On Mon, Feb 14, 2011 at 11:36:55PM +, Roger Leigh wrote:
> sbuild, which does the job of building binary packages on our buildds,
> uses a built-in build-dependency resolver ("internal") to work out
> what packages need installing/removing in order to satisfy a package's
> Build-Depends and Bui
David Bremner writes:
> On Fri, 18 Feb 2011 21:18:38 -0600, Jonathan Nieder
> wrote:
>
>> None of the current Debian git maintainers seem to use emacs. This
>> means git's emacs support[1] does not get as much care as it deserves:
>> see for example bugs #611936, #611931, #611932, #611933, #61
On Fr, 18 Feb 2011, Daniel Leidert wrote:
> > [Added Associations]
> > x-scheme-handler/http=iceweasel.desktop;
> > x-scheme-handler/https=iceweasel.desktop;
>
> into $HOME/.local/share/applications/mimeapps.list.
YEAHHH!!! Finally someone who stepped forward and *explained* what to
do instead o
Joerg Jaspert wrote:
> until today our Release files included 3 Hashes for all their entries:
> MD5SUM, SHA1, SHA256. I just modified the code to no longer include
> MD5SUM in *all* newly generated Release files.
When will that affect Release files for stable? Next point release?
Because that unfo
On Sun, Feb 20, 2011 at 07:03:11PM +0100, Joerg Jaspert wrote:
> I additionally opened a bug with apt to add support for SHA512SUM, so
> we can start using them. As soon as that is possible I intend to drop
> SHA256 and end up with SHA1/SHA512 only.
Unfortunately, the algorithm used for the GnuPG
Package: wnpp
Severity: wishlist
Owner: "Michal Čihař"
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
* Package name: stardict-german-czech
Version : 20110201
Upstream Author : many contributors
* URL : http://cihar.com/software/slovnik
* License : GNU FDL
On 2011-02-21, Joey Hess wrote:
> Joerg Jaspert wrote:
>> until today our Release files included 3 Hashes for all their entries:
>> MD5SUM, SHA1, SHA256. I just modified the code to no longer include
>> MD5SUM in *all* newly generated Release files.
> When will that affect Release files for stable
Package: wnpp
Owner: Jonathan Yu
Severity: wishlist
X-Debbugs-CC: debian-devel@lists.debian.org,debian-p...@lists.debian.org
* Package name: libpoe-component-resolver-perl
Version : 0.910
Upstream Author : Rocco Caputo
* URL : http://search.cpan.org/dist/POE-Component
* Joerg Jaspert:
> I additionally opened a bug with apt to add support for SHA512SUM, so
> we can start using them. As soon as that is possible I intend to drop
> SHA256 and end up with SHA1/SHA512 only.
Please don't. I have more faith in SHA-256 than SHA-512.
--
To UNSUBSCRIBE, email to debi
On Mon, 21 Feb 2011 18:55:13 +0100, Florian Weimer wrote:
> * Joerg Jaspert:
>
> > I additionally opened a bug with apt to add support for SHA512SUM, so
> > we can start using them. As soon as that is possible I intend to drop
> > SHA256 and end up with SHA1/SHA512 only.
>
> Please don't. I have
On Mon, Feb 21, 2011 at 01:05:02PM -0500, Michael Gilbert wrote:
> What indications are there that SHA-512 is weak?
It might be worth approaching from a pragmatic perspective... why
generate SHA-512 checksums when you're only going to be signing a
SHA-256 digest of that list (that is unless you wa
>>> until today our Release files included 3 Hashes for all their entries:
>>> MD5SUM, SHA1, SHA256. I just modified the code to no longer include
>>> MD5SUM in *all* newly generated Release files.
>> When will that affect Release files for stable? Next point release?
>> Because that unfortunatly
On 12398 March 1977, Joey Hess wrote:
>> until today our Release files included 3 Hashes for all their entries:
>> MD5SUM, SHA1, SHA256. I just modified the code to no longer include
>> MD5SUM in *all* newly generated Release files.
> When will that affect Release files for stable? Next point rele
>> I additionally opened a bug with apt to add support for SHA512SUM, so
>> we can start using them. As soon as that is possible I intend to drop
>> SHA256 and end up with SHA1/SHA512 only.
> Unfortunately, the algorithm used for the GnuPG signatures (both in
> InRelease and Release.gpg) is SHA-1.
>> I additionally opened a bug with apt to add support for SHA512SUM, so
>> we can start using them. As soon as that is possible I intend to drop
>> SHA256 and end up with SHA1/SHA512 only.
> Please don't. I have more faith in SHA-256 than SHA-512.
Uhh, fine - why?
--
bye, Joerg
Well, it's 1 a
> It might be worth approaching from a pragmatic perspective... why
> generate SHA-512 checksums when you're only going to be signing a
> SHA-256 digest of that list (that is unless you want to alienate
> users of OpenPGP-compliant tools which don't implement optional
> algorithms). Is it because
On 2011-02-21, Joerg Jaspert wrote:
until today our Release files included 3 Hashes for all their entries:
MD5SUM, SHA1, SHA256. I just modified the code to no longer include
MD5SUM in *all* newly generated Release files.
>>> When will that affect Release files for stable? Next poin
On Mon, 2011-02-21 at 20:58 +0100, Joerg Jaspert wrote:
> >>> until today our Release files included 3 Hashes for all their entries:
> >>> MD5SUM, SHA1, SHA256. I just modified the code to no longer include
> >>> MD5SUM in *all* newly generated Release files.
> >> When will that affect Release file
* Joerg Jaspert:
>>> I additionally opened a bug with apt to add support for SHA512SUM, so
>>> we can start using them. As soon as that is possible I intend to drop
>>> SHA256 and end up with SHA1/SHA512 only.
>> Please don't. I have more faith in SHA-256 than SHA-512.
>
> Uhh, fine - why?
I thi
On Mon, Feb 21, 2011 at 09:13:51PM +0100, Joerg Jaspert wrote:
> Care to make a point for the gpg stuff around it within bug
> #612657?
Gladly! Restating and Cc'ing...
While I agree that moving away from SHA-1 is necessary, SHA-512 is
not part of the compatibility set according to the gpg(1) manp
Package: wnpp
Severity: wishlist
Owner: "Ernesto Hernández-Novich (USB)"
* Package name: libregexp-reggrp-perl
Version : 1.000
Upstream Author : Merten Falk
* URL : http://search.cpan.org/dist/Regexp-RegGrp/
* License : Artistic
Programming Lang: Perl
Des
>> >>> until today our Release files included 3 Hashes for all their entries:
>> >>> MD5SUM, SHA1, SHA256. I just modified the code to no longer include
>> >>> MD5SUM in *all* newly generated Release files.
>> >> When will that affect Release files for stable? Next point release?
>> >> Because that
I additionally opened a bug with apt to add support for SHA512SUM, so
we can start using them. As soon as that is possible I intend to drop
SHA256 and end up with SHA1/SHA512 only.
>>> Please don't. I have more faith in SHA-256 than SHA-512.
>> Uhh, fine - why?
> I think this questi
Joerg Jaspert wrote:
> Yep. debmirror, reprepro, debootstrap and cdebootstrap seem to be the
> tools that can't deal with this. The latter two are serious enough to
> keep the change away from oldstable forever, and stable at least until
> after next point release, should they get updated there.
I
On 2011-02-21, Joey Hess wrote:
>
> --qMm9M+Fa2AknHoGS
> Content-Type: text/plain; charset=us-ascii
> Content-Disposition: inline
> Content-Transfer-Encoding: quoted-printable
>
> Joerg Jaspert wrote:
>> Yep. debmirror, reprepro, debootstrap and cdebootstrap seem to be the
>> tools that can't deal
#include
* Joey Hess [Mon, Feb 21 2011, 05:32:00PM]:
> Joerg Jaspert wrote:
> > Yep. debmirror, reprepro, debootstrap and cdebootstrap seem to be the
> > tools that can't deal with this. The latter two are serious enough to
> > keep the change away from oldstable forever, and stable at least until
On 02/21/2011 09:05 PM, Joerg Jaspert wrote:
> On 12398 March 1977, Joey Hess wrote:
>
>>> until today our Release files included 3 Hashes for all their entries:
>>> MD5SUM, SHA1, SHA256. I just modified the code to no longer include
>>> MD5SUM in *all* newly generated Release files.
>> When will
Package: wnpp
Severity: wishlist
Owner: "Damien Raude-Morvan"
* Package name: landside
Version : 0.8.2
Upstream Author : Adam Zapletal
* URL : https://github.com/adamzap/landslide
* License : Apache-2.0
Programming Lang: Python
Description : tool to gen
>> Also, it seems like the Releases file is already including sha1 and
>> sha256 for all the d-i files.
> Nope. Those Release files in debian-installer subdir are just stubs and
> don't contain checksum information. And there was nothing for
> installer-$ARCH subdirs and the image files therein. In
[explicit BCC to Roger]
Hi everyone, Roger,
Roger Leigh has filed a few bug reports related to how the buildd's resolver
(either internal or any of the new ones: apt{,itude}) and I'm not sure I quiet
agree.
Let's take for example the one filed against php5 [#614413]:
[...]
> Severity: importan
Thank you for the additional information you have supplied regarding
this Bug report.
This is an automatically generated reply to let you know your message
has been received.
Your message is being forwarded to the package maintainers and other
interested parties for their attention; they will rep
Robert Edmonds wrote:
> i'd like to get some feedback on whether i should implement some changes
> in the unbound debian packaging:
i'm also looking into building the python bindings for libunbound.
unfortunately upstream uses autotools / libtool to build and link the
python module, which results
On Mon, Feb 21, 2011 at 3:05 PM, Joerg Jaspert wrote:
> On 12398 March 1977, Joey Hess wrote:
>
>>> until today our Release files included 3 Hashes for all their entries:
>>> MD5SUM, SHA1, SHA256. I just modified the code to no longer include
>>> MD5SUM in *all* newly generated Release files.
>> Wh
Package: wnpp
Severity: wishlist
Owner: NIIBE Yutaka
* Package name: libgit2
Version : 0.3.0
Upstream Author : Vicent Mart«¿
* URL : http://libgit2.github.com/
* License : GPL2 with linking exemption
Programming Lang: C
Description : Git core methods
34 matches
Mail list logo
