not to speak about, that UPG is anyway a questionable abuse of the
> user/group concept.
>
> Neither to speak about the fact, that in the 17 years debian exists
> now,... no majority missed that "feature" (apparently).

So you present that as universal facts as if you've booked the truth
(possibly a bad translation of a German saying).

I think that feature is useful for all those who don't want to mess
with ACLs.  If you are not allowed to use ACLs and don't have UPG
with sane umasks collaboration is painful (see e.g. Debian infrastrure
with all users being in group Debian and default umask 0022 which
leads to wrong permissions in setgid directories, with ACLs being
disallowed).  So indeed I got a script which does newgrp and
setting the umask for me which I run whenever I want to do release
tasks.  But it would be more sane if the user wouldn't have to
care about that.

(In other environments default ACLs solve this problem in some way
or another, if you throw another periodic cronjob onto the problem
which deal with the few exceptions created by e.g. mv.)

Kind regards,
Philipp Kern



-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/slrnhv4poh.6us.tr...@kelgar.0x539.de

Re: UPG and the default umask

[Petter Reinholdtsen]

[Christoph Anton Mitterer]
> Neither to speak about the fact, that in the 17 years debian exists
> now,... no majority missed that "feature" (apparently).

Well, a minority in Debian Edu have missed it since the Debian Edu
project started integrating our configuration into Debian, and are
very happy with the fact that UPG finally will work out of the box in
Debian. :)

Happy hacking,
-- 
Petter Reinholdtsen


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/2flmxvxcxqm@login1.uio.no

Re: UPG and the default umask

[Christoph Anton Mitterer]

On Tue, 18 May 2010 10:08:17 + (UTC), Philipp Kern 
wrote:
> So you present that as universal facts as if you've booked the truth
> (possibly a bad translation of a German saying).
No,.. and normally I would simply shut up, as I'm not even DD... but this
here breaks simply so much which I believe in and contradicts so many
proven paradigms, that I prefer to raise up even if that means, that I
don't make any friends here.

 
> I think that feature is useful for all those who don't want to mess
> with ACLs.
Well I guess this already hints to it:
- groups, were intended to group different users together and not to rely
that only one users is in its own group (which is as far as I understood
what UPGs do, right?)
- If one wants more (collaboration stuff and that on): We have ACLs, which
are just intended for all that,... allowing finer grained access rules. And
I guess many collaborative issues are dealt with at a much higher level
than the fs anyway...

> If you are not allowed to use ACLs
That's no reason for UPGs to exist, is it?
All important filesystems support ACLs, right? All kernels in Debian and
do so, right? So technically, no problem.
So being "not allowed" probably means organisational issues, right? But
then talk to your admins.

What's done here is to abuse a system just to workaround something else
("don't have/want to ACLs), right?


> and don't have UPG
> with sane umasks collaboration is painful (see e.g. Debian infrastrure
> with all users being in group Debian and default umask 0022 which
> leads to wrong permissions in setgid directories,
> with ACLs being
> disallowed).
Was there any special reason for this?

> So indeed I got a script which does newgrp and
> setting the umask for me which I run whenever I want to do release
> tasks.  But it would be more sane if the user wouldn't have to
> care about that.

- Even if I'd see a technical use case/benefit (that could not be gained
via other means that are intended for this),... I wouldn't do this as
default.

- There are probably many unpredictable side effects (see what Peter has
noted) and the need to hack around stuff which is perfectly ok as it is (I
guess this is going to be done e.g. in ssh).

And - for me most important - it shows some evil trends:
- We more or less start forcing users to go a special way (in this case
"using UPGs").
I know you'll say that everybody can simply go back, but if this like
changing unrelated packages go on, the day will come sooner than later
where this is not easily possible.
- We start sacrifice security.


Cheers,
Chris.


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/1504291ecb28d8c42cad3ab73ad80...@imap.dd24.net

Re: UPG and the default umask

[Christian PERRIER]

Quoting Christoph Anton Mitterer (cales...@scientia.net):

> Neither to speak about the fact, that in the 17 years debian exists
> now,... no majority missed that "feature" (apparently).

I bet this will improve over time, until the day nobody is using
Debian anymore (hence nobody missing the feature, too) if we always
refuse to adopt evolutions that are apparently an evidence for all
other distros.

In case someone would wonde, yes, that was sarcastic mode I wonder
whether I'm really only half-kidding, however, or if that joke could
become true in some future.






signature.asc
Description: Digital signature

Re: UPG and the default umask

[Christoph Anton Mitterer]

On Tue, 18 May 2010 12:32:56 +0200, Christian PERRIER 
wrote:
> evolutions that are apparently an evidence for all
> other distros.
Apart from whether everything what other do or do not is automatically an
evolutions (e.g. dotnet/mono)...

is there a list of distros that have UPGs fully deployed?


Cheers,
Chris.


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/297e37bdea3d58d08f1f1d529a15d...@imap.dd24.net

Re: APT do not work with Squid as a proxy because of pipelining default

[Marvin Renich]

* Robert Collins  [100517 22:03]:
> Given that pipelining is broken by design, that the HTTP WG has
> increased the number of concurrent connections that are recommended,
> and removed the upper limit - no. I don't think that disabling
> pipelining hurts anyone - just use a couple more concurrent
> connections.
> 
> -Rob

I was unaware that pipelining was considered "broken by design", so I
was trying to say that if there was an easy way for apt to choose
between pipelining and no pipelining (if it wasn't specifically set by
the admin) that would handle most of the cases, that was better than
disabling by default a feature that was beneficial to many.

If pipelining is considered broken, and concurrency is preferred, I'm
perfectly happy with that.

...Marvin


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20100518120244.gl1...@cleo.wdw

Re: APT do not work with Squid as a proxy because of pipelining default

[Marvin Renich]

* Goswin von Brederlow  [100518 02:53]:
> Marvin Renich  writes:
> > Documenting this problem somewhere that an admin would look when seeing
> > the offending "Hash sum mismatch" message would also help.  Turning off
> > pipelining by default for everybody seems like the wrong solution to
> > this problem.
> >
> > ...Marvin
> 
> Maybe apt should check size and try to resume the download. I'm assuming
> it gets the right header but then the data ends prematurely?
> 
> Could you try to capture a tcpdump of the actual traffic between apt and
> the proxy?
> 
> MfG
> Goswin

Fortunately, I am not behind a proxy, so I can't check this.  :-)

...Marvin


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20100518120413.gm1...@cleo.wdw

Re: APT do not work with Squid as a proxy because of pipelining default

[Mike Hommey]

On Mon, May 17, 2010 at 09:54:28PM +0200, Florian Weimer wrote:
> * Petter Reinholdtsen:
> 
> > I am bothered by http://bugs.debian.org/56 >, and the fact
> > that apt(-get,itude) do not work with Squid as a proxy.  I would very
> > much like to have apt work out of the box with Squid in Squeeze.  To
> > fix it one can either change Squid to work with pipelining the way APT
> > uses, which the Squid maintainer and developers according to the BTS
> > report is unlikely to implement any time soon, or change the default
> > setting in apt for Aquire::http::Pipeline-Depth to zero (0).  I've
> > added a file like this in /etc/apt/apt.conf.d/ to solve it locally:
> >
> >   Aquire::http::Pipeline-Depth 0;
> 
> Maybe it's safe to use pipelining when a proxy is not used?  This is
> how things have been implemented in browsers, IIRC.

Mozilla browsers have had pipelining disabled for years, because
reality is that a whole lot of servers don't implement it properly if at
all.

Mike


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20100518120913.ga8...@glandium.org

Re: APT do not work with Squid as a proxy because of pipelining default

[Luigi Gangitano]

Il giorno 17/mag/2010, alle ore 09.02, Goswin von Brederlow ha scritto:
> Given that squid already has a patch, although only for newer versions,
> this really seems to be a squid bug. As such it should be fixed in
> squid as not only apt might trigger the problem.

Goswin, can you please point me to the patch you mention?

> That said setting the Pipeline-Depth to 0 as default or when a proxy is
> configured might be advisable. Adding a apt.conf.d sniplet to the stable
> apt should be a trivial change. Much simpler than fixing squid itself.
> 
> And in testing/unstable one can fix it properly or update squid to 3.0.

I assume that squid3 is not affected by this bug, do you confirm this? If the 
patch you mentioned is related to squid3 a backport may or may not be feasible, 
but should try. :-)

Regards,

L

--
Luigi Gangitano --  -- 
GPG: 1024D/924C0C26: 12F8 9C03 89D3 DB4A 9972  C24A F19B A618 924C 0C26


--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/6ba9dd68-4527-4d44-a836-647352505...@debian.org

Re: UPG and the default umask

[Michael Banck]

On Tue, May 18, 2010 at 10:49:08AM +, Christoph Anton Mitterer wrote:
> On Tue, 18 May 2010 10:08:17 + (UTC), Philipp Kern 
> wrote:
> > So you present that as universal facts as if you've booked the truth
> > (possibly a bad translation of a German saying).
> No,.. and normally I would simply shut up, as I'm not even DD... but this
> here breaks simply so much which I believe in and contradicts so many
> proven paradigms, that I prefer to raise up even if that means, that I
> don't make any friends here.

It's not speaking up which is the problem, it's the Sven-Luther style of
argumentation.


Michael


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/20100518121346.ge3...@nighthawk.chemicalconnection.dyndns.org

Re: UPG and the default umask

[Michael Banck]

On Tue, May 18, 2010 at 11:34:47AM +, Christoph Anton Mitterer wrote:
> is there a list of distros that have UPGs fully deployed?

This is not Q&A list, you are allowed to do research yourself and
present it here.


Michael


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/20100518121505.gf3...@nighthawk.chemicalconnection.dyndns.org

Re: UPG and the default umask

[Michael Banck]

On Tue, May 18, 2010 at 02:13:46PM +0200, Michael Banck wrote:
> On Tue, May 18, 2010 at 10:49:08AM +, Christoph Anton Mitterer wrote:
> > On Tue, 18 May 2010 10:08:17 + (UTC), Philipp Kern 
> > wrote:
> > > So you present that as universal facts as if you've booked the truth
> > > (possibly a bad translation of a German saying).
> > No,.. and normally I would simply shut up, as I'm not even DD... but this
> > here breaks simply so much which I believe in and contradicts so many
> > proven paradigms, that I prefer to raise up even if that means, that I
> > don't make any friends here.
> 
> It's not speaking up which is the problem, it's the Sven-Luther style of
> argumentation.

What I meant is that you seem to very passionate about this topic, and
reply to a lot of messages with similar content in short succession,
while it might be better to first see what arguments others come up with
and address new ones as you see fit.


Thanks,

Michael


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/20100518122443.gg3...@nighthawk.chemicalconnection.dyndns.org

Selling Text Ads and Media Ads

[Jenny michael]

Hello,

I am Jenny Michael from Link Builders Associated group we have a new offer
for you we are selling link on more then 20 different niche with a very good
offer On a quality sites If interested then pm me back with your contact Id
and phone number on my mail id jenny.lba...@gmail.com and
linkbuildersassocia...@gmail.com


Thanks
*Jenny*

Re: UPG and the default umask

[Harald Braumann]

On Tue, May 18, 2010 at 10:08:17AM +, Philipp Kern wrote:
> On 2010-05-18, Christoph Anton Mitterer  wrote:
> > Not to speak about, that UPG is anyway a questionable abuse of the
> > user/group concept.
> >
> > Neither to speak about the fact, that in the 17 years debian exists
> > now,... no majority missed that "feature" (apparently).
> 
> So you present that as universal facts as if you've booked the truth
> (possibly a bad translation of a German saying).
> 
> I think that feature is useful for all those who don't want to mess
> with ACLs.  If you are not allowed to use ACLs and don't have UPG
> with sane umasks collaboration is painful (see e.g. Debian infrastrure
> with all users being in group Debian and default umask 0022 which
> leads to wrong permissions in setgid directories, with ACLs being
> disallowed).  So indeed I got a script which does newgrp and
> setting the umask for me which I run whenever I want to do release
> tasks.  But it would be more sane if the user wouldn't have to
> care about that.

Let me quote from the comments in /etc/login.defs:

# 022 is the "historical" value in Debian for UMASK when it was used
# 027, or even 077, could be considered better for privacy
# There is no One True Answer here : each sysadmin must make up his/her
# mind.

And that's exactly the problem: there is no one-size-fits-all
for the umask. Yes, for collaboration in a setgid directory you'd have
to use 002 and thanks to UPG this is possible without compromising
security. But I consider this just a special case. There are
cases where Debian runs in a non-UPG environment, where you can't use
that umask. And I don't think that's uncommon. Think of a mixed
environment with Windows, where you might have a samba domain in LDAP. And
last time I checked, the smbldap-tools didn't support UPG.

So whatever value is used as the default, half of the users will have
to change it anyway, to fit their needs. And in such a case, where
there is no single optimal value, I'd rather have the most
conservative as default. 

If the umask is 022 and you create a setgid
directory and forget to change the umask, you will quickly realise
that things are not working as expected and fix it. If the umask is
002 and you add your Debian system to a non-UPG environment and forget
to change the umask, things will still work perfectly but you put all
your files at risk and might not even realise it until it is too
late.

Cheers,
harry


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20100518131240.ga4...@sbs288.lan

Re: UPG and the default umask

[Philipp Kern]

On 2010-05-18, Harald Braumann  wrote:
> If the umask is 022 and you create a setgid
> directory and forget to change the umask, you will quickly realise
> that things are not working as expected and fix it. If the umask is
> 002 and you add your Debian system to a non-UPG environment and forget
> to change the umask, things will still work perfectly but you put all
> your files at risk and might not even realise it until it is too
> late.

I guess we need a Debian Administration Best Practises Guide.  There are
many stupid things you can do while being root, with things still working
perfectly.

But then somebody would need to take care of the document (i.e. a
continuations of the release notes for future generations).

Kind regards,
Philipp Kern



-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/slrnhv568l.91l.tr...@kelgar.0x539.de

Re: UPG and the default umask

[Bastien ROUCARIES]

On Tue, May 18, 2010 at 3:12 PM, Harald Braumann  wrote:
> On Tue, May 18, 2010 at 10:08:17AM +, Philipp Kern wrote:
>> On 2010-05-18, Christoph Anton Mitterer  wrote:
>> > Not to speak about, that UPG is anyway a questionable abuse of the
>> > user/group concept.
>> >
>> > Neither to speak about the fact, that in the 17 years debian exists
>> > now,... no majority missed that "feature" (apparently).
>>
>> So you present that as universal facts as if you've booked the truth
>> (possibly a bad translation of a German saying).
>>
>> I think that feature is useful for all those who don't want to mess
>> with ACLs.  If you are not allowed to use ACLs and don't have UPG
>> with sane umasks collaboration is painful (see e.g. Debian infrastrure
>> with all users being in group Debian and default umask 0022 which
>> leads to wrong permissions in setgid directories, with ACLs being
>> disallowed).  So indeed I got a script which does newgrp and
>> setting the umask for me which I run whenever I want to do release
>> tasks.  But it would be more sane if the user wouldn't have to
>> care about that.
>
> Let me quote from the comments in /etc/login.defs:
>
> # 022 is the "historical" value in Debian for UMASK when it was used
> # 027, or even 077, could be considered better for privacy
> # There is no One True Answer here : each sysadmin must make up his/her
> # mind.
>
> And that's exactly the problem: there is no one-size-fits-all
> for the umask. Yes, for collaboration in a setgid directory you'd have
> to use 002 and thanks to UPG this is possible without compromising
> security. But I consider this just a special case. There are
> cases where Debian runs in a non-UPG environment, where you can't use
> that umask. And I don't think that's uncommon. Think of a mixed
> environment with Windows, where you might have a samba domain in LDAP. And
> last time I checked, the smbldap-tools didn't support UPG.

Could you fill a bug report against smbldap-tools ?


> So whatever value is used as the default, half of the users will have
> to change it anyway, to fit their needs. And in such a case, where
> there is no single optimal value, I'd rather have the most
> conservative as default.
>
> If the umask is 022 and you create a setgid
> directory and forget to change the umask, you will quickly realise
> that things are not working as expected and fix it. If the umask is
> 002 and you add your Debian system to a non-UPG environment and forget
> to change the umask, things will still work perfectly but you put all
> your files at risk and might not even realise it until it is too
> late.

Why not add a security dialog and assistant for installing and
upgrading the system?
It will ease the transition and fit allt the need, documenting
drawbacks and advantages of each scheme ?

And offer a sensible default choice (and skip button) for desktop user ?

Regards

Bastien

> Cheers,
> harry
>
>


--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/aanlktin92rw-krk1jajy6knyqm6z-mzt4hd8wzchf...@mail.gmail.com

Bug#582119: ITP: zathura -- zathura is a highly customizable and functional PDF viewer

[André Paramés Pereira]

Package: wnpp
Severity: wishlist
Owner: "André Paramés Pereira" 


* Package name: zathura
  Version : 0.0.3
  Upstream Author : neldoreth 
* URL : http://zathura.pwmt.org/
* License : zlib/libpng
  Programming Lang: C
  Description : zathura is a highly customizable and functional PDF viewer

 zathura is a highly customizable and functional PDF viewer based on the
 poppler rendering library and the gtk+ toolkit. The idea behind zathura
 is an application that provides a minimalistic and space saving
 interface as well as an easy usage that mainly focuses on keyboard
 interaction.
 
 Features:
* Commandline completion
* Statusbar
* Notification system
* Highly customizable
* Buffered commands

 Functionality:
* Open (encrypted) PDF documents
* Navigate, scroll, rotate, zoom
* Search in the document
* Show document information
* Bookmark pages
* Export image and attachments
* Print whole document or 
just specific sites



signature.asc
Description: Digital signature

Bug#582120: ITP: lightspark -- High-performance SWF player (experimental)

[Didier Raboud]

Package: wnpp
Severity: wishlist
Owner: Didier Raboud 

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

  Package name: lightspark
  Version : 0.3.1
  Upstream Author : Alessandro Pignotti  and others
  URL : http://lightspark.sourceforge.net/
  License : GPLv3+
  Programming Lang: C++
  Description : High-performance SWF player (experimental)

 Lightspark is a free Flash player for Linux which aims for high-performance
 by using modern technologies such as JIT compilation and OpenGL shaders.
 .
 The project is currently in an alpha status, we provide the standalone
 player and mozilla plugin for testing purposes only.
 .
 Nice features:
 * JIT compilation of ActionScript to native x86 bytecode
 * Hardware accelerated rendering using OpenGL shaders (GLSL)
 * Aims to support current-generation ActionScript 3
 * A new, clean, codebase exploiting multithreading and optimized for modern
   hardware. Designed from scratch after the official Flash documentation was
   released.


This package already exists as a Ubuntu PPA [0] and is really experimental for
now; I intend to reuse that packaging.

Cheers, 

OdyX

[0] https://launchpad.net/~sssup/+archive/sssup-ppa 

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)

iJwEAQECAAYFAkvyn3UACgkQ884eR6Y9JhT3pgP/SNJTTM4aZXWV7AelMkblXPCP
hKHv12+5uASaNkyFwo5zgoWkvLCwPMCvVpnbWwofk9sT4iqZzPNpAx8kvDTxjNxg
pe/P/4XF/exsJX0jawCotMSP4Ooda8Z+3KUCLVIhQT2GkLcjk2taH+YzQqdnKgpC
Sj2tRc6ylBJi4e2Ergw=
=4VZc
-END PGP SIGNATURE-



-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20100518140902.19412.73322.report...@tamino

Re: UPG and the default umask

[Harald Braumann]

On Tue, May 18, 2010 at 03:40:06PM +0200, Bastien ROUCARIES wrote:
> On Tue, May 18, 2010 at 3:12 PM, Harald Braumann  wrote:
> > On Tue, May 18, 2010 at 10:08:17AM +, Philipp Kern wrote:
> >> On 2010-05-18, Christoph Anton Mitterer  wrote:
> >> > Not to speak about, that UPG is anyway a questionable abuse of the
> >> > user/group concept.
> >> >
> >> > Neither to speak about the fact, that in the 17 years debian exists
> >> > now,... no majority missed that "feature" (apparently).
> >>
> >> So you present that as universal facts as if you've booked the truth
> >> (possibly a bad translation of a German saying).
> >>
> >> I think that feature is useful for all those who don't want to mess
> >> with ACLs.  If you are not allowed to use ACLs and don't have UPG
> >> with sane umasks collaboration is painful (see e.g. Debian infrastrure
> >> with all users being in group Debian and default umask 0022 which
> >> leads to wrong permissions in setgid directories, with ACLs being
> >> disallowed).  So indeed I got a script which does newgrp and
> >> setting the umask for me which I run whenever I want to do release
> >> tasks.  But it would be more sane if the user wouldn't have to
> >> care about that.
> >
> > Let me quote from the comments in /etc/login.defs:
> >
> > # 022 is the "historical" value in Debian for UMASK when it was used
> > # 027, or even 077, could be considered better for privacy
> > # There is no One True Answer here : each sysadmin must make up his/her
> > # mind.
> >
> > And that's exactly the problem: there is no one-size-fits-all
> > for the umask. Yes, for collaboration in a setgid directory you'd have
> > to use 002 and thanks to UPG this is possible without compromising
> > security. But I consider this just a special case. There are
> > cases where Debian runs in a non-UPG environment, where you can't use
> > that umask. And I don't think that's uncommon. Think of a mixed
> > environment with Windows, where you might have a samba domain in LDAP. And
> > last time I checked, the smbldap-tools didn't support UPG.
> 
> Could you fill a bug report against smbldap-tools ?

There is already an upstream bug [0], but even if it get's
implemented, that wouldn't magically change all systems out there
running non-UPG

> 
> 
> > So whatever value is used as the default, half of the users will have
> > to change it anyway, to fit their needs. And in such a case, where
> > there is no single optimal value, I'd rather have the most
> > conservative as default.
> >
> > If the umask is 022 and you create a setgid
> > directory and forget to change the umask, you will quickly realise
> > that things are not working as expected and fix it. If the umask is
> > 002 and you add your Debian system to a non-UPG environment and forget
> > to change the umask, things will still work perfectly but you put all
> > your files at risk and might not even realise it until it is too
> > late.
> 
> Why not add a security dialog and assistant for installing and
> upgrading the system?
> It will ease the transition and fit allt the need, documenting
> drawbacks and advantages of each scheme ?

A umask of 022 is the right choice for most people and at least
doesn't put the others at risk. Everyone, who knows what a setgid
directory is and how it works, will also know, that there are certain
requirements on the umask. And the others really don't care, as long
as their security is not compromised.

There is really no need to force everyone to make a useless decision,
just for the sake of a change to make life of a specific minority easier.

Cheers,
harry

[0] http://gna.org/support/?2040


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20100518141606.gb4...@sbs288.lan

Re: APT do not work with Squid as a proxy because of pipelining default

[brian m. carlson]

On Tue, May 18, 2010 at 02:09:13PM +0200, Mike Hommey wrote:
> Mozilla browsers have had pipelining disabled for years, because
> reality is that a whole lot of servers don't implement it properly if at
> all.

Actually, I've had pipelining enabled for some time, and it works just
fine for me.  I have had zero problems with it.  And this is with
Iceweasel.

-- 
brian m. carlson / brian with sandals: Houston, Texas, US
+1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only
OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187


signature.asc
Description: Digital signature

Re: UPG and the default umask

[Hendrik Sattler]

Am Dienstag 18 Mai 2010, 12:49:08 schrieb Christoph Anton Mitterer:
> > If you are not allowed to use ACLs
> 
> That's no reason for UPGs to exist, is it?
> All important filesystems support ACLs, right? All kernels in Debian and
> do so, right? So technically, no problem.
> So being "not allowed" probably means organisational issues, right? But
> then talk to your admins.
> 
> What's done here is to abuse a system just to workaround something else
> ("don't have/want to ACLs), right?

Do  e.g. backup system deal well with ACLs? The standard tar doesn't, except 
when you script around it... or if you use star.

HS


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/201005181738.07833.p...@hendrik-sattler.de

Bug#582133: ITP: libpod-weaver-perl -- Perl module to weave together a Pod document from an outline

[Ansgar Burchardt]

Package: wnpp
Severity: wishlist
Owner: Ansgar Burchardt 
Owner: Ansgar Burchardt 

* Package name: libpod-weaver-perl
  Version : 3.101270
  Upstream Author : Ricardo SIGNES 
* URL : http://search.cpan.org/dist/Pod-Weaver/
* License : Artistic or GPL-1+ (like Perl)
  Programming Lang: Perl
  Description : Perl module to weave together a Pod document from an outline

 Pod::Weaver is a system for building Pod documents from templates. It doesn't
 perform simple text substitution, but instead builds a
 Pod::Elemental::Document. Its plugins sketch out a series of sections that
 will be produced based on an existing Pod document or other provided
 information.



-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/20100518155748.9355.49360.report...@marvin.43-1.org

Bug#582135: ITP: freespacenotifier -- free space notification module for KDE

[Sune Vuorela]

Package: wnpp
Severity: wishlist
Owner: Sune Vuorela 


* Package name: freespacenotifier
  Version : svn snapshot
  Upstream Author : Ivo Anjo  and others
* URL : 
* License : GPL
  Programming Lang: C++
  Description : free space notification module for KDE

 This module notifies the user when space is running out in 
 /home or in one of the other directories, where you can configure 
 freespacenotifier to monitor.
 .
 More technically, this package provides a module for kded, the KDE Daemon


The content of this package will also be shipped as a part of KDE SC 4.5, where 
this package will be removed



-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20100518153258.3548.69083.report...@pusling

Bug#582138: ITP: libdist-zilla-plugin-podweaver-perl -- Dist::Zilla plugin to use Pod::Weaver to generate Pod documentation

[Ansgar Burchardt]

Package: wnpp
Severity: wishlist
Owner: Ansgar Burchardt 
Owner: Ansgar Burchardt 

* Package name: libdist-zilla-plugin-podweaver-perl
  Version : 3.100710
  Upstream Author : Ricardo SIGNES 
* URL : http://search.cpan.org/dist/Dist-Zilla-Plugin-PodWeaver/
* License : Artistic or GPL-1+
  Programming Lang: Perl
  Description : Dist::Zilla plugin to use Pod::Weaver to generate Pod 
documentation

 Dist::Zilla::Plugin::PodWeaver is the bridge between Dist::Zilla and
 Pod::Weaver. It rips apart your kinda-Pod and reconstructs it as boring old
 real Pod.



-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/20100518160322.9460.96701.report...@marvin.43-1.org

Bug#582140: ITP: django-permissions -- generic per-object permissions for Django

[Fladischer Michael]

Package: wnpp
Severity: wishlist
Owner: Fladischer Michael 

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

* Package name: django-permissions
  Version : 1.0b2
  Upstream Author : Kai Diefenbach 
* URL : http://pypi.python.org/pypi/django-permissions/
* License : BSD
  Programming Lang: Python
  Description : generic per-object permissions for Django

A generic framework for per-object permissions for Django. Permissions
on objects can be granted to roles (and only to roles) in order to allow 
something to users or groups which have these roles.


-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkvyvGkACgkQeJ3z1zFMUGY9YQCfaN4gLuw4d0e7erBkndWkFcVe
Q1sAn0/DSfHuMWCcSBHsxuM1zp1eVcgF
=FSJT
-END PGP SIGNATURE-



-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/20100518161227.31862.54845.report...@fladi-uni.broker.freenet6.net

Re: SRWare Iron: Chromium without the data-mining

[Ryan Oram]

On Tue, May 18, 2010 at 4:32 AM, Fabian Greffrath  wrote:
>> With Mozilla disregarding H.264, the community needs a full
>> browser capable of H.264 video playback without the privacy issues of
>> Chrome.
>
> 
>
> You may need to install some additional gstreamer plugins, though.
>
> Cheers,
> Fabian
>

Epiphany has iffy tabbed browsing support and the Javascript engine is
incomplete (I can't edit posts on many forums for example). It's a
great browser and should be worked on, but we should take as many
avenues as possible.

Epiphany is actually the default browser in infinityOS.

Thanks,
Ryan


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/aanlktimyajmooje8tlmmawzmocvtrxyqccl09js5a...@mail.gmail.com

Re: UPG and the default umask

[Andrei Popescu]

On Tue,18.May.10, 16:16:06, Harald Braumann wrote:
 
> A umask of 022 is the right choice for most people and at least
> doesn't put the others at risk. Everyone, who knows what a setgid
> directory is and how it works, will also know, that there are certain
> requirements on the umask. And the others really don't care, as long
> as their security is not compromised.

Except for the other group of "others", who have no idea what setgid is, 
don't care too much about security and just wonder why it is so 
difficult to share files with another user on the same machine.

But it doesn't matter, they'll just go back to Windows anyway.  
It's better suited for home users anyway.

Regards,
Andrei
-- 
Offtopic discussions among Debian users and developers:
http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic


signature.asc
Description: Digital signature

Re: APT do not work with Squid as a proxy because of pipelining default

[Goswin von Brederlow]

Luigi Gangitano  writes:

> Il giorno 17/mag/2010, alle ore 09.02, Goswin von Brederlow ha scritto:
>> Given that squid already has a patch, although only for newer versions,
>> this really seems to be a squid bug. As such it should be fixed in
>> squid as not only apt might trigger the problem.
>
> Goswin, can you please point me to the patch you mention?
>
>> That said setting the Pipeline-Depth to 0 as default or when a proxy is
>> configured might be advisable. Adding a apt.conf.d sniplet to the stable
>> apt should be a trivial change. Much simpler than fixing squid itself.
>> 
>> And in testing/unstable one can fix it properly or update squid to 3.0.
>
> I assume that squid3 is not affected by this bug, do you confirm this? If the 
> patch you mentioned is related to squid3 a backport may or may not be 
> feasible, but should try. :-)
>
> Regards,
>
> L

It was mentioned in an earlier mail that the issue was fixed in squid 3
but the patch doesn't apply to 2.x. No idea where that patch is, check
the previous mails.

MfG
Goswin


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/877hn13yz0@frosties.localdomain

Re: SRWare Iron: Chromium without the data-mining

[Ryan Oram]

"Chrome Incognito Tracks Visited Sites"
http://www.lewiz.org/2010/05/chrome-incognito-tracks-visited-sites.html

This seems to be becoming a theme. As Chromium has much of the same
privacy issues as Chrome (SRWare Iron is made from Chromium and the
code is striped from Chromium), this "feature" is surely in Chromium
as well.

I find this completely unacceptable.

Thanks,
Ryan


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/aanlktimdcjjkcuvaunhlnecjxg4eiraqsz361xso9...@mail.gmail.com

Re: SRWare Iron: Chromium without the data-mining

[Ryan Oram]

On 18 May 2010, Philipp Kern  wrote:
>No, we don't (unless trademark rules apply).  It's Chromium, not Chrome btw,
>that site doesn't speak a word about Chromium.
>
>Kind regards,
>Philipp Kern

Most of the privacy issues of Chrome are present in Chromium as well.
These "features" need to be removed or, at the very least, made
completely opt-in.

Thanks,
Ryan


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/aanlktini6xvfirw3tushgafaznjx-f_jez36tt48n...@mail.gmail.com

Re: UPG and the default umask

[Christoph Anton Mitterer]

On Tue, 2010-05-18 at 17:38 +0200, Hendrik Sattler wrote:
> Do  e.g. backup system deal well with ACLs?
Definitely not all,... but I guess those should be fixed anyway (totally
regardless of UPGs/umask issues)...


> The standard tar doesn't, except 
> when you script around it... or if you use star.
I think you're right for GNU's upstream sources,... but if I remember
correctly, Fedora and RHEL ship patches, which enable support for ACLs,
xattrs, and SELinux.

Will file a wishlist bug against Debian's tar when I find them :)


Cheers,
Chris.


smime.p7s
Description: S/MIME cryptographic signature

Re: SRWare Iron: Chromium without the data-mining

[John Moser]

Shut up.  You're whining like a raving politicized lune and nobody is
listening to your monologue.

Apply some critical thinking skills.  It's a bug in a special mode of a
browser, a mode that doesn't store history/cookies.  It's not (known to be)
sharing anything with the 'net, so it's innocuous as known.  Nobody can
agree on if it even works; or if it does, if it works between sessions.

I suppose when a cloud goes in front of the sun you panic and look up to
check if the sun is dying.

On May 18, 2010 1:24 PM, "Ryan Oram"  wrote:

On Tue, May 18, 2010 at 1:12 PM, Ryan Oram  wrote: >
"Chrome Incognito Tracks V...
The above seems to be an oversight on Google's part. But the fact that
it hasn't been fixed, despite being known for over a month, is a good
indicator that Google isn't too concerned about privacy...

Thanks, Ryan -- Ubuntu-devel-discuss mailing list
ubuntu-devel-disc...@lists.ubuntu.com Modify se...

Re: SRWare Iron: Chromium without the data-mining

[Joe Terranova]

Don't hold back, John. Tell us how you really feel.

On Tue, May 18, 2010 at 1:30 PM, John Moser  wrote:
> Shut up.  You're whining like a raving politicized lune and nobody is
> listening to your monologue.
>
> Apply some critical thinking skills.  It's a bug in a special mode of a
> browser, a mode that doesn't store history/cookies.  It's not (known to be)
> sharing anything with the 'net, so it's innocuous as known.  Nobody can
> agree on if it even works; or if it does, if it works between sessions.
>
> I suppose when a cloud goes in front of the sun you panic and look up to
> check if the sun is dying.
>
> On May 18, 2010 1:24 PM, "Ryan Oram"  wrote:
>
> On Tue, May 18, 2010 at 1:12 PM, Ryan Oram  wrote: >
> "Chrome Incognito Tracks V...
>
> The above seems to be an oversight on Google's part. But the fact that
> it hasn't been fixed, despite being known for over a month, is a good
> indicator that Google isn't too concerned about privacy...
>
> Thanks, Ryan -- Ubuntu-devel-discuss mailing list
> ubuntu-devel-disc...@lists.ubuntu.com Modify se...
>
> --
> Ubuntu-devel-discuss mailing list
> ubuntu-devel-disc...@lists.ubuntu.com
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
>
>


--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/aanlktil3jmoj07nkxwsstzj8ouweyzlce-oxi1i50...@mail.gmail.com

Re: SRWare Iron: Chromium without the data-mining

[Ryan Oram]

On Tue, May 18, 2010 at 1:12 PM, Ryan Oram  wrote:
> "Chrome Incognito Tracks Visited Sites"
> http://www.lewiz.org/2010/05/chrome-incognito-tracks-visited-sites.html
>
> This seems to be becoming a theme. As Chromium has much of the same
> privacy issues as Chrome (SRWare Iron is made from Chromium and the
> code is striped from Chromium), this "feature" is surely in Chromium
> as well.
>
> I find this completely unacceptable.
>
> Thanks,
> Ryan
>

The above seems to be an oversight on Google's part. But the fact that
it hasn't been fixed, despite being known for over a month, is a good
indicator that Google isn't too concerned about privacy...

Thanks,
Ryan


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/aanlktilqlvsii_nb8k_q1gqulqe7x0gxb71-i9h42...@mail.gmail.com

MusicBrainz transition may be required

[Martin Michlmayr]

I noticed a potentially serious problems with MusicBrainz support in
Debian.  MusicBrainz provides two interfaces: the old RDF interface
and a new one based on XML.  According to their wiki, RDF support will
go away in the near future:

http://musicbrainz.org/doc/Web_Service
http://blog.musicbrainz.org/?p=392

However, from what I can tell, most things in Debian use the old
MusicBrainz library which only does RDF.

We have two MusicBrainz libraries in Debian:

Package: libmusicbrainz3
Binary: libmusicbrainz3-6, libmusicbrainz3-dev

Package: libmusicbrainz-2.1
Binary: libmusicbrainz4-dev, libmusicbrainz4c2a, python-musicbrainz

(not sure why the soname of 2.1 is higher of that of version 3)

Version 2.1 provides the old RDF interface which will go away.
Version 3 uses the new XML interface.  These libraries have different
APIs.

Now as far as I can tell, most things in Debian link against
libmusicbrainz4c2a, i.e. the old library.  It seems we need a
migration to version 3.0 (which may involve updates to the code of
programs since the APIs are different).

I don't know much about MusicBrainz but from what I found it's likely
that MusicBrainz support will break during the lifetime of squeeze
unless we plan a migration now.  Any volunteers?

-- 
Martin Michlmayr
http://www.cyrius.com/


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20100518184853.ga4...@jirafa.cyrius.com

Re: UPG and the default umask

[Harald Braumann]

If you want to answer, please do it on the list. I'm not interested in
a private discussion.

On Tue, May 18, 2010 at 04:23:24PM +0200, Bernhard R. Link wrote:
> * Harald Braumann  [100518 16:16]:
> > There is already an upstream bug [0], but even if it get's
> > implemented, that wouldn't magically change all systems out there
> > running non-UPG
> 
> We are not talking about system running non-UPG here. Were are talking
> about newly installed systems, thus UPG systems.

There seems to be a widespread misconception, that there is only ever
one isolated machine that does local user management. I think it is
quite common in a network, to have users in LDAP or some other central
database. If I install a machine in such an environment, it has to
take whatever LDAP provides. I'm not going to change the whole user
management, just for a newly installed Debian machine. 

> > A umask of 022 is the right choice for most people and at least
> > doesn't put the others at risk.
> 
> Please do not troll.

I can not but yield to your conclusive argumentation and will from now
on be quiet on this matter. In any case, I think I have presented all
my arguments.

harry


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20100518193406.gc4...@sbs288.lan

caudium package up for discussion removal or adoption

[Henrik Andreasson]

Hi all!

I've maintained caudium for a while.
I've now stopped using it, partly because I work with apache and I've 
decided to switch my private installations to apache also but also 
because upstream is not very active but not all dead (whats the 
definition of dead upstream?).



So is there anybody out there willing to put in time on tha package, I'll 
be happy to help with any questions.


Right now it's removed from testing due to orig source contains non free 
font.


http://bugs.debian.org/cgi-bin/pkgreport.cgi?archive=no&pkg=caudium

If no one steps up in a week or so I'll file a removal request.

//Henrik


--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/alpine.deb.2.00.1005182155360.30...@knarr.gazonk.se

Re: SRWare Iron: Chromium without the data-mining

[Christoph Anton Mitterer]

Hi.

AFAIK, even Chrome has disabled most tracking stuff per default (except
those things which FF/etc. do too).

With chromium, it was regarded to be a (reportable) bug if anything that
is privacy sensitive could not be disabled, IIRC.

And regarding Iron,... the following might be interesting:
http://neugierig.org/software/chromium/notes/2009/12/iron.html

Cheers,
Chris.


smime.p7s
Description: S/MIME cryptographic signature

Re: UPG and the default umask

[Roger Lynn]

On 18/05/10 11:00, Christoph Anton Mitterer wrote:
> Not to speak about, that UPG is anyway a questionable abuse of the
> user/group concept.
> 
> Neither to speak about the fact, that in the 17 years debian exists
> now,... no majority missed that "feature" (apparently).

Debian has been using UPG for decades yet no one has complained about
it. Why didn't you raise a bug when UPG was first introduced?

People configuring Debian to run in a non-UPG environment can quite
easily also change the umask. As Debian uses UPG by default then the
default umask should be 0002. If you change one then you can change the
other at the same time.

Roger


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/4bf2ff5c.1070...@rilynn.me.uk

Bug#582181: ITP: libspring-security-3.0-java -- modular Java/J2EE application security framework

[Miguel Landaeta]

Package: wnpp
Severity: wishlist
Owner: Miguel Landaeta 
Owner: Miguel Landaeta 

* Package name: libspring-security-3.0-java
  Version : 3.0.2.RELEASE
  Upstream Author : SpringSource Inc.
* URL : 
http://static.springsource.org/spring-security/site/index.html
* License : Apache-2.0
  Programming Lang: Java
  Description : modular Java/J2EE application security framework

Spring Security is a Java/Java EE framework that provides advanced
authentication, authorization and other comprehensive security features for
enterprise applications. In addition to having a comprehensive list of
security functionality, Spring Security is very configurable and employs the
Spring Framework for configuration, it allows for reuse and portability of
security components, and it can also be used with non-Spring applications.

-- 
Miguel Landaeta, miguel at miguel.cc
secure email with PGP 0x7D8967E9 available at http://keyserver.pgp.com/
"Faith means not wanting to know what is true." -- Nietzsche



-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20100518221027.ga5...@miguel.cc

Re: SRWare Iron: Chromium without the data-mining

[Giuseppe Iuculano]

Il 18/05/2010 19:12, Ryan Oram ha scritto:
> "Chrome Incognito Tracks Visited Sites"
> http://www.lewiz.org/2010/05/chrome-incognito-tracks-visited-sites.html

I just backported upstream commit that fixes this huge privacy killer
bug...

> This seems to be becoming a theme. As Chromium has much of the same
> privacy issues as Chrome (SRWare Iron is made from Chromium and the
> code is striped from Chromium), this "feature" is surely in Chromium
> as well.
> I find this completely unacceptable.

Please report[1] these privacy issues more explicitly than referring to
a related blog post.

[1]http://www.debian.org/Bugs/Reporting

Cheers,
Giuseppe



signature.asc
Description: OpenPGP digital signature

Re: APT do not work with Squid as a proxy because of pipelining default

[Roger Lynn]

On 18/05/10 03:10, Robert Collins wrote:
> Given that pipelining is broken by design, that the HTTP WG has
> increased the number of concurrent connections that are recommended,
> and removed the upper limit - no. I don't think that disabling
> pipelining hurts anyone - just use a couple more concurrent
> connections.

But apt has been using pipelining for years. Why has this only just
become a problem? Not all proxies dislike pipelining - Polipo is an
example of one that works well with it. It also works with at least some
proprietary/commercial proxies too. And if transparent proxies can't
cope with pipelining then they're broken and not very transparent. I
think if this was a significant problem it would have been noticed a
long time ago. However disabling pipelining if a proxy is configured is
probably a good idea to ensure compatibility and is commonly done in
browsers, but it's not necessary for direct connections.

Roger


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/4bf31d2e.7020...@rilynn.me.uk

Re: SRWare Iron: Chromium without the data-mining

[Ryan Oram]

>From the Ubuntu mailing list, in case of you aren't subscribed there:

On Tue, May 18, 2010 at 8:27 PM, Dane Mutters  wrote:
> I think some of you would be interested in reading this page that
> (allegedly) documents some of the (allegedly) somewhat shady
> beginnings of Iron:
>
> http://neugierig.org/software/chromium/notes/2009/12/iron.html
>
> If this information is correct, then I heavily question that Iron is a
> worthwhile project/fork at all, as opposed to being a way to garner
> publicity and money from fear mongering and (amusingly enough) Google
> advertisements on their web page.
>
> --Dane

I wasn't aware of this when I posted this thread on the mailing list.
I still feel, however, the suggestion and DNS-prefetching features be
made opt-in.

Thanks,
Ryan


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/aanlktinyqzzkcrfosodfqddru1tyyatdmhxrgi0ea...@mail.gmail.com

Re: APT do not work with Squid as a proxy because of pipelining default

[Robert Collins]

Well, I don't know why something has 'suddenly' become a problem: its
a known issue for years. The HTTP smuggling
[http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf]
attacks made that very obvious 5 years ago now.

http://en.wikipedia.org/wiki/HTTP_pipelining has a decent overview.

Its nice an interesting that some recent software has it on, but that
is generally because the authors don't realise how broken it is,
IMNSHO :).

-Rob


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/aanlktikdep4hoghns30kc-jryxqba9fmudd9-dvjf...@mail.gmail.com

Re: APT do not work with Squid as a proxy because of pipelining default

[Brian May]

On 19 May 2010 13:51, Robert Collins  wrote:
> Well, I don't know why something has 'suddenly' become a problem: its
> a known issue for years. The HTTP smuggling
> [http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf]
> attacks made that very obvious 5 years ago now.

>From my Internet connection, that link seems to be a redirect to
http://www-01.ibm.com/software/rational/offerings/websecurity/, which
doesn't say anything about http security issues.

> http://en.wikipedia.org/wiki/HTTP_pipelining has a decent overview.

I cannot see anything about brokenness of HTTP pipelining here... Did
I miss something?
-- 
Brian May 


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/aanlktincd4paqge1xzpwxwn3ilenm1fzanva4qyg5...@mail.gmail.com

Bug#582202: ITP: gedit-r-plugin -- Gedit plugin for R statistical computing language

[Mateusz Kaduk]

Package: wnpp
Severity: wishlist
Owner: Mateusz Kaduk 


* Package name: gedit-r-plugin
  Version : 0.7.0
  Upstream Author : Dan Dediu 
* URL : http://rgedit.sourceforge.net/
* License : GPL3
  Programming Lang: Python
  Description : Gedit plugin for R statistical computing language



-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/20100519035601.25760.50981.report...@mtbl010.op.umcutrecht.nl

Re: APT do not work with Squid as a proxy because of pipelining default

[Robert Collins]

Bah, link staleness.

http://www.cgisecurity.com/lib/HTTP-Request-Smuggling.pdf just worked for me.

Also, I realise that there may be a disconnect here: squid *shouldn't*
break if a client attempts to pipeline through it - if it is, thats a
bug to be fixed, squid just will not read the second request until the
first one is completed.

-Rob


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/aanlktik7h4lpnxpyhpwb1x2qlyrv_c6d9fmiqybbg...@mail.gmail.com

Re: APT do not work with Squid as a proxy because of pipelining default

[Petter Reinholdtsen]

[Roger Lynn]
> But apt has been using pipelining for years. Why has this only just
> become a problem?

It has been a problem in Debian Edu for years.  Just recently I
figured out the cause and a workaround.

Happy hacking,
-- 
Petter Reinholdtsen


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/2flpr0sjvpa@login1.uio.no

Re: About new source formats for packages without patches

[Guillem Jover]

Hi!

On Fri, 2010-03-26 at 09:25:38 +0100, Raphael Hertzog wrote:
> On Fri, 26 Mar 2010, Neil Williams wrote:
> > Now all I need is for dpkg to accept that the absence of
> > debian/source/format is declarative of source format 1.0.
> 
> That's the case _for now_.  
> 
> > packages don't need to be changed merely to state the obvious.
> 
> They need because the dpkg maintainers have decided that it might
> not be the case indefinitely.

Few things first. I don't think we should “ever” remove extraction
support for older formats (be it source or binary), we should be able to
easily analyze older content. We might want to remove creation support
for older formats at some point in the *distant* future, though. And I
don't really see any problem with that, we routinely remove support for
deprecated stuff all over the place in Debian, given proper transition
periods.

I understand Raphaël's eagerness to see a fast switch, given his
investment on the new formats, and as I obviously consider them a big
improvement too. But I don't think it's appropriate to rush it, when we
are just at the beginning of being able to use newer source formats,
when there's still things being polished on them, for easier use, for
different workflows, etc; when higher level tools support is still
immature. It has neither seemed appropriate some of the excessively
combative, aggressive and personal comments recently seen, when I think
there's been will to accommodate for changes to the formats and tools.

So, even if the uptake seems pretty fast, I agree it's still too soon
to even show warnings. Once (and if) the archive has switched a big
proportion, then we can start warning that the format needs to be
explicit (lintian mostly, dpkg-source's current warning is not really
visible anyway so I think it's fine to leave it there). And only when
a tiny fraction is still using 1.0, and only then, we can _consider_,
after appropriate debate, a possible plan for a removal of source
format 1.0 creation.

regards,
guillem


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20100519062140.ga19...@gaara.hadrons.org

Re: SRWare Iron: Chromium without the data-mining

[Obey Arthur Liu]

On Wed, May 19, 2010 at 2:39 AM, Ryan Oram  wrote:

> >From the Ubuntu mailing list, in case of you aren't subscribed there:
>
> On Tue, May 18, 2010 at 8:27 PM, Dane Mutters  wrote:
> > I think some of you would be interested in reading this page that
> > (allegedly) documents some of the (allegedly) somewhat shady
> > beginnings of Iron:
> >
> > http://neugierig.org/software/chromium/notes/2009/12/iron.html
> >
> > If this information is correct, then I heavily question that Iron is a
> > worthwhile project/fork at all, as opposed to being a way to garner
> > publicity and money from fear mongering and (amusingly enough) Google
> > advertisements on their web page.
> >
> > --Dane
>
> I wasn't aware of this when I posted this thread on the mailing list.
> I still feel, however, the suggestion and DNS-prefetching features be
> made opt-in.
>

Take it to upstream and let this thread end.
And please don't crosspost the -devel lists of multiple Linux distributions.

Cheers

Arthur