Bug#677182: ITP: libguac-client-rdp -- RDP client plugin for Guacamole

Package: wnpp Severity: wishlist Owner: Mike Jumper * Package name: libguac-client-rdp Version : 0.6.0 Upstream Author : Mike Jumper * URL : http://guac-dev.org/ * License : MPL-1.1 or GPL-2.0 or LGPL-2.1 Programming Lang: C Description : RDP client p

Re: Is Debian affected by the recent MySQL sql/password.c flow?

On 06/12/2012 10:25 AM, Aron Xu wrote: > I'm not expecting to hide anything, but it's harmful to announce the > world by a discussion in debian-devel that we are affected with no > solution provided, at the time related people (means the maintainers > and Security Team, not including the user - lik

Re: Handling of changelogs and bin-nmus

Hi, On Sun, 10 Jun 2012, Andreas Barth wrote: > Asking to be sure: For sbuild, that means instead of changing the file > debian/changelog before starting the build, a new file > debian/changelog.binary-rebuild (or however it is named) is created > and from there on all works "by itself"? That's t

Re: Is Debian affected by the recent MySQL sql/password.c flow?

Quoting Thomas Goirand (z...@debian.org): > The first time I wrote it, it wasn't clear enough. Maybe writing with > CAPS-ON will help your understanding! :) > > IT HAS ALREADY BEEN MADE PUBLIC (for example: on slashdot) !!! The debian-security mailing list is a public list. My stance about sec

Re: DUCK -the Debian Url Checker

On 06/11/12 21:08, Axel Beckert wrote: > Hi Simon, Hi Axel, > > Simon Kainz wrote: >> as I had some problems in the past finding upstream sources and >> homepages, I hacked up some scripts to monitor and display the results >> of the Upstream Homepage entries in the package control files. >> >> Pl

Re: wwwoffle

On Tue, Jun 12, 2012 at 9:12 AM, Enrico Weigelt wrote: > I've seen wwwoffle was dropped from Debian and Ubuntu. > As I really need it, I'm willing to step in as maintainer. > > I'm currently in process of importing the available releases into > an git repo and adding the latest patches. > > I've n

Bug#677174: RFA: python-minimock -- simple library for Python mock objects

Package: wnpp Severity: normal I have not been an active user of ‘python-minimock’ for a while, and no longer want to maintain the package. If someone else want to take over maintaining this package, I would be happy to help the transition. It has packaging files under VCS, and a recent release o

Re: Is Debian affected by the recent MySQL sql/password.c flow?

On Tue, Jun 12, 2012 at 2:39 AM, Clint Adams wrote: > On Tue, Jun 12, 2012 at 02:23:47AM +0800, Aron Xu wrote: >> sure whether it's relevant to Debian. People at Security Team are not >> only responsible for fixing things when it breaks out, but also make >> sure sensitive information is being dis

Re: Is Debian affected by the recent MySQL sql/password.c flow?

On Tue, Jun 12, 2012 at 2:40 AM, Thomas Goirand wrote: > On 06/12/2012 02:23 AM, Aron Xu wrote: >> I'm not saying you are disclosing anything, but you are asking if >> someone knows it's in what status publicly in a Debian development >> mailing list. Then this may lead to some disclosing and even

wwwoffle

Hi folks, I've seen wwwoffle was dropped from Debian and Ubuntu. As I really need it, I'm willing to step in as maintainer. I'm currently in process of importing the available releases into an git repo and adding the latest patches. I've never really contributed to Debian yet, so please let me

Re: Idea: mount /tmp to tmpfs depending on free space and RAM

On 11 June 2012 22:59, Bjørn Mork wrote: > Aneurin Price writes: > >> (Note that we are talking about applications which fail gracefully >> when confronted with ENOSPC, > > Are we? What's the problem then? > Honestly, I have no idea. It's clear that some people think storing 'large' temporary fi

Re: Is Debian affected by the recent MySQL sql/password.c flow?

On 12-06-12 at 03:26am, Thomas Goirand wrote: > On 06/12/2012 03:17 AM, Jonas Smedegaard wrote: > > What you asked, and the answer to that question, was not already public. > > > > ...or you wouldn't have asked, I hope. ;-) > > > > > > - Jonas > > > Actually, it was, and I was expecting to be a

Re: Planned changes to Debian Maintainer uploads

Ian Jackson wrote: > > - It allows DMs to grant permissions to other DMs. > > It is far from clear that forbidding this is the right thing to do. As far as I know, we did this intentionally. When a DM is the maintainer of a package, they should be able to move it to team maintenance without need

Re: Idea: mount /tmp to tmpfs depending on free space and RAM

Aneurin Price writes: > (Note that we are talking about applications which fail gracefully > when confronted with ENOSPC, Are we? What's the problem then? > but which are likely to do so more often when the size of /tmp is > restricted.) Yes, but the tmpfs correlation is weak. There is absol

Packages up for adoption

Hi, due to lack of time, I intend to give a couple of packages up for adoption: * remmina (#676894) * libvncserver (#676895) The latter is a (build-)dependency of the first, so you may want to have a look at both if you are interested in maintaining them. Cheers, Luca -- To UNSUBSCRIBE, email

Re: Re: Is Debian affected by the recent MySQL sql/password.c flow?

Seems you overlooked this: > Debian Unstable 64-bit 5.5.23-2 -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/201206112253.50532.pp2ml.deb0...@nest-ai.de

Re: Migration path for 'Multi-Arch:allowed' packages

On Mon, 2012-06-11 at 15:40 -0400, Michael Gilbert wrote: > Also, limitations in the existing testing migration tools are making > wine not considered for wheezy, since those tools don't check whether > dependencies for 'Multi-Arch: allowed' packages are satisfied by > packages on other architectur

Migration path for 'Multi-Arch:allowed' packages

Hi, We've been getting a few bug reports from users attempting to install multiarch wine who have yet to manually enable multiarch itself. Obviously that is a failure on their part, and is easily correctable. However, I wonder if we can't make such migrations a bit more straightforward? In partic

Re: Is Debian affected by the recent MySQL sql/password.c flow?

On 06/12/2012 03:17 AM, Jonas Smedegaard wrote: > What you asked, and the answer to that question, was not already public. > > ...or you wouldn't have asked, I hope. ;-) > > > - Jonas > Actually, it was, and I was expecting to be able to find it, but didn't, which is why I asked! :) Thomas -

Re: Is Debian affected by the recent MySQL sql/password.c flow?

On 12-06-12 at 02:40am, Thomas Goirand wrote: > On 06/12/2012 02:23 AM, Aron Xu wrote: > > I'm not saying you are disclosing anything, but you are asking if > > someone knows it's in what status publicly in a Debian development > > mailing list. Then this may lead to some disclosing and even misl

Re: DUCK -the Debian Url Checker

Hi Simon, Simon Kainz wrote: > as I had some problems in the past finding upstream sources and > homepages, I hacked up some scripts to monitor and display the results > of the Upstream Homepage entries in the package control files. > > Please take a look at http://debian.tugraz.at/duck/ Very co

Re: Is Debian affected by the recent MySQL sql/password.c flow?

On Mon, June 11, 2012 20:11, Thomas Goirand wrote: > On 06/12/2012 01:52 AM, Aron Xu wrote: >> IMHO I suggest to talk with Security Team before disclosing >> information that might be sensitive in the mean time on a Debian >> development mailing list. >> > Could you explain to me what exactly I'm d

Re: Is Debian affected by the recent MySQL sql/password.c flow?

On 06/12/2012 02:23 AM, Aron Xu wrote: > I'm not saying you are disclosing anything, but you are asking if > someone knows it's in what status publicly in a Debian development > mailing list. Then this may lead to some disclosing and even mislead > some other people. Yes there are many people doing

Re: Is Debian affected by the recent MySQL sql/password.c flow?

On Tue, Jun 12, 2012 at 02:23:47AM +0800, Aron Xu wrote: > sure whether it's relevant to Debian. People at Security Team are not > only responsible for fixing things when it breaks out, but also make > sure sensitive information is being disclosed in a correct form at a > correct time. In the end,

Re: Is Debian affected by the recent MySQL sql/password.c flow?

On mar., 2012-06-12 at 02:23 +0800, Aron Xu wrote: > On Tue, Jun 12, 2012 at 2:11 AM, Thomas Goirand wrote: > > On 06/12/2012 01:52 AM, Aron Xu wrote: > >> IMHO I suggest to talk with Security Team before disclosing > >> information that might be sensitive in the mean time on a Debian > >> develop

Re: Is Debian affected by the recent MySQL sql/password.c flow?

On 12-06-12 at 02:11am, Thomas Goirand wrote: > On 06/12/2012 01:52 AM, Aron Xu wrote: > > IMHO I suggest to talk with Security Team before disclosing > > information that might be sensitive in the mean time on a Debian > > development mailing list. > > > Could you explain to me what exactly I

Re: Is Debian affected by the recent MySQL sql/password.c flow?

On Tue, Jun 12, 2012 at 2:11 AM, Thomas Goirand wrote: > On 06/12/2012 01:52 AM, Aron Xu wrote: >> IMHO I suggest to talk with Security Team before disclosing >> information that might be sensitive in the mean time on a Debian >> development mailing list. >> > Could you explain to me what exactly

Re: Is Debian affected by the recent MySQL sql/password.c flow?

On 06/12/2012 02:00 AM, Lech Karol Pawłaszek wrote: > According to this: > https://community.rapid7.com/community/metasploit/blog/2012/06/11/cve-2012-2122-a-tragically-comedic-security-flaw-in-mysql > > Debian is not affected. > > Kind regards, > Cool, thanks! Thomas -- To UNSUBSCRIBE, email

Re: Is Debian affected by the recent MySQL sql/password.c flow?

On 06/12/2012 01:52 AM, Aron Xu wrote: > IMHO I suggest to talk with Security Team before disclosing > information that might be sensitive in the mean time on a Debian > development mailing list. > Could you explain to me what exactly I'm disclosing? The news is already on slashdot and so on, an

Re: Is Debian affected by the recent MySQL sql/password.c flow?

On Tue, 2012-06-12 at 01:44 +0800, Thomas Goirand wrote: > Hi, > > Since it has been made public, I believe it's ok to discuss it in > -devel. I came across this: > http://seclists.org/oss-sec/2012/q2/493 > > Is the Squeeze version affected? And SID? By reading it, especially the > end about GCC,

Re: Is Debian affected by the recent MySQL sql/password.c flow?

On Tue, Jun 12, 2012 at 1:44 AM, Thomas Goirand wrote: > Hi, > > Since it has been made public, I believe it's ok to discuss it in > -devel. I came across this: > http://seclists.org/oss-sec/2012/q2/493 > > Is the Squeeze version affected? And SID? By reading it, especially the > end about GCC, it

Is Debian affected by the recent MySQL sql/password.c flow?

Hi, Since it has been made public, I believe it's ok to discuss it in -devel. I came across this: http://seclists.org/oss-sec/2012/q2/493 Is the Squeeze version affected? And SID? By reading it, especially the end about GCC, it's unclear to me if we need an urgent patch: "To my knowledge gcc bui

Re: Lets (eventually) find a good solution for /tmp

On Mon, 11 Jun 2012, Thomas Goirand wrote: > On 06/11/2012 12:06 AM, Don Armstrong wrote: > > swap file on / [...] is > > really the direction that we should be going > NO ! Some imprecise language on my part has apparently lead to some misunderstanding of what I am suggesting. I don't mean a swa

Re: Idea: mount /tmp to tmpfs depending on free space and RAM

> I don’t think the standard user will realize the difference between disk > /tmp cleaned at reboot and a RAM disk. He will realize the difference between a program that works and a program that informs him of insufficient disk space (if lucky, or just behaving odd otherwise). If he is smart he

Re: Idea: mount /tmp to tmpfs depending on free space and RAM

On Sun, Jun 10, 2012 at 12:20:32PM +0200, Wouter Verhelst wrote: When /tmp is in a tmpfs, it's easy to connect the dots if it's empty on the next boot, and even easy to understand that restoring there (and then rebooting) isn't going to be very helpful. I don’t think the standard user will real

Re: Idea: mount /tmp to tmpfs depending on free space and RAM

Wouter Verhelst wrote: > Also, the symlink attack thing isn't just something I made up; > tmpreaper's REAME.Debian actually warns about that. It's not particularly hard to securely delete /tmp in single user mode, ie at boot. Just don't follow symlinks. Tmpreaper's potential for symlink attacks is

Re: Lets (eventually) find a good solution for /tmp

On 11 June 2012 15:21, Simon McVittie wrote: > On 11/06/12 15:01, Aneurin Price wrote: >> as far as I am aware a swap file is the better >> choice in virtually all situations > > Assuming > is > still current: > > If you want to

Re: Lets (eventually) find a good solution for /tmp

On Monday 11 June 2012 16:01:10 Aneurin Price wrote: > On 10 June 2012 19:31, Thomas Goirand wrote: > > On 06/11/2012 12:06 AM, Don Armstrong wrote: > >> swap file on / [...] is > >> really the direction that we should be going > > > > NO ! > > > > Does this need to be explained? :/ Hi, > Not

Re: [xml/sgml-pkgs] Processed: severity of 676686 is important

severity 676686 serious thanks Please don't lower it to make it migrate, I've already explained the reasons, and let me repeat: 1. There aren't so many user-visible changes in this version, but the most important one is moving patches to quilt maintained. 2. I'll make sure to upload new version o

Re: Lets (eventually) find a good solution for /tmp

On 11/06/12 15:01, Aneurin Price wrote: > as far as I am aware a swap file is the better > choice in virtually all situations Assuming is still current: If you want to use hibernation (suspend-to-disk), you need roughly[0] as m

Re: Idea: mount /tmp to tmpfs depending on free space and RAM

Le lundi 11 juin 2012 à 14:53 +0100, Aneurin Price a écrit : > On 8 June 2012 12:04, Bjørn Mork wrote: > > Any file system will run out of space given the broken applications > > mentioned in this thread. > > It is not productive to redefine applications as 'broken' simply > because they do not

Re: Lets (eventually) find a good solution for /tmp

On 10 June 2012 19:31, Thomas Goirand wrote: > On 06/11/2012 12:06 AM, Don Armstrong wrote: >> swap file on / [...] is >> really the direction that we should be going > NO ! > > Does this need to be explained? :/ > Not quite sure what you're objecting to. If you are against the use of swap files

Re: Idea: mount /tmp to tmpfs depending on free space and RAM

On 8 June 2012 12:04, Bjørn Mork wrote: > Any file system will run out of space given the broken applications > mentioned in this thread. It is not productive to redefine applications as 'broken' simply because they do not conform to an arbitrary set of requirements that you have just added, espe

Re: Planned changes to Debian Maintainer uploads

Ansgar Burchardt writes ("Planned changes to Debian Maintainer uploads"): > (Please send followup messages to -project.) > > The ftp team wants to change how allowing Debian Maintainers to upload > packages works. The current approach with the DM-Upload-Allowed field > has a few issues we would l

Re: [xml/sgml-pkgs] Bug#676686: libxslt1.1: libxslt1.1 binNMU broke multi-arch installability

Guillem Jover writes ("Re: [xml/sgml-pkgs] Bug#676686: libxslt1.1: libxslt1.1 binNMUbroke multi-arch installability"): > As I mentioned in the long ref-counting thread, I strongly disagree this > is a correct solution, it just seems like a hack to me. Instead I > think we should consider chang

Re: gnome is completely f^Mmessed up

Luke Cycon writes: > I have the added issue that GNOME seems to (somehow) manage to spawn in > excess of 100 Xserver when I try to log in. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=650183 -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe".

Re: Summary: Moving /tmp to tmpfs makes it useless

Le dimanche 10 juin 2012 à 01:51 +0300, Serge a écrit : > Some people asked for a thread summary. So here it is. > "/tmp on tmpfs is good" quotes > == > No real quotes here. So much for a thread summary. -- .''`. Josselin Mouette : :' : `. `' `- -- To UNS