date:20051021

Re: Bits from the release team: the plans for etch

2005-10-21 Thread Manoj Srivastava

On Fri, 21 Oct 2005 07:05:29 +0200, Christian Perrier <[EMAIL PROTECTED]> said: 

> (CC in case you don't follow -devel that closely given your current
> situation, Manoj. Please accept my apologies in advance if you
> do...)

>> At this point, most of the major packages that have to be modified
>> to enable a bare SELinux Debian system are in place, with coreutils
>> being the last holdout.

> Myself and other shadow package maintainers were wondering whether
> we have to compile shadow utilities (login, su, passwd...) with
> SELinux support.

> One of my co-maintainers said me we shouldn't because libselinux1 is
> not in the base system...which seems untrue..:-) (or I misunderstood
> him which is also likely)

> So, I guess we could, indeed...anyway I bet you'll ask us to do so
> at some moment, won't you?

Oh, that's not needed. SElinux uses PAM to mediate access to
 the password (there is a SELinux PAM module now). So, people who want
 to enable SELinux on their machine have to do something like so:

,[ Add SELinux capability to the system ]
| if ! grep pam_selinux.so /etc/pam.d/login >& /dev/null; then
| echo "" >> /etc/pam.d/login
| echo "session required pam_selinux.so multiple" >> /etc/pam.d/login
| echo "" >> /etc/pam.d/login
| fi
`

Thanks for asking, though.

manoj
ps: an MRI rapidly palls after the first 20 minutes or so
pps: I also happen to agree with DK below
-- 
A person who is more than casually interested in computers should be
well schooled in machine language, since it is a fundamental part of a
computer.  -- Donald Knuth
Manoj Srivastava   <[EMAIL PROTECTED]>  
1024D/BF24424C print 4966 F272 D093 B493 410B  924B 21BA DABB BF24 424C


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Bits from the release team: the plans for etch

2005-10-21 Thread Martin Pitt

Hi Christian!

Christian Perrier [2005-10-21  7:05 +0200]:
> > At this point, most of the major packages that have to be
> >  modified to enable a bare SELinux Debian system are in place, with
> >  coreutils being the last holdout.
> 
> 
> Myself and other shadow package maintainers were wondering whether we
> have to compile shadow utilities (login, su, passwd...) with SELinux
> support.
> 
> One of my co-maintainers said me we shouldn't because libselinux1 is
> not in the base system...which seems untrue..:-) (or I misunderstood
> him which is also likely)

Even if it wasn't - libraries are not promoted to base just because
its cool to have them there, but because base programs (want to) use
them.  Having OOTB support for SELinux would really rock *dream*, and
I guess there will be little to no opposition to this feature, since
it would not be enabled by default.

> So, I guess we could, indeed...anyway I bet you'll ask us to do so at
> some moment, won't you?

*asking* :-)

Martin

-- 
Martin Pitthttp://www.piware.de
Ubuntu Developer   http://www.ubuntu.com
Debian Developer   http://www.debian.org

In a world without walls and fences, who needs Windows and Gates?


signature.asc
Description: Digital signature

Re: a few tips on proper use of version tracking in the Debian BTS

2005-10-21 Thread Stefano Zacchiroli

On Fri, Oct 21, 2005 at 02:08:17AM +0200, Pierre THIERRY wrote:
> It seems. I did it for #297927: after sending a 'close 297927' to
> [EMAIL PROTECTED], the BTS informed me that it was deprecated. I sent
> another mail to [EMAIL PROTECTED] with 'Version: 0.9.23-1', and it is
> now in the BTS as ``Fixed in version 0.9.23-1''.

Great, I will do it for a couple of bugs closed erroneously as well.

Besides that, does "bts close NN x.y.z" do the correct thing?

-- 
Stefano Zacchiroli -*- Computer Science PhD student @ Uny Bologna, Italy
[EMAIL PROTECTED],debian.org,bononia.it} -%- http://www.bononia.it/zack/
If there's any real truth it's that the entire multidimensional infinity
of the Universe is almost certainly being run by a bunch of maniacs. -!-


signature.asc
Description: Digital signature

zope2.7 security fix (for bug 334055)

2005-10-21 Thread A Mennucc

hi everybody

I have (hopefully) fixed the bug 334055 of zope2.7, that is a security alert.

Note that my patch is much smaller than the original hotfix,
which included also some new features such as nl and ca languages -
- but usually we do not add new features in Debian when releasing security
upgrades.

- testing

This is the updated binary for testing/etch
http://tonelli.sns.it/pub/mennucc1/zope/debian/etch-security/zope2.7_2.7.5-3sec1.deb

I will not upload it to secure-testing-master since it violates point 1 at
http://secure-testing-master.debian.net/
"Only upload changes that have already been made in unstable."
People in the pkg-zope-team are introducing in unstable a completely
different zope framework.

- sarge

This is the proposed update for stable/sarge :
http://tonelli.sns.it/pub/mennucc1/zope/debian/sarge-security/zope2.7_2.7.5-2sec1_source.changes
unfortunately I do not have available a clean sarge environment, so
you have to compile it.

This is the diff w.r.t the older version
http://tonelli.sns.it/pub/mennucc1/zope/debian/sarge-security/zope-hotfix_2005-10-09-sarge.diff

Warning: do not apply that patch to the installed files of zope2.7,
it will not work. Compile the above source, or help me use a sarge buildd.

ps: I wrote to the security team asking info on the sarge upload, never
got an answer. Question: can I upload a source-only to sarge-security?

ps2: I would also appreciate if someone who understands what 334055 is about
would compile and test my fix to see if it really works.

--
Andrea Mennucc
"E' un mondo difficile. Che vita intensa!" (Tonino Carotone)

signature.asc
Description: Digital signature

Fwd: Bug#334901: Subject: ITP: knetdockapp -- Network activity monitor applet for KDE

2005-10-21 Thread Jorge Salamero Sanz



--  Forwarded Message  --

Subject: Bug#334901: Subject: ITP: knetdockapp -- Network activity monitor 
applet for KDE
Date: Thursday 20 October 2005 17:52
From: Jorge Salamero Sanz <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]

Subject: ITP: knetdockapp -- Network activity monitor applet for KDE
Package: wnpp
Owner: Jorge Salamero Sanz <[EMAIL PROTECTED]>
Severity: wishlist

*** Please type your report below this line ***

* Package name: knetdockapp
  Version : 0.63
  Upstream Author : Todor Aleksandrov <[EMAIL PROTECTED]>
* URL : http://pan4os.info/apps/debian/
* License : GPL
  Description : Network activity monitor applet for KDE

  A small application that docks in the systray and monitors the
  activity of the selected network interface and the link status.
  Supports session managment. Requieres Linux 2.6.x.

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: powerpc (ppc)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.12-1-powerpc
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)
Report will be sent to "Debian Bug Tracking System" <[EMAIL PROTECTED]>

---


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

[Bug#334632] Your message to Pkg-openssl-devel awaits moderator approval

2005-10-21 Thread Brian May

Hello,

I consider this a bug; reports sent to @packages.debian.org
should go straight through to a maintainer or list of maintainers...

However, this appears to be sent to an upstream development mailing
list, and it would appear my mail has not got through.

Yes I know:

a) I am jumping the gun, but my experience "Is being held until the
list moderator can review it for approval." means rejected in
practice.

b) I could reassign the bug report, but I speculate BTS would
encounter the same issue.

--- Begin Message ---
Your mail to 'Pkg-openssl-devel' with the subject

Re: Bug#334632: FTBFS: Crypto library used by krb4 lacks features
required by Kerberos 5

Is being held until the list moderator can review it for approval.

The reason it is being held:

Message has implicit destination

Either the message will get posted to the list, or you will receive
notification of the moderator's decision.  If you would like to cancel
this posting, please visit the following URL:


http://lists.alioth.debian.org/mailman/confirm/pkg-openssl-devel/91facf25272f4a5492f6675f4d7e0611dd80f72e

--- End Message ---

-- 
Brian May <[EMAIL PROTECTED]>

Re: [Bug#334632] Your message to Pkg-openssl-devel awaits moderator approval

2005-10-21 Thread sean finney

hi,

On Fri, Oct 21, 2005 at 10:26:16PM +1000, Brian May wrote:
> I consider this a bug; reports sent to @packages.debian.org
> should go straight through to a maintainer or list of maintainers...

yeah.  i'd say it's bad practice to have the Maintainer
field of a package not go directly to the maintainer(s).  what
exactly does it gain the maintainer to have the mail moderated?

> However, this appears to be sent to an upstream development mailing
> list, and it would appear my mail has not got through.

are you sure?  looks like an alioth list to me :)

sean

-- 

signature.asc
Description: Digital signature

Re: [Bug#334632] Your message to Pkg-openssl-devel awaits moderator approval

2005-10-21 Thread Frank Küster

sean finney <[EMAIL PROTECTED]> wrote:

> hi,
>
> On Fri, Oct 21, 2005 at 10:26:16PM +1000, Brian May wrote:
>> I consider this a bug; reports sent to @packages.debian.org
>> should go straight through to a maintainer or list of maintainers...
>
> yeah.  i'd say it's bad practice to have the Maintainer
> field of a package not go directly to the maintainer(s).

Some packages have the Maintainer: field set to a list, e.g. dpkg, apt,
tetex, probably most java packages.

>  what
> exactly does it gain the maintainer to have the mail moderated?

Nothing; I'd say the list must be unmoderated.  On the other hand, it's
good that lots of spam to the lists is rejected, and there's probably a
grey area.

>> However, this appears to be sent to an upstream development mailing
>> list, and it would appear my mail has not got through.
>
> are you sure?  looks like an alioth list to me :)

At least the alioth lists should be configured so that mail forwarded
from the BTS, packages.debian.org, qa.debian.org and maybe others should
be let through without manual action.

Regards, Frank
-- 
Frank Küster
Inst. f. Biochemie der Univ. Zürich
Debian Developer

Re: [Bug#334632] Your message to Pkg-openssl-devel awaits moderator approval

2005-10-21 Thread sean finney

On Fri, Oct 21, 2005 at 03:23:27PM +0200, Frank Küster wrote:
> > yeah.  i'd say it's bad practice to have the Maintainer
> > field of a package not go directly to the maintainer(s).
> 
> Some packages have the Maintainer: field set to a list, e.g. dpkg, apt,
> tetex, probably most java packages.

i wasn't quite clear i guess, but i didn't mean to imply that.  indeed,
some of my packages have Maintainer pointing at alioth lists :)  i just
meant that having extra manual filters to prevent the mail from getting
to the maintainers would be a bad idea--especially so if the size of
the maintainers is large while there are only one or two list admins,
or it's an important package where something (like say a security
vulnerability in a crypto API) could be silently and invisibly
held up until the next time the list admin decided to check the
lists.

as for the spam issue, the amount of spam i get via my debian
packages is insignificant to the amount i get to my individual
email addresses, but maybe that's just me :)

> At least the alioth lists should be configured so that mail forwarded
> from the BTS, packages.debian.org, qa.debian.org and maybe others should
> be let through without manual action.

that's a good idea, and i'm imagining that it's probably quite 
a feasible one too.  i wonder if anyone who knows more about
mailman could chime in?

sean

-- 

signature.asc
Description: Digital signature

Bug#335018: ITP: OpenVPN-Admin -- Administration and certificate manager for OpenVPN

2005-10-21 Thread Alexander Wirt

Package: wnpp
Severity: wishlist
Owner: Alexander Wirt <[EMAIL PROTECTED]>

* Package name: OpenVPN-Admin
  Version : 1.1.3
  Upstream Author : Everaldo Canuto <[EMAIL PROTECTED]>
Reiner Jung <[EMAIL PROTECTED]>
* URL : http://sourceforge.net/projects/openvpnadmin/
* License : LGPL
  Description : Administration and certificate manager for OpenVPN

An administration GUI for OpenVPN. Included is a manager and wizard for
certificates.

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: powerpc (ppc)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.11-powerpc
Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15)



signature.asc
Description: Digital signature

Re: [Fwd: major problem with gnome-games dependency]

2005-10-21 Thread Pierre THIERRY

Scribit Kevin Mark dies 13/10/2005 hora 02:26:
> I was thinking of a feature that would show 'recommends' but add a
> line line explaining what installing package X would add to the
> currently selected package.
> 
> [...]
>
> if this metadata could be added to the package data file it could be
> utilized by some program(not sure which or how).

I think Debian should develop a general metadata solution for APT. There
are already very powerful tools to handle metadata, like the RDF data
model, it's serializations (RDF/XML, N3, etc.) and tools associated
(Raptor, Rasqal and Redland already packaged in Debian, including
sarge).

With a generic metadata infrastructure in the APT tools, it wouldn't be
a pain anymore to extend APT: debtags could be achieved with it,
dependency explanation also.

With a separation between the core APT features, like installation end
dependency handling, and the metadata addon, it could also be possible
to fetch metadata elsewhere: one could have it's own debtags metadata,
or some teams of DD or users could publish specific debtags (e.g. for
parents that don't want violent games on their system...).

Generically,
Nowhere man
-- 
[EMAIL PROTECTED]
OpenPGP 0xD9D50D8A


signature.asc
Description: Digital signature

Re: Bug#335018: ITP: OpenVPN-Admin -- Administration and certificate manager for OpenVPN

2005-10-21 Thread Jesus Climent

On Fri, Oct 21, 2005 at 03:33:14PM +0200, Alexander Wirt wrote:
> Package: wnpp
> Severity: wishlist
> Owner: Alexander Wirt <[EMAIL PROTECTED]>
> 
> * Package name: OpenVPN-Admin
> * URL : http://sourceforge.net/projects/openvpnadmin/

Please, consider calling the package "openvpn-admin" or "openvpnadmin" to:

1. follow the openvpn name:
 $ apt-cache search openvpn | grep -i openvpn
 openvpn - Virtual Private Network daemon
 
2. follow upstream: (see above)

Thanks!

-- 
Jesus Climent  info:www.pumuki.org
Unix SysAdm|Linux User #66350|Debian Developer|2.6.12|Helsinki Finland
GPG: 1024D/86946D69 BB64 2339 1CAA 7064 E429  7E18 66FC 1D7F 8694 6D69

Mika: Are you sure you know where you are?
Man #3: Yes. Helsinki.
--Mika (Night on Earth)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: There are buildlogs for amd64 packages?

2005-10-21 Thread Kurt Roeckx

On Thu, Oct 20, 2005 at 09:20:52PM +0200, Erik Schanze wrote:
> Hi,
> 
> there can I find the build log for dvgrab_1.7-1 on amd64?
> 
> http://buildd.debian.org/ doesn't list amd64 at all and
> http://amd64.ftbfs.de/ has only 1.8-1 and higher.

Only buildd logs since about May 2005 are available on the site,
I do have older logs available in my archives but they're not
online.


Kurt


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: There are buildlogs for amd64 packages?

2005-10-21 Thread Goswin von Brederlow

Erik Schanze <[EMAIL PROTECTED]> writes:

> Hi,
>
> there can I find the build log for dvgrab_1.7-1 on amd64?
>
> http://buildd.debian.org/ doesn't list amd64 at all and
> http://amd64.ftbfs.de/ has only 1.8-1 and higher.
>
> Because amd64 is listed on http://packages.debian.org/
> build logs should also be (easyly) available for packages of this 
> architecture.
>
>
> Regards,
> Erik

Buildd.d.o didn't allow us to send buildd log so for a long time we
didn't have a server for them. Only when aba offered to run a copy of
the buildd.d.o scripts for us on ftbs.de did we start automatically
archiving them.

So if 1.7-1 isn't there then its build probably predates that
service. You have to build it yourself on one of the amd64s.

MfG
Goswin

-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Dependencies of -dev packages

2005-10-21 Thread Kurt Roeckx

On Thu, Oct 20, 2005 at 09:16:01PM +0200, Gabor Gombas wrote:
> - Make pkg-config mandatory. pkg-config can already handle the case that
>   different libraries are needed for static and shared linking.
>   pkg-config also helps the second problem (conflicting -dev packages),
>   see below

Pretty please don't suggest that unless you first fix pkg-config.
It's always linking in the libraries required for static linking
even if you don't request it.  See for instance bug #254290,
which was closed, but didn't really do what the original patch
did.

Kurt

-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Bits from the release team: the plans for etch

2005-10-21 Thread Christian Perrier


> Oh, that's not needed. SElinux uses PAM to mediate access to
>  the password (there is a SELinux PAM module now). So, people who want
>  to enable SELinux on their machine have to do something like so:
> 
> ,[ Add SELinux capability to the system ]
> | if ! grep pam_selinux.so /etc/pam.d/login >& /dev/null; then
> | echo "" >> /etc/pam.d/login
> | echo "session required pam_selinux.so multiple" >> /etc/pam.d/login
> | echo "" >> /etc/pam.d/login
> | fi
> `


We could maybe provide this (commented) in /etc/pam.d/loginor,
maybe better, this could go (still commented) in
/etc/pam.d/common-session.

Could you point me (and possibly other readers) to "not too deeply
technical" doc about SELinux? After all, talking of something without
actually really knowing it is pretty hard..:-)



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

what to do with iputils (ping, etc)

2005-10-21 Thread Noah Meyerhans

Before I go off and do something drastic like fork the iputils packages
(the packages that give us a handy little tool called 'ping') I'd like
to ask for advice from the wider community.

The iputils source package builds the iputils-{ping,tracepath,arping}
binary packages.  Iputils-ping is the default ping in Debian, and is
thus rather important to get right.  Unfortunately, the upstream source
and build process is a mess.  The upstream developer is one of the
kernel network stack maintainers, and he wants the iputils package to
always work with the latest and greatest kernel functionality.  As a
result, he includes lots of kernel headers in his programs rather than
using standard headers from /usr/include.

At one point I fixed the tracepath code so it would build using standard
headers.  (I never uploaded the fix.)  I haven't fixed ping, etc.  The
thing is, this was so intrusive to both the build system and the code
that it can only be described as a fork.  I'm not completely opposed to
forking this code, since it's fairly mature and not wildly changing (in
fact, there hasn't been a new release in quite some time... like years)
and it would allow me to clean it up a bit.  But I'd like to get a
second opinion...

noah



signature.asc
Description: Digital signature

59 matches

Mail list logo