Re: Bug#990521: I wonder whether bug #990521 "apt-secure points to apt-key which is deprecated" should get a higher severity

2021-07-02 Thread Arne Pisch
Am 02.07.21 um 03:24 schrieb Paul Wise: On Thu, Jul 1, 2021 at 1:27 PM Jeremy Stanley wrote: There's nothing especially wrong about using signed-by, but it's not the security fix some people seem to believe. In short, *any* package you install can run arbitrary commands as the root user on yo

Re: Gitlab support for Debian repositories (Was: Regarding the new "Debian User Repository")

2021-07-02 Thread Holger Levsen
On Fri, Jul 02, 2021 at 08:04:45PM +0200, Mathieu Parent wrote: > On a related topic, I'm currently developing support for Debian > repositories in Gitlab (and transitively Salsa). [...] wow, that's some very nice news! 👍 Thanks for sharing it here now. I'm looking forward to see it in production

Re: Regarding the new "Debian User Repository"

2021-07-02 Thread Jonathan Carter
Hi Stephan On 2021/07/02 19:16, Stephan Lachnit wrote: > Today I discovered a relatively new project called "Debian User Repository" > [1]. For what it's worth, the Debian trademark team is already aware of this. -Jonathan

Re: Regarding the new "Debian User Repository"

2021-07-02 Thread Hunter Wittenborn
Sorry, completely forgot to point to my reference. [1]: --- *Hunter Wittenborn* hun...@hunterwittenborn.com

Re: Regarding the new "Debian User Repository"

2021-07-02 Thread Hunter Wittenborn
Hi! Just thought I would pop in about some initial concerns Andrey raised: > As long as it only targets Ubuntu and doesn't mention Debian it's indeed only an Ubuntu problem. It mainly *targets* Ubuntu, but there's no reason it wouldn't be functional on Debian distributions. Dependencies can

Gitlab support for Debian repositories (Was: Regarding the new "Debian User Repository")

2021-07-02 Thread Mathieu Parent
Le ven. 2 juil. 2021 à 19:17, Stephan Lachnit a écrit : > > Today I discovered a relatively new project called "Debian User Repository" > [1]. > > It's similar to the AUR, and much more than just in principle. Hi, On a related topic, I'm currently developing support for Debian repositories in G

Re: Regarding the new "Debian User Repository"

2021-07-02 Thread Andrey Rahmatullin
On Fri, Jul 02, 2021 at 07:16:48PM +0200, Stephan Lachnit wrote: > Thus, I think we should discuss whether we should ask the creator to change > the name (he is open for that, I asked him). I don't think there is something to discuss here, the name should be changed. > The creator responded quite

Regarding the new "Debian User Repository"

2021-07-02 Thread Stephan Lachnit
Today I discovered a relatively new project called "Debian User Repository" [1]. It's similar to the AUR, and much more than just in principle. Packages are defined as PKGBUILD files and built via makepkg [2], the tool used in the AUR. The packages are then converted to binary debs using makedeb [

[OFFTOPIC] partially-trusted debs (was Bug#990521: I wonder whether bug ...)

2021-07-02 Thread Antonio Russo
On 7/1/21 7:38 PM, Jeremy Stanley wrote: > On 2021-07-02 01:24:09 + (+), Paul Wise wrote: >> >> For sophisticated users it isn't very hard to verify that packages >> don't do anything malicious as root. `apt install --download-only`, >> `dpkg-deb --raw-extract`, read the maintainer scripts

Bug#990572: ITP: golang-mozilla-pkcs7 -- Go library for parsing and creating signed and enveloped messages

2021-07-02 Thread Peymaneh Nejad
Package: wnpp Severity: wishlist Owner: Peymaneh Nejad * Package name: golang-mozilla-pkcs7-dev Version : 0.0~git20200128.432b235-1 Upstream Author : Mozilla Services * URL : https://go.mozilla.org/pkcs7 * License : Expat Programming Lang: Go Description