I've read a lot about the binary incompatibility concern between
Debian and Ubuntu. I have an idea, but I don't have the skill to
implement it myself. I figured it would be useful to throw it out
there for you all to scrutinize, determine the implementation
feasibility, and perhaps run with.
Hello,
I was recently browsing the web on a windows box and realized that
over the last 4 years, I had forgotten how nice it is to be able
browse back/forward with a single button click. So I set about
enabling this functionality on my Debian box. I found this gentoo doc
On 3/12/06, David Nusinow wrote:
Please note that the usual way to do this is by
filing a wishlist bug against the package, and I'd appreciate it if you use
this mechanism so I can keep track of it easily.
ok, will do. i didn't think that this discussion fit nicely under a
single package. i
Hello,
I've noticed that most issues tracked on the release-critical bug
tracker [1] are actually already fixed in unstable. This is leading
to the perception there are an enormous number of unfixed
release-critical issues for lenny (298 currently). And it makes it
harder to figure out which
for the bug severity
command and control authority [5] on my part). Where do we go from
here to make sure the issue gets the appropriate level of thought and
consideration that it deserves (after lenny gets released of course)?
Best wishes,
Michael Gilbert
[1] http://lists.debian.org/debian-release
)?
Best wishes,
Michael Gilbert
[1] http://lists.debian.org/debian-release/2008/11/msg00106.html
[2] http://bugs.debian.org/449497
[3] http://bugs.debian.org/503813
[4] http://bugs.debian.org/503814
[5] http://lists.debian.org/debian-ctte/2008/10/msg6.html
P.S. Please CC me on any responses since
I appologize for the double post. Please disregard the first message,
which was send mid-thought due to an errant click.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Package: wnpp
Severity: wishlist
Owner: Michael Gilbert [EMAIL PROTECTED]
* Package name: steam-powered
Version : 6
Upstream Author : Michael Gilbert
* URL : no website
* License : GPL
Programming Lang: shell
Description : Valve's steam game content
On Wed, 26 Jan 2011 14:47:52 +0100, Goswin von Brederlow wrote:
Thijs Kinkhorst th...@debian.org writes:
* Issues in specific packages
We further discussed some specific problematic packages. One example is
ia32-libs, which is difficult because it includes 100+ other source
packages.
On Mon, 31 Jan 2011 15:25:11 +0100, Max Kellermann wrote:
Hi,
I'm the upstream maintainer of the Music Player Daemon project, and
receive a number of support requests / bug reports from Debian users
who use the outdated version 0.15.12 of mpd, currently in testing.
These bugs were already
On Sun, 13 Feb 2011 23:52:22 +0100 Christoph Anton Mitterer wrote:
On Sun, 2011-02-13 at 23:21 +0100, Patrick Matthäi wrote:
since we have got a stable release with dkms now, I am asking myself, if
it is still necessary to support module-assistant.
dkms is IMHO the better system and
On Mon, 21 Feb 2011 18:55:13 +0100, Florian Weimer wrote:
* Joerg Jaspert:
I additionally opened a bug with apt to add support for SHA512SUM, so
we can start using them. As soon as that is possible I intend to drop
SHA256 and end up with SHA1/SHA512 only.
Please don't. I have more
On Mon, Feb 21, 2011 at 3:05 PM, Joerg Jaspert wrote:
On 12398 March 1977, Joey Hess wrote:
until today our Release files included 3 Hashes for all their entries:
MD5SUM, SHA1, SHA256. I just modified the code to no longer include
MD5SUM in *all* newly generated Release files.
When will that
On Sat, 26 Feb 2011 17:52:02 +0200 Dmitry Baryshev wrote:
Hello guys.
I've filed a bug on reportbug, but its maintainer ignores it, and continues
to close it without any troubleshooting or debug. I did a simple
troubleshooting by myself, but maintainer ignored it and closed the bug
again.
Hello world,
I am pleased to announce the very first unofficial Debian monthly
testing snapshot release candidate (version 2011.03rc1). This release is
currently available in two flavors, i386 and amd64, as mini iso images
(16 MiB each) downloadable from:
Hi all,
I am pleased to announce the very first unofficial Debian monthly
testing snapshot release (version 2011.03). It is currently available
in two flavors as mini iso images (for i386 and amd64 at 16 MiB each)
downloadable from:
Hi,
I am pleased to announce the unofficial Debian monthly testing snapshot
release candidate for April 2011. This release is currently available
in two flavors, i386 and amd64, as mini iso images (16 MiB each)
downloadable from:
On Sun, Apr 3, 2011 at 2:31 PM, Harald Dunkel wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi Ben,
On 03/31/11 15:22, Ben Hutchings wrote:
On Thu, 2011-03-31 at 10:59 +0200, Harald Dunkel wrote:
[...]
Of course I understand that this is highly complex. Maybe it would help to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi all,
I am pleased to announce the unofficial Debian monthly testing snapshot
release for April 2011 (version 2011.04). This release is currently
available in two flavors, i386 and amd64, as mini iso images (16 MiB
each) downloadable from:
Scott Kitterman wrote:
I noticed that this is still listed at http://wiki.debian.org/ReleaseGoals.
Obviously that was a Squeeze goal. The equivalent goal for Wheezy should be
python2.7 as default and python2.5 and python2.6 removed.
Is it out of the question to target python3.x as the
Scott Kitterman wrote:
On Wednesday, April 13, 2011 09:22:44 AM Barry Warsaw wrote:
On Apr 11, 2011, at 07:22 PM, Scott Kitterman wrote:
Hopefully it will gain additional sanity before approval (the authors did
improve it based on comments I sent them it could still be better). The
Piotr Ożarowski wrote:
[Michael Gilbert, 2011-04-13]
Can't that be solved in the release notes when that happens? Something
like:
python3 is now the default /usr/bin/python, so if you have existing
python2 scripts you will need to make sure to use /usr/bin/python2
Raphael Hertzog wrote:
If the release team is open to try this out, I'm volunteering
to help implement this (i.e. at the very least managing transitions
while the rest of the release team is concentrated on patch review for
finalizing the stable release). I'am also happy to invest some effort
Stefano Zacchiroli wrote:
On Fri, Apr 29, 2011 at 06:50:04PM -0400, Michael Gilbert wrote:
Look at the welcoming new contributors GR; what did that actually
accomplish? There isn't anything new to show for it, there are no new
means to bring contributors in, and the number of new people
Patrick Strasser wrote:
schrieb Josselin Mouette am 2011-05-03 17:22:
Le mardi 03 mai 2011 à 15:56 +0200, Patrick Strasser a écrit :
Congratulations, you have added yet another bug on the pile that no one
ever reads, since there are no real maintainers for poppler.
Now that's really
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi all,
I am pleased to announce the unofficial Debian monthly testing snapshot
release for May 2011 (version 2011.05). This release is currently
available in two flavors, i386 and amd64, as mini iso images (16 MiB
each) downloadable from:
Enrico Zini wrote:
On Fri, May 06, 2011 at 02:04:20PM -0400, Michael Gilbert wrote:
It wasn't the GR itself. It was the fact that these changes to the NM
process were actually made. I suppose it is arguable that those changes
simply would not have happened without the GR
On Tue, 15 Sep 2009 13:46:31 +0530, Kartik Mistry wrote:
On Tue, Sep 15, 2009 at 1:39 PM, Petter Reinholdtsen wrote:
Especially the 'what did you expect' is important, as it often make it
possible to differentiate between software bugs, documentation bugs
and plan simple user expectation
On Fri, 18 Sep 2009 19:06:21 +0300, Tom Feiner wrote:
Philipp Kern wrote:
On 2009-09-18, Tom Feiner wrote:
Looks like this method works well for clamav-data and other similar
packages
which needs to update databases frequently on stable/oldstable.
clamav-data is scheduled for
On Wed, 14 Oct 2009 21:34:28 +0200, Adam Borowski wrote:
On Wed, Oct 14, 2009 at 07:27:07PM +, Florian Weimer wrote:
I could just put up a site with CC porn, then. Aren't we supposed
not to discriminate against fields of endeavour?
A software which requires access to non-free
On Wed, 14 Oct 2009 21:48:19 +0200, Mehdi Dogguy wrote:
Florian Weimer a écrit :
A software which requires access to non-free documents over the
network to work at all shouldn't go into main. It seems that gnaughty
is currently in that category.
rtm (from awn-applets-python-extras)
On Wed, 14 Oct 2009 22:27:25 +0200, Yves-Alexis Perez wrote:
On mer, 2009-10-14 at 16:23 -0400, Michael Gilbert wrote:
the key litmus test is: does the application depend solely on non-free
information to function properly. these google applications fail
this test because the licensing
On Wed, 14 Oct 2009 16:57:19 -0400, James Vega wrote:
On Wed, Oct 14, 2009 at 4:43 PM, Michael Gilbert
michael.s.gilb...@gmail.com wrote:
On Wed, 14 Oct 2009 22:27:25 +0200, Yves-Alexis Perez wrote:
On mer, 2009-10-14 at 16:23 -0400, Michael Gilbert wrote:
the key litmus test is: does
On Wed, 14 Oct 2009 17:13:10 -0400, Michael Gilbert wrote:
On Wed, 14 Oct 2009 16:57:19 -0400, James Vega wrote:
On Wed, Oct 14, 2009 at 4:43 PM, Michael Gilbert
michael.s.gilb...@gmail.com wrote:
On Wed, 14 Oct 2009 22:27:25 +0200, Yves-Alexis Perez wrote:
On mer, 2009-10-14 at 16:23
On Wed, 14 Oct 2009 23:28:14 +0200, Mike Hommey wrote:
On Wed, Oct 14, 2009 at 05:18:33PM -0400, Michael Gilbert wrote:
On Wed, 14 Oct 2009 17:13:10 -0400, Michael Gilbert wrote:
On Wed, 14 Oct 2009 16:57:19 -0400, James Vega wrote:
On Wed, Oct 14, 2009 at 4:43 PM, Michael Gilbert
On Mon, 19 Oct 2009 10:02:59 +0800 Paul Wise wrote:
On Mon, Oct 19, 2009 at 8:43 AM, Michael S Gilbert
michael.s.gilb...@gmail.com wrote:
Let me know if this is OK, and whether there is anything else I should
be aware of.
Excellent, please go ahead.
See also the lintian warning (you
On Mon, 19 Oct 2009 10:52:18 -0500, Gunnar Wolf wrote:
Michael S Gilbert dijo [Sun, Oct 18, 2009 at 08:43:35PM -0400]:
Hi,
The prototypejs script has been found to be vulnerable to a couple
security issues [0],[1]. This script is embedded in about 32 other
packages and I would like to
On Mon, 26 Oct 2009 14:04:06 -0500, Adam Majer wrote:
On Sun, Oct 18, 2009 at 08:43:35PM -0400, Michael S Gilbert wrote:
Here are the affected source packages:
- rails unfixed (embed)
~$ apt-file list rails | grep prototype.js
rails:
On 11/9/09, John Goerzen wrote:
Here are some sites/apps that break, at least in part, because of our
API claiming to be Iceweasel:
Zimbra admin console
BlackBoard (used by thousands of universities)
http://browserplus.yahoo.com/ (claims the browser isn't supported)
On Mon, 07 Dec 2009 08:56:07 +0100, Stefan Hornburg (Racke) wrote:
Michael Gilbert wrote:
Package: courier-authlib
Severity: grave
Tags: security
Hi,
The following CVE (Common Vulnerabilities Exposures) id was
published for libtool. I have determined that this package embeds
On Tue, 8 Dec 2009 03:13:06 +1100, Steffen Joeris wrote:
The following CVE (Common Vulnerabilities Exposures) id was
published for libtool. I have determined that this package embeds a
vulnerable copy of the libtool source code. However, since this is a
mass bug filing (due to
On Tue, 15 Dec 2009 23:50:43 +0900, Charles Plessy wrote:
Dear all,
while reviewing an Ubuntu package that we are considering to submit to the NEW
queue for inclusion in Debian, I found a copy of source files from the
‘minizip’ package, that was not mentionned in debian/copyright.
[...]
The
On Wed, 6 Jan 2010 11:01:01 +0800 Paul Wise wrote:
On Wed, Jan 6, 2010 at 9:20 AM, Kees Cook k...@debian.org wrote:
There is a maintained (by RedHat) patch for dealing with PIE. I already
maintain a delta for this in Ubuntu, but as you can see in the gdb bug,
the gdb maintainer doesn't
On Tue, 26 Jan 2010 13:33:32 +0100, Stefano Zacchiroli wrote:
All in all (and unless I've missed something), the choice seems to be
relatively self contained. We would just need to promote to standard
python-support and python-apt. For reference, on amd64 the total
installed-size of the 2 is
On Sat, 30 Jan 2010 22:58:20 + Jon Dowland wrote:
Hi folks,
I need to run a command as the superuser inside
game-data-packager (gdp). Up until now, I've been
hardcoding a sudo invocation and depending on sudo.
maybe packaging isn't the best solution to the underlying problem?
wouldn't
On Tue, 16 Feb 2010 18:23:39 +0100 Jean-Christophe Dubacq wrote:
On 16/02/2010 17:04, Antonin Kral wrote:
Hi all,
I am looking for some advise / opinions. I am working with guys from
MongoDB project to get stable package in Debian. We have currently
version 1.3.1 in unstable, this is
On Tue, 16 Feb 2010 12:52:34 -0500 Michael Gilbert wrote:
On Tue, 16 Feb 2010 18:23:39 +0100 Jean-Christophe Dubacq wrote:
On 16/02/2010 17:04, Antonin Kral wrote:
Hi all,
I am looking for some advise / opinions. I am working with guys from
MongoDB project to get stable package
On 2/16/10, Sven Joachim wrote:
On 2010-02-16 18:55 +0100, Michael Gilbert wrote:
all of these seem like rather complicated solutions. wouldn't it be a
bit simpler to ask for removal from both testing and unstable, then once
that happens, upload the old (known stable) version of the package
On Wed, 03 Mar 2010 21:58:11 +0100, Frank Lin PIAT wrote:
On Tue, 2010-03-02 at 18:21 -0800, Russ Allbery wrote:
Wouter Verhelst wou...@debian.org writes:
Or is it useful to be able to say if it doesn't check out, it's
certainly corrupt, and if it does check out, it may be corrupt?
On Sat, 06 Mar 2010 19:29:22 -0800 Jamie Morken wrote:
so including compressed package source code would have a very minor impact on
the overall file size of the debian release.
you can achieve your goal by burning the isos and having them on hand.
or you can create less physical waste by loop
Does anyone know who maintains source.debian.net? It's a really great
service, but its been down for about a month now. I would like to
to make sure they're aware of the problem. Thanks.
Best wishes,
Mike
--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of
On Tue, 23 Mar 2010 13:04:04 -0500, Moffett, Kyle D wrote:
[Note: I'm not authorized to speak on behalf of my employer, but this
represents (to the best of my knowledge) our current plans and goals]
Please maintain the CC list, all of us here at eXMeritus are interested in
comments and
On Sun, 6 Jun 2010 12:28:27 +1000 Erik de Castro Lopo wrote:
Hi All,
Did anyone see this paper:
A Look In the Mirror: Attacks on Package Managers
http://www.cs.arizona.edu/~jhh/papers/ccs08.pdf
It suggests that anyone who has control of a mirror can cause client
machines to
On Mon, 28 Jun 2010 13:54:28 +0200 Mike Hommey wrote:
On Mon, Jun 28, 2010 at 05:36:11AM -0600, Aaron Toponce wrote:
Ah yes, Iceape. Their releases are so few and far between, this could
possibly mean that we won't see Iceweasel 3.6 or Icedove 3.1 for some
time, correct? Upstream Seamonkey
On Tue, 29 Jun 2010 11:57:20 +0200, Adam Borowski wrote:
On Tue, Jun 29, 2010 at 02:57:32AM -0400, Michael Gilbert wrote:
and engage in poor supportability/secuirity practices (using embedded
code copies instead of system libraries) [0]. This path is
unnacceptable for Debian.
In my
On Tue, 29 Jun 2010 09:37:46 +0200, Mike Hommey wrote:
On Tue, Jun 29, 2010 at 02:57:32AM -0400, Michael Gilbert wrote:
Mozilla actively makes it hard to stay up to date
(by providing as little information as possible in their advisories);
webkit (for the most part except for Apple
On Tue, 29 Jun 2010 17:39:57 +0200, Mike Hommey wrote:
On Tue, Jun 29, 2010 at 11:35:28AM -0400, Michael Gilbert wrote:
On Tue, 29 Jun 2010 09:37:46 +0200, Mike Hommey wrote:
On Tue, Jun 29, 2010 at 02:57:32AM -0400, Michael Gilbert wrote:
Mozilla actively makes it hard to stay up
On Tue, 29 Jun 2010 17:29:20 +0200, Mike Hommey wrote:
On Tue, Jun 29, 2010 at 11:24:00AM -0400, Michael Gilbert wrote:
No, my proposal is to move the package to a better home: backports.
Same question as for Md with volatile:
apt-cache rdepends xulrunner-1.9.1 libmozjs2d libwebkit-1.0-2
On Tue, 29 Jun 2010 11:03:19 +0200, Josselin Mouette wrote:
Le mardi 29 juin 2010 à 02:57 -0400, Michael Gilbert a écrit :
Losing mozilla wouldn't be that significant of an loss since there
are plenty of other good options nowadays (webkit, konquerer, chromium,
etc.), which wasn't the case
On Tue, 29 Jun 2010 18:31:09 +0200, Mike Hommey wrote:
On Tue, Jun 29, 2010 at 12:06:04PM -0400, Michael Gilbert wrote:
On Tue, 29 Jun 2010 17:29:20 +0200, Mike Hommey wrote:
On Tue, Jun 29, 2010 at 11:24:00AM -0400, Michael Gilbert wrote:
No, my proposal is to move the package
On Tue, 29 Jun 2010 12:35:19 -0400, Joey Hess wrote:
Mike Hommey wrote:
On Tue, Jun 29, 2010 at 11:51:47AM -0400, Michael Gilbert wrote:
The point I was trying to make in that paragraph is that there are two
browser codebases (webkit and mozilla) that need to be supported, which
could
On Tue, 29 Jun 2010 20:58:11 +0200, Alexander Reichle-Schmehl wrote:
Hi!
Am 29.06.2010 17:24, schrieb Michael Gilbert:
No, my proposal is to move the package to a better home: backports.
You don't know the current policies WRT packages in backports and about
their reasoning, do you?
I
On Tue, 29 Jun 2010 22:25:06 +0200, Gerfried Fuchs wrote:
Hi!
* Michael Gilbert michael.s.gilb...@gmail.com [2010-06-29 21:50:31 CEST]:
On Tue, 29 Jun 2010 20:58:11 +0200, Alexander Reichle-Schmehl wrote:
Am 29.06.2010 17:24, schrieb Michael Gilbert:
No, my proposal
, is a recent trend that I really
don't understand.
Amen.
On Tue, Jun 29, 2010 at 01:34:46PM -0400, Michael Gilbert wrote:
I really hope I haven't come across this way. It was certainly not
my intention. Like I said in my first post to this discussion, I think
a debate on the merit
On Tue, 29 Jun 2010 17:07:27 -0400 Michael Gilbert wrote:
Hopefully restating clearly this time: my proposal is to no longer
distribute mozilla packages in the main stable repository; instead they
can be maintained in backports (or volatile) at the choosing of the
maintainers of those packages
On Wed, 30 Jun 2010 09:08:36 +0200 Mike Hommey wrote:
Disadvantages of maintaining the status quo:
- part way through the release, security support will end and many
users won't even notice (unless they're subscribed to
debian-security); leaving a lot of the Debian user base
On Thu, 22 Jul 2010 15:30:36 +0100, Steve McIntyre wrote:
On Thu, Jul 22, 2010 at 04:25:34PM +0200, Alexander Reichle-Schmehl wrote:
Hi!
Am 22.07.2010 09:21, schrieb Josselin Mouette:
I think with our next release, we will have got less users. Why?
We stripped out all binary only
On Mon, 26 Jul 2010 12:49:00 +0100, Ian Jackson wrote:
Brian May writes (Re: How to make Debian more attractive for users, was: Re:
The number of popcon.debian.org-submissions is falling):
I would really like to see a HTML/HTTP browser based interface for the
BTS. I would have several
On Mon, 26 Jul 2010 17:05:19 +0100, Russell Gadd wrote:
I spotted this topic in Debian Project News. I am a non-technical Debian
user (Lenny AMD 64 bit) - I have tried Ubuntu a couple of times but came
back to Debian because of its stability. The main problem I have is lack of
up to date
On Fri, 13 Aug 2010 09:58:07 -0700, Russ Allbery wrote:
Raphael Hertzog hert...@debian.org writes:
As suggested by Ian on -devel (see attachment), it would be nice to have
a way to remove files during unpack of a source package to hide non-free
files from our users without stripping them
On Tue, 7 Sep 2010 21:56:21 +0200, Sebastian Harl wrote:
Hi,
On Tue, Sep 07, 2010 at 12:46:12PM -0700, Don Armstrong wrote:
An alternative solution is to just have reportbug mail the backport
bug reporting mailing list, and have people bounce messages as
appropriate to the BTS.
Imho,
On Tue, 7 Sep 2010 22:27:47 +0200, Sebastian Harl wrote:
Hi,
On Tue, Sep 07, 2010 at 04:18:48PM -0400, Michael Gilbert wrote:
On Tue, 7 Sep 2010 21:56:21 +0200, Sebastian Harl wrote:
On Tue, Sep 07, 2010 at 12:46:12PM -0700, Don Armstrong wrote:
An alternative solution is to just have
On Tue, 7 Sep 2010 13:48:09 -0700, Steve Langasek wrote:
On Tue, Sep 07, 2010 at 04:18:48PM -0400, Michael Gilbert wrote:
Doing a quick look at the backports mailing list archive, there are less
than 10 bugs reported per month on average. That is for hundreds of
packages. Doing some fuzzy
On Tue, 7 Sep 2010 15:03:56 -0700 Steve Langasek wrote:
On Tue, Sep 07, 2010 at 05:13:14PM -0400, Michael Gilbert wrote:
Backports has now been declared officially supported by the project
as a whole. That made it the collective responsibility of all
Debian Developers whether
On Thu, 23 Sep 2010 14:30:30 +0200, Raphael Hertzog wrote:
Personally I would like to have snapshots every 2 or 3 months. Colin
Watson pointed out in an LWN comment (http://lwn.net/Articles/406597/):
| There's a good chance that CUT could serve a dual purpose of making it
| easier to prepare
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi all,
I am pleased to announce the unofficial Debian monthly testing snapshot
release for June 2011 (version 2011.06). This release is currently
available in two flavors, i386 and amd64, as mini iso images (16 MiB
each) downloadable from:
On Thu, 16 Jun 2011 19:43:17 -0400 Stephen Allen wrote:
On Sun, Jun 12, 2011 at 06:06:04PM -0400, Michael Gilbert wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi all,
I am pleased to announce the unofficial Debian monthly testing snapshot
release for June 2011 (version
Moritz Mühlenhoff wrote:
Do people think this is relevant and are willing to work on providing
one of the images? If so, we could arrange a BoF at DebConf.
Moritz,
I just want to say that I think its an awesome idea. I'm not at
debconf, but I may try to find time to help if something gets
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi all,
I am pleased to announce the unofficial Debian monthly testing snapshot
release for August 2011 (version 2011.08). This release is currently
available in two flavors (i386 and amd64) as mini iso images downloadable
from:
Michael Gilbert wrote:
To upgrade from a previous snapshot, change the existing snapshot entries
in your /etc/apt/sources.list to:
deb http://snapshot.debian.org/archive/debian/20110430T092551Z wheezy main
deb-src http://snapshot.debian.org/archive/debian/20110430T092551Z wheezy main
On Mon, 5 Sep 2011 19:42:30 +0200 Moritz Mühlenhoff wrote:
Raphael Hertzog hert...@debian.org schrieb:
Hello,
we're not very far from having hardening build flags set by default by
dpkg-buildflags (waiting on some documentation update that Kees should
take care of).
Thanks!
I
Moritz Mühlenhoff wrote:
If you're interested, just respond and start creating the release goal
wiki page:
http://wiki.debian.org/ReleaseGoals
I'm in, but it'll take a few days until I'll be able to work on the wiki
page.
For anyone interested in contributing, I've just started the
On Tue, 13 Sep 2011 15:38:29 -0700 Kees Cook wrote:
Hi,
I would like to propose a release goal of enabling hardening build flags[1]
for all C/C++ packages in the archive[2].
I think all C/C++ packages is an impossibility in the wheezy
timeframe, and we should be honest about that.
On Tue, 13 Sep 2011 15:38:29 -0700 Kees Cook wrote:
[1] http://wiki.debian.org/Hardening
It looks like we're duplicating wiki work. The page I created
yesterday is much more comprehensive and detailed right now:
http://wiki.debian.org/ReleaseGoals/SecurityHardeningBuildFlags
Best wishes,
Mike
Bernhard R. Link wrote:
* Tollef Fog Heen tfh...@err.no [110924 16:16]:
I find reviewing what's changed between two arbitrary versions in git
much easier than doing the same with debian source packages, so I think
it's pretty clear this is a matter of preference.
But if it is some other
Bernhard R. Link wrote:
* Michael Gilbert michael.s.gilb...@gmail.com [110924 20:24]:
Bernhard R. Link wrote:
* Tollef Fog Heen tfh...@err.no [110924 16:16]:
I find reviewing what's changed between two arbitrary versions in git
much easier than doing the same with debian source
berta...@ptitcanardnoir.org wrote:
On Fri, Sep 23, 2011 at 11:53:36AM +0200, Marco d'Itri wrote:
On Sep 23, Raphael Hertzog hert...@debian.org wrote:
Two hardening features are not enabled by default: PIE and bindnow.
Why?
I guess because they have more impact on performance than
Paul Wise wrote:
On Sun, Sep 25, 2011 at 5:11 AM, Michael Gilbert wrote:
I think it would be better to enable all security-enhancing flags by
default (at least all of the included ones so far, which are fairly
well-tested). Yes, these two do have a larger potential to reduce
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi all,
I am pleased to announce the unofficial Debian monthly testing snapshot
release for October 2011 (version 2011.10). This release is currently
available for i386 and amd64 as iso images downloadable from:
Correct gpg signature this time:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi all,
I am pleased to announce the unofficial Debian monthly testing snapshot
release for October 2011 (version 2011.10). This release is currently
available for i386 and amd64 as iso images downloadable from:
On Sat, Oct 22, 2011 at 5:46 PM, Matthias Klose wrote:
Two hardening features are not enabled by default: PIE and bindnow.
If your package supports PIE, you might want to consider enabling it.
You should not blindly enable PIE, even if the package seems to support it.
PIE
can have
On Wed, Oct 26, 2011 at 1:08 PM, Raphael Hertzog wrote:
Hi,
On Sun, 23 Oct 2011, Paul Wise wrote:
One of the other problems with embedded JavaScript libraries is that
often only the pre-compiled/obfuscated/minified version is
distributed, which would be a violation of DFSG item 2.
I did
On Wed, Oct 26, 2011 at 6:29 PM, Zygmunt Krynicki wrote:
If anything, having one version of a javascript library *hurts*
Debian-as-a-platform. I would encourage a different approach altogether:
explicit mutli-versioning (ideally for all upstream releases or for all
upstream releases that are
On Wed, Oct 26, 2011 at 6:55 PM, Zygmunt Krynicki wrote:
Is there anyone that would like to mentor me for a while to help me get
started? I'm quite interested in solving this problem.
You can certainly work on anything in Debian (including this) and
present your work to mentors [0] and/or the
On Sun, Nov 20, 2011 at 7:01 PM, peter green wrote:
Or he can repackage 14.xxx as 15.xxx.1 but then other
packages depending on 14 etc. will get the version wrong and the
numbering will be misleading.
It's possible to use a version number like 15.xxx+really14.xxx but it's ugly
to say the
On Wed, Nov 23, 2011 at 7:12 PM, wrote:
YP == Yves-Alexis Perez writes:
YP I'm not sure telling people to use --no-sandbox without telling them
YP what they lose is a good idea. Sandboxing is here for a reason.
I find the no-sandbox label sufficiently descriptive, but for
completeness sake,
On Wed, Nov 23, 2011 at 7:43 PM, Michael Gilbert wrote:
On Wed, Nov 23, 2011 at 7:12 PM, wrote:
YP == Yves-Alexis Perez writes:
YP I'm not sure telling people to use --no-sandbox without telling them
YP what they lose is a good idea. Sandboxing is here for a reason.
I find the no-sandbox
On Mon, Nov 28, 2011 at 5:41 PM, Alexander Wirt wrote:
The question is: who decides? I have a bunch of packages and an established
workflow that served me well over the last years. I don't want to learn
another *censored* system, just because someone said its the new standard or
it is better.
On Mon, Nov 28, 2011 at 7:32 PM, Russ Allbery wrote:
Michael Gilbert writes:
On Mon, Nov 28, 2011 at 5:41 PM, Alexander Wirt wrote:
The question is: who decides? I have a bunch of packages and an
established workflow that served me well over the last years. I don't
want to learn another
On Fri, Dec 2, 2011 at 3:41 PM, Cyril Brulebois wrote:
BTW, what ever happened to the Constantly Usable Trolling effort?
Trolling: http://catb.org/jargon/html/T/troll.html
I see some “Call for Testing” from time to time, but what happens next?
Use it: http://cut.debian.net
The calls for
1 - 100 of 1119 matches
Mail list logo