Hi,
As you might know, there's this nice spec about build profiles:
https://wiki.debian.org/BuildProfileSpec
The idea is to ease bootstrapping Debian by tagging build-dependencies
that are not required for more basic builds (no test suite, no docs,
etc.), thus avoiding dependency loops. The suppo
Josh Triplett writes:
> https:// avoids MITM;
If you aren't doing certificate pinning, I don't think you can really say
this with a straight face.
It makes MITM moderately harder, at the cost of giving money to a bunch of
exploitative clowns who have no concept of what security means.
--
Russ
On Thu, May 28, 2015 at 1:41 AM, Christoph Anton Mitterer wrote:
> Haven't tried systemd-networkd yet, but at least NM fails in even very
> simple cases (like resolving is broken, when I disconnect the wire and
> go back to wifi, etc. pp.) ... plus the whole design, that it tries to
> be the canon
On Wed, May 27, 2015 at 5:29 PM, Josh Triplett wrote:
> On Wed, May 27, 2015 at 05:06:38PM -0700, Cameron Norman wrote:
>> On Wed, May 27, 2015 at 4:36 PM, Josh Triplett wrote:
>> > Simon McVittie wrote:
>> >> One thing that an adopter could very usefully do with ifupdown would be
>> >> to coordi
On Wed, May 27, 2015 at 05:06:38PM -0700, Cameron Norman wrote:
> On Wed, May 27, 2015 at 4:36 PM, Josh Triplett wrote:
> > Simon McVittie wrote:
> >> One thing that an adopter could very usefully do with ifupdown would be
> >> to coordinate with the systemd maintainers on moving net.agent
> >> (D
On Wed, May 27, 2015 at 4:36 PM, Josh Triplett wrote:
> Simon McVittie wrote:
>> One thing that an adopter could very usefully do with ifupdown would be
>> to coordinate with the systemd maintainers on moving net.agent
>> (Debian-specific udev glue to invoke ifupdown) from udev into ifupdown,
>> s
Simon McVittie wrote:
> I don't think ifupdown has been "Debian's native tool" for several years
> now. It is one among several available tools, and happens to be the only
> one with Debian as its upstream; on a wheezy-era sysvinit system that
> uses NetworkManager, the only thing ifupdown does for
On Mon, May 25, 2015 at 01:53:28PM -0300, Henrique de Moraes Holschuh wrote:
> Commits: trying to change the signature will change the commit hash.
> So, it works just like amending the commit. In fact, "git commit
> --amend -S" will sign/re-sign the commit by creating a new commit, just
> like an
On 27 May 2015 at 23:00, wrote:
> On Wed, May 27, 2015 at 10:44:17PM +0100, Dimitri John Ledkov wrote:
>> On 27 May 2015 at 09:08, Wouter Verhelst wrote:
>> > On Mon, May 25, 2015 at 11:38:06AM -0700, Josh Triplett wrote:
>> >> > While we're on the subject of git security...should we stop
>> >>
Package: wnpp
Severity: wishlist
Owner: Miguel Landaeta
* Package name: jruby-openssl
Version : 0.9.7
Upstream Author : The JRuby Team
* URL : https://github.com/jruby/jruby-openssl
* License : EPL-1.0/GPL-2/LGPL-2.1
Programming Lang: Java/Ruby
Description
On 27 May 2015 at 09:08, Wouter Verhelst wrote:
> On Mon, May 25, 2015 at 11:38:06AM -0700, Josh Triplett wrote:
>> > While we're on the subject of git security...should we stop
>> > recommending that non-account-holders use git:// (most efficient, but
>> > insecure against MITM unless you manuall
On Wed, May 27, 2015 at 10:44:17PM +0100, Dimitri John Ledkov wrote:
> On 27 May 2015 at 09:08, Wouter Verhelst wrote:
> > On Mon, May 25, 2015 at 11:38:06AM -0700, Josh Triplett wrote:
> >> > While we're on the subject of git security...should we stop
> >> > recommending that non-account-holders
On 26 May 2015 at 19:25, Vincent Bernat wrote:
> ❦ 26 mai 2015 14:38 -0300, Henrique de Moraes Holschuh :
>
>>> A solution to this without history rewriting is to tag the commits you
>>> want to sign.
>>>
>>> You could tag any commit at any time, and sign that tag. Impractical if
>>> you want to
On Wed, 2015-05-27 at 22:12 +0200, Christoph Anton Mitterer wrote:
> On Wed, 2015-05-27 at 20:50 +0100, Simon McVittie wrote:
> > I don't think ifupdown has been "Debian's native tool" for several years
> > now. It is one among several available tools, and happens to be the only
> > one with Debia
On Wed, 2015-05-27 at 22:12 +0200, Christoph Anton Mitterer wrote:
> On Wed, 2015-05-27 at 20:50 +0100, Simon McVittie wrote:
> > I don't think ifupdown has been "Debian's native tool" for several years
> > now. It is one among several available tools, and happens to be the only
> > one with Debia
* Wouter Verhelst , 2015-05-27, 12:53:
Maybe dak should refuse uploads of a _$arch.changes file that does
not refer to any _$arch.deb files with an appropriate error message?
Then this isn't an issue.
What about packages that produce only arch:all binaries?
dpkg-buildpackage generates _$arch.ch
On Wed, 2015-05-27 at 20:50 +0100, Simon McVittie wrote:
> I don't think ifupdown has been "Debian's native tool" for several years
> now. It is one among several available tools, and happens to be the only
> one with Debian as its upstream; on a wheezy-era sysvinit system that
> uses NetworkManag
On 27/05/15 18:41, Christoph Anton Mitterer wrote:
> However, I hope ifupdown is going to live on. Or are there any plans to
> replace Debian's native tool?
I don't think ifupdown has been "Debian's native tool" for several years
now. It is one among several available tools, and happens to be the
Package: wnpp
Severity: wishlist
Owner: Vincent Bernat
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
* Package name: libcbor
Version : 0.3.1
Upstream Author : Pavel Kalvoda
* URL : https://github.com/PJK/libcbor
* License : MIT
Programming Lang: C
Descri
On Wed, 2015-05-27 at 12:33 +0200, Marco d'Itri wrote:
> (I am shocked, shocked that there is no flood of people here rushing to
> save ifupdown... :-) )
Perhaps people are just tired of flame wars... (for now...) ;)
However, I hope ifupdown is going to live on. Or are there any plans to
replace
On Wed, May 27, 2015 at 4:18 AM, Russell Stuart
wrote:
> On Wed, 2015-05-27 at 12:33 +0200, Marco d'Itri wrote:
>> (I am shocked, shocked that there is no flood of people here rushing to
>> save ifupdown... :-) )
>
> Until systemd-networkd can run scripts on events no defence is required.
Martin
On Wed, May 27, 2015 at 10:08:35AM +0200, Wouter Verhelst wrote:
> On Mon, May 25, 2015 at 11:38:06AM -0700, Josh Triplett wrote:
> > > While we're on the subject of git security...should we stop
> > > recommending that non-account-holders use git:// (most efficient, but
> > > insecure against MITM
On Tue, May 26, 2015, at 15:25, Vincent Bernat wrote:
> ❦ 26 mai 2015 14:38 -0300, Henrique de Moraes Holschuh
> :
>
> >> A solution to this without history rewriting is to tag the commits you
> >> want to sign.
> >>
> >> You could tag any commit at any time, and sign that tag. Impractical if
Marco d'Itri wrote:
I do not expect systemd-networkd taking over NM when an interaction
with
a GUI is needed, but OTOH I see no reason to use NM on servers when
(recent) systemd-networkd is available, since it is much leaner.
In the current state of affairs, that’s pro
On Wed, 2015-05-27 at 19:27 +0800, Paul Wise wrote:
> Your mail is missing some things:
>
> To: 786...@bugs.debian.org
> Control: retitle -1 ITA: ifupdown -- high level tools to configure
> network interfaces
> Control: owner -1 !
If you mean it has been orphaned, it will work for while yet even
Why? Which attack do you envision[...]that would
be thwarted by https but not by signed commits?
I don't; I see https as easier and hence more likely to actually get
used in practice.
Telling users to use the existing https:// instead of git:// is a simple
change to the wiki; enabling https on
On Wed, May 27, 2015 at 12:37:09PM +0200, Jakub Wilk wrote:
> * Wouter Verhelst , 2015-05-27, 10:12:
> >Maybe dak should refuse uploads of a _$arch.changes file that does not
> >refer to any _$arch.deb files with an appropriate error message? Then this
> >isn't an issue.
>
> What about packages th
On Wed, May 27, 2015 at 7:18 PM, Russell Stuart wrote:
> On Wed, 2015-05-27 at 12:33 +0200, Marco d'Itri wrote:
>> (I am shocked, shocked that there is no flood of people here rushing to
>> save ifupdown... :-) )
>
> Until systemd-networkd can run scripts on events no defence is required.
Your mai
On Wed, 2015-05-27 at 12:33 +0200, Marco d'Itri wrote:
> (I am shocked, shocked that there is no flood of people here rushing to
> save ifupdown... :-) )
Until systemd-networkd can run scripts on events no defence is required.
It would be like comparing a calculator to a computer. Sure, the
calc
On May 27, Paul Wise wrote:
> > a featureful systemd-networkd.
> Will that make NetworkManager obsolete or will there be cases where it
> will still be needed?
I am not sure that there is a clear plan about this: when this question
was asked at FOSDEM the answer was a bit vague. :-)
I do not ex
* Wouter Verhelst , 2015-05-27, 10:12:
Maybe dak should refuse uploads of a _$arch.changes file that does not
refer to any _$arch.deb files with an appropriate error message? Then
this isn't an issue.
What about packages that produce only arch:all binaries?
dpkg-buildpackage generates _$arch.
On Wed, May 27, 2015 at 10:08:35AM +0200, Wouter Verhelst wrote:
> On Mon, May 25, 2015 at 11:38:06AM -0700, Josh Triplett wrote:
> > > While we're on the subject of git security...should we stop
> > > recommending that non-account-holders use git:// (most efficient, but
> > > insecure against MIT
On Mon, May 25, 2015 at 08:47:43PM +0200, Julien Cristau wrote:
> On Mon, May 25, 2015 at 19:42:48 +0100, Simon McVittie wrote:
>
> > On 25/05/15 18:24, Lisandro Damián Nicanor Pérez Meyer wrote:
> > > On Sunday 24 May 2015 21:27:47 Adam D. Barratt wrote:
> > > [snip]
> > >> Due to the way that th
On Mon, May 25, 2015 at 11:38:06AM -0700, Josh Triplett wrote:
> > While we're on the subject of git security...should we stop
> > recommending that non-account-holders use git:// (most efficient, but
> > insecure against MITM unless you manually check the commit number) in
> > preference to https:
On Wed, May 27, 2015 at 12:54 AM, Marco d'Itri wrote:
> a featureful systemd-networkd.
Will that make NetworkManager obsolete or will there be cases where it
will still be needed?
--
bye,
pabs
https://wiki.debian.org/PaulWise
--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
35 matches
Mail list logo
