date:20120312

Re: Linux kernel hardening - link restrictions

2012-03-12 Thread Vincent Lefevre

On 2012-03-08 15:42:49 +, Ben Hutchings wrote:
> Since 'at' is going to be updated in stable, I added a versioned
> 'Breaks' instead.

But since there may be other problems than with "at", announcing
the change in the NEWS file would have probably be a good idea.
Things that an admin was usually doing may no longer work, for
instance (like some build as a normal user when possible, then
as root to install files). Now, concerning the symlinks, since
this affects just symlinks directly under /tmp (not those below
subdirectories), the effects are probably very limited.

I see that audit follow_link messages are generated in the kernel
logs when doing completion as root in /tmp, but everything seems
to be fine.

-- 
Vincent Lefèvre  - Web: 
100% accessible validated (X)HTML - Blog: 
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20120312084702.gf3...@xvii.vinc17.org

Re: upstart: please update to latest upstream version

2012-03-12 Thread Michael Biebl

On 11.03.2012 20:24, Juliusz Chroboczek wrote:
>> Maybe we could  have an intermediate goal to patch any  daemon to add an
>> option  to not  fork on  start.
> 
> Yes, please.  All the more so since it is effort well-spent, as it is

No, this is not an effort well spent. And as already mentioned, running
the daemon in foreground has unwanted side-effects, like making the boot
process racy. Unless you provide other mechanisms how a daemon can
signal that it is ready to process requests.

-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?

signature.asc
Description: OpenPGP digital signature

Re: upstart: please update to latest upstream version

2012-03-12 Thread Goswin von Brederlow

Russ Allbery  writes:

> Goswin von Brederlow  writes:
>> Vincent Bernat  writes:
>>> Goswin von Brederlow  writes:
>
 That would actually make things more difficult since then you have to
 add some delay into the sysvinit files to wait for the daemon to
 become ready before the init.d script returns.
>
>>> Is start-stop-daemon actually relying on the PID file being created to
>>> know if the daemon is ready? Or maybe you mean a daemon fork only when
>>> it is ready?
>
>> The later.
>
> Indeed, that's the problem with a pure runit-style system.  (A lot of
> runit systems and daemontools systems don't worry too much about
> dependencies and just assume that things will exit and be restarted until
> they're successful, but that doesn't really scale.)
>
> However, it's probably addressable.  For most programs that are meaningful
> as dependencies of other programs, there's some visible and probeable sign
> that the daemon has finished startup: the creation of a UNIX domain
> socket, a named pipe, a TCP or UDP listening socket, etc.  I could see
> just telling the init system what to look for to know that the daemon has
> started.

I think all of those would be better solved with socket activated
startup thingy. For sysvinit systems this could look something like
this:

start-stop-daemon --start --quiet --exec /usr/bin/dns-server --oknodo \
  --pidfile /var/run/nbd-server.pid --socket-udp dns

start-stop-daemon --start --quiet --exec /bin/nbd-server --oknodo \
  --pidfile /var/run/nbd-server.pid --socket-tcp 10809

start-stop-daemon --start --quiet --exec /usr/bin/gdm --oknodo \
  --pidfile /var/run/gdm.pid --socket-unix /tmp/.X11-unix/X0

start-stop-daemon --start --quiet --exec /usr/bin/piper --oknodo \
  --pidfile /var/run/gdm.pid --pipe /var/run/piper.pipe

and so on. The way this would work would be that start-stop-daemon
creates the socket or pipe, then forks the daemon and passes the FD
along eigther through stdin/stdout or systemds syntax. The service would
be ready to recieve connects as soon as start-stop-daemon has created
the socket or pipe (even though it will no process them just yet). And
with the creation being under start-stop-daemons control it knows when
it is safe to return.

Start-stop-daemon could even support waiting for the first connect
before actually starting a daemon.

Same with runit.

MfG
Goswin


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/87mx7mayw9.fsf@frosties.localnet

Bug#663583: ITP: python-midiutil -- Python library to write muti-track MIDI files

2012-03-12 Thread Tiago Bortoletto Vaz

Package: wnpp
Severity: wishlist
Owner: Tiago Bortoletto Vaz 

* Package name: python-midiutil
  Version : 0.87
  Upstream Author : Mark Conway Wirt 
* URL : http://code.google.com/p/midiutil/
* License : MIT
  Programming Lang: Python
  Description : Python library to write muti-track MIDI files

 MIDIUtil is a pure Python library that allows one to write muti-track Musical
 Instrument Digital Interface (MIDI) files from within Python programs. It is
 object-oriented and allows one to create and write these files with a minimum
 of fuss.



-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20120312142624.11332.81077.reportbug@x61

Bug#663636: ITP: opsin -- Chemical name to structure converter

2012-03-12 Thread Michael Banck

Package: wnpp
Severity: wishlist
Owner: Debichem Team 


* Package name: opsin
  Version : 1.2.0
  Upstream Author : Daniel Lowe, Peter Corbett and Peter Murray-Rust
* URL : http://www-ucc.ch.cam.ac.uk/products/software/opsin
* License : Artistic License 2.0
  Programming Lang: Java
  Description : Chemical name to structure converter

 OPSIN (Open Parser for Systematic IUPAC Nomenclature) converts IUPAC
 compound names to semantic chemical information including a connection
 table.



-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/20120312204625.ga2...@nighthawk.chemicalconnection.dyndns.org

Bug#663647: ITP: npapi-vlc -- multimedia plugin for web browsers based on VLC

2012-03-12 Thread Benjamin Drung

Package: wnpp
Severity: wishlist
Owner: Benjamin Drung 

* Package name: npapi-vlc
  Version : 2.0.0
  Upstream Author : VLC media player developers 
* URL : http://git.videolan.org/?p=npapi-vlc.git
* License : GPL-2+
  Programming Lang: C++
  Description : multimedia plugin for web browsers based on VLC

 This plugin adds support for MPEG, MPEG2, DVD, DivX, Ogg/Vorbis and many
 more formats to your Gecko-based web browser (Firefox, Galeon, etc.). The
 decoding process is done by VLC and the output window is embedded in a
 webpage or directly in the browser window. There is also support for
 fullscreen display and javascript control.
 .
 VLC is the VideoLAN project's media player. It plays MPEG, MPEG-2, MPEG-4,
 DivX, MOV, WMV, QuickTime, WebM, FLAC, MP3, Ogg/Vorbis files, DVDs, VCDs,
 podcasts, and multimedia streams from various network sources.

The browser plugin was part of the vlc source tarball, but is now separated
from the vlc source tarball and shipped as separate npapi-vlc tarball.



-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/20120312225006.9527.15176.reportbug@localhost6.localdomain6

Bug#663648: ITP: zathura-extras -- plugins for zathura to support additional document formats

2012-03-12 Thread Sebastian Ramacher

Package: wnpp
Severity: wishlist
Owner: Sebastian Ramacher 

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

* Package name: zathura-extras
  Version : 0.1.0
  Upstream Author : Moritz Lipp 
* URL : http://pwmt.org/projects/zathura/plugins/
* License : Zlib
  Programming Lang: C
  Description : plugins for zathura to support additional document formats
 zathura-extras will consist of the zathura plugins zathura-djvu and
 zathura-ps. They add support to view DjVU and PostScripts documents in
 zathura.

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCAAGBQJPXokIAAoJEGny/FFupxmTPfwQALgB9rrSkoatzZtvihycldyb
ckBWaaujpEi/lXdUihSyNdQczul/8zlEArcR2UWeC8kv6Qt6FZJV217nKucUFj94
Mg2he86ftcMRJVciCjA7A1KSo7cRcRh+eC5Wx6BdS3mkZANmPPu4d0Ooy5Vp/vss
AwYnQwgCw1FwvHbeImmxc5PAjsItSxswxSdpWi04eqmIupC5PbeR/0QrJJpzjkJ+
20JfIx0fTeSMfdYMYnaRaLLtQHXnBbc4EXriHnpWZlCj/d3R7uTD2gXzilFrMjku
PIxYvoF2dht1U896I71xyioAdriwo8VBa3kIOAASmuErXKl8mG2dPf84uTxRzUP8
09yCCDBNixgSiSCc4b6ombGrsBPtK82vJidcCK3F8FhOJniQJdUaDxEHokBm4bJN
miOJy9iJC6qpsj6Ru7fO26MYZPl6Asc07yvWith7FV0dkIMNK4NKKKWRuhBb14HR
5GSLffoqRe1wdU3gKsbIR6uFrmNfcs1GGoBrECITK37pqAI6Cn/3QWAk69kOVOhP
TgV8Mb0EV1W7VI5mT2hruSOp0RUTpRe0PQIlIhNNPt3yjiQrxT+oANLIVpJ2Ektr
TLF5C8TmdKO41FuRUrz+tcsimCRqbXgs1vEHsszGnkRFsWskZGAv5JzqulLTK7XU
TLmYyBzCnvBkmmGteCLp
=q5vG
-END PGP SIGNATURE-



-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20120312233851.19588.89788.reportbug@localhost

Re: Linux kernel hardening - link restrictions

Re: upstart: please update to latest upstream version

Re: upstart: please update to latest upstream version

Bug#663583: ITP: python-midiutil -- Python library to write muti-track MIDI files

Bug#663636: ITP: opsin -- Chemical name to structure converter

Bug#663647: ITP: npapi-vlc -- multimedia plugin for web browsers based on VLC

Bug#663648: ITP: zathura-extras -- plugins for zathura to support additional document formats

7 matches

Site Navigation

Mail list logo

Footer information