Re: Intention to package x11amp

[Martin Mitchell]

Ben Gertzfield <[EMAIL PROTECTED]> writes:

> I'll wait then. I was talking to [EMAIL PROTECTED] about
> this, and whipped up some packages for the new version. They're
> done, but I won't upload them until Jens or Sami gets back to me.
> 
> Martin> Sami gave us http://www.x11amp.ml.org/ as website for
> Martin> x11amp.  I haven't checked if it's the same as above.
> 
> It's been moved to http://www.x11amp.bz.nu/ now.

I'd like to encourage the maintainer to ask them to release source under
a DFSG compatible license, so it can be placed in main, and so that it
may be compiled for other architectures.

Martin.


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Intention to package x11amp

[Ben Gertzfield]

> "Martin" == Martin Schulze <[EMAIL PROTECTED]> writes:

Martin> There are one or two others who have already signed up for
Martin> this package: Sami Haahtinen <[EMAIL PROTECTED]> and Jens
Martin> Ritter <[EMAIL PROTECTED]>.  Sami is still in the
Martin> new-maintainer procedure and has told us that he spoke to
Martin> the 'already registered maintainer'.  I believe he refers
Martin> to Grimaldi, if not, Grimaldi speak up now. :-)

I'll wait then. I was talking to [EMAIL PROTECTED] about
this, and whipped up some packages for the new version. They're
done, but I won't upload them until Jens or Sami gets back to me.

Martin> Sami gave us http://www.x11amp.ml.org/ as website for
Martin> x11amp.  I haven't checked if it's the same as above.

It's been moved to http://www.x11amp.bz.nu/ now.

-- 
Brought to you by the letters V and Y and the number 8.
"O, Mentos Boy!" -- Guppy
Ben Gertzfield  Finger me for my public
PGP key. I'm on FurryMUCK as Che, and EFNet and YiffNet IRC as Che_Fox.


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Intention to package x11amp

[Michael Bramer]

On Fri, May 08, 1998 at 12:10:56PM +0200, Martin Schulze wrote:
> On Thu, May 07, 1998 at 07:37:57PM -0700, Ben Gertzfield wrote:
> > This is my formal announcement of intention to package x11amp, a
> > graphical .mp3 player for X.
> > 
> > x11amp is a clone of WinAMP. It's free to redistribute, but no
> > source is available, so it's going into non-free/sound.
> > 
> > Its home page is: http://www.x11amp.bz.nu/
> > 
> > One question: x11amp uses the real-time functions of Linux (and sounds
> > much better) if it's installed suid-root, but there are unknown holes
> > that this opens up. Should I use suidmanager and make it suid?
> 
> There are one or two others who have already signed up for this
> package: Sami Haahtinen <[EMAIL PROTECTED]> and Jens Ritter
> <[EMAIL PROTECTED]>.  Sami is still in the new-maintainer procedure
> and has told us that he spoke to the 'already registered maintainer'.
> I believe he refers to Grimaldi, if not, Grimaldi speak up now. :-)

Grimaldi (Jens Ritter) is on vacation and is back at 20.05.1998.

Grisu


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Intention to package x11amp

[Martin Schulze]

On Thu, May 07, 1998 at 07:37:57PM -0700, Ben Gertzfield wrote:
> This is my formal announcement of intention to package x11amp, a
> graphical .mp3 player for X.
> 
> x11amp is a clone of WinAMP. It's free to redistribute, but no
> source is available, so it's going into non-free/sound.
> 
> Its home page is: http://www.x11amp.bz.nu/
> 
> One question: x11amp uses the real-time functions of Linux (and sounds
> much better) if it's installed suid-root, but there are unknown holes
> that this opens up. Should I use suidmanager and make it suid?

There are one or two others who have already signed up for this
package: Sami Haahtinen <[EMAIL PROTECTED]> and Jens Ritter
<[EMAIL PROTECTED]>.  Sami is still in the new-maintainer procedure
and has told us that he spoke to the 'already registered maintainer'.
I believe he refers to Grimaldi, if not, Grimaldi speak up now. :-)

Sami gave us http://www.x11amp.ml.org/ as website for x11amp.  I
haven't checked if it's the same as above.

Regards,

Joey

-- 
  / Martin Schulze  *  [EMAIL PROTECTED]  *  26129 Oldenburg /
 / http://home.pages.de/~joey/
/ The only stupid question is the unasked one   /


pgpuHvDwyN2Tg.pgp
Description: PGP signature

Re: Intention to package x11amp

[Joey Hess]

Ben Gertzfield wrote:
> No source available. :/

In the FAQ, though, it says there will be source available sometime.

-- 
see shy jo


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Intention to package x11amp

[Ben Gertzfield]

> "Andreas" == Andreas Jellinghaus <[EMAIL PROTECTED]> writes:

Andreas> don't make it suid if it works without (mpg123, amp both
Andreas> work well as normal programs), register it with
Andreas> suidmanager without suid bit, and document in
Andreas> README.debian how to make it suid, what advantages this
Andreas> has, and the security risks.

Right, that's what I'm doing.

Andreas> maybe also look for buffer overflows or similiar stuff in
Andreas> the source.

No source available. :/

-- 
Brought to you by the letters L and I and the number 12.
"Frungy! Frungy! Frungy!!" -- ZokFotPik, SCII
Ben Gertzfield  Finger me for my public
PGP key. I'm on FurryMUCK as Che, and EFNet and YiffNet IRC as Che_Fox.


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Intention to package x11amp

[Andreas Jellinghaus]

>One question: x11amp uses the real-time functions of Linux (and sounds
>much better) if it's installed suid-root, but there are unknown holes
>that this opens up. Should I use suidmanager and make it suid?

don't make it suid if it works without (mpg123, amp both work well as normal
programs), register it with suidmanager without suid bit, and document in
README.debian how to make it suid, what advantages this has, and the security
risks. 

maybe also look for buffer overflows or similiar stuff in the source.

andreas


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Intention to package x11amp

[Larry 'Daffy' Daffner]

> "BG" == Ben Gertzfield <[EMAIL PROTECTED]> writes:

> "Larry" == Larry 'Daffy' Daffner <[EMAIL PROTECTED]> writes:
  Larry> I would say to register it with suidmanager, leave it
  Larry> non-suid by default, and place a notice somewhere that if
  Larry> performance is an issue, it may be made setuid through
  Larry> suidregister. On my K6-200, the CPU time it takes up is
  Larry> pretty negligible, although I understand it may be an issue
  Larry> on lesser machines :)

  BG> Good idea. How exactly should I explain the use of suidmanager
  BG> in the README, though?  -- Brought to you by the letters H and G
  BG> and the number 10.  "Disobeying me?" "No, I don't." -- Final
  BG> Fantasy II Ben Gertzfield 
  BG> Finger me for my public PGP key. I'm on FurryMUCK as Che, and
  BG> EFNet and YiffNet IRC as Che_Fox.

I'd put something like this:

Although x11amp is more efficient if made setuid root, doing so has
the potential of opening security holes, especially since it is a
binary-only package. Thus, it is not installed setuid by default. If
you require the additional efficency (for instance, if it skips,
or freezes) or you are aware of the security issues and consider the
risks acceptable, then you may run the following command to set x11amp 
to run setuid:

suidmanager (insert required options here)

-Larry

-- 
  Larry Daffner|  Linux: Unleash the workstation in your PC!
  [EMAIL PROTECTED] / http://web2.airmail.net/vizzie/
It is important to keep an open mind, but not so open that your brains fall
out.  --Stephen A. Kallis, Jr.


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Intention to package x11amp

[Ben Gertzfield]

> "Larry" == Larry 'Daffy' Daffner <[EMAIL PROTECTED]> writes:

Larry> I would say to register it with suidmanager, leave it
Larry> non-suid by default, and place a notice somewhere that if
Larry> performance is an issue, it may be made setuid through
Larry> suidregister. On my K6-200, the CPU time it takes up is
Larry> pretty negligible, although I understand it may be an issue
Larry> on lesser machines :)

Good idea. How exactly should I explain the use of suidmanager in
the README, though?
-- 
Brought to you by the letters H and G and the number 10.
"Disobeying me?" "No, I don't." -- Final Fantasy II
Ben Gertzfield  Finger me for my public
PGP key. I'm on FurryMUCK as Che, and EFNet and YiffNet IRC as Che_Fox.


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Intention to package x11amp

[Larry 'Daffy' Daffner]

> "BG" == Ben Gertzfield <[EMAIL PROTECTED]> writes:

  BG> One question: x11amp uses the real-time functions of Linux (and
  BG> sounds much better) if it's installed suid-root, but there are
  BG> unknown holes that this opens up. Should I use suidmanager and
  BG> make it suid?

I would say to register it with suidmanager, leave it non-suid by
default, and place a notice somewhere that if performance is an issue, 
it may be made setuid through suidregister. On my K6-200, the CPU time 
it takes up is pretty negligible, although I understand it may be an
issue on lesser machines :)

However, since it does not come with source, my opinion is that
leaving it suid by default would be irresponsible of us as a
distribution, especially since it is not necessary for proper
functioning of the program.

-Larry

-- 
  Larry Daffner|  Linux: Unleash the workstation in your PC!
  [EMAIL PROTECTED] / http://web2.airmail.net/vizzie/
One macine can do the work of fifty ordinary men. No machine can do the work of
one extraordinary man.  --Elbert Hubbard


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]