Hi all,
Had an argument over the weekend about which kernels are vulnerable to
the exploit that was used to take gluck down. I maintained that only
kernels >= 2.6.13 and <= 2.6.17.4 are vulnerable, but in the end I
proved myself wrong when I took the exploit code, changed the line
that says:
On Sun, Jul 16, 2006 at 08:14:48PM +0200, Wouter Verhelst wrote:
> For starters, we'd need a *lot* of hardware to be able to do all these
> builds. Many of them will fail, because there *will* be people who will
> neglect to test their builds, and they will hog the machine so that
> other people (w
Wouter Verhelst <[EMAIL PROTECTED]> writes:
> On Sun, Jul 16, 2006 at 06:31:56PM +0200, Ludovic Brenta wrote:
>> Also, I would propose that a list, [EMAIL PROTECTED], or even better, a
>> pseudo-package, buildd, be created for such issues. buildd would
>> complement ftp.debian.org as a central pla
martin f krafft <[EMAIL PROTECTED]> writes:
> An upload request (as I call them) would be a .changes file sent to
> the buildd, which would check it for validity and then start
> fetching the components to assemble the source package. So the
At home I had my buildd setup so I could just dump an u
This one time, at band camp, Wouter Verhelst said:
> All that being said, I'm not convinced doing sourceless uploads is
> actually a good idea. It's been proposed in the past, but I've never
> seen arguments that convinced me it would be a good idea. The difference
> with this idea is that you coul
Le vendredi 07 juillet 2006 à 23:54 +0200, Javier Fernández-Sanguino
Peña a écrit :
> I can do the security risk analysis for you: granting remote root through a
> web
> server application is a recipe for disaster, those tactics where (or should
> have been) abandoned ages ago.
Unfortunately web
Le mercredi 12 juillet 2006 à 01:02 +0100, Matthew Garrett a écrit :
> Now, this can quite easily be worked around by Joerg agreeing that all
> of the software in the cdrecord tarball can be treated under the terms
> of the CDDL (assuming that he has the right to do so, of course - any
> signifi
Adam Borowski <[EMAIL PROTECTED]> writes:
> On Sun, Jul 16, 2006 at 10:11:41AM +0200, Thijs Kinkhorst wrote:
>>
>> I agree that that is a common type of file to recover, so that would
>> make it more appropriate to Recommend cpio rather than Suggest.
>
> "a common type"? Come on, that's not just
On Sun, Jul 16, 2006 at 04:47:12PM +1000, Anthony Towns wrote:
> Hi all,
>
> At https://wiki.ubuntu.com/NoMoreSourcePackages is a description of
> the new world order for Ubuntu packages -- which will simplify making
> changes to Ubuntu packages to a matter of simply committing the change
> to the
On Sun, Jul 16, 2006 at 06:31:56PM +0200, Ludovic Brenta wrote:
> Wouter Verhelst <[EMAIL PROTECTED]> writes:
> > On Sat, Jul 15, 2006 at 10:55:32PM +0200, Ludovic Brenta wrote:
> >> Where should I ask for help? Neither buildd.debian.org nor
> >> www.debian.org/devel/buildd, mention where the buil
Wouter Verhelst <[EMAIL PROTECTED]> writes:
> On Sat, Jul 15, 2006 at 10:55:32PM +0200, Ludovic Brenta wrote:
>> Where should I ask for help? Neither buildd.debian.org nor
>> www.debian.org/devel/buildd, mention where the buildd admins can be
>> reached; and lists.debian.org does not have a "build
On Sat, Jul 15, 2006 at 10:55:32PM +0200, Ludovic Brenta wrote:
> Where should I ask for help? Neither buildd.debian.org nor
> www.debian.org/devel/buildd, mention where the buildd admins can be
> reached; and lists.debian.org does not have a "buildd@" list.
<[EMAIL PROTECTED]>. I just committed
also sprach Thijs Kinkhorst <[EMAIL PROTECTED]> [2006.07.16.1521 +0200]:
> But more importantly, I don't think that strictly requiring that a
> package is lintian errors clean is a good idea anyway. Suppose that
> there's a security bug in a package that I want to fix quickly. Lintian
> yields an e
On Sun, 2006-07-16 at 14:24 +0200, martin f krafft wrote:
> While it's easy to conceive such certificates, and easy to add such
> functionality to the checker programmes, it seems impossible to make
> it such that they cannot be faked.
I don't like the certificate idea for two reasons.
First, if
Package: wnpp
Severity: wishlist
Owner: Jose Carlos Garcia Sogo <[EMAIL PROTECTED]>
* Package name: gsf-sharp
Version : 0.7.0
Upstream Author : Martin Willemoes Hansen <[EMAIL PROTECTED]>
* URL : http://svn.myrealbox.com/source/trunk/gsf-sharp/
* License : LGPL
also sprach Anthony Towns [2006.07.16.1320 +0200]:
> > http://blog.madduck.net/debian/2005.08.11-rcs-uploads ...
>
> Wow has it really been that long?
>
> Has any code come of it yet?
Well, for one I have not really gotten any input from people, but
that's also partially my fault. I was also di
On Sun, Jul 16, 2006 at 10:11:41AM +0200, Thijs Kinkhorst wrote:
> On Sun, 2006-07-16 at 13:14 +0800, Paul Wise wrote:
> > I will drop the version from the description and add cpio to the
> > suggests.
> >
> > I added the suggestion to the description because I guess that .tar.gz
> > will be the
On Sun, Jul 16, 2006 at 09:10:20AM +0200, martin f krafft wrote:
> also sprach Anthony Towns [2006.07.16.0847 +0200]:
> > At https://wiki.ubuntu.com/NoMoreSourcePackages is a description of
> > the new world order for Ubuntu packages -- which will simplify making
> > changes to Ubuntu packages to
On Sun, Jul 16, 2006 at 10:12:37AM +0200, Goswin von Brederlow wrote:
> Will you setup the Debian DAK to allow source only uploads and apply
> patches to wanna-build and buildd for anyone willing to work on this?
No. All the above should be doable without needing any changes to any of
the project
On Sat, Jul 15, 2006 at 10:55:32PM +0200, Ludovic Brenta wrote:
> I will upload ~20 source packages in the next few weeks, adding
> support for more architectures to each package. So I'm really looking
> for a general solution and not one that only applies to asis.
Why aren't those packages arch:
* Anthony Towns [060716 08:48]:
> The idea would be, I guess, to be able to setup pbuilder on a server
> somewhere, have it watch for a build instruction -- and then automatically
> check out the source, run a build with pbuilder, make the build log
> available, and if the build was successful, ma
Anthony Towns writes:
> Hi all,
>
> At https://wiki.ubuntu.com/NoMoreSourcePackages is a description of
> the new world order for Ubuntu packages -- which will simplify making
> changes to Ubuntu packages to a matter of simply committing the change
> to the source repository with bzr, and running
On Sun, 2006-07-16 at 13:14 +0800, Paul Wise wrote:
> On Thu, 2006-07-13 at 19:35 +0800, Paul Wise wrote:
>
> > Please install cpio 2.5 or higher to facilitate recovery from damaged
> > gzipped tarballs.
>
> I will drop the version from the description and add cpio to the
> suggests.
>
> I adde
* Paul Wise <[EMAIL PROTECTED]> [2006-07-16 07:17]:
> On Thu, 2006-07-13 at 19:35 +0800, Paul Wise wrote:
>
> > Please install cpio 2.5 or higher to facilitate recovery from damaged
> > gzipped tarballs.
>
> I will drop the version from the description and add cpio to the
> suggests.
>
> I add
On Sun, 2006-07-16 at 16:47 +1000, Anthony Towns wrote:
> Hi all,
>
> At https://wiki.ubuntu.com/NoMoreSourcePackages is a description of
> the new world order for Ubuntu packages -- which will simplify making
> changes to Ubuntu packages to a matter of simply committing the change
> to the source
also sprach Anthony Towns [2006.07.16.0847 +0200]:
> At https://wiki.ubuntu.com/NoMoreSourcePackages is a description of
> the new world order for Ubuntu packages -- which will simplify making
> changes to Ubuntu packages to a matter of simply committing the change
> to the source repository with
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Paul Wise wrote:
> On Thu, 2006-07-13 at 19:35 +0800, Paul Wise wrote:
>
>> Please install cpio 2.5 or higher to facilitate recovery from
>> damaged gzipped tarballs.
>
> I will drop the version from the description and add cpio to the
> suggests.
27 matches
Mail list logo
