Sebastian Pipping posted on Thu, 26 Mar 2015 19:15:09 +0100 as excerpted:
> Changes:
>
> * Revision bump
This ^^..
> * Add section on .php.inc
>
> * Add thanks line
>
>
>
> Title: Apache AddHandler vulnerability protection
On Thu, Mar 26, 2015 at 1:17 PM, Rich Freeman wrote:
> On Thu, Mar 26, 2015 at 12:51 PM, William Hubbs wrote:
>>
>> The other method is shown by dev-vcs/hub at least, and maybe several
>> other packages -- e.g. unconditionally installing the completions
>> according to our small files installatio
On Thursday, March 26, 2015 13:17:02 Rich Freeman wrote:
> On Thu, Mar 26, 2015 at 12:51 PM, William Hubbs wrote:
> > The other method is shown by dev-vcs/hub at least, and maybe several
> > other packages -- e.g. unconditionally installing the completions
> > according to our small files installa
On 15.03.2015 10:48, Ulrich Mueller wrote:
>> If we want a separate repo/ namespace, we would probably need to
>> consider moving other repositories there -- at least the
>> official ones. Of course, it would be a nice result, having
>> everything hosted on git.g.o as git.g.o/repo/${repo_name}.git
On 14.03.2015 23:25, Robin H. Johnson wrote:
> Trying to explain to a new user that the Portage tree refers to the
> collection of ebuilds used by a PMS-compliant package manager (eg
> Portage) is problematic.
Full ack. Let's limit "portage" to the piece of software, please.
> Questions: 0. Wha
On 26.03.2015 20:50, Marc Schiffbauer wrote:
> * Sebastian Pipping schrieb am 26.03.15 um 19:15 Uhr:
>> As of the momment, affected packages include:
> ^ Typo
Thanks. Fixed in my local copy. No need to re-paste, I believe.
Best,
Sebastian
On 27 March 2015 at 10:32, Andreas K. Huettel wrote:
> It would be great to logically separate ebuild repositories (main tree and
> overlays) somehow logically from code, data, ...
>
> How about adding an additional level "repo" for everything that contains
> ebuild trees?
>
> repo/gentoo
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
> Questions:
> 0. What names for the tree/repository.
> 1. We have some namespaces in Git: proj, dev, priv, data, sites, exp;
> should the tree be in one of those namespaces, a new namespace, or be
> without a namespace? git://anongit.gentoo.org/NEW-
Our bug queue has 101 bugs!
If you have some spare time, please help assign/sort a few bugs.
To view the bug queue, click here: http://bit.ly/m8PQS5
Thanks!
* Sebastian Pipping schrieb am 26.03.15 um 19:15 Uhr:
As of the momment, affected packages include:
^
Typo
--
0x35A64134 - 8AAC 5F46 83B4 DB70 8317
3723 296C 6CCA 35A6 4134
signature.asc
Description: Digital signature
On 26.03.2015 18:02, Michael Orlitzky wrote:
> The most important reason is missing =)
>
> If you are relying on the AddHandler behavior to execute
> secret_database_stuff.php.inc, then once the change is made, Apache will
> begin serving up your database credentials in plain text.
Good point.
On Thu, Mar 26, 2015 at 01:17:02PM -0400, Rich Freeman wrote:
> On Thu, Mar 26, 2015 at 12:51 PM, William Hubbs wrote:
> >
> > The other method is shown by dev-vcs/hub at least, and maybe several
> > other packages -- e.g. unconditionally installing the completions
> > according to our small files
On Thu, Mar 26, 2015 at 12:51 PM, William Hubbs wrote:
>
> The other method is shown by dev-vcs/hub at least, and maybe several
> other packages -- e.g. unconditionally installing the completions
> according to our small files installation practice and not reflecting
> the rdepend on app-shells/zs
x11-libs/libXaw3dXft is up for grabs, as the x11 team is not interested
in maintaining this package.
The only reverse dependency of this package is media-gfx/xpaint.
On 03/26/2015 12:56 PM, Sebastian Pipping wrote:
>
> Why this news entry?
>
The most important reason is missing =)
If you are relying on the AddHandler behavior to execute
secret_database_stuff.php.inc, then once the change is made, Apache will
begin serving up your database credentials in pla
Hi!
In context of
https://bugs.gentoo.org/show_bug.cgi?id=538822
mjo and agreed that a portage news item would be a good idea.
Please review my proposal below. Thank you!
Best,
Sebastian
===
Title: Apache AddHandler vulnerability
All,
I'm seeing at least two ways of handling zsh completion files in the
tree.
The first is in a package I maintain and several others in the tree --
using the zsh-completion use flag along with an rdepend on
app-shells/zsh behind the use flag. The package I maintain that does
this is www-client
# Bernard Cafarelli (26 Mar 2015)
# Dead upstreams, not working in some use cases,
# compatibility with current net-misc/nx not guaranteed,
# some bundle old binary Xorg code that may be vulnerable,
# modern alternative exist:
# net-misc/x2go{client,server} and proprietary NX 4 (bug #488334)
# Th
Hi!
As you can be noticed, Lua packages, just like Python, PHP or Ruby ones,
supports "slotted" behaviour (with some side notes).
As far as we have nice *_TARGETS for languages above (without standardised
naming syntax, although), we still do not have such for Lua.
Rafael's main argument is abou
19 matches
Mail list logo
