Hi
Dne Thu, 19 Jun 2014 12:26:48 +0200
Adrien CLERC napsal(a):
> Le 19/06/2014 11:38, Ondřej Surý a écrit :
> > List of affected maintainers follows:
> >
> > Loic Minier
> >evolution-data-server (U)
> >rpm (U)
> >
> I am just a simple user of rpm. Yes, I use rpm for inspecting,
> debugg
Package: wnpp
Severity: wishlist
Owner: Andreas Tille
* Package name: r-cran-gsl
Version : 1.9-10
Upstream Author : Robin K. S. Hankin
* URL : http://cran.r-project.org/web/packages/gsl/
* License : GPL
Programming Lang: R
Description : GNU R wrapper f
On 22/06/2014 11:47, Christian Hofstaedtler wrote:
> update-alternatives gives the user a choice,
My remark is not directly related to this problem (perhaps, in fact)
but update-alternatives does *not* give the user a choice.
It give the *admin* a choice.
You must be root to run update-alternative
Package: wnpp
Severity: wishlist
Owner: Andreas Tille
* Package name: r-cran-randomfields
Version : 3.0.10
Upstream Author : Martin Schlather
* URL : http://cran.r-project.org/web/packages/RandomFields/
* License : GPL
Programming Lang: R
Description :
Package: wnpp
Severity: wishlist
Owner: Russell Stuart
* Package name: python-spyne
Version : 2.10.10
Upstream Author : Burak Arslan
* URL : http://spyne.io/
* License : LGPL
Programming Lang: Python
Description : Python RPC library for HttpRpc, SOAP,
Package: wnpp
Severity: wishlist
Owner: Russell Stuart
* Package name: python-fdb
Version : 1.4
Upstream Author : Pavel Cisar
* URL : https://pypi.python.org/pypi/fdb/
* License : BSD
Programming Lang: C, Python
Description : Python DB-API driver for F
* Christoph Anton Mitterer , 2014-06-22, 04:34:
There are a few mechanisms to mitigate downgrade attacks within the
archive:
* Valid-Until fields in the Release files;
I still think the time spans are far too long here...
For the record, the validity periods currently are:
unstable, experime
On 2014-06-23 13:42, Jakub Wilk wrote:
* Christoph Anton Mitterer , 2014-06-22, 04:34:
There are a few mechanisms to mitigate downgrade attacks within the
archive:
* Valid-Until fields in the Release files;
I still think the time spans are far too long here...
For the record, the validity pe
On Mon, 2014-06-23 at 08:58 +1000, Russell Stuart wrote:
> > Well first, AFAIK, there are no mirrors for the BTS... and then
> > securing something like BTS with OpenPGP is quite difficult.
> There is a straight forward solution to handling BTS messages. You just
> DKIM sign them with an appropri
On Mon, 2014-06-23 at 14:42 +0200, Jakub Wilk wrote:
> For the record, the validity periods currently are:
>
> unstable, experimental: 7 days
> testing: 7 days
>
> wheezy: no limit
> wheezy(-proposed)-updates: 7 days
> wheezy/updates at security.d.o: 10 days
> wheezy-backports: 7 days
>
> squee
For the interested:
On Mon, 2014-06-23 at 14:42 +0200, Jakub Wilk wrote:
> "reportbug ftp.debian.org" for unstable and experimental;
#752450
smime.p7s
Description: S/MIME cryptographic signature
* Adam D. Barratt , 2014-06-23, 14:24:
* Christoph Anton Mitterer , 2014-06-22, 04:34:
There are a few mechanisms to mitigate downgrade attacks within
the archive:
* Valid-Until fields in the Release files;
I still think the time spans are far too long here...
For the record, the validity pe
On Mon, 2014-06-23 at 17:26 +0200, Christoph Anton Mitterer wrote:
> Maybe my understanding of DKIM is too little... but I thought it would
> be only some technique to verify the authenticity of sender addresses?
DKIM, OpenPGP, X.509 - they are all the same thing with different names.
They all com
Hi,
Russell Stuart:
> This looks like pinning under another name to me. And quoting you
> above, in this very same email, you say pinning is too hard because you
> have to "hard code all the single Debian host certs in all programs that
> use TLS/SSL (or at least with Debian services)". And yet
On Tue, 2014-06-24 at 08:29 +0200, Matthias Urlichs wrote:
> The difference is that while pinning a bunch of certificates is indeed a
> lot of on-going work, pinning the CA cert used to sign these is not (set up
> the CA and install it into our software once, sign server certificates with
> that fo
15 matches
Mail list logo
