Re: Intent to mass-file bugs: FDL/incorrect copyright files
Brian Nelson <[EMAIL PROTECTED]> writes: > AFAIK, ftp-masters only reject a package if inclusion and distribution > in Debian would be illegal. This is not the case with the GFDL. > I think in a typical case, the decision is up to the package maintainer, > and if the maintainer doesn't agree, the tech committee may resolve this > issue. Really? I thought the technical committee dealt with technical problems, not with licensing. > debian-legal is merely used for discussion, not for decision-making. So you are saying that if Joe Developer decides a license is free according to his understanding of the DFSG, in disagreement with a consensus formed on debian-legal, it's okay for him to upload the package unless the technical committee overrules him? -- ,''`. : :' :Romain Francoise <[EMAIL PROTECTED]> `. `' http://people.debian.org/~rfrancoise/ `-
Re: Bits (Nybbles?) from the Vancouver release team meeting
Steve Langasek <[EMAIL PROTECTED]> writes: > The following people in Debian leadership roles have also expressed > their support: > Andreas Schuldei (DPL candidate) > Angus Lees (DPL candidate) > Branden Robinson (DPL candidate) > Jonathan Walther (DPL candidate) How exactly is DPL candidate a leadership role? I can understand that the aforementioned people are under the spotlights right now because of the election, but it does not qualify as leadership. Also, our current DPL isn't listed in the supporters of this plan, does it mean that he wasn't consulted? Or does it mean that he was consulted, but disagreed? If so, may I ask why? Joey Schulze, our most active Security Officer, is also missing from the list. Same questions. Thanks, -- ,''`. : :' :Romain Francoise <[EMAIL PROTECTED]> `. `' http://people.debian.org/~rfrancoise/ `- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Bits (Nybbles?) from the Vancouver release team meeting
Brian Nelson <[EMAIL PROTECTED]> writes: > Can we *please* ban Ingo from d-d? He's been a huge pain in the ass on > this list for months now, has absolutely nothing constructive to > contribute, and is actively trying to subvert the project. For what it's worth, I second this request. -- ,''`. : :' :Romain Francoise <[EMAIL PROTECTED]> `. `' http://people.debian.org/~rfrancoise/ `- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: master mail problems -- help needed
Wouter Verhelst <[EMAIL PROTECTED]> writes: > That's on master. I've been watching it for about 5 minutes, and never > saw the load drop below 3.80-ish. > Could it be that master is simply imploding on the amount of mail > received? It's always been like that (if not worse). -- ,''`. : :' :Romain Francoise <[EMAIL PROTECTED]> `. `' http://people.debian.org/~rfrancoise/ `- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Need for launchpad
Matt Zimmerman <[EMAIL PROTECTED]> writes: > Developers will choose to use them when and where it makes sense for > them to do so. Ironically enough, it looks like all Debian Developers already have an account there... because I have one, and I never ask for one: https://launchpad.net/people/rfrancoise> Automatic import of the Debian LDAP data? https://launchpad.net/people/asuffield> https://launchpad.net/people/srivasta> etc... -- ,''`. : :' :Romain Francoise <[EMAIL PROTECTED]> `. `' http://people.debian.org/~rfrancoise/ `- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Need for launchpad
Thomas Viehmann <[EMAIL PROTECTED]> writes: > I don't think Debian'd give the data away. Hmm? The data is was referring to is public (login and full name). I wasn't implying that Launchpad had data from the private part of our LDAP db (it doesn't). -- ,''`. : :' :Romain Francoise <[EMAIL PROTECTED]> `. `' http://people.debian.org/~rfrancoise/ `- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#303924: ITP: visitors -- fast web log analyzer
Package: wnpp Severity: wishlist Owner: Romain Francoise <[EMAIL PROTECTED]> * Package name: visitors Version : 0.4a Upstream Author : Salvatore Sanfilippo * URL or Web page : http://www.hping.org/visitors/ * License : GPL Description : a fast web server log analyzer Visitors is a very fast web server log analyzer designed to be run from the command line, with support for text or html output and real-time statistics generation. It can handle most web server logs including Apache access logs and is very easy to use: no configuration file and no database are required. It can also generate visual trail analysis graphs using Graphviz. For further information see http://www.hping.org/visitors/>. -- ,''`. : :' :Romain Francoise <[EMAIL PROTECTED]> `. `' http://people.debian.org/~rfrancoise/ `- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Status of PHP5?
Piotr Roszatycki <[EMAIL PROTECTED]> writes: > The facts are: [...] You forgot: 5. Your packages use a radically different build system (yada) that not all developers are comfortable with (understatement); 6. Your packages include patches that may not be suitable for general use in Debian (like Hardened PHP); 7. As far as I can tell, you didn't discuss any of your proposed changes beforehand and presented your packages as final without justification. If you had presented a rationale for each change, and worked with the PHP maintainers to create your php5 packages, you might have had more success. Cheers, -- ,''`. : :' :Romain Francoise <[EMAIL PROTECTED]> `. `' http://people.debian.org/~rfrancoise/ `- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Status of PHP5?
Piotr Roszatycki <[EMAIL PROTECTED]> writes: > I don't see any bonus in converting the YADA-based packages to the > other build system. I don't understand why it might be a reason for > rejection. Well, you co-authored yada, didn't you? Of course it sounds ideal to you. But don't you understand that other developers might not like it as much as you do? > For 6 month I see nothing. Where are the packages? The people need > them. I'm not just talking. I'm working on _my_ packages and I'm doing > it as well as I can do it. Do you have better packages? So please > upload it into incoming. Or just allow me to make a good job on > them. Don't obstruct the Debian project. I don't and in fact, I have nothing to do with PHP whatsoever. I'm suggesting that you try to work with existing teams instead of doing your own thing in your corner and then whining when it gets rejected. Debian has more than 900 developers, a minimum amount of cooperation is necessary... it may not work as well as you want but hijacking other people's packages is not a solution. Cheers, -- ,''`. : :' :Romain Francoise <[EMAIL PROTECTED]> `. `' http://people.debian.org/~rfrancoise/ `- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Example where testing-security was used?
Steve Langasek <[EMAIL PROTECTED]> writes: > In any case, given the number of prospective ports waiting in the > wings, 11 is probably a roughly correct estimate even if we *do* drop > some architectures. Speaking of prospective ports, what would be the feasibility of keeping testing frozen after sarge releases, do whatever toolchain updates are needed to support amd64 via t-p-u, and release etch as a "sarge+amd64" release in, say, 3 months? The rationale is that amd64 would be immediately useful whereas other architectures like s390x or whatever other port we plan to support can probably wait the 2+ years before the next release... (I don't know if it's possible to add an architecture without having all binaries go through unstable first so the idea is probably doomed, but it certainly appeals.) -- ,''`. : :' :Romain Francoise <[EMAIL PROTECTED]> `. `' http://people.debian.org/~rfrancoise/ `- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Example where testing-security was used?
Alexander Schmehl <[EMAIL PROTECTED]> writes: > http://www.nl.debian.org/vote/2004/vote_004 > http://www.nl.debian.org/vote/2004/vote_003 > I can hardly imagine, you can fix all that in three month. Good point. -- ,''`. : :' :Romain Francoise <[EMAIL PROTECTED]> `. `' http://people.debian.org/~rfrancoise/ `- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Is Ubuntu a debian derivative or is it a fork?
John Goerzen <[EMAIL PROTECTED]> writes: > I think we should devote some thought to declaring a permanent > bug-squashing party and relaxing the rules for NMUs (for instance, let > them happen for any documented bug of any severity so long as they are > uploaded to the 5-day delayed queue and patches are posted to the BTS > at the time of the upload). One small step down that road, anyway. What does "documented" mean here? Filed in the BTS? Very often the maintainer has a much better understanding of a particular problem than the random bystander because of his experience with the code, his privileged relation with upstream or his own research of the problem prior to replying to the submitter. Assuming that the problem has received no attention because the maintainer hasn't replied to the bug in the BTS is a mistake. Personally, I don't send messages every five minutes to the bug log saying "hey, neat, I can reproduce it", then "cool, I see where the problem is", then "I might have a patch but it's a quick fix, I'm trying to come up with a better one", etc. -- ,''`. : :' :Romain Francoise <[EMAIL PROTECTED]> `. `' http://people.debian.org/~rfrancoise/ `- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Moving packages from experimental to unstable: use -v
It'd be nice if people who move packages from experimental to unstable used the -v option to dpkg-buildpackage. It has two main advantages: 1. bugs fixed in experimental get closed automatically by the upload 2. people who read d-d-changes like myself get an idea of the history of the package prior to its upload to unstable. (See also section 4.6.4.3 in the Developer's Reference.) Thanks, -- ,''`. : :' :Romain Francoise <[EMAIL PROTECTED]> `. `' http://people.debian.org/~rfrancoise/ `- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: And now for something completely different... etch!
Steve Langasek <[EMAIL PROTECTED]> writes: > Toolchain update to gcc/g++ 4.0 - Matthias Klose <[EMAIL PROTECTED]> > Switch to dependency-based init.d handling -- Lars Wirzenius <[EMAIL > PROTECTED]> > Drop libpng2/libpng10-0/libpng3 packages - Josselin Mouette <[EMAIL > PROTECTED]> > Drop libmysqlclient10/libmysqlclient12 packages - Adam Conrad <[EMAIL > PROTECTED]> > Consistent LFS support - Steve Langasek <[EMAIL PROTECTED]> libpcap0.9 transition - myself (more on that later) -- ,''`. : :' :Romain Francoise <[EMAIL PROTECTED]> `. `' http://people.debian.org/~rfrancoise/ `- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Centralized darcs
Marc Haber <[EMAIL PROTECTED]> writes: > A few years ago, we had only CVS, which sucked. And now, we have a > gazillion of different VCSes, all different. And most of them suck too, in their own ways. -- ,''`. : :' :Romain Francoise <[EMAIL PROTECTED]> `. `' http://people.debian.org/~rfrancoise/ `- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: release update: freeze, RC Bug count, python, toolchain
Andreas Barth <[EMAIL PROTECTED]> writes: > * sorting out docs-in-main vs. the DFSG > We have seen some promising development here, and only a few packages > need to be updated for this. Sadly, the remaining packages include > glibc, automake and emacs21. What about GCC? -- ,''`. : :' :Romain Francoise <[EMAIL PROTECTED]> `. `' http://people.debian.org/~rfrancoise/ `- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#388738: ITP: bongo-el -- buffer-oriented media player for Emacs
Package: wnpp Severity: wishlist Owner: Romain Francoise <[EMAIL PROTECTED]> * Package name: bongo-el Version : 20060922 (darcs snapshot) Upstream Author : Daniel Brockman <[EMAIL PROTECTED]> * URL or Web page : http://www.brockman.se/software/bongo/ * License : GNU GPL Description : buffer-oriented media player for Emacs Bongo is a flexible buffer-oriented media player for Emacs. It supports several player backends such as mpg321, ogg123 or mplayer and has built-in support for displaying album covers and submitting songs to Last.fm. It is comparable to EMMS but has a nicer user interface. -- ,''`. : :' :Romain Francoise <[EMAIL PROTECTED]> `. `' http://people.debian.org/~rfrancoise/ `- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#391774: ITP: ruby-taglib -- TagLib Audio Meta-Data Library for Ruby
Package: wnpp Owner: Romain Francoise <[EMAIL PROTECTED]> Severity: wishlist * Package name: ruby-taglib Version : 1.1 Upstream Author : Neil Stevens <[EMAIL PROTECTED]> * URL or Web page : http://www.hakubi.us/ruby-taglib/ * License : MIT Description : TagLib Audio Meta-Data Library for Ruby This is a Ruby interface to TagLib, the audio meta-data library. It provides access to the abstract API of TagLib and allows Ruby programs to read and write meta-data of all the audio formats supported by TagLib. -- ,''`. : :' :Romain Francoise <[EMAIL PROTECTED]> `. `' http://people.debian.org/~rfrancoise/ `- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#391839: ITP: mahoro -- File type determination library for Ruby
Package: wnpp Owner: Romain Francoise <[EMAIL PROTECTED]> Severity: wishlist * Package name: mahoro Version : 0.1 Upstream Author : Shu-yu Guo <[EMAIL PROTECTED]> * URL or Web page : http://rubyforge.org/projects/mahoro/ * License : Public Domain Description : File type determination library for Ruby This package provides a Ruby interface to the C libmagic library. With it, you can determine the type of a file by examining its contents rather than its name. -- ,''`. : :' :Romain Francoise <[EMAIL PROTECTED]> `. `' http://people.debian.org/~rfrancoise/ `- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: apply to NM? ha!
John Hasler <[EMAIL PROTECTED]> writes: > "Team player" is PHB code for someone who will shut up and do what he > is told even though he knows it is wrong. Yes. And Debian wouldn't be fun without a few enmities, we wouldn't have great posts like http://lists.debian.org/debian-legal/2004/07/msg01308.html or http://lists.debian.org/debian-devel-announce/2001/12/msg8.html... -- ,''`. : :' :Romain Francoise <[EMAIL PROTECTED]> `. `' http://people.debian.org/~rfrancoise/ `- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#214392: ITA: wmclock -- A dockable clock applet for Window Maker
Package: wnpp Version: N/A; reported 2003-10-06 Severity: normal Hi, I intend to adopt the wmclock package. It is not orphaned per se, but given the following facts I think it's up for adoption: - according to debian/changelog, the package has had three uploads; two were sponsored Maintainer Uploads and the last is a NMU by Branden Robinson which fixed an (obvious) FTBFS bug. This last NMU happened on Wed, 18 Jul 2001 and was never acknowledged. - the current maintainer was in the NM queue but withdrew his application in 2001.[1] - the package is in poor shape, to say the least: it claims localization but doesn't ship with the right files and has a stupid y2k-compliance bug which was never fixed even though a patch is attached[2]. All in all, the package is the barely edited result of a dh_make run. I have tried to contact the current maintainer but didn't get a reply (yet?). Given that he never reapplied to the NM process and never even fixed the bugs in wmclock, I don't think he'll be willing to keep this package. Branden Robinson who last NMUed the package isn't willing to maintain it either. I have prepared a new package which fixes all the bugs and is in conformance with nowadays standards, I would like to see it in Sarge, so I'll wait 2 or 3 days more and upload it, unless someone objects. If you know the whereabouts of the previous maintainer (Szabolcs Horvath <[EMAIL PROTECTED]>), please tell me. Thanks, -- ,''`. : :' :Romain Francoise <[EMAIL PROTECTED]> `. `' http://people.debian.org/~rfrancoise/ `- [1] http://lists.debian.org/debian-newmaint-discuss/2001/debian-newmaint-discuss-200103/msg00043.html [2] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=126742 pgpUJ3DNZ9eD2.pgp Description: PGP signature
Re: Bug#323855: ITP: opencvs -- OpenBSD CVS implementation with special emphasis in security
Russ Allbery <[EMAIL PROTECTED]> writes: > Or just the example of RCS, which is probably the most to point. Perhaps not. These days RCS isn't really used as a revision control system but as a component in a variety of applications: some are related to revision control, some are not (wiki engines, etc). We don't keep it solely for interoperability. -- ,''`. : :' :Romain Francoise <[EMAIL PROTECTED]> `. `' http://people.debian.org/~rfrancoise/ `- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Bug#325371: ITP: binfmtc -- a binfmt_misc hook for running C programs as scripts
Junichi Uekawa <[EMAIL PROTECTED]> writes: > I would be interested to know if there is any existing tool that does > something similar, and also if anyone finds use for such system. TCC does C scripting, but it's nowhere near as complete as GCC and while it runs much faster, the resulting code is not optimized at all and runs very slowly. So yeah, binfmt + gcc is probably the way to go. -- ,''`. : :' :Romain Francoise <[EMAIL PROTECTED]> `. `' http://people.debian.org/~rfrancoise/ `- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Spam on this list
Petter Reinholdtsen <[EMAIL PROTECTED]> writes: > You might want to consider reading the lists using NNTP to gmane.org. > I read several of the lists that way, and gmane filter out the spam > for me. :) And it needs money for a new dual Opteron mail server: http://gmane.org/donate.php> -- ,''`. : :' :Romain Francoise <[EMAIL PROTECTED]> `. `' http://people.debian.org/~rfrancoise/ `- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Emacs 23.1 released
Adrian Perez writes: > I'd like to see this in unstable ASAP. http://lists.debian.org/debian-emacsen/2009/07/msg4.html -- Romain Francoise http://people.debian.org/~rfrancoise/ -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#551176: ITP: zeya -- a web music server
Package: wnpp Severity: wishlist Owner: Romain Francoise * Package name: zeya Version : 0.2 Upstream Author : Phil Sung * URL : http://web.psung.name/zeya/ * License : AGPLv3 Programming Lang: Python, Javascript Description : a web music server Zeya is a streaming music server that brings your music to any computer with a web browser. It reads your music library, lets you browse your files, and streams them on demand. The client runs entirely in the browser using the HTML 5 draft standard technologies--no Flash needed! No Silverlight, no applets, no plugins, no external players. -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Re: Switch on compiler hardening defaults
Kees Cook writes: > I would like to propose enabling[1] the GCC hardening patches that Ubuntu > uses[2]. Ubuntu has used it successfully for 1.5 years now (3 releases), > and many of the issues have already been fixed in packages that needed > adjustment[3]. After all this time, use of the hardening-wrapper[4] > package is still very low, so I think the right thing to do is to just fix > this in the compiler and everyone wins. I'm not suggesting that there > won't be added work to fix problems, but I believe that for Debian the > benefits now out-weigh the risks. Agreed. The freeze is months away, there's plenty of time to deal with the potential fallout of enabling this, so let's just do it. -- Romain Francoise http://people.debian.org/~rfrancoise/ -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Re: Switch on compiler hardening defaults
Kees Cook writes: > And built with hardening-includes: > openbsd-inetd tcpdump -- Romain Francoise http://people.debian.org/~rfrancoise/ -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#423424: ITP: scanmem -- Locate and modify a variable in an executing process
Package: wnpp Severity: wishlist Owner: Romain Francoise <[EMAIL PROTECTED]> * Package name: scanmem Version : 0.06 Upstream Author : Tavis Ormandy * URL : http://taviso.decsystem.org/scanmem.html * License : GNU GPL Programming Lang: C Description : Locate and modify a variable in an executing process scanmem is an interactive debugging utility that can be used to isolate the address of a variable in an executing process by successively scanning the process' address space looking for matching values. By informing scanmem how the value of the variable changes over time, it can determine the actual location (or locations) of the variable by successively eliminating non-matches. Once a variable has been found, scanmem can monitor the variable, or change it to a user specified value, either once, or continually over a period of time. Homepage: http://taviso.decsystem.org/scanmem.html -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: proposed release goal: DEBIAN/md5sums for all packages
Stefano Zacchiroli <[EMAIL PROTECTED]> writes: > [ fully quoting my original request, for the sake of context > preservation ] Thanks for initiating the discussion! :-) > On Fri, Aug 17, 2007 at 09:04:13AM +0200, Luk Claes wrote: >> >> With more than 600 issues, it's a bit early to make it a release goal IMHO. >> Though making maintainers aware by upgrading the lintian check to a warning >> and discussion on debian-devel about which exceptions are warranted (and >> possible mass bug filing) will probably be a good idea to get the amount >> reduced rather fast... One thing I've been pondering about is: are there any good reasons *not* to have an md5sums control file? It seems to me that the time spent to generate it on the buildds is probably insignificant compared to the total time needed to build the package... And since generating it can be done with a trivial shell command, it's not a complexity issue either. -- ,''`. : :' :Romain Francoise <[EMAIL PROTECTED]> `. `' http://people.debian.org/~rfrancoise/ `- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: proposed release goal: DEBIAN/md5sums for all packages
Stefano Zacchiroli <[EMAIL PROTECTED]> writes: > Can you please upload this to people.debian.org or somewhere, and maybe > keep it periodically updated? I guess it would be useful for the sake > of deciding what to do. No problem, will do. > Are you using the "debian_bundle.debfile" module for that? > I would be happy to receive in a bug report about what it fails to > parse. Yep, it was sitting in my outbox and I've just sent it: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=438486 > More generally I'm also interested in some feedback if you tried > it on the whole archive, since we haven't yet had a lot of large > use case report about it. It's great, and surprisingly fast. It scans the mirror (sid, all sections, amd64+all) in about 25 seconds on my desktop machine. -- ,''`. : :' :Romain Francoise <[EMAIL PROTECTED]> `. `' http://people.debian.org/~rfrancoise/ `- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: proposed release goal: DEBIAN/md5sums for all packages
selinux-doc sepolgen tla-tools wm-icons Joop Stakenborg <[EMAIL PROTECTED]> psk31lx twpsk Roland Stigge <[EMAIL PROTECTED]> latex2html Andrew Stribblehill <[EMAIL PROTECTED]> unlambda whitespace zenirc Hwei Sheng Teoh <[EMAIL PROTECTED]> xscavenger Juan Esteban Monsalve Tobon <[EMAIL PROTECTED]> libjama-dev libtnt-dev Torrus maintainers <[EMAIL PROTECTED]> torrus-apache torrus-apache2 torrus-common James Troup <[EMAIL PROTECTED]> debian-keyring James Troup <[EMAIL PROTECTED]> binutils binutils-dev binutils-doc binutils-multiarch binutils-source ed filelight gawk gawk-doc gimp-dimage-color gnupg gnupg-doc gnus gpgv libgdbm-dev libgdbm3 libgdbmg1 mawk p0f quinn-diff xloadimage xmms-msa Junichi Uekawa <[EMAIL PROTECTED]> rarpd Matthew Vernon <[EMAIL PROTECTED]> bible-kjv bible-kjv-text xbs xtrlock Thomas Viehmann <[EMAIL PROTECTED]> dput Santiago Vila <[EMAIL PROTECTED]> base-files doc-debian-es hello postfix-gld smartlist Tommi Virtanen <[EMAIL PROTECTED]> carpaltunnel dnscvsutil python-oss rain records-common records-gnuemacs records-xemacs syslog-summary wmanager xml2 xtermset Michael Vogt <[EMAIL PROTECTED]> debian-archive-keyring Colin Watson <[EMAIL PROTECTED]> exuberant-ctags Florian Weimer <[EMAIL PROTECTED]> xml2rfc Brian White <[EMAIL PROTECTED]> genpower mime-support signify squid-prefetch Pawel Wiecek <[EMAIL PROTECTED]> pgpgpg mush-src Graham Williams <[EMAIL PROTECTED]> wajig Alexander Wirt <[EMAIL PROTECTED]> iproute iproute-dev iproute-doc Lars Wirzenius <[EMAIL PROTECTED]> enemies-of-carlotta Yooseong Yang <[EMAIL PROTECTED]> bmp-alarm xmms-alarm Borys Yanovych <[EMAIL PROTECTED]> mozilla-thunderbird-locale-uk Enrique Zanardi <[EMAIL PROTECTED]> doc-linux-es pointerize untex Alexander Zangerl <[EMAIL PROTECTED]> intel2gas Anton Zinoviev <[EMAIL PROTECTED]> console-cyrillic fortunes-bg trscripts -- ,''`. : :' :Romain Francoise <[EMAIL PROTECTED]> `. `' http://people.debian.org/~rfrancoise/ `- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
On bz2 compression in debs
Hi, In the past few days I've been making random tests on the whole archive, and found two binary packages that my tools couldn't handle because they use bz2 compression of the data tarball. That is to say, they don't have the data.tar.gz member but have a data.tar.bz2 member instead. This format has been supported by dpkg since 2004, and can be enabled by passing the '-Z bzip2' option to dpkg-deb (usually via dh_builddeb). The two packages are doc-linux-html and doc-linux-nonfree-html: $ ar t doc-linux-html_2007.08-2_all.deb debian-binary control.tar.gz data.tar.bz2 $ dpkg -I doc-linux-html_2007.08-2_all.deb | head -1 new debian package, version 2.0. $ I'm trying to determine if this is policy compliant. Policy has the following to say about the .deb format: | B. Binary packages (from old Packaging Manual) | -- | | The binary package has two main sections. The first part consists of | various control information files and scripts used by `dpkg' when | installing and removing. See Section B.2, `Package control | information files'. | | The second part is an archive containing the files and directories to | be installed. | | In the future binary packages may also contain other components, such | as checksums and digital signatures. The format for the archive is | described in full in the `deb(5)' man page. and deb(5) says: | The third, last required member is named data.tar.gz. It contains | the filesystem archive as a gzipped tar archive. Note 'required'. So my questions are: 1) If deb(5) is authoritative, am I right in thinking that bz2 compression is a policy violation at the moment? 2) Doesn't the disappearance of 'data.tar.gz' warrant a bump of the binary version number, from 2.0 to, say, 3.0? See also: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=34727 http://lists.debian.org/debian-devel/1999/10/msg02053.html http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=438486 Thanks for any insight, -- ,''`. : :' :Romain Francoise <[EMAIL PROTECTED]> `. `' http://people.debian.org/~rfrancoise/ `- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: proposed release goal: DEBIAN/md5sums for all packages
Stefano Zacchiroli <[EMAIL PROTECTED]> writes: > Can you please upload this to people.debian.org or somewhere, and > maybe keep it periodically updated? Updated daily at http://people.debian.org/~rfrancoise/md5sums-check/ -- ,''`. : :' :Romain Francoise <[EMAIL PROTECTED]> `. `' http://people.debian.org/~rfrancoise/ `- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: proposed release goal: DEBIAN/md5sums for all packages
Adeodato Simó <[EMAIL PROTECTED]> writes: >> Adeodato Simó <[EMAIL PROTECTED]> >>amarok-engines > This is a false positive. The package only ships > /usr/share/doc/amarok-engines, which is a symlink. Thanks, the script now checks that the package has at least one regular file. -- ,''`. : :' :Romain Francoise <[EMAIL PROTECTED]> `. `' http://people.debian.org/~rfrancoise/ `- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: proposed release goal: DEBIAN/md5sums for all packages
Stefano Zacchiroli <[EMAIL PROTECTED]> writes: > Small feature request, can you please invoke dd-list passing -u ? -u is the default but I don't like it much since it makes the list longer than it really is. But I've now dropped -nou on the assumption that you know better than me. :) Cheers, -- ,''`. : :' :Romain Francoise <[EMAIL PROTECTED]> `. `' http://people.debian.org/~rfrancoise/ `- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: On bz2 compression in debs
Felipe Sateler <[EMAIL PROTECTED]> writes: >> http://lists.debian.org/debian-devel/1999/10/msg02053.html > The above link says it should be 3.0 for bz2 compressed binary debs: I know, that's why I mentioned it. But it's from 1999. -- ,''`. : :' :Romain Francoise <[EMAIL PROTECTED]> `. `' http://people.debian.org/~rfrancoise/ `- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: proposed release goal: DEBIAN/md5sums for all packages
Javier Fernández-Sanguino Peña <[EMAIL PROTECTED]> writes: > From http://blog.orebokech.com/2007/08/debian-packages-without-md5sums.html: > "Random testing of my local Debian mirror shows that 644 binary packages out > of 20774 (3.1%) are missing the DEBIAN/md5sums control file." As of today my counter is down to 514 packages (2.47%). -- ,''`. : :' :Romain Francoise <[EMAIL PROTECTED]> `. `' http://people.debian.org/~rfrancoise/ `- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: There interest in emacs-snapshot. Is there sense to have it?
Hi, Yaroslav Halchenko <[EMAIL PROTECTED]> writes: > It would be really nice if emacs-snapshot comes back to existence. It never really went away, it just got removed from the Debian archive. I still maintain it (outside Debian) at the following URL: http://emacs.orebokech.com/ The packages are updated weekly as before. Cheers, -- ,''`. : :' :Romain Francoise <[EMAIL PROTECTED]> `. `' http://people.debian.org/~rfrancoise/ `- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: There interest in emacs-snapshot. Is there sense to have it?
Hi, Yaroslav Halchenko <[EMAIL PROTECTED]> writes: > would it be too much of a hassle to have it in Debian main > repository? or there are some licensing issues ;-)? Yeah, the same licensing issues that led to its removal. Sorry. Cheers, -- ,''`. : :' :Romain Francoise <[EMAIL PROTECTED]> `. `' http://people.debian.org/~rfrancoise/ `- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Friendly reminder: the Vcs-Browser field is now official
Hi all, The packages listed below use the 'XS-Vcs-Browse' field, which has been obsoleted by the new, official 'Vcs-Browser' field. Please consider upgrading your control files to use that. Also note that the proper capitalization is 'Vcs-Browser', not 'VCS-Browser'. Thanks. Gregory Colpart (evolix) <[EMAIL PROTECTED]> ingo1 (U) kronolith2 (U) mnemo2 (U) turba2 (U) Clint Adams <[EMAIL PROTECTED]> arch-perl archway archzoom axp Daniel Baumann <[EMAIL PROTECTED]> live-helper (U) live-initramfs (U) virtualbox-ose (U) Marcus Better <[EMAIL PROTECTED]> commons-daemon (U) emma-coverage (U) ganymed-ssh2 (U) input-utils kernel-patch-exec-shield libcommons-modeler-java (U) libjaxen-java (U) libxalan2-java (U) mysql-connector-java (U) rhino (U) stylebook (U) tomcat5.5 (U) Paul Cager <[EMAIL PROTECTED]> rhino (U) Debian Java Maintainers <[EMAIL PROTECTED]> commons-daemon emma-coverage ganymed-ssh2 libcommons-modeler-java libjaxen-java libxalan2-java mysql-connector-java rhino stylebook tomcat5.5 Debian Live <[EMAIL PROTECTED]> live-helper live-initramfs Debian Virtualbox Team <[EMAIL PROTECTED]> virtualbox-ose Hector Garcia <[EMAIL PROTECTED]> mailman (U) Tollef Fog Heen <[EMAIL PROTECTED]> mailman (U) Horde Maintainers <[EMAIL PROTECTED]> ingo1 kronolith2 mnemo2 turba2 Philipp Hug <[EMAIL PROTECTED]> virtualbox-ose (U) Philipp Kern <[EMAIL PROTECTED]> aiccu Thijs Kinkhorst <[EMAIL PROTECTED]> dutch mailman (U) php-http-request phpbb2 (U) Julian Andres Klode <[EMAIL PROTECTED]> ndisgtk Matthias Klose <[EMAIL PROTECTED]> libxalan2-java (U) Michael Koch <[EMAIL PROTECTED]> commons-daemon (U) emma-coverage (U) ganymed-ssh2 (U) libcommons-modeler-java (U) mysql-connector-java (U) stylebook (U) tomcat5.5 (U) Alexander Kotelnikov <[EMAIL PROTECTED]> fvwm (U) martin f. krafft <[EMAIL PROTECTED]> mailplate Chris Lamb <[EMAIL PROTECTED]> cakephp cakephp-instaweb cakephp1.2 trac-bzr Ola Lundqvist <[EMAIL PROTECTED]> ingo1 (U) kronolith2 (U) mnemo2 (U) turba2 (U) Mailman for Debian <[EMAIL PROTECTED]> mailman Lionel Elie Mamane <[EMAIL PROTECTED]> ingo1 (U) kronolith2 (U) mailman (U) mnemo2 (U) turba2 (U) Michael Meskes <[EMAIL PROTECTED]> virtualbox-ose (U) Kurt Roeckx <[EMAIL PROTECTED]> dutch (U) Erich Schubert <[EMAIL PROTECTED]> refpolicy (U) Manoj Srivastava <[EMAIL PROTECTED]> checkpolicy cvs-buildpackage dist flex fvwm fvwm (U) kernel-package libcgi-perl liblog-log4perl-perl libselinux libsemanage libsepol mailagent policycoreutils psgml refpolicy slat ucf vm Marvin Stark <[EMAIL PROTECTED]> virtualbox-ose (U) Arnaud Vandyck <[EMAIL PROTECTED]> commons-daemon (U) libcommons-modeler-java (U) libjaxen-java (U) libxalan2-java (U) mysql-connector-java (U) rhino (U) tomcat5.5 (U) Patrick Winnertz <[EMAIL PROTECTED]> virtualbox-ose (U) Jeroen van Wolffelaar <[EMAIL PROTECTED]> phpbb2 -- ,''`. : :' :Romain Francoise <[EMAIL PROTECTED]> `. `' http://people.debian.org/~rfrancoise/ `- pgpIda8x90CqY.pgp Description: PGP signature
XS-Vcs-*, XS-X-Vcs-* and friends
Willi Mann <[EMAIL PROTECTED]> writes: > Why did you not search for XS-Vcs in general? Because packages using XS-Vcs-Browse are easy to catch, you can just look at the Sources file and filter on 'Vcs-Browse'. Since the other XS-Vcs-* fields get normalized to legit values, catching them requires unpacking all the source packages. BUT! you may be interested in the following packages, which use XS-X-Vcs-* headers and are also easy to catch: Lionel Le Folgoc (mr_pouit) <[EMAIL PROTECTED]> gnaural Nicolas FRANCOIS (Nekral) <[EMAIL PROTECTED]> shadow (U) Moray Allan <[EMAIL PROTECTED]> libhandoff (U) Mirco Bauer <[EMAIL PROTECTED]> beagle (U) evolution-sharp (U) John V. Belmonte <[EMAIL PROTECTED]> lua5.1 Phil Blundell <[EMAIL PROTECTED]> libhandoff (U) Frank B. Brokken <[EMAIL PROTECTED]> c++-annotations Luca Capello <[EMAIL PROTECTED]> arnesi fiveam parenscript qbook s-xml trivial-sockets yaclml Vagrant Cascadian <[EMAIL PROTECTED]> ltsp (U) simple-cdd (U) George Danchev <[EMAIL PROTECTED]> c++-annotations (U) Debian Kolab Maintainers <[EMAIL PROTECTED]> kolabadmin Debian Mono Group <[EMAIL PROTECTED]> beagle evolution-sharp Peter Eisentraut <[EMAIL PROTECTED]> kolabadmin (U) Peter Van Eynde <[EMAIL PROTECTED]> arnesi (U) cl-portable-aserve fiveam (U) parenscript (U) qbook (U) s-utils s-xml (U) trivial-sockets (U) yaclml (U) Joao Eriberto Mota Filho <[EMAIL PROTECTED]> jp2a pacman4console Gustavo Franco <[EMAIL PROTECTED]> ltsp (U) simple-cdd Ionut Georgescu <[EMAIL PROTECTED]> grace grace6 Thomas Girard <[EMAIL PROTECTED]> stlport5.1 (U) Sergei Golovan <[EMAIL PROTECTED]> ejabberd (U) Oliver Grawert <[EMAIL PROTECTED]> ltsp (U) Grub Maintainers <[EMAIL PROTECTED]> grub Varun Hiremath <[EMAIL PROTECTED]> afuse dvipng epigrass gastables libjmac-java libjspeex-java libvorbisspi-java (U) lybniz magicrescue model-builder pidgin-libnotify smbnetfs txt2html wmcpu wmdate wmforkplop xpuzzles Steffen Joeris <[EMAIL PROTECTED]> kolabadmin (U) martin f. krafft <[EMAIL PROTECTED]> guessnet (U) Noe¨l Koethe <[EMAIL PROTECTED]> kolabadmin (U) Carlos Laviola <[EMAIL PROTECTED]> fpc lazarus ltsp (U) LTSP Debian/Ubuntu Maintainers <[EMAIL PROTECTED]> ltsp Ola Lundqvist <[EMAIL PROTECTED]> txt2html (U) xpuzzles (U) Lionel Elie Mamane <[EMAIL PROTECTED]> txt2html (U) tony mancill <[EMAIL PROTECTED]> c++-annotations (U) Rene Mayorga <[EMAIL PROTECTED]> afbackup Robert Millan <[EMAIL PROTECTED]> grub (U) jwchat packagers <[EMAIL PROTECTED]> jwchat Christian Perrier <[EMAIL PROTECTED]> shadow (U) Martin Quinson <[EMAIL PROTECTED]> shadow (U) Petter Reinholdtsen <[EMAIL PROTECTED]> ltsp (U) Otavio Salvador <[EMAIL PROTECTED]> grub (U) ltsp (U) Shadow package maintainers <[EMAIL PROTECTED]> shadow Daniel Silverstone <[EMAIL PROTECTED]> luasocket (U) Jose Carlos Garcia Sogo <[EMAIL PROTECTED]> beagle (U) conduit evolution-sharp (U) goocanvas pygoocanvas pyspi Philippe De Swert <[EMAIL PROTECTED]> libhandoff (U) Enrico Tassi <[EMAIL PROTECTED]> lua-cgi lua-copas lua-curl lua-doc lua-expat lua-filesystem lua-graph lua-logging lua-posix lua-rings lua-soap lua-sql lua-svn lua-xmlrpc lua-zip lua5.1 (U) lua5.1-policy lua50 luasocket xavante Jason Thomas <[EMAIL PROTECTED]> grub (U) Michael Vogt <[EMAIL PROTECTED]> ltsp (U) Torsten Werner <[EMAIL PROTECTED]> afbackup (U) afuse (U) dvipng (U) ejabberd epigrass (U) fpc (U) gastables (U) grace (U) grace6 (U) jwchat (U) lazarus (U) libaopalliance-java libavg libcommons-attributes-java libjamon-java libjmac-java (U) libjspeex-java (U) libsexymm libvorbisspi-java lybniz (U) magicrescue (U) model-builder (U) pidgin-libnotify (U) smbnetfs (U) stlport5.1 txt2html (U) wmcpu (U) wmdate (U) wmforkplop (U) xpuzzles (U) Neil Williams <[EMAIL PROTECTED]> libhandoff Martin Würtele <[EMAIL PROTECTED]> arnesi (U) fiveam (U) parenscript (U) qbook (U) s-xml (U) trivial-sockets (U) yaclml (U) Matt Zimmerman <[EMAIL PROTECTED]> ltsp (U) Enrico Zini <[EMAIL PROTECTED]> guessnet -- ,''`. : :' :Romain Francoise <[EMAIL PROTECTED]> `. `' http://people.debian.org/~rfrancoise/ `- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Xen support on Squeeze
Brian May writes: > http://blog.orebokech.com/2007/05/xen-security-or-lack-thereof.html links to > http://taviso.decsystem.org/virtsec.pdf. > I don't know for certain this applies to KVM, however I would assume so. Only to a certain extent. Nowadays Linux guests in KVM use virtio for disk/network devices and you can disable most of the rest (vga/cdrom, etc) if you only need a Xen replacement, leaving only a few emulated devices. You can additionally run the kvm processes unprivileged and chrooted on the host, and in some distributions you can even sandbox them using SELinux (Fedora/RHEL) or AppArmor (Ubuntu). Sadly, it seems that Debian isn't quite there yet. Also, it is my impression that QEMU receives much more attention now that KVM is popular, so its security record will probably improve over time. -- Romain Francoise http://people.debian.org/~rfrancoise/ -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Re: Accepted ssystem 1.6-14.1 (i386 source)
Konstantinos Margaritis <[EMAIL PROTECTED]> writes: > Format: 1.7 > Date: Thu, 9 Oct 2003 21:08:22 +0300 > Source: ssystem > Binary: ssystem > Architecture: source i386 > Version: 1.6-14.1 > Distribution: unstable > Urgency: low > Maintainer: [EMAIL PROTECTED] > Changed-By: Konstantinos Margaritis <[EMAIL PROTECTED]> > Description: > ssystem- 3D solar system simulator > Closes: 194342 > Changes: > ssystem (1.6-14.1) unstable; urgency=low > . >* NMU, closes bug (Closes: #194342) Heh? Please read section 5.11 of the Developer's Reference about non-maintainer uploads[1]. You're not supposed to set yourself as the Maintainer in the uploaded package; if you did that so that the bug is closed instead of being marked as fixed, then you didn't do it right. Moreover, you're supposed to send the diff of your NMU to the bug log, but I can't find it there. And finally, it looks like you uploaded directly to incoming and not to a delayed queue, which is the usual procedure for NMUs. The 0-day NMU period has been over for quite some time now. If you're not familiar with the procedure to follow for NMUs, please post a patch to the BTS and ask someone with more experience to do the actual NMU, don't hijack packages this way. Thanks, -- ,''`. : :' :Romain Francoise <[EMAIL PROTECTED]> `. `' http://people.debian.org/~rfrancoise/ `- [1] http://www.debian.org/doc/developers-reference/ch-pkgs.en.html#s-nmu pgpUMJy9eg6vp.pgp Description: PGP signature
Re: Accepted ssystem 1.6-14.1 (i386 source)
Colin Watson <[EMAIL PROTECTED]> writes: > Konstantinos' upload has the correct Maintainer: in the .dsc file. Ah right, I was somehow convinced that he had changed the control file and didn't check the .dsc. My bad. -- ,''`. : :' :Romain Francoise <[EMAIL PROTECTED]> `. `' http://people.debian.org/~rfrancoise/ `-
Re: Ubuntu discussion at planet.debian.org
Matthew Garrett <[EMAIL PROTECTED]> writes: >> Jerome, please, you could have asked me. I prepare an internal GR draft >> for exactly this issue, but it is to be made public on the day of the >> release, and better not before. We should concentrate on making the >> Sarge release ready, NOW. Do not start another flamewar. > Is the entire world on crack and I just failed to notice until now? Don't worry, we're preparing an internal General Resolution to address this crack problem, but you're not supposed to know about it. This is how we fix problems in Debian: hide them, then propose General Resolutions. -- ,''`. : :' :Romain Francoise <[EMAIL PROTECTED]> `. `' http://people.debian.org/~rfrancoise/ `-
Re: Ubuntu discussion at planet.debian.org
Eduard Bloch <[EMAIL PROTECTED]> writes: > And your point is..? ..lost on you, obviously. > It is our right to hide things. We do not hide problems, we hide > possible solutions. This is ludicrous. > And before you think about writing another message, think about the > reason for having the debian-private ML. I am well aware of the reason why we have this list and it is entirely irrelevant to this discussion. Let's end this farce: I will wait for your secret GR to be proposed, then we can have a more productive discussion. In the meantime, if the burden of keeping this miracle solution to yourself gets too heavy, feel free to share it with us mere mortals on a Debian list of your choice. Cheers, -- ,''`. : :' :Romain Francoise <[EMAIL PROTECTED]> `. `' http://people.debian.org/~rfrancoise/ `-
Heads-up: dpkg-buildflags switching to -fstack-protector-strong
Hi, dpkg-buildflags will soon start using -fstack-protector-strong instead of -fstack-protector as the compiler flag used to enable stack protection. The new flag is a new feature introduced in GCC 4.9, more information is available here: https://lwn.net/Articles/584225/ http://www.outflux.net/blog/archives/2014/01/27/fstack-protector-strong/ https://fedorahosted.org/fesco/ticket/1128 There was a previous discussion about this on the dpkg mailing list, see: https://lists.debian.org/debian-dpkg/2014/06/msg00031.html In preparation of this switch David Suárez did a full archive rebuild on EC2, the results of which are detailed in the post linked above. In summary, the bulk of the failures is for packages that explicitly use an older GCC version, which doesn't understand -fstack-protector-strong. If your package is affected, you will need to filter out the new flag and re-add the old one, or disable stack protection entirely (which is the least preferred option). See dpkg-buildflags(1) for details on how to do this. Also, if your package uses hardening-wrapper or hardening-includes, now would be a good time to switch to dpkg-buildflags. Finally, please note that this new flag will not be used on m68k, or1k, powerpcspe, sh4, and x32. The stack protector itself is currently disabled on ia64, alpha, mips, mipsel, hppa, and arm64. If you have any concerns or comments about this, please voice them now. Thanks, -- Romain Francoise http://people.debian.org/~rfrancoise/ -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87oaxhggd4@kima.orebokech.com
Re: [Pkg-swan-devel] say goodbye to network-manager-strongswan?
On Wed, Jul 16, 2014 at 03:40:13PM +0300, Riku Voipio wrote: > Since you seem to know the software well, and it is important for you, > perhaps you can take over maintainence of the package? The current > maintainer doesn't seem to be active (no upload since 2012..). > Alternatively the package could be maintained by the strongswan team? The strongswan team appears to have only two active members at the moment, Yves-Alexis and I, and I have no interest in maintaining network-manager-strongswan as I don't use network-manager myself. -- Romain Francoise http://people.debian.org/~rfrancoise/ -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/877g3do3hq@kima.orebokech.com
Rebuilding the archive with new build flags
Hi all, A few weeks ago I mentioned on -devel[1] that dpkg-buildflags would be switching from -fstack-protector to -fstack-protector-strong, a new GCC 4.9 feature. This change has now landed in unstable with dpkg 1.17.11. Moritz tells me that the Security Team can request binNMUs for a set of packages that have been identified as security-sensitive[2] if they don't get rebuilt with the new flag by the time we freeze for jessie. However, I think it would be better to ensure maximum coverage of the archive by rebuilding everything that can benefit from the flag, i.e. all the packages that use dpkg-buildflags via debhelper >= 9 or cdbs, and produce arch:any binaries. Has this kind of mass binNMU been attempted before? Who would I need to talk to to get this done at least on amd64 and i386 before the freeze? Thanks, [1]: https://lists.debian.org/debian-devel/2014/06/msg00453.html [2]: http://anonscm.debian.org/viewvc/secure-testing/hardening/ -- Romain Francoise http://people.debian.org/~rfrancoise/ signature.asc Description: PGP signature
Re: Bug#654116: RFH: screen -- terminal multiplexor with VT100/ANSI terminal emulation
Axel Beckert writes: >3) Tell people via the release notes that they should not run the > dist-upgrade inside screen, but inside tmux instead. Unfortunately tmux has an issue of its own for squeeze → wheezy upgrades, the socket path was changed from /var/run/tmux to /tmp in order to remove the setgid bit from the binary. So while the protocol itself hasn't changed, the new tmux won't see the old servers unless given the path explicitly (as documented in NEWS.Debian). -- Romain Francoise http://people.debian.org/~rfrancoise/ -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87sjjyy0co@silenus.orebokech.com
Re: Bug#644788: Bug#654116: RFH: screen -- terminal multiplexor with VT100/ANSI terminal emulation
Yaroslav Halchenko writes: > Thank you Axel for your detailed response and IMHO this is indeed close > to an ideal (lightweight, self-cleaning, etc) resolution for this > scenario. Of course the real lightweight, self-cleaning solution is to not do anything special as the old binary will be kept by the kernel as /proc//exe and can be used to reattach as long as the server is running. But I guess that for the sake of non-Linux users, keeping a copy in /tmp is more reasonable... -- Romain Francoise http://people.debian.org/~rfrancoise/ -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87zke4wxhr@silenus.orebokech.com
Re: Bug#654116: RFH: screen -- terminal multiplexor with VT100/ANSI terminal emulation
Jakub Wilk writes:
> Also, you just introduced a security hole: every user can DoS other one
> (including root) my mkdiring /tmp/tmux-${VICTIM_UID}.
See #620304 (and CVE-2011-1496) for more context about this.
--
Romain Francoise
http://people.debian.org/~rfrancoise/
--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/87pqf0wwbx@silenus.orebokech.com
Re: Bug#644788: Bug#654116: RFH: screen -- terminal multiplexor with VT100/ANSI terminal emulation
Axel Beckert writes: > And I can't really execute it, neither as the user owning the screen > session nor as root: > ~ # /proc/32039/exe -ls > zsh: permission denied: /proc/32039/exe Yes, /proc is mounted noexec so you need to use the ld-linux.so trick. But now that I actually try it, I realize that it makes screen lose its setgid bit, so it doesn't actually work in this context: root@silenus:~# screen -ls There is a screen on: 12255.pts-17.silenus(01/03/2012 07:44:49 PM)(Detached) 1 Socket in /var/run/screen/S-root. root@silenus:~# rm /usr/bin/screen root@silenus:~# file -L /proc/12255/exe /proc/12255/exe: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.18, BuildID[sha1]=0xc95e778d3362448aa7bfe3191f007d225652dc0a, stripped root@silenus:~# /proc/12255/exe -ls -su: /proc/12255/exe: Permission denied root@silenus:~# /lib/x86_64-linux-gnu/ld-linux-x86-64.so.2 /proc/12255/exe -ls Directory '/var/run/screen' must have mode 777. root@silenus:~# Sorry for the false alarm. :) -- Romain Francoise http://people.debian.org/~rfrancoise/ -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87lipowr42@silenus.orebokech.com
Bug#1035663: ITP: foomuuri -- multizone bidirectional nftables firewall
Package: wnpp Severity: wishlist Owner: Romain Francoise X-Debbugs-Cc: debian-devel@lists.debian.org * Package name: foomuuri Version : 0.18 Upstream Contact: "Kim B. Heino" * URL : https://github.com/FoobarOy/foomuuri * License : GPL-2.0 Programming Lang: Python Description : multizone bidirectional nftables firewall Foomuuri is a firewall generator for nftables based on the concept of zones. It is suitable for all systems from personal machines to corporate firewalls, and supports advanced features such as a rich rule language, IPv4/IPv6 rule splitting, dynamic DNS lookups, a D-Bus API and firewalld emulation for NetworkManager's zone support.
