Bug#893470: ITP: debiman -- generate a static manpage HTML repository out of a Debian archive
Package: wnpp Severity: wishlist Owner: Michael Stapelberg * Package name: debiman Version : 0.0~git20180224.8582b7f-1 Upstream Author : Michael Stapelberg * URL : https://github.com/Debian/debiman * License : Apache-2.0 Programming Lang: Go Description : generate a static manpage HTML repository out of a Debian archive debiman makes (Debian) manpages accessible in a web browser. Its goals are, in order: . completeness: all manpages in Debian should be available. . visually appealing and convenient: reading manpages should be fun, convenience features (e.g. permalinks, URL redirects, easy navigation) should be available . speed: manpages should be quick to load, new manpages should be quickly ingested, the program should run quickly for pleasant development
Re: [apparmor] Let's enable AppArmor by default (why not?)
[added d-dev back] * intrigeri [180319 07:40]: > Marvin Renich: > > Actually, a short beginner's guide as a text file in > > /usr/share/doc/apparmor, which has more than just "how to disable a > > profile" would be extremely helpful. I don't have the apparmor > > knowledge to write it, though. > > FYI the most useful bits were added to > https://wiki.debian.org/AppArmor/HowToUse > which is linked from /usr/share/doc/apparmor/README.Debian :) > > It's only a start and there's lots of room for improvement, > but it's a start. Thanks for this pointer! Adding these two links [1], [2] on that page might be helpful. I found them by following links to [3]. As a side note, my laptop runs testing, and I allowed apparmor to be enabled when that change hit testing. The only issue I have noticed so far is that smbd would not have access to some (intentionally public, not in /home) shares if it were in enforce mode, rather than complain mode. If I were not aware of apparmor, and if smbd were in enforce mode, I would have had a difficult time tracking this down. Is there a way that an app (e.g. smbd) whose file access requirements change dynamically through admin and user configuration can at least inspect its own apparmor profile and give the user a clue that the admin must update the profile? For Samba, perhaps at least a comment in /etc/samba/smb.conf at "Share Definitions" giving a reminder that if any LSM is enabled, the LSM config may need to be updated to reflect changes to shares. (Samba maintainers added to CC; please remove them for replies not pertaining to samba.) ...Marvin [1] Creating and modifying AppArmor policy with the tools https://gitlab.com/apparmor/apparmor/wikis/Profiling_with_tools [2] Creating and modifying AppArmor policy by hand https://gitlab.com/apparmor/apparmor/wikis/Profiling_by_hand [3] https://gitlab.com/apparmor/apparmor/wikis/Documentation
Re: [apparmor] Let's enable AppArmor by default (why not?)
Hi, Samba maintainer here ... 2018-03-19 15:10 GMT+01:00 Marvin Renich : [...] > As a side note, my laptop runs testing, and I allowed apparmor to be > enabled when that change hit testing. The only issue I have noticed so > far is that smbd would not have access to some (intentionally public, > not in /home) shares if it were in enforce mode, rather than complain > mode. If I were not aware of apparmor, and if smbd were in enforce > mode, I would have had a difficult time tracking this down. > > Is there a way that an app (e.g. smbd) whose file access requirements > change dynamically through admin and user configuration can at least > inspect its own apparmor profile and give the user a clue that the admin > must update the profile? For Samba, perhaps at least a comment in > /etc/samba/smb.conf at "Share Definitions" giving a reminder that if any > LSM is enabled, the LSM config may need to be updated to reflect changes > to shares. I'm balanced about this as AppArmor logs denied access. Merge request [1] welcome, either for debian/smb.conf or debian/README.Debian. [1] https://salsa.debian.org/samba-team/samba/merge_requests Regards -- Mathieu Parent
Bug#893568: ITP: puppet-module-openstack-extras -- add useful utilities for composing and deploying OpenStack
Package: wnpp Severity: wishlist Owner: Thomas Goirand * Package name: puppet-module-openstack-extras Version : 12.3.0 Upstream Author : OpenStack Foundation * URL : https://github.com/openstack/puppet-openstack_extras * License : Apache-2.0 Programming Lang: Puppet Description : add useful utilities for composing and deploying OpenStack Puppet lets you centrally manage every important aspect of your system using a cross-platform specification language that manages all the separate elements normally aggregated in different files, like users, cron jobs, and hosts, along with obviously discrete elements like packages, services, and files. . This module is used to add useful utilities for composing and deploying OpenStack.
Re: [apparmor] Let's enable AppArmor by default (why not?)
On Mon, Mar 19, 2018 at 10:10:02AM -0400, Marvin Renich wrote: > Is there a way that an app (e.g. smbd) whose file access requirements > change dynamically through admin and user configuration can at least > inspect its own apparmor profile and give the user a clue that the admin > must update the profile? Our friends at SUSE have a script that automatically generates portions of an AppArmor profile for Samba based on the Samba configuration: https://bugzilla.novell.com/show_bug.cgi?id=688040 I'm not entirely sold on the idea, as a hand-authored security policy can serve as belt-and-suspenders against misconfiguration or a broken management system that allows unauthenticated users to create too-wide shares. The usability gain is undeniable. Thanks signature.asc Description: PGP signature
Re: PTS, salsa and knowing if a Debian Maintainer has uploaded a point release.
On 18/03/2018, Andrey Rahmatullin wrote: Dear Audrey, Thank you again by responding. > https://tracker.debian.org/pkg/ipdb > My query is actually solved by the link you shared. I'm sorry if I was a mess :) > > -- > WBR, wRAR > -- Regards, Shirish Agarwal शिरीष अग्रवाल My quotes in this email licensed under CC 3.0 http://creativecommons.org/licenses/by-nc/3.0/ http://flossexperiences.wordpress.com EB80 462B 08E1 A0DE A73A 2C2F 9F3D C7A4 E1C4 D2D8
Bug#893580: ITP: keystone-engine -- Lightweight multi-architecture assembler framework
Package: wnpp Severity: wishlist Owner: Christian Sharpsten * Package name: keystone-engine Version : 0.9.1 Upstream Author : Nguyen Anh Quynh * URL : http://www.keystone-engine.org/ * License : GPL-2 Programming Lang: C, C++ Description : Lightweight multi-architecture assembler framework Keystone is a lightweight multi-platform, multi-architecture assembler framework. . Features: - Supports hardware architectures: ARM, ARM64 (AArch64/Armv8), Hexagon, Mips, PowerPC, Sparc, SystemZ, & X86 (16/32/64bit). - Clean/simple/lightweight/intuitive architecture-neutral API. - Implemented in C/C++ languages, with bindings for Masm, Visual Basic, C#, PowerShell, Perl, Python, NodeJS, Ruby, Go, Rust, Haskell & OCaml available. - Native support for Windows & *nix (with Mac OSX, Linux, *BSD & Solaris confirmed). - Thread-safe by design. I use this package regularly and it provides an easy to use assembler that can be called from multiple source languages. I plan to maintain it myself and will need a sponsor as this is my first package.
