Re: Equivalent packages between Linux distributions
[Silvio Cesare] > Do you think such a list could be useful to Debian? A possible use > would be that a user could identify an equivalent package knowing > only Fedora's package name. I've been looking into a similar task the last few days, to try to track security issues in multiple distributions and locally maintained software. The Common Platform Enumeration dictionary, http://nvd.nist.gov/cpe.cfm >, provide a common vocabulary for packages, and it would be very useful if Debian would provide the CPE entry for each of the packages in the archive. The CPE dictionary contain IDs for packages (applications), operating systems and hardware, and allow these IDs to be used to look up CVEs. If such IDs were provided the packages in for linux distributions, it would be trivial to find equivalent packages. The package/application IDs look like this, for a few of the packages in the Debian archive. cpe:/a:bash:bash:4.1 cpe:/a:gnu:gzip:1.3.12 cpe:/a:apache:subversion:1.6.12 cpe:/a:apache:http_server:2.2.16 The IDs can also be used without version numbers. It would be great if you or someone else could provide a mapping from distribution packages to CPE entries. :) Happy hacking, -- Petter Reinholdtsen -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/2flaaip46qu@login2.uio.no
ITP: fizsh -- Friendly Interactive ZSHell
Package: wnpp Severity: wishlist Owner: Guido van Steen * Package name: fizsh Version : 1.0.1-1 Upstream Author : Guido van Steen * URL : http://sourceforge.net/projects/fizsh/ * License : BSD Programming Lang: Shell Description : Friendly Interactive ZSHell Fizsh is a frontend to Zsh. It provides the user with interactive syntax highlighting and a Matlab-like history search facility. At the same time it can handle Bourne syntax. -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/AANLkTi=60s8kshsp71s1tbgj4hzy-aocduy8hax9c...@mail.gmail.com
Re: Bits from the Security Team (for those that care about bits)
On Sun, Jan 23, 2011 at 11:32:07PM +0100, Thijs Kinkhorst wrote: > * README.test > > Although many packages include a test suite that is run after package build, > there are packages that do not have such a suite, or not one that can be > run as part of the build process. It was proposed to standardise on a > README.test file, analogous to README.source, describing to others than the > regular maintainer how the package's functionality can properly be tested. > This is something we would like to see discussed and implemented for the > Wheezy development cycle. Wouldn't it be more prudent to have this be part of README.source? That was always meant as a document for human consumption, to help the casual maintainer or NMU'er understand how the package works, and help them be able to work on it. Since 'testing the result' is very much part of 'working on a package,' I believe it belongs there; and such a description would certainly fall under the "debian/README.source may also include any other information that would be helpful to someone modifying the source package" sentence in the final paragraph If people aren't doing this, then perhaps a minor policy amendment to add 'test suite usage' as one of the examples in that final paragraph could make sense. OTOH, explicitly adding more and more examples when that part of policy already explicitly mentions that you can put 'any other information that would be helpful' in there could be confusing. Regards, -- The biometric identification system at the gates of the CIA headquarters works because there's a guard with a large gun making sure no one is trying to fool the system. http://www.schneier.com/blog/archives/2009/01/biometrics.html -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110125152620.gs3...@celtic.nixsys.be
Cedilla removed from sid, users complain
Hi, I'm upstream for Cedilla [1,2], which has been orphaned and removed from Sid. I'm receiving e-mail from Debian users of Cedilla, asking me what is the suggested replacement. What shall I answer? --Juliusz [1] http://www.pps.jussieu.fr/~jch/software/cedilla/ [2] http://packages.debian.org/lenny/cedilla pgpjyPPSwJ8xE.pgp Description: PGP signature
Re: Cedilla removed from sid, users complain
On Tue, Jan 25, 2011 at 07:14:39PM +0100, Juliusz Chroboczek wrote: > I'm upstream for Cedilla [1,2], which has been orphaned and removed from > Sid. I'm receiving e-mail from Debian users of Cedilla, asking me what > is the suggested replacement. What shall I answer? See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=610903 -- WBR, wRAR signature.asc Description: Digital signature
Re: Equivalent packages between Linux distributions
Petter Reinholdtsen wrote: [...] > It would be great if you or someone else could provide a mapping from > distribution packages to CPE entries. :) It would be great if anyone could make any progress on that. Some time ago it was mentioned as a possible way to automate the processing of new CVE ids (i.e. when MITRE publishes the description and other info) and to detect incorrect Not-For-Us entries in the security tracker. One way to get started is by using the tracker's list of affected packages per CVE and match them with the CPEs provided by MITRE. It would be even better if in the future that information is provided by source packages themselves. Cheers, -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/ihn599$8pd$1...@dough.gmane.org
Re: Cedilla removed from sid, users complain
On 01/25/2011 02:36 PM, Andrey Rahmatullin wrote: > On Tue, Jan 25, 2011 at 07:14:39PM +0100, Juliusz Chroboczek wrote: >> I'm upstream for Cedilla [1,2], which has been orphaned and removed from >> Sid. I'm receiving e-mail from Debian users of Cedilla, asking me what >> is the suggested replacement. What shall I answer? > See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=610903 > Also, there may be some possible alternatives in: $ debtags search "use::converting && works-with::unicode && works-with-format::postscript" gnome-u2ps - tool to convert UTF-8 text to PostScript groff - GNU troff text-formatting system groff-base - GNU troff text-formatting system (base system components) halibut - yet another free document preparation system paps - UTF-8 to PostScript converter using Pango gnome-u2ps was already mentioned. paps perhaps, if you're allergic to gnome? sadly, i got nowhere with "debtags related cedilla" so i had to resort to hand-picking some relevant tags. Ben -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4d3f1bf6.1060...@sanctuary.nslug.ns.ca
Re: Cedilla removed from sid, users complain
Thanks to both of you -- I've forwarded your messages to my (soon-to-be former, sigh) users. --Juliusz pgpdCt7J6BkEQ.pgp Description: PGP signature
Re: Equivalent packages between Linux distributions
[Raphael Geissert] > It would be great if anyone could make any progress on that. Yeah. > Some time ago it was mentioned as a possible way to automate the > processing of new CVE ids (i.e. when MITRE publishes the description > and other info) and to detect incorrect Not-For-Us entries in the > security tracker. Yes. I did a quick implementation here at the university for tracking our localy maintained software, and today mapped around 150 package/version pairs to CPEs allowing me to see which of our packages had known security holes. > One way to get started is by using the tracker's list of affected > packages per CVE and match them with the CPEs provided by MITRE. It > would be even better if in the future that information is provided > by source packages themselves. I suspect doing it manually is just as easy for now. The 2240 entries in my /var/lib/debsecan/history file only represent 293 binary packages, which should be quick to look up in the CPE dictionary. If it is to be stored in the source package, I suspect putting it directly in the control file alongside the homepage URL make most sense. It would allow anyone to figure out relevant CVEs and make it trivial to compare Debian and Ubuntu derivatives for the packages originating from Debian. Perhaps something like: Xs-CPE: cpe:/a:bash:bash in debian/control would do it? To get a versioned CPE, ":$version" could be appended. Happy hacking, -- Petter Reinholdtsen -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/2fl39ogais0@login1.uio.no
Re: Cedilla removed from sid, users complain
On 01/25/2011 03:09 PM, Juliusz Chroboczek wrote: > Thanks to both of you -- I've forwarded your messages to my (soon-to-be > former, sigh) users. Minus the false hits from my search, I hope? My main point was to illustrate debtags is a nice tool for finding related packages (some time I'll try to figure out why 'related' didn't work for me, as that would have been ideal). Ben -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4d3f2474.3080...@sanctuary.nslug.ns.ca
Bug#611133: ITP: iucode-tool -- Intel Processor microcode tool
Package: wnpp Severity: wishlist Owner: Henrique de Moraes Holschuh * Package name: iucode-tool Version : 0.5 Upstream Author : Henrique de Moraes Holschuh * URL : none yet * License : GPL v2 or later Programming Lang: C Description : Intel Processor microcode tool iucode-tool is a program to manipulate Intel® X86 and X86-64 processor microcode collections, and to use the kernel facilities to upgrade the microcode on the system processors. It replaces the old microcode.ctl tool. It can load microcode data files in text and binary format, sort, list and filter the microcodes contained in these files, write selected microcodes to a new file in binary format, or upload them to the kernel. It can create very small, targetted microcode datafiles and use them to update the online processors' microcode from inside an initramfs image or very early in the boot process, in order to patch microcode bugs as soon as possible. It requires non-free microcode data downloaded directly from Intel or installed by the intel-microcode package in order to be able to update the system processors. -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110125212138.12185.71199.report...@khazad-dum2.khazad-dum.debian.net
Re: Cedilla removed from sid, users complain
Hi Juliusz, On Tue, 25 Jan 2011 20:09:43 +0100, Juliusz Chroboczek wrote: > Thanks to both of you -- I've forwarded your messages to my (soon-to-be > former, sigh) users. There is always the option of either recruiting one of those disappointed users to maintain the package, or doing it yourself. It seems that there are no outstanding bugs against the package, so there should be no problem with using the existing package, and I see that 0.6 is still the current version so I presume that it's not a fast moving package, so should really only need uploads as bugs are reported, or once every release to keep up with relevant policy changes. This is one route into debian: http://mentors.debian.net/cgi-bin/maintainer-intro I'd imagine that Luca would be willing to hold your hand for the first upload if that helps (assuming that he's still up to speed on the package). Luca? It seems a shame to lose a bug-free package when you apparently have users that are going to miss it. Cheers, Phil. -- |)| Philip Hands [+44 (0)20 8530 9560]http://www.hands.com/ |-| HANDS.COM Ltd.http://www.uk.debian.org/ |(| 10 Onslow Gardens, South Woodford, London E18 1NE ENGLAND pgp0JdvQhzRKM.pgp Description: PGP signature
Re: Cedilla removed from sid, users complain
> There is always the option of either recruiting one of those > disappointed users to maintain the package, or doing it yourself. Thanks for the suggestion -- but I'm already spending all of my proverbial Copious Free Time on upstream work. > It seems a shame to lose a bug-free package when you apparently have > users that are going to miss it. I think so too. But I cannot be doing everything. --Juliusz pgphaGWFCz5b8.pgp Description: PGP signature
Re: Cedilla removed from sid, users complain
* Andrey Rahmatullin [2011-01-25 23:36 +0500]: > On Tue, Jan 25, 2011 at 07:14:39PM +0100, Juliusz Chroboczek wrote: > > I'm upstream for Cedilla [1,2], which has been orphaned and removed from > > Sid. I'm receiving e-mail from Debian users of Cedilla, asking me what > > is the suggested replacement. What shall I answer? > See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=610903 The package that would have been released with Squeeze if it wouldn't have been orphaned is still available: http://snapshot.debian.org/package/cedilla/0.6%2B20090614-1/ Carsten -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110125224729.ga15...@furrball.stateful.de
Bug#611148: ITP: urlrewritefilter -- Java Web Filter J2EE compliant based on mod_rewrite which allows to rewrite URLs
Package: wnpp Severity: wishlist Owner: Miguel Landaeta * Package name: urlrewritefilter Version : 3.2.0 Upstream Author : Paul Tuckey * URL : http://www.tuckey.org/urlrewrite/ * License : BSD Programming Lang: Java Description : Java Web Filter J2EE compliant based on mod_rewrite which allows to rewrite URLs Based on the popular and very useful mod_rewrite for Apache, UrlRewriteFilter is a Java Web Filter for any J2EE compliant web application server (such as Resin, Orion or Tomcat), which allows you to rewrite URLs before they get to your code. It is a very powerful tool just like Apache's mod_rewrite. . The main things UrlRewriteFilter is used for are: - URL tidyness and/or URL abstraction. - Browser detection. - Date based rewriting. - Moved content. - Tiny/friendly URLs. - A Servlet mapping engine (see Method Invocation). . UrlRewriteFilter uses an XML file, called urlrewrite.xml (it goes into the WEB-INF directory), for configuration. Most parameters can be Perl5 style regular expressions or wildcard expressions. -- Miguel Landaeta, miguel at miguel.cc secure email with PGP 0x7D8967E9 available at http://keyserver.pgp.com/ "Faith means not wanting to know what is true." -- Nietzsche -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110125234356.ga9...@miguel.cc
Re: Does it matter that the squeeze installer...
A Segunda 24 Janeiro 2011 15:27:26 Michael Banck você escreveu: [...] > Please file a bug about this, if there is none already. The package it's os-prober. [...] -- Melhores cumprimentos/Best regards, Miguel Figueiredo http://www.DebianPT.org -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/201101260006.15327.el...@debianpt.org
