Re: [ISSUE] No support for shadow groups, yet we perpetrate to have it

[Marcus Brinkmann]

On Fri, Oct 01, 1999 at 07:44:38PM -0400, Ben Collins wrote:
> On Sat, Oct 02, 1999 at 01:28:53AM +0200, Marcus Brinkmann wrote:
> > On Fri, Oct 01, 1999 at 06:53:18PM -0400, Ben Collins wrote:
> > > This may sound silly, but in fact, glibc does not support shadow groups[1]
> > 
> > Indeed. I think we can drop this idea altogether. How many people do use
> > passwords on groups anyway?
> 
> Group passwords are supported, just not shadowable (man getgr{ent,nam}).

Yes, I know. What I meant is shadowing the group file does only make sense
if you actually have passwords in it :)

Marcus

-- 
`Rhubarb is no Egyptian god.' Debian http://www.debian.org  Check Key server 
Marcus Brinkmann  GNUhttp://www.gnu.orgfor public PGP Key 
[EMAIL PROTECTED]PGP Key ID 36E7CD09
http://homepage.ruhr-uni-bochum.de/Marcus.Brinkmann/

Re: [ISSUE] No support for shadow groups, yet we perpetrate to have it

[Ben Collins]

On Sat, Oct 02, 1999 at 01:28:53AM +0200, Marcus Brinkmann wrote:
> On Fri, Oct 01, 1999 at 06:53:18PM -0400, Ben Collins wrote:
> > This may sound silly, but in fact, glibc does not support shadow groups[1]
> 
> Indeed. I think we can drop this idea altogether. How many people do use
> passwords on groups anyway?

Group passwords are supported, just not shadowable (man getgr{ent,nam}).

Ben

Re: Redesign of diskless NFS-root package & ITP diskless-image

[Brian May]

On Fri, Oct 01, 1999 at 05:39:15PM +0200, [EMAIL PROTECTED] wrote:
> > I have made most of the changed required for my redesign of diskless.
> > Amazingly, it looks like no changed are required for dpkg. I haven't
> > yet tested anything though, and implementing secure mode might be a bit
> > awkward. Currently I am considering the following:
> > 
> > 1 installation moves /var, /dev, and /tmp into /rw/
> > 2 symlinks are created: /var --> /rw/var,
> > /dev --> /rw/dev, and
> > /tmp --> /rw/tmp.
> > 
> > On startup (non-secure mode) /var, /dev, and /tmp are mounted
> > as usual, over the top of the directories under /rw/
> > 
> > (should I do the same thing for /etc too? I inclined not to
> > - I think it should be read-only. Making /etc read-write
> > might make adding extra hosts easier, as all host
> > specific data can be copied and processed on startup)
> 
> Do you support multiple clients? I would have a normal /etc that links
> most files to /share/etc and some to /rw/etc (the host specific stuff
> like hostname). /share would be on / and ro so its available on boot.

Yes. However, I don't use symlinks. Note: I think you may possibly
have confused my two (current) modes of operation. You
can either use diskless-image-secure*.deb or diskless-image-simple*.deb.

diskless-image-simple*.deb:
(for example - all directories on right have sample names)

/ is mounted from server:/var/sub/dir/root

This directory is created with my diskless-newimage perl script. The
computer boots. It checks that / is mounted readonly. If it is, then it
assumes that it is not the master system, and continues:

/etc is mounted from server:/var/sub/dir/$IP/etc

where $IP is the IP address of the computer. This subdirectory must
already exist, and is created with my diskless-newhost perl script.

The /etc directory now contains the /etc/fstab file which is
valid for the computer, and continues to boot as per
normal.

> > The result will be that /var, /dev, and /tmp are read-write,
> > but completely refreshed every-time the computer boots.
> 
> ??? What do you mean here? Why copy anything at all? How should the
> filesystems be broken? Isn´t it the servers responsibility to keep
> them working? Do I have to copy my 2 GB /rw partition to /copy and
> then back over my 40KB/s plip link?

Question: do you want to run NFS-Root over 40KB/s plip links? I am
not being critical here, just curious.

In this case, you would use the diskless-image-simple*.deb package.
Files are only copied as the client requires them. However, while
/etc can be exported read-only, /var, /dev, and /tmp have to be
exported read/write. That would mean that somebody could break into the
network/computer and wreck the image. Some people I have talked to would
rather have all NFS exports read-only.

Note: Currently, no files under /var are copied, only the directory
structure. I am not yet sure if this will break anything (eg man-db)
which requires index files under /var. I imagine copying the directory
structure shouldn't take too long (not tested yet). The major problem is
/dev which may contain lots of devices.

> Try to install for an m68k/ppc/alpha diskless station on your i386. I
> might test i386/m68k/alpha in any combination for server and client
> if I find the diskspace for it.

That would lead to difficulties. Mainly that I don't have a
m68k/ppc/alpha ;-)

So, while I could test "dpkg --root alpha_image alpha_file.deb", I don't
think this is quite enough.



PS: telnetd doesn't work on my NFS-root computer. After considering the
matter, I realized the problem might be because devices on base2_1.tgz
have group and other write permission disabled. This probably includes
devices that manage /dev/pts.

Could somebody tell my what devices (and other files) *must* have group
and other write permission enabled? So far I have identified /dev/null
/dev/zero and /tmp.

Any reason why these are installed like this? Whats the best way to fix
all the permissions (in one operation prefered)?
-- 
Brian May <[EMAIL PROTECTED]>

Re: [ISSUE] No support for shadow groups, yet we perpetrate to have it

[Marcus Brinkmann]

On Fri, Oct 01, 1999 at 06:53:18PM -0400, Ben Collins wrote:
> This may sound silly, but in fact, glibc does not support shadow groups[1]

Indeed. I think we can drop this idea altogether. How many people do use
passwords on groups anyway?

thanks,
Marcus

-- 
`Rhubarb is no Egyptian god.' Debian http://www.debian.org  Check Key server 
Marcus Brinkmann  GNUhttp://www.gnu.orgfor public PGP Key 
[EMAIL PROTECTED]PGP Key ID 36E7CD09
http://homepage.ruhr-uni-bochum.de/Marcus.Brinkmann/

Re: Packages should not Conflict on the basis of duplicate functionality

[John Goerzen]

The Doctor What <[EMAIL PROTECTED]> writes:

> I do not believe that any network daemon should automatically start
> grabbing resources without asking.  By installing a package, I only
> consent to commiting disk space and the resoureses needed to get it
> actually on the disk.  Anything beyond that should be asked
> for.

No, this is silly.  When you install a package, it is for use.  If you 
don't intend to use it, why install it?

Incidentally, can we do something about the insane CC line please?

-- 
John Goerzen   Linux, Unix consulting & programming   [EMAIL PROTECTED] |
Developer, Debian GNU/Linux (Free powerful OS upgrade)   www.debian.org |
+
The 955,570th digit of pi is 2.

Re: BTS: How are the bug reports organized?

[Thomas Schoepf]

On Fri, Oct 01, 1999 at 08:07:18AM -0700, Darren Benham wrote:

> I want to change the structure to save based
> on the last two digits of the bug number, not the first...

I don't understand how this should reduce/limit the number of files in a
single directory.
Why not determine the directory by cutting off the last three digits? This
would savely guarantee that a single directory nevers contains more than
999 files. Bug#47000 will go into /Bugs/db/47/ and Bug#100 goes into
/Bugs/db/1000/.


Thomas
-- 
GnuPG: ID=B0FA4F49, http://www.in.tum.de/~schoepf/gpgkey.txt
  Fingerprint: FA38 2D7E 408F 61E4 BF49  B48F 04BD F5BE B0FA 4F49
PGP 2: ID=2EA7BBBD, http://www.in.tum.de/~schoepf/pgpkey.txt
  Fingerprint: 08 96 1F CD AD 55 03 0F  95 92 B0 F2 04 32 4B 52


pgpt5B9dLAPcD.pgp
Description: PGP signature

Re: BTS: How are the bug reports organized?

[Thomas Schoepf]

On Thu, Sep 30, 1999 at 10:03:58PM -0700, Darren Benham wrote:
> Then close some bugs :)

Ok. But what happens to those closed bugs as the new debbugs package no
longer cleans them out?

> No, seriously, that's how it's created but as long as we don't start ignoring
> bugs, we'll never see  or 9 bugs in a single directory.

I'm really tempted to ask for a proof of this theory ;-)


Thomas
-- 
GnuPG: ID=B0FA4F49, http://www.in.tum.de/~schoepf/gpgkey.txt
  Fingerprint: FA38 2D7E 408F 61E4 BF49  B48F 04BD F5BE B0FA 4F49
PGP 2: ID=2EA7BBBD, http://www.in.tum.de/~schoepf/pgpkey.txt
  Fingerprint: 08 96 1F CD AD 55 03 0F  95 92 B0 F2 04 32 4B 52


pgpGDGgHo8Z1N.pgp
Description: PGP signature

Re: SSH never free

[Ryan Murray]

On Fri, Oct 01, 1999 at 05:39:12PM -0400, Ben Collins wrote:
> On Fri, Oct 01, 1999 at 02:16:03PM -0700, Ryan Murray wrote:
> > > restrictive); see below for details.
> > > 
> > > [ RSA is no longer included. ]
> > > [ IDEA is no longer included. ]
> > 
> > IDEA was the only part of ssh that made it non-free, prohibiting
> > commercial use.
> 
> Wrong, RSA makes it non-free, and so does their license.

Whoops...typing faster than thinking, it seems.  Of course, in Canada I
don't have to use rsaref, so it makes it easier to forget...:)

-- 
Ryan Murray ([EMAIL PROTECTED], [EMAIL PROTECTED])
Software Designer, Glenayre Technologies Inc.
The opinions expressed here are my own.

Re: slink -> potato

[Herbert Xu]

John Lapeyre <[EMAIL PROTECTED]> wrote:

>Something I have noticed several times. If you are doing a remote upgrade
> (probably a crazy idea), the telnet daemon (maybe inetd or something) becomes
> unavailble for quite some time. Maybe it is between the time that netbase is 
> unpacked and when it is configured.   There are usually problems with a broken
> package or two so that apt-get upgrade does not work on the first try. If I 
> lose
> my telnet connection, I can't telnet again to fix things.

That's the way it is supposed to be.  However, it does not kill any existing
telnet connections.  The same thing applies to other daemons being upgraded,
including ssh.
-- 
Debian GNU/Linux 2.1 is out! ( http://www.debian.org/ )
Email:  Herbert Xu ~{PmV>HI~} <[EMAIL PROTECTED]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

[ISSUE] No support for shadow groups, yet we perpetrate to have it

[Ben Collins]

This may sound silly, but in fact, glibc does not support shadow groups[1]
(I'm not sure if we ever had this support), yet the shadow programs attempt
to use it. For example we convert the group file to shadow, even though glibc
does not contain the calls to get this info. If you look at the shadow build,
it does not define shadow groups as enabled because of this.

If this is the case, we need to stop acting as if the system has this
capability (not changing the group file to a shadowed one) and so on.

I want opinions and maybe some clarification on this issue.

Ben

[1] For those of you paying real close attention, I believe libc5 contained
this. Yes I know that libpwdb also contains this, but I am /NOT/ adding
another dependency for shadow, and pwdb has proven to mess things up
wrt to certain systems (upgrading to a PWDBified login would instantly
break every NIS system, not to mention bypass nsswitch.conf altogether).

Re: shlib-with-non-pic-code _libglademodule.so

[Torsten Landschoff]

On Fri, Oct 01, 1999 at 08:37:41PM +0200, Josip Rodin wrote:
 
> I think so, too. I have experienced this error several times, and could
> not find any error in the .so files it said were wrong. The bug report
> is already filed, #46186.
> 
> BTW does this perhaps happen on just this one library in the package?

Yes - and in the _gnomeglademodule in the new package (1.0.50).

cu
Torsten


pgpzSJxnl1AJE.pgp
Description: PGP signature

Re: SSH never free

[Sean 'Shaleh' Perry]

On 01-Oct-99 Jason Gunthorpe wrote:
> 
> On 1 Oct 1999, James Troup wrote:
> 
>> [ RSA is no longer included. ]
> 
> Wait wait, doesn't this mean that ssh RSA authentication is gone as well??
> Did they replace it with DSS/DH or what? IMHO ssh would cease to be very
> usefull as a security tool without a public key mechism, not to mention
> that existin ssh clients would not be able to securely connect to obsd-ssh
> servers :<
> 

There is rsa.c written by someone in Finland (I believe the original ssh
author).

Re: ITP: actx

[Thomas Schoepf]

On Fri, Oct 01, 1999 at 07:16:37PM +0900, Kenshi Muto wrote:

>  Package: actx
>  Version: 0.98pre8-2
>  Section: x11

Who else thinks that this might better be set to 'games' ?

>  Description: A Window Sitter Program on X
>   ActX is a window sitter program to make your life with X rich and
> fruitful. It supports a helpful pop-up menu to modify configuration of
> animation and more. Originally inspired with XAyanami, another window
> sitter.


Thomas
-- 
GnuPG: ID=B0FA4F49, http://www.in.tum.de/~schoepf/gpgkey.txt
  Fingerprint: FA38 2D7E 408F 61E4 BF49  B48F 04BD F5BE B0FA 4F49
PGP 2: ID=2EA7BBBD, http://www.in.tum.de/~schoepf/pgpkey.txt
  Fingerprint: 08 96 1F CD AD 55 03 0F  95 92 B0 F2 04 32 4B 52


pgpx8Ma07AXMx.pgp
Description: PGP signature

Re: SSH never free

[Ben Collins]

On Fri, Oct 01, 1999 at 02:16:03PM -0700, Ryan Murray wrote:
> > restrictive); see below for details.
> > 
> > [ RSA is no longer included. ]
> > [ IDEA is no longer included. ]
> 
> IDEA was the only part of ssh that made it non-free, prohibiting
> commercial use.

Wrong, RSA makes it non-free, and so does their license.

Ben

Re: SSH never free

[Jason Gunthorpe]

On 1 Oct 1999, James Troup wrote:

> [ RSA is no longer included. ]

Wait wait, doesn't this mean that ssh RSA authentication is gone as well??
Did they replace it with DSS/DH or what? IMHO ssh would cease to be very
usefull as a security tool without a public key mechism, not to mention
that existin ssh clients would not be able to securely connect to obsd-ssh
servers :<

Jason

Re: bash package removing /bin/sh on upgrade

[Raul Miller]

On Fri, Oct 01, 1999 at 03:00:51PM +0200, Torsten Landschoff wrote:
> If somebody could come up with a better method of handling this it would be
> most welcome.

I'd suggest releasing a bash (which doesn't use #!/bin/sh scripts for
install/remove) that, in postinst, divert's bash's /bin/sh. Leave the
/bin/sh link alone, but create an extra link to occupy the position
specified by the diversion.

I've not tested this, but it seems like it should work.

I'm not sure who should own the link in the long run.

-- 
Raul

Re: SSH never free

[Ryan Murray]

On Fri, Oct 01, 1999 at 09:52:42PM +0100, James Troup wrote:

> > I am pretty sure that SSH was never free software.  Could you show
> > me the license on the version that they started with?
> 
> -&<-&<-&<-&<-&<
> This file is part of the ssh software, Copyright (c) 1995 Tatu Ylonen, Finland
> 
> 
> COPYING POLICY AND OTHER LEGAL ISSUES
> 
> As far as I am concerned, the code I have written for this software
> can be used freely for any purpose.  Any derived versions of this
> software must be clearly marked as such, and if the derived work is
> incompatible with the protocol description in the RFC file, it must be
> called by a name other than "ssh" or "Secure Shell".
> 
> However, I am not implying to give any licenses to any patents or
> copyrights held by third parties, and the software includes parts that
> are not under my direct control.  As far as I know, all included
> source code is used in accordance with the relevant license agreements
> and can be used freely for any purpose (the GNU license being the most
> restrictive); see below for details.
> 
> [ RSA is no longer included. ]
> [ IDEA is no longer included. ]

IDEA was the only part of ssh that made it non-free, prohibiting
commercial use.

-- 
Ryan Murray ([EMAIL PROTECTED], [EMAIL PROTECTED])
Software Designer, Glenayre Technologies Inc.
The opinions expressed here are my own.

Re: SSH never free

[James Troup]

Richard Stallman <[EMAIL PROTECTED]> writes:

> I am pretty sure that SSH was never free software.  Could you show
> me the license on the version that they started with?

-&<-&<-&<-&<-&<
This file is part of the ssh software, Copyright (c) 1995 Tatu Ylonen, Finland


COPYING POLICY AND OTHER LEGAL ISSUES

As far as I am concerned, the code I have written for this software
can be used freely for any purpose.  Any derived versions of this
software must be clearly marked as such, and if the derived work is
incompatible with the protocol description in the RFC file, it must be
called by a name other than "ssh" or "Secure Shell".

However, I am not implying to give any licenses to any patents or
copyrights held by third parties, and the software includes parts that
are not under my direct control.  As far as I know, all included
source code is used in accordance with the relevant license agreements
and can be used freely for any purpose (the GNU license being the most
restrictive); see below for details.

[ RSA is no longer included. ]
[ IDEA is no longer included. ]
[ DES is now external. ]
[ GMP is now external. No more GNU licence. ]
[ Zlib is now external. ]
[ The make-ssh-known-hosts script is no longer included. ]
[ TSS has been removed. ]

The MD5 implementation in md5.c was taken from PGP and is due to Colin
Plumb.  Comments in the file indicate that it is in the public domain.

The 32-bit CRC implementation in crc32.c is due to Gary S. Brown.
Comments in the file indicate it may be used for any purpose without
restrictions.

Note that any information and cryptographic algorithms used in this
software are publicly available on the Internet and at any major
bookstore, scientific library, and patent office worldwide.  More
information can be found e.g. at "http://www.cs.hut.fi/crypto";.

The legal status of this program is some combination of all these
permissions and restrictions.  Use only at your own responsibility.
You will be responsible for any legal consequences yourself; I am not
making any claims whether possessing or using this is legal or not in
your country, and I am not taking any responsibility on your behalf.


NO WARRANTY

BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS
TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
REPAIR OR CORRECTION.

IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES.
-&<-&<-&<-&<-&<
 
> Is there any chance that you could put me in touch with the OpenBSD
> people who are working on this?

Theo de Raadt <[EMAIL PROTECTED]> is the head of OpenBSD, and as far
as I can see, he is the person who initiated the project they have now
dubbed OpenSSH (1.0).

Hope this helps...  

-- 
James

Re: {R,I[INEW]}TP: free ssh [non-US]

[James Troup]

Joel Klecker <[EMAIL PROTECTED]> writes:

> At 09:55 +0100 1999-10-01, Philip Hands wrote:
> >James Troup <[EMAIL PROTECTED]> writes:
> >> OpenBSD have started working on the last free SSH (1.2.12 was under a
> >> DFSG free license AFAICT[1]), they also, (again AFAICT [I'm going by
> >> the CVS commits]), are ripping out the patented algrothims (IDEA,
> >> etc.).  Unfortunately, I'm chronically busy with work and haven't had
> >> time to look into it, but all the signs look very good (they appear to
> >> have added it as part of their base system, for example).
> >
> >Damn, I thought I knew ssh had been free at one point, but when I
> >noticed the non-free license in the late teens, I obviously failed
> >to go back far enough to find the free version.  I'll probably end
> >up calling the new package ssh-free
> 
> Note that OpenBSD is also ripping out support for pretty much any
> other other OS as they go, and using library functions that are
> OpenBSD-specific.

That's a slight over-exaggeration, but they are ripping out for
ancient non-POSIX OSes.  I doubt it'll be too much work to get it too
work on Linux...

-- 
James

Re: boot-floppies status from an insider (was Re: Deficiencies in Debian)

[Eric Delaunay]

[EMAIL PROTECTED] wrote:
> Eric Delaunay <[EMAIL PROTECTED]> writes:
> 
> > Do we still want to support very old hardware, especially low memory system
> > (eg. some old sparc, and maybe old 386, 486 as well) ?
> 
> Then you also need a 1.x kernel. 2.0 is wasting mem and 2.2 doesn´t
> boot on low mem maschines. I think its safe to assume 8 MB ram for a
> linux installation. Everybody else should take a bootdisk from bo or slink.

Is 1.x still supported by slink or potato ?
Anyway, I believe sparc is not ;-(  But I guess even old sparc have at least
8MB of memory.

> > In this case, we need to add a "swap on NFS" patch to the kernel.
> > I found one patch for 2.0.35 (sparc) kernel.  And for 2.2, NBD could be used
> > along with a patch to the networking subsystem
> > (http://atrey.karlin.mff.cuni.cz/~pavel/nbd/nbd.html).
> > I will try to build bootdisks for sparc based on them.
> 
> Hmm, if you can nfs-swap, you will have acess to another maschine,
> where you custombuild your kernel and copy that to the boot disk. If
> ram is a problem you will want to compile a kernel anyway.

Hmm, compiling a sparc kernel on an intel box is somewhat difficult ;-)
Btw, I got the nbd patch for 2.1.123 kernel but it fails to apply cleanly on
2.2.12.  If I will have spare time this w-e I will try to fix it.

Does anybody have experience with NBD and/or swap over NFS ?

Regards.

-- 
 Eric Delaunay | "La guerre justifie l'existence des militaires.
 [EMAIL PROTECTED] | En les supprimant." Henri Jeanson (1900-1970)

Re: slink -> potato

[David Bristel]

Strange, I've never had a hard time with a dist-upgrade when I am remote.  Of
course, it's best to open a new telnet window once the upgrade is complete, and
to not do a final reboot until you are on site, since if it doesn't boot, you
are stuck.  But that behavior of losing connection is generally only a problem
if you use dial-up.  If you use ethernet, you won't lose connectivity unless
your connection dies.

Dave Bristel


On Fri, 1 Oct 1999, John Lapeyre wrote:

> Date: Fri, 1 Oct 1999 11:43:17 -0700
> From: John Lapeyre <[EMAIL PROTECTED]>
> To: "[iso-8859-1] andreas pålsson" <[EMAIL PROTECTED]>
> Cc: debian developers 
> Subject: Re: slink -> potato
> Resent-Date: 1 Oct 1999 18:43:30 -
> Resent-From: debian-devel@lists.debian.org
> Resent-cc: recipient list not shown: ;
> 
> 
>Something I have noticed several times. If you are doing a remote upgrade
> (probably a crazy idea), the telnet daemon (maybe inetd or something) becomes
> unavailble for quite some time. Maybe it is between the time that netbase is 
> unpacked and when it is configured.   There are usually problems with a broken
> package or two so that apt-get upgrade does not work on the first try. If I 
> lose
> my telnet connection, I can't telnet again to fix things.
> 
> *andreas pålsson wrote:
> > Hello.
> > 
> > I'm about to make an update of a base Slink-system to the unstable
> > Potato.
> > 
> > Is there anything I should think of or preperations to be made before
> > updating?
> > 
> > Why I do this is because I want to become a Debian-developer, and any
> > hints and tips are much appreciated.
> > 
> > Sincerely...
> > Andreas
> > 
> > 
> > -- 
> > To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
> 
> -- 
> John Lapeyre <[EMAIL PROTECTED]>,  [EMAIL PROTECTED]
> Tucson,AZ http://www.physics.arizona.edu/~lapeyre
> 
> 
> -- 
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
> 

SSH never free

[Richard Stallman]

I am pretty sure that SSH was never free software.  Could you show me
the license on the version that they started with?

Is there any chance that you could put me in touch with the OpenBSD
people who are working on this?

Re: {R,I[INEW]}TP: free ssh [non-US]

[Joel Klecker]

At 09:55 +0100 1999-10-01, Philip Hands wrote:
James Troup <[EMAIL PROTECTED]> writes:
OpenBSD have started working on the last free SSH (1.2.12 was under a
DFSG free license AFAICT[1]), they also, (again AFAICT [I'm going by
the CVS commits]), are ripping out the patented algrothims (IDEA,
etc.).  Unfortunately, I'm chronically busy with work and haven't had
time to look into it, but all the signs look very good (they appear to
have added it as part of their base system, for example).
Damn, I thought I knew ssh had been free at one point, but when I
noticed the non-free license in the late teens, I obviously failed to
go back far enough to find the free version.
I'll probably end up calling the new package ssh-free
Note that OpenBSD is also ripping out support for pretty much any 
other other OS as they go,  and using library functions that are 
OpenBSD-specific.
--
Joel Klecker (aka Espy)Debian GNU/Linux Developer
mailto:[EMAIL PROTECTED]> mailto:[EMAIL PROTECTED]>
http://web.espy.org/>   http://www.debian.org/>

Re: NcFTP is free again?

[Joel Klecker]

At 10:39 +0200 1999-10-01, J.H.M. Dassen \(Ray\) wrote:
I switched to lftp myself at the time of the previous ncftp license issue,
and haven't looked back. Is there anything in ncftp that lftp doesn't have?
Well, ncftp does display server messages without needing debug output on.
--
Joel Klecker (aka Espy)Debian GNU/Linux Developer
mailto:[EMAIL PROTECTED]> mailto:[EMAIL PROTECTED]>
http://web.espy.org/>   http://www.debian.org/>

Re: bash package removing /bin/sh on upgrade

[Joel Klecker]

At 15:00 +0200 1999-10-01, Torsten Landschoff wrote:
I am the person responsible for this problem. In fact the problem was that
people did not want the bash package to override their /bin/sh link so
it had to be removed from the package.
Those people need to learn to use diversions (and yes, you can divert 
a symlink). The last thing we need is /bin/sh out of dpkg's control.
--
Joel Klecker (aka Espy)Debian GNU/Linux Developer
mailto:[EMAIL PROTECTED]> mailto:[EMAIL PROTECTED]>
http://web.espy.org/>   http://www.debian.org/>

Re: bash package removing /bin/sh on upgrade

[James Troup]

Torsten Landschoff <[EMAIL PROTECTED]> writes:

> If somebody could come up with a better method of handling this it would be
> most welcome.

Don't do it (muck around with /bin/sh links).  Guy made a comment in
the bug report about this and AFAIK didn't do it yet in case of
breakages like this.

-- 
James

Re: First beta version of the Debian SGML/XML HOWTO

[Daniel Burrows]

On Fri, Oct 01, 1999 at 08:54:14PM +0200, Wichert Akkerman was heard to say:
> Previously Stephane Bortzmeyer wrote:
> > ishtar:~> dpkg --search /usr/bin/nsgmls 
> > sp: /usr/bin/nsgmls
^^
> That only means you have it installed. Now try this:
> 
> [lightning:~]-10> dpkg --print-avail nsgmls
> Package `nsgmls' is not available.

bluegreen:~> dpkg --print-avail sp
Package: sp
Priority: optional
Section: text
Installed-Size: 410
Maintainer: Adam Di Carlo <[EMAIL PROTECTED]>
Architecture: i386
Source: jade (1.2.1-11)
Version: 1.3.3-1.2.1-11
Depends: libc6 (>= 2.1), libstdc++2.10, libsp1 (>= 1.3.2-1.2-1), sgml-base
Suggests: doc-base, sgml-data
Filename: dists/unstable/main/binary-i386/text/sp_1.3.3-1.2.1-11.deb
Size: 145676
MD5sum: 80d3b29d45a42c97ba9e833400535c22
Description: James Clark's SGML parsing tools
 This package is a collection of SGML/XML tools called SP.
 .
 These tools are used to parse, validate, and normalize SGML and XML
 files.  The central programs included in this package are 'nsgmls',
 which replaces sgmls, 'spam', 'spent', 'sgmlnorm', and 'sgml2xml'.
 .
 Author:   James Clark <[EMAIL PROTECTED]>
 Homepage: http://www.jclark.com/sp/


  Daniel

-- 
  Knowledge, n:
 Things you believe.

Re: dhcpcd procedure

[Wichert Akkerman]

Previously Edward Betts wrote:
> Check $2

No, check $1.

Wichertk

-- 
==
This combination of bytes forms a message written to you by Wichert Akkerman.
E-Mail: [EMAIL PROTECTED]
WWW: http://www.wi.leidenuniv.nl/~wichert/


pgpFA9lquWmra.pgp
Description: PGP signature

Re: First beta version of the Debian SGML/XML HOWTO

[Wichert Akkerman]

Previously Stephane Bortzmeyer wrote:
> ishtar:~> dpkg --search /usr/bin/nsgmls 
> sp: /usr/bin/nsgmls

That only means you have it installed. Now try this:

[lightning:~]-10> dpkg --print-avail nsgmls
Package `nsgmls' is not available.

ie it's no longer available. If my memory servers me correctly it has
been replaced by something else now.

Wichert.

-- 
==
This combination of bytes forms a message written to you by Wichert Akkerman.
E-Mail: [EMAIL PROTECTED]
WWW: http://www.wi.leidenuniv.nl/~wichert/


pgp3Zma1vRZae.pgp
Description: PGP signature

Re: slink -> potato

[John Lapeyre]

   Something I have noticed several times. If you are doing a remote upgrade
(probably a crazy idea), the telnet daemon (maybe inetd or something) becomes
unavailble for quite some time. Maybe it is between the time that netbase is 
unpacked and when it is configured.   There are usually problems with a broken
package or two so that apt-get upgrade does not work on the first try. If I lose
my telnet connection, I can't telnet again to fix things.

*andreas pålsson wrote:
> Hello.
> 
> I'm about to make an update of a base Slink-system to the unstable
> Potato.
> 
> Is there anything I should think of or preperations to be made before
> updating?
> 
> Why I do this is because I want to become a Debian-developer, and any
> hints and tips are much appreciated.
> 
> Sincerely...
>   Andreas
> 
> 
> -- 
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

-- 
John Lapeyre <[EMAIL PROTECTED]>,  [EMAIL PROTECTED]
Tucson,AZ http://www.physics.arizona.edu/~lapeyre

Re: Packages should not Conflict on the basis of duplicate functionality

[Josip Rodin]

On Thu, Sep 30, 1999 at 09:47:24PM -0500, Eric Weigel wrote:
> I wanted to look at each of ipopd, gnu-pop3d and cucipop.  I could only
> look at one at a time.  It was ok in my case, because the machine I was
> using has very little pop3 traffic.  But it was awkward.
> 
> If I wanted to download source and recompile it, I would not be using
> Debian.  I like the package manager.  I also like the thought that goes
> into problems like this.
[snip]

I'd like to propose something else: until the packages provide proper
debconf (or whatever) support which would configure the port and other
settings for the daemon, let's keep the Provides:+Conflicts: scheme we
have been using so far.

Let's admit it - the newbies[1] are the majority of Debian users. Most of
these newbie users will (usually by accident) try to install another POP3
daemon, it will stomp over an existing one, and the user will get problems
they will not know how to fix, at least not instantly.

I'm all for detailed configuration and enhanced settings and all that nice
stuff for sysadmins, but first, let's get it properly implemented in the
packaging system, the back bone. Until then, keep the default way safe
for the general use.

[1] note the difference between "newbie" and "lamer".

-- 
enJoy -*/\*- don't even try to pronounce my first name

Re: shlib-with-non-pic-code _libglademodule.so

[Josip Rodin]

On Fri, Oct 01, 1999 at 11:23:00AM +0200, Torsten Landschoff wrote:
> I am the maintainer of python-gnome and the associated modules. The
> current python-glade has support for the libglade library in
> _libglademodule.so.  Problem: Lintian complains that _libglademodule.so
> contains position dependent code. But it is compiled with
> 
> gcc -g -O2 -fPIC -c libglademodule.c
> gcc -shared -lc -o _libglademodule.so libglademodule.o -lglade -lxml -lz \
> -lgtk -lgdk -rdynamic -lgmodule -lglib -ldl -lXi -lXext -lX11 -lm
> 
> (I removed some of the uninteresting options as -Lfoo and -Ibar)
> 
> Could you tell me what I am doing wrong? I don't see anything wrong in 
> that gcc commands. Perhaps lintian is wrong?

I think so, too. I have experienced this error several times, and could
not find any error in the .so files it said were wrong. The bug report
is already filed, #46186.

BTW does this perhaps happen on just this one library in the package?

-- 
enJoy -*/\*- don't even try to pronounce my first name

recompile needed for xlib6g (>= 3.3.5-1) instead of (>= 3.3.2.3a-2) ?

[Peter S Galbraith]

[posted this to -mentors 40 hours ago without an answer, so
 perhaps I'll try -devel instead]

I recently uploaded i386 packages that were build on a slink system
upgraded to potato's libc6 and C compilers (everything else is
slink).  These packages (xcolmix and xplot) have this depends
line:

Depends: libc6 (>= 2.1), libforms0.88, xlib6g (>= 3.3.2.3a-2)

Now I built an all-potato chroot environment and notice that the potato
xlib6g-dev package creates a depency line:

Depends: libc6 (>= 2.1), libforms0.88, xlib6g (>= 3.3.5-1)

Should I rebuild the i386 binaries with the new xlib6g-dev
and upload them with .0.1 version number suffix?  Or perhaps it
doesn't matter?

Thanks for the usual great help,

-- 
Peter Galbraith, research scientist  <[EMAIL PROTECTED]>
6623'rd GNU/Linux user at the Counter - http://counter.li.org/ 

Re: dhcpcd procedure

[Edward Betts]

Dpk <[EMAIL PROTECTED]> wrote:
> What would be the best way to check for this?  A simple 'ps |grep
> dhcpcd' ? Would doing so make my package dependent on procps?  or is
> there a convenient way to check the installed version of dhcpcd
> someway?

Check $2

  Debian Packaging Manual
  ---

6.2. Summary of ways maintainer scripts are called
--

*  `install'
*  `install' 
*  `upgrade' 
*  `abort-upgrade' 

*  `configure' 
*  `abort-upgrade' 
*  `abort-remove' `in-favour' 
  
*  `abort-deconfigure' `in-favour'
`removing'
   

*  `remove'
*  `upgrade' 
*  `failed-upgrade' 
*  `remove' `in-favour'  
*  `deconfigure' `in-favour'
`removing'
   

*  `remove'
*  `purge'
*  `upgrade' 
*  `failed-upgrade' 
*  `abort-install'
*  `abort-install' 
*  `abort-upgrade' 
*  `disappear' overwrit>r> 

-- 
I consume, therefore I am

Re: slink -> potato

[Bob Nielsen]

I did an upgrade of one of my systems yesterday with little incident
(apt-get update ; apt-get dist-upgrade).  I had to rerun the upgrade
part several times because the order of installation was a bit messed
up (bind).  

Bob

On Fri, Oct 01, 1999 at 02:24:45PM +0200, andreas pålsson wrote:
> Hello.
> 
> I'm about to make an update of a base Slink-system to the unstable
> Potato.
> 
> Is there anything I should think of or preperations to be made before
> updating?
> 
> Why I do this is because I want to become a Debian-developer, and any
> hints and tips are much appreciated.
> 
> Sincerely...
>   Andreas
> 
> 
> -- 
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
> 

-- 
Bob Nielsen Internet: [EMAIL PROTECTED]
Tucson, AZ  AMPRnet:  [EMAIL PROTECTED]
DM42nh  http://www.primenet.com/~nielsen

dhcpcd procedure

[Dpk]

I recently adopted dhcpcd... previous versions of dhcpcd would restart
during upgrades, which obviously is bad for those doing it remotely.
Since my recent upload does not restart dhcpcd, I need to start it for
those upgrading from previous versions that did stop the daemon.  

What would be the best way to check for this?  A simple 'ps |grep
dhcpcd' ? Would doing so make my package dependent on procps?  or is
there a convenient way to check the installed version of dhcpcd
someway?

Being new the development group, I'm not sure if this is best asked
here or on debian-mentors... so please let me know if this thread
should start elsewhere.

Thanks,
Dennis

Re: Is this a bug in grep, or is it me...

[Ben Pfaff]

Dale Scheetz <[EMAIL PROTECTED]> writes:

> > > The hyphon at the ned of hello in "hello-debhelper" isn't any of these,
> > > but grep declares it to match anyway! Is this something to do with the
> > > form of my expression?
> > 
> > It's preceded by a character that isn't a letter, digit or underscore:
> > a hyphen.
> > 
> Which confused me as to why it was being included in the "word".
> 
> So a "search string" is defined as any characters delimited by blank, tab,
> or newline, but because the hyphon is not considered a "word constituent"
> character, debhelper is considered a "whole word" within the string
> "hello-debhelper"?

If I understand what you're saying, yes: word delimiters are not part
of the words they separate.  If that's not what you mean, then I guess
I need a more elaborate explanation.

(Sorry, I don't have enough time right now to help with your larger
problem.)

-- 
"Whoever you are -- SGI, SCO, HP, or even Microsoft -- most of the
 smart people on the planet work somewhere else."
--Eric S. Raymond

Re: ARGH!!! Re: ITP: jnethack

[Ben Gertzfield]

> "Vincent" == Vincent Renardias <[EMAIL PROTECTED]> writes:

Vincent> Here we go again with package forks...  Can you *PLEASE*
Vincent> try to merge this patch with the upstream version 1st.
Vincent> If the patch is done correctly, I see no reason the
Vincent> upstream maintainer should refuse it. (And if he does,
Vincent> why should Debian accept it?)

I hate to say it, but as the nethack maintainer, I must admit that
upstream is just a bit unreceptive of patches. I know I've forwarded
several patches to them to no avail. New versions of nethack are very
sporadic (read: 5 years between releases) and I think at this point,
forking shouldn't be totally ruled out.

-- 
Brought to you by the letters O and S and the number 13.
"Ooh, don't touch him, HE'S got the wall sconses."
Debian GNU/Linux maintainer of Gimp and GTK+ -- http://www.debian.org/

Re: Is this a bug in grep, or is it me...

[Dale Scheetz]

On 1 Oct 1999, Ben Pfaff wrote:

> Dale Scheetz <[EMAIL PROTECTED]> writes:
> 
> > $ grep -w debhelper override.potato
> > debhelper   optionaldevel
> > hello-debhelper optionaldevel
> > 
> > In the man page, under the -w option, it says that, in order to match, the
> > string must be either at the beginning of the line, or preceeded by a
> > non-word contituent character, which it declares as letters, digits, and
> > the underscore.
> 
> No, it says that those are word constituent characters.

That's what I meant...
> 
> > The hyphon at the ned of hello in "hello-debhelper" isn't any of these,
> > but grep declares it to match anyway! Is this something to do with the
> > form of my expression?
> 
> It's preceded by a character that isn't a letter, digit or underscore:
> a hyphen.
> 
Which confused me as to why it was being included in the "word".

So a "search string" is defined as any characters delimited by blank, tab,
or newline, but because the hyphon is not considered a "word constituent"
character, debhelper is considered a "whole word" within the string
"hello-debhelper"?

While this seems to be working with two definitions of what is a word (the
parser considers hello-debhelper as "one word" while the expression
analysis considers it two words), I can accept that this is the true state
of affairs.

This leaves me with the unresolved problem of distinguishing between the
two package names.

I just read through the grep manpage (again) looking for something that
will enforce an exact match, when I realised that I can simply skip this
step and do the selection in awk (which I was using before to peel off the
section name from the grep output), so the right command is:

awk -v name=debhelper ' name == $1 { print $3 } ' override.potato

which produced the single line:

devel

rather than:

grep -w debhelper override.potato |awk '{ print $3 }'

which produced the two line ouput:

devel
devel


Thanks for the education, problem-set can be a real killer.

Luck,

Dwarf
--
_-_-_-_-_-   Author of "The Debian Linux User's Guide"  _-_-_-_-_-_-

aka   Dale Scheetz   Phone:   1 (850) 656-9769
  Flexible Software  11000 McCrackin Road
  e-mail:  [EMAIL PROTECTED] Tallahassee, FL  32308

_-_-_-_-_-_- See www.linuxpress.com for more details  _-_-_-_-_-_-_-

Re: ARGH!!! Re: ITP: jnethack

[Kenshi Muto]

Fri, 1 Oct 1999 11:53:44 + (GMT), Re: ARGH!!! Re: ITP: jnethack wrote about 
Vincent Renardias <[EMAIL PROTECTED]> (<[EMAIL PROTECTED]>):
vincent> On 1 Oct 1999, Peter Makholm wrote:
vincent> > Vincent Renardias <[EMAIL PROTECTED]> writes:
vincent> > 
vincent> > > >  - All messages were translated to Japanese language.
vincent> > 
vincent> > > Can you *PLEASE* try to merge this patch with the upstream version 
1st.

Baz...

I say AGAIN.
I decided this patch was too difficult to merge.
The patch is *NOT* only simple Japanize.

It adds some special features(Ex. Fighter character).

IMHO, I think this software position likes "moria" or "next
generation", and others forked from nethack (or rogue).

Do you say "NetHack, moria, and NetHack next generation and so on must
be merged to rogue" ? ;-)

vincent> > > If the patch is done correctly, I see no reason the upstream 
maintainer
vincent> > > should refuse it. (And if he does, why should Debian accept it?)
vincent> > 
vincent> > Nethack has no support for multiple languages, and it would take a
vincent> > major rewrite to let it use different languages.
vincent> 
vincent> Since when is adding gettext support considered as a major rewrite?!
vincent> Or is there a reason that makes gettextization impossible?

vincent> > I can't think of any easy way to merge japanese messages into the
vincent> > existing nethack code without removing the english.
vincent> 
vincent> man gettext

Ay, sir.

But who work the job? Upstream author? Maintainer? Me? You?
It seems it will be not able in time till potato freeze or release.
NetHack source code is too complex, Japanese patch (only Japanized
message part) is also too complex.

If you interested the patch of Japanize and adding some features, get
ftp://ftp.debian.or.jp/debian-jp/dists/potato-jp/main/source/games/jnethack-* 

Re: Redesign of diskless NFS-root package & ITP diskless-image

[goswin . brederlow]

Brian May <[EMAIL PROTECTED]> writes:

> [1  ]
> On Wed, Sep 15, 1999 at 11:46:36AM +1000, Brian May wrote:
> > [description removed]
> 
> I have made most of the changed required for my redesign of diskless.
> Amazingly, it looks like no changed are required for dpkg. I haven't
> yet tested anything though, and implementing secure mode might be a bit
> awkward. Currently I am considering the following:
> 
> 1 installation moves /var, /dev, and /tmp into /rw/
> 2 symlinks are created: /var --> /rw/var,
> /dev --> /rw/dev, and
>   /tmp --> /rw/tmp.
> 
> On startup (non-secure mode) /var, /dev, and /tmp are mounted
> as usual, over the top of the directories under /rw/
> 
> (should I do the same thing for /etc too? I inclined not to
> - I think it should be read-only. Making /etc read-write
> might make adding extra hosts easier, as all host
> specific data can be copied and processed on startup)

Do you support multiple clients? I would have a normal /etc that links
most files to /share/etc and some to /rw/etc (the host specific stuff
like hostname). /share would be on / and ro so its available on boot.

> On startup (secure mode) the temp directory is mounted in a temp
> location (eg /copy), and files all files are copied from /rw to /copy.
> This means the read-write files are all contained on the one partition,
> that could easierly be erased/formatted on startup. At this stage, /copy
> is re-mounted over /rw. This would be easier if I didn't have to re-mount
> /copy twice, I will need to think about that.
> 
> The result will be that /var, /dev, and /tmp are read-write,
> but completely refreshed every-time the computer boots.

??? What do you mean here? Why copy anything at all? How should the
filesystems be broken? Isn´t it the servers responsibility to keep
them working? Do I have to copy my 2 GB /rw partition to /copy and
then back over my 40KB/s plip link?

> Anyway, as part of this redesign, I propose to package a new package,
> diskless-image.
> 
> I am not sure if I normally have to ITP a new package when it is based
> on the same source package, but this one is a bit unusual...
> 
> ...it is not meant to be manually installed! Rather, when you create a
> new diskless-image with diskless-newimage, this script automatically
> installs diskless-image.deb with the dpkg --root parameter, so that it
> only effects the NFS-root image. I think it is important to have
> this in the Debian archive though, to make upgrades easier.
> 
> I believe that creating a separate package makes diskless for modular
> and easier to maintain. I suspect that it will make installing different
> architectures easier, as diskless-image can be installed a host other then
> the server, but I can't test this.
> 
> As it is possible that diskless-image could break your computer if
> installed on the root directory by mistake, I have a check in the preinst
> file to ensure the directory /etc/diskless-image exists. If it doesn't
> installation will abort.
> 
> Any comments?

Try to install for an m68k/ppc/alpha diskless station on your i386. I
might test i386/m68k/alpha in any comnbination for server and client
if I find the diskspace for it.

May the Source be with you.
Goswin

Re: boot-floppies status from an insider (was Re: Deficiencies in Debian)

[goswin . brederlow]

Eric Delaunay <[EMAIL PROTECTED]> writes:

> Do we still want to support very old hardware, especially low memory system
> (eg. some old sparc, and maybe old 386, 486 as well) ?

Then you also need a 1.x kernel. 2.0 is wasting mem and 2.2 doesn´t
boot on low mem maschines. I think its safe to assume 8 MB ram for a
linux installation. Everybody else should take a bootdisk from bo or slink.

> In this case, we need to add a "swap on NFS" patch to the kernel.
> I found one patch for 2.0.35 (sparc) kernel.  And for 2.2, NBD could be used
> along with a patch to the networking subsystem
> (http://atrey.karlin.mff.cuni.cz/~pavel/nbd/nbd.html).
> I will try to build bootdisks for sparc based on them.

Hmm, if you can nfs-swap, you will have acess to another maschine,
where you custombuild your kernel and copy that to the boot disk. If
ram is a problem you will want to compile a kernel anyway.

May the Source be with you.
Goswin

Re: Need IRC help for "Open Source / Open Science" conference

[bruce]

Thanks, Johnny.

Bruce

Re: Need IRC help for "Open Source / Open Science" conference

[bruce]

Oops. I sent that message regarding "need IRC help". I think the return
address on the previous mesage is no good.

Bruce

Re: BTS: How are the bug reports organized?

[Darren Benham]

On Thu, Sep 30, 1999 at 11:19:56PM -0600, Jason Gunthorpe wrote:
> 
> On Thu, 30 Sep 1999, Darren Benham wrote:
> 
> > No, seriously, that's how it's created but as long as we don't start 
> > ignoring
> > bugs, we'll never see  or 9 bugs in a single directory.
> 
> Yeah, but the entire reason behind splitting things up like that was to
> reduce the number of files per-directory. Thomas is right to observe that
> in a few years we will be back where we started again :< 
Oh, I'm not disagreeing with him.  I want to change the structure to save based
on the last two digits of the bug number, not the first... It'll just take some
major testing time to make sure nothing breaks and discussion by the mirror 
people because it will cause all those pages to be remirrored...


pgpQ6cHz9lysG.pgp
Description: PGP signature

Re: Is XEmacs nonfree?

[Marcus Brinkmann]

On Thu, Sep 30, 1999 at 09:14:15AM +0200, [EMAIL PROTECTED] wrote:
> On Thu, 30 Sep 1999, Marcus Brinkmann wrote:
> 
> > The FSF does only include code in GNU programs if the author assigns the
> > copyright to the FSF by signing a paper.
> 
> Wrong.
> 
> Take a look at http://www.gnu.org/software/
> At least shtool and WindowMaker are copyrighted by their authors.

Well, there is a distinction between software that is GNU and software that
is used in the GNU system. So, a GNU system includes X, which is obviously
not copyrighted by FSF (not even GPL).

There are even cases where parts of GNU software contain code not
copyrighted by the GPL (thanks to Gunnar Evermann for pointing out an
example in emacs).

But rest assured that the FSF is very eager to get the copyright assigned to
them, and incorporating parts which are not is an exception usually (I say
this from my experience).

Thanks for the correction,
Marcus

-- 
`Rhubarb is no Egyptian god.' Debian http://www.debian.org  Check Key server 
Marcus Brinkmann  GNUhttp://www.gnu.orgfor public PGP Key 
[EMAIL PROTECTED]PGP Key ID 36E7CD09
http://homepage.ruhr-uni-bochum.de/Marcus.Brinkmann/

Corel changes BTA?

[Marcus Brinkmann]

Hello,

I have seen on IRC a link to the changed BTA by Corel (I lost the link,
hough). Someone who received this please verifies the correctness of this
information, as I do not participate in the beta test and don't know if
this is real (although it looks real).

A quick check shows the following relevant changes. They seem to solve the
solution pretty good know. Are there any more issues we should be concerned
about?

I applaud Corel to not only clarify, but also put a clarification on paper.
I also ask people not to send angry letters to Corel, but further try the
way of negotiation and discussion, if there are still problems to be found.

Regardless of intentions, this is a big success, because we could one more
time defend the spirit of Free Software by social means (as opposed to legal
force). I want to thank everyone who was involved (especially Bruce Perens).


---
5. Use of Product:

(i) The use of each component of the Product shall be governed by the terms
and conditions of the applicable software license agreement that accompanies
such component. For example, your use of components which are licensed under
the GNU General Public License ("GPL") is governed by the terms of the GPL.

(ii) Notwithstanding the foregoing, those portions of the Product identified
as being developed independently by Corel, including without limitation the
files listed on the attached Schedule "A" ("Corel Softwware") , may be used
bby Users solely during the Term and solely at the User Location for the
purpose of evaluating the Products for the benefit of Corel. User may not
reproduce and distribute copies of the Corel Software to any other person.

[ About Schedule A: This is a list with about 30 program names, that goes
like "Corel Explorer", "hardreboot", "etcdev", "setup" etc. Most of them
sound like small utilities that may very well be developed independently by
Corel. However, some of them have a k*, like kchangepwd. They probably link
to KDE libraries, I don't know which license those have. Considering that
their license may be LGPL or more free, and considering the opinions of KDE
developers, I don't think that Corel is on thin ice here).]

...

11. Intellectual Property Rights. All right, title and interest to all
intellectual property with respect to the Corel Software shall remain with
Corel. No license or other right of any kind is grnated by Corel's
furnishing the Corel Software to User, except for the limited right to use
and tet the Corel Software as part of the Product as expressively provided
in this Agreement. Nothing in this section shall effect the rights of
copyright holders of non-Corel Software or the rights granted to User under
license by such copyright holders.

Part 13: Confidentiaity of Information

[This section has in BOLD:]

For clarity, non-Corel Software is not considered Confidential Information.

Thanks,
Marcus


-- 
`Rhubarb is no Egyptian god.' Debian http://www.debian.org  Check Key server 
Marcus Brinkmann  GNUhttp://www.gnu.orgfor public PGP Key 
[EMAIL PROTECTED]PGP Key ID 36E7CD09
http://homepage.ruhr-uni-bochum.de/Marcus.Brinkmann/

Re: Is this a bug in grep, or is it me...

[Ben Pfaff]

Dale Scheetz <[EMAIL PROTECTED]> writes:

> $ grep -w debhelper override.potato
> debhelper   optionaldevel
> hello-debhelper optionaldevel
> 
> In the man page, under the -w option, it says that, in order to match, the
> string must be either at the beginning of the line, or preceeded by a
> non-word contituent character, which it declares as letters, digits, and
> the underscore.

No, it says that those are word constituent characters.

> The hyphon at the ned of hello in "hello-debhelper" isn't any of these,
> but grep declares it to match anyway! Is this something to do with the
> form of my expression?

It's preceded by a character that isn't a letter, digit or underscore:
a hyphen.

Re: Need IRC help for "Open Source / Open Science" conference

[Johnie Ingram]

"Open" == Open Source/Open Science <[EMAIL PROTECTED]> writes:

Open>  But nobody here so far knows a thing about IRC.

I recommend http://www.irchelp.org/ for a quick primer.

Open> So, I need someone to create an "OSOS" channel on some server
Open> like irc.openprojects.net . Then, I need instructions on how to
Open> start Linux IRC and get on that channel.

Ok OPK is ready, to connect with a console based IRC client like the
bitchx or epic packages, you'd do something like this:

  ~$ bitchx bruce irc.openprojects.net

   /join #osos   



netgod



-
  irc.us.openprojects.net  irc.eu.openprojects.net  irc.au.openprojects.net
  irc.debian.org   irc.redhat.com   irc.linux.org   irc.linux.com

"Open Source, Open Technology, Open Information"

bash package removing /bin/sh on upgrade

[Torsten Landschoff]

On Fri, Oct 01, 1999 at 08:36:01AM -0400, Ivan E. Moore II wrote:
> yea...I just did an update today and something decided to remove /bin/sh
> during the upgrade...and didn't put it back before it was needed...
> so if something hoses for you just recreate it by linking it to like
> bash...

I am the person responsible for this problem. In fact the problem was that
people did not want the bash package to override their /bin/sh link so 
it had to be removed from the package. Problem is that this way dpkg will
delete the link. As long as you just run dpkg -i bash*.deb this is no problem
as the postinst will recreate the link if it is not there.

apt does it right - it configures bash at once since it is an essential
package. But when I upgraded my system using dpkg (the packages were
downloaded according to a list generated by apt) I lost /bin/sh myself.

If somebody could come up with a better method of handling this it would be
most welcome.

Thanks
Torsten


pgpc2GNVVe5Pu.pgp
Description: PGP signature

Need IRC help for "Open Source / Open Science" conference

[Open Source/Open Science]

Hi,

I am at the "Open Source / Open Science" conference at Brookhaven
National Labs.  Tormrrow (Saturday) we are having the conference. We are
doing an mbone broadcast, and would like to set up IRC so that people
can send in questions.  But nobody here so far knows a thing about IRC.

So, I need someone to create an "OSOS" channel on some server like
irc.openprojects.net . Then, I need instructions on how to start Linux IRC
and get on that channel.

Thanks

Bruce

Is this a bug in grep, or is it me...

[Dale Scheetz]

I am trying to grep the override file for the section for debhelper. I am
using the "whole word" option (-w), but this is what I get:

$ grep -w debhelper override.potato
debhelper   optionaldevel
hello-debhelper optionaldevel


In the man page, under the -w option, it says that, in order to match, the
string must be either at the beginning of the line, or preceeded by a
non-word contituent character, which it declares as letters, digits, and
the underscore.

The hyphon at the ned of hello in "hello-debhelper" isn't any of these,
but grep declares it to match anyway! Is this something to do with the
form of my expression?

Any information will be greatfully appreciated,

Dwarf
--
_-_-_-_-_-   Author of "The Debian Linux User's Guide"  _-_-_-_-_-_-

aka   Dale Scheetz   Phone:   1 (850) 656-9769
  Flexible Software  11000 McCrackin Road
  e-mail:  [EMAIL PROTECTED] Tallahassee, FL  32308

_-_-_-_-_-_- See www.linuxpress.com for more details  _-_-_-_-_-_-_-

Re: Packages should not Conflict on the basis of duplicate functionality

[Clint Adams]

[Craig flaming Doctor What deleted]

> if someone doesn't want a service enabled then they should not install
> the package that provides that service. if they want the service, then
> install the appropriate package. simple. their choice to install or not
> install.
> 
> now what is so fucking difficult to understand about that?

The reasoning behind why anyone should share that opinion.
I'm at a loss.  Sure, you can --unpack a deb to get to the
files without running the postinst or whatever starts these
evil daemons, but why should --install be synonymous with
"run"?

Re: Packages should not Conflict on the basis of duplicate functionality

[Clint Adams]

> it isn't useful to run the vtund server until it is configured. there
> is no "standard" configuration which is suitable for shipping as a
> default - it MUST be customised for each site, each tunnel must be setup
> individually.

When did "useful" enter this discussion?

pipsecd starts the daemon automatically even though no tunnel has
been set up, and even if userlink-modules hasn't been installed.

And even though it is of absolutely no use to you, the daemon
starts running when you install the package.  And if there's some
sort of exploitable back door in the code, you're vulnerable.
But fine, you think security is a non-issue.

You seem to recognize at least one situation where it is
counterproductive for Debian to make an assumption about the
user's configuration.  Why can you not recognize others?

Re: compressed HTML/dhelp

[Marco Budde]

Joel Klecker wrote:

> close 41352

Why is it so difficult to fix bugs instead of closing bug
reports without fixing the bugs?

> thanks

:(

> >Please fix bugs! How should the user read compressed HTML
> >files? Could you tell me one internet page sending
> >compressed html documents to the user?
> Show me where the bug is;

Without any problems: install a non unix/linux operating
system and use netscape or another browser. How can you
read these documents? -> This is a bug.

> show me where policy says I can't compress HTML.

This is not a topic of the policy. With the same arguments
you could compress compiled programs.

> lynx has no problem with it and I had no trouble getting
> netscape to display it over HTTP.

Some netscape installation (even under Linux) have got problems
with these files. And of course there´re other browsers.

> plain text files too, are you gonna say that those should be
> uncompressed too in case someone wants to browse
> ?

No I don´t say that. But compressed HTML files are as broken
as gzip compressed jpeg/gif files produced by programs like
debmaker and debhelper.

> >And why don´t you want dhelp support? A lot of users like
> >these systems. Why is it so difficult to add such an
> >entry? If you need help tell me.
> a) I haven't had anyone besides you ask for it 

Then I would suggest reading magazines like the famous German
c´t. They have recognized Debian´s documentation chaos.

> b) I don't like dhelp

Why? I don´t like broken packages like your.

> c) it's one tiny little document

And it´s one tiny little configuration file for dhelp or
doc-base or dwww. Where´s the problem to add such a small file?
HTML is Debian´s documentation format, so please make it
readable. Thank you.

cu, Marco

-- 
   -- Linux HOWTOs: Die besten Lösungen der Linuxgemeinde --
  ISBN 3-8266-0498-9

Uni: [EMAIL PROTECTED]   Fido: 2:240/6298.5
Mailbox: [EMAIL PROTECTED]  http://www.tu-harburg.de/~semb2204/

Re: Release-critical Bugreport for October 1, 1999

[Ben Collins]

On Fri, Oct 01, 1999 at 12:15:07AM -0500, BugScan reporter wrote:
> Package: fileutils (main)
> Maintainer: Galen Hazelwood <[EMAIL PROTECTED]>
>   39680  "rmdir --ignore-fail-on-non-empty" still fails, it only suppresses 
> the message

bbs:~# rmdir --ignore-fail-on-non-empty /var || echo not empty
bbs:~#

It seems to work fine for me. Can this one be closed?

Ben

I like to ask.

[Esa Vitikka]

Hello!
What is function library name of fvwm2?
I like to make aplication by C.
Buttons, Fields and Windows.
Student Esa Vitikka Rovaniemi Finland.
__
Get Your Private, Free Email at http://www.hotmail.com

Re: slink -> potato

[Ivan E. Moore II]

yea...I just did an update today and something decided to remove /bin/sh
during the upgrade...and didn't put it back before it was needed...
so if something hoses for you just recreate it by linking it to like
bash...

Ivan

On Fri, Oct 01, 1999 at 02:24:45PM +0200, andreas pålsson wrote:
> Hello.
> 
> I'm about to make an update of a base Slink-system to the unstable
> Potato.
> 
> Is there anything I should think of or preperations to be made before
> updating?
> 
> Why I do this is because I want to become a Debian-developer, and any
> hints and tips are much appreciated.
> 
> Sincerely...
>   Andreas
> 
> 
> -- 
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
---end quoted text---

-- 
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Ivan E. Moore II  Rev. Krusty
http://www.tdyc.com  [EMAIL PROTECTED]
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
 Imagination is more important than knowledge  - Albert Einstein
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
GPG KeyID=0E1A75E3
GPG Fingerprint=3291 F65F 01C9 A4EC DD46 C6AB FBBC D7FF 0E1A 75E3
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

slink -> potato

[andreas pålsson]

Hello.

I'm about to make an update of a base Slink-system to the unstable
Potato.

Is there anything I should think of or preperations to be made before
updating?

Why I do this is because I want to become a Debian-developer, and any
hints and tips are much appreciated.

Sincerely...
Andreas

Re: Reupload to ftp.uni-erlangen.de

[Andreas Tille]

On Fri, 1 Oct 1999, Santiago Vila wrote:

> You may use a *.commands file to remove the unwanted files.
> This is explained in the README in the UploadQueue directory.
Which directory is that?

I havn't found such a file you described.

Kind regards

   Andreas.

I am leaving again...

[Torsten Landschoff]

Hi *, 

I am leaving for another week of vacation today. I will not be able to read
my mail or do any work related to Debian. Please feel free to NMU all my 
packages in case that is needed.

Also I want to say that a new ILU version is out and I did not yet have the
time to package it. I am going to repackage the whole thing because the Debian
package are not as good as I want them to be. Should somebody want to help 
in that area I would appreciate it.

Thanks
Torsten


pgpmPuz8E6k3e.pgp
Description: PGP signature

shlib-with-non-pic-code _libglademodule.so

[Torsten Landschoff]

Hi!

I am the maintainer of python-gnome and the associated modules. The current 
python-glade has support for the libglade library in _libglademodule.so. 
Problem: Lintian complains that _libglademodule.so contains position dependent
code. But it is compiled with

gcc -g -O2 -fPIC -c libglademodule.c
gcc -shared -lc -o _libglademodule.so libglademodule.o -lglade -lxml -lz \
-lgtk -lgdk -rdynamic -lgmodule -lglib -ldl -lXi -lXext -lX11 -lm

(I removed some of the uninteresting options as -Lfoo and -Ibar)

Could you tell me what I am doing wrong? I don't see anything wrong in 
that gcc commands. Perhaps lintian is wrong?

Thanks
Torsten


pgpVLZhjWeITV.pgp
Description: PGP signature

Re: corel linux demo

[Kenneth Scharf]

--- Bernd Eckenfels <[EMAIL PROTECTED]> wrote:
> On Thu, Sep 30, 1999 at 05:29:29AM -0700, Kenneth
> Scharf wrote:
> > I  hope some shovelware cd makers will burn their
> beta
> > onto cdr and sell it for those of us without T1
> lines.
> 
> I wonder if Corel will allow this... and I wonder
> why I should use a system
> which is not open source...
> 
Probably most of Corel's linux distro IS GPL'ed. 
Since  
they also are an application vendor they might be
tempted to include propritary SW on the same cd, but
might opt to put such sw on a second cd (and mark that
CD as NON-GPL) to make the issue clear.  ALL of the
other commerical cd vendors have their distro's on an
ftp site for download, and one or two even provide the
iso image file to make your own cd.

As far as using none open source sw, each individual
must make up his own mind.  I think that the os is the
most important part of the system, and theirfore MUST
be open source.  As far as applications go, I would
use (even pay for) a good non open source ap if it met
my needs and there was no pratical reason to look
under the hood.  Wordperfect fits that description for me.

=
Amateur Radio, when all else fails!

http://www.qsl.net/wa2mze

Debian Gnu Linux, Live Free or .


__
Do You Yahoo!?
Bid and sell for free at http://auctions.yahoo.com

Re: ARGH!!! Re: ITP: jnethack

[Vincent Renardias]

On 1 Oct 1999, Peter Makholm wrote:

> Vincent Renardias <[EMAIL PROTECTED]> writes:
> 
> > >  - All messages were translated to Japanese language.
> 
> > Can you *PLEASE* try to merge this patch with the upstream version 1st.
> > If the patch is done correctly, I see no reason the upstream maintainer
> > should refuse it. (And if he does, why should Debian accept it?)
> 
> Nethack has no support for multiple languages, and it would take a
> major rewrite to let it use different languages.

Since when is adding gettext support considered as a major rewrite?!
Or is there a reason that makes gettextization impossible?

> I can't think of any easy way to merge japanese messages into the
> existing nethack code without removing the english.

man gettext


-- 
- Vincent RENARDIAS  [EMAIL PROTECTED],pipo}.com,{debian,openhardware}.org} -
- Debian/GNU Linux:   http://www.openhardware.orgExecutive Linux: -
- http://www.fr.debian.org   Open Hardware:   http://www.exelinux.com -
---
"J'adore la France :
c'est un pays superbe et surtout il n'y a pas d'Anglais." [Mick Jagger]

Bug#46388: NO 2.1r3 M68K CDs: trn depends

[Roman Hodek]

> trn:
> Depends: libc6, libncurses4 (>= 4.2-3.1), inews
[...]
> 68k - I think this is a bug in your build daemon - it's built a
> slink package against the potato libraries. Can any of you give me
> access to a slink machine to fix this? cd - as requested.

It's not (strictly speaking) a bug in buildd, but the package simply
has been built on the wrong machine... (probably by rbuilder).

However, I've already heard of this problem and have immediately
rebuilt trn (3.6-9.3.2). This version depends on "libc6, libncurses4,
inews", i.e. no versioned libncurses dependency. It's installed in
proposed-updates. If you want to make the m68k CDs from stable only,
please nudge the FTP admins to install the package now.

Roman

Re: ARGH!!! Re: ITP: jnethack

[Peter Makholm]

Vincent Renardias <[EMAIL PROTECTED]> writes:

> >  - All messages were translated to Japanese language.

> Can you *PLEASE* try to merge this patch with the upstream version 1st.
> If the patch is done correctly, I see no reason the upstream maintainer
> should refuse it. (And if he does, why should Debian accept it?)

Nethack has no support for multiple languages, and it would take a
major rewrite to let it use different languages.

I can't think of any easy way to merge japanese messages into the
existing nethack code without removing the english.


Speaking of Nethack, it has a y2k problem. I hope it's the only one in
Debian

-- 
I congratulate you. Happy goldfish bowl to you, to me, to everyone,
and may each of you fry in hell forever. 
-- Isaac Asimov, "The Dead Past"

Processed: Bug#46388: NO 2.1r3 M68K CDs: trn depends

[Debian Bug Tracking System]

Processing commands for [EMAIL PROTECTED]:

> severity 46388 grave
Bug#46388: NO 2.1r3 M68K CDs: trn depends
Severity set to `grave'.

> reassign 46388 general
Bug#46388: NO 2.1r3 M68K CDs: trn depends
Bug reassigned from package `trn' to `general'.

> thanks
Stopping processing here.

Please contact me if you need assistance.

Darren Benham
(administrator, Debian Bugs database)

Re: Redesign of diskless NFS-root package & apt error

[Brian May]

On Mon, Sep 27, 1999 at 05:16:28PM +1000, Brian May wrote:
> apt, for starters is broken:

Whats worse:

1. Complaining about a problem and not having it fixed.

2. Complaining about a problem, and subsequently finding it
already has been fixed.



Well, in my case, the problems I encountered with apt been fixed in the
latest potato version. ;-)

apt-get works perfectly, and I haven't had any problems yet that
I can blame on it.
-- 
Brian May <[EMAIL PROTECTED]>

Re: Reupload to ftp.uni-erlangen.de

[Santiago Vila]

On Fri, 1 Oct 1999, Andreas Tille wrote:

> I wanted to dupload a new version of my freetds-jdbc package
> to ftp.uni-erlangen.de.  Unfortunately the first ftp connection
> were broken.  A second trial was refused with the message:
> 
>  freetds-jdbc_pre0.3-1.diff.gz 2.8 kB dupload fatal error: Can't upload 
> freetds-jdbc_pre0.3-1.diff.gz: freetds-jdbc_pre0.3-1.diff.gz: Permission 
> denied. (Overwrite)
>   at /usr/bin/dupload line 481
> 
> How could I remove the broken file or overwrite it with the correct package?

You may use a *.commands file to remove the unwanted files.
This is explained in the README in the UploadQueue directory.

-- 
 "572ac360568c5d252d6f08d130cb9b7d" (a truly random sig)

Re: Packages should not Conflict on the basis of duplicate functionality

[Craig Sanders]

On Fri, Oct 01, 1999 at 03:13:36AM -0500, The Doctor What wrote:

> Excuse me.  I work for TurboLinux.  

i don't give a damn who you work for.

> We make it an EXPLICIT policy to disable all daemons,

well, bully for you.  i guess that must make you so proud.


if someone doesn't want a service enabled then they should not install
the package that provides that service. if they want the service, then
install the appropriate package. simple. their choice to install or not
install.

now what is so fucking difficult to understand about that?




> If it really bothers you, then maybe a global switch
> that sets whether daemons should just start up or ask first.

you must be some kind of genius to figure that out all by yourself. gee,
i wish i had of thought of that. i wish several other people in this
thread had thought of that. oh. that's right. we did. i guess you aren't
such a genius after all.


> I would beg to differ.  In some environments, having an unconfigured
> server running for 30 seconds is too much.  And don't tell me to
> pulling the net cable.  What if it's being installed via the net?

DON'T INSTALL THE DAEMON IF YOU DON'T WANT TO RUN IT.

WHY IS THE BLEEDING OBVIOUS SO FAR BEYOND YOUR COMPREHENSION?



this argument has gone way beyond the point of being tiresome, it is
tedious. it is especially tedious when some pompous cretin just spews
out trivialities based on some misunderstanding of the thread which is
explicable only by you not having read it.

no regards, 

craig

--
craig sanders

ARGH!!! Re: ITP: jnethack

[Vincent Renardias]

On Fri, 1 Oct 1999, Kenshi Muto wrote:

> jnethack is NetHack with Japanese patch.
>  - All messages were translated to Japanese language.
>  - New character "Fighter" (It looks "SailorMoon", but I don't know about 
> this so well ;-) ) added.
> 
> Yes, this package is fork version from nethack.
> But I think the patch of Japanese is too difficult to merge.

Here we go again with package forks...
Can you *PLEASE* try to merge this patch with the upstream version 1st.
If the patch is done correctly, I see no reason the upstream maintainer
should refuse it. (And if he does, why should Debian accept it?)

Cordialement,

>  Package: jnethack
>  Version: 1.0.5.4.1-20
>  Section: games
>  Priority: optional
>  Architecture: i386
>  Depends: libc6 (>= 2.1), libncurses4 (>= 4.2-3.1), xlib6g (>= 3.3-5), xlib6g 
> (>= 3.3.4-1), xpm4g (>= 3.4j-0), xbase-clients
>  Installed-Size: 2729
>  Maintainer: Kenshi Muto <[EMAIL PROTECTED]>
>  Description: the dungeon exploration game NetHack (for Japanese).
>   the dungeon exploration game NetHack (for Japanese).
> 
> License:
> NETHACK GENERAL PUBLIC LICENSE
> -- 
> Kenshi Muto
> [EMAIL PROTECTED]
> http://www.debian.org/~kmuto/
> 
> 
> -- 
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
> 
> 
> 

-- 
- Vincent RENARDIAS  [EMAIL PROTECTED],pipo}.com,{debian,openhardware}.org} -
- Debian/GNU Linux:   http://www.openhardware.orgExecutive Linux: -
- http://www.fr.debian.org   Open Hardware:   http://www.exelinux.com -
---
"J'adore la France :
c'est un pays superbe et surtout il n'y a pas d'Anglais." [Mick Jagger]

PLEASE READ: lilo 22dev0-1 can make your system unbootable !

[Vincent Renardias]

> Stephen Zander writes:
>  > > "Vincent" == Vincent Renardias <[EMAIL PROTECTED]> writes:
>  > Vincent> short summary: lilo v22 works only with 2.0 kernels; it
>  > Vincent> won't boot a 2.2.x or a 2.3.y.  a v21 version has been
>  > Vincent> reuploaded to master this morning.
>  > 
>  > Hmmm, sure?
>  > 
>  > $ dpkg -l lilo
>  > ii  lilo22dev0-1   LInux LOader - The Classic OS loader 
> can loa
>  > $ uname -a
>  > Linux pooh 2.2.12 #1 Mon Sep 27 14:53:51 PDT 1999 i686 unknown
>  > $ uptime
>  >  10:53pm  up  1:33,  2 users,  load average: 0.00, 0.02, 0.00



Ok, it looks like lilo_22dev0-1 failed for a number of people but worked
for some others...

IF you've tried lilo_22dev0-1, can you please email me (not the whole
list) with the following informations:

1/ Did it work? (give error message if it failed)

2/ Content of your lilo.conf

3/ what's your disk setup (type, number, capacity, partitionning)

4/ kernel # you are using.


NB: lilo-21 has been reinstalled in the Debian archive, but people brave
enough to test lilo-22 can find it here:
http://www.ldsol.com/~vincent/misc/


Cordialement,

-- 
- Vincent RENARDIAS  [EMAIL PROTECTED],pipo}.com,{debian,openhardware}.org} -
- Debian/GNU Linux:   http://www.openhardware.orgExecutive Linux: -
- http://www.fr.debian.org   Open Hardware:   http://www.exelinux.com -
---
"J'adore la France :
c'est un pays superbe et surtout il n'y a pas d'Anglais." [Mick Jagger]

Re: Re^6: strange behavior of dh_dhelp

[Raul Miller]

On Thu, Sep 30, 1999 at 07:31:00PM +0100, Marco Budde wrote:
> Ok, you#re right. But the classic http daemons (cern for example) used/use  
> chroot() for security reasons. You#re right, the current apache package  
> supports symlinks, but will all users use apache? Will all users use  
> FollowSymLink (a dangerous feature?). Is a http daemon broken, because it  
> doesn#t follow these symlinks?

(1) If the daemon can serve /usr/anything when the docroot is /var/www
chroot() is not happening.

(2) Did you completely miss my post which pointed out that the >>server<<
does not have to follow symlinks?  You can construct the index page ahead
of time.

-- 
Raul

ITP: actx

[Kenshi Muto]

Hi,

I intent to upload package "actx".
"actx" is pretty mascot program for X Window System, it will catch
your heart. :-)

 Package: actx
 Version: 0.98pre8-2
 Section: x11
 Priority: optional
 Architecture: i386
 Depends: libc6 (>= 2.1), xlib6g (>= 3.3-5), xlib6g (>= 3.3.4-1),
  xpm4g (>= 3.4j-0)
 Installed-Size: 1031
 Maintainer: Kenshi Muto <[EMAIL PROTECTED]>
 Description: A Window Sitter Program on X
  ActX is a window sitter program to make your life with X rich and
fruitful. It supports a helpful pop-up menu to modify configuration of
animation and more. Originally inspired with XAyanami, another window
sitter.

Copyright: GPL
-- 
Kenshi Muto
[EMAIL PROTECTED]
http://www.debian.org/~kmuto/


pgpW019KgX7bl.pgp
Description: PGP signature

Re: {R,I[INEW]}TP: free ssh [non-US]

[Philip Hands]

James Troup <[EMAIL PROTECTED]> writes:

> Hi,
> 
> OpenBSD have started working on the last free SSH (1.2.12 was under a
> DFSG free license AFAICT[1]), they also, (again AFAICT [I'm going by
> the CVS commits]), are ripping out the patented algrothims (IDEA,
> etc.).  Unfortunately, I'm chronically busy with work and haven't had
> time to look into it, but all the signs look very good (they appear to
> have added it as part of their base system, for example).

Damn, I thought I knew ssh had been free at one point, but when I
noticed the non-free license in the late teens, I obviously failed to
go back far enough to find the free version.

Anyway, I'll take it, given that I do ssh anyway it should be little
extra hassle (unless anyone thinks that Data Fellows could use that as
an excuse for calling any work I do as copyright infringement, but
that doesn't strike me as likely)

I'll probably end up calling the new package ssh-free

Cheers, Phil.

Re: warning: lilo 22dev0-1 can make your system unbootable !

[Matthew Vernon]

Stephen Zander writes:
 > > "Vincent" == Vincent Renardias <[EMAIL PROTECTED]> writes:
 > Vincent> short summary: lilo v22 works only with 2.0 kernels; it
 > Vincent> won't boot a 2.2.x or a 2.3.y.  a v21 version has been
 > Vincent> reuploaded to master this morning.
 > 
 > Hmmm, sure?
 > 
 > $ dpkg -l lilo
 > ii  lilo22dev0-1   LInux LOader - The Classic OS loader can 
 > loa
 > $ uname -a
 > Linux pooh 2.2.12 #1 Mon Sep 27 14:53:51 PDT 1999 i686 unknown
 > $ uptime
 >  10:53pm  up  1:33,  2 users,  load average: 0.00, 0.02, 0.00

While we're at it:

student:~$ dpkg -l lilo
ii  lilo22dev0-1   LInux LOader - The Classic OS loader can loa
student:~$ uname -a
Linux student 2.2.9 #1 SMP Sat Jun 12 17:10:55 BST 1999 i586 unknown

Matthew

-- 
"At least you know where you are with Microsoft."
"True. I just wish I'd brought a paddle."
http://www.debian.org/

Re: NcFTP is free again?

[J.H.M. Dassen \(Ray\)]

On Fri, Oct 01, 1999 at 01:41:18 -0500, Chris Lawrence wrote:
> So we can't do squat with NcFTP 3 until Mike includes a license.

I switched to lftp myself at the time of the previous ncftp license issue,
and haven't looked back. Is there anything in ncftp that lftp doesn't have?
If there isn't, I'd say just drop it.

Ray
-- 
Obsig: developing a new sig

Re: Packages should not Conflict on the basis of duplicate functionality

[The Doctor What]

On Sat, Sep 25, 1999 at 01:02:44AM -0700, Joey Hess wrote:
> The Doctor What wrote:
> > Why shouldn't *all* daemon packages ask these questions, and whether to even
> > run *upon install*?
> 
> Because we need to decrease the number of questions asked at install time,
> not increase it.

According to who?  I admit there a lot, and someone needs to issue
bugreports againts silly, redundant questions But until debconf, then
we are stuck with the current methods of configuring things.

By all means make it debconf, but these questions need to be asked.

Ciao!

-- 
"If users are made to understand that the system administrator's job is to make 
computers run, and not to make them happy, they can, in fact, be made happy 
most of the time. If users are allowed to believe that the system 
administrator's job is to make them happy, they can, in fact, never be made 
happy."
-Paul Evans (as quoted by Barb Dijker in "Managing Support Staff", LISA 
'97)

The Doctor What: Need I say more?http://docwhat.gerf.org/
[EMAIL PROTECTED](finger [EMAIL PROTECTED] for PGP key)
KF6VNC

Re: Packages should not Conflict on the basis of duplicate functionality

[The Doctor What]

On Thu, Sep 30, 1999 at 08:05:32AM +1000, Craig Sanders wrote:
> On Wed, Sep 29, 1999 at 06:38:55AM -0400, Michael Stone wrote:
> 
> > The fantasy is over--WELCOME TO REAL LIFE! It turns out that some
> > people install Linux without preexisting knowledge of how to securely
> > administer a Unix machine.
> 
> sorry, it's you who needs to wake up to the real world.

Excuse me.  I work for TurboLinux.  We make it an EXPLICIT policy to
disable all daemons, for Workstation and Server products.  We also provide
a tool to manage these (turboservices and turbonetcfg).

I used to work for Tandem Computers, Tandem Computers had a similar policy
too.

While Mr. Stone is being a little extreme, this is the real world.
This is a security issue.  More than that it is a matter of choice.

> if people don't know how to administer a Unix machine then they need
> to learn fast. no amount of molly-coddling by the distribution authors
> (i.e. us) is going to obviate that essential requirement. maintaining
> security on your own systems requires personal knowledge and experience,
> it can not be done by proxy.

Since all users should know Unix anyway, let us turn off all services
by default.

This is not my position.

I'm of the opinion that it should ask as Debian has no separate "Workstation"
or "Server" set up.  If it really bothers you, then maybe a global switch
that sets whether daemons should just start up or ask first.

> > When we ship a system with a bunch of stuff enabled by default,
> > we're not only putting their machine at risk but we're also creating
> > problems for everyone else who's system is attacked by someone using
> > the debian machine as a jump-off point. That's bad.
> 
> that's bad. it's also bullshit. enabling daemons by default is not
> inherently a security problem.

I would beg to differ.  In some environments, having an unconfigured
server running for 30 seconds is too much.  And don't tell me to
pulling the net cable.  What if it's being installed via the net?

But security is not the only issue here.  Choice is.  Have a policy that
says all daemons should ask:
Should it start now, or be configured later
Should it use inetd, or run stand-alone?
Should it use the default port(s)? Or something else?

> if they don't need it then they shouldn't install the package.

There is a difference between installing a package, reading
the docs, seeing how it works in loop-back or an alternate port, and
installing a package to run now.

> why run debian (with all it's useful tools like update-inetd and
> update-rc.d and so on) if you're going to throw away those advantages?

If we ask the questions upon initial install, set the daemon the way we
want it, how are we throwing away Debian's tools?  We are getting what we
want.  If we want to only use half the tools, that's our perogative.

> it's damned annoying to see people trying to force their personal
> preferences on everyone else by making loud noises about trumped up
> nebulous and vague "security" issues. it would be nicer if such FUD were
> left behind in the proprietary software world.

No kidding.  Security isn't the only issue here, but it part of this
discussion.

Ciao!

-- 
"I'm not a god, I was misquoted."
 -- Lister (Red Dwarf)

The Doctor What: Un-Humble   http://docwhat.gerf.org/
[EMAIL PROTECTED](finger [EMAIL PROTECTED] for PGP key)
KF6VNC

Re^6: strange behavior of dh_dhelp

[Marco Budde]

Am 30.09.99 schrieb joey # kitenet.net ...

Moin Joey!

JH> >   (a) symlinks don#t work with the http protocol
JH> You know, I've read the http protocol, and I don't recal any mention of
JH> such unix-centric concepts of symlinks, especially not any prohibition of
JH> them. If you're going to keep insisting the http protocol doesn't support
JH> symlinks, please quite me chapter and verse from RFC 2068.

Ok, you#re right. But the classic http daemons (cern for example) used/use  
chroot() for security reasons. You#re right, the current apache package  
supports symlinks, but will all users use apache? Will all users use  
FollowSymLink (a dangerous feature?). Is a http daemon broken, because it  
doesn#t follow these symlinks?

I would suggest:

 (1) All packages of Debian 2.2 have to use /usr/share/doc. If we
 have FHS and FSSTND packages we will get a chaos.
 (2) All packages of Debian 2.2 have to use a symlink in /usr/doc to
 support a mixture of Debian 2.1 and 2.2 packages.
 (3) The user uses /usr/share/doc to avoid problems with the symlinks
 and problems in Debian 2.3.

cu, Marco

P.S.: Of course dhelp will support the latest policy (if this is
  possible), but it#s not a really good solution.

--
  Linux HOWTOs - Die besten Loesungen der Linuxgemeinde
ISBN 3-8266-0498-9

Uni: [EMAIL PROTECTED] Fido: 2:240/6298.5
Mailbox: [EMAIL PROTECTED]http://www.tu-harburg.de/~semb2204/

ITP: jnethack

[Kenshi Muto]

Hi,
I intent to upload "jnethack".

jnethack is NetHack with Japanese patch.
 - All messages were translated to Japanese language.
 - New character "Fighter" (It looks "SailorMoon", but I don't know about this 
so well ;-) ) added.

Yes, this package is fork version from nethack.
But I think the patch of Japanese is too difficult to merge.

 Package: jnethack
 Version: 1.0.5.4.1-20
 Section: games
 Priority: optional
 Architecture: i386
 Depends: libc6 (>= 2.1), libncurses4 (>= 4.2-3.1), xlib6g (>= 3.3-5), xlib6g 
(>= 3.3.4-1), xpm4g (>= 3.4j-0), xbase-clients
 Installed-Size: 2729
 Maintainer: Kenshi Muto <[EMAIL PROTECTED]>
 Description: the dungeon exploration game NetHack (for Japanese).
  the dungeon exploration game NetHack (for Japanese).

License:
NETHACK GENERAL PUBLIC LICENSE
-- 
Kenshi Muto
[EMAIL PROTECTED]
http://www.debian.org/~kmuto/

Re: ITR: intent to rename poc to objc

[Marcel Harkema]

On Thu, Sep 30, 1999 at 09:42:23PM -0400, Raul Miller wrote:
> On Fri, Oct 01, 1999 at 01:39:21AM +0200, Matthias Klose wrote:
> > Marcel Harkema writes:
> >  >   Hi,
> >  > 
> >  >   I am going to rename the poc (portable object compiler) package to 
> > objc if
> >  >   no-one objects.  The upstream author requested this.  Also, libgc4 
> > (boehm
> >  >   gc) support is dropped.  A new additional package will be introduced 
> > with
> >  >   libgc5 support.
> > 
> > We do have another ObjC compiler: gobjc. I think objc is too general as 
> > it's the short name for the language as well. why not use
> > portable-objc or portable-objc-compiler?
> 
> or pobjc.

  Yeah, pobjc was my second preference.

Re: First beta version of the Debian SGML/XML HOWTO

[Stephane Bortzmeyer]

On Friday 1 October 1999, at 4 h 14, the keyboard of David Coe 
<[EMAIL PROTECTED]> wrote:

> looks nice, thanks for doing this; one immediate question:
> nsgmls is not (any longer?) in potato.  Should it be?

It is:

ishtar:~> cat /etc/debian_version 
potato

ishtar:~> dpkg --search /usr/bin/nsgmls 
sp: /usr/bin/nsgmls

ishtar:~> dpkg --status sp
Package: sp
Section: text
Maintainer: Adam Di Carlo <[EMAIL PROTECTED]>
Source: jade (1.2.1-11)
Version: 1.3.3-1.2.1-11
Depends: libc6 (>= 2.1), libstdc++2.10, libsp1 (>= 1.3.2-1.2-1), sgml-base
...

The bug is in the howto.db, which forgot to indicate that the package is "sp". 
I just fixed it. Thanks. But the stylesheet/Debian search engine for packages 
is broken, anyway, I'll have to find something else.

Reupload to ftp.uni-erlangen.de

[Andreas Tille]

Hello,

I wanted to dupload a new version of my freetds-jdbc package
to ftp.uni-erlangen.de.  Unfortunately the first ftp connection
were broken.  A second trial was refused with the message:

 freetds-jdbc_pre0.3-1.diff.gz 2.8 kB dupload fatal error: Can't upload 
freetds-jdbc_pre0.3-1.diff.gz: freetds-jdbc_pre0.3-1.diff.gz: Permission 
denied. (Overwrite)
  at /usr/bin/dupload line 481

How could I remove the broken file or overwrite it with the correct package?

Kind regards

   Andreas.

ITA: aboot

[Greg Johnson]

I will adopt aboot from Jeff E. Noxon.  I have already spoken with Jeff.
I will upload a new version tomorrow.

Greg
-- 
Greg Johnson  [EMAIL PROTECTED]
http://physics.clarku.edu/~gjohnsonfinger for PGP key

Re: BTS: How are the bug reports organized?

[Jason Gunthorpe]

On Thu, 30 Sep 1999, Darren Benham wrote:

> No, seriously, that's how it's created but as long as we don't start ignoring
> bugs, we'll never see  or 9 bugs in a single directory.

Yeah, but the entire reason behind splitting things up like that was to
reduce the number of files per-directory. Thomas is right to observe that
in a few years we will be back where we started again :< 

Jason

Re: BTS: How are the bug reports organized?

[Darren Benham]

Then close some bugs :)

No, seriously, that's how it's created but as long as we don't start ignoring
bugs, we'll never see  or 9 bugs in a single directory.
On Thu, Sep 30, 1999 at 11:46:07PM +0200, Thomas Schoepf wrote:
> 
> I'm currently working on a tool that automatically fetches all bug reports
> belonging to one package.
> 
> The base url is http://www.debian.org/Bugs/db/ and I always thought that the
> subdirectories were designed so that only up to 999 files go into a single
> directory.
> 
> But today, I noticed that this assumption seems to be wrong when trying to
> download the page for e.g. Bug#8429. It's not in /8/ but /84/.
> 
> So, the directory is only determined by the leading 2 digits?
> If so, what will happen when our bugs reach 6 digit numbers (Currently, the
> number of bug reports seems to grow exponentially...). Putting 1-1
> files into a single directory doesn't sound very wise to me...
> 
> 
> Thomas
> -- 
> GnuPG: ID=B0FA4F49, http://www.in.tum.de/~schoepf/gpgkey.txt
>   Fingerprint: FA38 2D7E 408F 61E4 BF49  B48F 04BD F5BE B0FA 4F49
> PGP 2: ID=2EA7BBBD, http://www.in.tum.de/~schoepf/pgpkey.txt
>   Fingerprint: 08 96 1F CD AD 55 03 0F  95 92 B0 F2 04 32 4B 52




pgpfiXmVCjaGW.pgp
Description: PGP signature

NcFTP is free again?

[Chris Cheney]

I just looked at NcFTP 3.0Beta20 and it appears to have changed its license to 
free (no license file) and the libncftp requirement of non-use by other 
programs seems to have been dropped also.  Maybe someone more knowledgeable 
than me can look at this and see if it can be packaged again.

Thanks,
Chris


pgplbAlGZ2jfj.pgp
Description: PGP signature

Re: Is XEmacs nonfree?

[Raul Miller]

On Fri, Oct 01, 1999 at 05:01:05AM +0100, Chris Rutter wrote:
> Yes, probably; but no.  RMS is referring to the fact that many authors
> of many pieces of xemacs haven't assigned copyright to the FSF,
> meaning that copyright remains with them, or possibly even their
> employer, depending on sticky employment contracts.  Therefore,
> to be absolutely 100% anal about the `freeness' of the `GNU system',
> he is declaring that any code that hasn't been copyright-assigned
> to the FSF is not worthy of inclusion in the GNU system.

You've got many correct facts there, but you're wrong.

The issue isn't inclusion in the GNU system.  The issue is inclusion
in packages where FSF is the copyright holder.

http://www.fsf.org/prep/standards_4.html#SEC4
or
http://www.fsf.org/prep/maintain_3.html#SEC3

-- 
Raul

Re: First beta version of the Debian SGML/XML HOWTO

[David Coe]

Stephane Bortzmeyer <[EMAIL PROTECTED]> writes:


[...]

> Debian SGML/XML HOWTO.

[...]

> http://www.debian.org/~bortz/SGML-HOWTO/

[...]

looks nice, thanks for doing this; one immediate question:
nsgmls is not (any longer?) in potato.  Should it be?

Thanks.

Package update for Sep 29: Malformed Priority Line

[Rhys Dyfrgi]

This is the wrong place to send this, but I could find no better place on the
Debian contact page.

When I was updating my package list (apt-get update), I got an error on the
ftp.us.debian.org_debian_dists_potato_main_binary-i386_Packages file.
"Reading Package Lists... Error!
E: Malformed Priority line
E: Error occured while processing aleph-dev (NewVersion1)
E: Problem with MergeList
/var/state/apt/lists/ftp.us.debian.org_debian_dists_potato_main_binary-i386_Pack
ages
E: The package lists or status file could not be parsed or opened."

This was easily corrected by changing the priority line for aleph-dev from
optionnal to optional.  The same applied to aleph-doc.

There is currently no package or pseudopackage associated with these lists.
 I suggest that a pseudopackage be created if only for organizing bug reports
of this nature.

Thank you.

Rhys Dyfrgi

Re: Is XEmacs nonfree?

[Chris Rutter]

On 30 Sep 1999, David Coe wrote:

> Is that still an accurate description of the legal status (from 
> FSF's perspective) of XEmacs, and if so, shouldn't we move it to
> non-free?

Yes, probably; but no.  RMS is referring to the fact that many authors
of many pieces of xemacs haven't assigned copyright to the FSF,
meaning that copyright remains with them, or possibly even their
employer, depending on sticky employment contracts.  Therefore,
to be absolutely 100% anal about the `freeness' of the `GNU system',
he is declaring that any code that hasn't been copyright-assigned
to the FSF is not worthy of inclusion in the GNU system.

-- 
Chris <[EMAIL PROTECTED]> ( http://www.fluff.org/chris )

Re: Packages should not Conflict on the basis of duplicate functionality

[Bjoern Brill]

On Wed, 29 Sep 1999, Clint Adams wrote:

> > debian's attitude is: if you want something different, DIY. and more
> > importantly, it lets you DIY.
> 
> Err.. what Unix DOESN'T let you DIY?

Every Unix lets you DIY, of course. The problem is the *'/(&%
configuration done by most all distributions and commercial Unices. It
says: "do it our way or DIY everything". Now DIY everything is an option
if you've had several years of experience as Unix sysadmin, but how do you
get there? And why do you need a distribution involving years of work of
several hundred people then? ftp; configure; make install; vi /etc/foo 
does it (maybe with some struggles in between).

What brought me to Debian is the "we provide a reasonably working setup 
for most users, and if you don't like it you can go and DIY without f*ing
up all the rest and fighting some AutoMagicallyMisConfigured(TM) utility"
approach. Try SuSE's yast if you can't see the difference.

Debian isn't RH, but it isn't Slackware either. It has some of the goodies
of both sides. In the case of daemon configuration, there is still some
work to be done, however. Set up (sensibly) and start the first one
providing a service and leave following ones for DIY could be a good
solution.


Bj"orn Brill <[EMAIL PROTECTED]>
Frankfurt am Main, Germany

neighbour table overflow

[Brian May]

Sorry if this is obvious... 

Does anyone know what this message means?

neighbour table overflow

I have been getting it on my potato NFS-Root system. eg when installing
netbase. Restarting nis also causes it to display three times. nis
client doesn't work, but might be unrelated configuration error (it
looks OK to me though).

Is this potato specific?

NFS-Root specific??

Linux 2.2.12 specific?

Looks like the message is comming from the kernel (it appears
in /var/log/kern.log).

Looks almost like automatic routing or something, but my routes (only 2:
my network and default) are static.
-- 
Brian May <[EMAIL PROTECTED]>

Re: Swap setup on Debian

[Chris Rutter]

On Tue, 28 Sep 1999, Staffan Hamala wrote:

> Why doesn't the installer use -v1 so that larger swaps that 128MB can
> be used?

I presume this is a boot-floppies issue, and will indeed be rectified
nearer release time -- for the time being, it would seem prudent not
to sacrifice any compatibility for the sake of an extra few
commands.

-- 
Chris <[EMAIL PROTECTED]> ( http://www.fluff.org/chris )

Re: Packages should not Conflict on the basis of duplicate functionality

[Raul Miller]

On Fri, Oct 01, 1999 at 10:53:44AM +1000, Craig Sanders wrote:
> i'm talking about the current practice of postinst scripts in various
> packages enabling the services that they provide (if any). i am not
> talking at all about which packages are base or required or extra or
> whatever - i'm talking specifically and ONLY about what the postinst
> scripts of packages do when they are installed. install a package
> which provides a daemon and it *should* be enabled in the postinst. if
> you don't want the service it provides then don't install the package.

Of course this is completely unreasonable in many cases.  And, of course,
different package instances may or may not provide daemons and the
decision at the package level may have been for a different instance.
And, in general, there's more than one way to do it.

All of which make this current discussion rather... odd.

-- 
Raul

Re: Packages should not Conflict on the basis of duplicate functionality

[Eric Weigel]

As a user, I have to say that the "Provides/Conflicts" that happens
with POP3 servers is annoying.

I wanted to look at each of ipopd, gnu-pop3d and cucipop.  I could only
look at one at a time.  It was ok in my case, because the machine I was
using has very little pop3 traffic.  But it was awkward.

If I wanted to download source and recompile it, I would not be using
Debian.  I like the package manager.  I also like the thought that goes
into problems like this.

I'd like to see something like this:

WARNING:
 you already have a pop3-server installed (cucipop)
 starting ipopd automatically may cause problems
 there are cases where running several pop3-servers
 automatically makes sense: most of them require you to do
 special configuration.
 if you answer No to the following question, you can edit
 "some configuration file", then run "some reconfiguration
 program" to start ipopd without conflicting with the existing
 pop3-server. Read /usr/share/doc/ipopd/somedocfile
 for instructions on how to do this.
 do you want ipopd to start automatically? (y/N)

WARNING:
 you already have an http-server installed (apache)
 starting apache-ssl automatically may cause problems
 there are cases where running several http-servers
 automatically makes sense: most of them require you to do
 special configuration.
 if you answer No to the following question, you can edit
 /etc/apache-ssl/httpd.conf, then run "some reconfiguration
 program" to start apache-ssl without conflicting with the
 existing http-server.  Read /usr/share/doc/apache-ssl/somedocfile
 for instructions on how to do this.
 do you want apache-ssl to start automatically? (y/N)

I am full aware that this doesn't solve all the problems.  Some
services start from init.d scripts, some from inetd.

pop3 servers seem to mostly run from inetd.  But someone may package
one that starts from an init.d script.

Sometimes, different protocols use the same port (ssh and ssh2 come to
mind)  In the ssh case, one solution is to enable the "ssh1
compatibility" in the sshd2 configuration.  Another is to run ssh1 or
ssh2 on a different port.

Pretty soon, there will be two DNS servers: some people will want to
run Bind as their main server, and test the new one on perhaps just one
IP address.  A "Provides/Conflicts" in this case would (for me) really
really suck.

This is a problem that each person who packages a service that listens
on a port has to deal with.  And more of a problem because different
implementations of such a service are packaged by different people.

Perhaps a general framework for dealing with the issue would help, if
it left room for each packager to handle things as the package
requires.

The following presumes that each package that provides a service will
provide a virtual package, "service-server", so that the potential
conflict can be detected and dealt with, and that when such a conflict
is detected, a nice long question is asked of the user, and the user
answers yes or no (with no being the default).

Something like:

 if it starts from an init.d script, have the init.d script check for
the
 existence of some configuration file.  based on the content or
existence
 of that file, start or don't start the service, configured as
appropriate.
 if the user answers no to the auto-start question, make sure the
special
 file is in the state which prevents the service from starting. provide
 also a script in /usr/sbin to let the user turn on and off the
service,
 and/or provide a document in /usr/share/doc/package which describes
 how to do it (the document should exist, whether the script does or
not).

 if it starts from /etc/inetd, put a line into /etc/inetd which would
start
 the service, but commented out if the service should not be started by
 default.  in this case, the user will probably have to edit
/etc/services
 and /etc/inetd to get the service started with no conflict.  provide a
 document in /usr/share/doc/package which describes how to do it. (i
 omitted the script here because it seems to be taboo to edit
/etc/services
 from any package except that which owns it)

I'm going to look at ipopd, gnu-pop3d, cucipop, apache, apache-ssl, ssh
and ssh2 to see how bad my idea is.  I'll post what I find out.

If a framework like this makes sense, then no package has to know about
another package, and no packager has to know what another packager is
doing, so long as each package and packager "does the right thing" when
a potential conflict crops up.

The bottom line: let the user decide.

Eric
Bestnet Internet Inc


On Fri, 1 Oct 1999 10:28:03 +1000, Craig Sanders wrote:

>On Thu, Sep 30, 1999 at 08:34:48AM -0400, Raul Miller wrote:
>> On Thu, Sep 30, 1999 at 02:16:31PM +1000, Craig Sanders wrote:
>> > to paraphrase:  i am against messing with the current default.  i am not
>> > against (indeed, i am in favour of) increasing choice.
>> 
>> There is currently no default -- it varies on a per-package basis.
>
>update-inetd and update-rc.d pretty much

Re: {R,I[INEW]}TP: free ssh [non-US]

[Herbert Xu]

James Troup <[EMAIL PROTECTED]> wrote:
>
> So, I tentatively announce a preliminary ITP, pending confirming that
> their hacked version is indeed DSFG free.  _But_, I'd much rather
> someone with more free time would do it instead.  So, please, someone
> else (who doesn't live in the USA) have a look/go...

The license issues seem to be sorted out for me.  So I'll have a go at it.
-- 
Debian GNU/Linux 2.1 is out! ( http://www.debian.org/ )
Email:  Herbert Xu ~{PmV>HI~} <[EMAIL PROTECTED]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Re: Packages should not Conflict on the basis of duplicate functionality

[Craig Sanders]

On Thu, Sep 30, 1999 at 07:02:44AM -0400, Michael Stone wrote:
> On Thu, Sep 30, 1999 at 08:05:32AM +1000, Craig Sanders wrote:
> > sorry, it's you who needs to wake up to the real world.
> > 
> > if people don't know how to administer a unix machine then they need
> > to learn fast. 
> 
> Not true. 

you discredit your argument with silly assertions like this.

> Maintaining a unix-like machine for desktop or personal use requires
> a different skill set than a machine used as a server. People using
> linux as a windows replacement or because they want to see what linux
> is *don't need* a bunch of services enabled *by default*.

if they "*don't need* a bunch of services enabled *by default*" then
they shouldn't install the packages that provide those services. most
workstations do not need a pop or imap server, very few need an ftp
server.

those workstation users who install these packages have to take
responsibility for their own actions, and they should be presumed to
know what they are doing.


> > no amount of molly-coddling by the distribution authors (i.e. us) is
> > going to obviate that essential requirement. maintaining security on
> > your own systems requires personal knowledge and experience, it can
> > not be done by proxy.
>
> Agreed, for machines that need public services. But I'm talking about
> defaults. Can you come up with a reason we *need* a bunch of stuff
> enabled by default?

if a service isn't needed then don't install the package that provides
that service. what is so difficult to understand about that?

it's not as if people are forced to install rsh or telnet servers any
more.  Anthony has done a great job of splitting up netbase so that
these packages are now optional extras.


> > the "we-know-better-than-you" attitude is what redhat and caldera
> > (and microsoft, for that matter) does. it sucks. debian has always
> > done better than that
>
> This is empty "we're better than them propaganda". Debian already
> makes choices in what services are installed and enabled by default.
> It does not follow that changing the *existing* list of services we
> enable by default implies a "we-know-better-than-you" attitude.

ok, i see the communication problem now...why we're going round in
circles on this point. i think we're talking about completely different
things here.

i'm not talking about what debian chooses to have installed by default
(i.e. base/required packages).

i'm talking about the current practice of postinst scripts in various
packages enabling the services that they provide (if any). i am not
talking at all about which packages are base or required or extra or
whatever - i'm talking specifically and ONLY about what the postinst
scripts of packages do when they are installed. install a package which
provides a daemon and it *should* be enabled in the postinst. if you
don't want the service it provides then don't install the package.

of course, if debconf or something can provide a mechanism for the
system admin to globally choose whether to enable or not enable services
when they are installed then that is even better. but until we have such
a mechanism, such packages should do what they always done and enable
themselves at install time.


> A system with daemons disabled will always have a better guarantee of
> security than one with daemons enabled. In the not-so-distant past we've
> shipped systems with a vulnerable telnetd and a vulnerable ftpd enabled
> *by default.* 

which is one of the reasons why they are now split off from the netbase
package - so that people can choose whether they want these services
installed or not.

splitting netbase was the right solution to that problem...installing
stuff but leaving it disabled is a PITA, not a solution to a problem.
more to the point, it's a bigger and more annoying problem than the one
it is purported to solve.



> > why run debian (with all it's useful tools like update-inetd and
> > update-rc.d and so on) if you're going to throw away those advantages?
> 
> Why does changing default behavior throw away advantages? What prevents
> you from using those tools if you want them? 

the advantage of these tools is that packages can enable the services
they provide when they are installed. they don't provide much (if any)
benefit to the casual command-line user - it's easier to edit inetd.conf
manually than it is to remember the args for update-inetd.

craig

--
craig sanders

Re: {R,I[INEW]}TP: free ssh [non-US]

[Sean 'Shaleh' Perry]

On 01-Oct-99 Jason Gunthorpe wrote:
> 
> On 30 Sep 1999, James Troup wrote:
> 
>> OpenBSD have started working on the last free SSH (1.2.12 was under a
>> DFSG free license AFAICT[1]), they also, (again AFAICT [I'm going by
>> the CVS commits]), are ripping out the patented algrothims (IDEA,
>> etc.).  Unfortunately, I'm chronically busy with work and haven't had
> 
> This is very exciting, ssh is one of the few remaining non-free programs
> that debian relies on, it would be very nice to get a real replacement.
> 
> Can someone corfirm the DFSGness of it?
> 

The old ssh was free.  The license this ships with is very BSD.  The code all
says it is ok as well.

Seems ok, openbsd are fanatics about licenses and security, so I doubt they
would do something as stupid as include a non-free ssh.