Re: Should singularity-container make it to next release?

On Sat, Jan 21, 2023 at 08:34:40PM +0100, Salvatore Bonaccorso wrote: > So in my understanding of the above the situation around > singularity-container, > which lead for buster to https://bugs.debian.org/917867 and keeping it out of > the stable release, did not really change in the aspect of bee

Re: chromium: Update to version 94.0.4606.61 (security-fixes)

On Sat, Jan 01, 2022 at 01:23:09PM -0500, Andres Salomon wrote: > How should I handle this? NMU to sid, let people try it out, and then > deal with buster/bullseye? Yeah, let's proceed with unstable first in any case. > Upload everything all at once? I'm also > going to try building for buster, u

Re: chromium: Update to version 94.0.4606.61 (security-fixes)

On Sun, Jan 02, 2022 at 06:53:51PM +0100, Mattia Rizzolo wrote: > Correlated, do you know how long do they plan on keeping using python2? > That's plainly unsuitable, it really is not going to last much longer in > debian. Current state of the Python 3 upstream migration can be found here: https:/

Re: chromium: Update to version 94.0.4606.61 (security-fixes)

On Sun, Dec 12, 2021 at 08:11:00PM -0500, Andres Salomon wrote: > On 12/5/21 6:41 AM, Moritz Mühlenhoff wrote: > > Am Sun, Dec 05, 2021 at 10:53:56AM +0100 schrieb Paul Gevers: > > Exactly that. > > > > I'd suggest anyone who's interested in seeing Chromium supported to first > > update it in unst

Re: Backports needed for Firefox/Thunderbird ESR 78 in Buster/Stretch

On Wed, Sep 02, 2020 at 05:25:28AM +0900, Mike Hommey wrote: > Note Firefox doesn't need wasi-libc at the moment. Neither does > thunderbird AFAICT. Not Firefox/Thunderbird itself, but rustc in the versions needed by ESR 78 build depends on it. Cheers, Moritz

Re: Backports needed for Firefox/Thunderbird ESR 78 in Buster/Stretch

On Tue, Sep 01, 2020 at 04:35:42PM +0200, Emilio Pozuelo Monfort wrote: > On 01/09/2020 14:05, Christoph Martin wrote: > > Hi, > > > > I am not shure if I can help, but I can try and have a look at it. > > > > Yes please upload your LLVM9 and wasi-libc backports. > > fwiw I started to look at th

Re: Firefox 60esr on Stretch ?

On Wed, May 09, 2018 at 11:10:23AM +0200, Raphael Hertzog wrote: > While I understand the need to keep them out of stable, keeping them out > of testing would annoy testing users and all users of "rolling" derivatives > based on testing (where the packages are not a problem since new upstream > ver

Jasper removal for stretch

Hi, here's a headsup for the upcoming removal of the jasper JPEG200 library for stretch (and the archive in general). It's been unmaintained for nearly a decade, please als see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=812630 A removal tracker has been setup by the release team at h ttps:

Re: Installing debian-security-support by default

On Thu, Sep 18, 2014 at 11:12:28AM +0800, Paul Wise wrote: > On Thu, Sep 18, 2014 at 4:15 AM, Moritz Muehlenhoff wrote: > > > Does anyone have a better suggestion? > > What about just bumping the Priority? This wouldn't ensure that updated systems would get it ins

Installing debian-security-support by default

Hi, during the last security team meeting we decided that starting with jessie debian-security-support should be installed by default on all systems (both freshly installed and upgraded) to have a reliable notification channel in case security supports needs to be ended prior to the lifetime of t

Re: Bits from the Security Team

On Mon, Mar 17, 2014 at 10:33:32AM +0100, Holger Levsen wrote: > Hi, > > On Mittwoch, 5. März 2014, Moritz Muehlenhoff wrote: > > Security release workflow > > - > > * We're currently using Subversion. We discussed changing to git, but >

Re: Bits from the Security Team

On Thu, Mar 06, 2014 at 05:33:42AM +0100, Matthias Klose wrote: > Am 06.03.2014 02:00, schrieb Paul Wise: > >> * The distribution hardening using dpkg-buildflags is coming along > >> nicely. > > > > Unfortunately this doesn't apply to binaries compiled outside of the > > package building system.

Re: Bug#732159: Should this package be removed?

On Sun, Dec 15, 2013 at 10:38:58PM +0100, John Paul Adrian Glaubitz wrote: > On 12/15/2013 10:11 PM, Moritz Mühlenhoff wrote: > > Bálint Réczey schrieb: > >> How about introducing the ffmpeg shared libraries with libffmpeg > >> prefix instead of libav prefix? > > > > No way. Keeping up with secur

Switching to mozilla ESR in stable-security

Hi, we need to change the way security fixes are handled for Mozilla in stable-security. The backporting of security fixes is no longer sustainable resource-wise. As such, we'll switch to releasing the ESR releases of iceweasel and icedove in stable-security. Reverse-deps of the older xulrunner l

Bug#635516: ITP: dvdstyler -- DVD authoring and burning tool

Package: wnpp Severity: wishlist Owner: Moritz Muehlenhoff * Package name: dvdstyler Version : 1.8.4.2 Upstream Author : Alex Thuering * URL : http://dvdstyler.sf.net * License : GPL2 Programming Lang: C++ Description : DVD authoring and burning tool

Re: Bug#584653: CVE-2010-2055

On 2010-12-23, Julien Cristau wrote: > > --C7zPtVaVf+AK4Oqc > Content-Type: text/plain; charset=iso-8859-1 > Content-Disposition: inline > Content-Transfer-Encoding: quoted-printable > > user release.debian@packages.debian.org > usertag 584653 squeeze-is-blocker > usertag 584663 squeeze-is-blo

Re: Bug#595427: ITP: winetricks -- Quick and dirty script to download and install variousredistributable runtime libraries

In gmane.linux.debian.devel.general, you wrote: > On Fri, Sep 3, 2010 at 4:19 PM, Roman V. Nikolaev wrote: >> Package name: winetricks >> Version: 20100822 >> Upstream Author: Austin English , Google: Dan >> Kegel >> URL:http://wiki.winehq.org/winetricks >> License: LGPL >> Description: Quick and

Bug#591302: ITP: 7kaa -- real time strategy game

Package: wnpp Severity: wishlist Owner: Moritz Muehlenhoff * Package name: 7kaa Version : 2.14 Upstream Author : 7kaa project * URL : http://www.enlight.com/7k/ * License : GPL Seven Kingdoms is a formerly proprietary RTS game, which has been released under

Re: chromium-browser from experimental has included h.264 by default?

On 2010-05-11, Reinhard Tartler wrote: > On Mon, May 10, 2010 at 22:36:00 (CEST), Giuseppe Iuculano wrote: > >> Chromium in Debian is built against the system FFmpeg headers via >> pkg-config. This means when Chromium is launched it will assume that >> FFmpeg is present in the system library path

Re: Preparing a Debian "e500" port/derivative (ABI-incompatible PowerPC variant)

eXMeritus are interested in > comments and advice. > > On 2010/03/23 13:40, "Moritz Muehlenhoff" wrote: > > On 2010-03-23, Moffett, Kyle D wrote: > >> * Regarding software security updates, I am aware that most vendors of OS > >> distributions participate in

Re: Preparing a Debian "e500" port/derivative (ABI-incompatible PowerPC variant)

On 2010-03-23, Moffett, Kyle D wrote: [ Only commenting on two issues, the sbuild maintainers, powerpc and Debian embedded people are more versed in commenting them. ] > * Regarding software security updates, I am aware that most vendors of OS > distributions participate in coordinated-disclos

Re: Status of systemtap in Debian

On 2010-02-18, Ben Hutchings wrote: > > --=-krd2Pvts3nDRsMxpCHn/ > Content-Type: text/plain; charset="UTF-8" > Content-Transfer-Encoding: quoted-printable > > On Thu, 2010-02-18 at 15:00 +0100, Lucas Nussbaum wrote: >> On 18/02/10 at 14:31 +0100, Bastian Blank wrote: >> > > I's only a few hundreds

Re: Switch on compiler hardening defaults

["Followup-To:" header set to gmane.linux.debian.devel.general.] On 2009-11-05, Kees Cook wrote: >> The majority of distributions does turn on these options during >> package build time, which IMO is the right thing to do. Debian >> should do the same. There's now Raphael's new framework in place

Re: Is it time to remove sun-java6?

On 2009-10-08, Barry deFreese wrote: > Hi folks, > > A few of us have been discussing the removal of sun-java6. It is > non-free, orphaned, buggy (including security bugs), and can generally > be replaced by openjdk. There are only three reverse depends left and > none of them directly depend

Re: Bug#538857: rocksndiamonds: post-installation fails

On Mon, Jul 27, 2009 at 09:15:00PM +0400, Dmitry E. Oboukhov wrote: > >> The site www.artsoft.org is (temporary?) down. Why do You think it > >> must be another way? Postinst returns error code because it can't > >> download resource. Other packages (for example msttcorefonts) have > >> the same be

Removal of remaining packages using GTK 1.2

As requested by the release managers here's the announcement that the remaining packages still using GTK 1.2 will be removed from testing soon now that KDE 4 has transitioned to Squeeze (kdegraphics 3 still used imlib 1 and kdebindings from KDE 3 still had bindings for GTK 1.2): icewm linpopup wmc

Bug#520827: ITP: drascula -- point and click adventure

Package: wnpp Severity: wishlist Owner: Moritz Muehlenhoff * Package name: drascula Upstream Author : Alcachofa Soft S.L. Programming Lang: N/A Description : point and click adventure "Drascula - The Vampire Strikes Back" is a Spanish point-and-click adventure from

Re: Sponsorship requirements and copyright files

Joerg Jaspert wrote: > >>> No. It is not up to the Debian maintainer to decide that some >>> contributor has written enough of the code to also be mentioned in the >>> (C) lines in a particular file. But as soon as upstream lists them >>> either in a file header or the AUTHORS file the Debian maint

Re: Gtk1.2/Imlib/gnome-lib packages (Long)

Barry deFreese wrote: > Just in case anyone cares/is interested, here is some work I have been > doing on packages using Gtk1.2, Imlib, gnome-libs, or any combination > thereof. Thanks. Could you fold this into a page on wiki.debian.org, so that people can add their specific solution attempts

Re: qmail and related packages in NEW

On 2008-11-29, Joerg Jaspert <[EMAIL PROTECTED]> wrote: > >>> It isn't just about choosing not to install it, it causes work for the >>> various teams in Debian - security, release, QA.=20 >> We've discussed this at the Security Team meeting in Essen and we don't >> have a problem with qmail being

Re: qmail and related packages in NEW

Neil Williams wrote: > It isn't just about choosing not to install it, it causes work for the > various teams in Debian - security, release, QA.=20 We've discussed this at the Security Team meeting in Essen and we don't have a problem with qmail being included in Lenny. Cheers, Moritz -

Re: Bug#504758: gforge-plugins-extra ships security issues-prone code copies

Roland Mas wrote: > tag 504758 + help > The way I see it, there are three ways out: > > - prepare a new upload that doesn't contain this binary package, and > leave users with the task of getting the code from the source > package and installing it by hand; > > - ignore this bug for lenny, si

Re: Bug Sprint results (draft)

Stefano Zacchiroli wrote: >=2E.. hence, given that Lenny hasn't been release yet, when are we gonna > make another one? :) Let's make it a Beer Sprint. The winners receive a package with the local brew from the people who didn't manage to fix their bugs. I'm offering German beer to five winners, j

Re: Bug reports of DFSG violations are tagged ???lenny-ignore????

Robert Millan wrote: >> > > Has the current release team lowered the bar on Debian actually >> > > trying to follow the social contract? >> > >> > Yes, they have. >> >> What if, instead of ranting everywhere, you actually contributed code to >> fix these bugs? > > I did... You contribut

Volunteer needed for Iceape security updates in Lenny

A volunteer is needed to build and test the Iceape security updates in Lenny. Patches are provided through a patch set for each update round, but the Security Team and the Mozilla maintainers lack the ressources for the proper integration work. So if you use Iceape and want to continue to use it in

Re: Bug#496386: The possibility of attack with the help of symlinks in some Debian packages

Christian Perrier wrote: >> This is far below the quality I expect from a mass bug filing that's been >> reviewed by debian-devel. Mass bugfilings at RC severity need to be held to > > Even though I overread the thread when Dmitry posted his intent to > -devel, I feel like there was *no* strong a

Re: RFH: clamav

Stephen Gran wrote: > This one time, at band camp, Stephen Gran said: >> I'm looking for people to help with maintenance of clamav. > > So, I got a total of one reply to this RFH. I'm currently debating > whether or not to release clamav with lenny or orphan it. I don't think > I'm interested in

Re: Xen status in lenny?

Bastian Blank wrote: > Xen got a often used technique in the last two years. All of the large > distributions got some sort of support for it. Debian Etch have full > support for it. There was several requests of various people so I think > not providing at least a minimal support in Lenny is wrong

Re: divergence from upstream as a bug

Joey Hess wrote: FWIW, I like the general idea of tracking upstream diverge with a bug. > Mike Hommey wrote: >> The BTS would also need something to make it easier to spot patches in a >> bug. Patch tracking is one of the few things bugzilla is not bad at, for >> instance. > > I guess you're talk

Re: pwsafe and OpenSSL?

Daniel Burrows wrote: > I notice that pwsafe is linked against openssl. Is it affected by the > recent debacle and if so, how? Do I need to regenerate all my > randomized passwords, or somehow re-encrypt the pwsafe database? I've looked briefly into it: The Blowfish encryption key is construct

Re: GnuPG: Maintainer inactive?

Michael Banck wrote: > On Wed, Apr 16, 2008 at 02:19:12PM +0200, Kai Wasserbäch wrote: >> on the 1st of April I wrote an e-mail to James Troup offering my help in >> hunting >> down open bugs which are no longer present an thus enabling him to >> concentrate >> on packaging GnuPG 1.4.9. But his l

Re: Bug#471094: RFH: mantis

On 2008-04-03, Hilko Bengen <[EMAIL PROTECTED]> wrote: > Patrick Schoenfeld <[EMAIL PROTECTED]> writes: > >> as upstream is considering some changes in the upgrade path that will >> make upgrading with pure sql files quiet hard and they never really >> supported upgrading through pure sql files (an

Re: A suggestion

On 2008-04-03, Mike Bird <[EMAIL PROTECTED]> wrote: > On Thu April 3 2008 03:03:51 Matthew Johnson wrote: >> On Thu Apr 03 11:54, Andrea Bolognani wrote: >> > And stable is not fine for a desktop in general, because it has outdated >> > packages which are not what a desktop user wants. >> >> _you_

Re: Version numbering for security uploads of native packages

On 2008-03-16, Adam D. Barratt <[EMAIL PROTECTED]> wrote: > On Sun, 2008-03-16 at 03:47 -0700, Steve Langasek wrote: >> The current binNMU numbering scheme was selected explicitly to allow >> security uploads to sort later by numbering as >> +; e.g., 1.2-5.1+etch1. > > That makes sense, although do

Re: Bits from the Security Team

On 2008-03-11, Don Armstrong <[EMAIL PROTECTED]> wrote: > On Sun, 09 Mar 2008, Moritz Muehlenhoff wrote: >> If you're opening a ticket for a security problem which is publicly >> known, e.g. if it's announced on the project web site, please open a >> ticket

Re: Bits from the Security Team

Steve Langasek wrote: >> The Security Team is now using Request Tracker to coordinate work >> and our RT processes have already been refined a lot. >> If you're a package maintainer working towards a security update, >> you're now encouraged to open a ticket directly. You will be kept in >> CC dur

Re: Proposalto introduce compiler options passed from dpkg-buildpackage

Loïc Minier wrote: > On Thu, Feb 14, 2008, Frank Lichtenheld wrote: > > Hmm, I doubt that dpkg-dev should be the place to keep track of that. > > I mean, that probably depends on the version of gcc/g++/whatever used, > > so it's quite meaningless to make it dependent on the version of > > dpkg-dev

Re: Proposalto introduce compiler options passed from dpkg-buildpackage

On Mon, Feb 11, 2008 at 05:44:33PM +0100, Matthias Klose wrote: > Moritz Muehlenhoff writes: > > [This message has also been posted to gmane.linux.debian.devel.general.] > > On 2007-12-25, Moritz Muehlenhoff <[EMAIL PROTECTED]> wrote: > > > Matthias Klose wrote

Re: wnpp.debian.net sources released, security review wanted, plans for the future

Sebastian Pipping wrote: >> Not sure what you had in mind for a "feed". If you mean RDF/RSS of >> DSAs, there are two here: >> >> http://www.debian.org/security/ The recommended way is to subscribe to [EMAIL PROTECTED] > Is there a way to get notified of new security > bugs right when they are

Re: Introducing security hardening features for Lenny

John Goerzen wrote: > However, I am concerned that is appears to be limited in scope to packages > that: > > * Are written in C or C++ > > * Can have hardening achieved through technical changes to the build process > > I think it is important to remember that other languages can have security

Re: Introducing security hardening features for Lenny

Riku Voipio wrote: >> In kernels that support text ASLR, programs compiled >> for PIE will gain full position randomization. > > For which architectures is text ASLR available? does it require > external kernel patches? PIE means considerable system overhead > and fatter binaries, especially for sy

Re: Proposalto introduce compiler options passed from dpkg-buildpackage

On 2007-12-25, Moritz Muehlenhoff <[EMAIL PROTECTED]> wrote: > Matthias Klose wrote: >> This is a proposal to introduce a common set of compiler options which >> can be set independently from the package, and passed/injected to the >> package build process. It was firs

Re: Introducing security hardening features for Lenny

Kees Cook wrote: > Does anyone have any good test harnesses we can try this on? I'd be > more than happy to run them on some modern hardware. Video: mplayer with the -benchmark option in conjunction with -nosound and -vo. HTML rendering: Mike Hommey once blogged about benchmarking the ACID test:

Re: Introducing security hardening features for Lenny

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Moritz Muehlenhoff wrote: > The Debian archive is the biggest of all distributions and although > there's security support for all security issues being found, there's > still room for improvement and a need for increased resilie

Re: Introducing security hardening features for Lenny

Thomas Bushnell BSG wrote: > For my money, you blew it. You don't bootstrap a discussion by > presenting a pseudo-official email like the one you posted. But we can > get back to that discussion: cancel the email by saying "whoops, we're > not ready yet" and then having the discussion first. Of

Re: Introducing security hardening features for Lenny

Pierre Habouzit wrote: >> Fortify Source >> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D >>=20 >> This feature adds validation for internal C functions such as strcpy >> for buffer sizes known during compile time. While vulnerabilities in >> the functions it protects have become uncommon in high-prof

Re: Bug#462740: ITP: demac -- A decoder for Monkey's Audio (APE) lossless files

William Pitcock wrote: > demac has some bugs with v3.97 format files. I would recommend merging > in patches from ffmpeg and making a seperate product. Or rather avoid packaging demac at all and link the application in question against libavcodec. Cheers, Moritz -- To UNSUBSCRIBE, emai

Re: How to cope with patches sanely (Was: State of the project - input needed)

Andreas Tille wrote: > What would you suggest to enhance the situation? Each maintainer may be familiar with his pet patch system, but for archive wide work I agree the current approach is a mess and makes security updates painful. Since it's unlikely to change anytime soon, each source packages,

Re: gnome 1.x removal

Pierre Habouzit wrote: > As per release goal, gnome 1.x won't be shipped in Lenny. I just started > a first round of bugs (severity important for now), with user/usertag > [EMAIL PROTECTED]/gnome-1.x-removal so that people > interested in that goal can track our progress. Two thumbs up, thanks for

Re: Bug#460539: ITP: industrial-icon-theme -- openSUSE Industrial icon theme

Julian Andres Klode wrote: >>> * License : non-free / CC By-SA 3.0 >> >> Is it non-free because of its being CC-BY-SA 3.0, or does it contain >> non-free stuff? >> > AFAIK, CC-BY-SA is non-free. > 'non-free / CC BY-SA 3.0 '=3D> 'non-free (CC BY-SA 3.0)' CC by-sa 3.0 is considered free and

Re: Proposalto introduce compiler options passed from dpkg-buildpackage

Matthias Klose wrote: > This is a proposal to introduce a common set of compiler options which > can be set independently from the package, and passed/injected to the > package build process. It was first discussed at the last UDS; a > corresponding wiki page can be found at [1]. A change like th

Re: Bug#448980: ITP: rt73-firmware -- firmware for Ralink USB wireless cards

On 2007-11-02, Ben Hutchings <[EMAIL PROTECTED]> wrote: > Package: wnpp > Severity: wishlist > Owner: Ben Hutchings <[EMAIL PROTECTED]> > > > * Package name: rt73-firmware > Version : 1.8 > Upstream Author : Ralink Technology Corp > * URL : http://www.ralinktech.com/rali

Re: Out-of-tree kernel module popularity

Ben Hutchings wrote: > >> Nevertheless on the user's side there is a demand for those=20 >> codecs which can be whitnessed by the broad acceptance of unofficial=20 >> repositories [see: http://popcon.debian.org/unknown/by_inst ].=20 > > > I didn't know that table existed! It seems like it would be

Re: Bug#447592: RFP: fckeditor -- text/file editor for PHP

Roland Mas wrote: > Nico Golde just contacted me about a problem found in the FCKeditor > code that's shipped in the Gforge package. Apparently, there's at > least one other package that ships this code (knowledgeroot), so the > code is effectively duplicated. It would be better for everyone if >

Re: Enabling and installing of "risky" ("patented") codecs - made easy

Fabian Greffrath wrote: > You all know about the unsatisfying situation of some codec libraries > that are commonly called 'risky' or 'patented'; namely lame, xvid and > friends. While being perfectly free software on the one hand, licensed > under the GPL or LGPL, they are surrounded by a cloud

Re: Bits from the Security Team

Adrian von Bidder wrote: >>=20 > which is really a Bits from the Security Team. Full "Bits" will appear soon. Cheers, Moritz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trou

Re: Bits from the Testing Security team

On 2007-10-15, Stefano Zacchiroli <[EMAIL PROTECTED]> wrote: > > --MGYHOYXEY6WxJCY8 > Content-Type: text/plain; charset=us-ascii > Content-Disposition: inline > Content-Transfer-Encoding: quoted-printable > > On Mon, Oct 15, 2007 at 11:29:16AM +0200, Stefano Zacchiroli wrote: >> So, question, do yo

Re: User-Agent strings, privacy and Debian browsers

Joey Hess wrote: > Surely packages.debian.org is not a good example of a site with > generally few Debian users. > > The scenario seems more likely to me on small non-technical sites that > only a few Debian unstable users are likely to visit. For special fun, > try browsing from an unusual archite

Re: "Etch and a half" ( was Re: Bugfix/hardware support updates to stable releases?)

Tim Hull wrote: > Anyway, I'm curious - is this still a legitimate consideration within > Debian? Yes. > If it were to be done, it would have to be December/Januaryish (any That's the plan. > Thus, one wouldn't HAVE to upgrade, but > new users and anyone standing to benefit from a new X/kernel

Re: APT 0.7 for sid

Michael Vogt wrote: > unattended-upgrades comes with a default configuration that will only > apply security updates (but it can be configured in any way people > want) and it will do some careful checking to not upgrade packages > that require manual intervention bia conffile prompts. It will also

Re: Bug#428877: ITP: callweaver -- Community-driven open source PBX software

Santiago Ruano Rincón wrote: > CallWeaver is a community-driven vendor-independent cross-platform open > source PBX software project (formerly known as OpenPBX.org). It was > originally derived from Asterisk. Now it supports analog and digital > PSTN telephony, multi-protocol voice over IP telephon

Re: Bug#426069: ITP: spip -- website engine for publishing

Romain Beauxis wrote: > However, I'll contact them and ask for their commitment to solving seciruty > issues, but I'm quite sure that the main issue remains in the hand of the > maintainer, to be able to update the package as soon as they fix anything.. It had too many security problems in 2006.

Re: Bug#426069: ITP: spip -- website engine for publishing

Romain Beauxis wrote: > * Package name: spip > Version : 1.9.2b > Upstream Author : SPIP Development Team <[EMAIL PROTECTED]> > * URL : http://www.spip.net/ and > http://trac.rezo.net/trac/spip/ > * License : Mainly GPL and other open source

Re: wordpress packages

Russell Coker wrote: > Getting the entire collection of Wordpress plugins (or any significant > sub-set) audited for security issues seems quite unlikely. Getting a smaller > collection of plugins which are packaged for Debian audited in such a manner > would be much easier and therefore much m

Re: The number of etch installations is rocketing...

Johannes Wiedersich wrote: > Presently the number of installations reported to popcon is about the > same as the number of subscriptions to debian-security-announce, but I > am sure there are many users of debian who don't read d-s-a and many > users, who have several -maybe hundreds- of installati

Re: Bug#414534: ITP: sucrack -- multithreaded su bruteforcer

Tim Brown wrote: >> Nope since he that did not go to d-d. Maybe you can outline professional >> uses in the description like done in the previous answers? > > As to previous answers, verbatim: > > I'm packaging a bunch of security tools that I use in my job pen testing. (..) > companies using my

Re: Handling of (inactive) Debian Accounts

Jon Marler wrote: > I have a question ... How do I keep my Debian maintainer status if I > miss the vote? A more relevant case are probably people, who don't care about the annual time-drain aka DPL election. Cheers, Moritz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject o

Re: about gstreamer0.8 and python2.3 removal

Tshepang Lekhonkhobe wrote: [I wanted to evaluate gstreamer 0.8 this weekend anyway, due to the recent amount of newly discovered libavcodec vulnerabilities, thanks for raising it independantly; this save quite some time] >> > Pretty surprising. Was there a discussion in which this decision was >

Re: etch's upgrades during life cycle

Luis Matos wrote: > Many users have complaints about in the middle of the life cycle, or > before the debian stable release no longer supports new hardware. > Therefor a new kernel would be needed for d-i ( or an hardware > compatibility update for the kernel and modules). > > My proposal would be

Bug#404762: ITP: freesynd -- Free implementation of the Syndicate engine

Package: wnpp Severity: wishlist Owner: Moritz Muehlenhoff <[EMAIL PROTECTED]> * Package name: freesynd Version : 0.1 Upstream Author : QuantumG <[EMAIL PROTECTED]> * URL : http://freesynd.sf.net/ * License : GPL Programming Lang: C++ Descriptio

Re: Dropping GStreamer 0.8 for etch

Josselin Mouette wrote: > By hiding behind upstream, you're simply refusing to fix the problem. > The patch is a hack that is only guaranteed to work on a Debian system, > and upstream will refuse it until it is done in a proper way. This is > not how things work. Forwarding fixes upstream is impor

Re: SUMMARY: Re: Dropping GStreamer 0.8 for etch

Loïc Minier wrote: >> - goobox > > Alternative programs available with a superset of the features, and an > active upstream. I'm waiting for a final ack of the maintainer that > the alternatives are indeed okay and that we can proceed with removal. If goobox's unique feature is remote audio

Re: Bug#396927: ITP: xyssl -- lightweight crypto and SSL/TLS library

Arnaud Cornet wrote: > * Package name: xyssl > Version : 0.1 > Upstream Author : Christophe Devine <[EMAIL PROTECTED]> > * URL : http://xyssl.org/ > * License : LGPL > Programming Lang: C > Description : lightweight crypto and SSL/TLS library Do you have

Re: RFP: tinymce -- Web based Javascript HTML WYSIWYG editor

Kjetil Kjernsmo wrote: > I could imagine this creating an undesired overhead for the Security > Team in case of a flaw. > > I would therefore suggest splitting TinyMCE into a package of its > own. Unfortunately, I'm not a DD myself. That would be much appreciated. The second troublemaker if adodb

Re: local copies of libs

Hendrik Sattler wrote: >> libavcodec had several vulnerabilities and without doubt it'll have more in >> the next 30 months after Etch release. So it's absolutely necessary to >> link dynamically. (Many do already, e.g. xine-lib). >> I'll file RC bugs for any packages still embedding or link static

Re: local copies of libs

Reinhard Tartler wrote: >> libavcodec had several vulnerabilities and without doubt it'll have more in >> the next 30 months after Etch release. So it's absolutely necessary to >> link dynamically. (Many do already, e.g. xine-lib). >> I'll file RC bugs for any packages still embedding or link stati

Re: Bug#391686: ITP: ipw3945-daemon -- Binary userspace regulatory daemon for Intel PRO/Wireless 3945ABG cards

Jurij Smakov wrote: > * Package name: ipw3945-daemon > Version : 1.7.22 > Upstream Author : Intel Corporation > * URL : http://http://bughost.org/ipw3945/ > * License : Redistribution only (non-free) > Programming Lang: available only in binary form > Descrip

Re: local copies of libs

Hendrik Sattler wrote: > since I often see that packages keep local copies of libs and use those, I= >=20 > kind of want to object to arguments for such build behaviour. > > The latest one I found is xmms-wma: it uses a local stripped-down copy of=20 > ffmpeg's libavcodec and libavformat. > > The g

Re: Bug#386911: ITP: Claroline -- Course Management System for Online Learning

Victor Manuel Mtz wrote: > * Package name: Claroline > Version : 1.7.8 > Upstream Author : Lederer Guillaume <[EMAIL PROTECTED]> > * URL : http://www.claroline.net > * License : GPL > Description : Course Management System for Online Learning > > Claroline

Re: Why not only support Sid and Testing?

Marc Haber wrote: >> I know I am in for an argument, but I think it is a good >>question. I'm sure many of you have read Mark's blog: >>http://www.markshuttleworth.com/archives/56. It says 76% of Debian >>users run unstable and probably a fair fraction of the rest run testing. > > I tend to

Re: Proposal: searchable d.o/security/

Javier Fernández-Sanguino Peña wrote: >> today I searched for a specific DSA and its really pain if=20 >> you just know the package but no DSA number (correct me if I missed=20 >> something). > > What kind of search are you trying to do? Package to DSA? Bug to DSA? > If so, it would not be difficul

Re: NMU for mantis - dependecy for php5 fixed

Daniel Knabl wrote: > could anyone please have a look at the changes I've made to the mantis > package?! It should now support/depend on/work with php5 too. > Also I've tested it on several machines both with testing and > unstable, and there were no errors during installation nor with > upgrades f

Re: Two versions of pan in etch?

Søren Boll Overgaard wrote: > Essentially, what it boils down to is this: Would it be prudent to include two > separate versions of pan in etch (perhaps named pan and pan2)? This should be avoided where possible; if they share a common code base it's quite likely that discovered security problems

Re: Bug#379857: ITP: git-completion -- content addressable filesystem (bash completion)

Sebastian Harl wrote: > * Package name: git-completion > Version : 0+20060722 > Upstream Author : Ben Clifford <[EMAIL PROTECTED]> > * URL : http://www.hawaga.org.uk/ben/tech/gitcompletion/ > * License : GPL > Description : content addressable filesystem (b

Re: Bug#377697: New version of squid hangs at startup

Luigi Gangitano wrote: > Since this is a compile time choice and kernel 2.4.27 is still in the > archive we have the following options: > > 3. drop support for older kernels (will etch release with a 2.4 > default kernel?) > > Please give your advice. Etch will only support 2.6 kernels, so any

Re: egroupware upgrade drops several applications -- suggestions?

Peter Eisentraut wrote: > The upgrade to the new egroupware upstream drops several applications such as > the trouble-ticket system and the forum (because they were unmaintained or > the functionality was picked up by something else). I'm not sure how to > arrange an upgrade to this new version

Re: [Debconf-discuss] Re: Please revoke your signatures from Martin Kraff's keys

Javier Fernández-Sanguino Peña wrote: > On Thu, May 25, 2006 at 05:30:23PM +0200, Luca Capello wrote: > > FYI, Martin's explanation is at [1], which passed on Planet Debian. > > > > Thx, bye, > > Gismo / Luca > > > > [1] http://blog.madduck.net/geek/2006.05.24-tr-id-at-keysigning > > FWIW, I not

Re: Packaing Xen 3.0 etc for Debian

Matthew Grant wrote: > 2) Their stable release uses a kernel that is not patched for security > holes. It is, the status of the currently prepared sarge2 update can be found at http://wiki.debian.org/DebianKernelSargeUpdateStatus > Fortunately, individual security fixes are almost all only small

Re: Honesty in Debian (was Re: Amendment to GR on GFDL, and the changes to the Social Contract

Adam McKenna wrote: >> No, like chosing ati over nvidia for graphic cards, or silicon image over >> others for SATA cards. > > Wait a minute, did I miss a memo? ATI isn't the devil anymore? It surely is, the current generation of ATI cards doesn't even support 2D with free drivers (beyond VESA, o

Bug#352064: ITP: wormux -- A clone of the Worms game

Package: wnpp Severity: wishlist Owner: Moritz Muehlenhoff <[EMAIL PROTECTED]> * Package name: wormux Version : 0.7 Upstream Authors: Jean-Christophe DUBERGA, Laurent DEFERT SIMONNEAU, Lawrence AZZOUG Matthieu FERTRÉ, Renaud LOTTIAUX, Victor STINNER

  1   2   >