Re: Bug#292150: ITP: phpauction -- PHP based auction site, you can submit and make offers for auctions
Hello On Tue, Jan 25, 2005 at 01:00:22PM +0100, Guglielmo Dapavo wrote: > * Package name: phpauctionGPL > Version : 2.5.0 > Upstream Author : Name <[EMAIL PROTECTED]> > * URL : http://www.phpauction.org/ > * License : (GPL) > Description : PHP based auction site, you can submit and make > offers for auctions Just checked out the homepage: --- snip --- Minimal server requirements are as follows: - Apache web server - PHP 4.0.6 or later (see below) with safe_mode=Off - register_globals=on - no open_basedir restriction - MySQL Database --- snap --- This definately does not sound like a perfect idea given the needed requirements out of a security point of view. Is the product worth inclusion anyway, has the code been audited? MfG/Regards, Alexander -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
What happened to rrdtool in potato?
Hi I'm wondering why the package 'rrdtool' does not exist anymore for potato? Because it has been to old? Because the older version couldn't built from source? Is it orphaned? (Then I would take it, when becoming a developer). Though it is not listed in prospective-packages.html. Where can I get infos about (the listed problems above were accessible via http://bugs.debian.org/rrdtool) the situation? MfG/Regards, Alexander -- Alexander Reelsen http://joker.rhwd.de [EMAIL PROTECTED] GnuPG: pub 1024D/F0D7313C sub 2048g/6AA2EDDB 7D44 F4E3 1993 FDDF 552E 7C88 EE9C CBD1 F0D7 313C
Problem with apt on slink systems
Hi I've just noticed a problem, when I wanted to install a package on an old slink system. [EMAIL PROTECTED]:~# grep "^[^#]" /etc/apt/sources.list deb ftp://ftp.rfc822.org/debian slink main contrib non-free deb-src ftp://ftp.rfc822.org/debian slink main contrib non-free deb ftp://source.rfc822.org/debian-non-US slink non-US deb-src ftp://source.rfc822.org/debian-non-US slink non-US deb http://security.debian.org slink updates [EMAIL PROTECTED]:~# apt-get install zsh [... Everything fine here ...] Get:1 ftp://ftp.rfc822.org slink/main zsh 3.1.2-10 [591kB] Err ftp://ftp.rfc822.org slink/main zsh 3.1.2-10 Unable to fetch file, server said '/debian/dists/stable/main/binary-i386/shells/zsh_3.1.2-10.deb: No such file or directory ' Failed to fetch ftp://ftp.rfc822.org/debian/dists/stable/main/binary-i386/shells/zsh_3.1.2-10.deb Unable to fetch file, server said '/debian/dists/stable/main/binary-i386/shells/zsh_3.1.2-10.deb: No such file or directory ' E: Unable to fetch some archives, maybe try with --fix-missing? Where the heck the word 'stable' comes from? I removed my hole /var/state/apt/ and I do not know where it comes from. Hardcoded anywhere perhaps? Or did I miss something grave? MfG/Regards, Alexander -- Alexander Reelsen http://joker.rhwd.de [EMAIL PROTECTED] GnuPG: pub 1024D/F0D7313C sub 2048g/6AA2EDDB [EMAIL PROTECTED] 7D44 F4E3 1993 FDDF 552E 7C88 EE9C CBD1 F0D7 313C Securing Debian:http://joker.rhwd.de/doc/Securing-Debian-HOWTO
Re: Problem with apt on slink systems
On Wed, Aug 16, 2000 at 12:53:03PM -0700, dsb3 wrote: > > Where the heck the word 'stable' comes from? I removed my hole > > /var/state/apt/ and I do not know where it comes from. Hardcoded anywhere > > perhaps? Or did I miss something grave? > Did you 'apt-get update'? Yeah. > I'm not an apt-get internals expert but perhaps it cached the 'real' paths > to the ftp/http locations instead of the symlinked ones so they are now > all out of whack. > Which makes me think - is it still possible to apt-get a slink update now > it's fallen off the stable/frozen/unstable chain? As addition: I checked the ftp and it is ok, the symlink is ok, the package is there in the slink tree, but still "stable" is requested. A friend of mine has the same problem with his slink, seems to be reproducable. MfG/Regards, Alexander -- Alexander Reelsen http://joker.rhwd.de [EMAIL PROTECTED] GnuPG: pub 1024D/F0D7313C sub 2048g/6AA2EDDB [EMAIL PROTECTED] 7D44 F4E3 1993 FDDF 552E 7C88 EE9C CBD1 F0D7 313C Securing Debian:http://joker.rhwd.de/doc/Securing-Debian-HOWTO
Re: non-root syslogd?
Hi On Mon, Jul 07, 2003 at 02:59:35PM -0700, Mark Ferlatte wrote: > Has anyone investigated what would be necessary to get a non-root syslogd > working under Debian? It seems like this would be a good thing, but obviously > there have to be some tricky bits, else it would have happened already. :) > > Is this worth working on? Has anybody already done this? http://tretmine.org/sysklogd-1.4.1-security.patch Be aware that I did not do this patch. Chris Wing did it. I found it somewhere on the web, but I forgot where, I think, two or three years ago its link was posted on security-audit list or so (for 1.3, I modified it for 1.4.1). Use it, do your described changes and file a bug and send the stuff to the maintainer. This patch does no considerable harm IMHO, so it should be used by default (if it is setup right). MfG/Regards, Alexander -- Alexander Reelsen http://tretmine.org [EMAIL PROTECTED]
Re: stack protection
Hi On Thu, Aug 21, 2003 at 02:56:34PM +1000, Brian May wrote: > On Thu, Aug 21, 2003 at 12:57:06PM +1000, Russell Coker wrote: > > Who is interested in stack protection? x86 only? Pro police is the most platform independent iirc. > > I think it would be good to have some experiments of stack protected > > packages > > for Debian. Probably the best way to do this would be to start with > > ssh-stack and sysklogd-stack being uploaded to experimental. I don't have > > time to do this, but I would like to help test it. > What stack protection are you talking about here? If you need further reference the easiest way would be to check the bugtraq flamew^Wdiscussion archives right now, as there is quite a big thread with people who have programmed/used ProPolice, Stackguard, PaX and W^X (the stuff OpenBSD uses at the moment). If you filter out the 90% rant and the "my-big-dick-software-is-best-at-protecting-your-stack" noise, you will find some useful things about stack protection, and the features of each solution... > Any references? damn. why didn't I write the above here... MfG/Regards, Alexander -- Alexander Reelsen http://tretmine.org [EMAIL PROTECTED]
Re: Bug#427297: ITP: sturmbahnfahrer -- simulated obstacle course for automobiles
Hi > On Sun, 2007-06-03 at 12:49 +0200, Andreas Tille wrote: >> I'm not really picky about names and would be quite relaxed if the >> official >> homepage http://www.sturmbahnfahrer.com/ would not support the suspicion >> by using a font that at least supports the ill feeling. So even if I >> don't >> want to spekulate about lawyers opinions - it seems to show at least bad >> taste of the authors. > Isn't this just a standard blackletter font? Apart from that gothic fonts were forbidden by law in 1941 and replaced by latin type of lettering. So the feeling is really nothing more than a feeling in this case. Regards, Alexander -- http://www.emplify.de -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
