Quoting Russ Allbery (r...@debian.org):
> >> you must not understand how user-private groups work at all
>
> > Well I guess I do,...
>
> Given your complaints, actually, you don't appear to.
Is there a mail in this thread that would explain all this?
From your own words, it seems that most ne
On 15/05/2010 03:12, Joey Hess wrote:
> Vincent Danjean wrote:
>> I'm happy with this move. However, there is still an interaction with ssh
>> to deal with:
>> vdanj...@eyak:~$ chmod -Rv g+w .ssh/authorized_keys
>> vdanj...@eyak:~$ ssh localhost
>> vdanj...@localhost's password:
>> And, in /var/log
On 05/14/2010 06:40 PM, Klaus Ethgen wrote:
> Oh, I will not make any more comment to that decision. Maybe I will
> search for a more secure distribution. This decision is much to much.
> And it is the last straw that breaks the camels back. Debian was was my
> favorite distribution for over ten ye
Christoph Anton Mitterer writes:
> Another nice (IMHO) example are the X.509 that are shipped per default
> in several places (Mozilla NSS, ca-certificates).
> Per default all of them are enabled... right?
> Mozilla recently proved that they are not really able to manage they
> cert store gi
Christoph Anton Mitterer writes:
> - Many packages contain code which does things that is questionable from
> a security point of view:
> 1) Some of them download and install data from the web (fonts, sun jdk
> doc, firmware, etc.) but do not verify them, therefore bypassing
> Debian's great sec
On Sat, 2010-05-15 at 03:32 +0200, Andreas Marschke wrote:
> In that case why dont we as security aware people and people that think that
> more hardened defaults should be applied,
I think we (Debian as a collective) does apparently not think so, which
is probably _not_ specifically proven by tha
Am Samstag 15 Mai 2010, 02:55:40 schrieb Christoph Anton Mitterer:
> On Fri, 2010-05-14 at 17:16 -0700, Russ Allbery wrote:
> > Why do you have this strong of a reaction to this change?
>
> Because it shows - what I consider to be a - trend in Debian recently
> that security dying more and more (a
pour cela vous devez:
1/entrez sur le lien suivant :
http://bit.ly/voiture207
2/ remplissez-vous les cases vides
cordialement
--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.de
On Sat, 2010-05-15 at 02:55 +0200, Christoph Anton Mitterer wrote:
> - Many packages ship with configuration that is either really insecure
> or that could be at least hardened a lot.
Another nice (IMHO) example are the X.509 that are shipped per default
in several places (Mozilla NSS, ca-certifica
On Fri, 2010-05-14 at 21:07 -0400, Joey Hess wrote:
> Your typical program with a dotfile relies on the user
> choosing a safe combination of umask and directory permissions for its
> security.
As you say,... it "relies on the user"...
At least half (!) of the bill (the default umask) is now taken
Vincent Danjean wrote:
> I'm happy with this move. However, there is still an interaction with ssh
> to deal with:
> vdanj...@eyak:~$ chmod -Rv g+w .ssh/authorized_keys
> vdanj...@eyak:~$ ssh localhost
> vdanj...@localhost's password:
> And, in /var/log/auth.log:
> May 14 09:42:17 eyak sshd[1618]:
On Sat, 2010-05-15 at 02:18 +0200, Stefano Zacchiroli wrote:
> Guys, IMHO you really need to stop ranting contentlessly. Either you
> reply to the technical arguments in favor of the change that have been
> made (e.g. by Russ Allbery in this thread, to which you carefully
> avoided to reply thus f
Klaus Ethgen wrote:
> Urgh, and as in debian this is set, procmail is per default unsave on
> all systems where non UPG is used or where the user like to use his own
> UPG for sharing purpose!?
>
> To change all that software just to let the umask be convenient for just
> one very special use case
On Fri, 2010-05-14 at 17:16 -0700, Russ Allbery wrote:
> Why do you have this strong of a reaction to this change?
Because it shows - what I consider to be a - trend in Debian recently
that security dying more and more (again, I do not mean the work of the
Security Team).
- Debian does not ship wi
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Am Sa den 15. Mai 2010 um 1:18 schrieb Stefano Zacchiroli:
> On Sat, May 15, 2010 at 01:57:05AM +0200, Christoph Anton Mitterer wrote:
> > Klaus Ethgen wrote:
> > > A black day in the security of Debian. Well.. One more.
> > Absolutely true,... :-(
On Sat, May 15, 2010 at 01:57:05AM +0200, Christoph Anton Mitterer wrote:
> Klaus Ethgen wrote:
> > A black day in the security of Debian. Well.. One more.
> Absolutely true,... :-(
Guys, IMHO you really need to stop ranting contentlessly. Either you
reply to the technical arguments in favor of t
Christoph Anton Mitterer writes:
> Now that we have Ubuntu as competitor, which is nicely coloured and
> where everything "just works", let's try to imitate (and integrate
> Ubuntu stuff) as much as possible.
> Or even better,... let's use Windows as archetype.
> Why don't we add any user to th
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Am Sa den 15. Mai 2010 um 0:24 schrieb Santiago Vila:
> I remember that procmail had a similar problem, and the author
> implemented a build macro for systems having UPG. From the changelog:
>
> 1999/03/02: v3.12
> Changes to procmail:
>
Klaus Ethgen wrote:
> A black day in the security of Debian. Well.. One more.
Absolutely true,... :-(
Now that we have Ubuntu as competitor, which is nicely coloured and
where everything "just works", let's try to imitate (and integrate
Ubuntu stuff) as much as possible.
Or even better,... let's
On Sat, 15 May 2010, Andreas Hemel wrote:
> On Fri, May 14, 2010 at 01:21:41PM -0400, Joey Hess wrote:
> > Vincent Danjean wrote:
> > > I'm happy with this move. However, there is still an interaction with ssh
> > > to deal with:
> >
> > > vdanj...@eyak:~$ chmod -Rv g+w .ssh/authorized_keys
> > >
Hi ,
I want to personally invite you to my Apsense business social network.
It's the ONLY social network where you can promote your business and
get paid at the same time! Isn't that the smartest idea since high
speed Internet?
By accepting this invitation you can get targeted and instant exp
On Fri, 14 May 2010, Joey Hess wrote:
> Vincent Danjean wrote:
> > I'm happy with this move. However, there is still an interaction with ssh
> > to deal with:
>
> > vdanj...@eyak:~$ chmod -Rv g+w .ssh/authorized_keys
> > vdanj...@eyak:~$ ssh localhost
> > vdanj...@localhost's password:
> > And, i
On Fri, May 14, 2010 at 01:21:41PM -0400, Joey Hess wrote:
> Vincent Danjean wrote:
> > I'm happy with this move. However, there is still an interaction with ssh
> > to deal with:
>
> > vdanj...@eyak:~$ chmod -Rv g+w .ssh/authorized_keys
> > vdanj...@eyak:~$ ssh localhost
> > vdanj...@localhost's
Package: wnpp
Severity: wishlist
Owner: Torsten Werner
* Package name: libbtm-java
Version : 1.3.3
Upstream Author : Bitronix
* URL : http://docs.codehaus.org/display/BTM/Home
* License : LGPL-3
Programming Lang: Java
Description : Bitronix JTA Transact
Vincent Danjean wrote:
> I'm happy with this move. However, there is still an interaction with ssh
> to deal with:
> vdanj...@eyak:~$ chmod -Rv g+w .ssh/authorized_keys
> vdanj...@eyak:~$ ssh localhost
> vdanj...@localhost's password:
> And, in /var/log/auth.log:
> May 14 09:42:17 eyak sshd[1618]:
Package: wnpp
Severity: wishlist
Owner: Jonas Smedegaard
* Package name: libtext-sass-perl
Version : 0.5
Upstream Author : Roger Pettett
* URL : http://search.cpan.org/dist/Text-Sass/
* License : Artistic or GPL-1+
Programming Lang: Perl
Description :
On Wed, May 12, 2010 at 09:59:59PM +0200, Petter Reinholdtsen wrote:
>
> [Cesare Leonardi]
> > If that helps, reading this thread i've set the previous variable in
> > my notebook (Sid with Gnome environment). I can see no problem but the
> > speed improvement is really small.
>
> Great to see mo
> Or just have per-user cgroups that a process is moved into when
> logging in, see libpam-cgroup for something that does this.
>
Then getty would respawn the second you login, stealing the controlling
terminal from bash.
> In addition, killing all members in a cgroup when a service goes down is
]] Scott James Remnant
| I investigated using cgroups in Upstart a while back, and hit the exact
| same issue. There are two obvious solutions:
|
| - allow a process to escape its cgroup (kernel patch); this is
|completely insane, since cgroups are primarily used for security
|containe
> It is still on the wishlist, but the needed pieces are not ready, so
> it seem unlikely to happen this late in the release process. At the
> moment, I believe it will happen shortly after Squeeze is released, if
> the needed pieces are ready by then.
>
I will be at DebConf all week.
I'll be th
> What is so bad about init scripts? Where am I supposed to put my init
> script magic[1] in an upstart scenario?
>
Upstart job configs go in /etc/init
Scott
--
Have you ever, ever felt like this?
Had strange things happen? Are you going round the twist?
signature.asc
Description: This is a d
于 2010年05月14日 16:59, Andreas Barth 写道:
> Hi,
>
> for mips, there is nothing new: still the same issues as last month, but
> still "works good enough".
>
>
> For mipsel, things have improved dramatically:
>
> rem is working again. The issue was the both the cpu and the psu fan were
> broken. Florian
> OTOH, it is not obvious to me anymore that Debian should commit to
> Upstart now that systemd has appeared and it has many compelling
> features. I believe we should consider systemd's merits and wait and
> see how it will work in the next Fedora release and if SUSE will
> really adopt it.
>
I'm
> This does mean that when you use something like screen, the tty it was
> connected to is from then on unusable, right? As the cgroup that
> contains the screen process also contains the getty and it doesn't
> kill one without the other as that is in no way reliable :-)
>
Yes.
I investigated usi
> One of my concerns about upstart is that systems that want to
> use SELinux and upstart _have_ to also use an initramfs, which is yet
> another component of the system that has to be audited. There have
> been patches proposed, and semi-rejected b the upstart folks, who are
> of the opinions tha
Can you Beat Pawan Kumar's Big Brain IQ Score?
Hi,
This is the Last reminder to join OrangeShark on behalf
of Pawan Kumar. Pawan Kumar sent you his first invitation on 05/11/2010.
Beat Pawan Kumar's Big Brain IQ score:
Package: wnpp
Severity: wishlist
Owner: Bilal Akhtar
* Package name: python-tweepy
Version : 1.6
Upstream Author : Joshua Roesslein
* URL : http://github.com/joshthecoder/tweepy
* License : MIT
Programming Lang: Python
Description : A Twitter library f
Package: wnpp
Severity: wishlist
Owner: Bilal Akhtar
* Package name: liboauth
Version : 0.6.0
Upstream Author : Robin Gareus
* URL : http://liboauth.sourceforge.net/
* License : LGPLv2, MIT
Programming Lang: C
Description : C library for implementing o
On 13/05/2010 19:45, Aaron Toponce wrote:
> On 5/13/2010 3:48 AM, Santiago Vila wrote:
>> Will be done in base-files 5.4.
>
> I just saw the change committed. Thank you very much! This is good news.
>
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=581434#25
I'm happy with this move. However,
Package: wnpp
Severity: wishlist
Owner: Bilal Akhtar
* Package name: gconjugo
Version : 0.8.0
Upstream Author : Maxence Dolle
* URL : https://launchpad.net/gconjugo
* License : GPLv3
Programming Lang: C
Description : Learn how to conjugate in several l
40 matches
Mail list logo
