Package: wnpp
X-Debbugs-CC: whonix-de...@whonix.org
* Package name: GNU Guix
Version : 0.12.0
Upstream Author : Ludovic Courtès
* URL : https://www.gnu.org/software/guix/
* License : GPLv3+
Programming Lang: Guile Scheme, C++
Description : A funct
Package: wnpp
X-Debbugs-CC: whonix-de...@whonix.org
* Package name: AnnealMail
Version : 2.0
Upstream Author : Nick Doiron
* URL : https://github.com/annealmail/annealmail
* License : MPLv2
Programming Lang: JS
Description : Icedove plugin based on
Package: gnunet
Version: 0.10.1-4
Severity: normal
Hi Bertrand,
I'm a Whonix OS dev (an anonymity OS based on Debian stable) and we are
looking at shipping GNUnet to our users. From my experiments the version
in stable is not current enough to connect to the network. I confirmed
this with the
Package: foxyproxy
Version: 3.4-1.1
Dear maintainer, please consider patching the package source to remove
the premium proxy advertising page that opens on first start. For
anonymity OSes like Whonix and Tails this is very bad advice for users.
(We rely on this plugin to make Tor Browser work
On 2016-10-01 08:15, Jason Crain wrote:
On Thu, Sep 29, 2016 at 10:22:52PM +0200, ban...@openmailbox.org wrote:
Dear maintainer, I am trying to install codecrypt from a pinned sid
repo
on Jessie.
You are mixing the stable and unstable releases. Do not do this. It
will break things. See h
On 2016-09-30 17:30, Ximin Luo wrote:
Control: notfound -1 1.7.5-1
Control: close -1 1.7.5-1
There is no bug, see below.
ban...@openmailbox.org:
Hi. Yes should be up to date. Here are the instructions I wrote for
installing codecrypt. I think they are correct way to use pinning.
Please correc
On 2016-09-30 14:35, Ximin Luo wrote:
ban...@openmailbox.org:
libstdc++6 insists on libkolabxml1 1.1.0-3 while the newest version
available in sid is 1.0.2-2
$ apt-cache policy libkolabxml1v5
libkolabxml1v5:
Installed: (none)
Candidate: 1.1.4-1+b1
Version table:
1.1.4-1+b1 990
Package: codecrypt
Version: 1.7.5-1
Owner: exa@gmail.com
Dear maintainer, I am trying to install codecrypt from a pinned sid
repo on Jessie.
After including other dependency packages as well, apt has run into a
unresolvable dependency requirement. libstdc++6 insists on libkolabxml1
1
I've given this some thought:
While firecfg handles symlinks well and per package hacks to create
symlinks are no longer necessary, it still needs a way to make it
seamless and automatically protect users. There is already precedent in
Debian for automatic protection should a security applica
On 2016-03-02 08:43, Dato Simó wrote:
While sill a long way Reproducible builds might pose a problem for a
Grsec
kernel when CONFIG_GRKERNSEC_RANDSTRUCT is set to 'y' because this
feature
randomizes kernel symbols and structures during compilation and is not
meant
to be the same. For a publicly
Sorry my mailbox was overloaded with backlog.
You're right firecfg does everything I hoped for and survives package
upgrades :)
However Iceweasel did not get symlinked because it was not recognized
somehow so I asked netblue about it on Github.
Note that config-package-dev is already available in Debian Jessie:
https://packages.debian.org/jessie/devel/config-package-dev
Package: firejail
Version: 0.9.38-1
Severity: wishlist
At the moment there is no way to make all programs start with firejail
automatically. Beginner users can't be expected to start a terminal
every time they want to launch a program. This usability problem can be
a hurdle for widespread adop
On 2016-03-02 08:18, Yves-Alexis Perez wrote:
On mar., 2016-03-01 at 18:19 +, ban...@openmailbox.org wrote:
What about adding these kernel configuration settings as options to
the
source package's feature control sets?
Again, I have no interest in this so someone has to step up and commi
Package: linux-grsec
Severity: normal
While sill a long way Reproducible builds might pose a problem for a
Grsec kernel when CONFIG_GRKERNSEC_RANDSTRUCT is set to 'y' because this
feature randomizes kernel symbols and structures during compilation and
is not meant to be the same. For a publicl
Package: glibc
Version: 2.21-9
Severity: high
Hi. After the recent glibc debacle I came across a patch to harden this
important library against common attack vectors. Please think about
reviewing and adding in Debian. The author warned there may be some
package breakage but nothing too serious
On 2016-03-01 08:18, Yves-Alexis Perez wrote:
control: tag -1 wontfix
I'm not myself interested in supporting Grsec running as guest,
especially as
PV guest inside Xen, as I don't use that *at all*.
While I'm not against people doing that at home, I won't spend time on
it, so
someone has to
Package: linux-grsec-base
Version: 4
Severity: normal
Dear Maintainer,
Debian is widely deployed on hypervisors for desktop and server use.
Unfortunately the current Grsec kernel binary does not run on a host
supporting virtualization or inside any hypervisor. Debian has a rule to
prevent pac
On 2016-01-26 10:15, Yves-Alexis Perez wrote:
I don't touch any KVM settings so it /should/ work as is. Without more
information I can't do anything. Also please try not to report new
stuff on
existing bugs.
Regards,
Right but for virtualization support I had to choose the hypervisor
expli
On 2016-01-19 20:54, Yves-Alexis Perez wrote:
Note, as the blog post says, that it's *secure* default, because each
and
every use is different, and people have to make their own choices. It
might
make sense to ship multiple config files (or rather, have different
packages),
like “desktop” or
Package: linux-grsec-base
Version: 4
Severity: normal
Dear Maintainer,
I've been working on some grsec.conf settings for our distro (based on
recommendations you made in your last blog post) but I see the most
appropiate place for them is upstream.
Please take a look and decide if you can in
Package: wnpp
X-Debbugs-CC: deskt...@secure-os.org
* Package name: paxrat
Version : 1
Upstream Author : David McKinney
* URL : https://github.com/subgraph/paxrat
* License : GPLv3
Programming Lang: Go
Description : PaX exception daemon for Debian packag
I've been experimenting with the source package in unstable. There is
still some security advantages of building the source package such as
unique RANDSTRUCT values not known publicly:
https://github.com/Whonix/grsecurity-installer/issues/1#issuecomment-169819722
Installing the build dependenc
Is there other ways to deal with unwanted network stack modules like
Appletalk besides going in and manually disabling them in config before
compiling?
Is disabling module loading enough?
Please give some insight if its okay to discuss.
I just wanted to mention Git tag signing. Its a very useful security
feature we use for protecting source code builds in our project.
https://git-scm.com/book/en/v2/Git-Tools-Signing-Your-Work
On 2015-12-20 09:51, Yves-Alexis Perez wrote:
On dim., 2015-12-20 at 00:32 +, ban...@openmailbox.org wrote:
Hi. After testing the kernel X doesn't boot because restrict mprotect
is
enabled.
Hi,
it's most likely because you're using nvidia/nouveau or amd/radeon
graphic
card, and the us
Hi. After testing the kernel X doesn't boot because restrict mprotect is
enabled. Are there plans to integrate a PaX exception list so mprotect
can be enabled system wide while common software can still work?
Package: apt
Version: all
Sometimes apt/dpkg can contain vulnerable, remotely exploitable bugs
which s a big risk when used over the untrusted internet. As it happens,
anyone could have been in a position to run man-in-the-middle attacks
with the latest security hole [CVE-2014-6273] in apt-ge
Package: curl
Version: 7.26.0-1
Owner: gh...@debian.org
We currently use curl in a security sensitive context and therefore
I'm looking to harden it as much as possible against remote
exploitation. I was wondering if you can further harden the binary by
enabling full RELRO support and PIE as
29 matches
Mail list logo
