Bug#765719: general: System restarts on "shutdown -h now"

Package: general Severity: normal Dear Maintainer, * What led up to the situation? After the last upgrade, the system would not halt any more. Instead, it runs into a restart cycle. The restart bypasses GRUB, i.e. one a computer with multiple OS, it restarts linux directly. The machine in us

Bug#906249: general: Long pause after lightdm login, gimp not starting except under strace

ith strange measures to overcome at least the first obstacles (mouse movements, strace-call) I somehow suspect it. Sincerely yours, Moritz -- System Information: Debian Release: buster/sid APT prefers testing APT policy: (750, 'testing'), (50, 'stable

Re: Bug#283578: ITP: hot-babe -- erotic graphical system activitymonitor

In linux.debian.devel, you wrote: > but I think that hotbabe demonstrates a larger issue. The only issue I can see is that WNPP does not seem to by a fully sufficient synchronization point for the creation of new Debian packages. This ITP has been filed although two RFPs already exist (as hotbabe

Bug#284778: ITP: freebooters -- Free "Pirates!" like strategy game

Package: wnpp Severity: wishlist * Package name: freebooters Version : 0.2.2 Upstream Author : [EMAIL PROTECTED] * URL : http://home.gna.org/freebooters * License : GPL Description : Free "Pirates!" like strategy game The Caribbean Sea in the late 16th c

Re: Bug#294209: ITP: reminiscence -- REminiscence is a rewrite of the engine used in the game Flashback from Delphine Software

In linux.debian.devel, you wrote: >> Description: free implementation of Delphine Software's FlashBack engine >> REminiscence is an engine capable of runing any game based on the >> FlashBackengine. >> . >> To actually make use of ScummVM, you currently need to get the orginal >> FlashBac

Re: mplayer, the time has come

an in xine-lib and ffmpeg. Cheers, Moritz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Bits (Nybbles?) from the Vancouver release team meeting

ww.gnu.org/licenses/gpl-faq.html#TOCSourceAndBinaryOnDifferentSites Cheers, Moritz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Bits (Nybbles?) from the Vancouver release team meeting

nto a DSA yet. How long does an xfree86 build take on arm, mips or m68k? Cheers, Moritz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: State of gcc 2.95 use in Debian unstable

ng to newer versions - but > just keeping packages installable and usable. I agree. Plus, compilation of C code with 2.95 is typically twice as fast as 4.0. While 2.95 may be too buggy wrt C++, it's still useful for C. Cheers, Moritz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: dpkg-sig support wanted?

hash functions that've had > remotely similar levels of cryptographic analysis to md5 and sha. IIRC, > the elliptic curve cryptography stuff was supposed to be similarly neat, > until people started analysing it seriously, at which point it broke. I'm not aware of any attacks be

Re: Debian and the desktop

more helpful. So maybe menu should be extended to keep both forms, so that the generic form can be chosen during installation. Once Bob User has turned into Bob Hacker he can switch back to the detailed form. Cheers, Moritz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: congratulations to our ftp-master team

) Cheers, Moritz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: congratulations to our ftp-master team

; mpeg encoding stuff is nowhere near the core funcionality of mplayer > anyway, isn't it? The encoding functionality is built into a separate binary; mencoder. Cheers, Moritz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Thoughts on Debian quality, including automated testing

to the PTS, where a maintainer can denote her "NMU policy" for a given source package? E.g. a selection box, ranging from "Don't dare to touch this, I bite" to "Feel free to 0d-NMU for every severity as long a you send the patch". Or a free-form field, if that does

Re: poppler (was: Work-needing packages report for Dec 30, 2005)

n, switching to poppler is quite easy; but for that > the package should be well maintained. These source packages embed xpdf source and should be fixed to use poppler if possible: gpdf pdftohtml kdegraphics (kpdf) koffice libextractor cupsys also embeds xpdf source, but uses xpdf-utils for curre

Re: Bug#345353: O: mantis

Hilko Bengen wrote: > What's worse: Support from upstream in general and especially security > handling has been less than optimal. Plus, security problems are rather frequent. CVE has issued 28 IDs for 2002-2005. Cheers, Moritz -- To UNSUBSCRIBE, email to [EMAIL PROTEC

Re: How to Increase Contributions from Volunteers

hat can happen to a sub-project or package. Cheers, Moritz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: poppler

ready links dynamically, so it's probably best to remove it for Etch. Unfortunately kpdf upstream seems quite reluctant to switch to poppler, see http://bugs.kde.org/show_bug.cgi?id=119455. I don't know the status of koffice. Cheers, Moritz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Need for launchpad

I could do; the > maintainer of the package can do whatever they want, upstream wishes > be d*mned, unless you try to go through a rather painful appeal > process via a then-relatively inactive technical committeee. If it lured you into becoming a DD we should mess up more upstream code :-)

Bug#350391: ITP: glest -- Free 3D fantasy real-time-strategy game

Package: wnpp Severity: wishlist Owner: Moritz Muehlenhoff <[EMAIL PROTECTED]> * Package name: glest Version : 2.0pre Upstream Author : Glest Team * URL : http://www.glest.org * License : GPL for the code, permissive free license for the game data Descr

Bug#352064: ITP: wormux -- A clone of the Worms game

Package: wnpp Severity: wishlist Owner: Moritz Muehlenhoff <[EMAIL PROTECTED]> * Package name: wormux Version : 0.7 Upstream Authors: Jean-Christophe DUBERGA, Laurent DEFERT SIMONNEAU, Lawrence AZZOUG Matthieu FERTRÉ, Renaud LOTTIAUX, Victor STINNER

Re: Honesty in Debian (was Re: Amendment to GR on GFDL, and the changes to the Social Contract

th free drivers (beyond VESA, of course) and the previous generation needed to be reverse-engineered for 3D. Cheers, Moritz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Packaing Xen 3.0 etc for Debian

g/?rev=0&sc=0 > any Xen kernel tree should be easily maintainable separately. And who should do this? Kernel updates already consume way too much time, the approach by Bastian with xen being a subflavour of the linux-2.6 source package seems the only feasible. Cheers, Moritz --

Bug#311787: ITP: lincity-ng -- City simulation game with polished GUI and graphics

Package: wnpp Severity: wishlist Owner: Moritz Muehlenhoff <[EMAIL PROTECTED]> * Package name: lincity-ng Version : 0.9.0rc1 Upstream Author : lincity-ng developers group (several people) * URL : http://lincity-ng.berlios.de * License : GPL (most media

Re: [Debian-uk] Sun have (probably) patented apt-get

In linux.debian.devel, you wrote: > Today the EU gets to vote on the same issue. They can elect to have a > thriving software industry well placed to replace the now crippled USA > as the dominant force in the software industry. > > Europe, its time to choose. It has chosen a few minutes ago; the

Re: Two versions of pan in etch?

ty problems need to be fixed in both source packages. Cheers, Moritz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: NMU for mantis - dependecy for php5 fixed

security-supportable for Etch and should rather be removed entirely. Cheers, Moritz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Proposal: searchable d.o/security/

> If so, it would not be difficult to have a page listing all packages and the > DSAs issued to them (it might be a little bit large though). Would that cov= > er your need? It already exists, e.g. for mutt: http://idssi.enyo.de/tracker/source-package/mutt Cheers, Moritz -- To UNSUB

Re: Why not only support Sid and Testing?

ething around 1/12 and the rest testing/unstable. (All figures are at least half a year old and from the top of my memory, which may be failing me. IIRC it was aj who mentioned them in IRC). Maybe the FTP masters can provide more current figures. Cheers, Moritz -- To UNSUBSCRIBE, email to

Re: Bug#386911: ITP: Claroline -- Course Management System for Online Learning

ive cross-site-scripting. (CVE-2006-3257, CVE-2006-2868, CVE-2006-2284, CVE-2006-1596, CVE-2006-1595, CVE-2006-1594, CVE-2006-0411, CVE-2005-1377, CVE-2005-1376, CVE-2005-1375, CVE-2005-1374 and possibly more, I stopped digging deeper) I don't think this should enter the archive. Cheers,

Re: local copies of libs

more in the next 30 months after Etch release. So it's absolutely necessary to link dynamically. (Many do already, e.g. xine-lib). I'll file RC bugs for any packages still embedding or link statically soon, just haven't had the time yet. Cheers, Moritz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Bug#391686: ITP: ipw3945-daemon -- Binary userspace regulatory daemon for Intel PRO/Wireless 3945ABG cards

nly in binary form > Description : Binary userspace regulatory daemon for Intel PRO/Wireless > 3945ABG cards Hasn't it been reverse-engineered yet, so that we can provide a free solution? Cheers, Moritz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "uns

Re: local copies of libs

king dynamically against ffmpeg results in loss of > features and performance. At least I was told this by an ffmpeg developer. The performance overhead should be negligable. Cheers, Moritz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: local copies of libs

or any packages still embedding or link statically soon, >> just haven't had the time yet. > > I just opened a bug against xmms-wma for that (important, with patch): #391238 > If you want it to be RC, you have to change severity. Thanks, severity raised. Cheers, Moritz --

Re: RFP: tinymce -- Web based Javascript HTML WYSIWYG editor

cond troublemaker if adodb, which seems embedded in several webapps as well. Cheers, Moritz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Bug#396927: ITP: xyssl -- lightweight crypto and SSL/TLS library

and SSL/TLS library Do you have sufficient crypto expertise to maintain this? I'm having some doubts that a SSL lib with a 0.1 version, which was released only a week ago provides real benefit to Debian. Cheers, Moritz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of

Re: SUMMARY: Re: Dropping GStreamer 0.8 for etch

reamer 0.8 suite of testing and unstable. Thanks for resolving this! Cheers Moritz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Dropping GStreamer 0.8 for etch

ieved in whatever >> order, these are orthogonal, even if both would help security support >> (in a different way). As I'm not considering building gst-ffmpeg >> against ffmpeg for etch, I kindly suggest we let this subthread die or >> be continued in the upstr

Bug#404762: ITP: freesynd -- Free implementation of the Syndicate engine

Package: wnpp Severity: wishlist Owner: Moritz Muehlenhoff <[EMAIL PROTECTED]> * Package name: freesynd Version : 0.1 Upstream Author : QuantumG <[EMAIL PROTECTED]> * URL : http://freesynd.sf.net/ * License : GPL Programming Lang: C++ Descriptio

Re: etch's upgrades during life cycle

ns for a second set of kernels (and probably xservers) nine months after Etch release, which will also have security support. However nothing's fixed yet, as the current focus is on getting Etch ready. Cheers, Moritz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject o

Re: [Debconf-discuss] Re: Please revoke your signatures from Martin Kraff's keys

tional biometric features.) > and not showing any passports or showing passports: > > - which did not had the *same* spelling as the name in the key (letter by > letter) The German passport/ID card has official ASCII transliterations of umlaut names, so if you have discarded sign

Re: egroupware upgrade drops several applications -- suggestions?

; > What to do? With a giant blob of software like egroupware every admin should be well aware that an update might require some manual interaction. We give users a full year to upgrade to the next stable release, so I'd suggest to just drop it. Cheers, Moritz -- To UNSUBSCRIBE,

Re: Bug#377697: New version of squid hangs at startup

pport 2.6 kernels, so anyone still insisting to run Etch-squid with 2.4 kernels for whatever reasons, may still disable epoll() support locally. Cheers, Moritz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Bug#379857: ITP: git-completion -- content addressable filesystem (bash completion)

nd stg. Why should this be a separate package? Either include it in the bash package or into the /etc/bash_completion.d of git, cogito and stg. Cheers, Moritz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#326797: ITP: pentagram -- Engine for Ultima VIII: Pagan

Package: wnpp Severity: wishlist Owner: Moritz Muehlenhoff <[EMAIL PROTECTED]> * Package name: pentagram Version : CVS snapshots Upstream Author : W. J. Palenstein, P. Burke, M. Horn, R. Nunn, D. Reichardt, M. Jimenez * URL

Re: curl status update

nSSL (like SRP auth) are licensed under the GPL, the rest of the code is LGPLed. Cheers, Moritz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Packages that need to be rebuilt agaisnt libssl0.9.8

ploits have been derived from the basic collision attacks, though, (google for Kaminski or Daum/Lucks for some cool demonstrations), but it's not as grave as it might appear. Upgrading to SHA-1 is still a good idea, of course, but no need to break things more than necessary. Cheers,

Re: Packages that need to be rebuilt agaisnt libssl0.9.8

In linux.debian.devel, you wrote: > Moritz Muehlenhoff wrote: >> Upgrading to SHA-1 is still a good idea, of course, > > Correct me if I'm wrong, but haven't there been collision attacks on > SHA-1, too? Yes, but to public knowledge they're only feasible with gov

Re: Packages that need to be rebuilt agaisnt libssl0.9.8

the default hash has been changed. So changing /etc/openssl.cnf's "default_md = md5" to "default_md = sha1" would have the same effect, as sha1 is already present in 0.9.7; only the more complex SHA variants have been introduced in 0.9.8. Cheers, Moritz -- To UNSU

Re: How to cope with patches sanely (Was: State of the project - input needed)

is could be solved by adding a symlink to a standard file provided.) Cheers, Moritz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Bug#462740: ITP: demac -- A decoder for Monkey's Audio (APE) lossless files

William Pitcock wrote: > demac has some bugs with v3.97 format files. I would recommend merging > in patches from ffmpeg and making a seperate product. Or rather avoid packaging demac at all and link the application in question against libavcodec. Cheers, Moritz -- To UNSUB

Re: Introducing security hardening features for Lenny

on the toolchain configuration proposal by Matthias Klose. Maybe "classes" of security-sensitivity of applications can be defined, which specify a set of selected options. Cheers, Moritz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Introducing security hardening features for Lenny

having the discussion first. Of course we've discussed this in depth internally before before proposing it and there was no intention to make it sound "official". There is no need to become aggressive. To resolve potential confusions I've sent a clarifying followup. Chee

Re: Introducing security hardening features for Lenny

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Moritz Muehlenhoff wrote: > The Debian archive is the biggest of all distributions and although > there's security support for all security issues being found, there's > still room for improvement and a need for increased resilie

Re: Introducing security hardening features for Lenny

e ACID test: http://web.glandium.org/blog/?cat=17 Nexuiz: | To run the benchmark: start Nexuiz & open the console (`) issuing: | timedemo demos/demo1.dem The results will be stored in: | ~/.nexuiz/data/benchmark.log Not sure about XML benchmarks. Cheers, Moritz -- To UNSUBSCRIBE,

Re: Proposalto introduce compiler options passed from dpkg-buildpackage

On 2007-12-25, Moritz Muehlenhoff <[EMAIL PROTECTED]> wrote: > Matthias Klose wrote: >> This is a proposal to introduce a common set of compiler options which >> can be set independently from the package, and passed/injected to the >> package build process. It was firs

Re: Introducing security hardening features for Lenny

binaries, especially for systems without large > caches. I'm only aware of x86 and amd64. I don't think it's necessary on other archs. Did you followup with upstream on the SSP problems we've seen on ARM? Cheers, Moritz -- To UNSUBSCRIBE, email to [EMAIL PROT

Re: Introducing security hardening features for Lenny

s are icing on the cake. Cheers, Moritz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: wnpp.debian.net sources released, security review wanted, plans for the future

w security > bugs right when they are opened? You can install debsecan, which generates reports on open security issues and which includes BTS bugs tagged security as well. Cheers, Moritz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Proposalto introduce compiler options passed from dpkg-buildpackage

On Mon, Feb 11, 2008 at 05:44:33PM +0100, Matthias Klose wrote: > Moritz Muehlenhoff writes: > > [This message has also been posted to gmane.linux.debian.devel.general.] > > On 2007-12-25, Moritz Muehlenhoff <[EMAIL PROTECTED]> wrote: > > > Matthias Klose wrote

Re: Proposalto introduce compiler options passed from dpkg-buildpackage

t about adding such a get-default-flags script into the gcc-defaults package? Cheers, Moritz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Bits from the Security Team

ly to unembargoed security updates? AIUI, the > practice today is that for embargoed security updates, all of the binaries > are kept in the queue until they're ready for release; so I don't really see > a gap when the security update is public but the binary packages aren't > built? Yes, this is limited to non-embargoed security issues. Cheers, Moritz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Bits from the Security Team

On 2008-03-11, Don Armstrong <[EMAIL PROTECTED]> wrote: > On Sun, 09 Mar 2008, Moritz Muehlenhoff wrote: >> If you're opening a ticket for a security problem which is publicly >> known, e.g. if it's announced on the project web site, please open a >> ticket

Re: Version numbering for security uploads of native packages

adapt our practise to use +etchX for security updates. Cheers, Moritz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: A suggestion

linux-image.* in order to support recent video and audio chips. http://wiki.debian.org/EtchAndAHalf will solve that soon. Cheers, Moritz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Bug#471094: RFH: mantis

and starting with a separate mantis-1.1 package. Only one version should end up in Lenny, though. Cheers, Moritz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: GnuPG: Maintainer inactive?

d already cause they are fixed in the current version in the > appropriate bug (CCing the submitter, so they can possibly close it > themselves) is always welcome, regardless of any other action or > non-action by the maintainer. gnupg is very important and unmaintained for all practical purpose

Re: pwsafe and OpenSSL?

rg/security/key-rollover/ once confirmed. Cheers, Moritz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: divergence from upstream as a bug

complicated bug with several rounds of review and fixups Cheers, Moritz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Bug#538857: rocksndiamonds: post-installation fails

the broken rott download, the correct fix is to add support for the media files to game-data-packager instead of adding a postinst. Cheers, Moritz -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Re: Is it time to remove sun-java6?

feeling is that we either need to remove it or fix it up. > > Any thoughts? We should remove it, it'll be EOLed during the Squeeze time frame and noone can sensibly fix it. (It's not covered by official security support, though due to being non-free) Cheers,

Re: Switch on compiler hardening defaults

you intend to enable? -Wformat, -Wformat-security, -D_FORTIFY_SOURCE=2 and -fstack-protector ? Could you file a bug against dpkg-dev? Cheers, Moritz -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Re: about gstreamer0.8 and python2.3 removal

d and goobox seems dead upstream. (According to http://www.gnomefiles.org/app.php?soft_id=531 the last upstream release is from Nov 2005). I'll file an RC bug for hinting it out of testing. Cheers, Moritz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Handling of (inactive) Debian Accounts

Jon Marler wrote: > I have a question ... How do I keep my Debian maintainer status if I > miss the vote? A more relevant case are probably people, who don't care about the annual time-drain aka DPL election. Cheers, Moritz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] wit

Re: Bug#414534: ITP: sucrack -- multithreaded su bruteforcer

and run Debian on a part of their systems: http://www.bsi.de/produkte/erposs/index.htm Anyone with good connections to German government bodies running Debian (and there are quite many) should use their contacts to lobby against this bill. Cheers, Moritz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: The number of etch installations is rocketing...

, many people install security updates blindly. Cheers, Moritz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: wordpress packages

erefore much more likely. In reality they'll be included unreviewed, the maintainer will lose interest half a year after the stable release and the security team will have to deal with all that junk every couple of months. So, don't do that. Cheers, Moritz -- To UNSUBS

Re: Bug#426069: ITP: spip -- website engine for publishing

already in the archive and has been removed mostly for it's poor security track record. Re-introducing it is a very bad idea. Cheers, Moritz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Bug#426069: ITP: spip -- website engine for publishing

ty problems in 2006. We already have far too many buggy packages in the archive, security updates are not an infinite ressource. I recommend to upload to experimental and re-evaluate it's security history four months prior to Lenny freeze. Cheers, Moritz -- To UNSUBSCRIBE, email to

Re: Bug#428877: ITP: callweaver -- Community-driven open source PBX software

risk and given the steady flow of security issues in it, we can't have two versions in the archive. Cheers, Moritz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: APT 0.7 for sid

ecurity upgrades are not supported; while we can typically fix security problems w/o requiring manual user interaction, we cannot guarantee it all cases. The user needs to read the DSA. Cheers, Moritz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Xen status in lenny?

Since there's now a sixth option - the forward-ported XenSource patch to SLES's 2.6.26 - could we test this patch before we decide on a plan? To me using the forward-ported SLES patch for Lenny and switching to pvops post-Lenny seems ideal. Cheers, Moritz -- To UNSUBSCRIBE, emai

Re: RFH: clamav

backporting that's currently being done. There're a few libclamav reverse-deps, which need to be adressed, though. Cheers, Moritz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Bug#496386: The possibility of attack with the help of symlinks in some Debian packages

tally > thanking the bug submitter for the extra work and ranting about yet > another nice method to delay the release. Let's be old-fashioned and fix things instead. Cheers, Moritz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Volunteer needed for Iceape security updates in Lenny

in Lenny please step forward and mail [EMAIL PROTECTED] and keep [EMAIL PROTECTED] CCed. Cheers, Moritz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Bug reports of DFSG violations are tagged ???lenny-ignore????

you missed the point. They're not wishlist bugs. If they were, I > wouldn't care much about them. Well, bugs don't get magically fixed. You didn't do anything substantially about them, so you can hardly complain. Cheers, Moritz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Bug Sprint results (draft)

erman beer to five winners, just as Joss did for cookies. Cheers, Moritz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Bug#504758: gforge-plugins-extra ships security issues-prone code copies

ich adds a README.security (or add it to README.Debian if present), which describes that these plugins need to be configured and maintained by the local admin. We'll than add it to the debtag list of packages not covered by security support. For Squeeze we can then switch to the system wide p

Re: qmail and related packages in NEW

Neil Williams wrote: > It isn't just about choosing not to install it, it causes work for the > various teams in Debian - security, release, QA.=20 We've discussed this at the Security Team meeting in Essen and we don't have a problem with qmail being included in Lenny. C

Re: qmail and related packages in NEW

kages at > once. Which? AFAICS it has some portability layers and you typically need daemontools for djbware, but I don't see any horrible code copies. Cheers, Moritz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Gtk1.2/Imlib/gnome-lib packages (Long)

help out. Cheers, Moritz -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Re: "Etch and a half" ( was Re: Bugfix/hardware support updates to stable releases?)

stable while still > supporting the latest hardware. Yes. > However, I think it's worth consideration - in my > mind, this would fix Debian's greatest flaw Yes. Cheers, Moritz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: User-Agent strings, privacy and Debian browsers

ng from an unusual architecture; that's in the user-agent > string too. http://linuxreviews.org/news/2005/01/28_0001/ Cheers, Moritz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Bits from the Testing Security team

wrote: >> So, question, do you want to have reports also of missing pieces of >> statically linked code snippets in that list? Yes, this list has always included apps linking statically. Cheers, Moritz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Enabling and installing of "risky" ("patented") codecs - made easy

t, which's primary host would reside somewhere where multimedia software patents are moot. (I suppose france would be alright, since debian- multimedia is hosted there). d-i should offer to add these sources. Cheers, Moritz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Bits from the Security Team

Adrian von Bidder wrote: ><http://blog.steve.org.uk/articles/2007/10/19/as-i-move-on-through-the-year= >>=20 > which is really a Bits from the Security Team. Full "Bits" will appear soon. Cheers, Moritz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with

Re: Bug#447592: RFP: fckeditor -- text/file editor for PHP

better for everyone if > that software was packaged independently, and others could just depend > on it. Indeed. karrigell and moin appear to include a copy as well. Cheers, Moritz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Out-of-tree kernel module popularity

ch of these have been merged into Linux mainline by now (e.g. several of the wifi drivers have) and report the missing ones to Greg Kroah-H's driver project: http://www.linuxdriverproject.org/twiki/bin/view He has 310 developers at hand, who are eager to merge potential out-of- tree drivers and

Re: Bug#448980: ITP: rt73-firmware -- firmware for Ralink USB wireless cards

the rt73 and > rt73usb modules built from rt73-source and rt2x00-source respectively. What about adding it to the already existing firmware-nonfree source package? Cheers, Moritz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Proposalto introduce compiler options passed from dpkg-buildpackage

change like that is more or less required for the planned introduction of security hardening features. Since noone really objected to the change outlined, I'd be interested in the way forward from here and what timeline is planned to set the changes into effect. Cheers, Moritz -

  1   2   3   >