On 03/21/2010 08:47 PM, Gaurish Sharma wrote:
On Wednesday 17 Mar 2010 8:09:47 am Nilesh Govindarajan wrote:
I would love to jump into pacman-dev team. But I don't know C or C++
whatever pacman is written in. :( :( :(
I can contribute in PHP.
Hi,
Please help in AUR, there is lot of work needed
On Wednesday 17 Mar 2010 8:09:47 am Nilesh Govindarajan wrote:
> I would love to jump into pacman-dev team. But I don't know C or C++
> whatever pacman is written in. :( :( :(
> I can contribute in PHP.
Hi,
Please help in AUR, there is lot of work needed to be done.
http://bugs.archlinux.org/index
On Tue, Mar 16, 2010 at 10:39 PM, Nilesh Govindarajan wrote:
> I would love to jump into pacman-dev team. But I don't know C or C++
> whatever pacman is written in. :( :( :(
> I can contribute in PHP.
You might then want to look into helping out the devs of the AUR
webapp, if you care about it. T
I would love to jump into pacman-dev team. But I don't know C or C++
whatever pacman is written in. :( :( :(
I can contribute in PHP.
--
Nilesh Govindarajan
Site & Server Administrator
www.itech7.com
On Mon, Mar 15, 2010 at 5:43 PM, Ananda Samaddar
> Would there be any enthusiasm for a dedicated security team? I feel
> strongly enough about it that if something can't be done then I'm
> switching to another distro. Despite the fact that I really like Arch,
> it's one deficiency is a pretty gla
On Tue, Mar 16, 2010 at 10:30 AM, Aaron Griffin wrote:
> Is this a feature request in the bug tracker? Please add it if you
> want this functionality. That's the only way it will ever happen
>
It's been there for years: http://bugs.archlinux.org/task/11091
I just wanted to point out that the "md
On Tue, Mar 16, 2010 at 12:34 PM, Daenyth Blank wrote:
> On Tue, Mar 16, 2010 at 13:24, Nilesh Govindarajan wrote:
>> Let this thread not be just another "Will be nice" one. Pacman devs,
>> please start implementing these package verification things.
> And you're paying them how much that allows
On 03/16/2010 07:24 PM, Nilesh Govindarajan wrote:
On Tue, Mar 16, 2010 at 10:48 PM, Jared Casper wrote:
On Tue, Mar 16, 2010 at 8:49 AM, Aaron Griffin wrote:
On Tue, Mar 16, 2010 at 12:32 AM, Nilesh Govindarajan wrote:
I don't think we need any security team for Arch. New packages are
rele
On Tue, Mar 16, 2010 at 12:18 PM, Jared Casper wrote:
> On Tue, Mar 16, 2010 at 8:49 AM, Aaron Griffin
> wrote:
>> On Tue, Mar 16, 2010 at 12:32 AM, Nilesh Govindarajan
>> wrote:
>>> I don't think we need any security team for Arch. New packages are
>>> released within a week of their updates.
On Tue, Mar 16, 2010 at 1:24 PM, Nilesh Govindarajan wrote:
> On Tue, Mar 16, 2010 at 10:48 PM, Jared Casper wrote:
>> On Tue, Mar 16, 2010 at 8:49 AM, Aaron Griffin
>> wrote:
>>> On Tue, Mar 16, 2010 at 12:32 AM, Nilesh Govindarajan
>>> wrote:
I don't think we need any security team for
Am Dienstag, 16. März 2010 18:24:46 schrieb Nilesh Govindarajan:
> Let this thread not be just another "Will be nice" one. Pacman devs,
> please start implementing these package verification things.
You got it wrong. Nothing will change until you start working on this. I have
seen those discussio
On Tue, Mar 16, 2010 at 13:24, Nilesh Govindarajan wrote:
> Let this thread not be just another "Will be nice" one. Pacman devs,
> please start implementing these package verification things.
And you're paying them how much that allows you to tell them what to
work on? Seriously, patches welcome.
On Tue, Mar 16, 2010 at 10:48 PM, Jared Casper wrote:
> On Tue, Mar 16, 2010 at 8:49 AM, Aaron Griffin
> wrote:
>> On Tue, Mar 16, 2010 at 12:32 AM, Nilesh Govindarajan
>> wrote:
>>> I don't think we need any security team for Arch. New packages are
>>> released within a week of their updates.
On Tue, Mar 16, 2010 at 8:49 AM, Aaron Griffin wrote:
> On Tue, Mar 16, 2010 at 12:32 AM, Nilesh Govindarajan
> wrote:
>> I don't think we need any security team for Arch. New packages are
>> released within a week of their updates. GPG signing and md5sum
>> verification is a must though.
>
> md
On Tue, Mar 16, 2010 at 12:32 AM, Nilesh Govindarajan wrote:
> I don't think we need any security team for Arch. New packages are
> released within a week of their updates. GPG signing and md5sum
> verification is a must though.
md5sum verification has ALWAYS been done
On 03/16/2010 06:53 PM, Chris Allison wrote:
I would have thought that this only makes sense in the context of a
"point-in-time release". i.e. you have a server which isn't updated as
regularly as your desktop. The onus then is on the user to ensure
that the versions of packages they are using a
I would have thought that this only makes sense in the context of a
"point-in-time release". i.e. you have a server which isn't updated as
regularly as your desktop. The onus then is on the user to ensure
that the versions of packages they are using are "safe".
I don't see this as a problem with
I don't think we need any security team for Arch. New packages are
released within a week of their updates. GPG signing and md5sum
verification is a must though.
--
Nilesh Govindarajan
Site & Server Administrator
www.itech7.com
On 15/03/10 23:03, Xavier Chantry wrote:
> On Mon, Mar 15, 2010 at 11:42 PM, Magnus Therning wrote:
[..]
>>> 2) resume and finish the gpg work for pacman & friends
>>
>> Sure, that is worth doing. Is it really a task for a dedicated security
>> team?
>> It sounds more like a one-time thing for a
On Mon, Mar 15, 2010 at 11:42 PM, Magnus Therning wrote:
>>
>> 1) what allan said :
>> A group could monitor security issues and file bugs to get the devs to
>> fix them.
>
> Is there any evidence that this is actually needed?
>
No, Allan asked for some numbers, and I am curious too.
> My impres
On 16/03/10 08:42, Magnus Therning wrote:
On 15/03/10 22:34, Xavier Chantry wrote:
On Mon, Mar 15, 2010 at 11:18 PM, Magnus Therning wrote:
After a quick look at it I don't see much that would apply though. Arch
doesn't have releases. Arch follows upstream releases very closes (in some
cases
On 15/03/10 22:34, Xavier Chantry wrote:
> On Mon, Mar 15, 2010 at 11:18 PM, Magnus Therning wrote:
>> After a quick look at it I don't see much that would apply though. Arch
>> doesn't have releases. Arch follows upstream releases very closes (in some
>> cases even too closely ;-)
>>
>> So, if
On Mon, Mar 15, 2010 at 11:18 PM, Magnus Therning wrote:
> After a quick look at it I don't see much that would apply though. Arch
> doesn't have releases. Arch follows upstream releases very closes (in some
> cases even too closely ;-)
>
> So, if there is no need for backporting to a set of pac
On 15/03/10 22:03, Ananda Samaddar wrote:
> On Mon, 15 Mar 2010 14:56:32 -0700
> Thayer Williams wrote:
>>
>> No offence taken and FWIW a lot of people switch distros because of
>> one or two fundamental needs that aren't meant. This wouldn't be any
>> different.
>>
>> Look forward to hearing wha
On 15/03/10 21:43, Ananda Samaddar wrote:
[..]
> Would there be any enthusiasm for a dedicated security team? I feel
> strongly enough about it that if something can't be done then I'm switching
> to another distro. Despite the fact that I really like Arch, it's one
> deficiency is a pretty glarin
On Mon, 15 Mar 2010 14:56:32 -0700
Thayer Williams wrote:
>
> No offence taken and FWIW a lot of people switch distros because of
> one or two fundamental needs that aren't meant. This wouldn't be any
> different.
>
> Look forward to hearing what you have to say...
I'd like to help get things
On 16/03/10 07:43, Ananda Samaddar wrote:
On Tue, 16 Mar 2010 07:29:45 +1000
Allan McRae wrote:
As an aside, I would like to see some numbers on where we could
improve in this area. I have been following the CVE announcements
and several other distros security releases for the past few months
On Mon, Mar 15, 2010 at 2:56 PM, Thayer Williams wrote:
> On Mon, Mar 15, 2010 at 2:43 PM, Ananda Samaddar
> wrote:
>> Would there be any enthusiasm for a dedicated security team? I feel
>> strongly enough about it that if something can't be done then I'm
>> switching to another distro. Despite
On Mon, Mar 15, 2010 at 2:43 PM, Ananda Samaddar wrote:
> Would there be any enthusiasm for a dedicated security team? I feel
> strongly enough about it that if something can't be done then I'm
> switching to another distro. Despite the fact that I really like Arch,
> it's one deficiency is a pre
On Tuesday 16 Mar 2010 2:59:45 am Allan McRae wrote:
>
> As an aside, I would like to see some numbers on where we could improve
> in this area. I have been following the CVE announcements and several
> other distros security releases for the past few months and from what I
> see, I believe Arc
On Mon, Mar 15, 2010 at 17:43, Ananda Samaddar wrote:
> Would there be any enthusiasm for a dedicated security team?
This has been proposed multiple times, but oddly enough no one who has
proposed it has ever taken any steps to make it happen...
On Tue, 16 Mar 2010 07:29:45 +1000
Allan McRae wrote:
>
> As an aside, I would like to see some numbers on where we could
> improve in this area. I have been following the CVE announcements
> and several other distros security releases for the past few months
> and from what I see, I believe Arc
On 16/03/10 06:37, Aaron Griffin wrote:
On Mon, Mar 15, 2010 at 3:03 PM, Pierre Schmitz wrote:
Am Montag, 15. März 2010 20:54:03 schrieb Ananda Samaddar:
The reason I'm asking is I want to know to whom I address my proposals
when they are finished.
Simple: File a bug report or feature reques
On Mon, Mar 15, 2010 at 3:03 PM, Pierre Schmitz wrote:
> Am Montag, 15. März 2010 20:54:03 schrieb Ananda Samaddar:
>> The reason I'm asking is I want to know to whom I address my proposals
>> when they are finished.
>
> Simple: File a bug report or feature request at bugs.archlinux.org. No idea
>
Am Montag, 15. März 2010 20:54:03 schrieb Ananda Samaddar:
> The reason I'm asking is I want to know to whom I address my proposals
> when they are finished.
Simple: File a bug report or feature request at bugs.archlinux.org. No idea
what your "proposals" are about but you should make sure they o
Further to my previous email a while back I've started work on some
proposals that I'd like to pitch to the Arch community and the powers
that be. They aren't finished yet but should be soon. The thing is
I'm not really aware of the 'chain of command' in Arch. Aaron Griffin,
are you the 'benevol
36 matches
Mail list logo
