On Tue, 22 Nov 2005 21:41:21 +0100, Andreas Schuldei
<[EMAIL PROTECTED]> wrote:
>* Marc Haber <[EMAIL PROTECTED]> [2005-11-21 23:33:48]:
>> If the DPL team is actually addressing that issue, it is not doing so
>> transparently.
>
>That was on purpose. we thought that there was something to be
>lea
* Marc Brockschmidt:
> Today (or last night, whatever), the dak installation on ftp-master was
> changed to not accept packages that include more than 3 parts, which are
> usually the binary version and the compressed control and data
> tarballs. This means that signed binary packages are rejected
Package: wnpp
Severity: wishlist
Owner: "Krzysztof Krzyzaniak (eloy)" <[EMAIL PROTECTED]>
* Package name: libemail-valid-loose-perl
Version : 0.04
Upstream Author : Tatsuhiko Miyagawa <[EMAIL PROTECTED]>
* URL : http://search.cpan.org/~miyagawa/Email-Valid-Loose-0.04/
*
Em tim duoc dia chi cuu data cho anh roi, anh goi so may nay nhe: 04-
9875709, o do ho chuyen sua chua may vi tinh va chuyen cuu du lieu day. Day
la dia chi website cua ho: http://suachua.vnn.vn anh vao do xem truoc gia
ca cuu du lieu va dia chi cu the cua ho nhe.
--
To UNSUBSCRIBE, email to [
On Monday 21 November 2005 16:44, Goswin von Brederlow wrote:
> Frank Küster <[EMAIL PROTECTED]> writes:
> > Hi,
> >
> > on the debian-tetex-maint mailing list we often have problems to decide
> > which of the thousands of TeX input files should be treated as
> > configuration files - in principle,
Sent to debian-devel mailing list. BCC to Ola.
Am Dienstag, den 22.11.2005, 21:31 +0100 schrieb Daniel Leidert:
> Am Dienstag, den 22.11.2005, 12:54 +0100 schrieb Ola Lundqvist:
> > On Tue, Nov 22, 2005 at 02:54:15AM +0100, Daniel Leidert wrote:
[Creating an Ubuntu repository on a Debian system us
Gabor Gombas <[EMAIL PROTECTED]> writes:
> On Tue, Nov 22, 2005 at 09:48:53AM +0100, Goswin von Brederlow wrote:
>
>> Aparently yes. Menu seems to be smart enough for that, see other
>> mails. Bad example, sorry. But manpages certainly aren't.
>
> Well, being able to read the documentation (includ
Ricardo Mones <[EMAIL PROTECTED]> writes:
>| foo | foo-data
> -+--+-
> foo needs foo-data | Depends: foo-data| Suggests: foo
> -+--+--
just throwing a quick $0.02 in here,
On Wed, Nov 23, 2005 at 01:51:30PM +0100, Goswin von Brederlow wrote:
> > Well, being able to read the documentation (including the man page) of a
> > binary without requiring the binary to be installed is a good thing
> > IMHO. Especially for big and complex s
Steve Langasek <[EMAIL PROTECTED]> writes:
> On Tue, Nov 22, 2005 at 08:13:23AM -0600, Ken Bloom wrote:
>> Why not accept the AMD64 binaries, then dump the AMD64 binaries because
>> you don't know what to do with them, but accept the arch:all debs from
>> that upload?
>
> Why would ftp-master want
On Wed, Nov 23, 2005 at 11:06:32AM +0100, Krzysztof Krzyzaniak (eloy) wrote:
> * Package name: libemail-valid-loose-perl
> Version : 0.04
> Upstream Author : Tatsuhiko Miyagawa <[EMAIL PROTECTED]>
> * URL : http://search.cpan.org/~miyagawa/Email-Valid-Loose-0.04/
> * Lic
* Brian May ([EMAIL PROTECTED]) wrote:
> Are you saying you should bounce SPAM mail???
*I* don't bounce much of anything. Talk to Ian about wanting to
generate bounces, it wasn't my idea. What I want is for him to bounce
it himself if he feels it needs to be bounced, not make master do it.
No, I
Hi,
recently some changes have been made to the DAK, wanna-build and
buildds for binNMUs that probably went unnoticed to most developers.
And since binNMUs are rather uncommon you might not notice for the
longest time and then despair.
So heres a summary:
- buildds can recompile a source with a
I have also asked to be removed from 'Call Wave'. I
am also on Comcast broadband but my Visa card is still being
billed.
* Goswin von Brederlow ([EMAIL PROTECTED]) [051123 15:51]:
> - binNMU version scheme changed
>
> The developer reference _still_ states binNMU should be versioned as
> 1.2-3.0.1. The DAK will no longer accept this.
I am sorry that the developers reference is a bit lagging currently. Do
you ha
On Mon, Nov 21, 2005 at 06:22:37PM +, Ian Jackson wrote:
> > Note that it's often better to have a single script run many tests, so
> > you probably want to allow tests to pass back some summary information,
> > or include the last ten lines of its output or similar. Something like:
> > foo F
On Wed, Nov 23, 2005 at 11:33:47AM +0100, Florian Weimer wrote:
> * Marc Brockschmidt:
> > Today (or last night, whatever), the dak installation on ftp-master was
> > changed to not accept packages that include more than 3 parts, which are
> > usually the binary version and the compressed control a
* Marc Haber <[EMAIL PROTECTED]> [2005:11:23 11:07 +0100]:
> What are you trying to do instead? If you might have noticed, we have
> _just_ _another_ ftpmaster situation _right_ _now_, and from handling
> of #339686 by a member of the DPL team I don't get the impression that
> the DPL team actuall
On Tue, Nov 22, 2005 at 04:50:02PM +0100, Marc 'HE' Brockschmidt wrote:
> As I'm responsible for most of dpkg-sig's code (and planned to do some
> more work in the next two months) I'd like to know if anyone cares about
> using these binary signatures or if I can invest my time into something
> tha
On Wed, 23 Nov 2005 11:32:19 -0500, Erinn Clark
<[EMAIL PROTECTED]> wrote:
>* Marc Haber <[EMAIL PROTECTED]> [2005:11:23 11:07 +0100]:
>> What are you trying to do instead? If you might have noticed, we have
>> _just_ _another_ ftpmaster situation _right_ _now_, and from handling
>> of #339686 by
On Wed, 23 Nov 2005 17:34:41 +0100, Jeroen van Wolffelaar
<[EMAIL PROTECTED]> wrote:
>On Tue, Nov 22, 2005 at 04:50:02PM +0100, Marc 'HE' Brockschmidt wrote:
>> As I'm responsible for most of dpkg-sig's code (and planned to do some
>> more work in the next two months) I'd like to know if anyone car
* Marc Haber <[EMAIL PROTECTED]> [2005:11:23 18:40 +0100]:
> On Wed, 23 Nov 2005 17:34:41 +0100, Jeroen van Wolffelaar
> >Just to provide some statistics about dpkg-sig usage, as I got curious
> >about it too:
> >
> >In the archive, 525 out of 283283 .deb's are dpkg-sig'd (0.19%). There
> >are 8 d
I am moving this discussion to debian-devel, since I am not sure we are
really violating the Policy. Feel free to move it further to
debian-policy, if you think it is appropriate.
* Bastian Blank <[EMAIL PROTECTED]> [2005-11-23 13:18]:
> Package: octave2.9
> Version: 2.9.4-6
> Severity: serious
On Tue, Nov 22, 2005 at 04:50:02PM +0100, Marc 'HE' Brockschmidt wrote:
> As I'm responsible for most of dpkg-sig's code (and planned to do some
> more work in the next two months) I'd like to know if anyone cares about
> using these binary signatures or if I can invest my time into something
> tha
On Wed, 23 Nov 2005, Marc Haber wrote:
> >In the archive, 525 out of 283283 .deb's are dpkg-sig'd (0.19%). There
> >are 8 distinct keys used for those 525 .deb's, seven of which correspond
> >to DD's[1].
>
> So, most of the DD's do not care about security at all. Why does
> Debian have a reputatio
On Wed, 23 Nov 2005, Marc Haber wrote:
> Sorry. #340306.
Hmm... wasn't the situation around this bug cleared up in another d-devel
thread no more than two or three days ago, and a fix already commited to
CVS?
--
"One disk to rule them all, One disk to find them. One disk to bring
them all an
On 11/23/05, Marc Haber <[EMAIL PROTECTED]> wrote:
> >In the archive, 525 out of 283283 .deb's are dpkg-sig'd (0.19%). There
> >are 8 distinct keys used for those 525 .deb's, seven of which correspond
> >to DD's[1].
>
> So, most of the DD's do not care about security at all. Why does
> Debian have
On Thu, 24 Nov 2005, Anthony Towns wrote:
> Personally, I think it's cryptographic snake oil, at least in so far
A signed deb has a seal of procedence and allows one to track the path it
made through the system, and who changed it. It ties a non-trustable
timestamp to every singed step in that pa
Marc Haber writes:
> So, most of the DD's do not care about security at all.
I think that DD's do not use dpkg-sig and debsigs because they believe them
to be hard to use and not supported by the infrastructure or by policy.
--
John Hasler
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a s
On Wed, 23 Nov 2005, Jeroen van Wolffelaar wrote:
> In the archive, 525 out of 283283 .deb's are dpkg-sig'd (0.19%). There
> are 8 distinct keys used for those 525 .deb's, seven of which correspond
> to DD's[1].
>
> I'm not going to interpret these numbers, as it's close to impossible to
> do so o
On Wed, 23 Nov 2005, Goswin von Brederlow wrote:
> - buildds can recompile a source with a binNMU version
We were told about this, although I can't recall if the proper channel
(d-d-a) was used.
Would you consider posting your message to debian-devel-announce, please?
That's where such extremely
Olaf van der Spek writes:
> Security is more than package signatures.
What is your specific proposal?
--
John Hasler
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
On Wed, 23 Nov 2005, John Hasler wrote:
> Olaf van der Spek writes:
> > Security is more than package signatures.
>
> What is your specific proposal?
Don't go there, or at least start another thread to do so. Olaf is correct,
signed packages are not enough and we have reharsed that discursion a l
On 11/23/05, John Hasler <[EMAIL PROTECTED]> wrote:
> Olaf van der Spek writes:
> > Security is more than package signatures.
>
> What is your specific proposal?
I don't have one. But I don't see how that's relevant.
sean finney <[EMAIL PROTECTED]> writes:
> just throwing a quick $0.02 in here,
>
> On Wed, Nov 23, 2005 at 01:51:30PM +0100, Goswin von Brederlow wrote:
>> > Well, being able to read the documentation (including the man page) of a
>> > binary without requiring the binary to be installed is a good
Matthew Grant wrote:
Hi teRHe!
One of my dreams for the last 4 years has been to help the Bangladesh IT
industry expand and be enhanced by IT workers having the opportunity to
join us, and also to enhance Bangla language support in Linux.
Thanks for your interest and great effort!
I GPG
This one time, at band camp, Rafael Laboissiere said:
> I am moving this discussion to debian-devel, since I am not sure we
> are really violating the Policy. Feel free to move it further to
> debian-policy, if you think it is appropriate.
FWIW, Rafael, at first blush I have to say I agree with y
Andreas Barth <[EMAIL PROTECTED]> writes:
> * Goswin von Brederlow ([EMAIL PROTECTED]) [051123 15:51]:
>> - binNMU version scheme changed
>>
>> The developer reference _still_ states binNMU should be versioned as
>> 1.2-3.0.1. The DAK will no longer accept this.
>
> I am sorry that the develo
[Henrique de Moraes Holschuh]
> Hmm... wasn't the situation around this bug cleared up in another
> d-devel thread no more than two or three days ago, and a fix already
> commited to CVS?
That's what I thought. But the bug is still open. And jvw's reasoning
that it is OK for ftp.debian.org to c
Henrique de Moraes Holschuh <[EMAIL PROTECTED]> writes:
> On Wed, 23 Nov 2005, Goswin von Brederlow wrote:
>> - buildds can recompile a source with a binNMU version
>
> We were told about this, although I can't recall if the proper channel
> (d-d-a) was used.
>
> Would you consider posting your me
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Package: wnpp
Severity: wishlist
Owner: Mattias Nordstrom <[EMAIL PROTECTED]>
* Package name: libming
Version : 0.3beta1+cvs20050827
Upstream Author : Dave <[EMAIL PROTECTED]>
* URL : http://ming.sf.net/
* License
Anthony Towns writes:
> On Wed, Nov 23, 2005 at 11:33:47AM +0100, Florian Weimer wrote:
>> * Marc Brockschmidt:
>> > Today (or last night, whatever), the dak installation on ftp-master was
>> > changed to not accept packages that include more than 3 parts, which are
>> > usually the binary versio
Marc Haber <[EMAIL PROTECTED]> wrote:
> What are you trying to do instead? If you might have noticed, we have
> _just_ _another_ ftpmaster situation _right_ _now_, and from handling
> of #339686 by a member of the DPL team I don't get the impression that
> the DPL team actually cares.
(#340306)
Let me just make the suggestion to better use reprepro.
MfG
Goswin
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Goswin von Brederlow <[EMAIL PROTECTED]> wrote:
> Use 2: I have this Ubuntu CD and want to know which debs are from
>debian and which got recompiled
>
> Look for all debs that have a deb signature of the debian archive
> (to be added to dinstall at some point).
The answer is "all of
[Erinn Clark]
> Yet just today you filed a bug (#340403) for documentation to be
> included in the package since you were unable to explain dpkg-sig's
> strengths. How is it possible for you to claim something is more secure
> when you don't understand it well enough to say how it's different?
Th
[Goswin von Brederlow]
> > Use 2: I have this Ubuntu CD and want to know which debs are from
> >debian and which got recompiled
> >
> > Look for all debs that have a deb signature of the debian archive
> > (to be added to dinstall at some point).
[Matthew Garrett]
> The answer is "
On Wed, 23 Nov 2005 16:14:47 -0200, Henrique de Moraes Holschuh
<[EMAIL PROTECTED]> wrote:
>On Wed, 23 Nov 2005, Marc Haber wrote:
>> Sorry. #340306.
>
>Hmm... wasn't the situation around this bug cleared up in another d-devel
>thread no more than two or three days ago, and a fix already commited t
On Wed, 23 Nov 2005 17:03:51 -0200, Henrique de Moraes Holschuh
<[EMAIL PROTECTED]> wrote:
>This doesn't mean that signed packages are useless, far from it.
They are useless at the moment. They cannot be uploaded.
Greetings
Marc
--
-- !! No courtesy copies, p
On Wed, 23 Nov 2005 12:11:20 -0600, John Hasler <[EMAIL PROTECTED]>
wrote:
>Marc Haber writes:
>> So, most of the DD's do not care about security at all.
>
>I think that DD's do not use dpkg-sig and debsigs because they believe them
>to be hard to use and not supported by the infrastructure or by p
On Wed, 23 Nov 2005 12:09:34 -0600 (CST), Adam Heath
<[EMAIL PROTECTED]> wrote:
>There's been no push. No default. No message saying that it's acceptable and
>wanted to sign debs.
So Debian doesn't care about security. If we did, we would have an
official message saying so. Why do we have the re
On Wed, 23 Nov 2005 12:58:12 -0500, Erinn Clark
<[EMAIL PROTECTED]> wrote:
>* Marc Haber <[EMAIL PROTECTED]> [2005:11:23 18:40 +0100]:
>> On Wed, 23 Nov 2005 17:34:41 +0100, Jeroen van Wolffelaar
>> >Just to provide some statistics about dpkg-sig usage, as I got curious
>> >about it too:
>> >
>> >
On Wed, Nov 23, 2005 at 09:18:40PM +0100, Goswin von Brederlow wrote:
> Use 2: I have this Ubuntu CD and want to know which debs are from
>debian and which got recompiled
>
> Look for all debs that have a deb signature of the debian archive
> (to be added to dinstall at some point).
I
Jeroen van Wolffelaar <[EMAIL PROTECTED]> writes:
> On Tue, Nov 22, 2005 at 04:50:02PM +0100, Marc 'HE' Brockschmidt wrote:
>> As I'm responsible for most of dpkg-sig's code (and planned to do some
>> more work in the next two months) I'd like to know if anyone cares about
>> using these binary sig
On Wed, 2005-11-23 at 18:16 +1000, Anthony Towns wrote:
> On Mon, Nov 21, 2005 at 06:22:37PM +, Ian Jackson wrote:
> > > Note that it's often better to have a single script run many tests, so
> > > you probably want to allow tests to pass back some summary information,
> > > or include the last
I wrote:
> I think that DD's do not use dpkg-sig and debsigs because they believe
> them to be hard to use and not supported by the infrastructure or by
> policy.
Marc Haber writes:
> dpkg-sig is harly "hard to use".
Please re-read what I wrote.
--
John Hasler
--
To UNSUBSCRIBE, email to [EM
On Tue, Nov 22, 2005 at 04:50:02PM +0100, Marc 'HE' Brockschmidt wrote:
> I'd like to know if anyone cares about using these binary signatures
Before your mail I was completely unaware of the existence of dpkg-sig.
Now that I know it, I care about it and would like to start uploading my
packages d
* John Hasler <[EMAIL PROTECTED]> [051123 19:11]:
> > So, most of the DD's do not care about security at all.
> I think that DD's do not use dpkg-sig and debsigs because they believe them
> to be hard to use and not supported by the infrastructure or by policy.
... or not even know about them. I
Peter Samuelson <[EMAIL PROTECTED]> wrote:
> [Goswin von Brederlow]
>> > Use 2: I have this Ubuntu CD and want to know which debs are from
>> >debian and which got recompiled
>> >=20
>> > Look for all debs that have a deb signature of the debian archive
>> > (to be added to dinstall a
==
Bellacopia.com - Il servizio italiano online di stesura e revisione testi
==
Grazie per averci scritto. Sara' nostra cura rispondervi al piu' presto.
Matt Zimmerman <[EMAIL PROTECTED]> writes:
> On Wed, Nov 23, 2005 at 09:18:40PM +0100, Goswin von Brederlow wrote:
>> Use 2: I have this Ubuntu CD and want to know which debs are from
>>debian and which got recompiled
>>
>> Look for all debs that have a deb signature of the debian archi
Marc 'HE' Brockschmidt <[EMAIL PROTECTED]> writes:
> Jeroen van Wolffelaar <[EMAIL PROTECTED]> writes:
>> On Tue, Nov 22, 2005 at 04:50:02PM +0100, Marc 'HE' Brockschmidt wrote:
>>> As I'm responsible for most of dpkg-sig's code (and planned to do some
>>> more work in the next two months) I'd lik
Stefano Zacchiroli <[EMAIL PROTECTED]> writes:
> On Tue, Nov 22, 2005 at 04:50:02PM +0100, Marc 'HE' Brockschmidt wrote:
>> I'd like to know if anyone cares about using these binary signatures
>
> Before your mail I was completely unaware of the existence of dpkg-sig.
> Now that I know it, I care
On Thu, Nov 24, 2005 at 02:08:17AM +1000, Anthony Towns wrote:
> On Wed, Nov 23, 2005 at 11:33:47AM +0100, Florian Weimer wrote:
> > * Marc Brockschmidt:
> > > Today (or last night, whatever), the dak installation on ftp-master was
> > > changed to not accept packages that include more than 3 parts
I know that subscribing to a bug can be done by sending an email to
[EMAIL PROTECTED] I would like to know if there is a way to
find the number of people subscribed to the bug nnn? This could be
useful for eg., to see how important a given bug actually is, how many
people are worried by it etc.
Stefano Zacchiroli <[EMAIL PROTECTED]> writes:
[...]
> I will fill a whishlist bugreport against debuild to support dpkg-sig
> side by side with debuild.
There is already #247825. #247824 is the wishlist bug for
dpkg-buildpackage support.
Marc
--
BOFH #105:#247824
UPS interrupted the server's po
On Wed, Nov 23, 2005 at 10:52:52PM +0100, Marc Haber wrote:
> On Wed, 23 Nov 2005 12:09:34 -0600 (CST), Adam Heath
> <[EMAIL PROTECTED]> wrote:
> >There's been no push. No default. No message saying that it's acceptable
> >and
> >wanted to sign debs.
> So Debian doesn't care about security. If
If any Debian developers or prospective developers would like to have
their GPG keys signed, I will probably be in Bangalore next month.
The keysigning will probably be at the Bangalore LUG meeting, but other
arrangements can be made. Email me.
http://linux-bangalore.org/blug/meetings/
Forw
* Marc Haber [Wed, 23 Nov 2005 18:38:15 +0100]:
> I confused these bugs because in the discussion, somebody used #339686
> to show that I am doing a job as bad as Mr. Troup.
10:18 Zugschlus: so. how'd you'd feel if I said that #339686 was
a deliberate attempt on your part to consci
On Wed, Nov 23, 2005 at 03:50:11PM +0100, Goswin von Brederlow wrote:
> If you NEED to do a manual binNMU it is probably best to use sbuild
> (the cvs, not deb)
Patches for the Debian package are welcome, of course.
Michael
--
Michael Banck
Debian Developer
[EMAIL PROTECTED]
http://www.ad
Scripsit Steve Langasek <[EMAIL PROTECTED]>
> * Don't use other *-config tools.
> While many libraries these days use pkg-config, there are also other
> libs which ship their own tools for querying library and header include
> paths, libs needed for linking, etc. The problem is that all of these
On Wed, 23 Nov 2005, kamaraju kusumanchi wrote:
> I know that subscribing to a bug can be done by sending an email to
> [EMAIL PROTECTED] I would like to know if there is a
> way to find the number of people subscribed to the bug nnn? This
> could be useful for eg., to see how important a given bug
Stephen Gran wrote:
> This one time, at band camp, Rafael Laboissiere said:
> > I am moving this discussion to debian-devel, since I am not sure we
> > are really violating the Policy. Feel free to move it further to
> > debian-policy, if you think it is appropriate.
>
> FWIW, Rafael, at first bl
Marc Haber wrote:
[snip]
> > How is it possible for you to claim something is more secure
> >when you don't understand it well enough to say how it's different?
>
> Well, even if I know naught about it, it looks to me that having
> something signed is better than having the same something not sign
> "Marc" == Marc 'HE' Brockschmidt <[EMAIL PROTECTED]> writes:
Marc> Brian May <[EMAIL PROTECTED]> writes:
>>> I've never seen dpkg-sig mentioned before, only debsigs,
>>> so I'm not familiar with the tool itself, but the concept
>>> is one that needs a lot more exposure.
>
Re: Steve Langasek in <[EMAIL PROTECTED]>
> If you maintain a package that's affected by this issue, you can help
> today; there's no need to wait until your package is hit by a library
> transition to make the changes described above. Indeed, for packages
> which depend on libfreetype6, it's impo
On Wed, Nov 23, 2005 at 04:37:05PM -0200, Henrique de Moraes Holschuh wrote:
> On Thu, 24 Nov 2005, Anthony Towns wrote:
> > Personally, I think it's cryptographic snake oil, at least in so far
> A signed deb has a seal of procedence and allows one to track the path it
> made through the system, an
On Thu, Nov 24, 2005 at 12:38:37AM +0100, Goswin von Brederlow wrote:
> > I know this is a contrived use case, but Ubuntu doesn't use any .debs from
> > Debian.
> One could prove that. :)
No, one couldn't -- the signatures could just be removed from the debs,
no recompilation needed.
Cheers,
aj
On Thu, Nov 24, 2005 at 09:09:21AM +1100, Matthew Palmer wrote:
> 2) A signature from dinstall saying "this package was installed in the
> Debian archive" would provide a means of automatic "assurance" of the source
> of a binary package, when I'm putting together custom CDs or package repos.
You
On Wed, Nov 23, 2005 at 09:18:40PM +0100, Goswin von Brederlow wrote:
> Use 1: I have this deb in my apt-move mirror and I want to know if it
>was compromised on yesterdays breakin
> Boot a clean system with debian keyring and check all deb
> signatures.
Find some don't pass because th
On Thu, Nov 24, 2005 at 11:54:33AM +1000, Anthony Towns wrote:
> On Wed, Nov 23, 2005 at 04:37:05PM -0200, Henrique de Moraes Holschuh wrote:
> > On Thu, 24 Nov 2005, Anthony Towns wrote:
> > > Personally, I think it's cryptographic snake oil, at least in so far
> > A signed deb has a seal of proce
Hi,
Where can I go to discover it's status?
Thanks
--
-
Ron Johnson, Jr.
Jefferson, LA USA
"Take a drink, / and you'll sink, / to a state of pure
inebriation. / You'll be tanked, like the whole Irish nation."
Family Guy, Episode 2
On Thu, Nov 24, 2005 at 12:30:37PM +1000, Anthony Towns wrote:
> On Thu, Nov 24, 2005 at 09:09:21AM +1100, Matthew Palmer wrote:
> > 3) I can verify the provenance of a particular package in my own custom
> > repos at any time (did that come from Debian? Did someone build it
> > internally? What'
On Thu, Nov 24, 2005 at 02:31:22PM +1100, Matthew Palmer wrote:
> Then there's the opposite argument about "why not do that inside the .deb?".
Simple answers: unnecessary bloat, unwarranted feeling of security
leading to bad decisions.
Whenever anyone asks "how do you manage the keys", the answ
On Thu, 24 Nov 2005 11:54:33 +1000, Anthony Towns
wrote:
>On Wed, Nov 23, 2005 at 04:37:05PM -0200, Henrique de Moraes Holschuh wrote:
>> Not in a very useable form, and only for Debian packages uploaded to the
>> official Debian archive. This is hardly good enough.
>
>Uh, packages not uploaded t
Marc Haber <[EMAIL PROTECTED]> writes:
> What are you trying to do instead? If you might have noticed, we have
> _just_ _another_ ftpmaster situation _right_ _now_, and from handling
> of #339686 by a member of the DPL team I don't get the impression that
> the DPL team actually cares.
I can't un
Marc Haber <[EMAIL PROTECTED]> writes:
> According to the reports of another member of the ftp-master team, the
> situation was cleared up, but Mr. Troup re-enabled the check that
> breaks dpkg-sig on purpose after not being amused about HE's rant on
> here.
If this is accurate, it is not reasona
libgnutls-dev is a suitable substitute for libssl-dev when one wants
libssl.
However, libssl-dev provides *two* libraries; the other is libcrypto.
Is there a GPL-compatible replacement for the latter?
Thomas
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Troubl
On Thu, Nov 24, 2005 at 03:48:15PM +1000, Anthony Towns wrote:
> On Thu, Nov 24, 2005 at 02:31:22PM +1100, Matthew Palmer wrote:
> > I think the final judgment in this issue is going to come down to personal
> > taste and needs more than anything else.
>
> That's fine for personal repositories, it
On Wed, Nov 23, 2005 at 11:43:27PM -0800, Thomas Bushnell BSG wrote:
> libgnutls-dev is a suitable substitute for libssl-dev when one wants
> libssl.
> However, libssl-dev provides *two* libraries; the other is libcrypto.
> Is there a GPL-compatible replacement for the latter?
libgcrypt -- separ
90 matches
Mail list logo
