Bastian Blank pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1af9fffd by Bastian Blank at 2023-02-20T14:17:56+01:00
Reserve DLA-3326-1 for isc-dhcp
- - - - -
1 changed file:
- data/DLA/list
Changes:
=
data/DLA/list
Control: tag -1 wontfix
On Sat, Feb 18, 2023 at 05:54:31PM +, Witold Baryluk wrote:
> e1000 emulation is a default in qemu. It would be nice to have available
> in a cloud kernel. While most of the time one will use virtio, or some
> other cloud specific driver, for troubleshooting images,
Control: tag -1 wontfix
On Sat, Feb 18, 2023 at 05:54:31PM +, Witold Baryluk wrote:
> e1000 emulation is a default in qemu. It would be nice to have available
> in a cloud kernel. While most of the time one will use virtio, or some
> other cloud specific driver, for troubleshooting images,
On Thu, Feb 16, 2023 at 06:14:53PM +0100, Bastian Blank wrote:
> On Thu, Feb 16, 2023 at 01:23:41PM +0100, Bastian Blank wrote:
> > Okay, 4TB it is. We can always grow if we need to.
> Setup complete. IP is 2600:1f13:fb2:f400:6b1e:beae:ebbc:c6a
Some remarks:
Please always communica
On Thu, Feb 16, 2023 at 01:23:41PM +0100, Bastian Blank wrote:
> Okay, 4TB it is. We can always grow if we need to.
Setup complete. IP is 2600:1f13:fb2:f400:6b1e:beae:ebbc:c6a
Regards,
Bastian
--
Knowledge, sir, should be free to all!
-- Harry Mudd, "I, Mudd", stardate 4513.3
Hi
On Wed, Feb 15, 2023 at 02:47:00PM +0100, Julien Cristau wrote:
> On Wed, Feb 15, 2023 at 02:16:08PM +0100, Bastian Blank wrote:
> > On Mon, Feb 13, 2023 at 10:12:01AM +0100, Bastian Blank wrote:
> > > - One dedicated /56 per region for all DSA stuff
> > > - One i
Hi
On Mon, Feb 13, 2023 at 10:12:01AM +0100, Bastian Blank wrote:
> - One dedicated /56 per region for all DSA stuff
> - One instance, m6g.2xlarge, arm64, Debian 12 (also possible is Debian
> 11)
> - One dedicated data volume with ext4, on instance creation mounted on
> /s
Hi
On Wed, Feb 08, 2023 at 09:26:55PM -0800, Ross Vandegrift wrote:
> Okay, great. We're going to go ahead and work on deploying this.
> Here's what we're going to deploy, please let us know if anything sounds
> wrong:
This is now
On Sat, Feb 11, 2023 at 11:59:16AM +0100, Julien Cristau wrote:
> On Wed, Feb 08, 2023 at 09:26:55PM -0800, Ross Vandegrift wrote:
> > Do you have a list of hosts that should be permitted ssh access?
> Can we (DSA) control the cloud-side firewall? If not then we'll
> probably want it open to the
Hi
On Thu, Feb 09, 2023 at 03:16:15PM -0500, Theodore Ts'o wrote:
> Right, but if the conflict in e2fsprogs-udeb prevents the installer
> from pulling in an overly new version of e2fsprogs-udeb, that woul be
> sufficient, no?
No, it does not. Conflicts have undefined behaviour for udebs.
Hi
On Thu, Feb 09, 2023 at 03:16:15PM -0500, Theodore Ts'o wrote:
> Right, but if the conflict in e2fsprogs-udeb prevents the installer
> from pulling in an overly new version of e2fsprogs-udeb, that woul be
> sufficient, no?
No, it does not. Conflicts have undefined behaviour for udebs.
Hi
On Thu, Feb 09, 2023 at 03:16:15PM -0500, Theodore Ts'o wrote:
> Right, but if the conflict in e2fsprogs-udeb prevents the installer
> from pulling in an overly new version of e2fsprogs-udeb, that woul be
> sufficient, no?
No, it does not. Conflicts have undefined behaviour for udebs.
On Wed, Feb 08, 2023 at 09:26:55PM -0800, Ross Vandegrift wrote:
> - 8 cpu arm64, 16G of RAM (in AWS-speak: c6g.2xlarge)
My thought was on m6g.2xlarge. With a more useful amount of ram (32
GB). While rsync is CPU intensive, it needs a lot of cache.
Bastian
--
Military secrets are the most
Hi Gioele
On Mon, Feb 06, 2023 at 12:31:07PM +0100, Gioele Barabucci wrote:
> On 06/02/23 12:14, Bastian Blank wrote:
> > Can you please show the error you got from the upload?
> A -2 version will be REJECTed by mentors.d.n if version -1 is still being
> processed:
I'm interested
Hi Gioele
On Mon, Feb 06, 2023 at 11:27:03AM +0100, Gioele Barabucci wrote:
> Currently dinstall is run only once every 6 hours. This means that many
> operations are blocked for a long time. For instance uploading a -2 version
> after a package has cleared the NEW queue.
Can you please show the
Package: ca-certificates-java
Version: 20230103
Severity: serious
ca-certificates-java fails to install with all dependencies fullfilled:
| Setting up ca-certificates-java (20230103) ...
| Exception in thread "main" java.lang.InternalError: Error loading
java.security file
| at
Package: ca-certificates-java
Version: 20230103
Severity: serious
ca-certificates-java fails to install with all dependencies fullfilled:
| Setting up ca-certificates-java (20230103) ...
| Exception in thread "main" java.lang.InternalError: Error loading
java.security file
| at
Package: ca-certificates-java
Version: 20230103
Severity: serious
ca-certificates-java fails to install with all dependencies fullfilled:
| Setting up ca-certificates-java (20230103) ...
| Exception in thread "main" java.lang.InternalError: Error loading
java.security file
| at
Hi Julien
On Thu, Mar 17, 2022 at 12:03:18PM +0100, Julien Cristau wrote:
> Would it be possible to work with the cloud team to stand up appropriate
> accounts and so on on one of the cloud infras Debian has a relationship
> with? I don't have a whole lot of knowledge of this space so will
>
Hi folks
You are receiving this e-mail, because you have somewhat used IAM
users to access Debian AWS accounts.
The cloud team intents to deprecate the use of IAM users for accessing
the (new) Debian AWS accounts. In the future, logins to those AWS
accounts will be done via a Debian IdP
On Thu, Jan 19, 2023 at 10:32:04AM +0100, Andreas Beckmann wrote:
> > But it should not cause the kernel package install/upgrade to fail.
> > And that does seem in dkms' control afaict.
> We must not silently create an unbootable system.
Please stop failing the installation. I will NMU that in a
On Thu, Jan 19, 2023 at 10:32:04AM +0100, Andreas Beckmann wrote:
> > But it should not cause the kernel package install/upgrade to fail.
> > And that does seem in dkms' control afaict.
> We must not silently create an unbootable system.
Please stop failing the installation. I will NMU that in a
Hi Cyril
On Wed, Jan 18, 2023 at 03:28:25PM +0100, Cyril Brulebois wrote:
> While working on extending firmware support, I've stumbled upon floppy
> support in various components. Even if the maintenance costs are low, I
> suppose this could go away nowadays?
It can completely go in the
Control: reassign -1 dkms - breaks kernel installation
Control: severity -1 grave
On Tue, Jan 17, 2023 at 09:36:26AM +0100, Stefano Simonucci wrote:
> Package: src:linux
> Version: 6.0.12-1
> Severity: critical
> Justification: breaks the whole system
No, it does not. The kernel is the system
Control: reassign -1 dkms - breaks kernel installation
Control: severity -1 grave
On Tue, Jan 17, 2023 at 09:36:26AM +0100, Stefano Simonucci wrote:
> Package: src:linux
> Version: 6.0.12-1
> Severity: critical
> Justification: breaks the whole system
No, it does not. The kernel is the system
Control: reassign -1 dkms - breaks kernel installation
Control: severity -1 grave
On Tue, Jan 17, 2023 at 09:36:26AM +0100, Stefano Simonucci wrote:
> Package: src:linux
> Version: 6.0.12-1
> Severity: critical
> Justification: breaks the whole system
No, it does not. The kernel is the system
On Tue, Jan 17, 2023 at 08:13:33AM +0100, Christian Herzog wrote:
> update: we were told by upstream that there is a known instability between lvm
> and udev-generated symlinks and a devices file should be used instead. So
> that's what we're going to do.
I think I actually know what the problem
On Sun, Jan 15, 2023 at 02:35:06AM +0100, Ángel wrote:
> I would change that to:
Please don't. If we change the distribution default for
net.ipv4.ping_group_range, then ping should refrain from ever trying to
check for it and never make the executable privileged.
Bastian
--
There is a
Hi
On Thu, Jan 12, 2023 at 03:18:55PM +0100, Christian Herzog wrote:
>on our storage servers, we employ LVM filters to hide data partitions
>from the OS (since they're iSCSI exported to the frontend
>fileserver). With bookworm, lvm does not activate the root VG when
>filters are
is a minimal backport of the lifetime setup code.
commit b13dea6dba9bd095840f8d3e12370f140ade8201
Author: Bastian Blank
Date: Mon Jan 9 09:15:10 2023 +
Backport missing IPv6 address lifetime handling
See merge request debian/isc-dhcp!7
diff --git a/debian/changelog b/debian/changelog
is a minimal backport of the lifetime setup code.
commit b13dea6dba9bd095840f8d3e12370f140ade8201
Author: Bastian Blank
Date: Mon Jan 9 09:15:10 2023 +
Backport missing IPv6 address lifetime handling
See merge request debian/isc-dhcp!7
diff --git a/debian/changelog b/debian/changelog
On Thu, Jan 05, 2023 at 12:26:09PM +0100, Paul Gevers wrote:
> Once accepted,
> the proposed workflow should also become documented in Debian policy.
As this is no technical policy, this belongs into the developers
reference.
However,
On Thu, Jan 05, 2023 at 12:26:09PM +0100, Paul Gevers wrote:
> Once accepted,
> the proposed workflow should also become documented in Debian policy.
As this is no technical policy, this belongs into the developers
reference.
However,
Hi
On Tue, Dec 27, 2022 at 04:46:31PM -0800, Michael Peddemors via mailop wrote:
> From:ph...@vzwpix.com
> ^^^ Borked, no padding space after from
Where in RFC 5322 does it require that space?
| from= "From:" mailbox-list CRLF
| mailbox-list= (mailbox *("," mailbox))
|
On Sat, Dec 24, 2022 at 11:44:49AM +0200, Jonathan Carter wrote:
> Will the archive team be moving those over? Is it up to firmware packagers
> to re-upload it to the correct component?
AFAIK this requires a re-upload. However, does the installer properly
include it yet? I need to check that.
On Sat, Dec 24, 2022 at 11:44:49AM +0200, Jonathan Carter wrote:
> Will the archive team be moving those over? Is it up to firmware packagers
> to re-upload it to the correct component?
AFAIK this requires a re-upload. However, does the installer properly
include it yet? I need to check that.
Control: severity -1 serious
Moin
This bug breaks any DHCPv6 use, as it never resets the lifetime of
existing addresses on rebind. This makes it not really useful for IPv6,
depending on settings of outside control. Let's set the severity
correctly as broken or mostly so.
Not completely
On Tue, Dec 20, 2022 at 12:04:40PM +0100, Valentin Kleibel wrote:
> I kindly ask you to restore the init scripts removed in the commit "Remove
> remaining unused init scripts". [1]
> I can report that they both are still in use and work fine except for bug
> #989345 [2] which has a patch
On Fri, Dec 16, 2022 at 03:48:00PM -0800, Ross Vandegrift wrote:
> - from firewalld:
> sysinit.target < dbus.service < firewalld.service < network-pre.target
> - from cloud-init:
> cloud-init-local.service < network-pre.target <
> systemd-networkd-wait-online.service < cloud-init.service <
On Wed, Dec 14, 2022 at 10:16:22PM +0100, Tomasz Rybak wrote:
> I suspect this is some left-over from my times as delegate.
> Probably someone restored/changed configuration and I'm
> receiving those emails again.
> Anyways - can someone (don't know whether current delegates,
> or SPI) unsubscribe
On Thu, Dec 08, 2022 at 11:12:28AM +0100, Thomas Goirand wrote:
> However, our image doesn't have secure boot support by default if I'm not
> mistaking.
Why do you think? We install grub-efi-amd64-signed, so we have a signed
boot loader and kernel.
Bastian
--
Peace was the way.
Package: cloud-initramfs-growroot
Version: 0.18.debian10
Severity: grave
Installation of new kernel now silently fails:
| Setting up linux-image-6.0.0-5-cloud-arm64 (6.0.10-2) ...
| /etc/kernel/postinst.d/initramfs-tools:
| update-initramfs: Generating /boot/initrd.img-6.0.0-5-cloud-arm64
| W:
Package: cloud-initramfs-growroot
Version: 0.18.debian10
Severity: grave
Installation of new kernel now silently fails:
| Setting up linux-image-6.0.0-5-cloud-arm64 (6.0.10-2) ...
| /etc/kernel/postinst.d/initramfs-tools:
| update-initramfs: Generating /boot/initrd.img-6.0.0-5-cloud-arm64
| W:
Package: cloud-initramfs-growroot
Version: 0.18.debian10
Severity: grave
Installation of new kernel now silently fails:
| Setting up linux-image-6.0.0-5-cloud-arm64 (6.0.10-2) ...
| /etc/kernel/postinst.d/initramfs-tools:
| update-initramfs: Generating /boot/initrd.img-6.0.0-5-cloud-arm64
| W:
Hi
Our documented, I think, policy is, that we don't support loading new
modules into an old kernel within the same ABI. This forces a reboot
after kernel installation.
However in a lot of cases this just worked. You could update the kernel
package and continue loading most modules.
Now we
On Thu, Dec 08, 2022 at 11:35:43AM +0100, Jan Kowalsky wrote:
> So: please set a default again which is reasonable for laptops and
> workstations. We always recommend debian for desktops to our customers.
> But if many things are not really suitable for Desktops people will
> avoid debian.
The
On Thu, Dec 08, 2022 at 11:35:43AM +0100, Jan Kowalsky wrote:
> So: please set a default again which is reasonable for laptops and
> workstations. We always recommend debian for desktops to our customers.
> But if many things are not really suitable for Desktops people will
> avoid debian.
The
Control: forcemerge 1023450 -1
On Fri, Dec 02, 2022 at 05:35:06AM -0700, Dan Nicholson wrote:
> The bullseye-backports 6.0.3 kernel contains an ext4 bug that causes
> the filesystem to become corrupted after resizing the filesystem. See
> https://www.spinics.net/lists/linux-ext4/msg85795.html for
Control: forcemerge 1023450 -1
On Fri, Dec 02, 2022 at 05:35:06AM -0700, Dan Nicholson wrote:
> The bullseye-backports 6.0.3 kernel contains an ext4 bug that causes
> the filesystem to become corrupted after resizing the filesystem. See
> https://www.spinics.net/lists/linux-ext4/msg85795.html for
On Mon, Nov 28, 2022 at 09:02:01AM -0800, Noah Meyerhans wrote:
> I understand that there's other software that may want to take direct
> dependencies on the C libraries, but as I don't see any of that being
> actively worked on in terms of packages that'll be ready for inclusion
> in bookworm, I
Hi Luca
On Sun, Nov 06, 2022 at 02:14:54PM +, Luca Boccassi wrote:
> On Tue, 2022-11-01 at 21:29 +0100, Bastian Blank wrote:
> > ## Goals
> >
> > - Setup complete boot entries from packaged and generated files
> > - Support dumb file systems for /boot by d
Hi Jörg
On Mon, Nov 07, 2022 at 11:40:46AM +0100, Jörg Behrmann wrote:
> On Tue, Nov 01, 2022 at 09:29:07PM +0100, Bastian Blank wrote:
> > ## Prior works
> >
> > [..]
> > - systemd install-kernel: only BLS as target, which nothing used by
> > default in Debia
Hi Souradeep
On Tue, Nov 22, 2022 at 07:44:11AM +, Souradeep Chakrabarti wrote:
> Is there any work around for the time being?
Yes, you replace /sbin/dhclient-script with the file
client/scripts/linux out of the isc-dhcp source.
Bastian
--
Bastian Blank
Berater
Telefon: +49 2166 9901-
--
Bastian Blank
Berater
Telefon: +49 2166 9901-194
E-Mail: bastian.bl...@credativ.de
credativ GmbH, HRB Mönchengladbach 12080, USt-ID-Nummer: DE204566209
Trompeterallee 108, 41189 Mönchengladbach
Geschäftsführung: Dr. Michael Meskes, James Mark McGowan
Unser Umgang mit personenbezogenen Daten unterliegt
On Thu, Nov 10, 2022 at 02:56:17PM +0100, Frédéric Bonnard wrote:
> I don't think this is related to the image itself.
> I just installed debian testing on a physical host, formatting manually
> with a 1G / and 3G free behind (installer was based on kernel 6.0 too) .
> I booted the machine, then :
On Thu, Nov 10, 2022 at 03:37:16AM +0100, Christoph Anton Mitterer wrote:
> l 6.0.0-3-amd64/build 6.0.0-3-amd64/source
> lrwxrwxrwx 1 calestyo calestyo 36 Nov 5 14:41 6.0.0-3-amd64/build ->
> /usr/src/linux-headers-6.0.0-3-amd64
> lrwxrwxrwx 1 calestyo calestyo 37 Nov 5 14:41
On Thu, Nov 10, 2022 at 03:37:16AM +0100, Christoph Anton Mitterer wrote:
> l 6.0.0-3-amd64/build 6.0.0-3-amd64/source
> lrwxrwxrwx 1 calestyo calestyo 36 Nov 5 14:41 6.0.0-3-amd64/build ->
> /usr/src/linux-headers-6.0.0-3-amd64
> lrwxrwxrwx 1 calestyo calestyo 37 Nov 5 14:41
Rejected by private request of maintainer
===
Please feel free to respond to this email if you don't understand why
your files were rejected, or if you upload new files which address our
concerns.
Rejected by private request of maintainer
===
Please feel free to respond to this email if you don't understand why
your files were rejected, or if you upload new files which address our
concerns.
Control: reassign -1 linux/6.0-1~exp1
Control: forcemerge 1023450 -1
On Fri, Nov 04, 2022 at 02:04:05PM +0100, Sven Bartscher wrote:
> [ 163.701342] EXT4-fs (sda1): resizing filesystem from 491515 to 4161531
> blocks
> [ 163.870631] EXT4-fs (sda1): resized filesystem to 4161531
> [ 163.914439]
Control: reassign -1 linux/6.0-1~exp1
Control: forcemerge 1023450 -1
On Fri, Nov 04, 2022 at 02:04:05PM +0100, Sven Bartscher wrote:
> [ 163.701342] EXT4-fs (sda1): resizing filesystem from 491515 to 4161531
> blocks
> [ 163.870631] EXT4-fs (sda1): resized filesystem to 4161531
> [ 163.914439]
Control: reassign -1 linux/6.0-1~exp1
On Mon, Nov 07, 2022 at 01:44:01PM -0500, Theodore Ts'o wrote:
> On Fri, Nov 04, 2022 at 01:17:35PM +0100, Bastian Blank wrote:
> Yes, this is a kernel bug. It's fixed in upstream commit 9a8c5b0d0615
> ("ext4: update the backup superbloc
Package: azure-cli
Version: 2.42.0-1
Severity: serious
Simple VM operations, like start, fail with ModuleNotFoundError. So some
dependencies are incorrect.
| % az vm start -h
| The command failed with an unexpected error. Here is the traceback:
| No module named
Package: azure-cli
Version: 2.42.0-1
Severity: serious
Simple VM operations, like start, fail with ModuleNotFoundError. So some
dependencies are incorrect.
| % az vm start -h
| The command failed with an unexpected error. Here is the traceback:
| No module named
On Fri, Nov 04, 2022 at 09:08:22AM -0700, Noah Meyerhans wrote:
> > Are you sure this library can have a 1 as ABI? Can you please reproduce
> > the ABI stability promisses?
> Allegedly upstream has recently committed to proper SONAME and ABI
> management in support of efforts to get these
On Fri, Nov 04, 2022 at 09:08:22AM -0700, Noah Meyerhans wrote:
> > Are you sure this library can have a 1 as ABI? Can you please reproduce
> > the ABI stability promisses?
> Allegedly upstream has recently committed to proper SONAME and ABI
> management in support of efforts to get these
Package: e2fsprogs
Version: 1.46.6~rc1-1+b1
Severity: important
While doing an online resize on lnux 6.0.5, the kernel considers the
filesystem broken:
| root@localhost:~# growpart /dev/sda 1
| CHANGED: partition=1 start=262144 old: size=3932127 end=4194270 new:
size=33292255 end=33554398
|
On Fri, Nov 04, 2022 at 10:14:23AM +0100, Bastian Blank wrote:
> Maybe running fsck before shipping the image will make it work better.
> Currently we rely on the kernel of the build system to provide us with a
> clean file system.
fsck is not seeing any problem with that filesystem.
Hi
On Thu, Oct 20, 2022 at 03:33:53PM +0200, Frédéric Bonnard wrote:
> I test the cloud images from unstable and since 2 days, the tests fail
> to resize the qcow2 files :
> example using
> https://cloud.debian.org/images/cloud/sid/daily/latest/debian-sid-nocloud-amd64-daily.qcow2
> :
Thanks
On Tue, Oct 05, 2021 at 11:10:43PM -0600, Ross Vandegrift wrote:
> My first pass only produces -dev packages with headers and static libraries.
> To test them out, build the debian/sid branch from these repos, in this order:
> - https://salsa.debian.org/rvandegrift/aws-c-common
Are you sure this
On Tue, Oct 05, 2021 at 11:10:43PM -0600, Ross Vandegrift wrote:
> My first pass only produces -dev packages with headers and static libraries.
> To test them out, build the debian/sid branch from these repos, in this order:
> - https://salsa.debian.org/rvandegrift/aws-c-common
Are you sure this
On Thu, Nov 03, 2022 at 10:59:22AM -0500, Brian Knight via mailop wrote:
> I'm seeing DNS issues this morning connecting to sbl.spamhaus.org.
>
> This morning, my Postfix server was rejecting all incoming emails as spam.
> Found that the A record for sbl.spamhaus.org is gone, replaced with SOA
Hi Souradeep
On Thu, Nov 03, 2022 at 08:53:38AM +0100, Bastian Blank wrote:
> > Now if we change the date to 100 days, and do a restart of networking
> > service,
> > we can see ipv6 global address has got deprecated.
> > root@ipv6vm4:/var/lib/dhcp# date --set "202
0.20221102.1187 and
also the earlier 0.20220911.1135.
> > - Is the current stable Debian affected?
You missed that one.
Regards,
Bastian
--
Bastian Blank
Berater
Telefon: +49 2166 9901-194
E-Mail: bastian.bl...@credativ.de
credativ GmbH, HRB Mönchengladbach 12080, USt-ID-Nummer: DE204
Control: tags -1 moreinfo
Hi souradeep
Please provide us with a bit more information:
- What is the environment you are running in?
- How to actually test this problem?
- What does the log show?
- Is the current stable Debian affected?
Regards,
Bastian
--
Bastian Blank
Berater
Telefon: +49
[Cc Ben as he gave feedback to the last iteration, Luca as he wanted
something actionable]
Hi folks
As I abondened the last try and also learned some new things in the
meantime, I'd like to discuss another try at re-organizing how Debian
does boot loaders and initramfs. This mail mostly tries
On Sat, Oct 29, 2022 at 12:31:18AM +0200, Christoph Anton Mitterer wrote:
> Is this going to be backported to bullseye?
First is needs to settle a bit.
But as you can see, in the past we did produce backports:
| firmware-nonfree | 20210818-1~bpo11+1 | bullseye-backports/non-free | source
On Sat, Oct 29, 2022 at 12:31:18AM +0200, Christoph Anton Mitterer wrote:
> Is this going to be backported to bullseye?
First is needs to settle a bit.
But as you can see, in the past we did produce backports:
| firmware-nonfree | 20210818-1~bpo11+1 | bullseye-backports/non-free | source
Hi Dominiki
On Tue, Oct 25, 2022 at 10:58:51PM +0200, Dominik George wrote:
> I am facing a strange issue here, where I cannot resolve a virtual
> alias with the local part support@.
Please follow the instructions in
https://www.postfix.org/DEBUG_README.html#mail.
Bastian
--
Earth -- mother
On Sat, Oct 22, 2022 at 11:15:05AM +0200, Bastian Blank wrote:
> On Sat, Oct 22, 2022 at 10:59:30AM +0200, Bastian Blank wrote:
> > I would like to do some last minute changes to the linux package
> # Drop special case use of rcX as abi name
>
> While having the ability to
On Sat, Oct 22, 2022 at 10:59:30AM +0200, Bastian Blank wrote:
> I would like to do some last minute changes to the linux package
# Drop special case use of rcX as abi name
While having the ability to distiguish between different RC, it changes
the package names every time.
Bastian
--
E
Hi
I would like to do some last minute changes to the linux package
# Use pristine-lfs
Currently we don't have any way of storing orig tars. I would like to
change that and default to pristine-lfs for that, so we can setup the
build tree without manual work.
# Don't longer list stable changes
On Tue, Oct 18, 2022 at 07:25:39AM -0700, Russ Allbery wrote:
> This is probably my security brain from my day job, but I would prefer to
> be able to drop permissions that I'm not currently using, as long as I can
> get them back easily. It reduces the blast radius of mistakes and
> compromises.
On Tue, Oct 18, 2022 at 11:20:10AM +0200, Joerg Jaspert wrote:
> Am 2022-10-18 04:52, schrieb Paul Wise:
> > > Salsa should be there for git (related) things.
> > > NOT as an identity/login provider for Debian
Please formally retract the agreement that was forged two years ago
then. I properly
On Sun, Oct 16, 2022 at 07:22:28PM +0200, Enrico Zini wrote:
> I'm posting this to debian-devel as an early heads-up and a call for
> other maintainers. If nobody steps in my the end of October, I'll post a
> proper sunset announce to debian-devel-announce.
Everyone coming up with solutions,
On Sun, Oct 09, 2022 at 09:41:29AM +0200, Johannes Schauer Marin Rodrigues
wrote:
> This breaks a number of setups like:
>
> - the sbuild autopkgtest
>https://salsa.debian.org/debian/sbuild/-/jobs/3353627/raw
> - the dropbear autopkgtest
>
>
On Mon, Aug 29, 2022 at 10:52:07PM +0200, Holger Levsen wrote:
> So probably it would be better to either remove the file or write
> "uninitialized"
> into it... or support both via commandline flags :)
Actually debootstrap must write it as _empty_, to avoid running into
first boot setup.[1]
Package: mmdebstrap
Version: 1.2.1-2
Severity: serious
mmdebstrap writed "uninitialized" to /etc/machine-id. This triggers
first boot semantic[1], so makes the boot wait for input.
Please write an empty file if you are not equipped to handle first boot
questions.
Bastian
[1]:
On Mon, Aug 29, 2022 at 10:52:07PM +0200, Holger Levsen wrote:
> So probably it would be better to either remove the file or write
> "uninitialized"
> into it... or support both via commandline flags :)
Actually debootstrap must write it as _empty_, to avoid running into
first boot setup.[1]
Package: mmdebstrap
Version: 1.2.1-2
Severity: serious
mmdebstrap writed "uninitialized" to /etc/machine-id. This triggers
first boot semantic[1], so makes the boot wait for input.
Please write an empty file if you are not equipped to handle first boot
questions.
Bastian
[1]:
[Removed OP]
On Tue, Oct 04, 2022 at 02:46:14PM +0200, Bastian Blank wrote:
> This is no bug. The EFI runtime services are explicitly disabled. The
> reason is:
> You can enable it by adding "efi=runtime" to the kernel command line.
I think we should enable that by def
[Removed OP]
On Tue, Oct 04, 2022 at 02:46:14PM +0200, Bastian Blank wrote:
> This is no bug. The EFI runtime services are explicitly disabled. The
> reason is:
> You can enable it by adding "efi=runtime" to the kernel command line.
I think we should enable that by def
On Tue, Oct 04, 2022 at 11:46:39AM +0200, niek nooijens wrote:
> when Using the normal linux-image 5.10.0-18 I can use efibootmgr to change
> boot variables and /sys/firmware/efi/efivars is populated.
> when using the real-time variant efibootmgr and efivar report "efi variables
> are not
On Tue, Oct 04, 2022 at 11:46:39AM +0200, niek nooijens wrote:
> when Using the normal linux-image 5.10.0-18 I can use efibootmgr to change
> boot variables and /sys/firmware/efi/efivars is populated.
> when using the real-time variant efibootmgr and efivar report "efi variables
> are not
Hi
On Tue, Oct 04, 2022 at 09:43:30AM +0200, Raphael Hertzog wrote:
> Le lundi 29 août 2022, Bastian Blank a écrit :
> > On Sun, Aug 28, 2022 at 12:38:21PM +0200, Raphaël Hertzog wrote:
> > > Please re-add the import statement. There's a merge request lying around
&g
Package: calibre
Version: 6.6.1+dfsg-2
Severity: important
Tags: ipv6
The embedded only listens on 0.0.0.0, aka AF_INET, aka IPv4. This makes
the content server quite unusable in the current internet, where IPv4
connectivity gets sparingly, either by CG-NAT used by the provider or by
IPv6-only
On Sat, Oct 01, 2022 at 09:32:49PM +, Eddie Rowe wrote:
> > You should have at least an RSA certificate (2048-bit key, not more), and
> > only
> I do not recall seeing this on the PostFix web site that discusses TLS
> settings as I struggle to setup TLS with our existing wildcard
On Sat, Oct 01, 2022 at 09:29:10PM +0200, Ben Hutchings wrote:
> In buster, the metapackages are still built from linux-latest. This
> has a fake build-dependency on linux-headers--all to ensure it
> waits for linux to be built, but it doesn't have any such relation to
> linux-signed-*.
Ah,
On Sat, Oct 01, 2022 at 09:29:10PM +0200, Ben Hutchings wrote:
> In buster, the metapackages are still built from linux-latest. This
> has a fake build-dependency on linux-headers--all to ensure it
> waits for linux to be built, but it doesn't have any such relation to
> linux-signed-*.
Ah,
On Sat, Oct 01, 2022 at 06:45:03AM +, Debian Bug Tracking System wrote:
> This will resolve itself automatically once the signed packages are
> available as well (they are in progress of beeing dealt with but needs
> a manual interaction of ftp-masters).
Looks like we need to backport the
501 - 600 of 14573 matches
Mail list logo
