Re: Bug#283578: ITP: hot-babe -- erotic graphical system activitymonitor

In linux.debian.devel, you wrote: > but I think that hotbabe demonstrates a larger issue. The only issue I can see is that WNPP does not seem to by a fully sufficient synchronization point for the creation of new Debian packages. This ITP has been filed although two RFPs already exist (as hotbabe

Bug#284778: ITP: freebooters -- Free "Pirates!" like strategy game

Package: wnpp Severity: wishlist * Package name: freebooters Version : 0.2.2 Upstream Author : [EMAIL PROTECTED] * URL : http://home.gna.org/freebooters * License : GPL Description : Free "Pirates!" like strategy game The Caribbean Sea in the late 16th c

Re: Bug#294209: ITP: reminiscence -- REminiscence is a rewrite of the engine used in the game Flashback from Delphine Software

In linux.debian.devel, you wrote: >> Description: free implementation of Delphine Software's FlashBack engine >> REminiscence is an engine capable of runing any game based on the >> FlashBackengine. >> . >> To actually make use of ScummVM, you currently need to get the orginal >> FlashBac

Re: mplayer, the time has come

A Mennucc wrote: > and there are wonderful feats that 'mplayer' that do not need : decss, > faad, lame & xvid Why should Debian's mplayer be unable to support XVID? The MPEG4 codec from libavcodec will play any XVID just fine and libavcodec is already part of Debian in xine-lib and ffmpeg. Chee

Re: Bits (Nybbles?) from the Vancouver release team meeting

Matthew Garrett wrote: >> As I understand it, SCC *binaries* get their own domain / mirrors / >> everything, but the *source* shall be shared with the main archive. > > Uh. Not if you want to distribute any GPLed material. The FSF doesn't consider this a problem: http://www.gnu.org/licenses/gpl-fa

Re: Bits (Nybbles?) from the Vancouver release team meeting

Matthew Palmer wrote: > But a DSA *is* the first highly visible announcement that *Debian* is > affected. A general "this is a problem" announcement might make the > crackers cackle with glee, but a DSA with a "m68k, mips, and arm updates > will be forthcoming in a week or so" is a signal to brush

Re: State of gcc 2.95 use in Debian unstable

In linux.debian.devel, you wrote: >> The need for gcc-2.95 usually means the source code is broken (in C99 >> terms) and should be fixed. Do you have an example of an use case where >> this is unfeasible, and which is important enough to justify continued >> maintenance of gcc 2.95? [..] > Also,

Re: dpkg-sig support wanted?

In linux.debian.devel, you wrote: > Worse, the existance of a practical md5(A+B+C)=3Dmd5(A+D+C) attack means > that it's not out of the question that there're md5(A+B)=3Dmd5(C+D) > attacks in the hands of particularly well resourced groups (which is > worse, since the version uploaded to the archiv

Re: Debian and the desktop

Christian Perrier wrote: > And, anyway, the KDE/Gnome thing is only one of the points I meant > about the "usability" of our default desktop system, when we target > our dear Bob User. This is beyond tasksel, but Bob User would profit immensely from generic menu entries. SuSE does this and I think

Re: congratulations to our ftp-master team

Petter Reinholdtsen wrote: > But it is not doing a great job with processing a few old uploads. I > consider it a problem that no decision have been taken on the few > really old uploads (xvidcap, rte, mplayer). One of the FTP masters (I forgot who) once said that the best way to help get mplaye

Re: congratulations to our ftp-master team

Jeroen van Wolffelaar wrote: > I explicitely said that stripping it > anyway will make the whole pondering on whether it can be in the > (source) package at all moot for the question whether mpeg encoding > would be legal to ship on ftp.debian.org. To the best of my knowledge, > mpeg encoding stuff

Re: Thoughts on Debian quality, including automated testing

Lars Wirzenius wrote: [Less strong "ownership" of packages. > This idea hasn't been tested. It could be tested if > some group of maintainers declared that some or all > of their packages were part of the experiment, that > anyone could NMU them for any reason whatsoeve

Re: poppler (was: Work-needing packages report for Dec 30, 2005)

Frank Küster wrote: >>poppler (#344738), orphaned 4 days ago >> Reverse Depends: libpoppler-glib-dev libpoppler-dev abiword-plugins >>libpoppler-qt-dev libkpathsea4 evince libpoppler0c2-qt tetex-bin >>libpoppler0c2-glib > > ... and hopefully some more in the future. There

Re: Bug#345353: O: mantis

Hilko Bengen wrote: > What's worse: Support from upstream in general and especially security > handling has been less than optimal. Plus, security problems are rather frequent. CVE has issued 28 IDs for 2002-2005. Cheers, Moritz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subj

Re: How to Increase Contributions from Volunteers

Manoj Srivastava wrote: >> I suspect a similar system for Debian might increase visibility and >> commitment from a large set of users. > > Lacking quality control of the input, I am not at all > convinced that this is desirable. You know the "old adage of computer > men", GIGO. All the

Re: poppler

Frank Küster wrote: >> These source packages embed xpdf source and should be fixed to use poppler >> if possible: >> >> gpdf >> pdftohtml >> kdegraphics (kpdf) >> koffice >> libextractor > > AFAIK, poppler was created by the freedesktop people specifically in > order to replace xpdf code in Gnome a

Re: Need for launchpad

Theodore Ts'o wrote: > I can give a couple of examples; one is way back when, before I took > over the maintenance of the e2fsprogs package, and was merely the > upstream author. The then maintainer of e2fsprogs attempted to add > support for filesystems > 2GB, but botched the job, and the result

Bug#350391: ITP: glest -- Free 3D fantasy real-time-strategy game

Package: wnpp Severity: wishlist Owner: Moritz Muehlenhoff <[EMAIL PROTECTED]> * Package name: glest Version : 2.0pre Upstream Author : Glest Team * URL : http://www.glest.org * License : GPL for the code, permissive free license for the game data Descr

Bug#352064: ITP: wormux -- A clone of the Worms game

Package: wnpp Severity: wishlist Owner: Moritz Muehlenhoff <[EMAIL PROTECTED]> * Package name: wormux Version : 0.7 Upstream Authors: Jean-Christophe DUBERGA, Laurent DEFERT SIMONNEAU, Lawrence AZZOUG Matthieu FERTRÉ, Renaud LOTTIAUX, Victor STINNER

Re: Honesty in Debian (was Re: Amendment to GR on GFDL, and the changes to the Social Contract

Adam McKenna wrote: >> No, like chosing ati over nvidia for graphic cards, or silicon image over >> others for SATA cards. > > Wait a minute, did I miss a memo? ATI isn't the devil anymore? It surely is, the current generation of ATI cards doesn't even support 2D with free drivers (beyond VESA, o

Re: Packaing Xen 3.0 etc for Debian

Matthew Grant wrote: > 2) Their stable release uses a kernel that is not patched for security > holes. It is, the status of the currently prepared sarge2 update can be found at http://wiki.debian.org/DebianKernelSargeUpdateStatus > Fortunately, individual security fixes are almost all only small

Bug#311787: ITP: lincity-ng -- City simulation game with polished GUI and graphics

Package: wnpp Severity: wishlist Owner: Moritz Muehlenhoff <[EMAIL PROTECTED]> * Package name: lincity-ng Version : 0.9.0rc1 Upstream Author : lincity-ng developers group (several people) * URL : http://lincity-ng.berlios.de * License : GPL (most media

Re: [Debian-uk] Sun have (probably) patented apt-get

In linux.debian.devel, you wrote: > Today the EU gets to vote on the same issue. They can elect to have a > thriving software industry well placed to replace the now crippled USA > as the dominant force in the software industry. > > Europe, its time to choose. It has chosen a few minutes ago; the

Re: Two versions of pan in etch?

Søren Boll Overgaard wrote: > Essentially, what it boils down to is this: Would it be prudent to include two > separate versions of pan in etch (perhaps named pan and pan2)? This should be avoided where possible; if they share a common code base it's quite likely that discovered security problems

Re: NMU for mantis - dependecy for php5 fixed

Daniel Knabl wrote: > could anyone please have a look at the changes I've made to the mantis > package?! It should now support/depend on/work with php5 too. > Also I've tested it on several machines both with testing and > unstable, and there were no errors during installation nor with > upgrades f

Re: Proposal: searchable d.o/security/

Javier Fernández-Sanguino Peña wrote: >> today I searched for a specific DSA and its really pain if=20 >> you just know the package but no DSA number (correct me if I missed=20 >> something). > > What kind of search are you trying to do? Package to DSA? Bug to DSA? > If so, it would not be difficul

Re: Why not only support Sid and Testing?

Marc Haber wrote: >> I know I am in for an argument, but I think it is a good >>question. I'm sure many of you have read Mark's blog: >>http://www.markshuttleworth.com/archives/56. It says 76% of Debian >>users run unstable and probably a fair fraction of the rest run testing. > > I tend to

Re: Bug#386911: ITP: Claroline -- Course Management System for Online Learning

Victor Manuel Mtz wrote: > * Package name: Claroline > Version : 1.7.8 > Upstream Author : Lederer Guillaume <[EMAIL PROTECTED]> > * URL : http://www.claroline.net > * License : GPL > Description : Course Management System for Online Learning > > Claroline

Re: local copies of libs

Hendrik Sattler wrote: > since I often see that packages keep local copies of libs and use those, I= >=20 > kind of want to object to arguments for such build behaviour. > > The latest one I found is xmms-wma: it uses a local stripped-down copy of=20 > ffmpeg's libavcodec and libavformat. > > The g

Re: Bug#391686: ITP: ipw3945-daemon -- Binary userspace regulatory daemon for Intel PRO/Wireless 3945ABG cards

Jurij Smakov wrote: > * Package name: ipw3945-daemon > Version : 1.7.22 > Upstream Author : Intel Corporation > * URL : http://http://bughost.org/ipw3945/ > * License : Redistribution only (non-free) > Programming Lang: available only in binary form > Descrip

Re: local copies of libs

Reinhard Tartler wrote: >> libavcodec had several vulnerabilities and without doubt it'll have more in >> the next 30 months after Etch release. So it's absolutely necessary to >> link dynamically. (Many do already, e.g. xine-lib). >> I'll file RC bugs for any packages still embedding or link stati

Re: local copies of libs

Hendrik Sattler wrote: >> libavcodec had several vulnerabilities and without doubt it'll have more in >> the next 30 months after Etch release. So it's absolutely necessary to >> link dynamically. (Many do already, e.g. xine-lib). >> I'll file RC bugs for any packages still embedding or link static

Re: RFP: tinymce -- Web based Javascript HTML WYSIWYG editor

Kjetil Kjernsmo wrote: > I could imagine this creating an undesired overhead for the Security > Team in case of a flaw. > > I would therefore suggest splitting TinyMCE into a package of its > own. Unfortunately, I'm not a DD myself. That would be much appreciated. The second troublemaker if adodb

Re: Bug#396927: ITP: xyssl -- lightweight crypto and SSL/TLS library

Arnaud Cornet wrote: > * Package name: xyssl > Version : 0.1 > Upstream Author : Christophe Devine <[EMAIL PROTECTED]> > * URL : http://xyssl.org/ > * License : LGPL > Programming Lang: C > Description : lightweight crypto and SSL/TLS library Do you have

Re: SUMMARY: Re: Dropping GStreamer 0.8 for etch

Loïc Minier wrote: >> - goobox > > Alternative programs available with a superset of the features, and an > active upstream. I'm waiting for a final ack of the maintainer that > the alternatives are indeed okay and that we can proceed with removal. If goobox's unique feature is remote audio

Re: Dropping GStreamer 0.8 for etch

Josselin Mouette wrote: > By hiding behind upstream, you're simply refusing to fix the problem. > The patch is a hack that is only guaranteed to work on a Debian system, > and upstream will refuse it until it is done in a proper way. This is > not how things work. Forwarding fixes upstream is impor

Bug#404762: ITP: freesynd -- Free implementation of the Syndicate engine

Package: wnpp Severity: wishlist Owner: Moritz Muehlenhoff <[EMAIL PROTECTED]> * Package name: freesynd Version : 0.1 Upstream Author : QuantumG <[EMAIL PROTECTED]> * URL : http://freesynd.sf.net/ * License : GPL Programming Lang: C++ Descriptio

Re: etch's upgrades during life cycle

Luis Matos wrote: > Many users have complaints about in the middle of the life cycle, or > before the debian stable release no longer supports new hardware. > Therefor a new kernel would be needed for d-i ( or an hardware > compatibility update for the kernel and modules). > > My proposal would be

Re: [Debconf-discuss] Re: Please revoke your signatures from Martin Kraff's keys

Javier Fernández-Sanguino Peña wrote: > On Thu, May 25, 2006 at 05:30:23PM +0200, Luca Capello wrote: > > FYI, Martin's explanation is at [1], which passed on Planet Debian. > > > > Thx, bye, > > Gismo / Luca > > > > [1] http://blog.madduck.net/geek/2006.05.24-tr-id-at-keysigning > > FWIW, I not

Re: egroupware upgrade drops several applications -- suggestions?

Peter Eisentraut wrote: > The upgrade to the new egroupware upstream drops several applications such as > the trouble-ticket system and the forum (because they were unmaintained or > the functionality was picked up by something else). I'm not sure how to > arrange an upgrade to this new version

Re: Bug#377697: New version of squid hangs at startup

Luigi Gangitano wrote: > Since this is a compile time choice and kernel 2.4.27 is still in the > archive we have the following options: > > 3. drop support for older kernels (will etch release with a 2.4 > default kernel?) > > Please give your advice. Etch will only support 2.6 kernels, so any

Re: Bug#379857: ITP: git-completion -- content addressable filesystem (bash completion)

Sebastian Harl wrote: > * Package name: git-completion > Version : 0+20060722 > Upstream Author : Ben Clifford <[EMAIL PROTECTED]> > * URL : http://www.hawaga.org.uk/ben/tech/gitcompletion/ > * License : GPL > Description : content addressable filesystem (b

Bug#326797: ITP: pentagram -- Engine for Ultima VIII: Pagan

Package: wnpp Severity: wishlist Owner: Moritz Muehlenhoff <[EMAIL PROTECTED]> * Package name: pentagram Version : CVS snapshots Upstream Author : W. J. Palenstein, P. Burke, M. Horn, R. Nunn, D. Reichardt, M. Jimenez * URL

Re: curl status update

In linux.debian.devel, you wrote: > That's actually not true, GnuTLS has the reverse licensing issues from > OpenSSL. OpenSSL cannot be linked with GPL-licensed software; GnuTLS, > OTOH, is licensed under the GPL (as opposed to the LGPL), Only some extra features not present in OpenSSL (like SRP a

Re: Packages that need to be rebuilt agaisnt libssl0.9.8

In linux.debian.devel, you wrote: >> a lot of people bugged me about the new version and upstream only recommends >> this version. It also closes a grave security bug. > > Hm, that wasn't listed in the changelog. Anyway, there hasn't been a security > advisory about openssl recently, did you backpo

Re: Packages that need to be rebuilt agaisnt libssl0.9.8

In linux.debian.devel, you wrote: > Moritz Muehlenhoff wrote: >> Upgrading to SHA-1 is still a good idea, of course, > > Correct me if I'm wrong, but haven't there been collision attacks on > SHA-1, too? Yes, but to public knowledge they're only feasible with gov

Re: Packages that need to be rebuilt agaisnt libssl0.9.8

In linux.debian.devel, you wrote: >> beneficial to at least document such security issues, by informing security >> team, filing an RC bug on your own package, and mentioning the CVE ID (or at >> the very least, a short description of the bug fixed) in your changelog >> entry. > > It is documented

Re: How to cope with patches sanely (Was: State of the project - input needed)

Andreas Tille wrote: > What would you suggest to enhance the situation? Each maintainer may be familiar with his pet patch system, but for archive wide work I agree the current approach is a mess and makes security updates painful. Since it's unlikely to change anytime soon, each source packages,

Re: Bug#462740: ITP: demac -- A decoder for Monkey's Audio (APE) lossless files

William Pitcock wrote: > demac has some bugs with v3.97 format files. I would recommend merging > in patches from ffmpeg and making a seperate product. Or rather avoid packaging demac at all and link the application in question against libavcodec. Cheers, Moritz -- To UNSUBSCRIBE, emai

Re: Introducing security hardening features for Lenny

Pierre Habouzit wrote: >> Fortify Source >> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D >>=20 >> This feature adds validation for internal C functions such as strcpy >> for buffer sizes known during compile time. While vulnerabilities in >> the functions it protects have become uncommon in high-prof

Re: Introducing security hardening features for Lenny

Thomas Bushnell BSG wrote: > For my money, you blew it. You don't bootstrap a discussion by > presenting a pseudo-official email like the one you posted. But we can > get back to that discussion: cancel the email by saying "whoops, we're > not ready yet" and then having the discussion first. Of

Re: Introducing security hardening features for Lenny

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Moritz Muehlenhoff wrote: > The Debian archive is the biggest of all distributions and although > there's security support for all security issues being found, there's > still room for improvement and a need for increased resilie

Re: Introducing security hardening features for Lenny

Kees Cook wrote: > Does anyone have any good test harnesses we can try this on? I'd be > more than happy to run them on some modern hardware. Video: mplayer with the -benchmark option in conjunction with -nosound and -vo. HTML rendering: Mike Hommey once blogged about benchmarking the ACID test:

Re: Proposalto introduce compiler options passed from dpkg-buildpackage

On 2007-12-25, Moritz Muehlenhoff <[EMAIL PROTECTED]> wrote: > Matthias Klose wrote: >> This is a proposal to introduce a common set of compiler options which >> can be set independently from the package, and passed/injected to the >> package build process. It was firs

Re: Introducing security hardening features for Lenny

Riku Voipio wrote: >> In kernels that support text ASLR, programs compiled >> for PIE will gain full position randomization. > > For which architectures is text ASLR available? does it require > external kernel patches? PIE means considerable system overhead > and fatter binaries, especially for sy

Re: Introducing security hardening features for Lenny

John Goerzen wrote: > However, I am concerned that is appears to be limited in scope to packages > that: > > * Are written in C or C++ > > * Can have hardening achieved through technical changes to the build process > > I think it is important to remember that other languages can have security

Re: wnpp.debian.net sources released, security review wanted, plans for the future

Sebastian Pipping wrote: >> Not sure what you had in mind for a "feed". If you mean RDF/RSS of >> DSAs, there are two here: >> >> http://www.debian.org/security/ The recommended way is to subscribe to [EMAIL PROTECTED] > Is there a way to get notified of new security > bugs right when they are

Re: Proposalto introduce compiler options passed from dpkg-buildpackage

On Mon, Feb 11, 2008 at 05:44:33PM +0100, Matthias Klose wrote: > Moritz Muehlenhoff writes: > > [This message has also been posted to gmane.linux.debian.devel.general.] > > On 2007-12-25, Moritz Muehlenhoff <[EMAIL PROTECTED]> wrote: > > > Matthias Klose wrote

Re: Proposalto introduce compiler options passed from dpkg-buildpackage

Loïc Minier wrote: > On Thu, Feb 14, 2008, Frank Lichtenheld wrote: > > Hmm, I doubt that dpkg-dev should be the place to keep track of that. > > I mean, that probably depends on the version of gcc/g++/whatever used, > > so it's quite meaningless to make it dependent on the version of > > dpkg-dev

Re: Bits from the Security Team

Steve Langasek wrote: >> The Security Team is now using Request Tracker to coordinate work >> and our RT processes have already been refined a lot. >> If you're a package maintainer working towards a security update, >> you're now encouraged to open a ticket directly. You will be kept in >> CC dur

Re: Bits from the Security Team

On 2008-03-11, Don Armstrong <[EMAIL PROTECTED]> wrote: > On Sun, 09 Mar 2008, Moritz Muehlenhoff wrote: >> If you're opening a ticket for a security problem which is publicly >> known, e.g. if it's announced on the project web site, please open a >> ticket

Re: Version numbering for security uploads of native packages

On 2008-03-16, Adam D. Barratt <[EMAIL PROTECTED]> wrote: > On Sun, 2008-03-16 at 03:47 -0700, Steve Langasek wrote: >> The current binNMU numbering scheme was selected explicitly to allow >> security uploads to sort later by numbering as >> +; e.g., 1.2-5.1+etch1. > > That makes sense, although do

Re: A suggestion

On 2008-04-03, Mike Bird <[EMAIL PROTECTED]> wrote: > On Thu April 3 2008 03:03:51 Matthew Johnson wrote: >> On Thu Apr 03 11:54, Andrea Bolognani wrote: >> > And stable is not fine for a desktop in general, because it has outdated >> > packages which are not what a desktop user wants. >> >> _you_

Re: Bug#471094: RFH: mantis

On 2008-04-03, Hilko Bengen <[EMAIL PROTECTED]> wrote: > Patrick Schoenfeld <[EMAIL PROTECTED]> writes: > >> as upstream is considering some changes in the upgrade path that will >> make upgrading with pure sql files quiet hard and they never really >> supported upgrading through pure sql files (an

Re: GnuPG: Maintainer inactive?

Michael Banck wrote: > On Wed, Apr 16, 2008 at 02:19:12PM +0200, Kai Wasserbäch wrote: >> on the 1st of April I wrote an e-mail to James Troup offering my help in >> hunting >> down open bugs which are no longer present an thus enabling him to >> concentrate >> on packaging GnuPG 1.4.9. But his l

Re: pwsafe and OpenSSL?

Daniel Burrows wrote: > I notice that pwsafe is linked against openssl. Is it affected by the > recent debacle and if so, how? Do I need to regenerate all my > randomized passwords, or somehow re-encrypt the pwsafe database? I've looked briefly into it: The Blowfish encryption key is construct

Re: divergence from upstream as a bug

Joey Hess wrote: FWIW, I like the general idea of tracking upstream diverge with a bug. > Mike Hommey wrote: >> The BTS would also need something to make it easier to spot patches in a >> bug. Patch tracking is one of the few things bugzilla is not bad at, for >> instance. > > I guess you're talk

Re: Bug#538857: rocksndiamonds: post-installation fails

On Mon, Jul 27, 2009 at 09:15:00PM +0400, Dmitry E. Oboukhov wrote: > >> The site www.artsoft.org is (temporary?) down. Why do You think it > >> must be another way? Postinst returns error code because it can't > >> download resource. Other packages (for example msttcorefonts) have > >> the same be

Re: Is it time to remove sun-java6?

On 2009-10-08, Barry deFreese wrote: > Hi folks, > > A few of us have been discussing the removal of sun-java6. It is > non-free, orphaned, buggy (including security bugs), and can generally > be replaced by openjdk. There are only three reverse depends left and > none of them directly depend

Re: Switch on compiler hardening defaults

["Followup-To:" header set to gmane.linux.debian.devel.general.] On 2009-11-05, Kees Cook wrote: >> The majority of distributions does turn on these options during >> package build time, which IMO is the right thing to do. Debian >> should do the same. There's now Raphael's new framework in place

Re: about gstreamer0.8 and python2.3 removal

Tshepang Lekhonkhobe wrote: [I wanted to evaluate gstreamer 0.8 this weekend anyway, due to the recent amount of newly discovered libavcodec vulnerabilities, thanks for raising it independantly; this save quite some time] >> > Pretty surprising. Was there a discussion in which this decision was >

Re: Handling of (inactive) Debian Accounts

Jon Marler wrote: > I have a question ... How do I keep my Debian maintainer status if I > miss the vote? A more relevant case are probably people, who don't care about the annual time-drain aka DPL election. Cheers, Moritz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject o

Re: Bug#414534: ITP: sucrack -- multithreaded su bruteforcer

Tim Brown wrote: >> Nope since he that did not go to d-d. Maybe you can outline professional >> uses in the description like done in the previous answers? > > As to previous answers, verbatim: > > I'm packaging a bunch of security tools that I use in my job pen testing. (..) > companies using my

Re: The number of etch installations is rocketing...

Johannes Wiedersich wrote: > Presently the number of installations reported to popcon is about the > same as the number of subscriptions to debian-security-announce, but I > am sure there are many users of debian who don't read d-s-a and many > users, who have several -maybe hundreds- of installati

Re: wordpress packages

Russell Coker wrote: > Getting the entire collection of Wordpress plugins (or any significant > sub-set) audited for security issues seems quite unlikely. Getting a smaller > collection of plugins which are packaged for Debian audited in such a manner > would be much easier and therefore much m

Re: Bug#426069: ITP: spip -- website engine for publishing

Romain Beauxis wrote: > * Package name: spip > Version : 1.9.2b > Upstream Author : SPIP Development Team <[EMAIL PROTECTED]> > * URL : http://www.spip.net/ and > http://trac.rezo.net/trac/spip/ > * License : Mainly GPL and other open source

Re: Bug#426069: ITP: spip -- website engine for publishing

Romain Beauxis wrote: > However, I'll contact them and ask for their commitment to solving seciruty > issues, but I'm quite sure that the main issue remains in the hand of the > maintainer, to be able to update the package as soon as they fix anything.. It had too many security problems in 2006.

Re: Bug#428877: ITP: callweaver -- Community-driven open source PBX software

Santiago Ruano Rincón wrote: > CallWeaver is a community-driven vendor-independent cross-platform open > source PBX software project (formerly known as OpenPBX.org). It was > originally derived from Asterisk. Now it supports analog and digital > PSTN telephony, multi-protocol voice over IP telephon

Re: APT 0.7 for sid

Michael Vogt wrote: > unattended-upgrades comes with a default configuration that will only > apply security updates (but it can be configured in any way people > want) and it will do some careful checking to not upgrade packages > that require manual intervention bia conffile prompts. It will also

Re: Xen status in lenny?

Bastian Blank wrote: > Xen got a often used technique in the last two years. All of the large > distributions got some sort of support for it. Debian Etch have full > support for it. There was several requests of various people so I think > not providing at least a minimal support in Lenny is wrong

Re: RFH: clamav

Stephen Gran wrote: > This one time, at band camp, Stephen Gran said: >> I'm looking for people to help with maintenance of clamav. > > So, I got a total of one reply to this RFH. I'm currently debating > whether or not to release clamav with lenny or orphan it. I don't think > I'm interested in

Re: Bug#496386: The possibility of attack with the help of symlinks in some Debian packages

Christian Perrier wrote: >> This is far below the quality I expect from a mass bug filing that's been >> reviewed by debian-devel. Mass bugfilings at RC severity need to be held to > > Even though I overread the thread when Dmitry posted his intent to > -devel, I feel like there was *no* strong a

Volunteer needed for Iceape security updates in Lenny

A volunteer is needed to build and test the Iceape security updates in Lenny. Patches are provided through a patch set for each update round, but the Security Team and the Mozilla maintainers lack the ressources for the proper integration work. So if you use Iceape and want to continue to use it in

Re: Bug reports of DFSG violations are tagged ???lenny-ignore????

Robert Millan wrote: >> > > Has the current release team lowered the bar on Debian actually >> > > trying to follow the social contract? >> > >> > Yes, they have. >> >> What if, instead of ranting everywhere, you actually contributed code to >> fix these bugs? > > I did... You contribut

Re: Bug Sprint results (draft)

Stefano Zacchiroli wrote: >=2E.. hence, given that Lenny hasn't been release yet, when are we gonna > make another one? :) Let's make it a Beer Sprint. The winners receive a package with the local brew from the people who didn't manage to fix their bugs. I'm offering German beer to five winners, j

Re: Bug#504758: gforge-plugins-extra ships security issues-prone code copies

Roland Mas wrote: > tag 504758 + help > The way I see it, there are three ways out: > > - prepare a new upload that doesn't contain this binary package, and > leave users with the task of getting the code from the source > package and installing it by hand; > > - ignore this bug for lenny, si

Re: qmail and related packages in NEW

Neil Williams wrote: > It isn't just about choosing not to install it, it causes work for the > various teams in Debian - security, release, QA.=20 We've discussed this at the Security Team meeting in Essen and we don't have a problem with qmail being included in Lenny. Cheers, Moritz -

Re: qmail and related packages in NEW

On 2008-11-29, Joerg Jaspert <[EMAIL PROTECTED]> wrote: > >>> It isn't just about choosing not to install it, it causes work for the >>> various teams in Debian - security, release, QA.=20 >> We've discussed this at the Security Team meeting in Essen and we don't >> have a problem with qmail being

Re: Gtk1.2/Imlib/gnome-lib packages (Long)

Barry deFreese wrote: > Just in case anyone cares/is interested, here is some work I have been > doing on packages using Gtk1.2, Imlib, gnome-libs, or any combination > thereof. Thanks. Could you fold this into a page on wiki.debian.org, so that people can add their specific solution attempts

Re: "Etch and a half" ( was Re: Bugfix/hardware support updates to stable releases?)

Tim Hull wrote: > Anyway, I'm curious - is this still a legitimate consideration within > Debian? Yes. > If it were to be done, it would have to be December/Januaryish (any That's the plan. > Thus, one wouldn't HAVE to upgrade, but > new users and anyone standing to benefit from a new X/kernel

Re: User-Agent strings, privacy and Debian browsers

Joey Hess wrote: > Surely packages.debian.org is not a good example of a site with > generally few Debian users. > > The scenario seems more likely to me on small non-technical sites that > only a few Debian unstable users are likely to visit. For special fun, > try browsing from an unusual archite

Re: Bits from the Testing Security team

On 2007-10-15, Stefano Zacchiroli <[EMAIL PROTECTED]> wrote: > > --MGYHOYXEY6WxJCY8 > Content-Type: text/plain; charset=us-ascii > Content-Disposition: inline > Content-Transfer-Encoding: quoted-printable > > On Mon, Oct 15, 2007 at 11:29:16AM +0200, Stefano Zacchiroli wrote: >> So, question, do yo

Re: Enabling and installing of "risky" ("patented") codecs - made easy

Fabian Greffrath wrote: > You all know about the unsatisfying situation of some codec libraries > that are commonly called 'risky' or 'patented'; namely lame, xvid and > friends. While being perfectly free software on the one hand, licensed > under the GPL or LGPL, they are surrounded by a cloud

Re: Bits from the Security Team

Adrian von Bidder wrote: >>=20 > which is really a Bits from the Security Team. Full "Bits" will appear soon. Cheers, Moritz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trou

Re: Bug#447592: RFP: fckeditor -- text/file editor for PHP

Roland Mas wrote: > Nico Golde just contacted me about a problem found in the FCKeditor > code that's shipped in the Gforge package. Apparently, there's at > least one other package that ships this code (knowledgeroot), so the > code is effectively duplicated. It would be better for everyone if >

Re: Out-of-tree kernel module popularity

Ben Hutchings wrote: > >> Nevertheless on the user's side there is a demand for those=20 >> codecs which can be whitnessed by the broad acceptance of unofficial=20 >> repositories [see: http://popcon.debian.org/unknown/by_inst ].=20 > > > I didn't know that table existed! It seems like it would be

Re: Bug#448980: ITP: rt73-firmware -- firmware for Ralink USB wireless cards

On 2007-11-02, Ben Hutchings <[EMAIL PROTECTED]> wrote: > Package: wnpp > Severity: wishlist > Owner: Ben Hutchings <[EMAIL PROTECTED]> > > > * Package name: rt73-firmware > Version : 1.8 > Upstream Author : Ralink Technology Corp > * URL : http://www.ralinktech.com/rali

Re: Proposalto introduce compiler options passed from dpkg-buildpackage

Matthias Klose wrote: > This is a proposal to introduce a common set of compiler options which > can be set independently from the package, and passed/injected to the > package build process. It was first discussed at the last UDS; a > corresponding wiki page can be found at [1]. A change like th

Re: Bug#460539: ITP: industrial-icon-theme -- openSUSE Industrial icon theme

Julian Andres Klode wrote: >>> * License : non-free / CC By-SA 3.0 >> >> Is it non-free because of its being CC-BY-SA 3.0, or does it contain >> non-free stuff? >> > AFAIK, CC-BY-SA is non-free. > 'non-free / CC BY-SA 3.0 '=3D> 'non-free (CC BY-SA 3.0)' CC by-sa 3.0 is considered free and

Re: gnome 1.x removal

Pierre Habouzit wrote: > As per release goal, gnome 1.x won't be shipped in Lenny. I just started > a first round of bugs (severity important for now), with user/usertag > [EMAIL PROTECTED]/gnome-1.x-removal so that people > interested in that goal can track our progress. Two thumbs up, thanks for

  1   2   >