removing problemes with deluser
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello, I found a bug with adduser package that deluser will remove system directories like /bin (or like / as other user found). This will happen if the homedirectory is /bin of some system accounts which should be removed and the option REMOVE_HOME in /etc/deluser.conf is set to 1. This Bug / Problem renders the system unusable so the severity is critical. The (co-)maintainer see this as only wishlist and told me to complain about this in this list. Maybe the Severity of critical is not absolutely correct and should be important. (I think, it is.) But the severity of wishlist is impossible! More over as also other Users have had the same problem and see it similar to me. Maybe it is not a bug of deluser than of the debian police but it is a critical bug. The both bug reports are: #293559 and #271829 Please reply to fix the problem as soon as possible. Regards Klaus Ethgen Ps. For me the bug is not a problem anymore as I do not do use deluser anymore and remove a user by hand with vipw. But I do not think that the problem is gone therewith as for other users the problem still sleeps until they trigger the problem. - -- Klaus Ethgenhttp://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen <[EMAIL PROTECTED]> Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) iQEVAwUBQgZG35+OKpjRpO3lAQL6hwgAorbNOFy7/sJpn9hpt6beo8NFoOAmOQ0E uFgx0FfwVB0GMc3SEuHDWUuORPTGyYNNPOx75CfLJujvC8tfi9mOsmBBhvOb6WiB L32mijWXsuva7Loa9TZlI39ysq4fgV4lpLkvC0jddk3A/L4huO+r+d4b4qT6OCKH EH6CTS/OHb9K9WTz+++qghl26t14awz6qQkLcz4RkI8k0Pr2LAYcvbZ2j+YPpLNQ VIHHkf7z6cF9n1/8H8cKdMnZWgXgQgDgbR9Kv8PtPn/avymC+XjQHa82GQEDMGjK ivZcW0BGnTwmRgcGP2yZpFuO4tKxCh+bnlVgz+qKpeAshCEasiGU2A== =MHiE -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: removing problemes with deluser
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello Marc, Am So den 6. Feb 2005 um 18:24 schriebst Du: > See adduser 3.60 from the experimental distribution. Excerpt from the > changelog: > > | * Add a new config option NO_DEL_PATHS to deluser.conf with a > | sensible default in the deluser source code. In the default > | configuration, deluser will not zap any important system directories > | any more. Thanks to Ernst Kloppenburg and Klaus Ethgen. (mh) > | Closes: #293559, #271829 > > You should have received this in a "fixed-in-experimental" message > from the BTS after I uploaded the new version. Yes, I have. But this is not the point of my message. I think long bevore if I should write the Mail you told me to do. I whanted to know about the severity as wishlist for such a grave bug (or tell it problem) is not adequate I think. The problem is that who decide what severity is a bug? And isn't it the gravety like descripted in the debian policy that define how grave is a bug? Regards Klaus - -- Klaus Ethgenhttp://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen <[EMAIL PROTECTED]> Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) iQEVAwUBQgZYQJ+OKpjRpO3lAQLy9gf+KFSRSgIlqOvtuCCnm+qPlcILnHeMfdG/ yVartCfDE06Ab5GQwTvmOcYydLs1/A/AcsKoi14CgqqkybWPRoPQMNcqE0dT7lLi 7TfI8flPoQwTY7t9YLAO6zhA88YbzfDpnJp3quKMwBsnQKAdZCGp5wpSdr46LB1Y VuZNZ3yRRq5UOLf7BFAoVTgOkSH5bLCZTByghm5TJFEkO/HDz6TIMSZSK1oIBlZO sS0JIIQ7EiiONgZ3Q7ow4/g0Xc4Mgkt/fILsFQ4amFAA1M7ePcgWVNZJYqZcRJxY SjmTczcmu8hevwyVBMRTKwDBq4kIU40pXqtQ1lojrFn9qwgShKUD4w== =isPW -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
*** POKED TIMER ***
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 With newer upgrade of bind9 I get the Message "*** POKED TIMER ***" in the log several times. I'm not sure if this is a bug or just logpolution. Do anybody know about this issue and why it happens? Gruß Klaus - -- Klaus Ethgenhttp://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen <[EMAIL PROTECTED]> Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) iQEVAwUBQ5RTnZ+OKpjRpO3lAQJoBwgAqjzMPYJEdgqduSARmwC7DI0rPSKRqa+F YYPrDafsDMItRNbUeig8cQqvs2P3qG0fNDb9HcS0otizJuDzGM+S+Q0xCAzOAWAK JY2vHBmiHqDyZuui8HfVVaCVTanFtyYHykHrvkDDT9mj4rb299u+aUekLn7tc5kY 9Cg53nxWzrAHdVSFMUrL7AWmmTwdu3vQMR+Pgwc1N8umPOcqFhCqnpyhKgxRNaAz yZfP+34/uENyeQkNxIojCbATJVVhlha126NYjjGY95emWhGeb1pAcnCpZfYfOK6n vXqLD4uY37FTIfgk8XxC74j/YfSujYt7aCW3K5fHzpn6/zaQwz0FBw== =leU6 -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
update-inetd and xinetd
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello, I use the xinetd and like it much if the compatibility mode is switched off. However it whould be great if update-inetd could create a file in /etc/xinetd.d with "disabled = yes". Moreover it whould be nice if update-inetd could switch services on and of. This would help the daily job of packagers to transparentely handle such thing. (Sure, whould be better if the packages can create such a file but look to the reality...) The note that the entry have to be created by hand is not great if you have a unattended setup. Regards Klaus - -- Klaus Ethgenhttp://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen <[EMAIL PROTECTED]> Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) iQEVAwUBQ/CsN5+OKpjRpO3lAQICfQgAn2TfBdofFdF2WSujd9LwThtJ9QepI8Ys afs1+h/sQ97sxrFvhPAHXoHzPS7jbEN0PQcMu+dE2Ivgv4W92X+juyg6KPUlSAU2 4dEuWUuMrWCdGn24HFbra0wkpnpb1F6mlbAWGUKGnYOxiDeHusmU6lbMBdVhk0FZ EIFLH1DmDHSJEnhUEAcMz9yGCWo4OzTKh8M5naDyGF0SX5xd9n+pZ6Q3bYCqibQu 876KXm2Jnztz+D/7MY+VKdPTknDZU4YfOPsxQmv2XcJyYj/QEb5n+KjQRLcR0F6n L7HnqVNjrS0i3R3U3XqeLS4ootXGLGnr/Oew/kAmrVRhpWNXQaRQoQ== =8aSJ -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Bug#304266: ITP: sdate -- never ending september date
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Am Di den 12. Apr 2005 um 15:01 schriebst Du: > Though, rather than having a seperate package for this, it'd probably be > better to add it to some other package of small toys. Maybe not as it is like fakeroot a preload library which can have security issues which the others never will have. Gruß Klaus - -- Klaus Ethgenhttp://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen <[EMAIL PROTECTED]> Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) iQEVAwUBQlvLIZ+OKpjRpO3lAQJYOgf6A7P05eAU07BFLi34x0fKtVrhvQBxO0uf 9GgjkIDrb86Yfaaji2UV6ntT3c0C0yVTA4Un5VMc3OvwXXdSO76stLNVny2AVFbi CU1+S1KQs/fS3NxMSkPHthUlaN9b4qNwpftXbZzspUcDdQPwYjQuGHozZ/S2bqYy DApO6jFKpF0NrloXBYxGqeDxg7/IeMvrbiDkVLLZVLsCFRwDW27Obuqnl7NhePag ymYKtI7cGOfChb1A8/FkfHDzV5LXljoWk+aFQaQ/vN0knHDyO9yIL0rFELX/dGXJ zXFn1SBDIB6sxbF0MvIs3R7xSTz2ObSutplsezzMrjjmC1crMuJW9g== =nJs7 -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Outrageous Maintainer
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello, this is a maybe bit OT mail to this List but I think as improoving the quality of debian is a bit toppic of the list. The problem is that I do not know how to handle with a bug. The maintainer of this bug is not in the mood to fix the bug he rather slight the submitters (not only me) in the bugreport and also by private mail. The according bug is #306608. I honore the work, maintainers do. But this subject do not increase the trust in debian as whole and in the packages of him specialy. I thought that there is a minimum of social competence to get debian maintainer but I have to see that this was a wrong assument. :-( Regards Klaus - -- Klaus Ethgenhttp://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen <[EMAIL PROTECTED]> Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) iQEVAwUBQnPOzp+OKpjRpO3lAQLhcQgAqUUVlUmjGxUXi7Wg6fJ6Wa5Fc1Lbtq3X XWczK9l/i7IJPOMb7jnAan6slZSIQVxj9DsP73SQfSf05KhLLtEmwyOhyjZO4cLt pkq5SZaQ9nw/RdmQpp/tO1ddzf7BrH/HNknFnI4qZOyQeBEeNY9xSZtkuOitvgmL lTqafk4vv2SyBJN8pJzGtlk7DqA/ae+ayhLXVNAFIbP67JVnHjzLQPPWkTpo6hUd 60AFx80a0PtIWEO5Dsq9Iiss6NjBITp52s0txxIf239HcPFST2tUMNbVlsMqb7Di HEiqh7YmfZ/L2TsNKClllDmV4NRJSuaI9NYsA6gTPUB5nlRpp9fn2w== =04JX -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug tracker broken?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi I sended a followup to a bug (#267015). Now I got a mail back that this bug is not existing. But "bts -m show 267015" is showing me the bug without problemes. Is the bug tracker broken? Regards Klaus - -- Klaus Ethgenhttp://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen <[EMAIL PROTECTED]> Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) iQEVAwUBQnpMuJ+OKpjRpO3lAQKtfAf8C45+RdXr17jodkrzPF24o6tYzPxfxTqS dflntscnncCfniVTPiKERkwUi5xYIa0rrjP6TAT7V1YkyDe1/TfR8SOaNauZgw9t pCYIBZzwffGF2r9CqnoG2DfwIVY/JDIAYPYP/PFeQiohm3Y7fDe9NgB81EwSElhh dY30OApag884LvyhiC8pXC2+svs7wswl08uXrwxjGoEuYQhh516FimPcRQpFeN5R Hsl4Vwl5KW7eHCBrievH4TuHVHY36Hv8wHQ/Umm9NBaqfFTz6JhlURKs13DOJ7eN YHaKOmwE9ZLj0ASKbRQZDYjuViDHcwb1Cpj7ckd/n60ZMEw7X8XzJg== =UxFr -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Bug tracker broken?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello Marc, Am Fr den 6. Mai 2005 um 8:24 schrieb Marc Haber: > Do you ever file bug reports with severity "normal", "minor" or > "wishlist"? I also write you in german directely. Only this to the list: 4 important a bug which has a major effect on the usability of a package, without rendering it completely unusable to everyone. And mut IS unusable for me (and few others) completely without this patch but not for everyone. Gruß Klaus - -- Klaus Ethgenhttp://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen <[EMAIL PROTECTED]> Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) iQEVAwUBQnsSHp+OKpjRpO3lAQKO2gf8CHVD1kE5WAjJgxnmEiymBd0ku4NpM2Ov G6aYY7dltOvgkAvaaDoSyMGQ1T17bx8x8a3A0aJKGIwvLyn/saqLxtH9p3zw7QhZ 68SIgqvnMobpZf/xHab5XnLzGS8PXvIGdDqTJSdCOVABEF3hY03EHIPsVUvQTBqH n0DAw+WRW14dykWvn04OB98zNZ9fNGTGJUpgXEThAYkvpudgRFord231fEIEKtLF ZVfDwf3XvYNauooIpEVtaLvh0NFwOaUbPF1Haqzjdk02Obbc0Eov84ut8SEYBoYN G0OMRF4o+Lo+9GhAD+av9XTNMOBNKXA6HoC3VLbnuR7X3KBzaCVJyw== =Xggf -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Another Bug for ldap
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello, I do not dare to initialize another bug in libldap or pam-ldap. :-( But with the newest sarge if I configure nss-ldap and pam-ldap to use tls to connect the server mozilla will dump core. Now the problem: Which package is the buggy one? - - mozilla? - - libldap2? - - pam-ldap? - - nss-ldap? Gruß Klaus - -- Klaus Ethgenhttp://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen <[EMAIL PROTECTED]> Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iQEVAwUBQpuLrJ+OKpjRpO3lAQIe1gf9HQ/G6/z6/AQM0ZJP6qCGTmNSHfjObSLu SBkcFehbOR2d5D/qNOs0+2GjDj6sYLI3LEEmX7der/ogWHm6SnuFRqJYSqSkgG9W 9wG/mnoSqC1DqDnuNXqOSH+k3UDpPuPKS0O3y8uTplE/iNIIvtKGsJG/jSC9E3ad c+Jt56snztH0N0gMMFGc3LPmdpQHB/V1XPbRiJ2W5Gi4Oju0xMa/my0AHGb6wZtn oJkLB4DXaqXTja3kdc36YUsNsyH0WYh4giBrRevRU7h2UUQQbNSUaEfiHTlB63PB pzNGNILILZpj5ytSgJvL0/LDuCfkBUdCRZStc9aayQ80mMih5ew8vA== =Do/O -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Orphaned Packages
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello, I read that the packages cvsps and xearth are orphaned now. I might be able to get over this packages. But there is a small problem: Years ago I start getting a official debian maintainer. Unfortunately it went asleep as I have no time to finish the new maintainer procedure. I would be able and proud to give some work to debian but the my time is very limited. So is there a way to give official packages to debian without being a official maintainer? Regards Klaus Ethgen - -- Klaus Ethgenhttp://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen <[EMAIL PROTECTED]> Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (GNU/Linux) iQEVAwUBROQtNp+OKpjRpO3lAQLXnwf+JB4avdmt2k4wHM7CmptFuMlR0GlmCSp2 fvI+07gfGFSCjNW9LV/Or9rrHw85x/TfJIZJUpboHZIjVpEZxa7jCvozmKa/7LtY ywFwA3Ebs50eDAV+NuhQ0MDdSJzs1FdBS2BSzlIe7b7MvN1v1cwicyrC67j68zYP l1LrwrM6QO952CCCh86ilIl5B4UKKzOS7cYJGI5vFCUnbBJOpFZNx50jAbrShrru WKQv+onrGhyQ5UfdJbYUjGXb6xdwUiLGX1A2hSiUDsFPVnkxq0LXv1aMJASgYoXx +dLY4YWeyWbPdMlL0ia8rSAUxOV3z1PFwW/vuDyjyLVGUq256kcFAA== =U4Rz -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Question: mount /var/run as tmpfs
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello, Am Mo den 30. Okt 2006 um 9:02 schrieb Aleksey Midenkov: > It is possible to detect if kernel supports tmpfs and mount it > on /var/run, /var/lock, /var/tmp and maybe /tmp and may be other places. This Sounds interesting. Well, there is some problems with /var/tmp as /var/tmp has to survive reboot (That's the only sense for /var/tmp). But all other, especially /tmp and /var/run, would be very useful. On other distributions this still works. For Debian there might be the problem that the init-scripts do mostly not care about creating there subdirectory. Regards Klaus Ethgen - -- Klaus Ethgenhttp://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen <[EMAIL PROTECTED]> Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBRUXFyp+OKpjRpO3lAQJq6ggAnWdQlRLBCl1eWZG8/DRTT4v4LsfV82U1 6K+ofVKhUjEHHOdhxemU1QPvjADUw0UbxmiXcN3R4lyyMVzmYc4H5ckvSN+I7bz/ qgthUbxbAz72nD11YCtdPebNOqjnuTIZ806J8t+ZH1Mjt51mZNSNf6ylFY22jqr/ wVM7aszR3c1qgjhcweua7NPWnd+1ALwOaDiFlebPm1dqsB6QLrhFqsJvZMewiIq8 2r7PK4obRTuLiiMTA+Tdb/iFc42XZ3mYDHIb+8hd2TdknaGHkQPEMF59FNjUqrjp 76l7jmyU4sG+jXCDrBRSfs8J2ZqdJJ++MN/E5RaEkQuO2a7Umh904A== =2y74 -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bash /dev/tcp and /dev/udp
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi all, from the bash manpage: /dev/tcp/host/port If host is a valid hostname or Internet address, and port is an integer port number or service name, bash attempts to open a TCP connection to the corresponding socket. /dev/udp/host/port If host is a valid hostname or Internet address, and port is an integer port number or service name, bash attempts to open a UDP connection to the corresponding socket. But this feature doesn't work on debian systems (on other distributions it works and is not a problem). For this feature there are several scripts and tools around which use this feature. Moreover if you want to make a net boot image where you need to contact a other host easy there is no way to do this with debian Linux so I have to switch to an other distribution like RedHat or even Susi^He. The related bug report is tagged as wontfix (146464) but this is absolute not reasonable. Best wishes Klaus Ethgen - -- Klaus Ethgenhttp://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen <[EMAIL PROTECTED]> Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBRWWGQJ+OKpjRpO3lAQL70Af9GwGu/sJ8nes8Nh6fRxpW6nsNuFwvqWAt vMBosAmSBdpZWtUoOkCE2Figm+csHML1GDeLn7P9RCcTfzgoVPGpXqlgBG3bAokS FNU36wOwEQQ/1G1+daCvUmSsqMsyIGt6DNrRNr7q3wfHjPJXPiXJbAOQfvAh9LRT 5tk67EamhLoebVxSdC3wSc/d/dDlm/53L9v5oPeGceZrmqkqjovXTeAjIUkGehd5 j43DKEnUaSIEAsNDRvy6EyHy6zrVeoYQHainNqCTqhKg2MBmjCYa/ORkm8tpJtnt Tsjf54pg8V8PuUE3ChcKJ+pg/WxgToZQHfF6QUCunDLwiGlRXVp6+w== =PHYH -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Politeness was: woody removed from mirrors
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello, Am Mo den 8. Jan 2007 um 5:15 schrieb Steve Langasek: [flame] is it really necessary to start flames in this list? Kevin Mark did answer completely objective. To bring him down with this kind of answer is absolute below the level cultivated people should communicate with each other. Unfortunate this impoliteness also creeping out of the list and I can see them in answers to bug reports too. So my petition is to breath once before bringing your own vein in mails to open lists or answers. Such answers are really below the dignity! Best wishes Klaus Ethgen - -- Klaus Ethgenhttp://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen <[EMAIL PROTECTED]> Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBRaIKJJ+OKpjRpO3lAQLUXgf/c4Y/4CaAq0TmP/sNgqvMz/2Q1TQhRNuB FxN/ctlYyu3ARhTlYPVbvvCmrf7BF1z5LPVhmCSNzHN2pptLsN5jMYdDvCWoKCra xDWCS4qMqaICTKs2krq2sFJtLI0rYSa3u0Likl+sYDsH1+anv+p5G6R6w+SoCiU0 1IsTRqTlKpOBQUpYSiFwKDdPzVuBII/8HmkG+rviPdBMoYRM+nfFio7kVgsseTVf N5MhTK6WC+160TISZyIS+3MG+4P5uuWMDTkzSAWCuK4QcbsyHdyZFCwvPUsHqa8V x5OuiTMXOTqqqechHzYEvBZMXBO+9k518zLqPPL+10la8+C65x44GQ== =/KK9 -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: update-inetd
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I have a another: Am Do den 11. Jan 2007 um 23:14 schrieb Roger Leigh: > a) Every package calling update-inetd should call it twice; once for >IPv4, and again for IPv6. This would require all packages to be >updated. > b) update-inetd should default to creating both unless explicitly told >not to. This has the advantage of being transparent. c) update-inetd should default to creating none unless explicitly told to. This has the advantage of staying secure if a dau admin install a package accidentally. Wishes Klaus Ethgen - -- Klaus Ethgenhttp://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen <[EMAIL PROTECTED]> Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBRae7tp+OKpjRpO3lAQI3ZwgAnRPuTSggJjPH/PeMaaUsCoT/u78YC8d/ 7+pZO4Z8V30yE+oaJm527I/6AlplL4ZRqXjPjmlBT9RfF/4Xv/mWpeFQg4yca0Qd vbozXrZZrOyU6aqTo/DkiETmAzh+n+CGM/wc2M8vcldd/XD/I6w0p6vy8GP13SdG 0mG8mF7012H5k7cCjy24XMY/2i82JdqLJQLzixiwD6j4PVDAA/qElZSClNLO9LmZ 7ihbUiR8W2kspnAUngc7v89ZyZ3j5q6lUtJpUcWL+Bi9dPTl/A766h5ebffeYPSS d3ssrjDXoixrLImm3iDjgfVmG222fnWePnl9c4z5/t7vdZJTcnAE/Q== =lEps -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Trouble with some X applications.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, After an upgrade of my system some days ago I found some (in words two) programms not working. The first ist gkrellm and the second is nvidia-settings. The effect is that when I try to start them they will hang. strace says it hangs in a rt_sigsuspend()-systemcall. As I have no exactely clou what did trigger this bug I whanna ask here. My system configuration: Dist: sid (In fact the error is not in etch) Kernel: 2.4.32 Vanilla with some patches. Newest updates installed I suggest it has anythink to do with the new xorg as it happens on two independing software. But which of the xorg components??? Did someone else has the same problemes? Regards Klaus Ethgen - -- Klaus Ethgenhttp://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen <[EMAIL PROTECTED]> Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (GNU/Linux) iQEVAwUBRFJm6J+OKpjRpO3lAQJ3+Af+JxZa3Qg942QyV7U+wTbsIudrn3dwUybF 2MCXFnWhi+0zXV8wxCM95uk0FafAYiqXluGKfDPJvmL+AlAY96ECf+v3JNwuFqsE NT9grXiX15dxAojIYPVu531aVBcjoFGm7jFe3I6+6MR/bYSEhG14T4/P179Bn+P1 glJqpuqspjClUqbAdRrQDpXqRmhvk9E2KEf/MBh6BRxw4AcPJwXsAgEiVsKhhPOi oWyMXcrTA4ipB6hxHgEiL8LhU63UVTmWY6nZpOPCECDw+LYeKYQ6nhc/vD/JT5CS o35TotlUDqFGDxvFtA01MtT5zsVvrThDYgI+kjHNzHJ4gpeHzTentQ== =3/H0 -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Trouble with some X applications.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Brian, Am Fr den 28. Apr 2006 um 23:28 schrieb Brian M. Carlson: > Don't ask here. Ask on debian-user (or debian-user-german, if it > exists), as this is where the question belongs. The people there can > help you with some tricks to determine what specifically is not working, > and why. Hmm.. I do not think that this is a normal user question. It happens on sid and sid is definitively develop. Also it is no question about if that is a bug than which package is triggering the bug. This list is exactely for that porpouse and not only for holy fights as often found. > Good luck using a 2.4 kernel. I understand that after etch, glibc 2.4 > will be uploaded. IIRC, glibc 2.4 removes support for LinuxThreads, so > only NPTL (which requires Linux 2.6) will work. Make the upgrade now, > and save yourself a lot of headaches (of which this might be one). That whould be a catastrope. As 2.6 is miles from stable a 2.6 kernel is no kernel for stable servers. (Well, my system with sid is not in this position but I have several servers which have to be stable.) Kernel 2.6 has several problemes which trigger problemes. Beginnig with the futex implementation and ending with the "not whant" of the kernel developper to fix bugs in that tree. By the way, your link is not of use. Sorry about. Please do not answere the question with that the questions are under your niveau. I can forbear for such answers. Regards Klaus Ethgen Ps. And yes, english is not my native language and I might do some errors in my texts. - -- Klaus Ethgenhttp://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen <[EMAIL PROTECTED]> Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (GNU/Linux) iQEVAwUBRFM6M5+OKpjRpO3lAQJWWAf+K8Tap8yY3j0MXyFf1nwsRMDonB6B/yyL vfTuvfKkOglsVWbVNWWkhMh+6x20II6qB1772S3HDSOfX51qau97eSH2zMieJeyT Zl503Nz+Og6sWaI1MVLMGGofNAoX6M8zkv+/2TGBAuiEu/XahgbxGdYlMSver5gQ c4UJoqr9OEdgicSpjW3pFTpAYzIU5Ndtb7eRKJwiFWKpHsjLDpteUk5pvglVKgCS b8VE1i2/rFEKx/bNMSoZQc2bjrJVMpo/BKGXLo3MUlRfdsTEcMNOLf3Va9+ueSTN r0/VZjjPQww+1aPGO5w8yDwZLWFghRQiS6GnEZ6qcEHlDiDgqMrC8A== =cuiM -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Trouble with some X applications.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Am Sa den 29. Apr 2006 um 12:08 schrieb Andrew Donnellan: > >That whould be a catastrope. As 2.6 is miles from stable a 2.6 kernel is > >no kernel for stable servers. (Well, my system with sid is not in this > > Not stable?!?! It's been around for several years now. Please ask on -user. Its not a question. Its a fact! Gruß Klaus - -- Klaus Ethgenhttp://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen <[EMAIL PROTECTED]> Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (GNU/Linux) iQEVAwUBRFM8Up+OKpjRpO3lAQK3kgf+Iu++nlfaSReFiV+H8CIFANqQO8WEjlXc 4X3wqQj4oQNT1MCwD6WVs2MDwdnwY9cfwCTVL71pW9IdQM/PbHErbU1VY6cTbrz3 tPrGBThZEcniI2194hTd7eGjUjYmRPJbDNiAh+qBTV1p3RgrJxIhlV2WHnUG0eil wiZa6xf7+bQt1dOyaFzLwDe1yyPYkhwZrQRVzT+a3ceJ8bO8d78czoHDkwna18Kw KbfZ2z6IYRgQBVofE5OWI/ZbtWRTlLMrs4rvgXRjXBfC8Fiae8p2aDWAbvkb0eNR lifHNSStO4+bTcKmhcYkRCaUa1l/MAeCNXOWisTQBHNeHQ6kE6kMbA== =PSxc -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Hidden files
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello, more and more packages use hidden files in /usr. I see this as an error. But before making a bug report for such packages I wish to ask if this is intended or really a bug? Some of the files are in the package some are created in postinst and not registered to any package. I see ANY hidden file in /usr as a bug which should be fixed! Packages are: - - kaffe - - blender - - firefox - - libnss3-0d or libxul0d (/usr/lib/xulrunner/.autoreg) Regards Klaus Ethgen - -- Klaus Ethgenhttp://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen <[EMAIL PROTECTED]> Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (GNU/Linux) iQEVAwUBRIVPHp+OKpjRpO3lAQK+WAf8DGUJ9p7Ne5E4BIiNc5Ds69NF0WP05qsT PiqM7QXW4ls/sDFYRP4XIGQlW2FG0E7XFfqHYv/c3gI8xmKORf/3I7XDF5INu6NV gQrcD1b9f9jSbphnpqt/GqKxlWHv4nqEcjJZribHuyssFLa6rm6uMaLYUT01KdBc pSrROnqg0nPwM6NmtzhaFM1Uhjm6/CrPIlSzG2nZb2OTDYloLVW7w9Oa74diBOuT vexnTwZhXLHG1k5kT4yg/hC1J/nptLJqtZ6FIrkDzQrzU4XfpHhuAdf3eF8hHGsm IHoASnHZ3tQs2/8H4W29OOt6gYYEfbLn+aYvGL2wln4sQfVS3VA4cw== =jV2+ -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Hidden files
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Am Di den 6. Jun 2006 um 18:12 schrieb Joey Hess: > If you want to know what's really there, use ls -a .. This is not the point. I think no of us do not know how to show that files. There are two reasons not to use hidden files in /usr, /var, /dev and other: 1. It generates false positives (as mention before). And to many false positives only ends in overlook the real bad files and directories. 2. There is absolutely no reason to hide think in this directories. If a programming method use dot files to make there classes and methods private -- no problem. But is it necessary to put them in common paths? I think this is more a misuse. Finished programs should be compiled in some way. Regards Klaus Ethgen - -- Klaus Ethgenhttp://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen <[EMAIL PROTECTED]> Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (GNU/Linux) iQEVAwUBRIWyaZ+OKpjRpO3lAQJLcwf9Hddd96EmUISBjK8NlXh027JAHcy4duXy NOkJlXQTTT8IqwTRLWXK4CYOCVemWQHgrfy9dWkkXcKuGeRvAQ8v/RlpdySkwCSR RNJYvZ63GGaqbkNydlvyU+3R4mYaTWotXwF4u5KiKcJlLXWVT4vkTb9iS7k4yFf9 9UdDnq+8BAkTLRYaw0XmlGMVL05jb5k3VeYPw6hTfrtRhhabnV0ArLl0aFtWKRXi exgrTgMXA3GbsxIkZyzaikciKrCfRIsHqlpeo2kmndvKLj8XdePw8XrwXYMfuAFc FzuNE1uCIi883aUdWzoCBXuhD+swGqqFJR8+e8cSiFvrKuJXRM5CtA== =wGqe -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Using the SSL snakeoil certificate
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Am Do den 20. Jul 2006 um 11:24 schrieb Martin Schulze: > > [one cert for all services] > I believe that this is a good idea, however, I would like to propose a > slightly different approach. > > At the moment, it seems that all applications use their own > certificates and maybe also create them upon installation or rather > configuration. I like this idea mentioned above. Isn't it easy to ask the admin in debconf for every service if he want separate certs or all linked together? > Hence, I propose to stay with virtual per-service certificates, but to > link them to the common snakeoil certificate from ssl-certificates > during configuration and only if there is no other setting. That would be another way. Regards Klaus Ethgen - -- Klaus Ethgenhttp://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen <[EMAIL PROTECTED]> Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (GNU/Linux) iQEVAwUBRL+ftp+OKpjRpO3lAQJtJgf+M4e/D970JQZDTbUg00z4PTBVD0ts7Hex XffYVpJt+dhQzXh2ljO/7vuqH2wxWvSuxevix4QSpAeJl9RpFceFsgMerpT7rqIv lPzo+JljGeWQb02kNnRZE8aRhNjsesEBr6RIDwRnB8+zKgxzTKOqdH0pvi3iTkUB 39fBJ1v3NcYxc7DDwRWcG1Aw9I6yJgsMGexiQs0w/OZ9yY3aE8HQuyiaPhy7UnJr FvJyO2Ddv4AOMXxVIf2PRpcGsbKf0y0mX30mVVL3FzW+qPPC8PBeM/iAnex+oZGL wrWsdvzk3L93KMaS2EdgwW+k/0AnwPq6XNj+0XoWZJIuljHLr9xPJw== =a/xx -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: congratulations to the X team!!
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Also congratulation from me too. I thought of many think that whould be broken but only few packages I liked very much did not work anymore as they need xlibmesa-glu: xine openuniverse planetpenguin-racer audacity flightgear ssystem stellarium xscreensaver-gl I will try to make a dummy-package which provides xlibmesa-glu and depends on libglu1-xorg. ;-) Gruß Klaus Ps. Im not a official debian maintainer but also a beer from me for them I meet in person. ;-) - -- Klaus Ethgenhttp://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen <[EMAIL PROTECTED]> Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iQEVAwUBQtfwmJ+OKpjRpO3lAQLlBQf/ZKz3IGNSxgJ9SUH8BKIlJVIaWbi71DKd juPyhaefL1zIEdF+5d1hkI+56fStoru9TpMK/zJlXu8H4KRKxu/rwAD3TxlTeycN M5zQ8OD7N5aTtGsA6UlJzJI8O9jzF+YrfgaSnqnbdD0Kv2+WyBlf0pExK3JQcbSq VY7D+TKAFRArPzH7tup+SKw5sUHr1Ikkp/zwrP+RmEunNWChGbT3EYXl2eiGQiF9 m5lfpq9aoCHE1vw0j4jQ5Sro9fZG4Q1DTjcb5dTv7f3i4gTXhUXZUUA1e/eBGOYu PpZQOuJ82lokClI0h0hxIplSVHsCelvdEyo+J6GdFNJvm+VMlY9S3w== =n7v8 -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: congratulations to the X team!!
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 > I will try to make a dummy-package which provides xlibmesa-glu and > depends on libglu1-xorg. ;-) Hmpf, dosn't work as libglu1-xorg conflicts xlibmesa-glu :-( Regards Klaus - -- Klaus Ethgenhttp://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen <[EMAIL PROTECTED]> Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iQEVAwUBQtfya5+OKpjRpO3lAQLw0Af7BzbWJayX5v/YllsCAWWfnA1DlsXiheEw TYprFvfapMCfCgldylwK9ipmiT2TX18hEXYO0e3++kQVBSsSNEpYjy4WKMbaDch6 WwbnhbewKem/WKzcLZMqQv0sjl7JGveNWgE0DCpYVVmkU6Ybb1YHiyN0YaEzpIBl kC/ROzZWAy24zAA6JJSj968en67jzewXldjz3Mc9lMGkCg1EK3sUZ6Ld+UqKXbcR lJSgaPq7ebSCm5k2yuWKJ4VW+9PhYkmvfPdbtqN6mRFQ4jDEvULpz2KXqBz+slXp xjMbKTjC3CLv/xUGzY1GrBmzNSAyhEY4tHVm2SHRyIB4VTlOBRrbFg== =AW30 -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: congratulations to the X team!!
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello foks, Am Fr den 15. Jul 2005 um 19:32 schrieb David Nusinow: > > I will try to make a dummy-package which provides xlibmesa-glu and > > depends on libglu1-xorg. ;-) > > Please don't do this. We're trying to transition the libglu1-xorg packages > and the above packages should be fixed by their respective maintainers in > time. Well, dosn't work either. It was just a idea that all the packages don't get deinstalled and maybe can be used. Also pdl which is needed for gimp-perl has wrong dependencies. Am Fr den 15. Jul 2005 um 19:59 schrieb Steve Langasek: > Why do people think that xorg broke library dependencies for our > entertainment, and that patching over the dependencies is an ok solution? > The package name changed because it is *not* *compatible*. No one said the I did not think that. Just thinking that short time broken installed packages in sig are better than not broken but not installable packages which gets deinstalled. And yes, this information about some packages which could be brokesn could be good filled in the NEWS.debian. Am Fr den 15. Jul 2005 um 20:04 schrieb David Nusinow: > I'm mainly depressed that people aren't reading Planet Debian, or are just Aham, sorry for my ignorance, but what is Planet Debian? > users don't keep repeating the same non-bug? The BTS obviously isn't > working for us here either, nor is posting to debian-x. Well, true that kind is nothing to fill in the bts (Maybe for the broken packages but not for X). Regards Klaus - -- Klaus Ethgen http://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen <[EMAIL PROTECTED]> Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iQEVAwUBQtf+r5+OKpjRpO3lAQIxXwgAiw/4WOK79bOEaQtqtaamG9g++lo7V8ft 1dW37GV2C1kYkeB15rLZqFBhVKfSS+lpj4AdX0gS9eCWVmSSUs3/HokqLTm/weRI uDpVlcXk+D+3zMmXyG+rMbDHrVByFdsQuuljgPIZkXFhB8uRZv54+dgJzMqzKHpt LgBlfgAp9dM1ZiaqHuCv4gu/OGK22rR+wSnFe1iJd/uYr4VpKGWeCB9Jv/uxirWm Pewe2AkYcSdMhVpySSeqkpkE8rLRGFMI+qUiqL4J9NOPm67Nr3IFa+YT3ISKSsCI J9NiiSITkaXUVkCxYD4AubXwpGVTG/1ufFr0tM6iNqekgNgKKwXmew== =FwGQ -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Problemes with the debian archives or apt?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello, I notive that for about a week there is NO package upgrade in sid. This is realy unusual. Is there any problem with the package servers or with apt (version 0.6.38)? Regards Klaus - -- Klaus Ethgenhttp://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen <[EMAIL PROTECTED]> Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iQEVAwUBQuiBz5+OKpjRpO3lAQIynAgAjEDzNVe9yvfICwYGDssyyYmxInelAMAG WuZDsqSw6lG8UvW3Bi/XJmfHIO8QtDcs69Mkp3VBl13qwaUu56+1X69kVzLMQNRQ tpcrp+Bcb96BN7pBX9jo/GszaIrbFstLq4kkumqI3r6NuqHu2jvSggEgaER7qQFv 1gtl/eqTZ5NCt16PWokkGyzl7FpqadxeDKz7p5Wj2Ler1W7M2McYZlyzcOJiZf6c hwDRfRnaMgV2ESrZLPI0NA6atA6ruLB46MqDBaMFss7pBW295MXQ6HCP0f1rAEqx pTYxJMqHAdoGpY2DTKYn50ccytT2WAyDXGZ4DvNAGgIptcmIlXvG8g== =EBse -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Unison
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello, I wont to ask if there is something with the maintainer of unison. There are at least 3 important bugs where at least one of them can be fixed very easy as there is a working patch in the bug report. But nothing happens. The bugs are 309908, 310004 and 318132 where the problems are similar. Regards Klaus - -- Klaus Ethgenhttp://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen <[EMAIL PROTECTED]> Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iQEVAwUBQvnRN5+OKpjRpO3lAQIr9gf+OwANnetCQJULmBc08CaRghzFctoklE+9 HVLNYnmoxLr1Pm7BPOdc6Gk3v5D+26XLAVGMfLj1KvYi8EPf9axQmqE5pdgWFXdj EC8VkQ8nrB2E2VZPSie8qq72K6SU/Rk640v/2kj0cGmzxvRF7fQQWvj+je6H8Mlk AkGEb+ZS+FkUv46svAuFJQNhlYna+WZuf+lonUatbIyHs2R152409z3duKuUAxhy T4H2O3G0HdGOBa646i1ZzWGBD8YJ+bPeCBfs2UYAzC/REjT96Ih9ZGScVx/NgaKH sfjxlenL2Cohd+14AbcWIcFYdKbgcj0lZCTq4TYlRjvt6INfm7+ZHw== =SBU5 -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: init.d script for iptables ruleset
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello Samuel, Am Mi den 21. Sep 2005 um 3:12 schrieb Samuel Jean: > Here it goes. I wondered about a clever way to load my iptables ruleset via > init.d's script. Surprisingly, I didn't find any with Debian. I didn't search > that much though. Well, there was one some times ago. Now they was moved to /usr/share/doc/iptables/examples/oldinitdscript.gz I do not know why it was removed by Laurence J. Lane on 7 Dec 2002. But I think that is what you search for. Not to make your solution bad but the old initscript is more flexible, and more complete as it use the provided tools iptables-save and iptables-load to save all available rules. Cheers Klaus - -- Klaus Ethgenhttp://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen <[EMAIL PROTECTED]> Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iQEVAwUBQzDiq5+OKpjRpO3lAQI1NQgAo4H9nazMF4G/jvuRP056LlQHKUwSWIME Gl2Y1SD3NT87YoSw2ImK03XjP8Insacvo67+IMCyb89qAta4TaL1hEIjJvd5MlC5 cbc3AilqnrerYmqI7lov+6ybkF4IKRVAGZANwats72g9c6rm/e1bgD68QPHeR8eI SqOE8pCdSWfUkBgYwXae79Fs0z3mtIfE/xA5ZF6FwW4QUlnGo5cZqmIU2VlhA0n8 mv9TI4JMtlFRuUBJpFCDxfRMC+kMXt2qOnhjJqHSzKtSDxBD9XP/E1EAERTIpRr/ OsbQBGS4l4yRGav4DzVGcoK++BU+XGnWrHTUJPwnRIYO5j6OVs0E3g== =qUXz -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: localhost.localdomain
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, Am Do den 6. Okt 2005 um 9:10 schrieb Pierre Machard: > IIRC The main reason was described in #247734 The only reason I find is that RedHat use it. But RedHat shouldn't be debians requirement of quality. It should be other way around. RedHat is such a buggy distribution. And it gets more and more worse every upgrade. .localdomain is such a peace of shit which only makes troubles. So please hold the high quality of debian and do not polute it with such grab. Gruß Klaus - -- Klaus Ethgenhttp://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen <[EMAIL PROTECTED]> Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iQEVAwUBQ0TXpJ+OKpjRpO3lAQKXDQgAlbwriA493n0nz2bokES+vU5/k9rwvHPI 68xXHcidn7n0iidB1vDpcRnwA/NrSjZ4Wym6IiQTT2tGbDv5Ot3bv+6pmNvWviGf GblGGbXwNpvjMhyPORLS9Mg8yqjxFukzKdBlnju5B+JnlqiT0bxiTx67h+wnInZy 62jNLnnXiG7AMPW3hQkTGObzu6NZBOVBA2djHfo7ScSsdEuPPoDORFA+LCrf83CE /VS9EFoqk4zpI4UPl1CaXmX3C10W6L6nkddgGd0NyqLjKMJ+LpmARVcxnk+uCqEy 5a3YZyWetY0nm/4CEk03BlR4RJP02pyP0t9KiBcUmsDVLsfbYt5hNw== =nUuy -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: localhost.localdomain
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello Marco, Am Do den 6. Okt 2005 um 12:37 schrieb Marco d'Itri: > > .localdomain is such a peace of shit which only makes troubles. So > Please explain which troubles. I cannot specify it. But I remember that I did search for problemes in the past long time to find a error. And it was an entry of localhost.localdomain in a /etc/hosts. Maybe it was PVM or MySQL or other. I'm not sure. If you think for localhost you will never anticipate that it is called localhost.localdomain on one system. The Phrase "localhost" is for historical reasons such often used in scripts and programms. It whould create many manyears of troubleshooting putting this .localdomain on the end. Gruß Klaus - -- Klaus Ethgenhttp://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen <[EMAIL PROTECTED]> Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iQEVAwUBQ0UN4Z+OKpjRpO3lAQKwpQf+P0oEJyklcLU+htTuTXg/9KSbqxQl3CtN 1cbcwWacwmhZsHBfsMSBCEheKUFEXl2ZYsG1xOeOQabCk56MdBgSB8OGETBoZI+y SKlIpAlLpfW+2GzHBHEDukGksk9b2p5Hzk9uNkAI8guHsAHk65loAg99y0w5LmoH mdXlbgr9vKfYNyiyMbsrpZu8YDitmO9GQkGigm18gEFCdUWHm20G7yUbXH+XIFZ2 VURIHR8uu3kaMzJOneYh0PdxO22eKvNUEgyFWvowDjPodbzLdU6ddl63EIipB4wV Qygamc+wavijiGHrcvK5tzQ2yAeoddNNcIk48wfpXfoRiuJNdMD4zA== =oLvm -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: localhost.localdomain
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Marco, unfortunality your mail address is not valid so I answer you here. Am Do den 6. Okt 2005 um 13:48 schrieb Marco d'Itri: > In other words, you don't know and are just handwaving. Next? No, I just do not remember which software it was. I absolutely remember THAT it was a problem with localhost.localdomain and THAT it takes me long time to debug. Gruß Klaus - -- Klaus Ethgenhttp://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen <[EMAIL PROTECTED]> Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iQEVAwUBQ0US3J+OKpjRpO3lAQKm/Qf8CvgeZAZ3wcOkaNZKxDCGcYqBqpc/8GlN pzdtTE91XcVve4vMri2BIITJru/ch86D8lGWTpYB1AJRSaFnSX2VpMtoRYUFlwkJ 75fYuhy47iJI11+kLhYgtjMb3j69i1oM9tWMxoZmvudygnR13U7FoOXn0K2Sh0OY 7m5dC4KUPxz66+Yxw9TBEI8NflKa3Wa165jCV5juGhpZefzUsEwKZYXJsdhVyFW2 97KQ9Qsp+XgAwqQko8FDCQu/aXmNyWblPfbFzXMY2YlNZ0r+vJLNrVJoRA29JqVK MgF+f0Y482unI8f04ntxuak7XZBbg+wIP7rhU7n1kBcmbJUhgpil/w== =uOnq -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: localhost.localdomain
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello, Am Do den 6. Okt 2005 um 14:22 schrieb Wouter Verhelst: > That's not helpful. True. Thats the reason why I give more helpfull information too in the first mail. > indeed cause many problems, we could consider not using it by default > anymore. However, if we find that the problem is just a bug, it would be > better to fix it rather than removing something which many people expect > to be there. But why changing "localhost" to "localhost.localdomain" only for the reason that RedHat doing it? There was everythink OK with the proven "localhost"-entry. No problemes was encounted with it. The problemes was at first encounted when changing this localhost entry. It is absolutely irrelevant if the problemes are exactely specified or not. The point is that localhost.localdomain MAKES problemes. And it is nothing what makes sense either. > Since you're not providing details, however, this isn't possible, and > the only sensible course of action is to ignore your claims. Just do what you whant with it. I do not whant to fight. I know how to edit /etc/hosts. But why the hell should there be so many traps for users who do not know. Regards Klaus - -- Klaus Ethgen http://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen <[EMAIL PROTECTED]> Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iQEVAwUBQ0Ub05+OKpjRpO3lAQJh1AgAibpUAgROgm+C+2IoqxztMaV4nuNU2y1N pnNisnml740mjTOW3mNj2ow46lguEWytW/gGDq0AVrKA8+ULEO8Z5u/evpbHL1Ny oSCizcMCXcRyk1FT1WOxzzisFoUZ9+g6WPCs8CPRZ6l6ld4KJH/5BdFT32k9R8F0 zh3cQCT7XVYq6fzynadM0ZwjJ9GpBiVz/eO/ULou/U2LtEDBWmNyh+Xd+PAzbaXm 0dIPTx+EQIW9G2THpx91LR/YjyRD6X/soTYgoQ9G9K2Oi5IvxfymrTfylBsWrHZF 02u2Sqmt4pBXnPCuY0DiCMfDOZIH0iNJfpuA69yPe3N/O+6OB3sU8w== =GdtM -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: localhost.localdomain
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Am Do den 20. Okt 2005 um 16:01 schrieb Gabor Gombas: > No, MySQL is happy to use whatever name the loopback interface has; it > is the MySQL _documentation_ that stresses the "localhost" string > without mentioning that it depends on the naming service configuration. Thats not completely true. MySQL use the name "localhost" to select a other connection methode (socket). If you use the ip or localhost.localdomain it tries to connect bei network which is much slower. Gruß Klaus - -- Klaus Ethgenhttp://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen <[EMAIL PROTECTED]> Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iQEVAwUBQ1exOJ+OKpjRpO3lAQJH0wf/UTwNaQcI/4mhcLj4o/ZhgfJNXFSUyroM Ok/mkrwpww/4LPjD4ZnsgmZVi/MWScfO4eFNm29Tc+K5aHrbvxqqEpIFXXDuLiHb IvZZXxyRAkO5RD/M0Jjo9oxmLl7GpQy4yIQn3KCSSLu6b4TtoOv9ZZt0Mh67x60W MujnKp90NJEDsHGfAFYvBSpzewYevEH6nCG543YfKq66FwniAKQAyCPelWbWgwx3 aCf71In8PxIrZoZw5K6PGG8vgEH/gBnwJoxGZdqHgufyUx34O9QY0SakTdUc/A+g xfnUR1FLj1w+HE9Pe2oADBwlqNDN6kF0octUnGPQlkeu6trrDMm7AA== =vGLk -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: per-user temp directories by default?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Am Fr den 4. Nov 2005 um 5:16 schrieb Noah Meyerhans: > Within the security team, there has recently been some talk of pushing > for per-user temp directories by default in etch. I'd like to see what That whould be no good idea for security environment where you do special think to secure /tmp (make it in memory and encrypt swap). With tempdir in users home all applications like for example gpg write temporary files to this location which ends up unencrypted on a disk or, more bad over an unsecure NFS share to the fileserver. Please don't do this by default as it break the security of many, many systems! Regards Klaus Ethgen - -- Klaus Ethgenhttp://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen <[EMAIL PROTECTED]> Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iQEVAwUBQ2tNcJ+OKpjRpO3lAQIDjQf5AWUOrviF019g2c1YntGlqAJS/TzRpwhi KhHQK/PWuRwl/NmrALidtHe2YUhyisKa58wQ/kPRqTvf9aKrIlAMRFZFK4zYENO9 1441k2AuGmjkcoxMAptLYdc/rRujDJkxeVWwxmkmTj1nzzLVriCgLJgVoJZVzC+O FXbWa5e7JyWASvYDQqkH2aut0RZwn9g43So8Y+SQOFCRC/qSXFkRIapsOe+PeXGc 9UtMw6BFQ8NrGyAsTaQBl6/AmcSEkOiY8BaJKrBoHfDrhjz6lftBvOoDOfGIYjbB 8cAasv+2eHUiv2FgHkK2imreo5TgjGx2MoFLHu51wwjNg2qtfC7Lvg== =eXIw -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: per-user temp directories by default?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Am Fr den 4. Nov 2005 um 13:36 schrieb Jon Dowland: > ...alongside the private keys in ~/.gnupg? Well, you can configure gnupg to write secret keys to a secure medium. Am Fr den 4. Nov 2005 um 15:46 schrieb Noah Meyerhans: > First of all, libpam_tmpdir doesn't put $TMP in $HOME. Second, we're Ah, ok. In some mails I understand to put it in $HOME. One more directory level under /tmp shouldn't be a problem. > talking about the *default* configuration. If you're doing something Me too. Also pam configuration can be overwritten from dpkg. (If you didn't touch it this will be done without asking a question. Also if it seems to be a good idea to use per user tmp just ask the sysadmins by a debconf question. > with encrypted swap or $HOME on NFS, you've already diverged quite a bit > from the default configuration, so your security would not be broken > even if $TMP was in $HOME. You'd simply have one single line to delete > from the default pam configuration. Well, not pam configuration for this changes. (For other like LDAP or such you need to) So the config files will be silentely overwritten. Gruß Klaus - -- Klaus Ethgen http://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen <[EMAIL PROTECTED]> Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iQEVAwUBQ2/Pw5+OKpjRpO3lAQIzQwf/V/GTrGJX4BTn8+a4lBsqlCzssgUSk7aT Oo2s2GQ3KfJXMNwp/BLxGc/yAhYaNLmysfNEJDrzLaeIUYsohRbzIGiSFCEGmSJf cOd3yWVuv6vmX5+4pvi3cHk26fteWm22YVcQNwb0sX9JPDWrA5pA6BZUGA9sSkQb 9cFa8VWgJoVA13rbrLKU/Z/gFLZfXF4KQCh0986tR3W4uknRHMBPPyynEVjlfEqb 97AHS3pSyhcawgcmEtRpsKn1K3xtfyv3fqMCIfJ9DNYdKZq9fZT6fUdI2mL8e74E GH18UKyHstHa2h5D18r4S63A+unDbaF9lbZLI9k0olkIi+UVKyBDhA== =q86y -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Linup
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 As there is no linup anymore I plan to take over this package on my private debian ftp. Is there anyone who has the last source package? On snapshoot.debian.net the relevant dir are not readable. Regards Klaus - -- Klaus Ethgenhttp://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen <[EMAIL PROTECTED]> Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iQEVAwUBQ3MXtp+OKpjRpO3lAQL7xAf+PlyHOp6SA/6ny/vi972+ofuhONHYMn9x e6O5UKquMUtR81eU91CHEfKRqazr06HbzwQBB5TZj8Uul/YacpswM3XDu362zqqU W+nB6JMxyps08LlxfJuoDBi6/8G9mTUZ4dBKL5JpPP/NWsVpmjIv30XCp+NjUY76 wEH2Oyx1uJUNH/FVpW5vBiSWNFGHKGS+km67BSWoQdYzIFEr1kYAb+pKGBHIyLIi VYxLMv7JfGajd6a6OqsAxps0G7dbLjSBLsCIXctm7iKHOy+F+IYp3Siv9GWcld/G rL+Tdabt4M4rFLjigViPtucnbW0CC7p/xSeL5nBzt/SkDSrZ8iI/jA== =t4N4 -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Closing bugs bevore the upload is available
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Today I did a update of the system (yes, sid and yes I know it can be unstable but...) and the update includes grep where no open critical bug was seen. After Boot the system was completely broken as of the libpcre dependency. So please do not close bugs bevore it is available on servers. This break of the system musn't be. Regards Klaus Ethgen - -- Klaus Ethgenhttp://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen <[EMAIL PROTECTED]> Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) iQEVAwUBQ3O3Y5+OKpjRpO3lAQKi1Qf/Rtbt/DBmdipL4yOKRfVkXoF22hKehkuq Pm0M2ByDBTN5XLsCl6gFjczCBxtFbC20dimWBilK+KEjDhCzLPD2EmN696AJGkVq CqcZD2VN8KnVAbVmkO29oBWZomoQf13e5yYPNgmbiRJ+2+5tY9DrQOnsa554IDxD /loHGsKQgz33BgQ0AwR89vd7zFPahGd0WLzrpj2I4137Zkudrcsv/iMNd8YLq6Dv 3P2pD1doSPgIedNWUo2hUDl7/4Fc4+lkCk6lrXpuHp3u02FWs6uaYtacWAxF9lsx rO+RVKuUjnJVPH0CyDro9QvoIjzHzKSQwNqzUHTXrxBcgK3DviAIIQ== =t/PH -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Local root exploid
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello, I have no debian kernel running on my machines (I better use the stable kernel tree than the unstable 2.6). Also I am a bit confused about the kernels and which is the current 2.6 kernel in debian. So I use this mail instead of bugreport. Please excuse. I just wanted to bring your attention to http://lkml.org/lkml/2008/2/10/8 and http://lkml.org/lkml/2008/2/10/131 as well as to http://downloads.securityfocus.com/vulnerabilities/exploits/27704.c This might also apply to the current kernel. Regards Klaus Ethgen - -- Klaus Ethgenhttp://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen <[EMAIL PROTECTED]> Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBR69TO5+OKpjRpO3lAQLoYAf/T+WIX/ILU2oC18GlfQJQxh9bv03oEZjo LDqwB/Bq8kExfNmZPwOdyhj1Yv2EU0cFPq/Z7V/v7wFKoTBniTQlO7BB9yrvntYQ +ET3FIb7q2GKcqNiQFlJuBY8t4s4arkfSCsrd9gybIOCt5zCTog863gy7k1gtV1x jWt/8NVsMANEDDC1HoDQ2/Pq6/gDrpG3KoiHjm0+eooqxXuV27euQBheUbs4dIM+ Tg2uK5utb+z1RQp2LJ0xp5EPqAsGMsupxsVuXMM/uNkq66l6U2lokjutC4sBpDqx vVY47Bj0EuFJO4hvA3d2mXjpUOHoE79tCGTAiSSA2kELeXAI3q+64w== =Cyyo -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
security embargos (was: Re: ssl security desaster)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Sorry, I did not answer to the list: Am Mi den 28. Mai 2008 um 1:13 schrieb Colin Watson: > > It is never ever a good idea to make security issues secret or > > protracting it. > > > > And in this special case it was easy to fix the problem very fast when > > the advisory cames out. > > Let's say you'd been asleep at the time, and the advisory had laid out > everything necessary to make it trivial to produce an exploit (it could > easily have been much more explicit than it was, and even with limited > information it only took a day and a half to produce an exploit; a > couple of hours would not at all have been out of the question). Would > you still feel the same way if your accounts had been compromised? Well, real men have directly connection of the CVE advisories to his brain. :-) But seriously, yes, otherwise I am not sure that my system might be compromised by someone who has more knowledge (from what source however) than me. The last one do fear me! > If we had released any sooner, the OpenSSH blacklisting support would > not have been available, and every system administrator would have had > to figure out what was going on by hand rather than have the upgrade > automatically deny attempts to exploit this vulnerability. If we had > released later, a number of flaws in the blacklisting support could have > been fixed, alleviating a great deal of confusion among system > administrators (I spent considerable time that week supporting people > confused by the new tools), and I doubt it would have made much if any > difference to exploit production. I spend also some time with week administrators who did not understand the consequence of this bug or are not able to read perl code or using patch. But I do not wining about. Better to have the bug published without a blacklist so the systems can be secured as early as possible than an open system where some bad people might have this information nevertheless and use it. > We used the embargo period to develop tools to help system > administrators defend themselves, not to sit in a smoke-filled room > gloating that we knew a secret and you didn't. I believe that. But it fears me to know that there is information out there which could be known by bad people to attack (my) systems cause other need a embargo time to develop tools to help me seeing what exactly is vulnerable. The bad people might have ways to get to the informations about zero day vulnerabilities. Regards Klaus Ethgen - -- Klaus Ethgenhttp://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen <[EMAIL PROTECTED]> Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBSD17S5+OKpjRpO3lAQKRGgf+IKowtWi9KHHY9IomXH5+gndLCMKpv8cN QM2V5fPai4F8NENsgyMYBmnkByeClXzej6kmbfMkDii5Jjp5NNIWNhmX+NTBqhbn MSZJAgP23CC+dV9a+qzyd3uQVxxcZIjnQeKHNQSklv6Ll1XmJImhMMSfV0GaDjCI DI5eD1NgBSBZ97z75+RFmzAkksasqSyewUnKZjASmHD3YhUmTqDMvLx2gbxmN95B TTP2aStHeZNRe+d7oJ1VxVVqnHARRofh1GqvkuqdrLmgUMarQD2kCPiKdck6qIb4 qU/g+Poo14VnuyzYggoljbQ9mjM10qYDfkThiKVfSVg+Ka/7EeEZlQ== =gITD -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: dbus and initscripts
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, just my two penny's: Am Mo den 2. Jun 2008 um 22:28 schrieb Michael Biebl: > Basically, the dbus init script provides a workaround for a limitation in > our current init system. "Real" dependency based init systems, would > automatically shutdown dependend services, if a service is stopped. That's not true see how portmap go around the limitation. This is how it is made stable. If you have a init system which touch all services which are depending for the one I restart then the init system might be broken. Ragards Klaus Ethgen - -- Klaus Ethgenhttp://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen <[EMAIL PROTECTED]> Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBSEU0Cp+OKpjRpO3lAQKTAAgAk0r2U/MuvNGXmd77a6RR7HQoEven+Fhh T9z331eGtQSAtS6rxIbz41r92Mz7ZKam8wk19eIwESl9WW2cCMlJ7VWktTMwJKjc GGfNQAhQBKxxj4aUfirBAMpQucav05cLMhxfTH+Gn5RFGerN3gkP+RnwhLSBEdVt KM+g8q8bg56usxE0dMyxBoS7RO4uFmQD5Fc9WQS6TX1gnrVytHMJXI3XglH+rkPS vpsmUIKJEZUrVeDH0PKFbPeW6VrzGJo2dJDiCSllzcgvlAn3ZnaHd2ke5BOuXuZF Z7AhM4hUrTeptMm5if8YYrj0idxkcMkvry2pwlbNJ0ItzNe36HYTyQ== =Yn/E -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Inconsistent archive
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, today I just searched for the ITP: oss4 mail [1]. Unfortunately I was not able to find in in my own debian-devel inbox. So I went to the archive http://lists.debian.org/devel.html to search for it and it seems not to be there. As the mail was definitively on debian-devel and is NOT in the archive there seems to be a bug in the mailing list archive. By the way I would like it too to see oss4 in debian as alsa is not usable at all. (Please feel free to have flame me about by private mail; this is just my experience/opinion.) Regards Klaus Ethgen [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=483856 - -- Klaus Ethgenhttp://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen <[EMAIL PROTECTED]> Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBSEU+55+OKpjRpO3lAQI65Af/aK2QvlowivJH1jtZmC8j8V+sOFuYJEW7 xKWM3SBVTQYRyJd7XPtIwPubr9zCQpH67ttdf/3zqW7zI9LIR3hOWxHQKYOH7ERh SU/0JC08EFAb2BMDuDMDvgsDmLEnugNIYxUPmz0Wlq8aYA7qntGk8HjWRsFW8Ckw w+hOt5GyLu7H1NGhFTsnhpYhj1wNIAUaGrZ3lM4SKdzVJ0woLd1eeOOBkB/Qbj8I YoIi4Q871V+ZSDQm71aeXb/XvXySGI+saBdQOPVB+jhWa4VUPXNev90EftyECZpg Uf9gRYpMvyeBGk/STjGkjYVIjX9odkQlzYLPtC4mMqmoh4oOiUlcjA== =qex6 -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Inconsistent archive
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, Am Di den 3. Jun 2008 um 14:58 schrieb Eugene V. Lyubimkin: > > today I just searched for the ITP: oss4 mail [1]. Unfortunately I was not > > able to find in in my own debian-devel inbox. So I went to the archive > > http://lists.debian.org/devel.html to search for it and it seems not to > > be there. > Hi. I've succesfully found it. > > http://lists.debian.org/cgi-bin/search?query=oss4&DEFAULTOP=and&author=&list=debian-devel&sort=relevance&HITSPERPAGE=10&language=en Same me, so please ignore the mail. I did miss the link at the end of the page that there are 3 pages of entries and that one can go to the next page. Confusing. Gruß Klaus - -- Klaus Ethgen http://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen <[EMAIL PROTECTED]> Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBSEVYGJ+OKpjRpO3lAQIqDQf/SCGEXB0ex4W2AMIvd7fUmCjwKwhGrbU4 pVpOzs6OPdWo9y+VrZDP75C34juwkZKARRS7Cy/iTdcpeWzSmM2PQMXoUPZdt9mm nMGJa5i7UBwd3Kw7wNtaNekhFKu0DICyjkWGnUmV5xdcuY6OKtHSTV4KPfgshns3 Yj8QHDmqXq6jw6eUK8oEe8LDnwhkTYCW+02SrCcUDa96CCMI3kQkkqAnkKk7h/q5 06RnECPWqnuhGp5S66klBYfoD0dF040/+etQO9+8gtLPvwhHpbdSoVTrMOhjMe26 kBEK5M5Gx4uG7mChYGrTITDnN/f3Sgo86zpVm8SPCOk4GSzfZOusTA== =wuck -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Inconsistent archive
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, Am Di den 3. Jun 2008 um 20:19 schrieb Thomas Viehmann: >> Same me, so please ignore the mail. I did miss the link at the end of >> the page that there are 3 pages of entries and that one can go to the >> next page. Confusing. > So you want them at the top as well? No, I just expected it on one page all. Was just a layer 8 problem. :-) Regards Klaus - -- Klaus Ethgenhttp://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen <[EMAIL PROTECTED]> Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBSEZQPp+OKpjRpO3lAQKt3gf7BlB7aHrixU5PLpZVhfkw2ZIHJJqz7e+O YDr8LcKkPYOxSFIra/LpF7O5Vk7Vw5eTYwcE7clnVPer7t3Nc5rNXxem2u3xpCNR RkGXETQJGZ0/TyEgnQRsZee4LIddsTtIT4U7Ah6SnkfSqO809oznihwylY7oxA8t bec1xcXpTLJRQ+lSnhZJIlAqfvakBxfMoGYesYHv+qxQjUwfkDg5se7fOk5rX6mo 30D5VWFPNqGj3feZXlxvCXpwwv+4Nqi2GbvYbo3XZmgpcIEIjPEBlxlUE2vzIC/U PLyKWfQxuN9a5Jee1J3bWVU5OXneNQItGlvFeUEmE2x0NYXIkf5OKg== =QL1i -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: esound [was: Re: Non-related 'Recommends' dependencies - bug or not?]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, Am Mo den 16. Jun 2008 um 6:25 schrieb Martin Pitt: > esound should *so much* die completely. It has very poor sound quality I cannot prove that. Its sound quality is much better than the one of ALSA direct. (Well esd on top of OSS. It is not that good than with OSS direct but it is ok.) > (huge A/V desync when playing videos, etc.), I just see that issues when using ALSA. So please drop ALSA and not ESD. > very poor code quality That might be. But that's a problem of many gnome applications. > The only thing I know which really still needs the esound interface is > libgnome, for the sound events. There are other needs. - - The sound hardware do only support one bitrate and you need something between to scale the bitrate. - - You want to have sound mixing and do not want to use ARTS (Which is mud). > At least in my personal experience, using ALSA directly (which has had > dmix enabled by default for years) gives much better results. My experience is complete opposite. ALSA is that kind of buggy. If you move the mouse while using sound on ALSA you hear cracks and sound disorders. Also they halfly translate the config files!!! And then I was not able to use it long time as it makes my systems complete instable and it ops all time. (Tested on kernel 2.4.*, 2.6.* and also with debian kernels or vanilla. And on all distros, Stable, Unstable or testing.) So please stop removing stuff, which is much better than the stuff which is recommended. Regards Klaus Ethgen - -- Klaus Ethgenhttp://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen <[EMAIL PROTECTED]> Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBSFeAFJ+OKpjRpO3lAQIzEAf9EdAaAai/pxCLpKHzZ6jlT2SxIy8fjlkY 600PhO3IgfqVSgrBedKyb1axHPvVMNDY+f6pVwPEI9/0z5JUYXpnoRtM7h0q9Gi7 YiUK9T6S0jGEHRt5O6CHaXgBaCfiqpp6xLJ69bVTtpNNfaFhOcBCZd2WiJU535E/ W39wzETQsDXkHQz4ONbymHdhmja451BEJx77pBxRMFtYrcU/nRXGKd2aaDM3vhyx ytkYkPIfufJHQ9IsvAAQDiAcJAR0s/17WW4BHoiT+Hb3poPL3Siigd/pApXC5UmT QFryoj9V+iAJjWbt3rDaE46AcZEo58GHRX5IM0UaypwhSKDzfQWdOQ== =DbjD -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: esound [was: Re: Non-related 'Recommends' dependencies - bug or not?]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dear Martin, Am Di den 17. Jun 2008 um 11:50 schrieb Martin Pitt: > Klaus Ethgen [2008-06-17 10:12 +0100]: > > I cannot prove that. Its sound quality is much better than the one of > > ALSA direct. (Well esd on top of OSS. It is not that good than with OSS > > direct but it is ok.) > > Hm, that rather sounds like for your card the OSS driver is much > better than the ALSA one. But OSS/ALSA both live below the application > level (where esound/pulseaudio/arts reside). Well, yes. > > I just see that issues when using ALSA. So please drop ALSA and not ESD. > > On the vast majority of systems out there, esound plays through ALSA. > The kernel only has very few OSS-only drivers left, and gradually > shifts towards ALSA only. > > Since ALSA is the kernel ABI (of course it has userspace libraries, > too), and esound is the user session daemon, it's not really an > 'either or' here. Sorry that I forgot the sarcasms tags. I know that they are different levels. > The alternative to esound is not really ALSA, but rather pulseaudio. Is pulsaudio supported by applications like wine for example? Do pulsaudio work on top of OSS? > > > At least in my personal experience, using ALSA directly (which has had > > > dmix enabled by default for years) gives much better results. > > > > My experience is complete opposite. ALSA is that kind of buggy. If you > > move the mouse while using sound on ALSA you hear cracks and sound > > disorders. Also they halfly translate the config files!!! And then I was > > not able to use it long time as it makes my systems complete instable > > and it ops all time. (Tested on kernel 2.4.*, 2.6.* and also with debian > > kernels or vanilla. And on all distros, Stable, Unstable or testing.) > > That's interesting indeed! So you avoid that by using an OSS driver > instead of the ALSA one? Yes. > I can really not imagine how esound on top of a broken ALSA driver > would sound better than just using the ALSA output directly? Oh, that was a misunderstanding. I mean ESD on top of OSS works well. You are true, a sound daemon and the hardware support are different. ALSA is a bit more than only the hardware abstraction then also some library stuff which share some functionality of ESD. So: OSS: Works well. OSS<-ESD: Works well too. ALSA: The problems above. ALSA<-ESD: I never really tested. Regards Klaus - -- Klaus Ethgenhttp://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen <[EMAIL PROTECTED]> Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBSFe23J+OKpjRpO3lAQIwRgf+I7tfapqqZGLDic092i7L+3Uafk8k1P9P pQFgm24CA/9eZUMt5ejq7dkBbXpLxuncAClIjNhMt/ZrMimNdc+ZEhHgo5z+RfcI pttOAoxMqActOZG5swi7M0pMux7TY4ctkhkRnFYNT7sqSRfVMORJgckrJpZD8udJ GuOAz2g643njCdGVHVx9i3dzduJ9/T+ABZWitCVwrfrK/APm25KXegPP+n7ddltm g++pGYNqF3u5pCHLqUo5xnVanhZepIW2q8DCBO7Azw29K+dGCur0fE/3h77RnhJd A138fJyN1qH1eE1y1pwHReBAkECI9Y5mHk2vDXwV53iGa38BE3UfTg== =kB4L -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Considerations for lilo removal
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi there, Am Di den 17. Jun 2008 um 12:14 schrieb Peter Palfrader: > > >> AFAIK grub (at least the default "legacy" version) also still has > > >> problems with / on XFS. That's the one other case where D-I > > >> automatically falls back to lilo. > > > I think you mean /boot on XFS. Having / as XFS seems to work fine for > > > me... > > There is nothing wrong with a XFS /boot except grub being unable to > > support it, and anyway this cannot be changed on installed systems. > > And yet it has worked for me every single time I tried it. Well, there was several problems in the past. The reason is that the script do a xfs_freeze and then try to install the boot loader on that file system. I do not know if this is fixed in the current version. However, starting install-grub in the first shell and then xfs_freeze -u in a second do fix the problem. But this is only a workaround. Gruß Klaus - -- Klaus Ethgen http://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen <[EMAIL PROTECTED]> Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBSFe4C5+OKpjRpO3lAQJoHgf+PleYFVpdHUcRzOQXbPkbZ0R2XFARjsxY tPJk4SkCIr4cId1uSUTcdssJfWFi45YnUkAjDvsZ2TBzxfXsWtNf2wT+dlPtc3Dy 0s/cEGkVZAenVWJcS7GSiWqQuPRZQTD6u9EvjEtS7omgoEhIgqsqBu9lLYHUpvGM yREW9RGvYhePMOJs8iuG6h/NX5bs8tghwPfMb6q48BjSF6keCfo3uaZnlXRNyT2W vSMxvtlSed17Gpl8jS97bA5ePbNLr8UAwovvbk5yZMTO5Oc/xBV/YeAyIHAlpI7k X5mKaMuyTwizcennKSAdRT0hBc/BNRgWUbpctCRtvJsZIuLQF1oP2A== =k6d6 -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: new package format
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, Am Fr den 31. Jul 2009 um 13:32 schrieb Eugene Gorodinsky: > Since programs usually store their settings in the user's home > directory, that aren't deleted when the program is uninstalled the > user's home directory becomes a mess. I'm not sure if it's possible to > change some functionality within dpkg without changing the format > itself. I don't want to go into the other arguments (yet). But this argument is very interesting. On one hand it ends in privacy problems if a user wants to keep his configuration stuff of one application (especially when he has a shared $HOME). On the other hand there could be a tool to cleanup such stuff. But this might be not connected with the real packages then better a own application with a data base of know applications. Regards Klaus - -- Klaus Ethgenhttp://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iQEVAwUBSnLsdZ+OKpjRpO3lAQqPtQgApHrpTQD9Apxy3JcHifL+P525aWQ1B/qI gipsOo7Iw4btUhSkPoRkh0fPHzooEn3zIN7Kku4dMvvrQ5OLnIn+I/ZG2bEsGaQE S2zDdETmNgoQpFPVz4SaYcUb/oFbRTbVdPGlPaiONCrDKZZGB4I7Lo/HTKopJYv4 PN/u+pb0VCe7cKa150TScPKDzhCimZlxN9kznvPrVqce/fl18caG8VkkhtATQDWG Z7AUmSh8DktuuaQH4fjQJvFSkK5Flf0JSlqRfPYUCSeKhyG0d637TOaftCkYxygn KIqeQR/4h7+6s9UpHgyj0txsU0TQWyzQlaiEDD7/9ftjk4esbPWLaQ== =UNwx -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
apt-get not working anymore
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, maybe that is an issue for debian-user, so I put it in the To too although I am not subscribed there. If you look to Bug #497617 there is a long time bug in apt first only targeting the German translations but now it is independent of the locales. When I run any apt-get command I get the error: E: Wow, you exceeded the number of versions this APT is capable of. E: Problem with MergeList /var/lib/apt/lists/debian.ethz.ch_mirror_debian_dists_experimental_main_binary-i386_Packages E: The package lists or status file could not be parsed or opened. (The second line is just the one which is the drop too much.) This also happen with all locales set to "C". The problem is that it is not possible anymore to update the system at all. I think that is a very critical bug. Is it really necessary to break all installations until this bug is fixed? It is known long enough for now. I have the version 0.7.20.2+lenny1 installed, so it seems to be the most recent version. (apt-cache doesn't work too so I can only view the web site) Regards Klaus - -- Klaus Ethgenhttp://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iQEVAwUBSp0Hgp+OKpjRpO3lAQrSqAf/SAH5aAWNaWrRyiDD4y6bxmgb08GkbTVa EzrDBxPr15pWAqCC7dfbQiJ4Bf1d+ypl2VhxoFIoU4/sJPsVqoSOi5eiFUs9toZw vx0SikFvJ+v6NigXpXimHcg8uAe2Z9mpZ0NiYPr5f7YvZmXomD4AI/SuuQHYJhbk JWVWaPtNr0LSbMaVVnRlyuTlotUaejU6W7X/48hTyBcr2RuqGlOcICSPG1CTnJmc Z5oNgrcH7C5QxTd9Y3q46NWCBydCPwLRz8pmux3TeknqvjmB/0t2kMKggojsDQHc wjt4yh7xTJ720Vk+mT6AUxFQokahfdmywom7q4ug8/+PGGF0NrWjtg== =DRza -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Re: apt-get not working anymore
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, Am Sa den 5. Sep 2009 um 20:06 schrieb Goswin von Brederlow: > % rmadison apt >apt | 0.6.46.4-0.1 | etch-m68k | source, m68k >apt | 0.6.46.4-0.1 | oldstable | source, alpha, amd64, arm, hppa, > i386, ia64, mips, mipsel, powerpc, s390, sparc >apt | 0.6.46.4-0.1+etch1 | oldstable-proposed-updates | source, alpha, > amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390, sparc >apt | 0.7.20.2+lenny1 |stable | source, alpha, amd64, arm, > armel, hppa, i386, ia64, mips, mipsel, powerpc, s390, sparc >apt | 0.7.20.2+squeeze1 | testing-proposed-updates | source, alpha, > amd64, armel, hppa, i386, ia64, mips, powerpc, s390, sparc >apt | 0.7.22.2 | testing | source, alpha, amd64, hppa, i386, > kfreebsd-amd64, kfreebsd-i386, mips, mipsel, powerpc, s390, sparc >apt | 0.7.22.2+b2 | testing | armel, ia64 >apt | 0.7.23.1 | unstable | source, alpha, amd64, armel, hppa, > hurd-i386, i386, ia64, kfreebsd-amd64, kfreebsd-i386, mips, mipsel, powerpc, > s390, sparc > > > Reduce your sources.list, possibly to just unstable main, apt-get update, > apt-get install apt, revert sources.list, enjoy. Uh, sorry to not making that clear enough. _I_ know how to (temporarily) fix that. But the problem is that the stable version has a hard limit which is not that far away from real setups. And I want not to hear the crying if every user add a bug report cause he is not able to fix it themself. And a simple upgrade to the unstable version is no solution as there is several dependencies which are incompatible between stable and unstable. (On my system this was only libapt-pkg-perl which makes several packages to get purged when installing the unstable version.) Am Sa den 5. Sep 2009 um 20:18 schrieb Hans-J. Ullrich: > APT::Cache-Limit "1"; Doesn't help as the limit is hard coded in apt. Just look at the source. The problem was fixed in versions after stable. Regards Klaus - -- Klaus Ethgen http://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iQEVAwUBSqLNlp+OKpjRpO3lAQr25wf9G+SQXr3Nh2BUkuaaxfwrsjeiHwgUZJmJ OFCyfIF1wAeT7ZdM25OSOGyHACTRMvDgAFD9A/d8cdDmntGBV2Z5vpVBsbQr1pBt yCuNXdOdrLU84CwvCrCOl7Qbh9N8UkQ1+uPQVDw6lysq2dA2y1ZLroWKahATVB4g S0HJm0U/G3Gc7olv0U4854KtoC39ZsP3vqx7x/3T1BOk8lG94XTTmAEOocgyn7bJ Sf7/+fGx40RhIxQ8BzWjZtNwOKaogvfgg4BpBMnh+ac8zNgRhIpOwny/G8ClN1tZ fGndybfwPD4f1I15qsNnNlQIvUpuwqISI90x3o9PbsrheHedntiHpg== =fQXZ -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
New upstream version
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Package: dcraw Followup-For: Bug #519604 Followup-For: Bug #506705 Followup-For: Bug #523789 I updated dcraw strait forward to version 8.95-0. This can be done in less than 5 minutes. And even this is not the newest version. The reason I need that version was that the version in debian doesn't support my EOS500D. However, the newer versions support many newer camera models out there. The update will also close bugs #506705 and #523789. I am not a debian maintainer, but I can create a NMU and send it to Steve King (Maintainer of dcraw) for regular upload by you or give it to another maintainer to load up the NMU if the regular maintainer is to busy. For that reason I also cc to debian-devel to ask for a regular to suport the upload. Regards Klaus Ps. I can also upload the package to my unofficial package repository but I prefer to have a up-to-date package in debian. - -- Klaus Ethgenhttp://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iQEVAwUBSuME6Z+OKpjRpO3lAQrwywf9H7NJWidnKz74KLBuKJk1OYRaxqcEpRVH j+sGU5/JkOvKAVpeIZWJcSYlqoim6MUlCGzi8oM9qkXGqRFYbNwmwMMhk+r60Tcm kiQxMJg3XmCnEd4qkGav8uOQrpr3QGDPGpXvy8VZ8QHmmnuvCyFSQdOoD5ei2wB7 1V9YFl6RFc7WAKo1zpagGRquE/pstJV/8TfkXaQLZuqAAZNTcHIYnXwQ8HzV9UJi 5XSK3ZUWG2asSGcU2QCkrU4uomZrIyBlD3+UzVoRpC3G8uPXzQ1VOuXuxH8oAdVL orw3XFmyJTQLlucE7SHBIXtAZypRnNKWizKj6KEYMm/Xkz80Xv0BQQ== =4Mne -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Re: New upstream version
Hi, thanks for the hint to debian-mentors. So I add that list and attach the original mail to that mail. I set also a reply-to for debian-mentors und myself (I am not subscribed to debian-mentor 'til now). I left also debian-devel to show where the follow up is going on. (Urgh, NNTP is that better for discussions than mailing lists!) Am So den 25. Okt 2009 um 4:27 schrieb Charles Plessy: > Fist of all, thank you Klaus for proposing your help on dcraw. In 2008, the > package was in a similar situation, and Steve eventually prepared an update. I > recommend to the people concerend by the state of dcraw to have a look at the > following thread on debian-ment...@l.d.o: > > http://lists.debian.org/msgid-search/91f186a80807081226n4d4567feu96daf465fefa...@mail.gmail.com Hmm.. Fascinating. He did also the same than me by including the internationalized manpages and locales (which is also lost in the latest official package by Steve). However, I put my dcraw package to my ftp server under ftp://ftp.ethgen.de/pub/debian/pool/ (dcraw_8.98*) for review. > But on the other hand, I think that the situation could be better if dcraw > were > team-maintained rather than updated once a year. Steve, what do you think > about > this? You can count for me. > PS: and of course, this discussion has to move to another list as soon as it > enters into technical details about packaging issues. Sure. As I mention I did the x post. Regards Klaus -- Klaus Ethgenhttp://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B --- Begin Message --- -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Package: dcraw Followup-For: Bug #519604 Followup-For: Bug #506705 Followup-For: Bug #523789 I updated dcraw strait forward to version 8.95-0. This can be done in less than 5 minutes. And even this is not the newest version. The reason I need that version was that the version in debian doesn't support my EOS500D. However, the newer versions support many newer camera models out there. The update will also close bugs #506705 and #523789. I am not a debian maintainer, but I can create a NMU and send it to Steve King (Maintainer of dcraw) for regular upload by you or give it to another maintainer to load up the NMU if the regular maintainer is to busy. For that reason I also cc to debian-devel to ask for a regular to suport the upload. Regards Klaus Ps. I can also upload the package to my unofficial package repository but I prefer to have a up-to-date package in debian. - -- Klaus Ethgenhttp://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iQEVAwUBSuME6Z+OKpjRpO3lAQrwywf9H7NJWidnKz74KLBuKJk1OYRaxqcEpRVH j+sGU5/JkOvKAVpeIZWJcSYlqoim6MUlCGzi8oM9qkXGqRFYbNwmwMMhk+r60Tcm kiQxMJg3XmCnEd4qkGav8uOQrpr3QGDPGpXvy8VZ8QHmmnuvCyFSQdOoD5ei2wB7 1V9YFl6RFc7WAKo1zpagGRquE/pstJV/8TfkXaQLZuqAAZNTcHIYnXwQ8HzV9UJi 5XSK3ZUWG2asSGcU2QCkrU4uomZrIyBlD3+UzVoRpC3G8uPXzQ1VOuXuxH8oAdVL orw3XFmyJTQLlucE7SHBIXtAZypRnNKWizKj6KEYMm/Xkz80Xv0BQQ== =4Mne -END PGP SIGNATURE- --- End Message --- signature.asc Description: Digital signature
Re: GDM, getty and VTs
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, Am Sa den 14. Nov 2009 um 15:45 schrieb Josselin Mouette: > it???s been a long-standing tradition on Linux to have 6 started getty > processes, in tty1 to tty6. However this doesn???t correspond anymore to > the way we use our machines. Yes. I think so. > To make things worse, the latest GDM upstream version doesn???t include a > tty manager anymore. Each started X server will simply use the first > available VT. That will be a bug in my eyes. One of the first thing I do on a new installed debian host is to disable getty on tty1 as I will always have the last log messages on that tty and no way to wipe it while logging in. The other ttys (2-6) are changed to use mingetty and I am happy quite often to have it at all as I refuse logging in as root with X. (And I think everybody logging in into X as root should get punishment at all. I know that the RedHat people do so but I am not RedHat and we aren't ;-) However, please do not refer so often to RedHat, that is just an other distribution. The last shitty thing I remember percolating to debian was that .localdomain problem which was completely unrelated to the problem but made many problems. Regards Klaus - -- Klaus Ethgenhttp://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iQEUAwUBSwEp2Z+OKpjRpO3lAQoVkgf3frjvO2XCqNMHOk55vG0Vp8DLEnRC6oIC Sr90EHCd5sRkn3yFWw4CCoKj8exPFjFQcftI0spbxLtFeDkCSBTE+idy372Ab09E rcsZMUGC/xCdCuqvoOmYjkVFD0FiK9Y0fNx78ZiKCKSiBIUv2KaaL2Xh7lCqimz4 oZ0TVA5Ew/ijn1RF8GkO7PLx1h1wg/zz4Yy9DSw2+uRYO/4GulDf3XH/x8+Y6z4r xqwvFFyNZKllrQPuwAP3h2mSl5bEuagQvxrfD60UmO4UptUNuAAQc4paGH0EpwA4 9RkO2AaHLjvv53DvFb8tCENVsMuNixYG0iJGNgSO3vCZAUHSLXqs =be0L -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Re: update-inetd
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 hi, Am Sa den 13. Jan 2007 um 1:18 schrieb Roger Leigh: > > c) update-inetd should default to creating none unless explicitly told > >to. This has the advantage of staying secure if a dau admin install a > >package accidentally. > > This would not square with the current practice of defaulting to a > secure but functional service when you install a package. If you > didn't want to run it, you wouldn't install it. The admin always has > the option of commenting it out. Well, but it would be the way a daemon has to work. As admin I do never like to have a deamon enabled before I configure it properly. And some packages install a server as dependencies. (Sure, this is a bug.) > I've been exposed to using Fedora recently, which takes the approach > you suggest of requiring explicit enabling of *everything*, and it's a I do not see the point. Fedora do enable everything what is needed to run the system. All deamons which are not needed essentially are disabled by default. (Other think is the strange dependencies in RedHats Fedora.) > complete pain. Trying to discover the thing to tweak to get a daemon > to work is rather annoying; intentionally "crippling" a package by > default is not IMO the way to go. Hmm. I don't think so. It is easy to do a "update-inetd --enable whatever". Moreover in my eyes the functionality should be the same if inetd or xinetd is uses (like RedHats chkconfig do). And the mess is at the moment there is no way of NOT to install any superserver at all. There is software you don't want to run as deamon but having dependencies for inetd or (better) update-inetd. And there are also packages arround NOT having dependencies for update-inetd but using it in postinst and/or prerm. Wishes Klaus Ethgen - -- Klaus Ethgenhttp://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen <[EMAIL PROTECTED]> Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBRaows5+OKpjRpO3lAQJqiwf/X5nQUpFao4n6RBS/j25mxN9+q/BebaV/ VzEImKvzRMzuPgunQHzy0B9MgaS5AzaIOlZ7+nLcXwG4AI92iCFExMS/2kpcmOy2 MoqGXldoqbP31/e4w8nHOa4O7u22Ra4k/i023rGeXlzlFhy/8yFvVVVxJFvr5+3D HZ7MvNvqEcO/+SSf0KJa7Dvyd3h6K1wUs+qqeO8OUeF6jx2ex9SjkfRi2wY2aKoD k8YrayEbxJCJ0CG8sYwD6cglG2DeVglRENTGvmzuc+gxFWXkbvDpevBXSOo0QP8d GENiopWj5UyOYOen0RU6Ay3pPv8sX/64p48HZU8WJw1j1pfadrfULA== =2ALM -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: On maintainers not responding to bugs
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Folks, Am Mo den 26. Feb 2007 um 3:03 schrieb Pierre Habouzit: > errrm, let me think. YES ! [some calculation] > so well, hmm let me think again ... YES THIS IS A DAMN PERFECT > ARGUMENT. Sorry, but NO. It only shows that there is more people needed for maintaining the package! Moreover, responding for a bugreport can end in less time needed to fix the bug. Maybe the reporter has still a (local) solution and did not append it as patch. Simply asking would help to get this patch. Maybe a response can also be like "do you have some experience? Can you help out fixing the bug?" I'm sure that there are some bug reporter out there who are able to fix bugs and would answer positive to such questions. But if there is no response to a bug report nobody is engaged to spend only a minute to fix it. Regards Klaus Ps. Syntax "bugs" in this message have to be ignored. - -- Klaus Ethgenhttp://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen <[EMAIL PROTECTED]> Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBReKgwJ+OKpjRpO3lAQI1Ewf+JN26Q7Nieot+gvUyNf5TgWOS2EI6OGsA BpTejPiwYPpNClKIQUr3jXpBlAejyR1865ps0qY8hl0TIeNbPjraiMR11AUbD+qv bO4k1O2Sv9KXR3GDU979nMKsBlvoICa092kH8gJkaFwWWtSyXLAXR61UsRGbq1zH V61uyewN75uOuUYpJn65XlkFqMlnvXlp/KekgIcoqTyBl4pQobWxaaV6rwVZuwSE NwhBwxpb2wRRA3xofZCv6alXgxprjqg5HhnRhJwUezMhdsnx0n8MTlDZY0vUMQaq kQu3TUfn501mScQLZJXVYOdBDtINHdoo2E5gmT/kApfaIPAmxl9B1g== =nKRX -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: On maintainers not responding to bugs
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mistakely send this not as followup to the list: Hi, Am Mo den 26. Feb 2007 um 12:02 schrieb Josselin Mouette: > Any volunteers around? Sure. For doing some Work on such projects as glibc (Low level tools, I'm not the frontend programmer). But then come to another problem, (and yes, I know there is the possibility to have a sponsor) how to just help without being a DD? I started the DD process long years ago but stalled as it gets to much tiresome without results. Nowatime I just do some stuff for my own, fixing packages and put them to my own repository cause to often it was just got ignored. Regards Klaus - -- Klaus Ethgenhttp://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen <[EMAIL PROTECTED]> Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBReMLdZ+OKpjRpO3lAQIIrQf+Ibo6N/FXEpLdZqKg/UK/gBh3jZKjtr0w 9fgD4rSsCLbvY+OBx9tRcji2BJ6qu2qTvtyAWO6h3qvbkOuQ5FR0cJmcVjRvPKvL x9q7nQKxDHlcl/EvvojBo/UJL+4qsaaZia4UX/9OPyKVf65LfA/8xsvB9cqHZC0H D/qucp6Fx6tvNRKmtSt5vszuOQ6ekXjOOdmpMZMLNTPTbQw0JUYe+i2ezFrv97g9 W/sQkxyTav6ANxW9bE0rHcDH54CMDuHe7nIwVgG6akiatlUKPt/wCOoXTyF5kPS6 tlvo6fJSrYoRIP8D7PIq3td7nOjnr7/mGTSJYi0InRfzmyqTcnaa0Q== =S2gm -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: On maintainers not responding to bugs
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Am Di den 27. Feb 2007 um 0:11 schrieb David Nusinow: > we currently have a space open for anyone interested in picking up the > beryl packaging, as Shawn has been taking time off. It's a golden > opportunity to work on one of the hottest pieces of software in the linux > world right now. Best advertise. :-) (I mean that serious.) Best wishes Klaus - -- Klaus Ethgenhttp://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen <[EMAIL PROTECTED]> Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBReNrN5+OKpjRpO3lAQJCJgf9ERTnGhdDYhcZ3xOJbGuesnzGq9txcjLK BPqjNKZtFosmU2dsnBxfkSa9xLlR7T6W2M0psJvx1BP7mwUx4fpjNoxBgKDnm+bg faoqXO50Ek6Zv2PC50t6/6jS8mdKRxOxuOVEI6OsJ7SOI3n/03MDpfr5SNFWAi96 yh2Yw8q3RJRJckBlnu4O+KfAgW4W7GdCl6/EmSVfg22cKR40DReMDGBbfJhf664X lHtUhtXFNlzNH57Eonjc59nIzzF1VZOyIEXSJGq77W4gF+Zm394VSxko3u0KpsMP g/mqj/hSQ61x6nS3scAOpofPdq9zk8b3eSGc1NdNU5k3BEo//rkYCA== =QDlV -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: tool to turn redundant files into symlinks
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Weskey, Am Di den 22. Mai 2007 um 0:53 schrieb Wesley J. Landaker: > > If hardlinks are okay too, see the "perforate" package (I find this > > package hard to find, since the name is somewhat misleading). It's > > written in Perl. > > Well, thanks, I didn't know about this one. But, it does really *have* to be > symlinks. I've found a few other tools that do hardlinks. =) I am the author of perforate. Well I rewritten it from scratch as the original tool had some flaws. It is very easy to add a option for symlinking. But there is a little problem deciding which of the files should be the symlink and which the original. With hardlinks this is not the problem as after hardlinking the files together there is no different between them. > Anyway, if there isn't something that already does it, I can probably just > parse the output of one of these programs and do the symlink replacement > myself. That would be the other way. finddup can print out the double files. Gruß Klaus - -- Klaus Ethgen http://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen <[EMAIL PROTECTED]> Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBRlKE3J+OKpjRpO3lAQJlawf+OGyqWgsq3RzGdaSIxrDwJVgeSi7zIr3M qw7rUHBfdpwncIxj34caKgTtuuTzbGZSWejwfwF0+k3lz3S7OjSCEJEf+AULUmCj 6YQuW/5G27vukx2y164V2oJ74GO9GHFxCELN8c9Rjv7+wx6AbPSGBeFe+FR3AtSz Ibo1bzdtWfOBkz5Grd68BOI3y0kv6du7JwMlBhX70aPVv8VsPfo8pqewViva1xBs S9xXTMwrmiIDJnLP0PrYiG+ihCBJqw4ucOaGmcKfXi9xvTVvnteaJn0FmVknCxX2 KCRHhkOjkE+fFKMHmXDvBoRutnRBH70erw5FSI8NOPSGsRewLMW56Q== =HQQ2 -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Bug#427297: ITP: sturmbahnfahrer -- simulated obstacle course for automobiles
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dear Charles, Am So den 3. Jun 2007 um 9:00 schrieb Charles Plessy: > I have very bad feelings when I read the name of this game. It is a very > bad taste play on the word "sturmbahnführer", which is a rank which was > only awarded in the SS divisions when Germany was ruled by the nazis. If I am from Germany and it never comes to my mind to use this synonym before you wrote this. And also after I red this mail, there is fare many different between "sturmbahnDführer" and "sturmbahnfahrer". Sorry but if you try to deny this name you have to deny many other to. Just a few examples: - - "dd" (could be read SS, only two letters away) - - "Gruppenführer" or short "Führer" (A term often used in german youth groups without any relate to the nazi) - - "chmod 666 ..." (Some christians complain about the 666 as it would be the number of the devil) - - ... So please calm down and come back to the reality and do not try to see nazis in all thinks in the world. Yes, there are still nazi in the world and they have to be fighten. > you google with "sturmbahnfahrer", you will not find any page which is Do you really believe in google forever? But, I tried the search too and got around 21900 hits. > not related to the game: this word does not exist in German. Many names of games are such called "Kunstworte" because otherwise the could be suited. (Bad times today that you always have to fear about getting suited. :-( Regards Klaus Ethgen - -- Klaus Ethgenhttp://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen <[EMAIL PROTECTED]> Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBRmOvKp+OKpjRpO3lAQIo6wf8CPM+5+PEcwoZWuhsNYPb+tsZQ7o/CIjF 9MQLbkZlr5zD0hBDHR9xbXO8OZ2dDuEiXwshRQCocRuRz1PlVPzI4vyvZdlRb2wy IjGPs98vWf4LRFpJx1XPh5MHFWJSFvlscqELjxDaRHpwWOwHR4/mVBhk+fsIvgFr lNN2cCRRKLkmm7VAkn46Pw1v7K4eZ5kx31c+cMr3j6t66DXCMbkqMy5bbvKUqXue 8deHotvxRvMglcDdng7UCohDechWvw0QY2EtlNMQeaXNZvv5Am7d2TKYsnmN0h7h 8mwTnEqfyJ/kbdmlIy+vR2SLXIBmfhkieKlgjMi98/6tNlYdnvRRbA== =qnoY -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Considerations for 'xmms' removal from Debian
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Am Di den 3. Jul 2007 um 23:10 schrieb Josselin Mouette: > When you talk about the "good old" XMMS, is it the one that cuts the > sound each time you switch a workspace, or the one that randomly locks > up when reading files over NFS? I heard this crap only when using alsa. And even worse also if I move the mouse. But this is not a problem of xmms than of alsa as it happens in all applications. With OSS I never had problems like this. (In fact I never ever had problems ever, it just works. Regards Klaus Ethgen - -- Klaus Ethgenhttp://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen <[EMAIL PROTECTED]> Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBRoroL5+OKpjRpO3lAQL6Wwf/czPbKSiQtWpV0olQafvyCBsFoW4dPMCL R3Fg33IZhVHi3mgwFWocDalYrotHAlS0iclm9so5pyPUQhIhb6RLYhmoXRIO/5Ke NTf9xyicnQ8KDrEy/sgumTOlH+u82Hpt/mYD39BggjW0dcCGTBWP8u0HmkhyXqqq yeNrvP3k5cuC2r/KAAooHWAjH45vDL+IsB8kiDs2Z0OrXXeqQLI8plt3nIaDowrU MyZ0DkuIGvNAAI8y2T0s87X1RSnOs9YM+SsIa66WHmCA53C+us02iypDyrSKVGPw 6qb/pmn58bV7llTv2ad36sEqZqZ5ehkLp50vxx8AwBupOjTn4uumkw== =E/G3 -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: apt-get -y upgrade for non-interactive sessions - and replacing conf files in /etc
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Am Do den 5. Jul 2007 um 20:57 schrieb Alan Ezust: > I passed -y as an option, and then during the postinst, I have a > situation where the package has a configuration file which is newer > than what it is about to replace. I would like it to just replace the > configuration file without asking me, but it won't do that, even if I > pass the -y option. I think the following lines will help: export DEBIAN_FRONTEND=noninteractive export DEBIAN_PRIORITY=critical Gruß Klaus - -- Klaus Ethgenhttp://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen <[EMAIL PROTECTED]> Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBRo1BJp+OKpjRpO3lAQLMuwf9HCnKlKlNabck4tBP7Ja8j7CT6QVoK+tC lffeFbFbTV3wba7OEOC44a1vErdE2L88hZKiCa0+stB72WVCWhJLMGPKnuyZ0aUz hXI6loa9qFNTfZweQTQE9aQ9/gNy2gR3VKNGmX/1odnzT05/ci70P5vTplLyoE2R MNEw/yeMx1mCjXb0SuVhMv5G5Kag64lAVE89jfvIwYXhdAcWvpQuVEIsoGMP14wL aiOL1sj3gsg1jV8wsz+Eg6oAjqmrmm3cNnuMr09nL5PhYPCPnBiw7lgpJ76zxL38 iakZ716XC7bZ37F/z1JIVZCosx3rHn1AVWeWHZFeOnAATZgNhRpL2Q== =i+E4 -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Spam-Problem with linux.debian.user.german
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello, I had posted a followup to linux.debian.user.german. Now I got a very strange mail from a italian host telling me that the post was canceled and that I have to subscribe a mailing list. What the hell is that about? I did not post to any mailing list. I did post to a nntp group. I do not want to subscribe to one another mailing list when there is a nntp group available. Mailing lists are as bad as this forum stuff. For all and ever a new account with a new password.[0] However, back to the question. Is that a official mail for whatever reason ever or is that spam that try to get me on a pishing page? Regards Klaus Ethgen [0] Good that this list is english and not german. I can not swear that good in english. - -- Klaus Ethgenhttp://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen <[EMAIL PROTECTED]> Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBSOD4Q5+OKpjRpO3lAQLlYggAqAFz056NZKJ0muZvTEoEEZgCrImHtZl6 OxKN888I6WUbrgJQxyqhGxCm/vyrsHZyoz3Z7Uie2WLXk3xloI+MddbOaz/OtBlV SSL/A3zpOps1CqjJl+lPo8lO5NZyuO3UomwgQCA8UAsJWXrtslvVnFR2MLYjar9R s6Ez0slpGV5keCmKA6+fQ+5/gnlZpwLJ2eHH/0NLKYE6IW+rJQkA+ozzY4gAAsSi VJi/0c+udIAbzYx6HSrebOKBYB4gVVI0Bz9++kPqyj/Z69a3AxJ3MWSvq/vIKbpH 77KHqHn0RP0PBXW+aGGNqKVzfHuiYGMB4gjWFPuxmuKAuK3M9EkD/Q== =bu13 -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Test Debian : IPv6 pitfalls ?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Am Mo den 6. Okt 2008 um 8:21 schrieb Franklin PIAT: > > It's something you may not have power on (if your netadmin or ISP > > decides to enable IPv6, it's their choice, not yours. You can > > *disable* it but, it's enabled by default anyway (thanksfully)) > > I my mind "enabling IPv6" include ISP and router reconfiguration. > > So the "risk" questions are : > - Can a service become unavailable because of IPv6 ? (including > side-effects, or remote sites that have broken IPv6 configuration, > causing unavailability). > - How long and how difficult is to recover the situation ? > - Network security (no NAT, so inner systems are exposed by default) In the past I find it on many systems that the user (admin(?)) did has a proper ipv4 iptables set with strict settings but enabled ipv6 (cause the distribution comes with enabled ipv6) which is world open. All services per default are listening on ipv6 too. Sure that is a incompetent admin. But keep in mind that most of them are that incompetent. (Sorry telling it that clear.) So it IS a security problem having ipv6 enabled by default. And it is a big security issue! But also if you are aware of the ipv6 problem it takes time to disable it. I think that the persons who really want to use ipv6 are (and should) be competent enough to enable and configure it propper. > The second point is especially true for people that do simple web/mail > hosting. Messing-up DNS can take time to recover. Yes. And there are still applications which cannot handle the wide IPs from ipv6. > Anybody aware of bad end-user IPv6 experience ? There are many!! In fact I only know one person who know enough about ipv6 and the pitfalls to use it. > Anybody feels like improving IPv6 wiki page[1] to explain those pitfalls > (if any) ? Better explain the points which are no pitfalls. This list might be smaller. :-) Regards Klaus Ethgen - -- Klaus Ethgenhttp://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen <[EMAIL PROTECTED]> Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBSOnSuZ+OKpjRpO3lAQJLOwf/Uuhc6Ju9W0+/qZXZtffZ0t/WcUUHhth1 PjFVrQXvf6OfgK3rOEzo3iQ7GkGk3JakFm0CqMafc+assPcJ9G0tFBjzt5i+zMoK RUt00qM9qlseAiTfORnvxnCW+n8D3L5dzlt3xaMzW0+FT4hox7k2HxLyqAwFX25S Nf84WdBVb2K4Z249uSna7MCxYMELWY4RH2wYrkvAQzSIKiBuosBYZNmZQo5O9mdN urR22i4XQOdADdbc1ADAJX7mpbnCz4R0qoNR4zlTkd+Xy1FIA/t96yDA1N9rypGE SVagsDkf5G1LoGBxugZQti2wyK/TD3tWVNEBi1PdzT4NFr7P7XmcdQ== =UMnL -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Packages still depending on GTK+ 1.2
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 You forgot xmms. It is still heavily used and there are no alternative for it. (It is just such a application as xv - very old but there are no alternative that completely replace it (in all facets).) Regards Klaus - -- Klaus Ethgenhttp://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen <[EMAIL PROTECTED]> Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBSTrVmZ+OKpjRpO3lAQI47wf/aW5C59XUQfx44W5hqUYTI5bzUOn+5XAX BMEImtfjXBdQWgcaoJ8HUb7aQuWGvdRzElzo6nEfSwIcEzVKCWqDBONDxfn9AzWx rsFLryuOuyDs3yQVkOEumXmsX58LTGmPFsczG9/PXgjZYEUnw1PtDxrutG+8/i5J tGwq/QJ+urizK7eagmyz0wPfprJS0VyA6XsAWtfWgrd5S+rWjuBL6C+AwW3d+kyu bKgMLPGxotYSJ9ecH17EJSnCEuq3SVtEF0ON+0yhT6BuYIUfAkJfAMA9w1mJJNFq 4RAhz9OujpuDCMASrDcr66n17m9k7Q8pdIVhmLFjeNn4Vpd/RyUY8Q== =+5v9 -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Packages still depending on GTK+ 1.2
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Am Sa den 6. Dez 2008 um 21:38 schrieb Daniel Moerner: > xmms is gone: It is still in stable and there are many installations. More than 7000 in popcon. And there is still no alternative. Klaus - -- Klaus Ethgenhttp://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen <[EMAIL PROTECTED]> Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBSTrrWp+OKpjRpO3lAQK9Uwf/WWeTKIT0OKrA2RzAZfAe9orxsedWx6gF 7/FrVKOsKF+FxbOugTCpDoW7iwFaSYsdm//otzgimGSQJ35theBEUcqPr2ilnI7l QOQAuY3DbmjKLHC0cmbjH3jKCBc7SfCJbtt81NSYX7/tTsyaxHhERBUYadDZyFBM CYJg/TPCbP1GQZ7nd/RQsez2m07KjB623ibf+IvFzUCh2I3I9w+7IUGNAU3sIKJS u3g9iiuYfhWS1JbN65sKXT12+72UI/42pshZmtTvypa3z5RY5uzn9tpxWiseO8rd KrX9Nvl4DkYTtherCPvFJg+5zZARMqBk9VbOX8t3M1J17BzPatTEFQ== =kuwI -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: stupid dependencies on update-inetd
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello Marco, Am So den 29. Jul 2007 um 13:57 schrieb Marco d'Itri: > > The update-inetd package is finally a good way to have a system with no > > inetd installed (or the ill situation that two (inetd and xinetd) are > > installed the same time). Cause the inetd disease I locally created a > If you want a system without an inetd then do not it install one and do > not install packages depending on it. It's really that easy. Sorry but I think you didn't understand what I tryed to explain. The problem is not to not have a inetd installed. The problem is that there are many inetd out there. One is the xinetd which is replacing a "traditional" inetd completely. But today the traditional inetd has to be installed too. Xinetd do disable such a inetd in postinstall script. However. What I did explain is that xinetd do not need to have a update-inetd as the configuration is done with single files for single packages. But for legacy the inetd.conf have to be updated too in any postinstall of any package which might run under inetd so there is the point that you NEED this update-inetd in postinstall independent if you ever need it for the package or if you just suggest inetd as the software CAN run under it. So the dependencies are hysterical^Whistorical grown but not "good". Solution would be to depend on update-inetd if software are able tu run under it but can be used in other way too and to depend on inet-superserver only and absolutely only under the condition that there is no other way to use the software than to use it with inetd. (By the way, xinetd should normally provide inet-superserver too. But this is another point.) To the problem with second inetd installed on a system with xinetd: I have the following packages installed: - - xinetd -- which fully replaces any other inetd so no need to install an other one. - - update-inetd -- To let all packages which can be run under inetd (And in fact run under xinetd fine) be happy in there postinstall script and still update the not used /etc/inetd.conf - - netkit-inetd-dummy[*1] -- To get rid of the stupid dependencies for inet-superserver or even bad for netkit-inetd. [*1] See ftp://ftp.ethgen.de/pub/debian/pool/netkit-inetd-dummy_1.1.tar.gz Regards Klaus Ps. I xposted this back to debian-devel@lists.debian.org as this is the right place for the discussion. - -- Klaus Ethgen http://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen <[EMAIL PROTECTED]> Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBRqy0fp+OKpjRpO3lAQLWXQf/RBEPkczm5DLvhGGm8wjLzN73BurR2fCG v08f7EGU2FsrXSPquk3N+UyXwcSqzKT+phAN/qNc79ZPvpelZWO07d+s89mnDlAm nVgW0/7Zceej3vqzc4h56Njh0UG3pou27UEZZwvHA40lbQanG+H9bahl3Z2C3vk9 dYpUSYFOa54M1dN98PNWQqstxsaCjh2DLks7WiNd/K+rBgDska74sXoUGveN6DbK PkpVMrsM2TS6Mi7aiCxR0nbflApuHY37sIaIJ8G04spXA7w8j7P2uGcZaEEtewHg dBOlI10TZcXnx2LVdGlHRPnqXx6fej5z+JVdu34HU4ILFwQWW+3qgw== =GV/H -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: stupid dependencies on update-inetd
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Marco, Am So den 29. Jul 2007 um 18:58 schrieb Marco d'Itri: > > > If you want a system without an inetd then do not it install one and do > > > not install packages depending on it. It's really that easy. > > Sorry but I think you didn't understand what I tryed to explain. > I do, it's you who have no idea about the discussions of the past five > years. Might be. There are so much flame war on that list. Also my English is not that good and my spare time not that much that I can read any mail in the list; sorry. However: > > be installed too. Xinetd do disable such a inetd in postinstall script. > Yes, the xinetd package needs to be integrated with the rest of Debian. I agree. > > However. What I did explain is that xinetd do not need to have a > > update-inetd as the configuration is done with single files for single > > packages. > No, it needs an update-inetd program which can create configuration > files in the appropriate format. Hmmm, Wrong in my opinion. If xinetd would have its own update-inetd and software is installed in xinetd and $ADMIN decides to switch back to traditional inetd the configuration is inconsistent. Also the way around. It might be a better way to have a lintian warning if a package has a update-inetd call and no xinetd config or vis versa. Note that xinetd do not need the existence of a update-inetd tool ever. And other, newer inetd might be the same. Maybe there can be a dh_ tool for creating all needed inetd configurations. I think that all the stuff should allow to switch from whatever inetd to another without loosing configuration (coming from the package). And there is only two ways how you can do that: 1. Creating all needed configurations at build time 2. Having a single update-inetd which create ALL configurarions at install time. But this make update-inetd package as dependency for installation and NOT inet-superserver (the later can be suggestion as well.) Gruß Klaus - -- Klaus Ethgen http://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen <[EMAIL PROTECTED]> Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBRq281J+OKpjRpO3lAQLMXgf/fRE9nvCZFPevauLNUajXKlUuwvh52sQ0 v8+MfXjloFoTWUdolZocNVfX7+YnjZf+UAHmRRwe8ukm/ReutiRtj/qtwVXGIdES pOCa6x7l14gl5exWh7M89OCyMbAEws+vVrjlRRU5xaVfpjTaFpsXypptQgqOn61f v0NyblDnPQgQ/5sHG08zQbfgEF6XpzVma/tPfPag42AR9mqnwPaKuOn40ur3slcC 3kfSRAhAFSl57Z8UyUyqi3XERS7H9p6avN1azr/h+9/YBv9K4t439D80WaKCyVej Jiqa5/JWKTQbYI3BYA1NcwSdsDc50wJb3IVHf4WqlpprM1jAzB0giQ== =0q7P -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: stupid dependencies on update-inetd
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Am Mo den 30. Jul 2007 um 13:34 schrieb Marco d'Itri: > > Hmmm, Wrong in my opinion. If xinetd would have its own update-inetd and > > software is installed in xinetd and $ADMIN decides to switch back to > > traditional inetd the configuration is inconsistent. Also the way > > around. > Not if done right. Please read the whole thread, at least. Id red the complete tree from the begin and there was nothing about that. If there was a old tree about inetd in the past please provide a link as I do not know when it was. > > It might be a better way to have a lintian warning if a package has a > > update-inetd call and no xinetd config or vis versa. Note that xinetd do > Pure idiocy. The whole point of update-inetd is to not have to > distribuite configurations for every inetd flavour. Maybe idiocy. But it IS a solution which work. Please also see the second choice I gave. In any case and to come to the begin again, the correct dependency would be: Depends: update-inetd Suggest: inet-superserver Gruß Klaus - -- Klaus Ethgenhttp://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen <[EMAIL PROTECTED]> Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBRq3tmp+OKpjRpO3lAQIZSwgAiEdck3ukzcH2e1ySzTaokhbGTgA1Q0KV EcllyHiC7t5AjKJb9hFHAXn8aaXuIwKPb76pu7mG2kKmHOQ/ojqK78ghcBaSspVE UmdvwwnG8OupYuseXbu8Ci2q9IysNmD1jWWr8e/EbKmjupFqJJDcARIqc6P5u7Xx yWWdGBH35WTmdIDRcB6ZIvuB6CrkyO4akZ9WBdAuDY+Aks20KQeSyOd159WQUpZA PR0BcBOT6p6MZ+T6IHu/ebyvqXzTdaD0ztHvm5UDKUZBw5iqLpqD1h5s3RL93htD m3HaYO8BVkjKWTdI05fxEF2W4hei5SCg9FpoTVUQ8VECauKK7LfJgQ== =cMmn -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: xinetd is a viable inet-superserver
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello, Am Di den 27. Nov 2007 um 16:13 schrieb Pierre Habouzit: > (1) xinetd reads and honours /etc/inetd.conf ; As long as this is default switched of this might be ok. > (2) if a service is configured through /etc/xinetd.d/ own > configuration files _and_ inetd.conf then the former wins, which > sounds like a reasonable thing. And what if a service is intentional _not_ configured for xinetd and the inetd.conf is ignored? Best wishes Klaus Ethgen - -- Klaus Ethgenhttp://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen <[EMAIL PROTECTED]> Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBR0xXE5+OKpjRpO3lAQK26Af+MBcnYCsLwnzfe60useU9ARzPBq2EKHf3 7x7CD1TvCel9/MJOnYGrxQEAOosy57mjQxCo5zViz096kW9QdBr1UVjWZb26kTUe 95OLOwwVqc+47/G9QZXmLIu6Xj9r/hFhTPpGTkAVG7u3SHERhgYPN5A0C8622+By VQpOjZ0kuIxma2p5/BxcNbgSnW/tE3BzgQDecnQiSEKzb3pCjZFjAvoZHxMQRUg/ bgUP9i/bbTw0725dqg6BRIzujPDaqQNAkCTCAWRNJCOK455R+Ig34/kPHd8K2l2/ +vbg58AasQrep4UFfPNOqJcqaNA0wap4GpBma7Yih5QDrEgdyi7kpQ== =VpFv -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: xinetd is a viable inet-superserver
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Pierre, Am Mi den 28. Nov 2007 um 9:45 schrieb Pierre Habouzit: > > As long as this is default switched of this might be ok. > > No it's on by default, and easy to change in /etc/default/xinetd. So it is easy switchable. (May there are a debconf question?) > But I do believe (and there was an RC open on xinetd for that, and I > agree about it) that it being off by default is wrong, because xinetd > cannot document it's a proper inet-superserver without doing that. If > as an administrator you disagree, you can change that anytime. Well the problem is that this change the expected and desired way on existing installations. If you are a admin and didn't (want to) care about /etc/inetd.conf and with a update your xinetd will use it silently (and may open big, big security hole in your server) this is a very big issue! (And a security bug I think!) The only solutions would be eider: 1. Implement a debconf question and explain that there is a problem or 2. Switch it of by default for updates and maybe on by default on new installs. > Since xinetd conflicts with inet-superserver it's the sole one that > can honour /etc/inetd.conf. Well, not completely true. There might be more than one understanding. Mine is that providing a inet-superserver provides the _functionality_ of a inet-superserver not the same _config file_. > (1) only honour /etc/xinetd* files, by disabling compat mode > altogether. Would be the best in my understanding. > (2) work in compat mode, with the (probable, I did not checked but it's > likely) drawback that a service "disabled" in the /etc/xinetd* and > enabled in /etc/inetd.conf will probably be run. Disabled can also mean that the respective file is not created or deleted. > There are 2 ways of not falling in the (2) trap: > - either always use update-inetd to enable or disable services (once > it'll support xinetd configuration files btw) Only if it provides the full functionality of xinetd (like ie. only allow specified ip range or only few connection at once). > - or me patching xinetd if it behaves like I fear it does to ignore > services from /etc/inetd.conf that are filed under the same name > than in /etc/xinetd*. I believe it to be the proper approach, I'll > try to write a patch asap. Why using the name of the service? In inetd.conf the name has to be the same than the port in /etc/services (and even some service might have multiple names). In xinetd the name can be any if you specify the service port in the config. So why not using the port to decide if the service is enabled or not? Regards Klaus Ethgen - -- Klaus Ethgenhttp://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen <[EMAIL PROTECTED]> Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBR00xmZ+OKpjRpO3lAQLGXwf9HtZwVqWrWuEEPGAVZoWxksc0hQWLMWF+ c1AGgzYCNw/0Nx0DbLIf8gXbdCVBmjblFWgQAEGqBvpMAA5ccvj+u3U+OWF3jFA3 Ru5LkwuwfdoF6KEh0BwDd1jOsABcps1altX41zPkAX/kHMjU3nx2XwdO+UKc7POs sUTJl8LgCf7XxQGIjoa8SrU6WNqaHV3JwKsoPg+PQ+9ithkTLgQVYiVz4hFHv1sK PjoyU8BtwLdY13qvuYieD9ZhgUfKkq++ADWQIX360gwEb/42biH6c5LlXVg/p6Bb qvYB3GEii+gyTq7gHFV5Hxz8eeN6FZgc6q3Gz4mzc4O5rXuLPag4yg== =0VQF -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: xinetd is a viable inet-superserver
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, Am Mi den 28. Nov 2007 um 11:51 schrieb Pierre Habouzit: > > (May there are a debconf question?) > > No I won't use debconf here, because it's definitely the most viable > way to use xinetd nowadays. Though the next upload will document that > fact completely in the README.Debian [...] > I don't want to use debconf. It's an overkill. Pardon? debconf overkill? This is right the correct place for it as it change the basic way the package work completely. > > > Since xinetd conflicts with inet-superserver it's the sole one that > > > can honour /etc/inetd.conf. > > > > Well, not completely true. There might be more than one understanding. > > Mine is that providing a inet-superserver provides the _functionality_ > > of a inet-superserver not the same _config file_. > > wrong. providing inet-superserver means that you are able to perform > what any implementation of inetd(8) does, namely, reading > /etc/inetd.conf, and _then_ possibly have extended features on its own. There we have completely other understanding of. xinetd is a replacement (with its own configuration). Using the inetd.conf you have no benefit of using the plain old one. The compat mode is only good for migration. > > Disabled can also mean that the respective file is not created or > > deleted. > > Too bad. Note that given that xinetd proposes the handly "disabled = > yes" configuration option, that's unwise. Why? I know the option. But a deleted (or truncated to zero size) file is more clear than a option inside. > > Only if it provides the full functionality of xinetd (like ie. only > > allow specified ip range or only few connection at once). > > Gni ? I don't understand what you're talking about. See manpage options only_from or instances or log_on_* for example. > because the duplicated configuration in stock /etc/inetd.conf _and_ > /etc/xinetd.c/* configuration will come from packages that want to > support both, and then the service name will be the same. Untrue. If I look for my configuration, around 50% of the xinetd services are handmade. > I don't expect administrators to be dumb enough to configure mutual > exclusive services in their /etc/inetd.conf _and_ xinetd.conf. Well, just to think about a (fictive) common one, admins might start with inetd and /etc/inetd.conf and configure there stuff. Then after years they decide switching to xinetd to have a more granularly way to control there services. They ignore the old inetd.conf and configure all services in xinetd. Sometimes later they decide to switch of a service (by deleting the file as they don't need it anymore). But it is still running as xinetd uses the entry in inetd.conf. A horror thought! Am Mi den 28. Nov 2007 um 12:34 schrieb Pierre Habouzit: > And upgrading xinetd from a previous version won't activate it by > default (with the except of -3 sorry for them). I believe this is the > best way to handle the transition: statu quo for "old" users, new > behavior for new ones. True. > [0] the reasoning is: this is clear to me that through update-inetd > that is the debian way to enable inet-like services, something > that claims to be an inet-superserver must react on update-inetd > triggered changes. update-inetd atm only acts on /etc/inetd.conf, > so as a consequences I believe it's necessary for an > inet-superserver provider to grok /etc/inetd.conf. Well, it might be clear for you but I install xinetd to get away from this crap of the old inetd config. So for me the idea that xinetd might use /etc/inetd.conf is a horror! (Well I controll it after each update now but what about other who see that the same than I?) Regards Klaus Ethgen - -- Klaus Ethgenhttp://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen <[EMAIL PROTECTED]> Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBR028JZ+OKpjRpO3lAQLrjAf7B6erOuJ+yKJdaCvdwlQqC9LSz8XuhLsj P4KoPy8M+FpswpdyaIVdhqAnavs7TY4228eFhT8MDtK5r2f4zQYKUwZhCxunNFNk HyOg7Sz2uml8ZH+Erjv0nTBvGckh56xaReGlXFvNewEMIH+Xf+T0NatNOFUY61Ek BeH1BJyumFyhFFkrSnpqchHLV+FHc3AYI3Fq6YcYz2aOsh+nxZ3dEewHi+o18btj K9r7QdqaZBZ/ebChXdntE8UNdncWC/tKpyjti9ksggmp0LykvbCLpJ9sGH11gRLw mYosNbLuYkfBhQzfUNmqMiX4S1JY1hiL8/0OnYVnkAuJwevqtkPUMA== =B9iW -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: xinetd is a viable inet-superserver
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, Am Mi den 28. Nov 2007 um 22:05 schrieb Pierre Habouzit: > > There we have completely other understanding of. xinetd is a replacement > > (with its own configuration). Using the inetd.conf you have no benefit > > of using the plain old one. The compat mode is only good for migration. > > and to allow the auto-configuration debian is supposed to give for > inetd-powered services. Not all automatically enabled inetd services are wanted. (OK, that is a completely other problem of the related package.) > > > > Only if it provides the full functionality of xinetd (like ie. only > > > > allow specified ip range or only few connection at once). > > > > > > Gni ? I don't understand what you're talking about. > > > > See manpage options only_from or instances or log_on_* for example. > > I still don't understand how it's relevant to -inetd_compat. The main point was if one use the interface update_inetd or provides its own xinetd.d file. With update_inetd you cannot restrict your service to, say, localhost. > > > because the duplicated configuration in stock /etc/inetd.conf _and_ > > > /etc/xinetd.c/* configuration will come from packages that want to > > > support both, and then the service name will be the same. > > > > Untrue. If I look for my configuration, around 50% of the xinetd > > services are handmade. > > oh and there are services with the same name in /etc/inetd.conf ? I > bet that not. I didn't check. I do not ever care about /etc/inetd.conf as there is many wast inside from old installations. > I try to make the packager life simple with this one. Nothing more. I > still don't understand why you're fighting here. I don't force you to > also write an /etc/inetd.conf right ? Right, you don't force ME (I come to that point a bit later). My goal is to help making Debian the best and most secure distribution. If I see a problem I tell about. > Admins are supposed to read the documentation about the package they > install, and if they believe it's a dangerous thing, they can change the > default in /etc/default/xinetd once for all. [...] > I grow tired of that argument, why should I sacrifice Debian > auto-configurability for the 99% of the users that use xinetd extensions > for some of the services only ? Again, just edit your > /etc/default/xinetd. It's a conffile, it won't be overwritten behind > your back, give me a break. Because the users decides to install xinetd instead of inetd for special reason. They want to have a more secure setup than the one with inetd. That's the point. This is like using a complete other init like runsrv. There cannot and shouldn't be a one to one mapping. A small story I have experienced: Some time ago I had tested a backup from a stable (I think sarge or older) distribution to restore on a sid system. I had some points where I knew of configuration changes and other (like xinetd) which hasn't (I believed). After the restore there was some strange ports xinetd was listening on. I was really pissed when I realiced the (default on) option in /etc/defaults/xinetd as it has taken many time to find why the hell the new xinetd is handling services it is explicit not configured to do! One more was that I was using samba as daemon and was running into strange problems that many 1000 processes was running cause of the conflict. But this is long ago. Regards Klaus Ethgen - -- Klaus Ethgenhttp://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen <[EMAIL PROTECTED]> Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBR06MXp+OKpjRpO3lAQKQ+Qf/XWDV0JjqPYq4jrits2msT/U8gEmgQ9ik NpgJ1422/icZZ9h6pZaRlgs3ylnhc5Q9MUwrVWpQ+jIuSGhwz39HTc7wIhqp94ri kYIM7Yr57zlkFRMZxd3DfEDYIYB+6FiA218wCbnLrB8Cct3C/JPuor/56LhMtGk2 dW0jE5tzylqxGcXeJIFocAaomw0AjkfW3S1QmvQBM89GoSLUAb+HUA/UNcJHEmS1 FWByM4zwembqNkr3+09ygiagLdm7Rjk6TTSW5lZ62ZFkapF8j5JqRhrmmdDP4RJy KrwnFHNK8bqeO5IYKQdN0gDjel0nm0r7beo/WqREYO2+e1tUWdy/qg== =6Isz -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Bug#458061: RFH: cfs -- Cryptographic Filesystem
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, Am Fr den 28. Dez 2007 um 12:04 schrieb Gerrit Pape: > Hi, I'm seeking help with the cfs Debian package, if you're interested, > please see > http://bugs.debian.org/src:cfs I will. I'm also at the bughunting party at Zurich so I can see there if I will fix some bugs there. I am not a Debian maintainer but have several experiences with packaging and programming (C and perl). The days I am not at home. So I will make contact in new year. Gruß Klaus - -- Klaus Ethgenhttp://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen <[EMAIL PROTECTED]> Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBR3Ug4J+OKpjRpO3lAQKY3gf+Jnw4xVkLLBWtLoHqxyJlcJu6gLeRM9Vh DtTxkM76YGwh+dfz4aaLHscm/8fFszQ2/+5eSplByyHY9kPuk/Kevxn054QNr5tG sDhla7tKwLmyHQiyysm+kR8VxDADssS77aelArIgeJwmscqhbr9/iChZMCKPqzSV zCyA0wyqlLPwiVm9En0GxAoC9ptGC8uTFkneCSGIbUU8R4AlagGzqxcnEOiiDmp7 58qRVhGksIqbxzyWoJWnxmLIwBWooeA01DAR9k4/Z7E3/6X1YqNeQKV7VS5Yhz0r /GiyJNN8ZUqYtS/yHRbj11kD7uF+YbIkAkCzoKMh8QoUj1LnTy9QCA== =nKA9 -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: "upgrading" my gpg key
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Am Mo den 4. Jan 2010 um 21:36 schrieb brian m. carlson: > For maximum long-term security, I recommend a 3072-bit DSA key > (preferably with SHA-512) or a 4096-bit RSA key. Hmmm, that advice is a bit odd. RSA is a bit better in security than DSA so the length of the DSA key has to be a bit longer than the length of the RSA key to have the same strength. Though the difference are only little so in practice it makes no real difference. Regard Klaus Ethgen - -- Klaus Ethgenhttp://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iQEVAwUBS0MTz5+OKpjRpO3lAQq2BggAjkCM3LDvJcA9YGd+jWnxJvgmwzVqjusW TTFz7owwlCrse8kUVJnbDLEqZrVnja5jVowGj19yJ7QrnGi0A3KD63xpBhaFdi3Z JDKp8CEOoHx93rN1oIztMDu7P7AOsb1n7E7TDrIRlRUP4CfYu+Vgy28Suf0T1EAM secSbpF+/UF7z9q/9sEdGOEgNwcb+thhwOH1ulBNPJgQu9rbInqD6QgHJQmXQANy vq/ClTCgWL5BQEsZSs9dNJjF5KTMcKtBLMcyQSRJHf+47urktkvMOkT9veaRjuZz nQHkRKhxjNcCuXWyhP2iUerE2BheiJrh1ZrNnpibNFfD/J4hJBWVcw== =Recg -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Re: Allow package bug scripts to unconditionally stop reportbug
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, lets be a bit sarcastic (not unrealistic, still happened). Am Fr den 8. Jan 2010 um 8:45 schrieb Frank Lin PIAT: > This is odd... it sounds like > "You wanted to file a bug, well... don't!" > > How can a package script know what a user want to report? On what basis > is it going to prevent the user from reporting a bug? I can think of > lots of bad reasons to use such feature, but I can't think of any > sensible one. > Some bad reasons: One more reason: * The maintainer makes no errors and don't wanted to be disturbed by a bug report. I don't want to tell a concrete package name to not start a flame. Ask by PM if you interested in. Regards Klaus - -- Klaus Ethgen http://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iQEVAwUBS0byn5+OKpjRpO3lAQqxmggAjwVtXgIaZ6A+okr8ZDikqIB2K0gyCmKo UUvCYk2eU1flT4LYgd53L/zuqebL2Wq8P0Ev046CU3RBvSgA3UwHSdheQR6uASgW WfTk2sqTbs9y/sQTu53LaGs2RudaefI3H070FENc0JLn1SAgReZAZmQ+3mFlxvy+ a1DhkO7VUtFxQDC4Y90ozONc59M2ix1BPRZ2pAxNXrJuh5drWMWcavscx5e7LseD vnqKRwzXumyIiovaHsoA5HWc4+4DotW6g5dHfReYvBzap0JQUmPOR/mWxKNdmgDV wHtf2y82ZQQ3KaN5jQ+w/L1AGmpNpoDKfHx5Jnwf37FLDS8mXLip1Q== =mjgj -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Re: Bug#571754: strftime("%c") crashes in (some) locations
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Ah, and why is that bug closed? Did you ever try to compile the test program? Did you ever try to reproduce the bug? Did you??? Please do not try to find typos in places were no bug is and check the real bug source (strftime and NOT localtime, which was added by me only for having a tm struct to test with). So please be not that ignorant. I have a pretty high opinion of debian. Please don't destroy that! Regards Klaus - -- Klaus Ethgenhttp://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iQEVAwUBS4pbgJ+OKpjRpO3lAQrTDggAkcFiF8CNjjPxRAtTCd7I7ulfA/bSiPNd yesZ/Ak0nDFHZQM7i3A7GH7VPAEuSpkNIz7Eu9R7EuW2TgMZ1fuXvMBlgdhXE+1c IjLR0rw4T/4vwwc6iiVNxlddxjF/tUJGGILVRIaYyb3pqCRuyLX9QnPn02ncaNOd M5PTipyDgIpTgcjfEwaEAWq5bJQTipcprzOJFO18DgGDu9ZsIxT+z3/jBzwV7eKy t0CZABfFGhNdojHzz8BCKYnvAj5Du8QqFyc3UidOIeBgy31uzrTqwI33L2CEs2rV wzZi+gLcQ3YYQlRfQ+jjewm+Cp8ymvwK3VwvS4XXw+2pFkKayO1/yg== =mOXf -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100228120312.gc4...@ikki.ethgen.de
Re: Bug#571754: strftime("%c") crashes in (some) locations
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Am So den 28. Feb 2010 um 14:24 schrieb Aurelien Jarno: > Yes, and I explained you why your code is wrong. A part, which was not related to the bug itself. > > Please do not try to find typos in places were no bug is and check the > > real bug source (strftime and NOT localtime, which was added by me only > > for having a tm struct to test with). > > This is actually what's causing the bug. No. I did say that the bug is in strftime and this part was not reached in the example code. So well, I admit that I did the example wrong by fastly putting some code around. But the bug is in the localization of strftime and that was what I told in the description of the bug. > > So please be not that ignorant. I have a pretty high opinion of debian. > > Please don't destroy that! > Please don't be stupid. Sorry, but I have to return the compliment. But lets stop going to the personal level and stay on the objective level. Now you seems to have a code snipplet to reproduce the bug. So looking forward to get this solved. Regards Klaus - -- Klaus Ethgenhttp://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iQEVAwUBS4pyhp+OKpjRpO3lAQrCxgf/Zl/1q23AxMvOqEpJ8iUJyH8dD0Bse26V X3/NtSY1jfGJIY1I8GwBXMktsKG0lZke/D/LH6nGoFRrEHGlUrZCWOHWV4hysnr7 wpSth45d+sZlH8x7Ay0fJkSA+yd+emxjqKYWXDCpJElF/yrDT3c3Fluc27CNQlOv 4nqwQ7rCLNxPVBek7HquuIUSf2xNo4r5Nro8Mf98haXdLda4SMIPVVnGVO8tJ1Hc ln9UIJ4NB8hqYoO2Sud2lY82GfWnIv0OTMDvyRaqpmgi9dTunFY4WAaqJhP1zFJZ MYK/n2aWMiAK9DlkkQYHysueidP4vnGs3JZT33tXNIHIUKU1NCq2yg== =lxCA -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100228134127.gc23...@ikki.ethgen.de
Re: UPG and the default umask
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Am Mo den 10. Mai 2010 um 17:14 schrieb Aaron Toponce: > $ umask 0002 > $ touch anotherfile > $ ls -l anotherfile > -rw-rw-r-- 1 foo foo 0 May 10 10:06 anotherfile > > As it sits, having the default umask set as '0022' isn't breaking > anything, but it's no longer needed. It's just historical baggage coming > from the 'users' group on older UNIX systems, where any new user added > to the system was added to the 'users' group by default. Thus, removing > the write bit made sense. It doesn't make any sense with UPG. I still makes sense. The user will not win with the lazier umask but he will probably loose security. See the case the user wants another person in his own group to share files. Then he might set the files readable for his group only but not for world. So the other user can read this data. But he cannot write it as it might be intended. Setting the umask to 002 let the other user _edit_ all files the user did create in the past with that umask factual giving away most of his files. The better Idea would be to set the user mask to 027 which then add a new value of security. If a user want the group to have write permissions this should be set explicit. By the way, with zsh you can make directory profiles which set the umask depending on the directory. > For comparison's sake, Fedora (and as a result, RHEL/CentOS/etc) have > implemented '0002' as their default umask, as they implement UPG. Yes. And that is one big security issue! > I guess I'm more or less curious why we're still using this outdated > umask value with UPG. What would it take for Debian to update our > default umask to match the UPG scheme? Is this doable for Sqeeze? Are > there reasons for not making the switch? Hopefully not! Regards Klaus - -- Klaus Ethgenhttp://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iQEVAwUBS+hZg5+OKpjRpO3lAQrqxQf/Y0tHKXEiHnQePMxs/DItSecDn/aw+gsN qcTsKw4qU6Wk95KsV5LLsRTT7uFN9/RtOtz+KUa0YaWIyLVKGMxjRbQYFceaG490 gY5QlK1AVrqHDdFipLUK12mgb63s9VDMxFqXFHpUPa5GFbMQ6RGcrN3KbxIVNeG7 khcHhOqOiATC7E0GN4jg+eSGqmD/szSlLqKBaJJVfbPbG2T91NvZqxG+cXLwuhpW cYQqpxVA9jYLFhEBq4Fe5JhEFOUfcV+zxT8BJ0TVVsvuzvN7M5PJV7Pb9XaBXeCz HsHU+7+Yojt2r03KeFwacjg65xZvVqQPEFNWBnnJCcd9qMdsI3iIuw== =qeHa -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100510190747.gc19...@ikki.ethgen.de
Re: UPG and the default umask
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, Am Mo den 10. Mai 2010 um 20:35 schrieb Aaron Toponce: > > See the case the user wants another person in his own group to share > > files. Then he might set the files readable for his group only but not > > for world. So the other user can read this data. But he cannot write it > > as it might be intended. > > > > Setting the umask to 002 let the other user _edit_ all files the user > > did create in the past with that umask factual giving away most of his > > files. > > The point of UPG is to not put users you don't trust in your private > group. That's why it's called "private". :) You can never trust anybody for giving him rights to _all_ of your files. So this assuming is never true and a user will not have any benefit of this group if the umask is 002! > If you don't trust users in your UPG, then the administrator should > setup a different group, and put the necessary users in that group. Give me one case where this is true. If there is a group for sharing purpose the users will use it -- and will lower there security down to nothing. Setting a default umask of 002 is highly negligent! > I'm all for increasing security, but it always comes at a cost. Thats true. But setting the umask to 002 will lower them for no benefit. > In this case, the convenience of setting up group collaboration > directories becomes a pain to administer, as the group write bit is > never set, and cron jobs, profile-specific umask values, or FACLs are > used instead, adding to the complexity of the system. Well, all cases I know about where collaboration was setted up, the person who did was knowing exactly what he did. And that is the way it should. Don't let users do something if they do not know what consequences it will have -- specialize in security! The crazy idea of setting the umask to 002 per default will end in many, many systems where the users have a low as nothing security for they important files only to serve some few use cases where the persons normally know how to get rid of anyway. Regards Klaus - -- Klaus Ethgenhttp://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iQEVAwUBS+iMqZ+OKpjRpO3lAQqG3gf+M2O3qx+FFXgOT9V7VH+nx2Hcs5u1w2k9 Bk7ALBwQhZJKJV7oioyDx7GCBXnp/R2cpyyIsq8/dtT8I2+sCIuR5K6r18DRgGkB At8Z6u0HEl/8Pl/lwnBaBhgr18iD8oUN8WXvIiS/La4n562gQfqG2Bw008QycEoz ywWQzlOGahdfA9RA+luY3t+w6fT0+R4kU3za/C5tF6TY1pNtyyywvMrsf6sQGjES JevSyP3FRix7scvSxtg4F/+9RBX8ei8bKe4gg13f8Em1i3p7CXbko+GfFDq0s3bs 5IxMUxN1LIXjZMaLyYwfeGasFjJlyZAb0JDY47xy9oLzQJBw8/k9xQ== =8V8t -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100510224601.gd19...@ikki.ethgen.de
Re: UPG and the default umask
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, Am Di den 11. Mai 2010 um 17:13 schrieb Aaron Toponce: > > You can never trust anybody for giving him rights to _all_ of your > > files. So this assuming is never true and a user will not have any > > benefit of this group if the umask is 002! > > I trust my wife to all of my files. Good. :-) > >> If you don't trust users in your UPG, then the administrator should > >> setup a different group, and put the necessary users in that group. > > > > Give me one case where this is true. If there is a group for sharing > > purpose the users will use it -- and will lower there security down to > > nothing. Setting a default umask of 002 is highly negligent! > > We have a 'weblogic' group where many user accounts are added, so they > cane manipulate webolgic domains and configurations. Would you like more > examples? That was not the point. That you can use other groups for different purposes might be clear. The point here is about the UPG itself. So group foo for user foo. And this is the dangerous point. > > Thats true. But setting the umask to 002 will lower them for no benefit. > > I've told you how making the umask '0002' increases collaboration for > development teams. If you need such collaboration stuff you are welcome to set it up on your system. There is not that much more work in telling the users that they have to change there umask when collaborating. However, you have to do that step in any case as there are many users setting they own umask in a startup script. > And it doesn't change the security of files that has your UPG as the > group of your files/dirs. Everyone not you, or a member of your UPG > still falls under the 'other' permissions, And that is exactly the point. The only advantage of a UPG is to give other users a bit more rights than other. So you add them into your own group. With umask of 022 that will do no harm. With umask of 027 that is a real improvement. But with the umask of 002 that is very very dangerous! And adding this danger only to set a default for the special case of collaboration stuff where you have to tell the users anyway to set there umask, is a bit to much collateral damage! > so for the sake of security, you might as well change it to '0007'. That was not the point. And I show you how to use the UPG usefull with setting the umask to 027. > My argument is about the group permission, not other. Right, mine too. > > The crazy idea of setting the umask to 002 per default will end in many, > > many systems where the users have a low as nothing security for they > > important files only to serve some few use cases where the persons > > normally know how to get rid of anyway. > > Explain the security implications of '0002'. Your home directory will be > 'drwxrwxr-x foo foo', so anyone who is not user 'foo' or in the UPG > 'foo' won't be able to modify a thing. If you're concerned about them > viewing the files, then '0007' would give 'drwxrwx--- foo foo'. Setting > the write bit on the group doesn't change any security mechanism for the > user 'foo' or his UPG 'foo'. As long as the user do not use his UPG at all. And in that case the UPGs are useless at all. Any use case involving the UPG would suffer from a umask of 002. > If you're concerned about a developer in a collaboration group doing > something nasty, then they shouldn't be on the team. Otherwise, remove > them from the group, restore from backup, and carry on. Collaboration groups are a very special use case of POSIX group design. There is no UPG involved. > It's easy to say "in the name of security", without really thinking > about what you're advocating. It is easy to break security when not thinking what collateral damage a change will do. I think I made the point very clear above. > Updating the umask value to allow the write bit on groups when UPG is > setup (as it is by default) just makes sense. In the most cases, no, no, no! Only in a very few use cases that might make sense. > Keeping the write bit off the group, means we're too lazy to change > old historical baggage. Aha. Maybe the whole bunch of security is historical baggage we learned in the past. Just throw it away as it is historical baggage. Did you even think about other use cases than the very special one of collaboration directories? (Sorry to tell this question but I am really in doubt if you understand the point I talked about.) Regards Klaus - -- Klaus Ethgenhttp://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen Fingerprint: D7 67 71
Re: UPG and the default umask
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Am Do den 13. Mai 2010 um 18:45 schrieb Aaron Toponce: > On 5/13/2010 3:48 AM, Santiago Vila wrote: > > Will be done in base-files 5.4. > > I just saw the change committed. Thank you very much! This is good news. > > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=581434#25 A black day in the security of Debian. Well.. One more. - -- Klaus - -- Klaus Ethgenhttp://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iQEVAwUBS+yD75+OKpjRpO3lAQrSbQf+Or9BgLCU6MIQoQgGMpm3P23STT4PnPcR EodAccFEGFB+QntVIDczz6Tt2VFIlErkLoJ1YRrAYbEB8fdbvx12ptZA8jY0RzB1 e52qfwMmUOoGrzut0p9teocE8zQ7rHev2KPvhqFmnYFJtm7CCH47uY5w+w5XfNs0 BxwnjH7vBlxle1SOHRteWf8E7L81+CID+MhGUCozWHEWrMNhQyQU6cCMrP58MiUM fHscSpN+5rQsr+6t6B6cLvgiZCApqGeuHKxpndA2gCUY6Oid+WW2i7UoMUfheJ3M WMbS+rc0fi2xwosC29cO2vem7vv7tR5Ha9WH4ji4zNS1/6rxis10ew== =WSAu -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100513225752.gd14...@ikki.ethgen.de
Re: Bug#581434: UPG and the default umask
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Am Sa den 15. Mai 2010 um 0:24 schrieb Santiago Vila: > I remember that procmail had a similar problem, and the author > implemented a build macro for systems having UPG. From the changelog: > > 1999/03/02: v3.12 > Changes to procmail: > - Don't use $HOME/.procmailrc if it's group-writable or in a > group-writable directory, unless it's the user's default group > and GROUP_PER_USER is set in config.h Urgh, and as in debian this is set, procmail is per default unsave on all systems where non UPG is used or where the user like to use his own UPG for sharing purpose!? To change all that software just to let the umask be convenient for just one very special use case and make all the rest all that unsave? Sorry, but this is like the openssl disaster just intentional. Regards Klaus - -- Klaus Ethgenhttp://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iQEVAwUBS+3kap+OKpjRpO3lAQpLGwgAry8FHXhr2T7uNP5AY7bTOmtS5zQ4wjif CdLQXVviqpksSEk27yqBnt3qzsSGayKphZqEN2jskCcYCtUpEY+zSCigUy/z5fVb IDLd80y5dVdGf9eiytidCUjaJ+fpB2sOQwFJ91H9cBPUEQHyPgAkuzXsyf2ORrgV 0+1vA4HlmfF0hsEHLfucYUF3xIwU4UczAoMiEDTA3avUYcoUCf3ELVrJLXuCwk6V PXNw0Fzi95gwCB9Su8tBwNuccy4YCT5OC2Cxt5KlyBoLLvjXEXPs+GKK2W2YPmoH t0DNg1phu1iS9WqeiqG33B0uGHFjpShlIajnB665llX/1KPdf2K95w== =U8oX -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100515000147.ga7...@ikki.ethgen.de
Re: Open then gates (was: UPG and the default umask)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Am Sa den 15. Mai 2010 um 1:18 schrieb Stefano Zacchiroli: > On Sat, May 15, 2010 at 01:57:05AM +0200, Christoph Anton Mitterer wrote: > > Klaus Ethgen wrote: > > > A black day in the security of Debian. Well.. One more. > > Absolutely true,... :-( > > Guys, IMHO you really need to stop ranting contentlessly. Oh, I will not make any more comment to that decision. Maybe I will search for a more secure distribution. This decision is much to much. And it is the last straw that breaks the camels back. Debian was was my favorite distribution for over ten years now but in the last time the concessions to colourful systems where user simplification goes over security is the wrong way. Christoph did say it with the right words, just start to use Windows as base for the distribution. Sorry, but this is more and more the picture I have of Debian. > Either you reply to the technical arguments in favor of the change > that have been made (e.g. by Russ Allbery in this thread, Oh, there was technical arguments in the thread. But they was just ignored. But there was just one reason to make the umask that more insecure, and this is a very special usecase. Compared to the technical arguments against the change this has nearly no weight. (I was myself in the situation that I had to setup a directory for collaboration work. But this didn't need to set the umask of all members to a insecure umask.) > or you shut up. So, either you have the same opinion than the mop or you have to shut up, I see. > If that's asking too much, please at least understand that messages like > the ones I've quoted above don't add anything to the discussion, and > will just piss off people, reducing in general the willingness to > contribute to Debian. Is that what you want? If they destroy a distribution, yes! > To that end, mails like the above surely don't help. That might be. But they show when someone resigns. For me, that means to take my consequences. Not all people are experienced enough to do that. Best wishes Klaus - -- Klaus Ethgen http://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iQEVAwUBS+3tYp+OKpjRpO3lAQor6Af+OUdUgjmfPkO1AWkobsaY9q7L9QiVXMZn NSoJdw8UhHI4Gj058rCph1NGYEaiB2lYnTIX6UX8ghNaqcVI7t0QmOrUossvHdZ5 NlkyuavMB0Eos4ER42wAWpoIW9w3mEymr7Mdj85z6srO2i6Fkel239pcvfkc2m0t N2isIMKYdYlwe/d2I9NkOq+abRgIcNqdmayLIkQnDEdZ0gNaRiJI1egb9n9XVjbN H6Y6IXo+AyoQUcj08Kwwhd2L+qUjDEasmp1+3XJMkA7uxKu/U7bvRz9c3is5f1bo t+eysd4NElrunvz4RXXKGOv20YFYfCIfIHmNd6a4Jm+W7bU4Oi3PiA== =LQfe -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100515004002.gb7...@ikki.ethgen.de
Anounce of a secure repo for debian
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, cause of the recent umask disaster I decided to start a repository for packages which are insecure in debian distribution. You can find this repository at ftp://ftp.ethgen.de/pub/debian-security (deb ftp://ftp.ethgen.de/pub/debian-security sid unofficial-secured). This repository holds secured packages of the insecure debian packages just without the insecure patch (or the insecurity patched). The full sources are available to build. At the moment the repository holds base-files, openssh and procmail. Regards Klaus Ethgen - -- Klaus Ethgenhttp://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iQEVAwUBTAKqoZ+OKpjRpO3lAQp0PQf/UdahuHQo/JexLKCyJO3otzQj5y2eLm/L crti+sBLA5P/VVu3r2NDwSrlanEQ79kZWEafAqSa8aIguF3fgky1WNzKjM3SFukt jpq8mX1ySx6NOWJRtELv1Xdvu6RjVYPeEb9Jm/dgStVvgtxvMxdJXr5nzrKMZOMk n39wEOp8x08Swz2Xv7yKcVK/B4lKZyFHuADDnlk/J3IfRBKb84lS8/tU5epNhtC7 z/ZXOzCRC5Qegxs7h5F3y9Ku0A5h8OYQhuMl5E2SfikEQrIP8EpH5M+G2R4NH3XP P3d66UlcREOQPHz0YaHV+2RzQSMjb0/nGiGhohYNz9jfYQ8MIndxfQ== =tAxh -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100530181249.ga17...@ikki.ethgen.de
Re: Anounce of a secure repo for debian
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Am Mo den 31. Mai 2010 um 5:42 schrieb Christian PERRIER: > > This repository holds secured packages of the insecure debian packages > > just without the insecure patch (or the insecurity patched). The full > > sources are available to build. At the moment the repository holds > > base-files, openssh and procmail. > > Is this repository signed by a key? Yes, my own key. But read below. > Where is that key available? On Keyservers and signed by many people. > By who is this key signed? Many people, including some DDs. > Are there people around to speak and guarantee that the repository > owner is not providing malicious packages through this "secured" > repository? Thats the point. Nobody can do that. Thats the reason I hold the changes as small as possible and upload the full sources to the repo too. The point is that I cannot live with the insecure debian packages at all. So I builded that packages for my own. The repository is to give the secured packages to people who need it too. There is no need to develop the wheel every time again. > Don't take be wrong. I do not. I was thinking about that too. But I decided to make it available anyway. > though I certainly do question the technical arguments you brought in > this thread and the way you did it (the umsak 'disaster'). Well, I think (and I am not alone with this opinion) that the umask changes are a security disaster. And I do not want to make secret of it. > Unless the packages you provide are inspected by the same web of trust > that lives around the official Debian repository, Well, the web of trust seems to fail in this case. > I think that potential users should definitely be warned that they're > using it at their own risk (the same stands for any private > repository, of course, including those I manage myself...:-)). Yes, its a good idea. At the moment the repository is just as it is and it holds the secured packages I use by my own. However, I will consider to add such a note. Regards Klaus - -- Klaus Ethgenhttp://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iQEVAwUBTAN+Lp+OKpjRpO3lAQoMwAf+JvdiNfa+rJT48Ey6ZTIst5IZcKqFHxbU h+/UwfW9jzNViVoV+lYgftM56lWDX3ka4+9eUzwtfvq1IA0ZswgjoqvO9oHhlnGR SE66/aNC/U2WOIR3kbfsnzY1DRCKxuho27+kVUGypGYUzDQVkz48L26rU77gS9c/ 9CtdzIxRUABUu44pCuLRCzHWad/0Tm6Qje4OEV4wWLrFfBFSBfYsVW65UlZLqO7G h4pP0sb7F9Wtpjts+SShqyxrKXeUZITyQsiunIEzwiBc72vbKn9Ac/ODPouDihuJ lynvhDCnJscnoo6HP5WUn9h2JvPcvrr3Rvg+bnlgt5K19tlkUpUSiA== =uObw -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100531091526.gb27...@ikki.ethgen.de
Re: Anounce of a secure repo for debian
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, Am Mo den 31. Mai 2010 um 10:49 schrieb Neil Williams: > At the very least, the public key should be available on the server > itself and it should preferably be in an archive-keyring package in > Debian. Sure. And I plan to do so. But for the moment there is just that packages I told about. > gpgv: Signature made Sun 30 May 2010 19:01:45 BST using RSA key ID > D1A4EDE5 Correct. > > Where is that key available? > > I assume it's this one: > pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen <(E-Mail Removed)> > Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B See my signature, yes. > and subkeys.pgp.net didn't report having that key. Thats really strange. The key _is_ on this server so I do not know why you didn't find it. > I would question the safety / reliability of using a repository Thats always the case with additional repositories. And since APT do not show the source of a package in the default configuration makes this not better. > that forces the creation of Packages and Sources and Release files by > hand instead of using a reliable, reproducible tool like reprepro. Well, this method was grown since ages when reprepro was not available and I hadn't the time to migrate a working method to a /nice/ working method. > The site even includes the Makefile that shows the hacks used to make > the repository files. There is no reason to hide that, so, yes. Regards Klaus - -- Klaus Ethgen http://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iQEVAwUBTAOiSJ+OKpjRpO3lAQpRJgf9Hb7adxPjd+JqtPWxMNzL1DWXvyxTV+Lq iqGaQ50+LsVoJH6DJgdt/vxAc/J4vLujrhnBqsrjdKwcquV66kJx8reZDeIxawBl 0K0z01W19CYTlHCykE8j0QIJSahbhGAyw02k2cFr9ToXCbWUv337Ao2FmmE8UQO/ /T8SVqc7Xc3LkUT4PapiXDg8iN5qo8r5T6YFD4JQKu50bFPqQx8Azc3Ri7PxupU0 pTh00oWhg3zbrboYP/vn53KafZXvkayR3bPfyZZBIrGXSJ361GSaqWIdnCoGJu6D Bq/z6Qn4shM+j/TPFBRS9eJr7SY5zuxzK1iCGs+gLeqdjaTO78NbQg== =nJO2 -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100531114928.ge27...@ikki.ethgen.de
Valid-Until and snapshot or archives
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, I recently found myself with the problem that I have tu use one source from snapshot.debian.org (fuse as it is broken in sid) and the Valid-Until time setting in the release file and apt revoking to use that one. Generally I think the Valid-Until is a good think so I do not want to switch it of globally (Acquire::Check-Valid-Until) but for this particular source only. However, this might be a solution for me (well there is no way at the moment if I see correct), this shows a more general problem. So the question is how to handle that Valid-Until header in archive release files? Should Archives remove them (then that is a bug of snapshot.debian.org) or should there be a switch in apt config to disable it for one particular source URL? Regards Klaus Ethgen - -- Klaus Ethgenhttp://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iQEVAwUBTID6RJ+OKpjRpO3lAQqGOAf/U8fIMdsDf/w/Z8+kzItf78DKU7Y0qwvI fx4eDt6htGYZl/jeGoFi7O+SJB5CmjVobbOgkkQx4rQ7OtxlET4FIf1jk9zbJJfT GxMoBdsc7VzOUsFZbnR2SEki9HMbJvPqsN2XXmzYtkVUWiAhKFZKRCmk0IKGOixT 4f2y+Cpz5lSqizOD3SzU1F5XgFNQ/uuxIDbJVUoFaR6MRLbScPxZGNO0proSXavp yy9KSsjg5B6jTL0Or/AWPPMMFYyw+HIxE+g18dG6RteJ9sibxfcZXzxv63hkg1Cj Ag31p4jQqeu5YcG0hZxnrgQ1sfhXCOy7c+d8gIlfLeRGtbpJKqUybA== =Wk4b -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100903133812.ga2...@ikki.ethgen.de
xsnow
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 As every year x-mas is coming closer and it is time to start xsnow to get the right feeling. :-) Unfortunately the package is only available for i386 and the maintainer, Martin Lazar, seems not to react to the bug (#457742), that is open since 2007. At least for amd64 it is pretty easy to build the package, there is no need to alter. Just apt-get build-dep xsnow; debuild; dpkg - -i ../xsnow*.deb. There are also other bugs, partly with a patch but no reaction of Martin. Unfortunately I am no debian developer so I cannot take the package. Well, it is not that important but xsnow is at least a nice program and I do not want to miss it that times. Regards Klaus - -- Klaus Ethgenhttp://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iQEVAwUBTPgZfZ+OKpjRpO3lAQqwwwf/duCML2tM1lKAODSMrPc9s2AJiWqUqFVb N2xnn85NU6+/Ky5ygcmRTVIuXg415h+vBG3Abz2kSlXsI5MKNuRywOs0FAXJ+t29 Pmyyt2r+vfnUKIqrm2jL7UtvuJxu1c3Vq64TNE7rvUXPqEjGXBgYP9dMmcXLaUSg 7WAvewOL+SUo700ML0YSHB/F/sDH+3wMLkk7zCMZw2qf61n94rq1Ssiaf25QrDOy PtznkLVGeb7h01wV7vSlnJXyYd70I4vlTFC1piUE3waAVC10V3lUzxPavjbSxt2U eRjPHTzs9rwcntFhreTvda7OK/0/Xb79cCw5abH80lcrs50swFGKwg== =EyJg -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20101202221109.ga30...@ikki.ethgen.ch
Re: Make Unicode bugs release critical?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, Am Fr den 11. Feb 2011 um 10:37 schrieb Lars Wirzenius: > The first Unicode standard was published in 1991. That's twenty years > ago. Any software that processes text at all and is incapable of dealing > with UTF-8 should be considered with extreme suspicion. Making all such > bugs be release critical (which includes the notion that release > managers may ignore the bug in particular cases) sounds like a good way > to get things under control. I think you are mixing stuff together. First there is unicode. There are several definitions for unicode (unicode-16, unicode-32, ...) but UTF-8 is not unicode it is just one implementation of unicode and in my eyes the most problematic as it has undefined states and is variable length. However, UTF-8 was created to allow using unicode in non-unicode environments. For me that was always a pointless plan and the unreadable UTF-8 characters all around buggy software that cannot handle encodings correct (and there are many around) and ignorant users who are using UTF-8 in environments that are not specified for multibyte charsets (IRC) is the most annoying one. As there are places where UTF-8 makes perfect sense and is the best solution it is not the best solution for all ignorance users (me too ;-) have. So specifying to be UTF-8 capable is somewhat inconsequent. Software has to be capable to handle every encoding as long as they are specified for that encodings. Regards Klaus - -- Klaus Ethgenhttp://www.ethgen.ch/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iQEVAwUBTVUksZ+OKpjRpO3lAQoxGgf/WRdHVqOQ+4A/VkbaLRkXk7uZMKk1uNMT t5gIbmtkIZLRhGkVZIzuVNXT7Zlq+tS3HwpbUaHNmd7ImNUlN+m9dP1gJFacZaGd zYeM0L1G9nfh4iwNmNIqQ/ZhF3lnOUtV6kDqvlZ4EgIwXfAPDZeFMgCxkCeh8mbq H2MABIqwGxahqQoZ6Oql0npvE4QMVB7Use2iT2pPiNBSsB1hFzH9sqNu+uNdbko9 mI82BLHhMwwjhIo3ceFEHkah5pCPlJpTJHgRLd5nYf6/BUkEiR+ECnohdbkjjX5d 1ftp+4Q7Bngve1+5vM4yKQJAEx5vV1kV8U+GaQGE8Kad+op2BhWL+Q== =VYai -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/2011025946.ga4...@ikki.ethgen.ch
Re: The future of m-a and dkms
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hello, Am So den 13. Feb 2011 um 23:21 schrieb Patrick Matthäi: > since we have got a stable release with dkms now, I am asking myself, if > it is still necessary to support module-assistant. > dkms is IMHO the better system and maintaining two different systems for > kernel modules is a bit bloated. Well, dkms might be a good system for workstations, but on servers where you want to have reliable systems and security first you do not want dkms ever. With m-a it was and is possible to create nice debian packages for custom modules which can be installed on all systems getting all the same modules. With dkms that is not possible. More over you need to have a full gcc suite on all servers where you have custom modules. That is not acceptable. > I think there should be a decission for wheezy, how we should continue > with it. Why do you want to throw away good software in favour of a bloody hack? I think debian is a server distribution with security and reliability in mind and not a bleeding edge workstation that need to compile all modules itself and is not that important to fail in security and/or reliability. Regards Klaus Ps. On all systems of mine I was forced to blacklist dkms via preferences to not break my systems with custom kernel. - -- Klaus Ethgenhttp://www.ethgen.ch/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iQEVAwUBTVkPyZ+OKpjRpO3lAQo//Af+OmYUEljpIwESHLnRQ2Oq0aBBBx8vYvfF V0TjV72R5oZpxyAy7PhGpp82YQGTrh28r1ms+kQlFsZfgJljidBD9fkvL/Uh2NTF VSCfjEi10kclUsIDedsNQqtsKn7mJbuPzpmPu65yZDggOWzDfCkkYe25omlhkK+I YDLv/c+VyNKOlFHgE/OiptEC1zqoxz0gosbasw1zGtVOfcyehW1sS9L5mqcyYX0L fyCdQB18R2wy9oRxDr+D+VQdqQJKxCl1ADFyVLkyVomawxQtmJesXBFtnQO0rnmD cLXIJWhjHwGY0fmNHipWd8iJf2slpqeZCeZBZho519k7bErDN0CgJw== =NwPA -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110214111937.gb31...@ikki.ethgen.ch
OT: Python (was: Make Unicode bugs release critical?)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi,
lets start a python rant. I love to hate this language. :-)
Am Mo den 14. Feb 2011 um 14:14 schrieb Jakub Wilk:
> >$ LC_CTYPE=en_GB.utf-8 python -c 'print u"\u00a3"'
> >
[...]
> >$ LC_CTYPE=en_GB.utf-8 python -c 'print u"\u00a3"' | cat
> >Traceback (most recent call last):
> > File "", line 1, in
> >UnicodeEncodeError: 'ascii' codec can't encode character u'\xa3' in
> >position 0: ordinal not in range(128)
>
> This is the expected behaviour. Incidentally, it has nothing to do
> with UTF-8. You'll get the same result if you use a locale with a
> legacy encoding.
I see. It is funny to see python lovers to blame other for the bugs in
the language.
~> LC_CTYPE=en_GB.utf-8 perl -e 'print "\x{00a3}\n";'
~> LC_CTYPE=en_GB.utf-8 perl -e 'print "\x{00a3}\n";' | cat
Both gives the same result, a '£' sign as expected.
> * Ian Jackson , 2011-02-14, 12:42:
> >Excellent, I look forward to the removal of python. I always
> >hated that language anyway.
I hate them more. :-)
Regards
Klaus
- --
Klaus Ethgenhttp://www.ethgen.ch/
pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen
Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
iQEVAwUBTVkwIJ+OKpjRpO3lAQr9qAf+I4UXXNKso2hhr6BEjgn/o0IOpbI6/jhe
YwSf5rysUlb924NvtdOc1VzLoOff/uUDXOpW0VICSJMZRfVLZvVvdwaysa+SJj/f
0UL0CnuHogtan5uV627JFQRI5/VpQ9LXRc7w6w0+Eh8d7Pm/FJYomI4fuGAM0jPo
n1mFCeHSP2PiSIJ85cKWCqxsDkC4EDrPvrqol2ZJfuW1bVqqViGWMIrQ8RXzQ8JD
eSBHY0qjOCoMz1W46C4ruk3SVkX6FGe/V9U6XUG9kcAYlfpMyfeHDQ207P1tuEUH
dmD9gFA8ZpUgxHSZY43ONBnJlFynubPv7bmWoic7sez6V8zab6TFqg==
=KrXl
-END PGP SIGNATURE-
--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20110214133736.gb6...@ikki.ethgen.ch
Re: OT: Python (was: Make Unicode bugs release critical?)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Am Mo den 14. Feb 2011 um 15:15 schrieb Lars Wirzenius: > On ma, 2011-02-14 at 14:37 +0100, Klaus Ethgen wrote: > > lets start a python rant. I love to hate this language. :-) > > Let's not. 'Till here it is personal desire. > Let's not rant about any languages, or tools, or desktop environments. > Let's be constructive on Debian mailing lists, shall we? You are true. I just couldn't resist if someone was trying to blame all other than the one that has the bug. Regards Klaus - -- Klaus Ethgenhttp://www.ethgen.ch/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iQEVAwUBTVk9hZ+OKpjRpO3lAQoy7Qf9EV1erqhNsAgfJ1ubQiitzufbk5Wq4rA/ rVh+Tpn4SHTE3D5Sw20UIPrUYonaQD6z8gokOkIdvzvgzVOBj3vPioFnWZy368QK DUXymUPal23q+iwwV8FYNqq7ggnwpnT0DX1PNCmMUHZl21ZkMjMJO2cuv21ycD6I JGBvA0w+dOVb7YfI+HGMwAlyT2gEkT7nsg8nlvYUU+EgzCaXjC1tdPHfe3QAYsQh Pd0QDqhxFvwVRB9SskSas1JnjUh5DKMI/USr7a/+jP6dWeVQHIRglIN5uNFCq8kW 70jM2XCdTeZcdFy1lOiJ07YCYW1gg0kKCN+DlyEFJmJUzYsfP+4KsQ== =H8Sg -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110214143445.gd6...@ikki.ethgen.ch
Re: OT: Python (was: Make Unicode bugs release critical?)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Am Mo den 14. Feb 2011 um 16:24 schrieb Ian Jackson:
> Jakub Wilk writes ("Re: OT: Python (was: Make Unicode bugs release
> critical?)"):
> > * Klaus Ethgen , 2011-02-14, 14:37:
> > >~> LC_CTYPE=en_GB.utf-8 perl -e 'print "\x{00a3}\n";'
> > >~> LC_CTYPE=en_GB.utf-8 perl -e 'print "\x{00a3}\n";' | cat
> >
> > Let me try...
> >
> > $ LC_CTYPE=en_GB.utf-8 perl -e 'print "\x{00a3}\n";' | isutf8
> > stdin: line 1, char 1, byte offset 1: invalid UTF-8 code
>
> WTF. OK, Perl's out too.
No, it is not. 00a3 is just not a utf-8 character, it is unicode. To get
a correct utf-8 character you need to print \x{c2a3} and then isutf8 is
happy.
> We'll have to write everything in dash :-).
lisp. :-)
But now we get complete out of topic.
Regards
Klaus
- --
Klaus Ethgenhttp://www.ethgen.ch/
pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen
Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
iQEVAwUBTVlWk5+OKpjRpO3lAQohXgf9FC839X5Pozj2LZUJKd+X9Bcy5F/q+zWg
cdPlFkRL2BSq05M4+V8anb6vP47JdMMJfgc1oszNWZkYOQkgZdTy1GdCVF9o0jpD
xSlA7MVBt7ijTtfOlodzZiO6PyXPx7vo6AJGUufwb4KxekLR6vKq9fzlTLvvD/mH
lPPbCuZrY90eWqRjFeLyXA6Cmx+cJG5jt8nAAOzBjWTuENNp+vTFx1Lad13que7T
AAXrQupjCpRwAxfN8cuYMMIAFw5FCOyTQNAZXaAeMV1UOslVVdXlffUDB6uqpNvC
JPPL9PhughLVWtSxsm74emFCVkBQ75xTGMJTbCUCfMmdwTj3mD7uLw==
=J1JB
-END PGP SIGNATURE-
--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20110214162139.gf6...@ikki.ethgen.ch
Re: Disable ZeroConf: how to ?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Am Mi den 2. Mär 2011 um 23:09 schrieb Julien BLACHE: > > Because I work in a untrusted work place and home network (public > > networks, wifi...) I whish to purge zeroconf functionnality. > > Looks like you want a firewall. Just sayin'. Ehem, no. A system has not to listen for any unused and unneeded services ever. A firewall is to control services you _need_. All that zeroconf stuff is absolutely not needed and wanted. (By the most users, I suppose.) Regards Klaus - -- Klaus Ethgenhttp://www.ethgen.ch/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBTW7LKp+OKpjRpO3lAQpkRgf/VKrQKWxC83u3XbGK8/Q1AaHvfa4zweUj wWyGHQjs98OLxdqfONq/7v1eHzGbFghgBzPXiEIdVBDgnCPnSU+QTNRYvUyx8O58 iSdO0GMERDnMg1nU0tunTG4NgmXfoysJttpE4zPiyy51nhUNfbe9giQmMpZ94tIb GGTF49YUiAZde1uUk6NDXEjXlsBtoeID2WiNKnwTrQbXGBLD7fgdfeSGoEzCvkNq 9YCF/cHTQbV1x0q1RFUcbbAbd6eCin2mmhX92iIhX15KgNdaE1sZ6bCMUJAh0Rhr Ab9jGki0AxfV4N6Y43CztskNa+EHhmKhe/mkk5NilVZ7IovJ+CXWJQ== =Wxv3 -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110302225642.gc17...@ikki.ethgen.ch
Re: Disable ZeroConf: how to ?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Am Mi den 2. Mär 2011 um 18:25 schrieb Bastien ROUCARIES: > More and more packages depend on avahi aka zeroconf. I have found some > information on http://wiki.debian.org/ZeroConf > > Because I work in a untrusted work place and home network (public networks, > wifi...) I whish to purge zeroconf functionnality. I fighted this bunch of functionality since long ago. The whole zerconf stuff is only useful in secure and clear defined environments. But there you don't need it anyway. With zeroconf there is some thinks that play together and has to be killed: - - avahi (-daemon) -- as you find by yourself -- and the packages zeroconf, libnss-mdns, avahi-autoipd, avahi-daemon. - - The package slpd - - The linklocal route (169.254.0.0) > Does avahi could be disable (using kernel level firewalling is not from my > point of view a solution) ? See above. > And more specifically from an administrator point of view does avahi could > library could be made purgeable and no more than suggest > dependencies (I am willing to fill a mass bug report because purging avahi > will purge gnome and kde ...) ? Well, as I do not use gnome nor kde I am not concerned from this dependencies. > And moreover could you give a clear answer about the security risk on > untrusted network ? That is difficult. It depends on the environment. If you have a clear and secure environment, zeroconf is not that insecure. But in all other environments you do not want to have it. Regards Klaus - -- Klaus Ethgenhttp://www.ethgen.ch/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBTW7Knp+OKpjRpO3lAQqjdgf+J1Tq4eqF+bi/2bAONvCPXgwCXRswg5eA HEAWZdsN13jTe/JGD/NTBML7AXXu+RIeJIFty+I/T+OlU2x3SbKijtXkteN0giTE QWJf/6extnJZY97+cP2xDjfPZXP8DA7pL3qr0MLHj9Lz/s+Prvd+9MM3OKzgoDn/ pG9Lb+TVNMzWmD3KLGD1wbLMMKSnh7NLQshQPLgwkZwTysLWCeIX/hBRZ8r9Nn0G DqW1I4sOIYB47w4DmHo5SXwnQG3O0P/MdbaVicasE0+MYLg28Ib+ZVNMzvFbP7Kw lBQBvrqFDBsKXvK4esgSlI6xq8c/m/rUUR5S3Ar8t8AFg1OWoT+C4g== =CXGk -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110302225422.gb17...@ikki.ethgen.ch
Re: Disable ZeroConf: how to ?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, Am Do den 3. Mär 2011 um 3:35 schrieb Chow Loong Jin: > > A system has not to listen for any unused and unneeded services ever. A > > firewall is to control services you _need_. > > > > All that zeroconf stuff is absolutely not needed and wanted. (By the > > most users, I suppose.) [...] > Actually I absolutely love the .local resolution functionality on a > network (it works much better than the NetBIOS crap that can never find > another > machine on a network when you want it). That, and Pidgin's Bonjour support > interfaces with iChat over zeroconf, allowing you to chat with users (and > exchange files, perhaps?) across a network without needing to set up a > centralized chatting system. The thoughts of that makes me shiver! Trusting untreatable sources on a network for configuring local stuff is worse ever. Either you have a trustable network then it gets configured in a clean way and by intend. Or you have a untrusted network you do not want to use ever or only such fare that you can oversee it. > I think those two functionalities are pretty useful to the end-user. Well, they might be for a mac or windows user that is not care about security at all. But it is horror for a debian user who care at least a bit about security. And even if you not care about, then that functionality should be explicit configured and not per default. And even worse, debian is often used on server platforms where you never ever want to have any such magically configured services. > Rather than blabbering about potential security issues stemming from > avahi-daemon being installed and enabled on a system, how about actually > finding > one and reporting it? Oh, they are not potential. Trusting on untrusted stuff for doing any on your machine raises the vector for intrusion to hell. Ah, and to give a example of the past. No one ever did think about that mssql is vulnerable due to a comfort feature until in 2001/2002 the mssql-slammer (or how the worm was called) took down mayor parts of the net. Zeroconf and avahi plays in the same category. > gnome-user-share does not share stuff by default as far as I can tell, and > padevchooser only uses avahi-daemon for discovering extra Pulseaudio sinks on > the network (it doesn't advertise its own sinks by default). Uh, you mean, that anybody can listen to your music or your teamspeak session or your voip session with your girlfriend due zeroconf found a audio sink in the network and did reconfigure your system to use it? > An avahi-enabled system that advertises no services is pretty much as secure > as > the avahi-disabled system. That is not true. For two reasons: 1. It is one more daemon that is not needed and can have bugs. (And even more it lowers the sensibility about unusual processes on your system) 2. It even configure parts of your system from untrusted information from the network. Regards Klaus - -- Klaus Ethgenhttp://www.ethgen.ch/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBTW9nR5+OKpjRpO3lAQrpqgf/UD6Vmg5rF/RhVY9VPgPpx3FdcFQXJ3b0 IJsdsPL+7MsUEblqTlabxuDPALXM/RcORDQaTX+2wzeaLO5Tu9+ZoeuvNiT9mNWy NLoqFWIRtoDYiwlQK2KfCT0PGLU9EEa1ynk3naIhVp/QPods2bpHG3lIYMgPCY4D A0Y+6knrWjwRLVRiWQuzRhH6T6ykbPkw08yr1/9vy45CiRXbXvIpk9vJhpOPD7nX sxfY2bMIk5NCUKdJ6QVLKUe+HM5wJO0IsRSMNPFg+RLk99xEYUgP87MeUi7O14CC 9VfopJAak/MYttLLxW6K0X/Ltoflpqr58TWvmzDpIS0VSBEA3wkwoA== =okFJ -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110303100247.ga20...@ikki.ethgen.ch
Re: Disable ZeroConf: how to ?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, Am Do den 3. Mär 2011 um 11:25 schrieb Tollef Fog Heen: > Then just don't use it? Nobody is forcing you to. [...] > | And even if you not care about, then that functionality should be > | explicit configured and not per default. > > That makes it much less useful. On the other hand, it's not like your > system will suddenly go around connecting to random services just > because it sees them announced. So you contradict yourself within two paragraphs. It makes it less useful to enable it only on manual intervention (say, it should be enabled automatic) but on the other hand you say that nobody is forcing me (or others) to use it. How do that plays together? > Oh, I quite like services to announce themselves so I can just do ssh > foo.local. Not everything gets set up in DNS and ssh caches the host > key so doing a mitm attack after the initial handshake is prevented. Not ever service has that security fence. > Except zeroconf isn't routed so to be able to exploit it you need to be > on the same physical segment? Physical might be relative with wireless networks. But you are true, that isn't routed (good thanks), but that hinders it only from taking down the whole net. > If you have found any bugs where network sinks are used automatically > please file bugs about that. Oh, there is no change of that as I never ever will use such stuff. > Really, if you want to disable avahi, please feel free to do so on your > systems. That the discussion is about, yes. And the pressure some dependencies bring in. > Or use a firewall, or both. It is told on other places that firewalling is not the solution. > Debian has a fair balance of functionality, security and convenience > out of the box, Unfortunately some people on debian started to place convenience much higher as security. I think that is a dangerous trend. Debian gives up more and more security for convenience. > if you disagree with the current balance, feel free to invest the work > into making it possible to harden Debian further. Oh, I did. I am not a DD and involved myself in some discussions about that. But finally I found out that the force of (some) DDs is higher than mine and that they misuse it. So I am only able to fix that issues I have locally and share the hardened packages to others on a private repository. That is not great but sometimes it is the only workable way. And it is no easy way. Regards Klaus - -- Klaus Ethgen http://www.ethgen.ch/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBTW9zVZ+OKpjRpO3lAQrwpAf+Nr0JUdpUpSeyyFKSRXGEbsxibvBbORWm j6DYb4QhwftUx75Kj/7dVQtu9MrGYzykHjUxTPyM00jRfjSOgcCzMdFPt3NXEWtG WeCXFrtsFW+1ulQQY+3p9QSGlR1PwduEhWKrhIDMwbatLdFHCl/JoQk2dRj2Tkza 33HHca1zrfeCslqbeemrsKSDo0m3WT94futvFNwpJGVBgDBhRuhBHqvgEC3HNrJj HmdYE14nnAI4qPjRkPYe4lRFI6A1geET30ToHfY/xVOS6FuvTlJmWI/U1CDr/6YI 71OE65YEl1UzJu5U2LpcubkG1sHrdl3kNAJobNuABQPJRStPROA/Lg== =nivA -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110303105413.gb20...@ikki.ethgen.ch
Re: Disable ZeroConf: how to ?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Am Do den 3. Mär 2011 um 12:22 schrieb Lars Wirzenius: > > So you contradict yourself within two paragraphs. It makes it less > > useful to enable it only on manual intervention (say, it should be > > enabled automatic) but on the other hand you say that nobody is forcing > > me (or others) to use it. How do that plays together? > > I don't see a contradiction between "nobody is forced to use zeroconf" > and "zeroconf is less useful if it has to be enabled manually". That is your point of view. I see that as contradiction in some sens. > (Yes, it would be nice if there were an easy way to disable it.) True; or even not even installed. > However, could we please end the FUDfest? I do agree with youe that we should not spread FUD. But I see just little in this thread. Is having a other meaning than others equivalent to FUD? > This thread seems to be quite unconstructive, Don't think so. I gave a concrete tip to the OP. > with unspecific claims of security problems, Oh, there was some absolute concrete claims in that discussion. (Not only from my side.) > unwarranted slurs on users based on their operating system, I didn't see any insult in this particular thread. > and accusations on Debian developer's attitudes. Oh, sorry, I am once burnt. The disaster with changing openssh security checks just for the convenience of a hand full users and where the involved DDs are unconvincable even from the openssh people them self is just tickling in my bones. And that was not the only claim I see and was involved in the past. > If there is an actual problem, explain what it is, and suggest a > solution. For zeroconf; make it optional as the OP suggested. For the openssh disaster, listen to the openssh people they might have more knowledge about security. ... There is concrete solutions given. But if nobody want to listen to them... > Be specific. For my person, I think I am. > Avoid hyperbole and vague generalities. Do not insult. I do not see how I did. However, if someone starts to insult, I might react also rough. I'm sorry for that. > Write few mails, but put effort into each one. Not less than necessary. > If others don't agree with you, possibly you are unclear and > they are not stupid or evil: rephrase and expand and ask questions, and > don't get frustrated. Sorry, english is not my mother tongue. But I try my very best. However, if the other party do even not listen to native english speaker who have concrete arguments... I might be wrong in some cases. But in the security part I do not see an alternative to be a bit to paranoid. And if I am not the only one, that shows me that I am not completely wrong. Regards Klaus - -- Klaus Ethgenhttp://www.ethgen.ch/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBTW+oHZ+OKpjRpO3lAQpAjQgAmX13cByoj3eop+6jBj0+AGs5fBwT7BY3 kL/9kGLlCIrEZncK4nkJqLSITjv9lc9ZOpcCPO+BqoJRzTTe0LMaY3iGwFpM8CDw +nsvXOyhFQbKVKqLGGGK/bjwSRlv4m8Ti4SwrtYqkA69FzamuEwXBOzzwpzbK3Ep 8kWBVyxv+8UXxKKhfXGIqvDZg/PAe3+LODxAcDysKKgVfEndi5BnpTUMT1RI4Ine QFKYSpJwtMCR0BwMUQ3GLMZXtUp9tmrY/N3q75c0aD9LwqTUDCE8pm7NxcZhUt6Q 9Zu8ouHLBPY7KSSrv6UicYpVf6i726aD26f/q9SgI6oAwuhfhkQFqA== =wl45 -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110303143925.gc20...@ikki.ethgen.ch
Re: Disable ZeroConf: how to ?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, Am Fr den 4. Mär 2011 um 10:31 schrieb Wouter Verhelst: [Corporate users with preference for security] [Home users with preference for convenience] I somewhat agree. But not in all consequence. For that users that you call "Corporate users" I think I can fully agree. But not with "Home users". The reason is not that obvious but might be clear when looking to the image, systems have in the world: Windows: Insecure, full control, many software, games, official support Mac: Easy, colorful, all is moving and wabbering Debian: Secure, clear dependencies, no hidden control (that would overwrite administrator settings), absolute control Ubuntu: Colorful, Easy, more or less secure SuSI^HE: Much of hidden control, insecure (somewhat, but who cares), YaST Redhat: Official supported, not that many packages I left out many other systems but that should be enough to show, what I want to show. A user that installs Debian on his system will do that due to the reputation in security. If he want to have a simpler system he would install, for example, Ubuntu, Mac or Windows. So I do not think that we should sell the reputation of a secure system just for the convenience. But I think that, for that people who do not care about the part of security, such services should be easily to enable (Maybe with a debconf question that explains the consequences). I do not think that Debian should be good for every DAU (German abbreviation, English would be luser or so). I think Debian should be a distribution for experts and professionals (but not exclusive). > > Well, they might be for a mac or windows user that is not care about > > security at all. But it is horror for a debian user who care at least a > > bit about security. > > Let's just say 'end users who are not very aware of computing > technology' rather than 'mac or windows user', shall we? Well, I played intentional with the clichés as the most people (here) would understand that it stands for them. (However, I might fail with the idea. But see above) And it has an other reason too I used that clichés, I do not think that debian should reuse the errors and mistakes that systems above did do in the past (Just think about the easy sharing stuff on early windows (netbios and contortions, that was the target for many attacks in the past, the designers of that services even did not think about the problems they created). I think zeroconf with all the stuff around is on the way to go the same way than that. If the user want to have it, well then he should be able to do. But debian (and in my eyes all systems) should not give them the pistol, arm it and show them how to shoot himself in the head. We can sell them the pistol but should prepare them about the danger it can have. > There are several Debian users who fall in that category, too. And while > I agree that disabling zeroconf should be easily possible, I think a > default of 'convenience for a home user' is not a bad thing for a > distribution that is used for both corporate and home environments. Such > a default would include 'enabling zeroconf'. As I told, I think that the default should be disabled (as that would correct for most of the debian users). But I agree that the enabling/disabling should be easy; and not only per system, zeroconf insists on several systems like avahi, link local, mdns, ... > > And even worse, debian is often used on server platforms where you never > > ever want to have any such magically configured services. > > Since avahi isn't a dependency of anything you'd want to install on a > server -- I personally have never installed gnome on a server, for > instance -- it usually isn't. True. But sometimes you need a software component on the server that you usually only use on laptops or desktops. One example is the wpa-supplicant, that is common to test radius servers. It should not be that this accidentally leads to zeroconf components with the dependencies. (I did not check if that is the case in my example above.) Regards Klaus - -- Klaus Ethgenhttp://www.ethgen.ch/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBTXC/oZ+OKpjRpO3lAQryLAf+NgcpUG3VmOcBVRA8LJRJDA53ep0XE+ht UzMYSyVBX2567eecw5DbG8/7+d99MW1p9z7pl1BP42Vy8geNft2Z1iVVTEmiVIVf G7yND/cYj8r+VkJtH3JuViITmo1AQtZgQfH+y00CLxSGtYWwEbvtFilzr5TpoT6/ m4LeVJysCb/+ojtWQm/SmcJG0RtmwGJVC66jmDbJHpJDg3VReGo0JMoqA501zrfM gUehJ+lFz+YYnMPFvTBqocDyB693xrJ/GDW6srUEReqtcQV53J30TfyAzUQdrAPY yY4opLXAc66NyaPDn5HqpYXFw0GoD9G3M/9V9xfzg2zkrELF3JAj7Q== =kcRt -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110304103201.ga4...@ikki.ethgen.ch
OT: Re: Disable ZeroConf: how to ?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, Am Fr den 4. Mär 2011 um 12:19 schrieb Andrei Popescu: > I thought Debian was "The Universal Operating System" ;), so I would > rather divide like this: > > GNOME/KDE system: lots of functionality out-of-the-box > XFCE/LXDE system: decent functionality, usable also on older machines > WM/console system: packages only installed as needed Hey, I feel discriminated! I use fvwm. ;-) Regards Klaus - -- Klaus Ethgenhttp://www.ethgen.ch/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBTXDMBZ+OKpjRpO3lAQqHrggArd3xugZ3qilOdf8h2qP2L8EQMaiuw/e4 lEZwDZ70uSgHMWc55E3UfC2UWCwzIU9IZVzn9S71QMmZPtB6Jxpl50vWgf0Xk74b 796wgRuE6+iYvL5EID87AtbyYgcOQ4J/RXFkOjT4yqC44FY1knxbXdb5M0L9HAQZ hsvM2s9XaMFVhmrsLA6WpFJU7FkOHrpD8o6d12NetdbSXP7PalMs2EN63BDncYcs yPdhh7Vg5K9a6Cs0xpTaXQE/iqzZ9M6PS895E3mfUS+roAvJnpN3I4f2oRFWemKe oQ6bCLtszWYINKOIUYly+WFxDJR16T6xLQysEOfl4mXHPIAikPwRRQ== =8Fs9 -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110304112453.gc4...@ikki.ethgen.ch
Re: Disable ZeroConf: how to ?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Am Fr den 4. Mär 2011 um 12:24 schrieb Wouter Verhelst: > On Fri, Mar 04, 2011 at 11:32:01AM +0100, Klaus Ethgen wrote: > > A user that installs Debian on his system will do that due to the > > reputation in security. If he want to have a simpler system he would > > install, for example, Ubuntu, Mac or Windows. > [...] > > I do not think that Debian should be good for every DAU (German > > abbreviation, English would be luser or so). I think Debian should be a > > distribution for experts and professionals (but not exclusive). [...] > You seem to believe that Debian's usefulness should be confined to a > particular niche of users; a niche which conveniently includes you. Well, I wouldn't tell it »niche« but in principle you are right. > I disagree. While it certainly would make your particular use case > easier, That is not the point. In fact, it makes many thinks harder. > I think Debian should strive to be useful to as many users as > possible. True, but ... > Just because Ubuntu is a popular distribution for beginning Linux users > should not have to mean that 'beginning Linux users' is no longer a > target audience for Debian. It is definitively not. That is the reason, why so many derived distributions of debian exists (Knoppix, Ubuntu, Kubuntu, ...). > If security matters a great deal to you, you should audit systems for > unwanted services and disable them, True. But that is not the point. That is always needed, independent if your defaults are secure or not. > rather than hope that whatever you have installed happens not to be a > problem for your particular use case. Relying on defaults to be secure > is relying on other people to do your security for you. Hmmm... First you tell that debian should be for beginning users too and then you tell that they couldn't relay on the security of the system!? And this is exact the point. Just because it needs further steps to install a secure system do not mean that the defaults could be insecure. In ancient times debian was packaged the way that the administrator only installed the daemons that he needed. Today many daemons gets installed by dependencies and gets started without any need. Just the fact is security relevant as any running daemon higher the change that there is a security hole. Every daemon! And examples are found at many places today. I. e. mysqld from kde packages, apache for a linkchecker, avahi and consortions for gnome, ... Not to mention all the daemons that do not listen on network as gconf, kded4, ... I think, in the last few years, the quality of (some) debian packages has sunken. But this is just my personal view, and I am sorry to say it. > This is stupid, in all cases. When you argue that debian should be for beginning users too, no. In the other case just partly. > That's not to say that our defaults should be insecure, but > 'acceptable security' is a stretchable concept; But has its borders too. And having unnecessary daemons run and listen for network answers is definitively beyond that border. > the security trade-offs that you are willing to live with may be > stricter than mine, and vice versa. I think so. (From the reading) > If you're unfamiliar with computers, on the other hand, chances that > you'll be able to figure out how to enable convenience services are > slim, at best. Look, I installed my mother a system with debian on it. And I activate all that is needed to have her use the system. But I would never ever gave her a debian cd and tell her to install the system herself. This means that I have the responsibility to hold the system secure and up to date, true. > Since home users typically use computers in a desktop environment, I > therefore think it's perfectly okay to have the default desktop > installation enable such convenience services. No. Not with an distribution than debian but maybe with such than ubuntu. Just open the eyes. Debian _is_ not for the very begining (linux) user. Debian is (or was until now) a highly professional linux distribution that fits the needs of secure and flexible environments, where a big part is servers. If you want to change debian to be ubuntu it would be the time to look for another distribution that can be used on servers. (unfortunately I do not know an alternative.) Regards Klaus - -- Klaus Ethgenhttp://www.ethgen.ch/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBTXD+WZ+OKpjRpO3lAQrBzgf+NtC9f8snBriRsQwwM7nNf5/b+I1b4LIN ZAZYWIFjck9Mc1h8rpmqt2QsCuEtRFEwtFlkTl5MmCTUOD3neTND9f/R/CmZtt04 KjqdaUHe1dqwoSleeLaw1z5LeFnKPz+grvvvtsAOjTXwxLnnRLXVdBZZAKRc69FC 8c7ivluaABnjyVeH2ea7
Kernel legacy
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Just to bring that back to discussion: With lenny the provided glibc seems to be incompatible to kernel 2.4. There are many systems out there still running with kernel 2.4 cause stability. (My servers which needs to be stable all run Kernel 2.4.) Is there any scenario what happens to such systems when lenny gets stable? Background: The glibc in lenny is compiled to be incompatible with kernels lower than 2.6. I do not know if there are options to use newer glibc with older kernels. Regards Klaus - -- Klaus Ethgenhttp://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBSYXNNp+OKpjRpO3lAQo6eQgAqIM/MKgKne7jiZRJDvDOQaNIHuWI1CJg 6noj1nwuS0M0YdFZea5lu2k25b7B1CAho6XNT3mOiZyL8i3zdImK0iQo5D0MX73B F+x05F3h3Mj+Wg4A6lg05mOibcQ2cusOb1fdYa5uN7Frrwq1y4jSovuTPqSfNiyQ xGlkfx+xnbwDjnhCIyz8rW/Mj7UgUKlOxkte2jZ3UVfsPNreZpy8BLclFqrJZOyi lvQzXQMNHJQ/z1v3CZrbM3zxw8/4J8SlFUdms57X/FZHo3WGeRkz4ZX1f16cnCvl +it2gatUvvr6bv+iUmRp8Di/Bfmnt9BZSOzGI9ecwezwKBrN8NHrBA== =Wyn8 -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Re: Kernel legacy
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Am So den 1. Feb 2009 um 18:57 schrieb Luk Claes: > > With lenny the provided glibc seems to be incompatible to kernel 2.4. > > There are many systems out there still running with kernel 2.4 cause > > stability. (My servers which needs to be stable all run Kernel 2.4.) > > s/lenny/etch/ ? lenny is still correct. etch runs fine with kernel 2.4 (and lower by the way). > > Is there any scenario what happens to such systems when lenny gets > > stable? > > etch is already stable Yes, etch is but not lenny. Gruß Klaus - -- Klaus Ethgenhttp://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBSYYiqJ+OKpjRpO3lAQr4Hwf+O7kXdJzp5t6k2Y+kkfFYIYsY7RCqzMcn cc1QYigdx51Nmy7XNOAXMECsaS1/Z+1egaTzxzKSvN2M02uimJn47zcnZYM/FQJF /u8fMzaGmayVDwLh+pt1kxcP1vA4zr9TZDiBBg3cbWvkSWPZVM7oyyd95y2wTAf2 7cvClfpb53MvXwgCNYWpwuILYPFBL2Y9elHYhuSujex/Ug1Nf0F0Ie1ZrROByXBW SUCoh2TSxR1A/h89xeuiWqKpKamFYu3zUXLCB96mrEeZVA1V0pzrpza92cmbqA8l +zKNBSqNXG1GTdjnLVIpt8uSy1PvpD6Tzm9wbLBBKiPAwjvp+7uLZg== =N0+s -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
