Okay, fortunately, no bands are practicing tonight and no kids need homework
help, so let's see if I can answer some of these questions. :)
On Feb 07, 2013, at 08:54 AM, Paul Wise wrote:
>On Thu, Feb 7, 2013 at 8:19 AM, Barry Warsaw wrote:
>
>> Speaking with many hats on, I think Debian Python ha
Am 07.02.2013 01:54, schrieb Paul Wise:
> On Thu, Feb 7, 2013 at 8:19 AM, Barry Warsaw wrote:
>
>> Speaking with many hats on, I think Debian Python has done a very admirable
>> job of integrating the Python ecosystem with Debian.
>
> One of the pain points for users (I've had folks ask me this
>
On Thu, Feb 7, 2013 at 8:19 AM, Barry Warsaw wrote:
> Speaking with many hats on, I think Debian Python has done a very admirable
> job of integrating the Python ecosystem with Debian.
One of the pain points for users (I've had folks ask me this
face-to-face) with that stuff was site-packages vs
Barry Warsaw writes:
> Where things get tricky is if you have multiple applications that need
> different versions of its dependencies. Say Debian has python-foo 1.2
> which application Bar needs, but application Baz needs python-foo 2.0.
> Despite years of discussion, in Debian, Ubuntu, and ups
On Feb 06, 2013, at 03:26 PM, Roland Mas wrote:
>I can only speak about Python and Perl, but I don't remember *ever* having
>been told to use their deployment system instead of the packaged versions of
>the interpreter and modules. The closest I've seen is something like "if
>you're running CentO
On Thu, 7 Feb 2013, Thomas Goirand wrote:
> > I think he's referring to allowing processes which require listening to a
> > port under 1024 to run without superuser privileges. I believe our
> > implementation on Debian (e.g. Apache) is to have the process start as
> > root, start listening, and t
On Wed, Feb 06, 2013 at 03:20:09PM -0600, Serge Hallyn wrote:
> > > > > Do we finally have mechanisms to start processes without root but with
> > > > > elevated capabilities?
> > > > We also need fallback for non Capability-capable supported kernels
> > > > (wow that's an awkward sentence)
> > > N
Quoting Andrey Rahmatullin (w...@wrar.name):
> On Wed, Feb 06, 2013 at 12:30:28PM -0600, Serge Hallyn wrote:
> > > > Do we finally have mechanisms to start processes without root but with
> > > > elevated capabilities?
> > > We also need fallback for non Capability-capable supported kernels
> > > (
Package: wnpp
Severity: wishlist
Owner: Jérémy Bobbio
* Package name: pyobfsproxy
Version : 0.1
Upstream Author : George Kadianakis
* URL :
https://git.torproject.org/pluggable-transports/pyobfsproxy.git
* License : BSD-3-clause
Programming Lang: Python
D
Package: wnpp
Severity: wishlist
Owner: Jérémy Bobbio
* Package name: pyptlib
Version : 0.1
Upstream Author : George Kadianakis
* URL : https://git.torproject.org/pluggable-transports/pyptlib.git
* License : BSD-3-clause
Programming Lang: Python
Descriptio
2013/2/6 Chow Loong Jin :
> On 07/02/2013 01:35, Thomas Goirand wrote:
>>> >
>> Which would be the wrong way of doing things / wrong reason
>> for using root as running user, since you can set the
>> CAP_NET_BIND_SERVICE capability... (man capabilities ...)
>
> Yeah, I figured as much, but isn't th
On Wed, Feb 06, 2013 at 12:30:28PM -0600, Serge Hallyn wrote:
> > > Do we finally have mechanisms to start processes without root but with
> > > elevated capabilities?
> > We also need fallback for non Capability-capable supported kernels
> > (wow that's an awkward sentence)
> Not to mention non-xa
Quoting Jonathan Dowland (j...@debian.org):
> On 6 Feb 2013, at 17:37, Andrey Rahmatullin wrote:
>
> > Do we finally have mechanisms to start processes without root but with
> > elevated capabilities?
>
> We also need fallback for non Capability-capable supported kernels
> (wow that's an awkward
On 07/02/2013 01:35, Thomas Goirand wrote:
>> >
> Which would be the wrong way of doing things / wrong reason
> for using root as running user, since you can set the
> CAP_NET_BIND_SERVICE capability... (man capabilities ...)
Yeah, I figured as much, but isn't that a Linuxism?
--
Kind regards,
L
On 6 Feb 2013, at 17:37, Andrey Rahmatullin wrote:
> Do we finally have mechanisms to start processes without root but with
> elevated capabilities?
We also need fallback for non Capability-capable supported kernels (wow that's
an awkward sentence)
--
To UNSUBSCRIBE, email to debian-devel-requ
On Thu, Feb 07, 2013 at 01:35:13AM +0800, Thomas Goirand wrote:
> >>> socket-activation in systemd _helps_ security in that you can give an
> >>> unprivlidged process a listening port under 1024. (using a privileged
> >>> configuration file)
> >> Privileged vs. unprivileged port is not really a sec
On 02/06/2013 05:03 PM, Chow Loong Jin wrote:
> On 06/02/2013 16:27, Martin Wuertele wrote:
>> * Shawn [2013-02-05 18:43]:
>>
>>> socket-activation in systemd _helps_ security in that you can give an
>>> unprivlidged process a listening port under 1024. (using a privileged
>>> configuration file)
* Roland Mas:
> Hilko Bengen, 2013-02-06 14:46:11 +0100 :
>
> [...]
>
>> I am pretty sure that if you asked about packaging software in the
>> Python, Perl, Ruby, Java, Lua communities, you would get recommendations
>> to not use Debian packages at all and get pointers to what the
>> respective co
On Tue, Feb 05, 2013 at 04:36:44PM +0100, Joachim Breitner wrote:
> At least to me my work on Haskell in Debian feels more than pretending,
> and from personal experience with the creators of the language, I have
> strong doubts that they are Idiots.
They are not, they are very smart, but they are
Hilko Bengen, 2013-02-06 14:46:11 +0100 :
[...]
> I am pretty sure that if you asked about packaging software in the
> Python, Perl, Ruby, Java, Lua communities, you would get recommendations
> to not use Debian packages at all and get pointers to what the
> respective community considers a solut
* Neil Williams:
> If what you want is complete separation, why is there even a long
> running thread on integration?
Sorry if I failed to make myself clear:
I want excellent Debian packages of the compiler/runtime/tools *and*
libraries *and* still make it possible for our users to use upstream'
Neil Williams writes:
> If Go wants to be packaged, it complies by the requirements of
> packaging. If it wants to live the life of a hermit and disappear up
> itself, that's fine but then it doesn't get the privilege of interacting
> with the rest of Debian. It's just a user download.
Debian pa
On Wed, Feb 06, 2013 at 09:23:02AM +, Neil Williams wrote:
> Then don't package Go at all and leave it entirely outside the realm of dpkg
> - no dependencies allowed in either direction, no files created outside
> /usr/local for any reason, no contamination of the apt or dpkg cache data. If
> w
Chow Loong Jin writes:
> I think he's referring to allowing processes which require listening to
> a port under 1024 to run without superuser privileges. I believe our
> implementation on Debian (e.g. Apache) is to have the process start as
> root, start listening, and then setuid to an unprivile
On Tue, 05 Feb 2013 23:44:30 +0100
Hilko Bengen wrote:
> * Adam Borowski:
>
> >> The worst case scenario IMHO is some people invest a lot of time to
> >> make the Debianized-Go stuff quite divergent from upstream, people's
> >> expectations of how things behave in Go-land are broken when they
>
On 06/02/2013 16:27, Martin Wuertele wrote:
> * Shawn [2013-02-05 18:43]:
>
>> socket-activation in systemd _helps_ security in that you can give an
>> unprivlidged process a listening port under 1024. (using a privileged
>> configuration file)
>
> Privileged vs. unprivileged port is not really
* Shawn [2013-02-05 18:43]:
> socket-activation in systemd _helps_ security in that you can give an
> unprivlidged process a listening port under 1024. (using a privileged
> configuration file)
Privileged vs. unprivileged port is not really a secuitry improvement.
Yours Martin
--
To UNSUBSCR
27 matches
Mail list logo
