Re: Debian should move away from MD5 (and at best also from SHA1) (in secure APT and friends)
On Fri, Oct 12, 2012 at 09:17:32AM +0200, Bernhard R. Link wrote: > part at all) will only weaken security. So I think what you say is an > argument for keeping md5sum, so that noone think they can use that > information for security. This argument is based on the incorrect assumption that everyone in the world knows md5 is broken. (Heck, I'm sure I can find people who don't know that parity checks are not a security measure, yet who think they know about security, if I search good enough) -- Copyshops should do vouchers. So that next time some bureaucracy requires you to mail a form in triplicate, you can mail it just once, add a voucher, and save on postage. -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20121013085625.gf4...@grep.be
Re: Bug#690183: ITP: apt-fast -- shellscript wrapper for apt-get or aptitude
On Jo, 11 oct 12, 18:22:50, Wouter Verhelst wrote: > On Thu, Oct 11, 2012 at 09:59:35AM -0300, Lisandro Damián Nicanor Pérez Meyer > wrote: > > Of course, being able to download stuff from two different servers at the > > same > > time had a better end result, and as long as is one download at a time per > > server, I think it can be considered socially acceptable. > > Yes, which is why there's > > Acquire::Queue-Mode "host"; > > see apt.conf(5) for the full details on this one. You don't need shell > scripts and things like axel to get this. Sorry, but I don't understand how this is supposed to increase my download speed. Kind regards, Andrei -- Offtopic discussions among Debian users and developers: http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic signature.asc Description: Digital signature
Re: (seemingly) declinging bug report numbers
On Fri, Oct 12, 2012 at 10:13:51PM +0200, Christoph Anton Mitterer wrote: > On Thu, 2012-10-11 at 13:40 +0200, Stefano Zacchiroli wrote: > > I wonder: did upstream developers start to worry when the number of bugs > > report they received *directly* started to decrease, due to Debian > > distributing their software? > Well but that's a different situation isn't it? No, it isn't. > I mean Debian typically doesn't "duplicate" what upstream is doing, No. However, Debian is an upstream to many other distributions, just as upstream developers are to us. > but in your example rather serve as some intermediate layer for bugs, > either directly solving them (and then hopefully push that upstream) > or simply forwarding the bugs. How is that any different from downstream distributions? > With derivatives, it's not only that (don't know how much of the bugs > e.g. reported at Ubuntu are then forwarded to Debian, if they manage the > respective package themselves)... the really copy and make the same > work... Not in all cases. [...] > And I can't quite believe that this doesn't ultimately take users and > manpower away from Debian. > > An example is that, especially stuff from the commercial- (or at least > non-open-source-) world seems to drop out Debian from their supported > major distros and replace it by *buntu (given that it must be "better" > for its "commercial support") well at least in my experience. On the whole, commercial entities cooperate better with other commercial entities than they do with volunteer organizations, just as much as volunteer organizations cooperate better with other volunteer organizations instead of other commercial entities. There may be exceptions, however, though strictly speaking canonical isn't one of them (otherwise we wouldn't have be having this discussion yet again). I don't expect most major corporations to see Debian as something they can work with, mostly because Debian is something so far removed from what such entities are used to be dealing with that it's not something they can wrap their collective minds around. That's a pity, but it's not the fault of our commercial derivatives. The fact that they can take Debian, make some changes so it does something they think is important, and then offer that to major corporations in a way that these corporations will be interested in the offer is a good thing, and in no way threatening to Debian. I don't think Debian is losing ground to Ubuntu. If anything, Ubuntu is gaining ground on non-free software. You can't be angry about that. -- Copyshops should do vouchers. So that next time some bureaucracy requires you to mail a form in triplicate, you can mail it just once, add a voucher, and save on postage. -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20121013183504.gg4...@grep.be
Re: Bug#690183: ITP: apt-fast -- shellscript wrapper for apt-get or aptitude
On Sb, 13 oct 12, 16:55:17, David Kalnischkies wrote: > > If you don't fall for such placebo effects you are unfortunately out of luck > as "host" is the default, but you can use a service like http.debian.net > (which only works so well because "host" is the default …) to get a > real benefit - assuming that you really have more bandwidth available than > one mirror is able to provide you without being unfair/"anti-social" > to all the other users using the same mirror, which is how apt-fast works. I have yet to find a reliable mirror that is able to saturate my bandwidth :( I'll try http.debian.net > If you wonder why APT is getting all packages from one source (the first one > mentioned in the sources.list) even if it could choose between two or more > sources in your sources.list: It is assumed your sources.list is ordered from > most to least desired source: e.g. CD-ROM, local mirror, "internet" mirror. > Getting a package from the internet if it could be acquired through CD-ROM > would be a waste of resources (be it time, money, traffic, $yourmetric or a > wild mixture of all of them). Same for "local" vs. "internet" mirror. This is documented in sources.list(5) > So the mentioned setting effects situations in which package A and B are > available from different sources - these are acquired in parallel if possible. Which does not bring significant improvements in most cases. > ¹ note that Wouter hasn't promised that. It was just pointed out that the > desired behavior is actually already implemented (and I am just making it > clear that this is the default value). Would be nice to mention this also in the manpage ;) Kind regards, Andrei -- Offtopic discussions among Debian users and developers: http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic signature.asc Description: Digital signature
Re
I have a deal of mutual benefit contact me if interested -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/0258bca3-41196-16230012597917@hp-pc
