Re: Bug#695897: ITP: corekeeper -- Core file centralizer and reaper

These have been forcemerged. -- I pledge not to post to any systemd-related thread on -devel until (at least) 2013. -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive:

unsafe use of gpg

Hi, I recently looked at several packages using gpg to verify signatures and found ways to circumvent the signature check, see [1] for a few bug reports demonstrating this. [1] http://bugs.debian.org/cgi-bin/pkgreport.cgi?tag=gpg-clearsign;users=ans...@debian.org So far I have found two

Re: unsafe use of gpg

Ansgar Burchardt ans...@debian.org writes: I recently looked at several packages using gpg to verify signatures Thanks for your work! Please try to raise this upstream so that they can provide proper interfaces. Is /usr/bin/gpgv --quiet --keyring /etc/myprogram/trusted.gpg file file.sig chmod

Bug#695946: ITP: libbot-basicbot-pluggable-perl -- extended simple IRC bot for pluggable modules

Package: wnpp Severity: wishlist Owner: Jotam Jr. Trejo jota...@debian.org.sv * Package name: libbot-basicbot-pluggable-perl Version : 0.98 Upstream Author : Mario Domgoergen m...@cpan.org * URL : http://search.cpan.org/dist/Bot-BasicBot-Pluggable/ * License :

Bug#695950: ITP: libconfig-find-perl -- find configuration files in the native OS fashion

Package: wnpp Severity: wishlist Owner: Jotam Jr. Trejo jota...@debian.org.sv * Package name: libconfig-find-perl Version : 0.26 Upstream Author : Salvador Fandino sfand...@yahoo.com * URL : http://search.cpan.org/dist/Config-Find/ * License : Artistic

Bug#695951: ITP: liburi-title-perl -- get the titles of things on the web in a sensible way

Package: wnpp Severity: wishlist Owner: Jotam Jr. Trejo jota...@debian.org.sv * Package name: liburi-title-perl Version : 1.86 Upstream Author : Tom Insam t...@jerakeen.org * URL : http://search.cpan.org/dist/URI-Title/ * License : GPL-1+, Artistic

Bug#695953: ITP: liburi-find-simple-perl -- simple interface to URI::Find

Package: wnpp Severity: wishlist Owner: Jotam Jr. Trejo jota...@debian.org.sv * Package name: liburi-find-simple-perl Version : 1.03 Upstream Author : Tom Insam t...@jerakeen.org * URL : http://search.cpan.org/dist/URI-Find-Simple/ * License : Artistic, GPL-1+

Re: unsafe use of gpg

* Ansgar Burchardt ans...@debian.org [121214 16:18]: 2, Not asking gpg to verify signatures: I also found packages that call gpg in the form gpg $file and expect gpg to verify the signature on $file and output the signed data. Indeed it does so for *signed* files, but if you just give it

Re: unsafe use of gpg

[Timo Juhani Lindfors] Is /usr/bin/gpgv --quiet --keyring /etc/myprogram/trusted.gpg file file.sig chmod a+x file ./file still a safe way to ensure that only code signed by a key in trusted.gpg gets executed? From the manpage: Note that this adds a keyring to the current list. If

Re: unsafe use of gpg

Peter Samuelson pe...@p12n.org writes: Note that this adds a keyring to the current list. If the intent is to use the specified keyring alone, use --keyring along with --no-default-keyring. You probably read man gpg but gpgv is simpler: gpgv: Invalid option --no-default-keyring

Accepted glusterfs 3.4.0~qa5-1 (source amd64)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Fri, 14 Dec 2012 10:54:32 +0100 Source: glusterfs Binary: glusterfs-client glusterfs-server glusterfs-common glusterfs-dbg Architecture: source amd64 Version: 3.4.0~qa5-1 Distribution: experimental Urgency: low Maintainer: Patrick

Accepted otrs2 3.1.12+dfsg1-2 (source all)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Fri, 14 Dec 2012 11:10:19 +0100 Source: otrs2 Binary: otrs2 otrs Architecture: source all Version: 3.1.12+dfsg1-2 Distribution: experimental Urgency: low Maintainer: Patrick Matthäi pmatth...@debian.org Changed-By: Patrick Matthäi

Accepted cflow 1:1.4+dfsg1-2 (source i386)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Fri, 14 Dec 2012 10:41:13 +0100 Source: cflow Binary: cflow Architecture: source i386 Version: 1:1.4+dfsg1-2 Distribution: unstable Urgency: high Maintainer: Serafeim Zanikolas s...@debian.org Changed-By: Serafeim Zanikolas

Accepted dnsmasq 2.65-1 (source i386 all)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Fri, 14 Dec 2012 11:34:12 + Source: dnsmasq Binary: dnsmasq dnsmasq-base dnsmasq-utils Architecture: source i386 all Version: 2.65-1 Distribution: unstable Urgency: low Maintainer: Simon Kelley si...@thekelleys.org.uk Changed-By:

Accepted tarantool 1.4.8+20121214-1 (source all amd64)

libtarantoolsql1 libtarantoolsql1-dbg libtarantoolrpl1 libtarantoolrpl1-dbg Architecture: source all amd64 Version: 1.4.8+20121214-1 Distribution: unstable Urgency: low Maintainer: Dmitry E. Oboukhov un...@debian.org Changed-By: Dmitry E. Oboukhov un...@debian.org Description: libtarantool-dev

Accepted base-files 7.1 (source amd64)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Fri, 14 Dec 2012 13:55:36 +0100 Source: base-files Binary: base-files Architecture: source amd64 Version: 7.1 Distribution: unstable Urgency: low Maintainer: Santiago Vila sanv...@debian.org Changed-By: Santiago Vila

Accepted nwchem 6.1-5 (source amd64 all)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Fri, 14 Dec 2012 14:44:22 +0100 Source: nwchem Binary: nwchem nwchem-data Architecture: source amd64 all Version: 6.1-5 Distribution: unstable Urgency: low Maintainer: Michael Banck mba...@debian.org Changed-By: Michael Banck

Accepted flashplugin-nonfree 1:3.2 (source amd64)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Thu, 13 Dec 2012 17:45:13 + Source: flashplugin-nonfree Binary: flashplugin-nonfree Architecture: source amd64 Version: 1:3.2 Distribution: unstable Urgency: low Maintainer: Bart Martens ba...@debian.org Changed-By: Bart

Accepted elki 0.5.5-1 (source all)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Fri, 14 Dec 2012 20:45:15 +0100 Source: elki Binary: elki Architecture: source all Version: 0.5.5-1 Distribution: unstable Urgency: low Maintainer: Erich Schubert er...@debian.org Changed-By: Erich Schubert er...@debian.org

Accepted jabref 2.9+ds-1 (source all)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Fri, 14 Dec 2012 21:06:39 +0100 Source: jabref Binary: jabref jabref-plugin-oo Architecture: source all Version: 2.9+ds-1 Distribution: experimental Urgency: low Maintainer: gregor herrmann gre...@debian.org Changed-By: gregor

Accepted lightproof 1.5+git20121123-1 (source all)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Fri, 14 Dec 2012 21:12:46 +0100 Source: lightproof Binary: libreoffice-lightproof-en libreoffice-lightproof-hu libreoffice-lightproof-ru-ru Architecture: source all Version: 1.5+git20121123-1 Distribution: experimental Urgency:

Accepted lintian4python 0.11 (source all)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Fri, 14 Dec 2012 22:42:09 +0100 Source: lintian4python Binary: lintian4python Architecture: source all Version: 0.11 Distribution: experimental Urgency: low Maintainer: Jakub Wilk jw...@debian.org Changed-By: Jakub Wilk

Accepted vxi 0.0.20121206-1 (source amd64)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Tue, 11 Dec 2012 15:08:07 +0100 Source: vxi Binary: vxi-dev libvxiclient0 Architecture: source amd64 Version: 0.0.20121206-1 Distribution: unstable Urgency: low Maintainer: Simon Richter s...@debian.org Changed-By: Simon Richter

Accepted ruby-distribution 0.7.0+dfsg-1 (source all)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Tue, 11 Dec 2012 17:29:33 +0100 Source: ruby-distribution Binary: ruby-distribution Architecture: source all Version: 0.7.0+dfsg-1 Distribution: unstable Urgency: low Maintainer: Debian Ruby Extras Maintainers

Accepted libmialm 1.0.6-1 (source amd64)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Wed, 28 Nov 2012 18:17:34 +0100 Source: libmialm Binary: libmialm-dev libmialm2 Architecture: source amd64 Version: 1.0.6-1 Distribution: unstable Urgency: low Maintainer: Debian Med Packaging Team

Accepted libzapojit 0.0.2-1 (source all amd64)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Sun, 24 Jun 2012 18:37:32 -0400 Source: libzapojit Binary: libzapojit-0.0-0 libzapojit-dev libzapojit-doc gir1.2-zpj-0.0 Architecture: source all amd64 Version: 0.0.2-1 Distribution: unstable Urgency: low Maintainer: Debian GNOME

Accepted oce 0.11-1 (source amd64)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Wed, 12 Dec 2012 22:02:12 +0100 Source: oce Binary: liboce-foundation5 liboce-modeling5 liboce-visualization5 liboce-ocaf-lite5 liboce-ocaf5 oce-draw liboce-foundation-dev liboce-modeling-dev liboce-ocaf-lite-dev liboce-ocaf-dev

Accepted python-defaults 2.7.3-10 (source all amd64)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Wed, 12 Dec 2012 00:25:00 +0100 Source: python-defaults Binary: python python-minimal python-examples python-dev libpython-dev idle python-doc python-dbg libpython-dbg python-all python-all-dev python-all-dbg Architecture: source

Accepted ruby-mysql2 0.3.11-1 (source amd64)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Thu, 01 Nov 2012 12:05:27 +0100 Source: ruby-mysql2 Binary: ruby-mysql2 Architecture: source amd64 Version: 0.3.11-1 Distribution: unstable Urgency: low Maintainer: Debian Ruby Extras Maintainers

Accepted live-images 4.0~a1-1 (source all)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Thu, 13 Dec 2012 17:19:31 +0100 Source: live-images Binary: live-image-all live-image-gnome-desktop live-image-kde-desktop live-image-lxde-desktop live-image-rescue live-image-standard live-image-xfce-desktop Architecture: source

Accepted refdb 0.9.9-2 (source amd64 all)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Thu, 13 Dec 2012 15:42:11 +0100 Source: refdb Binary: refdb-clients refdb-server refdb-www refdb-doc Architecture: source amd64 all Version: 0.9.9-2 Distribution: unstable Urgency: low Maintainer: Debian XML/SGML Group

Accepted perl-cross-debian 0.0.1 (source all)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Sun, 25 Nov 2012 14:53:59 + Source: perl-cross-debian Binary: perl-cross-debian Architecture: source all Version: 0.0.1 Distribution: experimental Urgency: low Maintainer: Neil Williams codeh...@debian.org Changed-By: Neil

Accepted ruby-minimization 0.2.1-1 (source all)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Mon, 10 Dec 2012 08:04:54 +0100 Source: ruby-minimization Binary: ruby-minimization Architecture: source all Version: 0.2.1-1 Distribution: unstable Urgency: low Maintainer: Debian Ruby Extras Maintainers

Accepted epiphany-browser 3.6.1-2 (source all amd64)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Wed, 12 Dec 2012 18:43:55 +0100 Source: epiphany-browser Binary: epiphany-browser epiphany-browser-data epiphany-browser-dev epiphany-browser-dbg gir1.2-epiphany-3.6 Architecture: source all amd64 Version: 3.6.1-2 Distribution:

Accepted undistract-me 0.1.0+bzr10-1 (source all)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Tue, 11 Dec 2012 16:10:56 -0800 Source: undistract-me Binary: undistract-me Architecture: source all Version: 0.1.0+bzr10-1 Distribution: unstable Urgency: low Maintainer: Clint Byrum spam...@debian.org Changed-By: Clint Byrum

Accepted openstack-pkg-tools 1 (source all)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Fri, 16 Nov 2012 14:29:41 + Source: openstack-pkg-tools Binary: openstack-pkg-tools Architecture: source all Version: 1 Distribution: experimental Urgency: low Maintainer: PKG OpenStack openstack-de...@lists.alioth.debian.org

Accepted pybit 0.4.0-1 (source all)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Fri, 14 Dec 2012 12:28:50 + Source: pybit Binary: pybit-svn pybit-client pybit-web pybit-common pybit-watcher Architecture: source all Version: 0.4.0-1 Distribution: experimental Urgency: low Maintainer: Neil Williams

Accepted ucommon 6.0.2-1 (source all amd64)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Tue, 11 Dec 2012 14:33:33 +0100 Source: ucommon Binary: libucommon-dev libucommon6-dbg libucommon6 ucommon-utils ucommon-doc Architecture: source all amd64 Version: 6.0.2-1 Distribution: experimental Urgency: low Maintainer: Jonas