On Thu, November 24, 2016 22:28, Harlan Lieberman-Berg wrote:
> On November 24, 2016 11:59:46 AM EST, James Cloos
> wrote:
>>The jessie and jessie-backports releases of certbot have not, in
>>general, been usable. There have been usable windows, but it has not
>>been continuous.
>
> Certbot has n
Hi Peter,
On Tue, November 22, 2016 02:40, Peter Eckersley wrote:
> I'm an upstream developer for Certbot, previously known as the Let's
> Encrypt client (https://certbot.eff.org). Certbot is a flexible and very
popular
> way to get certificates from Let's Encrypt;
Thanks a lot for your efforts.
On Sat, December 19, 2015 15:08, Ansgar Burchardt wrote:
> I would like to propose two changes for the security archive:
>
> * Rename */updates to *-security, starting with the next stable release.
> This gets rid of the confusion of */updates vs. *-updates.
>
> * Rename the components updates/{m
Hi Enrico,
On Sun, October 11, 2015 20:50, Enrico Zini wrote:
> However, there is discussion in the Chrome[5] and Mozilla[6] communities
> about deprecating client certificate authentication. In those threads,
>
> I don't quite mind if is removed, as long as there would be a
> replacement that a
On Wed, September 9, 2015 09:42, Simon Josefsson wrote:
> Moritz Mühlenhoff writes:
>
>> Russ Allbery schrieb:
>>> Simon Josefsson writes:
>>>
Is there any reason (other than lack of manpower) that GNU IceCat is
not
packaged in Debian?
>>>
>>> I suspect it's mostly just resources,
On Mon, January 19, 2015 10:14, Paul Wise wrote:
> On Mon, Jan 19, 2015 at 5:03 PM, Tomas Pospisek wrote:
>
>> But isn't subscribing participants "natural"? Posting to a bug report
>> means participation and thus you'd get the follow-ups. Why would you
>> post to a bug report if you aren't interest
On Sat, November 8, 2014 17:09, Jonathan McDowell wrote:
> We had hoped to be down to a small number of special cases to deal with
> by this point, but with the numbers still looking this bad we're not
> yet at a stage where we can work out appropriate next steps for those
> special cases.
In the
Hi Ian,
On Thu, September 25, 2014 17:29, Ian Jackson wrote:
> I have prepared bash packages which do not honour any shell functions
> they find in the environment. IMO that is a crazy feature, which
> ought to be disabled. (I'm running this on chiark now and nothing has
> visibly broken yet.)
All,
The 'rapt-file' tool shipped in apt-file uses dde.debian.net to query for
filenames, obviating the need to download Contents files before you can
search. Unfortunately, dde.debian.net is down and we, the apt-file
maintainers, got reports that therefore, rapt-file has become useless.
I've tal
On Sun, July 20, 2014 21:34, Steve Langasek wrote:
> Because it's not an improvement to the service; it's a change that makes
> the *service* to Debian developers worse, for political reasons.
I don't agree that it gets worse or that it is for political reasons, but
even if it were, it being polit
On Sun, July 20, 2014 08:15, Wouter Verhelst wrote:
> Op zaterdag 19 juli 2014 22:54:47 schreef u:
>> > Please note that there remain cases where accessing HTTPS is difficult
>> > or impossible. One of these (but by no means the only one) is the
>> > current release of debian-installer: the wget im
On Wed, July 16, 2014 13:05, Harald Dunkel wrote:
> On 07/16/14 12:35, Thijs Kinkhorst wrote:
>> As it turns out, this package got removed because it has an unfixed
>> release critical bug (which interestingly enough you yourself reported).
>> When this bug is fixed, the pa
On Wed, July 16, 2014 12:17, Harald Dunkel wrote:
> how comes that network-manager-strongswan has been dropped
> from testing? This package is extremely important for road-
> warrior setups using IPsec.
You can find that out for any package on the PTS:
https://packages.qa.debian.org/n/network-mana
On Tue, July 1, 2014 17:35, Juliusz Chroboczek wrote:
>>> gentle persuasion [...] is more in line with point 4 of the Debian
>>> Social Contract than [...] bullying?
>
>> May I suggest that you treat others the way you want to be treated?
>
> I am not a Debian Developer. I am not bound by the Soci
On Tue, July 1, 2014 15:25, Juliusz Chroboczek wrote:
> 2. Could some kind soul explain to the systemd maintainers that gentle
> persuasion, while not always the most efficient way to take over the
> world, is more in line with point 4 of the Debian Social Contract
> than alternati
Hi Chris,
You raise a lot of broad concerns under the header "holes in secure apt" which
I'm afraid does not much to get us closer to a more secure Debian. Not many
people will object that making Debian even more secure is a bad idea; it just
needs concrete action, not a large list of potential
Hi Chris,
On Thu, June 12, 2014 01:06, Christoph Anton Mitterer wrote:
> reopen 749795
> stop
A better way would be to add more 'found' versions so the BTS version
tracking shows this bug as affecting stable.
> Anyone who believed in getting trusted sources might have been attacked
> with forged
Op dinsdag 13 mei 2014 19:36:35 schreef Thorsten Glaser:
> Thijs Kinkhorst dixit:
> >I could not agree more. In our enterprise environment, I have no
> >expectation at all that systemd will cause us significant trouble on
> >upgrades. Our troubles have centered things l
On Tue, May 13, 2014 18:03, Russ Allbery wrote:
>
>> The update to the first Debian stable release running systemd will most
>> probably be the most painful update Debian has ever had since switching
>> to glibc (which was well before I started using Linux).
>
> I highly doubt it.
>
>> We would be
On Mon, May 12, 2014 17:00, Clint Adams wrote:
> On Mon, May 12, 2014 at 10:02:35AM -0400, Barry Warsaw wrote:
>> I don't have time to work on Alioth, but JFTR, we (the GNU Mailman
>> development team) recently announced the first full-suite beta release
>> for Mailman 3. It's possible that even wi
On Tue, April 29, 2014 18:45, Russ Allbery wrote:
> Marko Randjelovic writes:
>
>> I added this:
>
>> "Debian policy should require that in every source package all security
>> packages should be clearly marked as such in standard and easily
>> parsable way with optional further references."
>
> I
>> On Fri, Mar 21, 2014 at 10:00:12PM +0100, Sandro Tosi wrote:
>>> I thought about it a bit, and i'm not sure it's an information every
>>> bug report should have. I suspect there are few packages which are
>>> directly impacted by the possible different init system Debian has,
I think it should
On Thu, January 30, 2014 08:20, Peter Palfrader wrote:
> On sparc, it's dies under load -- at least on smetana and spontini. Not
> on sompek and stadler though. schroeder and lebrun are also running
> squeeze kernels.
At work we've seen regular kernel panics when we upgraded two sparc
machines
On Wed, November 20, 2013 13:37, vita...@yourcmc.ru wrote:
>>> Is a Debian security update expected to come out for it?
>>
>> Yes. Nginx team has already submitted updated package to security team.
>
> Thanks for the information! I've actually found the bug stating this:
> http://bugs.debian.org/cg
On Sat, October 26, 2013 18:52, OndÅej Surý wrote:
>> The safe default is still to rely on the organizational DNS resolvers as
>> provided by DHCP or local manual configuration.
>
> we can adopt dnssec-trigger
> (https://www.nlnetlabs.nl/projects/dnssec-trigger/) for such scenarios.
I think it's
On Fri, October 25, 2013 15:09, Neil Williams wrote:
> I disagree that this is achievable as a single switch. Backports spring
> to mind, security updates too will have to retain support for the init
> system in use in stable currently where that support existed in the
> package being backported at
On Wed, October 16, 2013 10:56, Marc Haber wrote:
> On Tue, 15 Oct 2013 13:19:38 +0200, "Thijs Kinkhorst"
> wrote:
>>I'm missing why the package cannot use the EICAR test virus signature for
>>its purposes.
>
> eicar.com does not have a distributable license
On Wed, October 16, 2013 16:20, Hideki Yamane wrote:
> As dpkg introduced xz compression by default, we can make whole
> packages xz-ed now. I think it's worth to try, so propose it as
> a release goal (I know it should be sent before its dead line, but
> please read).
Because dpkg >=1.17.0 al
On Tue, October 15, 2013 14:09, Dominique Dumont wrote:
> In libmail-deliverystatus-bounceparser-perl case, the virus is used on the
> non-regressions test which are shipped in the original tarball (and in
> Debian *source* package). This virus is *not* shipped in Debian binary
> package.
I'm stil
On Tue, October 15, 2013 12:54, Dominik George wrote:
>> I looked into one of these, libmail-deliverystatus-bounceparser-
>> perl_1.531.orig.tar.gz, and found multipart email file containing zip
>> attachment. Inside this archive is a .pif file (PE32 executable for MS
>> Windows)
>> which is detect
On Sun, October 13, 2013 22:28, Jonathan Dowland wrote:
> As a Brit I guess I'm as surprised by people not knowing this as some US
> folks are when I don't have plans for the 4th July. The pleasures of an
> international project
Everyone will find the 5 December milestone easy to remember; perhaps
On Tue, August 20, 2013 19:40, Steve Langasek wrote:
> On Tue, Aug 20, 2013 at 06:35:08PM +0200, Pau Garcia i Quiles wrote:
>> IMHO that should be turned around: package maintainers should be the
>> ones responsible for updates and the Security Team should help with that
>> (e.g. by providing tips
On Thu, July 18, 2013 09:15, Thomas Goirand wrote:
>> - Fast startup
>
> I thought everyone claimed (including systemd supporters) that this was
> a "teenager side effect" which we didn't care much about.
Definitely not. Debian should care about fast boot a lot. Rebooting a
system, planned or not,
On Sun, July 14, 2013 21:19, Kevin Chadwick wrote:
> my care for Linux is diminishing daily.
> p.s. I haven't the time to talk about or even recollect a 20th of the
> problems that systemd poses
> P.s. whenever I hear someone talk about Linux and Modern it is simply
> proving to show that comment
On Sat, July 13, 2013 12:43, Colin Watson wrote:
> This isn't my normal field (although I did web server development in a
> previous job), and while I'd like to help out I certainly can't set up a
> team entirely on my own. Would module maintainers be interested in this
> kind of thing?
As a main
On Wed, July 10, 2013 16:03, Thomas Goirand wrote:
> Not sure who/where I should send this, or how I can update the policy
> manual myself,
I think you're looking for http://wiki.debian.org/Teams/Policy, which
describes the points of contact and the change process of Debian Policy.
Cheers,
Thijs
On Thu, June 27, 2013 22:16, Daniel Pocock wrote:
> On 27/06/13 21:44, Florian Weimer wrote:
>> * Daniel Pocock:
>>
>>> However, are such issues at the discretion of package maintainers and
>>> upstream, or is it useful to have a uniform Debian approach to
>>> cryptographic strength?
>>
>> Keep in
On Mon, June 17, 2013 18:03, Neil McGovern wrote:
> On Mon, Jun 17, 2013 at 05:17:32PM +0200, Christoph Berg wrote:
>> Re: Neil McGovern 2013-06-17 <20130617111457.gg22...@halon.org.uk>
>> > Given that the middle '0' was redundant, and we now do X.0 for all
>> > major releases, it was simply remove
On Wed, June 5, 2013 15:34, Bjoern Meier wrote:
>>> the upgrade from squeeze to wheezy, was not a clean one.
>>> I've had to install a package (some lib-gd-annoying.deb), that wasn't
>>> installed before and wasn't able to install because of some unresolved
>>> debs.
>>
>>
>> Honestly, what do you
On Wed, June 5, 2013 09:12, Lucas Nussbaum wrote:
> On 02/06/13 at 16:18 +0200, Didier 'OdyX' Raboud wrote:
>> Le dimanche, 2 juin 2013 15.54:31, Cyril Brulebois a écrit :
>> > Marcin Kulisz (02/06/2013):
>> > > Why not to use http://http.debian.net/ ?
>> >
>> > Surely the .net part of it?
>>
>> I
Hi Dennis,
On Thu, May 23, 2013 11:52, Dennis van Dok wrote:
> I'm running wheezy with some packages from unstable.
> The distro-info-data package in wheezy is outdated (0.11).
> Sid has version 0.16, which is updated. The README suggests to include
> wheezy-updates in the apt-sources, but there
On Tue, May 7, 2013 02:55, Christoph Anton Mitterer wrote:
> On Mon, 2013-05-06 at 14:59 -0600, Bob Proulx wrote:
>> > 1) We should try to educate users not to use mod_php.
>> If "Best Practices" such as this were documented such as on the Debian
>> wiki then it would go a long way to making this e
On Fri, May 3, 2013 15:09, Wouter Verhelst wrote:
>> > No, it's not. Source only uploads were banned many years ago, mainly
>> due
>> > to problems with maintainers not even build testing their packages.
> They do. They just ignore the issue; they can do that because it's a
> scalability issue tha
Hi Ian,
On Thu, April 4, 2013 12:27, ian_br...@fastmail.net wrote:
> It seems that Historical Revisionism, of the bad kind, is now in
> operation at Debian, in that critical commentary about unapplied patches
> is made to disappear down the memory hole, without leaving so much as a
> trace on the
Op zaterdag 2 maart 2013 02:36:32 schreef Russ Allbery:
> While I certainly don't want to discourage people from working on
> security-related bugs, note that security-related bugs don't block the
> release (because they can be dealt with via an advisory after the
> release). So if the goal is to
Package: wnpp
Severity: wishlist
Owner: Thijs Kinkhorst
* Package name: libapache2-mod-auth-mellon
Version : 0.6.0
Upstream Author : Feide RND, Uninett
* URL : http://code.google.com/p/modmellon/
* License : GPLv3
Programming Lang: C
Description : A
Package: wnpp
Severity: wishlist
Owner: Thijs Kinkhorst
* Package name: phpqrcode
Version : 1.1.4
Upstream Author : Dominik Dzienia
* URL : http://phpqrcode.sourceforge.net/
* License : LGPL
Programming Lang: PHP
Description : PHP library for
On Tue, December 25, 2012 23:53, Russ Allbery wrote:
> Thankfully, Debian provides a perfectly reasonable version numbering
> system (as, for that matter, does Apple), so all one has to do is remember
> to use it with the uninitiated. For example, our internal metrics on
> adoption and migration t
Hi Arno,
Thanks for this initiative. It seems like a useful guideline.
> * A previous NMU was not acknowledged, and at least another issue
> justifying another NMU is pending for /one month/ [5].
I was wondering what 'acknowledging an NMU' means nowadays. Of course, we
all used this term from th
On Mon, July 2, 2012 13:38, Silvio Cesare wrote:
> On Mon, Jul 2, 2012 at 8:27 PM, Bernd Zeimetz wrote:
>> The ia32-libs stuff are all false positives (assuming the package was
>> updated after the security fixes came out, I'm not 100% sure about that
>> :) And the openssl source is expected to c
On Sat, June 23, 2012 08:25, Russ Allbery wrote:
> Thomas Goirand writes:
>> On 06/23/2012 02:48 AM, Goswin von Brederlow wrote:
>
>>> The helpfull error messages and holding back packages would have to be
>>> ported to stable apt/aptitude to be any use for upgrades. And only
>>> people updating t
On Mon, June 11, 2012 20:11, Thomas Goirand wrote:
> On 06/12/2012 01:52 AM, Aron Xu wrote:
>> IMHO I suggest to talk with Security Team before disclosing
>> information that might be sensitive in the mean time on a Debian
>> development mailing list.
>>
> Could you explain to me what exactly I'm d
Hi Dennis,
On Mon, April 16, 2012 15:44, Dennis van Dok wrote:
> I would like to include the CA distribution of the IGTF
> (www.igtf.net), which is an international collaboration of CAs for use
> in the e-science communities (i.e. scientific grid computing & cloud
> computing).
> http://mentors.d
On Mon, March 5, 2012 08:40, Stefano Zacchiroli wrote:
> On Sun, Mar 04, 2012 at 10:59:39PM +, Ben Hutchings wrote:
>> Looking at the front page of http://www.debian-multimedia.org/ today,
>> I don't see a clear statement that it is unofficial.
> I also find disturbing that the website seeks f
On Thu, March 1, 2012 00:11, Patrick Matthaei wrote:
> Am 29.02.2012 23:57, schrieb Russ Allbery:
>> Patrick Matthaei writes:
>>
>>> I fully support the hardening goal.
>>> May it be an option to add lintian errors (also non-fatal errors on
>>> ftp-master side) about missing-hardening-build in the
On Wed, February 22, 2012 14:42, Stephan Seitz wrote:
> On Wed, Feb 22, 2012 at 03:24:47PM +0200, Riku Voipio wrote:
>>I have. Not on debian, but on debianish system with dash. And the result
>>was that shellscripts are indeed the bottleneck. We still did convert to
>
> I don't doubt it, but the qu
On Wed, February 15, 2012 16:40, Piotrek P wrote:
> Dear All,
> Please be aware that VMware ESX 3.5 is NOT supporting any of Debian as
> Guest OS.
> Please be aware that VMware ESXi 4.1 IS supporting Debian 4.0, 5.0 as
> Guest OS.
> Please be aware that VMware ESX 5.0 IS supporting Debian 4.0, 5.0,
On Wed, February 8, 2012 15:00, Thomas Goirand wrote:
> On 02/08/2012 12:50 AM, Filipus Klutiero wrote:
>> Thankfully there's a page being built to track problems in packages
>> that contain PHP code: http://wiki.debian.org/PHP/54Transition
>>
> This is very nice, but how come PHP Lint isn't in Deb
On Sun, February 5, 2012 03:16, Paul Wise wrote:
> On Sun, Feb 5, 2012 at 3:16 AM, OndÅej Surý wrote:
>
>> this is just a heads up that we will upload php version 5.4 into
>> unstable very soon. Â It is currently in RC phase and we spoke to PHP
>> upstream and both parties think this is a good id
On Mon, January 16, 2012 23:26, Paul Wise wrote:
>> I just wanted to ask how mature Package-format 3.0 (git) became until
>> now.
>
> It is not currently accepted by the Debian archive:
>
> http://bugs.debian.org/642801
My experience until now is that it's mature in dpkg. It does the job just
like
On Mon, June 6, 2011 12:09, Tollef Fog Heen wrote:
> ]] Sven Hoexter
>
> | On the other hand there are all these packages in stable with broken
> | Vcs fields now. Still not nice but assuming that most contributions
> | will be based on what's in unstable that might be bearable.
>
> What VCS fields
On Sat, June 4, 2011 07:45, Harald Dunkel wrote:
> Having 3+ packages within a single "main" repository is
> pretty bulky. Would it be possible to distinguish between
> the "core" Debian and "main" somehow?
>
> I don't want to keep anybody out. I just would like to use
> the core packages of De
On Wed, May 25, 2011 13:20, James Vega wrote:
> On Wed, May 25, 2011 at 12:46:11PM +0200, Bernd Zeimetz wrote:
>> On 05/24/2011 01:00 AM, Michael Biebl wrote:
>> > Am 23.05.2011 22:35, schrieb Roland Mas:
>> >> - anonymous read-only access to the repositories is available by HTTP
>> >> from wagne
On Mon, January 31, 2011 18:09, Christian PERRIER wrote:
> However, upstream's policy in their "stable" branches is alway to only
> fix "important" bugs (they don't call them this way...but the
> definition is fairly close to Debian's). So, *in the case of samba*, I
> can guarantee that the user's
On Mon, January 31, 2011 21:18, Martin Zobel-Helas wrote:
> a more theoretical question quite related to this:
>
> If one plans to have the key replaced in the keyring, and we have a
> fellow DD in the keyring who's only trust path to other Debian
> Developers goes via that key (this might become a
On Tue, November 23, 2010 10:58, Obey Arthur Liu wrote:
> The only reason the student who claimed the task contacted you is
> because your name is kind of all over the place on webpages related to
> UDD.
This is patently false as
http://www.google-melange.com/gci/task/show/google/gci2010/debian/t1
On moandei 24 Maaie 2010, Christian PERRIER wrote:
> yes, keeping lilo in the
> archive is a burden for some other people (security team,
I would like to correct the suggestion that the security team would oppose
keeping lilo in squeeze. There is currently no such objection, and in the past
the
Package: wnpp
Severity: wishlist
Owner: Thijs Kinkhorst
* Package name: ocs
Version : 2.1.2-1
Upstream Author : Public Knowledge Project
* URL : http://pkp.sfu.ca/?q=ocs
* License : GPL2 or later
Programming Lang: PHP
Description : Open Conference
Hi,
I'm looking for adopters or assistance with the following packages. As with
anyone there's a limit on the time I can(will) spend on Debian and I feel that
in making choices there, these packages are currently starving for attention.
* phpbb3. This needs some work to get the latest upstream
On Tue, November 10, 2009 04:46, Steve Langasek wrote:
> On Mon, Nov 09, 2009 at 07:48:49PM -0600, Raphael Geissert wrote:
>> As a person who has developed web apps and has had to deal with this my
>> opinion is to follow the specs and implement remedies in a best-effort
>> manner for those browse
On tiisdei 27 Oktober 2009, Joerg Jaspert wrote:
> we are turning on lintian based autorejects within the next few days.
> This means that packages failing a defined set of lintian tags will no
> longer be accepted into the archive, but get rejected immediately.
> This should help to get rid of the
On Tue, June 16, 2009 11:23, Reinhard Tartler wrote:
> "Thijs Kinkhorst" writes:
>
>
>> Hi Raphaël,
>>
>>
>> On Mon, June 15, 2009 18:12, Raphael Hertzog wrote:
>>
>>> please find below a first draft of DEP-3 that I called Patch Taggin
Hi Raphaël,
On Mon, June 15, 2009 18:12, Raphael Hertzog wrote:
> please find below a first draft of DEP-3 that I called Patch Tagging
> Guidelines. The idea is to standardize a set of meta-information to embed
> in patches that we apply. Please review, share your comments and ideas
> of enhancem
Package: wnpp
Severity: wishlist
Owner: Thijs Kinkhorst
* Package name: ttytter
Version : 0.9.5
Upstream Author : Cameron Kaiser <http://twitter.com/doctorlinguist>
* URL : http://www.floodgap.com/software/ttytter/
* License : Floodgap Free Software L
On moandei 9 Maart 2009, Pierre Habouzit wrote:
> Just looking at the packages requiring an inet superserver, you'll see that
> it's probably that nowadays users don't need a superserver at all[0].
>
> I'm wondering if making super servers become optionnal wouldn't be a worthy
> goal for squeeze.
On Mon, January 19, 2009 13:00, Noah Slater wrote:
> I have two separate, but related, questions not covered by policy:
>
> * If you are the only person mentioned in a changelog and you change your
> email address, when you do a new upload, is it okay to modify all of the
> old changelog entries t
On Mon, December 1, 2008 08:52, Thomas Viehmann wrote:
> Mind you, acknowledging the fact that someone else took the trouble of
> looking at your package might be an idea if you want to set an example
> instead of just demanding politeness.
So to conclude this thread, both sides could have done th
On Tuesday 7 October 2008 02:33, Charles Plessy wrote:
> as one of the maintainer of the packages affected by the mass bug filing
> named "The possibility of attack with the help of symlinks in some Debian
> packages", I would like to make a comment:
>
> Most of these bugs can only be exploited by
Hi Andreas,
On Mon, September 22, 2008 10:06, Andreas Tille wrote:
> I wonder what might be the apropriate implementation in Debian because
> I do not know that there is anything like a "password-protected cgi-bin
> directory". Has anybody solved a similar problem or is there some advise
> to do
On Friday 19 September 2008 20:31, Russ Allbery wrote:
> > In lenny we have none such packages that I know of. How about we start
> > to make policy when there's a real problem to be solved, and spend our
> > time fixing RC bugs meanwhile?
>
> Uh, I can name several that use that aspect of the GPL
On Fri, September 19, 2008 11:25, Michael Banck wrote:
> On Fri, Sep 19, 2008 at 01:58:03AM +0200, Florian Weimer wrote:
>
>> * Robert Lemmen:
>>
>>> still: can we make this a policy item?
>> The GPL version 2 permits it to display copyright notices and warranty
>> disclaimers, without being allow
On Sun, September 14, 2008 12:40, Frans Pop wrote:
> For those reasons I support the suggestion to change the priority of
> SeLinux back to optional.
> We can always discuss returning it to priority standard if/when SeLinux is
> really ready to be not only installed by default, but also activated
On Sunday 24 August 2008 22:00, Steve Langasek wrote:
> Please take responsibility for providing the missing information to the
> package maintainers, and for correcting the false positives that you've
> filed.
Yes, please. I think the only way the damage of this bad bug filing can be
mitigated i
On Monday 25 August 2008 07:16, Christian Perrier wrote:
> Quoting Steve Langasek ([EMAIL PROTECTED]):
> > This is far below the quality I expect from a mass bug filing that's been
> > reviewed by debian-devel. Mass bugfilings at RC severity need to be held
> > to
>
> Even though I overread the th
On Tuesday 15 July 2008 13:08, Lucas Nussbaum wrote:
> How/if we will support Xen in lenny is more a policy decision than a
> technical decision, even if it has important technical aspects.
>
> Even if it's not optimal, I agree with do-ocracy for technical
> decisions. However, using it for everyth
On Fri, June 13, 2008 17:29, Martín Ferrari wrote:
> Net-tools has been very useful for us during all this years, but we
> have a much more powerful and clean tool since years ago: iproute. Maybe
> it's time for us to drop net-tools altogether and just write the
> compatibility scripts as iproute w
On Thursday 15 May 2008 18:26, Martin Uecker wrote:
> Why not? A plane crash is a very rare incident. Still every single
> crash is investigated to make recommendations for their future
> avoidance.
Maybe that wasn't clear from my first mail, but I don't think that nothing can
be learned from thi
On Thursday 15 May 2008 16:47, Martin Uecker wrote:
> > You mean less likely than once in 15 years? We're open to your
> > suggestions.
>
> Something as bad as this might be rare, still, if something can be
> improved, it should.
>
> Upstream complained about the extensive Debian patching. I think
On Thursday 15 May 2008 14:04, Martin Uecker wrote:
> If I understand this correctly, this means that not only should keys
> generated with the broken ssl lib be considered compromised, but all
> keys which were potentially used to create DSA signatures by those
> broken libs.
>
> In this case, the
On Thursday 15 May 2008 11:24, Olivier Berger wrote:
> I guess openssh-blacklist is only available on stable/updates and not in
> testing/updates ... any reason why not ?
It is currently available in unstable; I have no doubt that the release
managers will push it into testing as soon as possible
On Sunday 11 May 2008 15:07, Raphael Hertzog wrote:
> The PTS add those headers to all mails that it forwards. So there's no
> need to change anything to scripts that only send mails through the PTS.
How would the PTS know to add a X-Debian: DEHS header to that mail, does it
have a list of all to
On Sunday 11 May 2008 00:56, Raphael Geissert wrote:
> Also for messages coming from other sources, i.e. dehs?
Yes, the idea is that such mails have uniform headers. There are no "other"
sources: it works best if every tool that sends automated mails to Debian
package maintainers uses those head
On Thursday 8 May 2008 00:14, Joerg Jaspert wrote:
> b. Every tool sending (machine generated) mail to Debian Developers
> should add a header of the form
>
> X-Debian: $TOOL
>
> and so clearly mark that it is an automagic generated mail by
> $TOOL. Every bit more information, like wh
Hi,
I've put my package phpgedview up for adoption. It's a web based genealogy
program that can import, display and edit files in the gedcom standard.
The package is in reasonable shape but I don't use it anymore. If you're
interested in maintaining it, please take it. If you need help or spons
On Saturday 26 April 2008 02:07, Don Armstrong wrote:
> On Sat, 26 Apr 2008, Paul Wise wrote:
> > I'd prefer the security team did not delay fixes at all by default.
> > Exceptions for specific maintainers, transitions or other reasons
> > are fine too of course.
>
> For stable and testing, I agree
On Tue, April 1, 2008 13:42, Lionel Elie Mamane wrote:
> On the more general issue of lzma-compresses packages, I find a 34MB
> RAM requirement quite hefty for general purpose use; that is, unless
> we restrict lzma compression to packages that wouldn't make sense on
> hardware with so little RAM a
On Tuesday 18 March 2008 23:59, Stefan Fritsch wrote:
> apt-file has quite a few open bugs. The maintainer of apt-file has
> been inactive for over 1,5 years and has not responded to my offer to
> adopt apt-file. Last maintainer upload was in April 2006 with two
> NMUs since then.
>
> I intent to h
On Sunday 16 March 2008 11:47, Steve Langasek wrote:
> The current binNMU numbering scheme was selected explicitly to allow
> security uploads to sort later by numbering as
> +; e.g., 1.2-5.1+etch1.
Ah, I wasn't aware of that (and no-one seems to be using it currently). The
release managers know
On Sunday 16 March 2008 00:52, Adam D. Barratt wrote:
> We're aware that the Developers Reference specifies that the latter
> format should be used, but it is problematic as -0.1 sorts before +b1
> and, as such, the NMU will not supersede any previous binNMUs of the
> same package version.
>
> Whil
On Mon, March 10, 2008 09:24, Steve Langasek wrote:
>> If you're opening a ticket for a security problem which is publicly
>> known, e.g. if it's announced on the project web site, please open a
>> ticket in the "Security" queue. These issues will be visible publicly.
>
> As far as I can see, this
1 - 100 of 247 matches
Mail list logo
