Re: orphaning most (of my) packages
Quoting Kyle McMartin ([EMAIL PROTECTED]): > On Thu, Aug 22, 2002 at 11:57:39AM +0200, Robert van der Meulen wrote: > > Too late :/ > > > Has kernel-patch-int been adopted? As one of the upstream authors I > would be glad to take it over. I have agreed with Ivo ([EMAIL PROTECTED]), that he can take over the package. If you're interested - or more suitable, or whatever :) - you should discuss things with him; I Cc'd him on this message. Greets, Robert -- ( o> Linux Generation pgpK8VEXqAKLR.pgp Description: PGP signature
Re: orphaning most (of my) packages
Quoting Thorsten Sauter ([EMAIL PROTECTED]): > > libphp-adodb (a php database abstraction layer, required for 'acidlab') > > I'll like to adopte the libphp-adodb package from you. Too late :/ Greets, Robert -- ( o> Linux Generation pgpJU3s4BF443.pgp Description: PGP signature
Re: orphaning most (of my) packages
Quoting Mako Hill ([EMAIL PROTECTED]): > > razor ('needed' by spamasassin; needs updating) > > I've check out the bug list and the package and I'd like to take this > on unless some more qualified wants it. Taken - sorry ! :) Greets, Robert -- ( o> Linux Generation pgpRxLKmXujIV.pgp Description: PGP signature
Re: orphaning most (of my) packages
Quoting Ivo Timmermans ([EMAIL PROTECTED]): > I would like to take over your ITP for cryptoapi. If noone else wants > it, I can take kernel-patch-int too. As discussed yesterday night; they're yours. Greets, Robert -- ( o> Linux Generation
Re: orphaning most (of my) packages
Quoting Peter Palfrader ([EMAIL PROTECTED]): > Please retitle them to RFP (request for package) rather than closing > them if you still think they'ld make a worthwhile addition to Debian. Thanks, good point :) Greets, Robert -- ( o> Linux Generation pgp4T6dYieG6z.pgp Description: PGP signature
orphaning most (of my) packages
Hi, I'm going to orphan most of my packages. Before I upload them with Maintainer: set to QA, i'd like people to look at them and see if they want anything :) Some of the - less intensive - packages I'm keeping, the others I can't keep on maintaining due to several reasons (bought a house, plan to be busy with that, busy time at work, social stuff). Please contact me if you want to take anything; most of them will be first-come, first-serve. Orphaning: kernel-patch-2.2.18-openwall (needs updating to more recent kernel, and general maintenance) libphp-adodb (a php database abstraction layer, required for 'acidlab') lvm-common (this should go to the new lvm maintainer, I think. Cc to him for this reason) razor ('needed' by spamasassin; needs updating) xonix-jahu (ancient game) kernel-patch-int (should be superseded by cryptoapi; i can't find the time). Then there's some ITP's i (enthousiastically) did; i'm going to be closing them too. Interested people can upload and close at will, if they're faster than me: ricochet, loop-aes, cryptoapi, ipsec-tunnel. Greets, Robert -- ( o> Linux Generation pgpC7VWxy1vys.pgp Description: PGP signature
Re: Spamassassin 2.11 and razor 1.20
Quoting Joey Hess ([EMAIL PROTECTED]): > Duncan Findlay wrote: > > Is there any way of keeping razor out of woody until spamassassin 2.2 can be > > uploaded? (I could file an RC bug, but is there a better solution?) > > You could simply make spamassassin conflict with the razor it doesn't > work for, and somehow get it into woody first. Or coordinate with the > razor author and get it to conflict with the versions of spamassassin it > breaks. A couple of days should be just about enough ? Is this a valid reason to use urgency=high on the next spamasassin upload ? Greets, Robert -- ( o> Linux Generation
Re: spamasassin/razor (do not upgrade)
Quoting Craig Dickson ([EMAIL PROTECTED]): > So, since you neglected to supply the version numbers of the faulty > packages, I am unsure whether you're referring to an upload that didn't > make it into Sid today, or to razor 1.20-1. Should we all downgrade to > razor 1.19-1, or is that one okay? (It seems to be working, but you also > didn't tell us what the bad package's symptoms are, so I can't evaluate > this with certainty either.) Sorry, i was referring to 1.20-1 indeed. > I'm glad you take the effort to package these things for us. I use them > and appreciate them. But your problem report is so lacking in > information that it's basically useless. I only package razor, i can't take credit for spamasassin :) Greets, Robert -- ( o> Linux Generation 'How to Raise Your I.Q. by Eating Gifted Children' pgpfXq6oS0Rx0.pgp Description: PGP signature
Re: spamasassin/razor (do not upgrade)
Quoting Robert van der Meulen ([EMAIL PROTECTED]): > Please don't upgrade spamasassin/razor today, as it, ehm, doesn't work. Damn. Ok. I don't know how to use a mailer. Sorry for the reply in the thread, I intended to post a *new* message. I'll get some sleep now. Greets, Robert -- ( o> Linux Generation
spamasassin/razor (do not upgrade)
Hi, Please don't upgrade spamasassin/razor today, as it, ehm, doesn't work. I made a boo-boo in yesterday's upload, which basically f*cks it up. A new upload will follow later today, adressing these issues. I'm posting this here as the tendency is growing to blindly file bugs, without looking at the BTS first, so i'm hoping this saves some people some annoyances, and some bug-filing :) If you're using spamasassin *without* the razor checking, you can disregard this message, if you don't know if you're using razor checking (or don't know what the f*ck razor is), please don't. Greets, Robert -- ( o> Linux Generation
Re: XFree 4.2.0 - again
Quoting Joey Hess ([EMAIL PROTECTED]): > Xdm doesn't work, but that's the only breakage I've run into. I'm taking a pretty wild guess that you need X because of a bright shiny new card that's only supported by 4.2 ? I ran into the same problem with a new radeon card, and solved it the same, with one exception: I used the X server included in the gatos [1] ati.2 driver package. This seems not to be a radeon-specific server, but it _is_ 4.2, and works fine with the xfree86.org binaries; furthermore it does support the authentication mechanism that's missing from the xfree86.org binaries (which breaks xdm and others). I'm currently running a rockstable X with xv and DRI support, on a xinerama dualhead 19" (3200x1200) desktop, and haven't experienced any X-related crashes yet (knocks wood). Greets, Robert -- ( o> Linux Generation
Re: ITP: arp-fun -- ARP Spoofing utility
Quoting Jerome Petazzoni ([EMAIL PROTECTED]): > I'll consolidate this opinion : last time I really NEEDED dsniff's arpspoof, > it did not work. I don't know why ; maybe it was because my host had many > eth. interfaces, some of them with "redundant" routes and other crap ; but > arpspoof died immediately with a not-very-explicit error message. debugging > with strace first, gdb then, did not yield interesting results, so I gave > up. I would have been VERY PLEASED to have another arp spoofing program > in debian at this time ... I'd be interested in details about that bug. Greets, Robert -- ( o> Linux Generation
Re: Bug#126498: ITP: spambouncer -- a powerful user-based anti-spam solution
Quoting martin f krafft ([EMAIL PROTECTED]): > > "You grabbed my hand and we fell into it, like a daydream - or a > > fever." > where's that from? 'dead flag blues', by Godspeed you black emperor! Greets, Robert -- Linux Generation encrypted mail preferred. finger [EMAIL PROTECTED] for my GnuPG/PGP key. if you remember the 60's, you weren't there. pgpZjHImJwA72.pgp Description: PGP signature
Re: /bin/ls is impure!
Quoting Wichert Akkerman ([EMAIL PROTECTED]): > > Try this: > > apt-get install purity purity-off # Not sure if the -off package is > > # actually necessary > What does that do? The description for the purity package is > quite useless. 'purity tests' :) Greets, Robert -- Linux Generation encrypted mail preferred. finger [EMAIL PROTECTED] for my GnuPG/PGP key. Save the whales. Collect the whole set.
Re: /bin/ls is impure!
Hi, Quoting Norbert Veber ([EMAIL PROTECTED]): > apt-get install purity purity-off # Not sure if the -off package is > purity list > purity nerd # any test should do from the previous > # list > Either finish the test, or abort it via ctrl-c or the "q" command. > --> Now run ls. > Be prepared to abort it before it consumes all the available memory on your > system. I could not reproduce this. Could you give more (factual) info, like package versions, shell, etc ? Greets, Robert -- Linux Generation encrypted mail preferred. finger [EMAIL PROTECTED] for my GnuPG/PGP key. wiggy, wat dacht je van 127.48.112.89 ### Process 0 (host 127.48.112.89) terminated with return code 69 pgpU1ZoGnJN6s.pgp Description: PGP signature
Re: Request for testers for new gphoto package
Hi, Quoting Paul Slootman ([EMAIL PROTECTED]): > There's some problem there... Apparently libusb1 was removed a couple of > weeks ago. > > PS: Please send copies to me and not to the list, in order to not clobber > > it (I'm not subscribed so keep that in mind) > To the list anyway to prevent others from running into the same problem > and wasting their time. I've been using gphoto2 for a while now. 'libusb1' is not present, 'libusb0' is, and works fine with gphoto2. If someone does want to try the package, try it with libusb0 installed, and maybe a pseudopackage providing libusb1 to fix the depends. Maybe the gphoto2 maintainder should depend on libusb0 instead ? Greets, Robert -- Linux Generation encrypted mail preferred. finger [EMAIL PROTECTED] for my GnuPG/PGP key. "You must have an IQ of at least half a million." -- Popeye
Re: xfonts-*dpi and reiserfs?
Hi, Quoting Guus Sliepen ([EMAIL PROTECTED]): > On Mon, Sep 10, 2001 at 12:01:30PM +0200, Sander Smeenk (CistroN Medewerker) > wrote: > > |Sep 10 11:54:05 replicator kernel: reiserfs_add_entry: Congratulations! > > |we have got hash function screwed up > Really, this is a clear indication that reiserfs is buggy. Send this > information to Hans Reiser or the lkml instead of Branden, he has nothing to > do with it from the looks of it. I have seen this problem, on his machine. Could you show me where he's sending this to Branden ? You must admit that it's quite a coincidence that this problem keeps occurring when he's upgrading his font packages, so this is a useful factor in his question. There seems to be some kind of link between these package upgrades, and reiserfs weirdnesses, if anyone on debian-devel has these - or similar - problems as well, this would be a good place to ask. Greets, Robert -- Linux Generation encrypted mail preferred. finger [EMAIL PROTECTED] for my GnuPG/PGP key. ik heb net al uitputtende sex gehad met mijn schaapjes
Bug#111173: ITP: cryptoapi
Package: wnpp Severity: wishlist http://cryptoapi.sourceforge.net/ |This is a repackaged distribution of the international crypto patch, |with the aim to improve adoption of this package by not requiring to |patch the kernel in order to be able to use the cryptoapi and the loop |encrytion. | |License is GPL; Some parts are licensed trough the following license, which |is free according to the DFSG: | |Permission is hereby granted, free of charge, to any person obtaining a |copy of this software and associated documentation files (the |"Software"), to deal in the Software without restriction, including |without limitation the rights to use, copy, modify, merge, publish, dis- |tribute, sublicense, and/or sell copies of the Software, and to permit |persons to whom the Software is furnished to do so, subject to the fol- |lowing conditions: | |The above copyright notice and this permission notice shall be included |in all copies or substantial portions of the Software. | |THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS |OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABIL- |ITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT |SHALL THE OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABIL- |ITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, |OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS |IN THE SOFTWARE. | |Except as contained in this notice, the name of the authors shall |not be used in advertising or otherwise to promote the sale, use or |other dealings in this Software without prior written authorization from |the authors. Note: This means i will probably drop the 'kernel-patch-int' package, which is the normal 'international crypto patch'. -- Linux Generation encrypted mail preferred. finger [EMAIL PROTECTED] for my GnuPG/PGP key. Laat je in ieder geval nooit imponeren door een hard blaffende advocaat.
Bug#111167: ITP: loop-aes
Package: wnpp Severity: wishlist http://loop-aes.sourceforge.net/loop-AES-v1.4d.tar.bz2 >From the readme: "This package provides loadable Linux kernel module (loop.o) that has AES cipher built-in. The AES cipher can be used to encrypt local file systems and disk partitions." Before you ask about the difference(s) between the kerneli patch: "This package does *not* modify your kernel in any way, so you are free to use kernels of your choice, with or without cool patches. This package works with all past, present, and future 2.2 and 2.0 kernels, and with recent 2.4 kernels (2.4.3 or later)." License is GPL. I have not decided on delivering binary-only modules for this yet. Greets, Robert -- Linux Generation encrypted mail preferred. finger [EMAIL PROTECTED] for my GnuPG/PGP key. Mijn muck is ook wit!
Re: kernel-source
Hi, Quoting Matthias Berse ([EMAIL PROTECTED]): > No, I mean a way to go from let's say kernel-source-2.4.3 to > kernel-source-2.4.4 without the need to download the whole big .deb, > but a patch similar to those patches found on kernel.org, but as a > debian package which the patches the installed kernel-source-2.4.3 and > provides kernel-source-2.4.4. You may ask why I don't take the patches > from kernel.org and apply them. Well won't work (at least for debian > kernel-source-2.4.3 I wasn't able to patch to 2.4.4...) I'm maintaining www.bzimage.org, which contains kernel patches similar to what you describe (not debian-specific though). IMHO .debs for patches like that are only useful for unstable, not for stable - and there would be quite a lot of them too..Too much package bloat if you ask me. Greets, Robert -- Linux Generation encrypted mail preferred. finger [EMAIL PROTECTED] for my GnuPG/PGP key. I'd rather be led to hell than managed to heaven.
Re: kernel-source
Quoting Matthias Berse ([EMAIL PROTECTED]): > expand vanilla-debian kernels for let's say xfs. Since the > kernel-source package is rather large compared to the usual > kernel-to-kernel patch why do not provide a kernel-patch packet which > can patch the kernel up do date? I think you're either meaning kernel-patch-* packages that allow patching of a kernel source tree (which we have), or binary patches to stock kernels (which would be impossible), or packages of patched kernels (which, afaik, we have.) ? Greets, Robert -- Linux Generation encrypted mail preferred. finger [EMAIL PROTECTED] for my GnuPG/PGP key. Insanity is hereditary. You get it from your kids.
Bug#96777: ITA: libapache-mod-ssl
Package: wnpp Severity: normal I'm adopting libapache-mod-ssl. I have spoken with the current maintainer ( Miquel van Smoorenburg, <[EMAIL PROTECTED]>), and he knows about/agrees on this. Thanks, Robert -- Linux Generation encrypted mail preferred. finger [EMAIL PROTECTED] for my GnuPG/PGP key. Don't panic.
Re: searchin' for Robert van der Meulen [Mailer-Daemon@smtp.cistron.nl: Mail delivery failed: returning message to sender]
Hi, Quoting Josip Rodin ([EMAIL PROTECTED]): > Here's a bug closing message with two bugs in it. First, the closes are done > with 'close nnn' command which is not nice to the submitters, and second, > the address [EMAIL PROTECTED] bounces. These were NMU-fixed bugs with a 'fixed' tag that weren't closed yet. I was under the impression that setting a bug to 'fixed' already contacts the submitter, so they can be 'acknowledged' and closed by the actual maintainer afterwards, without contacting the original submitters. Right or wrong? Greets, Robert p.s. As wichert's message stated - the bounce problem was NIS-related, and is fixed now. -- Linux Generation encrypted mail preferred. finger [EMAIL PROTECTED] for my GnuPG/PGP key. Never trust a child farther than you can throw it.
Re: snort: someone willing to work a bit on it?
Hi, Quoting Christian Hammers (ch@westend.com): > My snort package needs some work, e.g. a better logfile output and the > ability to generate customised filters from the snort.org web page. Sadly > I'm currently more interested in other things so maybe one of you want's > to improve it. If someone likes he can take it over complete (there are > enough programs out there for me to package) but maybe someone has only > some hours sparetime... I use snort quite a lot, so i wouldn't mind doing some work on it. If you want to give away the package or work on it together - that's your choice ;) (Wouldn't mind taking it over, anyways) Greets, Robert -- Linux Generation Laat je in ieder geval nooit imponeren door een hard blaffende advocaat.
Re: egcs/gcc?
Hi, Quoting J.H.M. Dassen (Ray) ([EMAIL PROTECTED]): > For me, 2.4 currently lacks ;) > - kerneli crypto patches There are preliminary 2.4 kerneli patches available. I will start packaging those as soon as i have the 2.2.18 version cleaned up and up-to-date. Greets, Robert -- Linux Generation Zet mij maar in een hoek, met me kop naar de muur :) -- marijnv
Re: ITP: ttyrec -- a tty recorder
Quoting Joey Hess ([EMAIL PROTECTED]): > My little playback program performs better (even though it is written in > perl), because it takes the latency of a system call into consideration: Where can we find it ? :) Greets, Robert -- Linux Generation All extremists should be taken out and shot.
Re: Openwall kernel patches
Quoting Matt Zimmerman ([EMAIL PROTECTED]): > Has anyone looked into packaging the Openwall patches for the kernel? Their > licensing is kosher. If nobody else steps up, I'll probably do it. I wouldn't mind doing it - i'm going to do kernel-patch-int, and openwall fits in nicely.. Greets, Robert -- Linux Generation Laat je in ieder geval nooit imponeren door een hard blaffende advocaat.
Re: Boost Windows Reliability!!!!!
Quoting John Galt ([EMAIL PROTECTED]): > You going to send them the bill then? At the bottom off the mailinglist > subscription page: > I think that you have some volunteers to send dunning notices within this > thread (myself included). If you already are, could you post a summary of > your actions and results on a periodic basis to somewhere that we can > refer the "close the list" thread starters to? Count me in. See also the post in a thread later on in debian-devel. Greets, Robert -- | [EMAIL PROTECTED] - Cistron Internet Services - www.cistron.nl| | php3/c/perl/html/c++/sed/awk/linux/sql/cgi/security | | My statements are mine, and not necessarily cistron's. | Sodomy is a pain in the ass.
Re: Close list
Quoting Carl B. Constantine ([EMAIL PROTECTED]): > > Now maybe if we were using the RBL, DUL, and RSS lists... > > :-) > > > disallow spammers > allow posts from outside those subscribed We already allow spammers: The Debian Linux mailing lists accept commercial advertising for payment. We offer a fee waiver if you can show us the canceled check for a $1000 (U.S.) or more donation to "Software in the Public Interest" (SPI). One donation per advertisement, please. If you don't wish to donate, simply post your advertisement to the list, and the operator of the mailing lists will bill you $1999 (U.S). The list operator will donate this amount, minus the expense of collecting it, to SPI. As someone in an earlier thread 'challenged' me, i wouldn't mind taking care of this for the Debian mailing lists i'm on. I am not a listmaster, so I don't know if i'm allowed to do the billing 'n' stuff. I still think it's a better idea to 'filter' the spam by a closed list, and a couple of people who moderate off-the-list messages, but according to the amount of commentary i recieved back on that, people seem to disagree with it :) Is it a good idea if i do this ? Can i do this ? Can i do this while not being in the US (as most spammers seem to be from the US) ? What do we do with non-paying spammers ? Greets, Robert -- | [EMAIL PROTECTED] - Cistron Internet Services - www.cistron.nl| | php3/c/perl/html/c++/sed/awk/linux/sql/cgi/security | | My statements are mine, and not necessarily cistron's. | Reality is a cop-out for people who can't handle drugs.
Re: Boost Windows Reliability!!!!!
Quoting Ben Collins ([EMAIL PROTECTED]): > BTW, I'm on a 28.8, and I get over 1000 emails a day from all the lists I > am sub'd to. So I do see a lot of spam, even beyond Debian's lists. If I > can ignore it, so can everyone else, IMNHO. Ignoring spam has made the internet the spam-ridden place it is right now. As long as people do not do anything about it, spam will be as commonplace and as 'ignorable' as spam by snailmail. I do not like that, and lots of people don't. Apart from the annoyances, spammers almost regularly clobber up mailservers, network links, and are being _very_ intrusive. Spam is not an ignorable problem, and every spam-account i can manage to get killed, will get killed. If your opinion is that we shouldn't actively try to bring down the spam to a minimum, and just delete it - that's your opinion, but definately not mine, and not a lot of others' too ;) Greets, Robert -- | [EMAIL PROTECTED] - Cistron Internet Services - www.cistron.nl| | php3/c/perl/html/c++/sed/awk/linux/sql/cgi/security | | My statements are mine, and not necessarily cistron's. | If you want divine justice, die. -- Nick Seldon
ITP: sing
SING stands for 'Send ICMP Nasty Garbage'. It is a tool that sends ICMP packets fully customized from command line. Its main purpose is to replace the ping command but adding certain enhancements (Fragmentation, spoofing,...) Sing is released under the GNU public license. It's project page is at http://www.sourceforge.org/projects/sing, it's author is 'slay'. Current version is 1.0-beta7, i will be packaging it starting from v1.0. Greets, Robert -- | [EMAIL PROTECTED] - Cistron Internet Services - www.cistron.nl| | php3/c/perl/html/c++/sed/awk/linux/sql/cgi/security | | My statements are mine, and not necessarily cistron's. | If you remember the 60's, you weren't there. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Strange messages...
Quoting Dale Scheetz ([EMAIL PROTECTED]): > Since my last upgrade to potato I've been getting a lot of messages like > the following: > There doesn't seem to be any real information here. Can anyone tell me > what is triggering these messages? They're postgres debug messages. Somehow, the newest postgres packages are emitting debug messages all the time. I've seen them too, but haven't gotten around to checking where they come from yet. Greets, Robert -- | [EMAIL PROTECTED] - Cistron Internet Services - www.cistron.nl| | php3/c/perl/html/c++/sed/awk/linux/sql/cgi/security | | My statements are mine, and not necessarily cistron's. | Dance is the vertical expression of a horizontal intention.
Re: Security of Debian SuX0r?
Hi, I don't like crossposting to mailinglists, so i post this to debian-devel, as well as a Cc to the original author. Quoting Juhapekka Tolvanen ([EMAIL PROTECTED]): > Have you guys and girls seen this? What do you think about it? > > http://www.securityportal.com/closet/ > > Before you flame me, please read the entire article. I realize there are a > lot of nice things about Debian, but I've also found a lot of problems. > The odd thing is that Debian seems to have gotten the niggly little > details right, but there are major issues they haven't addressed." The main thing i thought (after reading the article) was that you're mostly right, as far as i know. The package-signing thing has been bothering me as well. But. Your example of rpm's package-signature checking gives an example of a better idea, but i don't want to think about what happens when the vendor key is compromised. If somebody has the key the rpm's are signed with, he/she can create a very real false sense of security ('the signature's right, so the package is 100% certain correct and secure, as well'), by applying the signature to altered/compromised packages. The lilo-security thing seems a little farfetched to me as well. I didn't see a comparison with other distributions, and as far as i know, there are no other distributions that enforce a lilo-password. Did you check the packages of wich you mentioned there was a security hole in them (proftpd, apache) ? A lot of debian packages (and these as well, afaik), are patched to fix those holes. Apart from that, Debian offers (fast) updates to vulnerable packages, in the form of a security.debian.org apt-rule, where fixed/patched versions are available. >From your article: >This portion could be rather long, so I'll cut the list short. Debian has >shipped more than a few daemons that have severe security problems, many >of which were fixed well before Debian 2.2 was released. I find this >unacceptable, especially in the light that Debian has not released any >updates for these packages! I wonder if you actually checked all these 'more than a few daemons'. By my knowledge there are no publicly known vulnerabilities in Debian. Some comments on your summary: >Debian's goal of a bug free-release hasn't been met. But to be fair, it's >not like any software vendor will ever release bug-free software. >Debian has done a particularly bad job in my opinion, shipping out-of-date >software and especially publicly available network daemons that have root >hacks in them. There is no such thing as a bug-free release. Debian has done a pretty good job in keeping their releases (including the latest one) secure. There is no software shipped in the last Debian distribution with the publicly known root hacks you're talking about. >If you do go with Debian, you'll have a lot of manual updating ahead of you >to bring it up-to-date and secure it. Unfortunately, the argument " >apt-get, apt-upgrade" won't work, since many of these updates are not >available as dpkg's yet. Adding security.debian.org in your apt-rules list works just fine. A lot of Debian maintainers fix security bugs in their packages, often before they become publicly known. An out-of-the-box Debian system will only have the security bugs that have become publicly known after its release date, and these can be fixed with the above-mentioned security updates. >Debian has also ignored a lot of work other vendors have put into making their >distributions more secure. If you don't learn from the mistakes and >improvements of others, there is little hope. This is especially frustrat >ing in light of Debian's effort to secure various parts of the distribution, >using Exim by default instead of Sendmail. >Having seen things like that during the install, I had a lot of hope for >Debian, but my hopes were dashed to pieces upon closer inspection. Debian is a distribution that _adds_ to the work other vendors do, making their distributions more secure. If you actually would would have taken a closer look (wich you obviously haven't done), you would've seen there's a lot more work being done on the security of Debian than you're mentioning. Your article shows some knowledge of security in linux systems, but also a very badly-informed, no-research, superficial look on Debian security issues. Greets, Robert -- | [EMAIL PROTECTED] - Cistron Internet Services - www.cistron.nl| | php3/c/perl/html/c++/sed/awk/linux/sql/cgi/security | | My statements are mine, and not necessarily cistron's. | Life is a sexually transmitted disease with 100% mortality.