On Tue, 05 Feb 2013, Joachim Breitner wrote:
> Am Dienstag, den 05.02.2013, 17:03 +0100 schrieb Adam Borowski:
> > Just imagine what would happen if libc6 would be statically
> > linked, and a security bug happens inside (like, in the stub
> > resolver). Rebuilding the world on every update might b
* Adam Borowski:
> If there is a bug in library A, if you use static linking, you need to
> rebuild every single library B that uses A, then rebuild every C that
> uses B, then finally every single package in the archive that uses any
> of these libraries.
But wouldn't it be great if all the peop
* Adam Borowski:
>> The worst case scenario IMHO is some people invest a lot of time to
>> make the Debianized-Go stuff quite divergent from upstream, people's
>> expectations of how things behave in Go-land are broken when they
>> access Go-via-Debian
>
> Just think what would happen if every sin
On Tue, Feb 05, 2013 at 05:30:51PM +, Jon Dowland wrote:
> And in particular, where a problem cannot be solved in pure Debian, I don't
> want Debian to interfere with the bit of the solution that lives outside of
> its domain. That may include not attempting to package/patch/alter/adjust
> upst
Package: wnpp
Severity: wishlist
Owner: Thibaut Girka
* Package name: python-pygame2
Version : 2.0.0-beta2
Upstream Author : Marcus von Appen
* URL : http://code.google.com/p/pgreloaded
* License : Public Domain / zlib
Programming Lang: Python
Description
Jon Dowland writes:
> Although I've never used dh-make-perl myself, I'm lead to believe that
> it is perhaps *the* most successful tool of its type (that is, of things
> that create .debs from packages in an alternative repository system like
> CPAN, gems, cabal, etc.), and that it works as relia
socket-activation in systemd _helps_ security in that you can give an
unprivlidged process a listening port under 1024. (using a privileged
configuration file)
-Shawn Landden
On Fri, Feb 01, 2013 at 04:02:18PM -0500, Lennart Sorensen wrote:
> For cpan there is even dh-make-perl. The solution then is to make
> equivelant scripts for other languages. The solution is NOT to use some
> other package installation system.
Although I've never used dh-make-perl myself, I'm l
On Fri, Feb 01, 2013 at 12:38:16PM -0800, Russ Allbery wrote:
> Using Debian packages is a *means*, not an *end*. Sometimes in these
> discussions I think people lose sight of the fact that, at the end of the
> day, the goal is not to construct an elegantly consistent system composed
> of theoreti
On Fri, Feb 01, 2013 at 03:20:08PM -0500, Lennart Sorensen wrote:
> On Fri, Feb 01, 2013 at 10:00:32AM +, Jon Dowland wrote:
> > As a Haskell developer, I find cabal much more convenient than nothing,
> > in the situation where the library I want is not packaged by Debian yet.
> > If I want my
On Fri, Feb 01, 2013 at 01:27:05PM -0800, Russ Allbery wrote:
> "Lennart Sorensen" writes:
> > Not all C libraries are distributed from one central site and they
> > certainly don't expect you to use a central package installation system.
>
> So much more the shame for C. Those are *improvements
Hi,
Am Dienstag, den 05.02.2013, 17:03 +0100 schrieb Adam Borowski:
> On Tue, Feb 05, 2013 at 04:36:44PM +0100, Joachim Breitner wrote:
> It's not a matter of "a little infrastructural complication", it's about
> having the slightest chance of reasonable security support -- or even
> regular bug f
On Tue, Feb 05, 2013 at 04:36:44PM +0100, Joachim Breitner wrote:
> At least to me my work on Haskell in Debian feels more than pretending,
> and from personal experience with the creators of the language, I have
> strong doubts that they are Idiots.
>
> In fact I don’t see how you can have modern
Hi,
Am Dienstag, den 05.02.2013, 10:53 + schrieb Steve McIntyre:
> Paul Wise wrote:
> >On Tue, Feb 5, 2013 at 7:14 AM, Michael Stapelberg wrote:
> >
> >> Assuming we ship Go libraries compiled as shared libraries, where do we
> >> get the SONAME from? There is no mechanism for Go libraries to
On 05/02/2013 18:53, Steve McIntyre wrote:
> FFS, yet another new language where the implementors have refused to
> think ahead and consider ABI handling? Idiots. :-(
I totally agree with you here.
> Considering the mess that we already have with (for example) Haskell
> in this respect, I would v
Paul Wise wrote:
>On Tue, Feb 5, 2013 at 7:14 AM, Michael Stapelberg wrote:
>
>> Assuming we ship Go libraries compiled as shared libraries, where do we
>> get the SONAME from? There is no mechanism for Go libraries to declare
>> an ABI break. Inventing one and asking all upstream projects to adopt
One of the most interesting statements in the recent udev
discussion was Steve Langasek's claim that socket-based
activation has "fundamentally unmaintainable security".
A couple people have asked for clarification and I would
also like to know what problem Steve was referring to.
Can someone pleas
On 02/05/2013 02:34 PM, Markus Frosch wrote:
> Package: wnpp
> Severity: wishlist
> Owner: Markus Frosch
>
> * Package name: ingraph
> Version : 1.0.1
> Upstream Author : Eric Lippmann
> Gunnar Beutner
> * URL : https://www.netways.org/projects/ing
18 matches
Mail list logo
