-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Fri, 18 Apr 2025 14:37:34 +0200
Debian Project Secretary - Kurt Roeckx wrote:
> - - -=-=-=-=-=- Don't Delete Anything Between These Lines =-=-=-=-=-=-=-=-
> 7066677e-e899-4143-af5e-710364fc2673
> [ ] Choice 1: Gianfranco Costamagna
> [ ] Choice
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Fri, 18 Apr 2025 14:37:34 +0200
Debian Project Secretary - Kurt Roeckx wrote:
>
> - - -=-=-=-=-=- Don't Delete Anything Between These Lines
> =-=-=-=-=-=-=-=- 7066677e-e899-4143-af5e-710364fc2673
> [ ] Choice 1: Gianfranco Costamagna
> [ ] Choi
On Fri, 18 Apr 2025 14:37:34 +0200
Debian Project Secretary - Kurt Roeckx wrote:
> - - -=-=-=-=-=- Don't Delete Anything Between These Lines
> =-=-=-=-=-=-=-=- 7066677e-e899-4143-af5e-710364fc2673
> [ ] Choice 1: Gianfranco Costamagna
> [ ] Choice 2: Julian Andres Klode
> [1] Choice 3: Andreas Ti
On Sat, Apr 12, 2025 at 09:09:25AM +0200, Debian Project Secretary - Kurt
Roeckx wrote:
> - - -=-=-=-=-=- Don't Delete Anything Between These Lines =-=-=-=-=-=-=-=-
> 7066677e-e899-4143-af5e-710364fc2673
> [2] Choice 1: Gianfranco Costamagna
> [2] Choice 2: Julian Andres Klode
> [1] Choice 3: Andr
On 09.03.25 17:45, Marco d'Itri wrote:
On Mar 09, Matthias Urlichs wrote:
My "build me a Debian image" script has been doing that for two years now,
simply by moving /var/lib/dpkg to /usr/state/dpkg and bind-mounting it back
onto /var/lib/dpkg (symlinking won't work).
How so? My /var/lib/dpkg
On Mar 09, Matthias Urlichs wrote:
> My "build me a Debian image" script has been doing that for two years now,
> simply by moving /var/lib/dpkg to /usr/state/dpkg and bind-mounting it back
> onto /var/lib/dpkg (symlinking won't work).
How so? My /var/lib/dpkg has been a symlink for a very long t
Hello,
On Thu 27 Feb 2025 at 06:11pm +09, Charles Plessy wrote:
> Le Thu, Feb 27, 2025 at 03:02:08PM +0800, Sean Whitton a écrit :
>>
>> Packages that already install programs to /usr/games, where another
>> package installs a program of the same with different functionality
>> to a d
* Charles Plessy [250227 10:12]:
> Le Thu, Feb 27, 2025 at 03:02:08PM +0800, Sean Whitton a écrit :
> >
> > Packages that already install programs to /usr/games, where another
> > package installs a program of the same with different functionality
> > to a different directory on the d
On Thu, Feb 27, 2025 at 06:11:52PM +0900, Charles Plessy wrote:
> > Packages that already install programs to /usr/games, where another
> > package installs a program of the same with different functionality
> > to a different directory on the default PATH, may continue to do so.
>
> H
Le Thu, Feb 27, 2025 at 03:02:08PM +0800, Sean Whitton a écrit :
>
> Packages that already install programs to /usr/games, where another
> package installs a program of the same with different functionality
> to a different directory on the default PATH, may continue to do so.
Hi Sean
Am 20.02.25 um 11:13 schrieb Vincent Lefevre:
Hi,
On 2025-02-20 17:51:40 +0800, Sean Whitton wrote:
I just pushed version 4.7.1.0 of the Debian Policy Manual and related
documents to the binary-NEW queue for sid.
Below you will find the significant normative changes from the
previously-announce
On 17414 March 1977, Mo Zhou wrote:
1. Let LLM answer the NM templates (maybe with debian policy or debian
developer reference in context) and see the percentage of questions
that can be answered correctly. Even if I don't do it, maybe new DD
applicants will.
And those who actually do this sho
Hi Mo,
thanks again for your posts,
I was just thinking that the debian-mentors list could be a good target
for summarisation too: it is high traffic, email subject lines are
focused on what to upload, but discussions are focused on
problem-solving, thus some intersting tips & trick will be easy
Hi folks,
On 11/9/24 01:26, DebGPT wrote:
This is an experiment, by letting LLM go through all 369 emails from
debian-devel on Oct.
I received lots of feedbacks from the experiments, from positive ones
to negative ones. It wasn't discouraging to see negative feedbacks since
that is usually wha
lu...@debian.org wrote:
>
>While hallucinating too much, LLMs can still correctly
>teach me how to use urwid (which I could never understand by going
>through their tutorial many times...).
>That leads to the `debgpt config` TUI configuration wizard.
>
>Any suggestion on a place where I can safely
Hello,
On Sun 10 Nov 2024 at 08:24am GMT, Holger Levsen wrote:
> On Sun, Nov 10, 2024 at 08:48:21AM +0900, Charles Plessy wrote:
>> Our mailing lists were a ground-breaking technological avance in the
>> past that would open Debian to the whole World, but now are they not
>> working exactly again
At 2024-11-10T11:21:43+, Richard Lewis wrote:
> > The tone can change: http://paste.debian.net/1335055/
> > LLMs are being improved rapidly over time.
> >
> > I guess it's due to some potential safety issues so that LLM uses a
> > dull corporate tone by default.
>
> I think it's slightly misdi
Hi,
On Sun, Nov 10, 2024 at 08:24:19AM GMT, Holger Levsen wrote:
> On Sun, Nov 10, 2024 at 08:48:21AM +0900, Charles Plessy wrote:
> > Our mailing lists were a ground-breaking technological avance in the
> > past that would open Debian to the whole World, but now are they not
> > working exactly a
Mo Zhou writes:
> The tone can change: http://paste.debian.net/1335055/
> LLMs are being improved rapidly over time.
>
> I guess it's due to some potential safety issues so that LLM uses a dull
> corporate tone by default.
I think it's slightly misdiagnosed here. to me, it comes accross as
"tedi
On Sun, Nov 10, 2024 at 08:48:21AM +0900, Charles Plessy wrote:
> Our mailing lists were a ground-breaking technological avance in the
> past that would open Debian to the whole World, but now are they not
> working exactly against that?
first: citation needed.
second: summaries written by applie
Hi Charles,
On 11/9/24 15:48, Charles Plessy wrote:
Thanks a lot Mo for this exciting experiment!
And having two ex-DPLs pressing the big red stop button is not
necessarly a bad sign in an ageing project. Often you will see ideas
rejected in a very dismissive if not insulting way (for example
Thanks a lot Mo for this exciting experiment!
And having two ex-DPLs pressing the big red stop button is not
necessarly a bad sign in an ageing project. Often you will see ideas
rejected in a very dismissive if not insulting way (for example
source-only uploads or HTTPS URLs in /etc/apt/sources.l
At 2024-11-09T14:46:45-0800, Mo Zhou wrote:
> The tone can change: http://paste.debian.net/1335055/
I recognize a different style there...
> LLMs are being improved rapidly over time.
...but I'm not sure I would call the new example an improvement. With
all those exclamation marks it seems more
The tone can change: http://paste.debian.net/1335055/
LLMs are being improved rapidly over time.
I guess it's due to some potential safety issues so that LLM uses a dull
corporate tone by default. Those models should have been trained on
different tones, as long as we instruct it to use them.
On
At 2024-11-09T21:44:40+, Steve McIntyre wrote:
> Please, no further. We don't need hallucinated summaries on our
> lists. If you want to publish them, publish them somewhere separately
> IMHO.
Oh, good--since it's not a CoC violation to express an unflattering
opinion of this experiment, did a
lu...@debian.org wrote:
>I just realized that the news report could be more useful if it cites
>the information source. Here we go:
>
>debgpt -Hx ldo:debian-devel/2024/10 -a 'write a news report based on the
>provided information. Cover as many topics as possible. You may expand a
>little bit on
On Sat Nov 9, 2024 at 10:00 PM CET, Mo Zhou wrote:
> I just realized that the news report could be more useful if it cites
> the information source. Here we go:
thanks! the links are really key, given the known hallucination issues of LLMs
signature.asc
Description: PGP signature
I just realized that the news report could be more useful if it cites
the information source. Here we go:
debgpt -Hx ldo:debian-devel/2024/10 -a 'write a news report based on the
provided information. Cover as many topics as possible. You may expand a
little bit on important matter. include lin
The LLM I used to produce that exact news report was gpt-4o-mini,
from openai. ChatGPT is the name of openai's LLM web interface and
its underlying LLM model name could change. It took roughly 3
minutes to perform the bulk API calls.
That said, I basically implemented support for all commonly see
On 2024-11-09 14:19:53 +0100 (+0100), PICCA Frederic-Emmanuel wrote:
> is it via ChatGPT or an llm self hosted ?
[...]
It's DebGPT: https://salsa.debian.org/deeplearning-team/debgpt
--
Jeremy Stanley
signature.asc
Description: PGP signature
is it via ChatGPT or an llm self hosted ?
Can we imagine having a Debian hosted computer with and AMD GPU dedicated to
this use case ?
Se should provide these summaries letter for most of our mailing list :)
cheers
Fred
- Le 9 Nov 24, à 14:09, Hector Oron zu...@debian.org a écrit :
> Hel
Hello Lumin,
El sáb, 9 nov 2024 a las 10:27, DebGPT () escribió:
>
> This is an experiment, by letting LLM go through all 369 emails from
> debian-devel on Oct. The command for producing the news report
> is included below. Use debgpt's git HEAD if you want to try.
First time I see this kind of e
* M Hickford [241109 12:45]:
> On Mon, 1 Apr 2024 at 21:42, M Hickford wrote:
> >
> > Hi. It'd be great to package Git credential helper
> > git-credential-libsecret in Debian. There's a patch prepared, but it
> > needs the attention of a Debian developer. Is anyone here able to
> > help? https:
On Mon, 1 Apr 2024 at 21:42, M Hickford wrote:
>
> Hi. It'd be great to package Git credential helper
> git-credential-libsecret in Debian. There's a patch prepared, but it
> needs the attention of a Debian developer. Is anyone here able to
> help? https://bugs.debian.org/cgi-bin/bugreport.cgi?bu
On Sat, 26 Oct 2024 at 21:45:15 +, Daniel Markstedt wrote:
> The autopkgtest docs suggest that by putting a file in a particular
> directory would have it picked up as a test artifact for the CI job.
Yes. During your test, the name of that directory is given by the
environment variable AUTOPKG
Hello: I've been trying to use Debian to revive my ASUS C100P Chromebook.
The couple of efforts I've seen like Prawn OS make it hard to enable Wifi
and seem to have gone dormant.
Are there any other possibilities?
I can not claim to be a skilled programmer so am seeking an easily
installed packa
Hi.
This turned out to be a non-issue. vzlogger creates a system user. So
this only affects the projects backport to buster.
Thanks for the answers, they helped me understanding this.
Joachim
Hi Joachim,
Le 2024-10-05 17:21, Joachim Zobel a écrit :
> Hi.
>
> Debian policy 9.2.1 says: "When maintainers choose a new hardcoded or
> dynamically generated username for packages to use, they should start
> this username with an underscore." By now this requires an
>
> adduser --allow-bad-n
On Sat, Oct 05, 2024 at 05:21:10PM +0200, Joachim Zobel wrote:
> Debian policy 9.2.1 says: "When maintainers choose a new hardcoded or
> dynamically generated username for packages to use, they should start
> this username with an underscore." By now this requires an
>
> adduser --allow-bad-names
On 2024-10-05 Joachim Zobel wrote:
> Debian policy 9.2.1 says: "When maintainers choose a new hardcoded or
> dynamically generated username for packages to use, they should start
> this username with an underscore." By now this requires an
> adduser --allow-bad-names
> in the script creating th
[Dropping CC to the upstream mailing list.]
On Fri, Sep 27, 2024 at 04:56:21PM +0700, Arnaud Rebillout wrote:
> On 30/08/2024 17:11, Colin Watson wrote:
> > This is now implemented in Debian unstable. I called the packages
> > openssh-client-gssapi and openssh-server-gssapi, with the intention of
On 30/08/2024 17:11, Colin Watson wrote:
This is now implemented in Debian unstable. I called the packages
openssh-client-gssapi and openssh-server-gssapi, with the intention of
splitting out both GSS-API authentication and key exchange support
later: that is, in trixie+1 I intend to build opens
Excellent - this substantially reduces the amount of pre-authentication
attack surface exposed on your users' sshd by default.
On Fri, 30 Aug 2024, Colin Watson wrote:
> On Tue, Apr 02, 2024 at 01:30:11AM +0100, Colin Watson wrote:
> > * for Debian trixie (current testing):
> >
> >* add dep
On Tue, Apr 02, 2024 at 01:30:11AM +0100, Colin Watson wrote:
> * for Debian trixie (current testing):
>
>* add dependency-only packages called something like
> openssh-client-gsskex and openssh-server-gsskex, depending on their
> non-gsskex alternatives
>* add NEWS.Debian entry
Hi,
On Mon, May 27, 2024 at 8:07 PM Leandro Cunha wrote:
>
> Hi,
>
> On Fri, May 24, 2024 at 10:28 PM Otto Kekäläinen wrote:
> >
> > Hi!
> >
> > So just to clarify, are you saying that a copy of
> > https://security.debian.org/debian-security/dists/buster/ will never
> > be archived at https://a
On 8/23/24 00:24, lina wrote:
Hi,
During the Debian (stable) installation on Macbook pro from 2019,
my internal keyboard is not recognizable even I exhausted all possible
keyboard options listed during
dpkg-reconfiguration keyboard-configuration
# more /etc/default/keyboard
# KEYBOARD CONF
Hello Ansgar,
Am Sat, Mar 23, 2024 at 09:30:49AM +0100 schrieb Ansgar 🙀:
> Debian 10 "buster" has moved to archive.debian.org in order to free
> space on the main mirror network. We plan to start removing files for
> non-LTS architectures in about two weeks; the existing Release files
> will then
On Fri, 2024-08-23 at 09:24 +0200, lina wrote:
> Hi,
>
> During the Debian (stable) installation on Macbook pro from 2019,
Installation problems should generally be reported to the debian-boot
list.
> my internal keyboard is not recognizable even I exhausted all possible
> keyboard options liste
On Tue, 20 Aug 2024 09:04:59 +0100, Simon McVittie wrote:
> 3. a workflow where upstream/latest contains imported tarball snapshots
>*with* upstream git history merged in, most likely via upstream-vcs-tag
>(like src:glib2.0)
…
> I'm surprised the number your statistics give for (3.) is su
On Sat, Aug 24, 2024 at 2:06 AM Ahmed Siam wrote:
> On Sat, Aug 24, 2024 at 2:00 AM Ahmed Siam wrote:
> > On Sat, Aug 24, 2024 at 1:45 AM Ahmed Siam wrote:
> > > Perl pipeline run:
> > > - https://salsa.debian.org/ahmedsiam/perl/-/pipelines/719321
> This pipeline run from Nodejs shows a similar
On Sat, Aug 24, 2024 at 2:00 AM Ahmed Siam wrote:
>
> On Sat, Aug 24, 2024 at 1:45 AM Ahmed Siam wrote:
> >
> > On Sat, Aug 24, 2024 at 1:25 AM Jérémy Lal wrote:
> > > A bunch of packages I know (nodejs, receptor to name a few) have salsa CI
> > > failures, but no sbuild failures.
> > > It woul
On Sat, Aug 24, 2024 at 1:45 AM Ahmed Siam wrote:
>
> On Sat, Aug 24, 2024 at 1:25 AM Jérémy Lal wrote:
> > A bunch of packages I know (nodejs, receptor to name a few) have salsa CI
> > failures, but no sbuild failures.
> > It would be perfect if the build process was exactly the same.
>
> There
On Sat, Aug 24, 2024 at 1:25 AM Jérémy Lal wrote:
> A bunch of packages I know (nodejs, receptor to name a few) have salsa CI
> failures, but no sbuild failures.
> It would be perfect if the build process was exactly the same.
There is a work-in-progress MRs about using sbuild for building packa
Hi!
> And is this web page authoratative? Or just a false search positive?
>
> https://salsa.debian.org/salsa-ci-team/pipeline#basic-use
>
> It doesn't mention the "salsa" command at all, but maybe that isn't
> the right web page. This goes back to my observation that it would be
> helpful i
On Friday, 23 August 2024 02:24:44 CDT lina wrote:
> Hi,
>
> During the Debian (stable) installation on Macbook pro from 2019,
>
> my internal keyboard is not recognizable even I exhausted all possible
> keyboard options listed during
Hi,
I think this question would fit better on [debian-user].
Thanks, originally I posted on debian user, the only one who replied is
rather arrogant, I do not see the point to continue that thread,
I probably to start a new thread next time on debian-user, thanks again,
lina
On Fri, Aug 23, 2024 at 10:05 AM Piper McCorkle wrote:
> On Friday, 23 August 202
On Mon, 19 Aug 2024 at 22:42:53 -0700, Otto Kekäläinen wrote:
> ## How many packages have a 'upstream-vcs-tag' and what is it typically?
Unlike most of the other questions you asked and answered (thanks!) we
should never expect this to be consistent, because it isn't Debian's
decision: it's upstre
Hi!
## How many source packages are in Debian unstable as of today?
± zgrep "^Package: " Sources.gz | wc -l
38199
## How many source packages have a gbp.conf?
± ls -1 *_gbp.conf | wc -l
13570
(24629 do not have it)
## What is the most popular 'debian-branch'?
Note! The Sources.gz used to anal
For those playing along at home...
On 19/08/2024 14:53, Stuart Prescott wrote:
url=$(curl -s
https://sources.debian.org/api/src/zzuf/0.15-4/debian/gbp.conf/ | jq -r
.raw_url)
The API URL should obviously be
https://sources.debian.org/api/src/$pkg/latest/debian/gbp.conf/
and cu
Hi Otto
Getting the list of source packages with a particular file in them can
be done by apt-file (see "--index-names dsc").
sources.debian.org can provide single files - you need an API call to
find the correct URL for the file first. I don't know if the service
admins would get upset at 1
Quoting Otto Kekäläinen (2024-08-19 03:45:37)
> I tried to use codesearch.debian.net to find out how many packages have a
> debian/gbp.conf but it seems it can't be used to simply list packages that
> have a specific file, it always also needs a search terms to look up inside
> the file.
>
> With
On Jul 28, Phil Wyett wrote:
> As DebConf24 starts I am going to put in another request for DDs with some
> spare time to review and possibly upload to Debian packages that have been
> submitted to Debian Mentors and have passed sanity checking/tests.
Can we have this become a regular message, ma
Hi,
On Fri, May 24, 2024 at 10:28 PM Otto Kekäläinen wrote:
>
> Hi!
>
> So just to clarify, are you saying that a copy of
> https://security.debian.org/debian-security/dists/buster/ will never
> be archived at https://archive.debian.org/debian-security/dists/ like
> previous releases have been so
Hi!
So just to clarify, are you saying that a copy of
https://security.debian.org/debian-security/dists/buster/ will never
be archived at https://archive.debian.org/debian-security/dists/ like
previous releases have been so far?
This is not about getting *new security updates*, but purely a
quest
Hi Otto,
In Buster's case, it would be becoming an ELTS soon and would have to use
Freexian's repositories. It would no longer be the security team with DLAs
that would take care of CVEs for ELTS, but the Frexian team.
So much so that if I look at the links below I didn't find anything (about
sec
On Sat, 23 Mar 2024 at 01:32, Ansgar 🙀 wrote:
>
> Hi,
>
> Debian 10 "buster" has moved to archive.debian.org in order to free
> space on the main mirror network. We plan to start removing files for
> non-LTS architectures in about two weeks; the existing Release files
> will then refer to no long
On Fri, Apr 19, 2024 at 07:59:19AM +0100, Sean Whitton wrote:
> Hello Go and Rust packagers,
>
> On Thu 18 Apr 2024 at 11:29pm +03, Maytham Alsudany wrote:
>
> > With the increasing amount of programs in Debian that Build-Depend and
> > statically link with Golang and Rust libraries, it's importa
On Fri, 19 Apr 2024 10:09:26 +0200
José Luis González González wrote:
> On Fri, 19 Apr 2024 09:59:57 +0200
> José Luis González González wrote:
>
> > On Fri, 19 Apr 2024 09:39:02 +0200
> > José Luis González González wrote:
> >
> > > Good day,
> > >
> > > There's an issue with the dash packa
You've written a lot of text here in a few mails, replying to yourself
several times. This is not a positive pattern.
On Fri, Apr 19, 2024 at 11:58:18AM +0200, José Luis González González wrote:
>> There are similar issues with boa and dhttpd, and it seems Apache is going
>> that way.
>
>nvi a
On Fri, 19 Apr 2024 10:09:26 +0200
José Luis González González wrote:
> On Fri, 19 Apr 2024 09:59:57 +0200
> José Luis González González wrote:
>
> > On Fri, 19 Apr 2024 09:39:02 +0200
> > José Luis González González wrote:
> >
> > > Good day,
> > >
> > > There's an issue with the dash packa
On Fri, 19 Apr 2024 09:59:57 +0200
José Luis González González wrote:
> On Fri, 19 Apr 2024 09:39:02 +0200
> José Luis González González wrote:
>
> > Good day,
> >
> > There's an issue with the dash package and maintainer, and mutt as well.
> >
> > I even tried to reach dash maintainer privat
Hello Go and Rust packagers,
On Thu 18 Apr 2024 at 11:29pm +03, Maytham Alsudany wrote:
> With the increasing amount of programs in Debian that Build-Depend and
> statically link with Golang and Rust libraries, it's important that
> the Debian Policy clearly sets out the requirements for declarin
Please do it yourself by following the instructions here:
https://lists.debian.org/debian-devel/
Maycon Antônio wrote on 08/04/2024 at 17:44:20+0200:
> Please cancel my name from this list, thank you.
>
> On Sun, 7 Apr 2024 at 12:32, Sean Whitton wrote:
>>
>> Hello everyone,
>>
>> I just pushed
Please cancel my name from this list, thank you.
On Sun, 7 Apr 2024 at 12:32, Sean Whitton wrote:
>
> Hello everyone,
>
> I just pushed version 4.7.0.0 of the Debian Policy Manual and related
> documents to sid. Below you will find the significant normative changes
> from the previously-announce
On Apr 07, Bernd Zeimetz wrote:
> There are more than enough ways to keep the entries based on dns
> records in your l3 firewalls uptodate, I can't see how this should
> warrant to keep yet another patch Jan^WMarco.
Not for the form *.domain.tld.
--
ciao,
Marco
signature.asc
Description: PGP
On Tue, 2024-04-02 at 12:04 +0200, Marco d'Itri wrote:
> On Apr 02, Colin Watson wrote:
>
> > At the time, denyhosts was popular, but it was removed from Debian
> > several years ago. I remember that, when I dealt with that on my
> > own
> > systems, fail2ban seemed like the obvious replacement,
On Sun, 7 Apr 2024 15:18:57 +0200
José Luis González wrote:
> I found the report now. It's #1036799.
Yes, it looks like a temporary server issue. And you're sending via gmail now.
But again, what do you expect a package maintainer to do? It's upstream where
bugs get fixed.
Your subject is wron
On Sun, 7 Apr 2024 13:26:49 +0200
José Luis González wrote:
> The maintainer accumulates a lot of bugs for the package, doesn't take
> care about almost all, and when I filed a RC bug because the package
> became unusable to me he downgraded severity to important claiming it
> was just a Gmail is
In days of yore (Sun, 07 Apr 2024), José Luis González thus quoth:
> Hi,
>
> Debian 12 was released with two Release Critical bugs I filed on May
> 20th 2023 (#1036424 and #1036388) on Sylpheed about issues that I
> found on stable, and remain, with Debian 12 released later on June 10th
> 2023.
On Apr 07, José Luis González wrote:
> I want to know why Debian 12 was released with those two Sylpheed RC
> bags, report the incident to you all, know what to do with the
> maintainer and kindly request that someone better at the job takes over
> Sylpheed maintainance, or otherwise I will becom
On Sat, Apr 06, 2024 at 01:46:28AM +0200, Debian Project Secretary - Kurt
Roeckx wrote:
> - - -=-=-=-=-=- Don't Delete Anything Between These Lines =-=-=-=-=-=-=-=-
> 9c605edd-40a5-469c-9489-cbf80ac05970
> [1] Choice 1: Andreas Tille
> [2] Choice 2: Sruthi Chandran
> [ ] Choice 3: None Of The Abov
On Thu, Apr 04, 2024 at 06:42:08PM -0300, Henrique de Moraes Holschuh wrote:
> If libwrap is bringing in complex libs, maybe we could reduce the
> attack surface on libwrap itself? It would be nice to have a variant
> that only links to the libc and that's it...
Yeah, that's https://bugs.debian.o
On Tue, Apr 2, 2024, at 07:04, Marco d'Itri wrote:
> On Apr 02, Colin Watson wrote:
>
>> At the time, denyhosts was popular, but it was removed from Debian
>> several years ago. I remember that, when I dealt with that on my own
>> systems, fail2ban seemed like the obvious replacement, and my impr
On Thu, 4 Apr 2024 13:25:04 +0200, Stephan Seitz
wrote:
>Am Di, Apr 02, 2024 at 13:30:43 +0200 schrieb Marc Haber:
>>from being vulnerable to the current xz-based attack. Just having to
>>dump an ALL: ALL into /etc/hosts.deny is vastly easier than having to
>>maintain a packet filter.
>
>Stupid qu
Florian Lohoff writes:
> These times have long gone and tcp wrapper as a security mechanism has
> lost its reliability, this is why people started moving away from tcp
> wrapper (which i think is a shame)
> I personally moved to nftables which is nearly as simple once you get
> your muscle memor
On Thu, Apr 04, 2024 at 01:32:11PM +0200, Marc Haber wrote:
> So you have dedicated packet filters on every machine you run, even if
> sshd is the only network-facing service?
on most machines and it was as simple as doing:
apt install ufw
ufw allow ssh
ufw enable
voila, done. rules configured l
On Thu, 4 Apr 2024 13:03:50 +0200, Florian Lohoff wrote:
>I personally moved to nftables which is nearly as simple once you get
>your muscle memory set.
So you have dedicated packet filters on every machine you run, even if
sshd is the only network-facing service?
Greetings
Marc
--
Am Di, Apr 02, 2024 at 13:30:43 +0200 schrieb Marc Haber:
from being vulnerable to the current xz-based attack. Just having to
dump an ALL: ALL into /etc/hosts.deny is vastly easier than having to
maintain a packet filter.
Stupid question, but if you put „ALL: ALL” into hosts.deny, couldn’t you
On Tue, Apr 02, 2024 at 01:30:43PM +0200, Marc Haber wrote:
> On Tue, 2 Apr 2024 01:30:10 +0100, Colin Watson
> wrote:
> >We carry a patch to restore support for TCP wrappers, which was dropped
> >in OpenSSH 6.7 (October 2014); see
> >https://lists.mindrot.org/pipermail/openssh-unix-dev/2014-April
On Wed, Apr 03, 2024 at 04:01:34PM -0400, Michael Stone wrote:
> To speed things up for those who really want it, perhaps make
> openssh-client/server dependency-only packages on
> openssh-client/server-nogss? People can choose the less-compatible version
> for this release if they want to, and the
On Tue, Apr 02, 2024 at 01:30:10AM +0100, Colin Watson wrote:
* add dependency-only packages called something like
openssh-client-gsskex and openssh-server-gsskex, depending on their
non-gsskex alternatives
* add NEWS.Debian entry saying that people need to install these
packages
On Wed, Apr 03, 2024 at 04:38:19PM +0200, Marc Haber wrote:
> On Wed, 03 Apr 2024 14:10:37 +0100, "Jonathan Dowland"
> wrote:
> >For you and fellow greybeards, perhaps: I'd be surprised if many people
> >younger than us have even heard of tcp wrappers. I don't think the
> >muscle memory of a dimin
On Wed, 03 Apr 2024 14:10:37 +0100, "Jonathan Dowland"
wrote:
>On Tue Apr 2, 2024 at 12:30 PM BST, Marc Haber wrote:
>> Please don't drop the mechanism that saved my¹ unstable installations
>> from being vulnerable to the current xz-based attack. Just having to
>> dump an ALL: ALL into /etc/hosts.
On Tue Apr 2, 2024 at 12:30 PM BST, Marc Haber wrote:
> Please don't drop the mechanism that saved my¹ unstable installations
> from being vulnerable to the current xz-based attack. Just having to
> dump an ALL: ALL into /etc/hosts.deny is vastly easier than having to
> maintain a packet filter.
F
Colin Watson writes:
> GSS-API key exchange
>
> However, OpenSSH upstream has long rejected it
> All the same, I'm aware that some people now depend on having this
> facility in Debian's main openssh package
> How does this rough plan sound?
>
> * for Debian trixie (curr
On Tue, 2 Apr 2024 01:30:10 +0100, Colin Watson
wrote:
>We carry a patch to restore support for TCP wrappers, which was dropped
>in OpenSSH 6.7 (October 2014); see
>https://lists.mindrot.org/pipermail/openssh-unix-dev/2014-April/032497.html
>and thread. That wasn't long before the Debian 8 (jessi
On Tue, Apr 02, 2024 at 12:04:26PM +0200, Marco d'Itri wrote:
> Yes, people. I object to removing TCP wrappers support since the patch
> is tiny and it supports use cases like DNS-based ACLs which cannot be
> supported by L3 firewalls.
I suspect OpenSSH upstream would also want me to point out t
On Apr 02, Colin Watson wrote:
> You could use a drop-in unit to wrap sshd in tcpd, as suggested by the
> Fedora wiki page? This would avoid exposing sshd's process space to
> libwrap and all the stuff it links to by default.
This would require to switch to socket activation of sshd, which is no
On Tue, Apr 02, 2024 at 12:04:26PM +0200, Marco d'Itri wrote:
> On Apr 02, Colin Watson wrote:
> > At the time, denyhosts was popular, but it was removed from Debian
> > several years ago. I remember that, when I dealt with that on my own
> > systems, fail2ban seemed like the obvious replacement,
On Tue, 2 Apr 2024 at 02:30, Colin Watson wrote:
>
> [I've CCed openssh-unix-dev for awareness, but set Mail-Followup-To to
> just debian-devel and debian-ssh to avoid potentially spamming them with
> a long discussion. If you choose to override this then that's your
> call, but please be mindful
1 - 100 of 5262 matches
Mail list logo
