ystem libraries, which is
something we explicitly don't want.
cheers,
kpcyrd
, but it's not like we're transferring
over the archlinux.org domain, or them naming their next operating
system release Arch Linux 12.
Does anybody know how Ubuntu dealt with this?
cheers,
kpcyrd
ul, even on non-Arch Linux computers.
I think considering WSL related bug reports as low priority is very
acceptable, and treat it more like a best-effort project instead of
blocking it outright.
cheers,
kpcyrd
On 1/23/25 10:50 PM, Morten Linderud wrote:
FOSDEM is approaching and several Arch contributors and maintainers are holding
talks next weekend. I have taken the liberty to collect up all the talks in this
email so other staff, and users, are aware.
# kpcyrd (together with h01ger from Debian
stem is enough work
to warrant an interim solution. I've been doing this kind of copyright
annotation work for Debian for just shy of about 300 packages and it's a
heroic amount of work to do this for the entire operating system.
cheers,
kpcyrd
posed to give guidance on what to code review. This is also why I
think code signing by upstream is somewhat low priority, since the big
distros can form consensus around "what's the source code" regardless.
https://github.com/kpcyrd/backseat-signed
The README shows how to veri
epro-env[4] that I'm currently trying to land[5] in
ubuntu 24.04 LTS, but is blocked by Debian's libnettle[6].
[4]: https://github.com/kpcyrd/repro-env
[5]: https://tracker.debian.org/pkg/rust-repro-env
[6]: https://tracker.debian.org/pkg/nettle
cheers,
kpcyrd
ly any memory-corruption based exploits for Go software.
## Motivation
- Most of our Go software is currently not reproducible due to Cgo,
including core/libcap, which is the last unreproducible package in
docker.io/library/archlinux
- The barrier for packaging Go in Arch Linux is currently somewhat high
(compared to e.g. packaging Rust), the guideline requires too much
interpretation and could be improved
- Quirks that are only needed for old Go projects (like 2.1.1) should be
listed towards the end instead of being the first code block in the
guideline
---
cheers,
kpcyrd
hello,
I released a tool recently that I'd like to share with this list:
https://github.com/kpcyrd/archlinux-userland-fs-cmp
It's supposed to be used from a rescue image (any Linux) with an Arch
install mounted to e.g. /mnt. It does the following:
- Open /mnt/var/lib/pacman and e
t/4f4be00d302bc52d0d9d5a3d4738bb525066c710
I don't know if there's some kind of gzip standard that could be used to
align the git internal gzip implementation with gnu gzip.
I'm not saying this is necessarily a bug or regression but it makes it
harder to reproduce github tar balls from a git repository. Just sharing
what I've debugged. :)
cheers,
kpcyrd
dependencies.
Announcement blog post:
https://vulns.xyz/2022/10/updlockfiles/
Repository:
https://github.com/kpcyrd/updlockfiles
cheers,
kpcyrd
ohai!
I blogged about a new tool that can be used to verify a tarball from a
signed git tag, while still pinning the sourcecode with >= sha256sum:
https://vulns.xyz/2022/05/auth-tarball-from-git/
Let me know what you think - that's all,
kpcyrd
12 matches
Mail list logo
