Re: s390 removed from jessie

[Steve McIntyre]

In article <20131016184443.ga22...@hymers.org.uk> you write:
>On Mon, 14, Oct, 2013 at 09:28:58PM +0200, Julien Cristau spoke thus..
>> Hi,
>> 
>> as of tonight, s390 has been removed from the jessie suite on
>> ftp-master.  The s390x architecture has replaced it starting with the
>> wheezy release.  s390 remains in sid for the moment, but is likely to go
>> away "soon".
>
>Hi,
>
>Following the removal of s390 from jessie, we intend to complete the
>process by removing it from sid this weekend.  If anyone has any
>objection to this, please let us know as soon as possible.
>As noted above by Julien, s390 has been replaced by s390x as of the
>wheezy release.

I have likewise removed s390 from the daily/weekly CD build config,
and from the architecture lists in debian-cd. It will still be
possible to build s390 stuff for a while, but we'll not be using or
testing that code any more in sid/jessie.

-- 
Steve McIntyre, Cambridge, UK.st...@einval.com
Support the Campaign for Audiovisual Free Expression: http://www.eff.org/cafe/


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/e1vwznj-hy...@mail.einval.com

Re: Bug#726393: general: Possible malware infections in source packages

[Marc Haber]

On Wed, 16 Oct 2013 20:17:53 +, "Andrew M.A. Cater"
 wrote:
>On Wed, Oct 16, 2013 at 11:12:47AM +0200, Marc Haber wrote:
>> On Tue, 15 Oct 2013 12:54:36 +0200, Dominik George 
>> wrote:
>> >> Some of the source packages were caught on a gateway anti-virus scanner 
>> >> while
>> >> downloading.
>> >
>> >Using a gateway anti-virus scanner for downloads from the Debian archive
>> >seems a bit inappropriate, well, paranoid. Checking the signed hashsums
>> >would seem a lot better to verify the downloads; if Debian's
>> >infrastructure were compromised so viruses could get in *and* be signed,
>> >we and you have other problems.
>> 
>> In many organisations it would be a _huge_ hassle to be allowed to
>> Download Debian packages directly while bypassing the gateway scanner.
>> It might even lead to a knee-jerk reaction like "This Debian thingy
>> keeps setting off our security alerts, let's ban it and use a
>> supported enterprise distro".
>
>You have _NO_ idea just how close to the truth you are

I think I know.

>- but even enterprise distributions
>trigger anti-virus programs. Pretty much all false positives, but still ..

Yes, but that's enterprise software with support that we have paid
$AMOUNT of $CURRENCY for. That can't be bad, or our decision would be
wrong, which is not possible with regard to the career of the people
who had taken that decision.

Greetings
Marc
-- 
-- !! No courtesy copies, please !! -
Marc Haber |   " Questions are the | Mailadresse im Header
Mannheim, Germany  | Beginning of Wisdom " | http://www.zugschlus.de/
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 621 72739834


--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/e1vwyha-7p...@swivel.zugschlus.de

Re: Bug#726393: general: Possible malware infections in source packages

[Andrew M.A. Cater]

On Wed, Oct 16, 2013 at 11:12:47AM +0200, Marc Haber wrote:
> On Tue, 15 Oct 2013 12:54:36 +0200, Dominik George 
> wrote:
> >> Some of the source packages were caught on a gateway anti-virus scanner 
> >> while
> >> downloading.
> >
> >Using a gateway anti-virus scanner for downloads from the Debian archive
> >seems a bit inappropriate, well, paranoid. Checking the signed hashsums
> >would seem a lot better to verify the downloads; if Debian's
> >infrastructure were compromised so viruses could get in *and* be signed,
> >we and you have other problems.
> 
> In many organisations it would be a _huge_ hassle to be allowed to
> Download Debian packages directly while bypassing the gateway scanner.
> It might even lead to a knee-jerk reaction like "This Debian thingy
> keeps setting off our security alerts, let's ban it and use a
> supported enterprise distro".
> 
> Greetings
> Marc
> -- 
> -- !! No courtesy copies, please !! -
> Marc Haber |   " Questions are the | Mailadresse im Header
> Mannheim, Germany  | Beginning of Wisdom " | http://www.zugschlus.de/
> Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 621 72739834
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
> Archive: http://lists.debian.org/e1vwn9r-0004kh...@swivel.zugschlus.de

You have _NO_ idea just how close to the truth you are - but even enterprise 
distributions
trigger anti-virus programs. Pretty much all false positives, but still ..

All the best,

AndyC


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20131016201753.gb4...@galactic.demon.co.uk

Re: Bug#726393: general: Possible malware infections in source packages

[Marc Haber]

On Wed, 16 Oct 2013 12:59:33 +0200, Dominik George 
wrote:
>Marc Haber  schrieb:
>>On Tue, 15 Oct 2013 13:19:38 +0200, "Thijs Kinkhorst"
>> wrote:
>>>I'm missing why the package cannot use the EICAR test virus signature
>>for
>>>its purposes.
>>
>>eicar.com does not have a distributable license.
>
>
>I do not think it is actually copyrightable software. It is a string that was 
>agreed in to trigger antivirus scanners, so it is more or less a protocol. 
>Consider the downloads at eicar.com reference implementations.
>
>TINLA, IANAL.

Obviously. German copyright law was changed in the 1990ies to
explicitly include even the most trivial programming work ("kleine
Münze").

Eicar.com is undoubtedly programming work, and given it being short, a
working DOS program _and_ printable at the same time I do not have any
doubt that the program would pass as a "Schöpfung" in a court of law.
Maybe even as a work of art instead of a work of programming.

Greetings
Marc
-- 
-- !! No courtesy copies, please !! -
Marc Haber |   " Questions are the | Mailadresse im Header
Mannheim, Germany  | Beginning of Wisdom " | http://www.zugschlus.de/
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 621 72739834


--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/e1vwxdq-0008ci...@swivel.zugschlus.de

Re: s390 removed from jessie

[Mark Hymers]

On Mon, 14, Oct, 2013 at 09:28:58PM +0200, Julien Cristau spoke thus..
> Hi,
> 
> as of tonight, s390 has been removed from the jessie suite on
> ftp-master.  The s390x architecture has replaced it starting with the
> wheezy release.  s390 remains in sid for the moment, but is likely to go
> away "soon".

Hi,

Following the removal of s390 from jessie, we intend to complete the
process by removing it from sid this weekend.  If anyone has any
objection to this, please let us know as soon as possible.
As noted above by Julien, s390 has been replaced by s390x as of the
wheezy release.

Thanks,

Mark

-- 
Mark Hymers 

"Well, the thing about a black hole - it's main distinguishing feature - is
 it's black. And the thing about space, your basic space colour is black. So
 how are you supposed to see them?"
 Holly, Red Dwarf Series III - Marooned


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20131016184443.ga22...@hymers.org.uk

Re: Propose Release Goals (delayed ;) - xz compression

[Thomas Goirand]

On 10/17/2013 12:35 AM, Lars Wirzenius wrote:
> On Wed, Oct 16, 2013 at 05:32:37PM +0100, David Goodenough wrote:
>> xy may only use a tiny bit, but the combination of apt-get, dpkg and
>> xy seems to cause problems.  Its not just BeagleBones, there are x86
>> machines with just 64MB still on sale.
> 
> Do we expect to build Debian packages on such systems?

That's not enough RAM for uncompromising the default initrd and booting
from it. And it's been years this way. So IMO, no.

Could we *not* have the same topics in loop in this list, and move on?

Thomas


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/525ed243.7080...@debian.org

Re: Propose Release Goals (delayed ;) - xz compression

[Dominik George]

Hi,

> The only problem is that on small machines (things like the BeagleBone)
> xz compression requires enough memory that you have to enable swap to
> use dpkg.  Now on a machine with a sensible disk this is not a problem,
> but on a machine where the "disk" is an SD-card it is a disaster.

correct me if I'm wrong, but it appears to me that xz compression has
become the default in dpkg. With that in mind, won't this issue come up
anyway? I mean, once a maintainer fixes a bug in a pckage and uplods it,
the binries ill get xz compression. So this issue is in no way specific
to making it a release goal.

On the contrary, if we do it right now for the whole archive, users have
something to rely on and, should it really be an issue, won't see their
systems slowly failing more and more over time.

That said, if choosing xz as default compression is harmful, then this
harm has already been done and should have been prevented before making
xz default in dpkg 1.17.0.

I, for one, consider the release goal a good idea as for stable users,
it provides a reliable moment in time when things will break so they can
prepare for it. Still, I also think that in the first place, things
*won't* break, as stated by others.

Cheers,
Nik

-- 
* concerning Mozilla code leaking assertion failures to tty without D-BUS *
 That means, D-BUS is a tool that makes software look better
than it actually is.

PGP-Fingerprint: 3C9D 54A4 7575 C026 FB17  FD26 B79A 3C16 A0C4 F296


signature.asc
Description: Digital signature

Re: Propose Release Goals (delayed ;) - xz compression

[Bastian Blank]

On Wed, Oct 16, 2013 at 07:19:19PM +0300, Marius Gavrilescu wrote:
> At the default preset (-6), the required RAM for decompressing is about
> 9MB. The BeagleBone seems to have 256MB of memory (that's what
> Wikipedia says), so 9MB shouldn't be an issue.

Didn't we discuss this last year already?

> And if 9MB is too much for some random board, xz -0 still compresses
> better than gzip -9 (or so it should) with only 1MB of DecMem.

-2 or -3 should be sane settings for all systems.

Bastian

-- 
Those who hate and fight must stop themselves -- otherwise it is not stopped.
-- Spock, "Day of the Dove", stardate unknown


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20131016172230.ga10...@mail.waldi.eu.org

Re: Propose Release Goals (delayed ;) - xz compression

[Marius Gavrilescu]

Lars Wirzenius  writes:

> Do we expect to build Debian packages on such systems?

David's point was that installing such a package would require too much
memory due to xz's decompression memory requirements (9MB with default
options).
-- 
Marius Gavrilescu


pgpuiMWwJJsFS.pgp
Description: PGP signature

Re: Propose Release Goals (delayed ;) - xz compression

[David Goodenough]

On Wednesday 16 Oct 2013, Lars Wirzenius wrote:
> On Wed, Oct 16, 2013 at 05:32:37PM +0100, David Goodenough wrote:
> > xy may only use a tiny bit, but the combination of apt-get, dpkg and
> > xy seems to cause problems.  Its not just BeagleBones, there are x86
> > machines with just 64MB still on sale.
> 
> Do we expect to build Debian packages on such systems?
no, but we do expect to install on them.

David


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/201310161740.50457.david.goodeno...@btconnect.com

Re: Propose Release Goals (delayed ;) - xz compression

[Lars Wirzenius]

On Wed, Oct 16, 2013 at 05:32:37PM +0100, David Goodenough wrote:
> xy may only use a tiny bit, but the combination of apt-get, dpkg and
> xy seems to cause problems.  Its not just BeagleBones, there are x86
> machines with just 64MB still on sale.

Do we expect to build Debian packages on such systems?

-- 
http://www.cafepress.com/trunktees -- geeky funny T-shirts
http://gtdfh.branchable.com/ -- GTD for hackers


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20131016163521.gb4...@mavolio.codethink.co.uk

Re: Propose Release Goals (delayed ;) - xz compression

[David Goodenough]

On Wednesday 16 Oct 2013, Marius Gavrilescu wrote:
> David Goodenough  writes:
> > The only problem is that on small machines (things like the BeagleBone)
> > xz compression requires enough memory that you have to enable swap to
> > use dpkg.  Now on a machine with a sensible disk this is not a problem,
> > but on a machine where the "disk" is an SD-card it is a disaster.
> 
> From the xz manpage:
> # Preset   DictSize   CompCPU   CompMem   DecMem
> #   -0 256 KiB   03 MiB1 MiB
> #   -1   1 MiB   19 MiB2 MiB
> #   -2   2 MiB   2   17 MiB3 MiB
> #   -3   4 MiB   3   32 MiB5 MiB
> #   -4   4 MiB   4   48 MiB5 MiB
> #   -5   8 MiB   5   94 MiB9 MiB
> #   -6   8 MiB   6   94 MiB9 MiB
> #   -7  16 MiB   6  186 MiB   17 MiB
> #   -8  32 MiB   6  370 MiB   33 MiB
> #   -9  64 MiB   6  674 MiB   65 MiB
> 
> At the default preset (-6), the required RAM for decompressing is about
> 9MB. The BeagleBone seems to have 256MB of memory (that's what
> Wikipedia says), so 9MB shouldn't be an issue.
> 
> And if 9MB is too much for some random board, xz -0 still compresses
> better than gzip -9 (or so it should) with only 1MB of DecMem.
xy may only use a tiny bit, but the combination of apt-get, dpkg and
xy seems to cause problems.  Its not just BeagleBones, there are x86
machines with just 64MB still on sale.

David


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/201310161732.38040.david.goodeno...@btconnect.com

Re: Propose Release Goals (delayed ;) - xz compression

[Marius Gavrilescu]

David Goodenough  writes:

> The only problem is that on small machines (things like the BeagleBone)
> xz compression requires enough memory that you have to enable swap to
> use dpkg.  Now on a machine with a sensible disk this is not a problem,
> but on a machine where the "disk" is an SD-card it is a disaster.

From the xz manpage:
# Preset   DictSize   CompCPU   CompMem   DecMem
#   -0 256 KiB   03 MiB1 MiB
#   -1   1 MiB   19 MiB2 MiB
#   -2   2 MiB   2   17 MiB3 MiB
#   -3   4 MiB   3   32 MiB5 MiB
#   -4   4 MiB   4   48 MiB5 MiB
#   -5   8 MiB   5   94 MiB9 MiB
#   -6   8 MiB   6   94 MiB9 MiB
#   -7  16 MiB   6  186 MiB   17 MiB
#   -8  32 MiB   6  370 MiB   33 MiB
#   -9  64 MiB   6  674 MiB   65 MiB

At the default preset (-6), the required RAM for decompressing is about
9MB. The BeagleBone seems to have 256MB of memory (that's what
Wikipedia says), so 9MB shouldn't be an issue.

And if 9MB is too much for some random board, xz -0 still compresses
better than gzip -9 (or so it should) with only 1MB of DecMem.
-- 
Marius Gavrilescu


pgpWPbktNjNTF.pgp
Description: PGP signature

Bug#726534: ITP: shiro -- Apache Shiro - Java Security Framework

[Emmanuel Bourg]

Package: wnpp
Severity: wishlist
Owner: Emmanuel Bourg 

* Package name: shiro
  Version : 1.2.2
  Upstream Author : The Apache Software Foundation
* URL : http://shiro.apache.org
* License : Apache-2.0
  Programming Lang: Java
  Description : Apache Shiro - Java Security Framework

Apache Shiro is a powerful and easy-to-use Java security framework that
performs authentication, authorization, cryptography, and session
management. With Shiro’s easy-to-understand API, you can quickly and
easily secure any application – from the smallest mobile applications to
the largest web and enterprise applications.


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/525ea45d.4050...@apache.org

Re: Propose Release Goals (delayed ;) - xz compression

[David Goodenough]

On Wednesday 16 Oct 2013, Hideki Yamane wrote:
> Hi,
> 
>  As dpkg introduced xz compression by default, we can make whole
>  packages xz-ed now. I think it's worth to try, so propose it as
>  a release goal (I know it should be sent before its dead line, but
>  please read).
> 
> 
> ---
> -- item)
>  rebuild whole package with xz
> 
> Benefit)
>  users : it reduces download (update) time.
>  mirror admins : it cuts traffic.
> 
> How to archive it? (a.k.a. costs))
>  Just rebuild your package with dpkg (>=1.17.0), cheap.
>  (it's not in jessie yet, Bug#717983 prevents to migrate to testing,
>   but now fixed in git and pending).
> 
> How to check it?)
>  Yes, just "ar -x" and you'll see it as data.tar.{gz,bz2,xz}, easy.
> 
> Trackable?)
>  So yes, just do it as above for whole repository and track numbers
>  and list non-xz-ed package.
> ---
> --
> 
>  Any idea for this?
>  It's worth to try *and* not so difficult, IMHO.

The only problem is that on small machines (things like the BeagleBone)
xz compression requires enough memory that you have to enable swap to
use dpkg.  Now on a machine with a sensible disk this is not a problem,
but on a machine where the "disk" is an SD-card it is a disaster.

David


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/201310161536.55485.david.goodeno...@btconnect.com

Propose Release Goals (delayed ;) - xz compression

[Hideki Yamane]

Hi,

 As dpkg introduced xz compression by default, we can make whole
 packages xz-ed now. I think it's worth to try, so propose it as
 a release goal (I know it should be sent before its dead line, but
 please read).


-
item)
 rebuild whole package with xz

Benefit)
 users : it reduces download (update) time.
 mirror admins : it cuts traffic.

How to archive it? (a.k.a. costs))
 Just rebuild your package with dpkg (>=1.17.0), cheap.
 (it's not in jessie yet, Bug#717983 prevents to migrate to testing,
  but now fixed in git and pending).

How to check it?)
 Yes, just "ar -x" and you'll see it as data.tar.{gz,bz2,xz}, easy.

Trackable?)
 So yes, just do it as above for whole repository and track numbers
 and list non-xz-ed package.
-

 Any idea for this?
 It's worth to try *and* not so difficult, IMHO.

-- 
Hideki Yamane


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/CAPpVEmWoy0_Nx2dH7zuyCRAFaQU6bYGeNUXga8=kddcvnov...@mail.gmail.com

Re: Bug#726393: general: Possible malware infections in source packages

[Jonathan Dowland]

On Wed, Oct 16, 2013 at 01:11:01PM +0200, Dominik George wrote:
> Looking at it as code, it is a 16-bit DOS Hello world-program. Not
> copyrightable, I suppose.

I do not want EICAR to be copywritable, but I reckon it probably is.
A surprising amount of work went into developing EICAR: it's a valid
16 bit DOS program as you point out, it's also composed entirely of
printable characters and uses self-modification to ensure it does
something useful when actually executed. As such it's clearly a
creative work, and an original creation at that.

Mark H has done a fair bit of work in this area.¹

¹ 
  I'm now considering, tongue slightly in cheek, whether to add
  EICAR support to game-data-packager.


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20131016132818.ga23...@bryant.redmars.org

Bug#726393: general: Possible malware infections in source packages

[Florian Weimer]

* Dominik George:

> It isn't a false positive in that regard that the package *does* in fact
> contain the virus sample.

That's non-free code and not suitable for main, so it must be removed
from the source tarball anyway.


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/87fvs18p4q@mid.deneb.enyo.de

Re: Bug#726393: general: Possible malware infections in source packages

[Dominik George]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Dominik George  schrieb:

>I do not think it is actually copyrightable software. It is a string
>that was agreed in to trigger antivirus scanners, so it is more or less
>a protocol. Consider the downloads at eicar.com reference
>implementations.

Looking at it as code, it is a 16-bit DOS Hello world-program. Not 
copyrightable, I suppose.

- -nik
-BEGIN PGP SIGNATURE-
Version: APG v1.0.8-fdroid

iQFNBAEBCgA3BQJSXnREMBxEb21pbmlrIEdlb3JnZSAobW9iaWxlIGtleSkgPG5p
a0BuYXR1cmFsbmV0LmRlPgAKCRAvLbGk0zMOJawsB/9AxDQcsOijrNCcesFuvZPT
bmpopMgUvSpqE4m3tsIAw/MI7V8mk/UAOEJ2DANKl3xcZOEvdTILshgFMOEGObJD
/u6qiF59nab3z2XrUnxiKijMn/0bDUSVSU/GRVJYRC8nCTvWuzqliTknDS3k5MpL
fmpPQb28Sdc/JDayB4950KBxxFSNhKjGK7Th96NAiEmDjkN96L8KnbzRML9+Gk93
6hbGDnditAETvpWH1Y4EiNlrDAcCaH0/l+1b1Y8rdbnjKYVzhnOQmj8UxdweZLOV
5P/VlwzlLoQH99Fg6QcPRUBkooNbiVp730kDjzKbLBtirF3VkwdvgpbIfA8KTRXc
=8U8Y
-END PGP SIGNATURE-


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/33eb8d3b-b2ac-410c-82ac-68b903ac9...@email.android.com

Re: Debian XDG basedir compliance

[alberto fuentes]

On Sat, Oct 12, 2013 at 4:10 AM, Russ Allbery  wrote:
> To add on to what Lars said, users still often use the same home directory
> on multiple systems (via NFS, AFS, etc.) and expect, when running the same
> application on different systems, for programs to find their configuration
> files in the same places.  The FHS doesn't pose the same issue, since
> those directories are generally (albeit not always) local to each system.

Good point, although for me this is a good argument for the opposite
of what you intend.

I want to be able to share my homes, but i do not want to share
configurations. Different versions of programs behave differently.

With XDG I can separate my data from my configuration. Thats it, i can
have my pdfs and photos and downloads separated from my configuration.

You could argue that I could have a directory under my Desktop called
stuff, to pour my personal data only there and treat that separately.
I much rather go with the standard :)

Greets


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/calkubt6jjd_oza-qc4eentbr2bkf1wjw+fjq+hyy-gx8dso...@mail.gmail.com

Re: Bug#726393: general: Possible malware infections in source packages

[Dominik George]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Marc Haber  schrieb:
>On Tue, 15 Oct 2013 13:19:38 +0200, "Thijs Kinkhorst"
> wrote:
>>I'm missing why the package cannot use the EICAR test virus signature
>for
>>its purposes.
>
>eicar.com does not have a distributable license.


I do not think it is actually copyrightable software. It is a string that was 
agreed in to trigger antivirus scanners, so it is more or less a protocol. 
Consider the downloads at eicar.com reference implementations.

TINLA, IANAL.

- -nik
-BEGIN PGP SIGNATURE-
Version: APG v1.0.8-fdroid

iQFNBAEBCgA3BQJSXnGVMBxEb21pbmlrIEdlb3JnZSAobW9iaWxlIGtleSkgPG5p
a0BuYXR1cmFsbmV0LmRlPgAKCRAvLbGk0zMOJX3/CACovs5UhI4gb9s02gWLzqL2
wC+wi+3ccQXJ91cnMUT+BSRHRjWRtvi/lC3cUYPzG1n1TNVzZDxIU5thdsg450Ok
Eu0HhDGPoO8VrmC4LF8ygQsYjRRoKVM8JxOsRhFcyS7vxgfTdicfq7sAQ5sXKUEx
Yl1uUGWgEKT5/6fP4+RF2lcvLVruJMj5+8Vv/1ryXBL0/tB78vZEl4h6pQkW98Oz
vRBRL6JbfcUZ2GMOKs9d6pbpJxERv2pfq3TsP8o0Iu4Asb+AQ91PTpJCsy5I1h9G
5VMcctfvGjrjBY3AJJJU01AOlv801hRmsyebB0D1M9hZsbeQ56wf2lkymTVhIyCM
=LkAR
-END PGP SIGNATURE-


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/e1dfb869-8575-4346-b10f-deecac597...@email.android.com

Re: Debian XDG basedir compliance

[Thomas Koch]

On Saturday, October 12, 2013 06:52:41 AM Paul Wise wrote:
> Good point. I've added a section on user home directories to the UG,
> pointing out the XDG spec and the libraries that support it.
> 
> https://wiki.debian.org/UpstreamGuide#User_home_directories
added a link to
https://wiki.debian.org/XDGBaseDirectorySpecification#libraries


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/201310161202.07376.tho...@koch.ro

Re: Bug#726393: general: Possible malware infections in source packages

[Marc Haber]

On Tue, 15 Oct 2013 13:19:38 +0200, "Thijs Kinkhorst"
 wrote:
>I'm missing why the package cannot use the EICAR test virus signature for
>its purposes.

eicar.com does not have a distributable license.

Greetings
Marc
-- 
-- !! No courtesy copies, please !! -
Marc Haber |   " Questions are the | Mailadresse im Header
Mannheim, Germany  | Beginning of Wisdom " | http://www.zugschlus.de/
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 621 72739834


--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/e1vwmtf-0004iw...@swivel.zugschlus.de

Bug#726493: ITP: ruby-netconf -- Ruby GEM for device management using the NETCONF protocol as specified in RFC4741 and RFC6241

[Sebastian Laubscher]

Package: wnpp
Severity: wishlist
Owner: Sebastian Laubscher 

* Package name: ruby-netconf
  Version : 0.3.1
  Upstream Author : Jeremy Schulman 
* URL : https://github.com/Juniper/net-netconf
* License : BSD
  Programming Lang: Ruby
  Description : Ruby GEM for device management using the NETCONF protocol 
as specified in RFC4741 and RFC6241

ruby-netconf is a Ruby GEM for device management using the NETCONF protocol as 
specified in RFC4741 and RFC6241. NETCONF provides mechanisms to install, 
manipulate and delete the configuration of network devices. It uses an 
XML-based data encoding for the configuration data as well as the protocol 
messages. The NETCONF protocol operations are realized as RPC. This GEM 
supports SSH, telnet and serial connections as transport layer.


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/20131016091653.2645.74044.report...@triton.nbg.teamix.net

Re: Bug#726393: general: Possible malware infections in source packages

[Marc Haber]

On Tue, 15 Oct 2013 12:54:36 +0200, Dominik George 
wrote:
>> Some of the source packages were caught on a gateway anti-virus scanner while
>> downloading.
>
>Using a gateway anti-virus scanner for downloads from the Debian archive
>seems a bit inappropriate, well, paranoid. Checking the signed hashsums
>would seem a lot better to verify the downloads; if Debian's
>infrastructure were compromised so viruses could get in *and* be signed,
>we and you have other problems.

In many organisations it would be a _huge_ hassle to be allowed to
Download Debian packages directly while bypassing the gateway scanner.
It might even lead to a knee-jerk reaction like "This Debian thingy
keeps setting off our security alerts, let's ban it and use a
supported enterprise distro".

Greetings
Marc
-- 
-- !! No courtesy copies, please !! -
Marc Haber |   " Questions are the | Mailadresse im Header
Mannheim, Germany  | Beginning of Wisdom " | http://www.zugschlus.de/
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 621 72739834


--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/e1vwn9r-0004kh...@swivel.zugschlus.de

Re: mips64el port build failed list

[YunQiang Su]

On Wed, Oct 16, 2013 at 3:02 AM, Bernd Zeimetz  wrote:
> hi!
>
> On 10/15/2013 03:59 PM, YunQiang Su wrote:
 The buildlog of these packages can be found in
  http://vip.moonux.org/attempted/
>
>
> Looking at one of my pet packages (gpsd):
>
> dpkg-checkbuilddeps: Unmet build dependencies: pps-tools (>=
> 0.20120406+g0deb9c7e-2~)
After install pps-tools manually, It built successfully now.
>
> but I don't see that building pps-tools failed, at least its not in the list. 
> Am
> I missing something or is there just something confused about the right order 
> to
> build packages?
>
>
> Cheers,
>
> Bernd
>
>
> --
>  Bernd ZeimetzDebian GNU/Linux Developer
>  http://bzed.dehttp://www.debian.org
>  GPG Fingerprint: ECA1 E3F2 8E11 2432 D485  DD95 EB36 171A 6FF9 435F



-- 
YunQiang Su


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/CAKcpw6XcKW7DKWXSBQR-e8nn4uU9FY5A8a2EEMkwzbCe3R=e...@mail.gmail.com

Bug#726488: ITP: ruby-commander -- Ruby command-line interface library

[Youhei SASAKI]

Package: wnpp
Owner: Youhei SASAKI 
Severity: wishlist

* Package name: ruby-commander
  Version : 4.1.5
  Upstream Author : TJ Holowaychuk
* URL or Web page : http://visionmedia.github.com/commander
* License : MIT
  Description : Ruby command-line interface library

 "Commander" bridges the gap between other terminal related libraries
 you know and love (OptionParser, HighLine), while providing many new
 features, and an elegant API.
 .
 Features:
* Easier than baking cookies
* Parses options using OptionParser
* Auto-populates struct with options:
  ( no more { |v| options[:recursive] = v } )
* Auto-generates help documentation via pluggable help formatters
* Optional default command when none is present
* Global / Command level options
* Packaged with two help formatters (Terminal, TerminalCompact)
* Imports the highline gem for interacting with the terminal
* Adds additional user interaction functionality
* Highly customizable progress bar with intuitive, simple usage
* Multi-word command name support
* Sexy paging for long bodies of text
* Command aliasing
* Use the 'commander' executable to initialize a commander driven program

---
Youhei SASAKI 
  
GPG fingerprint:
  4096/RSA: 66A4 EA70 4FE2 4055 8D6A C2E6 9394 F354 891D 7E07


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/8738o1ty5z.wl%uwab...@gfd-dennou.org

Bug#726482: ITP: lua-yaml -- LibYAML binding for Lua

[Victor Seva]

Package: wnpp
Severity: wishlist
Owner: Victor Seva 

* Package name: lua-yaml
  Version : 4
  Upstream Author : Gary V. Vaughan 
* URL : https://github.com/gvvaughan/lyaml
* License : Expat
  Programming Lang: Lua
  Description : LibYAML binding for Lua

 fast C implementation for converting between %YAML 1.1
 and Lua tables, and a low-level YAML event parser for
 implementing more intricate YAML document loading.


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20131016073154.16529.63116.reportbug@fiesta

Re: mips64el port build failed list

[YunQiang Su]

On Tue, Oct 15, 2013 at 11:23 PM, Paul Wise  wrote:
> On Tue, Oct 15, 2013 at 7:33 PM, YunQiang Su wrote:
>
>> We are working on the port of mips64el, and the progress is quite good.
>
> Please add that to debian-ports.org so that maintainers can find
> failed build logs linked from the PTS and work on fixing the issues.
> Until you are able to add mips64el to debian-ports.org, please at
> least provide the output of the dd-list command so that pro-active
I still cannot add it to debian-ports now. The dd-list output can be found
http://vip.moonux.org/attempted/0_dd-list.txt.xz

> maintainers can fix issues early. Do you have a machine that
> maintainers can access to port their packages to mips64el?
I am trying to build the third machine up, while I met some trouble.
So at least several days may be needed.
>
> Please add your architecture characteristics here:
>
> https://wiki.debian.org/ArchitectureSpecificsMemo
Added while
long long alignment , alignment of long, max alignment, unaligned access OK,
func param location, func return ptr location, page size(s)
need to be ensured again.
>
> --
> bye,
> pabs
>
> http://wiki.debian.org/PaulWise
>
>
> --
> To UNSUBSCRIBE, email to debian-mips-requ...@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
> Archive: 
> http://lists.debian.org/caktje6hunru4ce1mwhl9aondncpnwkqmkouup233xtyuakk...@mail.gmail.com
>



-- 
YunQiang Su


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/CAKcpw6UmHXnCfSnpjh6o8AFX9h895HHZCJaM1qDHu=zfuoi...@mail.gmail.com