On Do, 15 Mai 2008, Peter Palfrader wrote:
> > > I beg to differ. This particular mail is important enough to be sent to
> > > d-d-a instead of d-i-a.
> >
> > I agree, dia is not what I would be subscribed to under normal
> > circumstances, and with all the caos that type of announce is for dda.
>
On Thu, 15 May 2008, Steve Langasek wrote:
> > 2) Introduce a default-mta package (currently) depending on exim4. All
> > packages requiring a MTA should depend on default-mta |
> > mail-transport-agent.
> > This will have the extra advantage that we (and others like CDDs and
> > derived
> >
The following is a listing of packages for which help has been requested
through the WNPP (Work-Needing and Prospective Packages) system in the
last week.
Total number of orphaned packages: 433 (new: 6)
Total number of packages offered up for adoption: 104 (new: 6)
Total number of packages request
On Thu, May 15, 2008 at 11:30:40PM +0200, Peter Palfrader wrote:
> On Thu, 15 May 2008, Norbert Preining wrote:
>
> > On Do, 15 Mai 2008, Mike Hommey wrote:
> > > I beg to differ. This particular mail is important enough to be sent to
> > > d-d-a instead of d-i-a.
> >
> > I agree, dia is not what
Peter Samuelson <[EMAIL PROTECTED]> writes:
>
> Who is this "we"? Whose serious efforts? Who is investigating? Most
> importantly, should we assume that, as in the past, you, Mike Bird,
> intend to do nothing but talk?
I think this is a common stylistic choice. I consider myself part of
the De
I notice that pwsafe is linked against openssl. Is it affected by the
recent debacle and if so, how? Do I need to regenerate all my
randomized passwords, or somehow re-encrypt the pwsafe database?
Thanks,
Daniel
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscri
On Friday 16 May 2008 10:20, Charles Plessy wrote:
> Since the revitalisation of sbackup is expected after the freezing of
> Lenny, we have to solve the most important bugs of the current version
> of sbackup. I do not know enough of python for helping on bug #427697
> (the gid of the backups). If
Steve Langasek <[EMAIL PROTECTED]> writes:
> On Fri, May 16, 2008 at 02:10:39AM +0200, Eugeniy Meshcheryakov wrote:
>> 15 ÑÑÐ°Ð²Ð½Ñ 2008 о 16:24 -0700 Steve Langasek напиÑав(-ла):
>> > > What concerns me about this approach is that it could easilly end up
>> > > with
>> > > dist-upg
Steve Langasek <[EMAIL PROTECTED]> writes:
> sensible-editor and sensible-browser are /commands/
Provided by the 'debianutils' package.
> default-mta is not at all like this.
You're right, I'm wrong. Thanks for clearing my confusion.
--
\ "Hey Homer! You're late for English!" "Pff! Engl
On Fri, May 16, 2008 at 10:53:03AM +1000, Ben Finney wrote:
> Steve Langasek <[EMAIL PROTECTED]> writes:
> > On Thu, May 15, 2008 at 11:33:04PM +0200, Sune Vuorela wrote:
> > > 2) Introduce a default-mta package (currently) depending on exim4.
> > > All packages requiring a MTA should depend on d
Steve Langasek <[EMAIL PROTECTED]> writes:
> On Thu, May 15, 2008 at 11:33:04PM +0200, Sune Vuorela wrote:
>
> > 2) Introduce a default-mta package (currently) depending on exim4.
> > All packages requiring a MTA should depend on default-mta |
> > mail-transport-agent. This will have the extra ad
This one time, at band camp, Mike Bird said:
> Yet Debian makes it hard for people to help. Like most software
> engineers I simply don't have the time to waste on Debian's NM
> process. Debian's processes are indisputably Debian's decision
> alone, but Debian has to live with the consequences ..
On Fri, May 16, 2008 at 02:10:39AM +0200, Eugeniy Meshcheryakov wrote:
> 15 травня 2008 о 16:24 -0700 Steve Langasek написав(-ла):
> > > What concerns me about this approach is that it could easilly end up with
> > > dist-upgrades swapping out users mail systems without warning. I would
> > > con
Le Fri, May 16, 2008 at 01:22:12AM +0300, Aigars Mahinovs a écrit :
>
> The upstream situation is not as clear cut - I've been making every
> effort to a new and enthusiastic developer (Ouattara Oumar Aziz) take
> over the upstream development of SBackup peacefully.
> I am discussing the future o
15 травня 2008 о 16:24 -0700 Steve Langasek написав(-ла):
> > What concerns me about this approach is that it could easilly end up with
> > dist-upgrades swapping out users mail systems without warning. I would
> > consider such behaviour unacceptable as it could easilly cause mail loss
>
> Er,
On Thu, May 15, 2008 at 11:33:04PM +0200, Sune Vuorela wrote:
> Noticing among others this bug report
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=322751 and observing the
> many packages depending on $MTA | mail-transport-agent with $MTA having
> values like postfix, exim, exim4, sendmai
Mike Bird <[EMAIL PROTECTED]> writes:
> All of the MTA's provide mail-transport-agent. I had assumed that apt
> would choose between them on the basis that exim4-daemon-light is the
> only provider with priority standard, the others being optional or extra.
>
> If apt does not consider package p
On Thu, May 15, 2008 at 11:39:36PM +0100, peter green wrote:
>> 2) Introduce a default-mta package (currently) depending on exim4. All
>> packages requiring a MTA should depend on default-mta |
>> mail-transport-agent. This will have the extra advantage that we (and
>> others like CDDs and der
peter green <[EMAIL PROTECTED]> writes:
> It seems to me that the ideal soloution would be to fix apt/the
> repositry system so that the defaults for a virtual package can be
> explicitly designed.
I have no idea how to do this and no time to help, but I think this would
be really cool and would
2) Introduce a default-mta package (currently) depending on exim4. All
packages requiring a MTA should depend on default-mta | mail-transport-agent.
This will have the extra advantage that we (and others like CDDs and derived
distros) easily could swap default MTA.
What concerns me about this a
2008/5/15 Charles Plessy <[EMAIL PROTECTED]>:
> Despite the fact that the maintainer of sbackup is actively blogging on
> planet.d.o, I wonder if sbackup is maintained. From a user perspective
> (and I am a user of sbackup, that is why I feel concerned), I think that
> if there is no future for sba
Le May 15, 2008 09:55:40 am Lennart Sorensen, vous avez écrit :
> On Wed, May 14, 2008 at 08:13:53PM -0400, Filipus Klutiero wrote:
> > Your second parenthesis is wrong. Just like LKM-s when the stock kernels'
> > ABINAME is bumped, applications need to be rebuilt when the ABI of one of
> > the lib
On Thu May 15 2008 14:33:04 Sune Vuorela wrote:
> The latter, just depending on mail-transport-agent, makes apt, at least
> currently, pick the package first in the alphabet providing m-t-a. (A bit
> ago, this was courier. now it is citadel). This definately needs fixing,
> but why not sort everyth
Hi!
Noticing among others this bug report
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=322751 and observing the
many packages depending on $MTA | mail-transport-agent with $MTA having
values like postfix, exim, exim4, sendmail, nullmailer and probably others.
And some packages just dependi
On Thu, 15 May 2008, Norbert Preining wrote:
> On Do, 15 Mai 2008, Mike Hommey wrote:
> > I beg to differ. This particular mail is important enough to be sent to
> > d-d-a instead of d-i-a.
>
> I agree, dia is not what I would be subscribed to under normal
> circumstances, and with all the caos t
Hi Mikhail,
Mikhail Gusarov wrote:
> Twas brillig at 10:30:44 15.05.2008 UTC-07 when Kevin B. McCarty did gyre and
> gimble:
>
> KBM> Believe me, there are lots of upstreams for which extensive
> KBM> patching really is necessary. (I have no idea whether OpenSSL is
> KBM> one of those, as I
Hi,
Le 15 mai 08 à 20:17, Mike Bird a écrit :
Nevertheless, non-DD's can and do help by filing bug reports and
patches (upstream is best), helping people on d-u, and offering
constructive advice to DDs.
And maintaining packages! It can be long to find a sponsor for your
first package (espec
[Mike Bird]
> Nevertheless, non-DD's can and do help by filing bug reports and
> patches (upstream is best), helping people on d-u, and offering
> constructive advice to DDs.
Very well. I propose that anyone who wishes to give "constructive
advice" to developers, but who doesn't actually do any
On Thu May 15 2008 10:34:01 Peter Samuelson wrote:
> Who is this "we"? Whose serious efforts? Who is investigating? Most
> importantly, should we assume that, as in the past, you, Mike Bird,
> intend to do nothing but talk?
Debian is still one of the world's best distros and I hope it
continues
Mikhail Gusarov <[EMAIL PROTECTED]> writes:
> Probably the work then should be clearly labeled as fork (especially
> given the other distro maintainers also share some patches)? It will
> reduce the confusion, like "oh, erm, our is not quite upstream
> , we rewrote it from scratch, and left the n
[Mike Bird]
> but we should blame the process. And fix it.
> it would probably have been better to devote less effort to the
> scanner and more effort to documenting all the kinds of key
> replacements
> Serious efforts are needed
> Second, we must ensure
> This calls for a thorough investiga
Twas brillig at 10:30:44 15.05.2008 UTC-07 when Kevin B. McCarty did gyre and
gimble:
KBM> Believe me, there are lots of upstreams for which extensive
KBM> patching really is necessary. (I have no idea whether OpenSSL is
KBM> one of those, as I have no familiarity with its code nor the
KBM>
Martin Uecker wrote:
> Am Donnerstag, den 15.05.2008, 17:33 +0200 schrieb Thijs Kinkhorst:
>> If you're interested in for example changing the level to which software is
>> patched in Debian, I suggest to start with a representative review of what
>> gets patched and why it's done. That would g
On Thursday 15 May 2008 18:26, Martin Uecker wrote:
> Why not? A plane crash is a very rare incident. Still every single
> crash is investigated to make recommendations for their future
> avoidance.
Maybe that wasn't clear from my first mail, but I don't think that nothing can
be learned from thi
Am Donnerstag, den 15.05.2008, 17:33 +0200 schrieb Thijs Kinkhorst:
> On Thursday 15 May 2008 16:47, Martin Uecker wrote:
> > > You mean less likely than once in 15 years? We're open to your
> > > suggestions.
> >
> > Something as bad as this might be rare, still, if something can be
> > improved,
On Thu May 15 2008 08:33:54 Thijs Kinkhorst wrote:
> I welcome change and review of our processes, but taking one extreme
> incident as the base on which to draw conclusions seems not the wise thing
> to do. If you're interested in for example changing the level to which
> software is patched in De
On Thu May 15 2008 06:20:10 Thijs Kinkhorst wrote:
> You mean less likely than once in 15 years? We're open to your suggestions.
Leaving millions of systems open to crackers for 2 years out of 15
is not a joke. I don't blame the DD - we have all made mistakes
and most of us are lucky they weren't
On Thursday 15 May 2008 16:47, Martin Uecker wrote:
> > You mean less likely than once in 15 years? We're open to your
> > suggestions.
>
> Something as bad as this might be rare, still, if something can be
> improved, it should.
>
> Upstream complained about the extensive Debian patching. I think
On Do, 15 Mai 2008, Mike Hommey wrote:
> I beg to differ. This particular mail is important enough to be sent to
> d-d-a instead of d-i-a.
I agree, dia is not what I would be subscribed to under normal
circumstances, and with all the caos that type of announce is for dda.
Best wishes
Norbert
--
On Thu, May 15, 2008 at 05:11:30PM +0200, Peter Palfrader <[EMAIL PROTECTED]>
wrote:
> On Thu, 15 May 2008, Mike Hommey wrote:
>
> > On Thu, May 15, 2008 at 03:03:55PM +0200, Peter Palfrader <[EMAIL
> > PROTECTED]> wrote:
> > > On Thu, 15 May 2008, Osamu Aoki wrote:
> > >
> > > > Considering re
On Thu, 15 May 2008, Mike Hommey wrote:
> On Thu, May 15, 2008 at 03:03:55PM +0200, Peter Palfrader <[EMAIL PROTECTED]>
> wrote:
> > On Thu, 15 May 2008, Osamu Aoki wrote:
> >
> > > Considering recent issues, http://db.debian.org/password.html requires
> > > updated as "s/id_dsa.pub/id_rsa.pub/
Am Donnerstag, den 15.05.2008, 15:20 +0200 schrieb Thijs Kinkhorst:
> On Thursday 15 May 2008 14:04, Martin Uecker wrote:
> > If I understand this correctly, this means that not only should keys
> > generated with the broken ssl lib be considered compromised, but all
> > keys which were potentially
On Thu, May 15, 2008 at 03:03:55PM +0200, Peter Palfrader <[EMAIL PROTECTED]>
wrote:
> On Thu, 15 May 2008, Osamu Aoki wrote:
>
> > Considering recent issues, http://db.debian.org/password.html requires
> > updated as "s/id_dsa.pub/id_rsa.pub/".
>
> My mail to d-i-a said that you need to use RS
Guido Günther <[EMAIL PROTECTED]> writes:
> On Thu, May 15, 2008 at 03:33:41PM +1000, Brian May wrote:
>> Apparently, Heimdal in Debian also is affected. I am not aware of any
>> solution other then to manually regenerate all keys.
> Could you give some details here? Password based principals are
Martin Uecker <[EMAIL PROTECTED]> writes:
> In this case, the security advisory should clearly be updated. And all
> advise about searching for weak keys should be removed as well, because
> it leads to false sense of security. In fact, *all* keys used on Debian
> machines should be considered com
Hi Brian,
On Thu, May 15, 2008 at 03:33:41PM +1000, Brian May wrote:
> Apparently, Heimdal in Debian also is affected. I am not aware of any
> solution other then to manually regenerate all keys.
Could you give some details here? Password based principals aren't
affected? For those using a keytab
* Michal Čihař:
> GnuPG does not use OpenSSL, so it should be safe. But generally it
> could be possible to use same key for both GnuPG and OpenSSL and then
> you would have a problem.
There is no benefit from doing that, so this is highly unlikely. It
requires manual key conversion, too.
--
T
On Thu, May 15, 2008 at 03:03:55PM +0200, Peter Palfrader wrote:
> On Thu, 15 May 2008, Osamu Aoki wrote:
>
> > Considering recent issues, http://db.debian.org/password.html requires
> > updated as "s/id_dsa.pub/id_rsa.pub/".
>
> My mail to d-i-a said that you need to use RSA keys. You have rea
Dear all,
it is almost one year that sbackup was modified to use a group ID that
exists on Ubuntu but not on Debian systems. As suggested on
[EMAIL PROTECTED], I have increased the severity of the bug to
'serious' three weeks ago. (#427697)
sbackup is a native Debian package whose maintainer is a
On Wed, May 14, 2008 at 08:13:53PM -0400, Filipus Klutiero wrote:
> Your second parenthesis is wrong. Just like LKM-s when the stock kernels'
> ABINAME is bumped, applications need to be rebuilt when the ABI of one of the
> libraries they link to changes in a way which is not backwards-compatible
On Thursday 15 May 2008 14:04, Martin Uecker wrote:
> If I understand this correctly, this means that not only should keys
> generated with the broken ssl lib be considered compromised, but all
> keys which were potentially used to create DSA signatures by those
> broken libs.
>
> In this case, the
"Steinar H. Gunderson" <[EMAIL PROTECTED]>:
> On Thu, May 15, 2008 at 05:11:27AM +0200, Goswin von Brederlow wrote:
>
> > Also if you have 2 messages signed with the same random number you can
> > compute the secret key. It is more complicated then this but
> > simplified boils down to is computin
On Thu, 15 May 2008, Osamu Aoki wrote:
> Considering recent issues, http://db.debian.org/password.html requires
> updated as "s/id_dsa.pub/id_rsa.pub/".
My mail to d-i-a said that you need to use RSA keys. You have read
that, right?
The page on db.d.o will get updated eventually, for now think
Hi,
Considering recent issues, http://db.debian.org/password.html requires
updated as "s/id_dsa.pub/id_rsa.pub/".
Discussion as below. Do I need to make rt thingy? I am not yet
familiar with it.
On Wed, May 14, 2008 at 07:50:29PM +0200, Luk Claes wrote:
> Osamu Aoki wrote:
> > Hi,
> >
> > Re
Hello,
I just reassigned a bug to acpid and discovered how badly maintained it
is. Despite a new maintainer in january this year, the BTS still shows
many RC bugs and a bunch with patches.
Hopefully this mail will draw some attention to the problem and some
volunteers will step up to help maintai
On Thursday 15 May 2008 11:24, Olivier Berger wrote:
> I guess openssh-blacklist is only available on stable/updates and not in
> testing/updates ... any reason why not ?
It is currently available in unstable; I have no doubt that the release
managers will push it into testing as soon as possible
Hi.
I guess openssh-blacklist is only available on stable/updates and not in
testing/updates ... any reason why not ?
Thanks in advance.
--
Olivier BERGER <[EMAIL PROTECTED]> (*NEW ADDRESS*)
http://www-inf.it-sudparis.eu/~olberger/ - OpenPGP-Id: 1024D/6B829EEC
Ingénieur Recherche - Dept INF
Ins
On Thu, 15 May 2008 08:09:02 +0200
Norbert Preining <[EMAIL PROTECTED]> wrote:
> On Do, 15 Mai 2008, Steinar H. Gunderson wrote:
> > No. Any key who had a single DSA signature created by the flawed version of
> > OpenSSL should be considered compromised. DSA requires a secret, random
>
> Does thi
On Thu, May 15, 2008 at 05:11:27AM +0200, Goswin von Brederlow wrote:
> The DSA signing uses (secret key + random) in the signature and that
> sum is trivial to compute given the signed message and public key. The
> security of DSA relies solely on the fact that random can't be guessed
> so you can
59 matches
Mail list logo
