On Tue, Apr 02, 2024 at 03:27:30AM +0200, Christoph Anton Mitterer wrote:
> Do you think it will be possible to have still only one `ssh`, `scp`,
> etc. command and that will just use extra GSSAPI stuff if installed and
> needed by a certain connection?
It would be technically possible to retain t
On Sun, Mar 31, 2024 at 12:39:55PM +0200, Johannes Schauer Marin Rodrigues
wrote:
In summary: would running unstable instead of bookworm let me find more bugs
than running bookworm with unstable chroots? For my specific work: yes,
absolutely. Am I upgrading from bookworm to unstable or at least
On Fri, Mar 29, 2024 at 09:09:45PM +0100, Sirius wrote:
Hi there,
This is quite actively discussed on Fedora lists.
https://www.openwall.com/lists/oss-security/2024/
https://www.openwall.com/lists/oss-security/2024/03/29/4
Worth taking a look if action need to be taken on Debian.
Speaking ab
On Apr 02, Colin Watson wrote:
> At the time, denyhosts was popular, but it was removed from Debian
> several years ago. I remember that, when I dealt with that on my own
> systems, fail2ban seemed like the obvious replacement, and my impression
> is that it's pretty widely used nowadays; it's v
On Tue, Apr 02, 2024 at 11:49:50AM +0200, Francesco P. Lovergine wrote:
> Speaking about that, I'm a simple guy: how can anyone trust
> sources signed by an unsigned-gnupg-key committer (I mean both the
> actors of this tragically ridicolous drama)? In 2024. Really?
As opposed to sources not signed
On Tue, 2 Apr 2024 at 02:30, Colin Watson wrote:
>
> [I've CCed openssh-unix-dev for awareness, but set Mail-Followup-To to
> just debian-devel and debian-ssh to avoid potentially spamming them with
> a long discussion. If you choose to override this then that's your
> call, but please be mindful
On Tue, Apr 02, 2024 at 12:04:26PM +0200, Marco d'Itri wrote:
> On Apr 02, Colin Watson wrote:
> > At the time, denyhosts was popular, but it was removed from Debian
> > several years ago. I remember that, when I dealt with that on my own
> > systems, fail2ban seemed like the obvious replacement,
On Apr 02, Colin Watson wrote:
> You could use a drop-in unit to wrap sshd in tcpd, as suggested by the
> Fedora wiki page? This would avoid exposing sshd's process space to
> libwrap and all the stuff it links to by default.
This would require to switch to socket activation of sshd, which is no
On Tue, Apr 02, 2024 at 12:04:26PM +0200, Marco d'Itri wrote:
> Yes, people. I object to removing TCP wrappers support since the patch
> is tiny and it supports use cases like DNS-based ACLs which cannot be
> supported by L3 firewalls.
I suspect OpenSSH upstream would also want me to point out t
Bonjour ,
En tant qu’utilisateur de produit APPLE , j’utilise le gestionnaire de mot de
passe TROUSSEAU
Je me connecte épisodiquement sur un site de données biologiques de santé pour
lequel un mot de passe m’a été fourni . Ce mot de passe est déclaré faible par
le gestionnaire ; en tentant de l
On 4/2/24 15:03, Ghislain Pierrat wrote:
Bonjour ,
En tant qu’utilisateur de produit APPLE , j’utilise le gestionnaire de mot de
passe TROUSSEAU
Je me connecte épisodiquement sur un site de données biologiques de santé pour
lequel un mot de passe m’a été fourni . Ce mot de passe est déclaré fai
Hello
J’ai l’impression que vous vous êtes trompé de canal.
Cet outil a t’il un lien avec Debian ou packages annexes à Debian ??
On Tue 2 Apr 2024 at 13:30, Ghislain Pierrat wrote:
> Bonjour ,
> En tant qu’utilisateur de produit APPLE , j’utilise le gestionnaire de mot
> de passe TROUSSEAU
> Je
On Tue, 2 Apr 2024 01:30:10 +0100, Colin Watson
wrote:
>We carry a patch to restore support for TCP wrappers, which was dropped
>in OpenSSH 6.7 (October 2014); see
>https://lists.mindrot.org/pipermail/openssh-unix-dev/2014-April/032497.html
>and thread. That wasn't long before the Debian 8 (jessi
Hi,
On 2024-03-30 10:49, Jonathan Carter wrote:
> Another big question for me is whether I should really still
> package/upload/etc from an unstable machine.
I have been using unstable myself on most of my systems for the past
several years. There are many advantages, including being able to
actu
Colin Watson writes:
> GSS-API key exchange
>
> However, OpenSSH upstream has long rejected it
> All the same, I'm aware that some people now depend on having this
> facility in Debian's main openssh package
> How does this rough plan sound?
>
> * for Debian trixie (curr
On Mon, Apr 01, 2024 at 11:17:21AM -0400, Theodore Ts'o wrote:
> On Sat, Mar 30, 2024 at 08:44:36AM -0700, Russ Allbery wrote:
>...
> > Yes, perhaps it's time to switch to a different build system, although one
> > of the reasons I've personally been putting this off is that I do a lot of
> > featu
Package: wnpp
Severity: wishlist
Owner: Mark Hindley
X-Debbugs-Cc: debian-devel@lists.debian.org
* Package name: iwgtk
Version : 0.9
Upstream Contact: Jesse Lentz
* URL : https://github.com/J-Lentz/iwgtk
* License : GPL3+
Programming Lang: C
Description
Adrian Bunk writes:
> On Mon, Apr 01, 2024 at 11:17:21AM -0400, Theodore Ts'o wrote:
>> Yeah, that too. There are still people building e2fsprogs on AIX,
>> Solaris, and other legacy Unix systems, and I'd hate to break them, or
>> require a lot of pain for people who are building on MacPorts, et
On Mon, Apr 01, 2024 at 08:07:27PM +0200, Guillem Jover wrote:
>...
> On Sat, 2024-03-30 at 14:16:21 +0100, Guillem Jover wrote:
>...
> > This seems like a serious bug in autoreconf, but I've not checked if
> > this has been brought up upstream, and whether they consider it's
> > working as intende
On Tue, Apr 02, 2024 at 06:57:20PM +0300, Adrian Bunk wrote:
> On Mon, Apr 01, 2024 at 08:07:27PM +0200, Guillem Jover wrote:
> > On Sat, 2024-03-30 at 14:16:21 +0100, Guillem Jover wrote:
> > > This seems like a serious bug in autoreconf, but I've not checked if
> > > this has been brought up upst
On Tue, Apr 02, 2024 at 06:05:22PM +0100, Colin Watson wrote:
> On Tue, Apr 02, 2024 at 06:57:20PM +0300, Adrian Bunk wrote:
> > On Mon, Apr 01, 2024 at 08:07:27PM +0200, Guillem Jover wrote:
> > > On Sat, 2024-03-30 at 14:16:21 +0100, Guillem Jover wrote:
> > > > This seems like a serious bug in a
One missing piece for me in order to migrate to meson is the integration
between flymake and the autotools.
https://www.emacswiki.org/emacs/FlyMake#h5o-7
Andrey Rakhmatullin dijo [Mon, Apr 01, 2024 at 10:41:45PM +0500]:
> Why is updating the firmware packages not trivial? Is it because of
> licensing issues? I always thought it's just copying a bunch of files from
> the linux-firmware repo (but I also often wondered why is the package
> often not up
On 2024-04-02 11:05, Russ Allbery wrote:
Meson honestly sounds great, and I personally love the idea of using a
build system whose language is a bit more like Python, since I use that
language professionally anyway. (It would be nice if it *was* Python
rather than yet another ad hoc language, bu
On Tue, Apr 02, 2024 at 08:20:31PM +0300, Adrian Bunk wrote:
> On Tue, Apr 02, 2024 at 06:05:22PM +0100, Colin Watson wrote:
> > On Tue, Apr 02, 2024 at 06:57:20PM +0300, Adrian Bunk wrote:
> > > Does gnulib upstream support upgrading/downgrading the gnulib m4 files
> > > (like the one used in the
Le lundi, 1 avril 2024, 19.41:45 h CEST Andrey Rakhmatullin a écrit :
> Why is updating the firmware packages not trivial? Is it because of
> licensing issues? I always thought it's just copying a bunch of files from
> the linux-firmware repo (but I also often wondered why is the package
> often no
Package: wnpp
Severity: wishlist
Owner: Mike Gabriel
X-Debbugs-Cc: debian-devel@lists.debian.org
* Package name: quickflux
Version : 1.0.3+git
Upstream Contact: Ben Lau
* URL : https://github.com/benlau/quickflux
* License : Apache-2.0
Programming Lang: C++
Iustin Pop wrote on 01/04/2024 at 12:29:59+0200:
> On 2024-03-31 22:23:10, Arto Jantunen wrote:
>> Didier 'OdyX' Raboud writes:
>>
>> > Le dimanche, 31 mars 2024, 14.37:08 h CEST Pierre-Elliott Bécue a écrit :
>> >> I would object against creating a PGP key on the HSM itself. Not having
>> >>
PICCA Frederic-Emmanuel
writes:
> One missing piece for me in order to migrate to meson is the integration
> between flymake and the autotools.
>
> https://www.emacswiki.org/emacs/FlyMake#h5o-7
>
There is an unofficial Meson LSP[1]. Maybe it can be configured with
Eglot or lsp-mode.
--
Xiyue
On Tue, Apr 2, 2024 at 5:12 PM Pierre-Elliott Bécue wrote:
> If you have a master key on your laptop, when a yubikey is in, while
> running gpg --edit-key your_main_key, you can use the "addcardkey" to
> create a subkey on the Yubikey directly.
>
Yeah, seconded for sure. This is the configuratio
On 4/1/24 00:32, Stefano Rivera wrote:
So... for Python packages using setuptools-scm, we're pushed towards
depending on upstream-created source tarballs (sdists), rather than
upstream git archives, because we don't have the ".git" directory in our
source packages.
Hi Stefano,
Thanks for jumpi
On 3/30/24 08:02, Gioele Barabucci wrote:
For too many core packages there is an opaque "something happens on the
Debian maintainer laptop" step that has no place in 2024.
Let's replace this by an opaque "something happens on the Salsa CI".
Cheers,
Thomas Goirand (zigo)
Package: wnpp
Severity: wishlist
Owner: Chris Hofstaedtler
X-Debbugs-Cc: debian-devel@lists.debian.org
* Package name: wtmpdb
Version : 0.11.0
Upstream Contact: Thorsten Kukuk
* URL : https://github.com/thkukuk/wtmpdb
* License : BSD
Programming Lang: C
Des
Hi Thomas (2024.04.02_22:33:47_+)
> Anyways, on the 400+ packages that I maintain within the OpenStack team, I
> did come across some upstream using setuptools-scm. To my experience, using
> the:
>
> git archive --prefix=$(DEBPKGNAME)-$(VERSION)/ $(GIT_TAG) \
> | xz >../$(DEBPKGNAME)_$(V
Stefano Rivera writes:
> Then you haven't come across any that are using this mechanism to
> install data, yet. You're only seeing the version determination. You
> will, at some point run into this problem. It's getting more popular.
Yup, we use this mechanism heavily at work, since it avoids h
On 2024-04-03 00:33:47 +0200 (+0200), Thomas Goirand wrote:
[...]
> Also, sdists are *not* "upstream-created source tarballs". I
> consider the binary form built for PyPi. Just like we have .debs,
> PyPi has tarballs and wheels, rather than how you describe them.
[...]
Upstream in OpenStack we bel
On 2024-04-02 16:44:54 -0700 (-0700), Russ Allbery wrote:
[...]
> I think a shallow clone of depth 1 is sufficient, although that's not
> sufficient to get the correct version number from Git in all cases.
[...]
Some tools (python3-reno, for example) want to inspect the commits
and historical tags
Hello,
I'm going to keep this short, I've been writing a lot of text recently
(which is quite exhausting, on top of my dayjob and all the code I wrote
today afterwards. Apologies if you're still waiting for a reply in one
of the other threads).
I figured out a somewhat straight-forward way t
On Mon, 1 Apr 2024 at 19:28, Vincent Bernat wrote:
>
> On 2024-04-01 18:05, Jonathan Carter wrote:
> > The included firmware contributed to Debian 12 being a huge success,
> > but it wasn't the only factor.
>
> Unfortunately, the shipped firmwares are now almost a year old,
> including for unstabl
On Wed, Apr 03, 2024 at 02:31:11AM +0200, kpcyrd wrote:
>...
> I figured out a somewhat straight-forward way to check if a given `git
> archive` output is cryptographically claimed to be the source input of a
> given binary package in either Arch Linux or Debian (or both).
For Debian the proper ap
This backdoor abused the IFUNC mechanism in the GNU toolchain to hook into
the sshd process. Looking on my Debian sid workstation with about 1900 library
packages installed, I see a very small handful of source packages shipping
libraries with IFUNC symbols, mostly things like gcc, glibc, haskell,
On Wed, Apr 03, 2024 at 02:01:23AM -0400, Robert Edmonds wrote:
> This backdoor abused the IFUNC mechanism in the GNU toolchain to hook into
> the sshd process. Looking on my Debian sid workstation with about 1900 library
> packages installed, I see a very small handful of source packages shipping
42 matches
Mail list logo
