Re: Base system installation errors in testing due to libldap

2008-05-20 Thread Steve Langasek 
On Sun, May 18, 2008 at 05:56:08PM +0200, Adeodato Simó wrote:
> * Frans Pop [Sun, 18 May 2008 17:38:52 +0200]:

> > Given that, maybe even removal would be an option, but I'll leave that to 
> > RMs.

> The removal will happen eventually, since it's been removed from
> unstable already. But not before libaws is rebuilt against libldap-2.4-2, 
> which FTBFSed, and needs somebody investigating it.

Getting libaws rebuilt against libldap-2.4-2 isn't a precondition.  I intend
for libldap2 to be removed for lenny, regardless.

But libldap-2.4-2 shouldn't conflict with libldap2 anyway.  That was an
unauthorized NMU change which I intend to revert.

-- 
Steve Langasek   Give me a lever long enough and a Free OS
Debian Developer   to set it on, and I can move the world.
Ubuntu Developerhttp://www.debian.org/
[EMAIL PROTECTED] [EMAIL PROTECTED]


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Freeze exception for shadow

2008-05-20 Thread Nicolas François 
Dear RMs,

I would like to make an update for shadow to fix a bug in the SHA password
encryption method.

I don't think this patch would be required for security reasons (I consider
the current SHA method, with the bug, still more secure as the MD5 password
encryption method), but I would prefer to get it right in stable.

The patch, already applied upstream, is attached.

Together with that update, I would like to backport some patches for the
manpages:
- Document the -r, --system option in the useradd, groupadd, and newusers
  manpages.
- Document the -c, --crypt-method and -s, --sha-rounds options in the
  newusers manpage.
- Document the -k, --skel option in the useradd manpage.

And document some of the Debian patches (basically indicating that some of
them are now applied upstream).

Would an upload be OK for
 * the fix for the SHA password encrypt method
 * documentation of options
 * documentation of patches

Best Regards,
-- 
Nekral
Index: libmisc/salt.c
===
--- libmisc/salt.c	(révision 1988)
+++ libmisc/salt.c	(copie de travail)
@@ -90,9 +90,10 @@
  */
 static unsigned int SHA_salt_size (void)
 {
-	double rand_rounds = 9 * random ();
-	rand_rounds /= RAND_MAX;
-	return 8 + rand_rounds;
+	double rand_size;
+	seedRNG ();
+	rand_size = (double) 9.0 * random () / RAND_MAX;
+	return 8 + rand_size;
 }
 
 /* ! Arguments evaluated twice ! */
@@ -131,8 +132,8 @@
 		if (min_rounds > max_rounds)
 			max_rounds = min_rounds;
 
-		srand (time (NULL));
-		rand_rounds = (max_rounds-min_rounds+1) * random ();
+		seedRNG ();
+		rand_rounds = (double) (max_rounds-min_rounds+1.0) * random ();
 		rand_rounds /= RAND_MAX;
 		rounds = min_rounds + rand_rounds;
 	} else if (0 == *prefered_rounds)
Index: ChangeLog
===
--- ChangeLog	(révision 1994)
+++ ChangeLog	(copie de travail)
@@ -1,5 +1,15 @@
 2008-05-20  Nicolas François  <[EMAIL PROTECTED]>
 
+	* NEWS, libmisc/salt.c (SHA_salt_size): Seed the RNG, and fix a
+	overflow. These caused the SHA salt size to always be 8 bytes,
+	instead of being in the 8-16 range. Thanks to Peter Vrabec
+	[EMAIL PROTECTED] for noticing.
+	* NEWS, libmisc/salt.c (SHA_salt_rounds): Seed the RNG with
+	seedRNG instead of srand, and fix the same overflow. This caused
+	the number of rounds to always be the smallest one.
+
+2008-05-20  Nicolas François  <[EMAIL PROTECTED]>
+
 	* man/newusers.8.xml man/groupmems.8.xml man/groupdel.8.xml
 	man/useradd.8.xml man/groupadd.8.xml man/newgrp.1.xml man/sg.1.xml
 	man/chgpasswd.8.xml man/groupmod.8.xml: Tag the section which
Index: NEWS
===
--- NEWS	(révision 1994)
+++ NEWS	(copie de travail)
@@ -2,6 +2,15 @@
 
 shadow-4.1.1 -> shadow-4.1.2		UNRELEASED
 
+*** security:
+- generation of SHA encrypted passwords (chpasswd, gpasswd, newusers,
+  chgpasswd; and also passwd if configured without PAM support).
+  The number of rounds and number of salt bytes was fixed to their lower
+  allowed values (resp. configurable and 8), hence voiding some of the
+  advantages of this encryption method. Dictionary attacks with
+  precomputed tables were easier than expected, but still harder than with
+  the MD5 (or DES) methods.
+
 *** general:
 - packaging
   * Distribute the chfn, chsh, and userdel PAM configuration file.

Re: [Debian-haskell] ghc6 transition overview (update)

2008-05-20 Thread John Goerzen 
Joachim Breitner wrote:

> 
> libghc6-hdbc-sqlite3-dev
> libhugs-hdbc-sqlite3
> hpodder (which is the only reverse dependency)

Makes sense to me.

-- John


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

ghc6 transition overview (update)

2008-05-20 Thread Joachim Breitner 
Hi,

another update from the ghc6 transition. As far as I can tell, there are
two things left to do:

Upload packages:
The following packages have been built by the buildds and should be
uploaded, all on powerpc:

haskell-anydbm
ftphs
haskelldb
haxml
haskell-hgl
haskell-hsh
haskell-hsql
pandoc

(Maybe this is happening while I write this, in this case: Thanks.
Thanks also to the other buildd admins that filled the gaps in the last
days).

Other other issue is a strange hugs-related build failure on hppa 
http://buildd.debian.org/fetch.cgi?&pkg=hdbc-sqlite3&ver=1.1.4.0.0&arch=hppa&stamp=1210923274&file=log
Unfortunately, no hppa machine is available at the moment to debug this
error. Therefore I propose that we remove these hppa packages from
unstable:

libghc6-hdbc-sqlite3-dev
libhugs-hdbc-sqlite3
hpodder (which is the only reverse dependency)


With these two things done, the migration should be possible, at least
according to the migration web scripts.

Thanks to Philipp Kern that gave me useful hints.

Greetings,
Joachim

-- 
Joachim "nomeata" Breitner
Debian Developer
  [EMAIL PROTECTED] | ICQ# 74513189 | GPG-Keyid: 4743206C
  JID: [EMAIL PROTECTED] | http://people.debian.org/~nomeata


signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil

Re: [Debian-haskell] ghc6 transition overview

2008-05-20 Thread Ian Lynagh 
On Tue, May 20, 2008 at 09:02:58PM +0200, Joachim Breitner wrote:
> 
> haskell-cgi is not in lenny ATM (although it’s in etch).

Oh yes, silly me!


Thanks
Ian


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: [Debian-haskell] ghc6 transition overview

2008-05-20 Thread Thiemo Seufer 
Ian Lynagh wrote:
> On Tue, May 20, 2008 at 10:40:14AM +0200, Joachim Breitner wrote:
> > 
> > Here is a small overview of the ghc6 related packages.
> 
> I'm a bit confused - is this meant to be a complete list?
> It doesn't mention, e.g., haskell-cgi on powerpc, which AFAICS has all
> its deps satisfied and just needs to be built (on voltaire) (currently
> in state "Building").
> Or have you deliberately not mentioned those that have only relatively
> recently changed to state "Building"?
> 
> Also, s390 has failed at least haskell-arrows and haskell-cgi. I haven't
> tried, but I believe they'd build fine.

JFTR, haskell-haskell-src and washngo still failed on mips with
"virtual memory exhausted: Cannot allocate memory" for my last
test build.


Thiemo


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: [Debian-haskell] ghc6 transition overview

2008-05-20 Thread Joachim Breitner 
Hi,

Am Dienstag, den 20.05.2008, 18:55 +0100 schrieb Ian Lynagh:
> On Tue, May 20, 2008 at 10:40:14AM +0200, Joachim Breitner wrote:
> > 
> > Here is a small overview of the ghc6 related packages.
> 
> I'm a bit confused - is this meant to be a complete list?

I was hoping so – it’s from
http://release.debian.org/migration/testing.pl?package=ghc6;expand=1
not sure what other migration problems might exist that are not listed
there.

> It doesn't mention, e.g., haskell-cgi on powerpc, which AFAICS has all
> its deps satisfied and just needs to be built (on voltaire) (currently
> in state "Building").

haskell-cgi is not in lenny ATM (although it’s in etch).

> Or have you deliberately not mentioned those that have only relatively
> recently changed to state "Building"?
> 
> Also, s390 has failed at least haskell-arrows and haskell-cgi. I haven't
> tried, but I believe they'd build fine.

haskell-arrows as well has been removed from lenny, both in January:
http://packages.qa.debian.org/h/haskell-arrows/news/20080116T233912Z.html

So while it’s of course desirable to get them in as well, they would not
stop the migration of ghc6.

Greetings,
Joachim

-- 
Joachim "nomeata" Breitner
Debian Developer
  [EMAIL PROTECTED] | ICQ# 74513189 | GPG-Keyid: 4743206C
  JID: [EMAIL PROTECTED] | http://people.debian.org/~nomeata


signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil

Re: [Debian-haskell] ghc6 transition overview

2008-05-20 Thread Ian Lynagh 
On Tue, May 20, 2008 at 10:40:14AM +0200, Joachim Breitner wrote:
> 
> Here is a small overview of the ghc6 related packages.

I'm a bit confused - is this meant to be a complete list?
It doesn't mention, e.g., haskell-cgi on powerpc, which AFAICS has all
its deps satisfied and just needs to be built (on voltaire) (currently
in state "Building").
Or have you deliberately not mentioned those that have only relatively
recently changed to state "Building"?

Also, s390 has failed at least haskell-arrows and haskell-cgi. I haven't
tried, but I believe they'd build fine.


Thanks
Ian


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: ghc6 transition overview

2008-05-20 Thread Luk Claes 
Joachim Breitner wrote:
> Hi,

Hi

> These can be restarted, dependencies are available:
> haskell-http # (powerpc)

given back

> haskell-hgl # (s390)

installed in the mean time...

Cheers

Luk


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Please unblock eject

2008-05-20 Thread Neil McGovern 
On Tue, May 20, 2008 at 10:58:49AM -0300, Otavio Salvador wrote:
> Neil McGovern <[EMAIL PROTECTED]> writes:
> > On Tue, May 20, 2008 at 02:12:50PM +0200, Frank Lichtenheld wrote:
> >> Please unblock eject 2.1.5-8, which is blocked for
> >> its udeb. Changes:
> >> 
> >>* Don't issue an error message about missing dmcrypt script.
> >>  This avoids some spurios warnings in d-i. Closes: #470760
> >>* Debhelper:
> >>  - Increase compat level to 6
> >>  - Use dh_lintian to install override. Needs
> >>build-depends debhelper >= 6.0.7.
> >>* Debconf translations:
> >>  - Albanian added. Closes: #480280
> >>  - Belarusian added. Closes: #480922
> >>  - Irish added. Closes: #480876
> >>* Program translations:
> >>  - Eperanto added. Closes: #478957
> >> 
> >
> > CC-ing -boot
> >
> 
> No objection
> 

Unblocked.

Neil
-- 
 is _that_ gunnar?
 yes
 what happened to his tires?
 He's shrunk. I think his wife washed him at too high a temperature.


signature.asc
Description: Digital signature

Re: Debian Installer Kernel Migration

2008-05-20 Thread Adeodato Simó 
* Adeodato Simó [Mon, 19 May 2008 23:12:31 +0200]:

> linux-2.6_tpu approved for migration (will hopefully migrate with the
> next britney run)

Meh, there were some old 2.6.18 and 2.6.22 packages in t-p-u that made
britney think 2.6.24-7 was out of date.

Cruft removed by ftpmaster now, it'll hopefully migrate next.

Cheers,

-- 
Adeodato Simó dato at net.com.org.es
Debian Developer  adeodato at debian.org
 
 Listening to: Mónica Naranjo - Desátame


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Please unblock eject

2008-05-20 Thread Otavio Salvador 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Neil McGovern <[EMAIL PROTECTED]> writes:

> On Tue, May 20, 2008 at 02:12:50PM +0200, Frank Lichtenheld wrote:
>> Please unblock eject 2.1.5-8, which is blocked for
>> its udeb. Changes:
>> 
>>* Don't issue an error message about missing dmcrypt script.
>>  This avoids some spurios warnings in d-i. Closes: #470760
>>* Debhelper:
>>  - Increase compat level to 6
>>  - Use dh_lintian to install override. Needs
>>build-depends debhelper >= 6.0.7.
>>* Debconf translations:
>>  - Albanian added. Closes: #480280
>>  - Belarusian added. Closes: #480922
>>  - Irish added. Closes: #480876
>>* Program translations:
>>  - Eperanto added. Closes: #478957
>> 
>
> CC-ing -boot
>
> Neil
> -- 
>  Ganneff is just a big cuddly teddy bear.
>  Our photo proves it.

No objection

- -- 
O T A V I OS A L V A D O R
- -
 E-mail: [EMAIL PROTECTED]  UIN: 5906116
 GNU/Linux User: 239058 GPG ID: 49A5F855
 Home Page: http://otavio.ossystems.com.br
- -
"Microsoft sells you Windows ... Linux gives
 you the whole house."
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.8+ 

iD8DBQFIMtkSLqiZQEml+FURArEJAJ0T2AiqJDItzsRoW4/ty7JZodZqIQCeITqJ
WjggVsnXeYRSla5MFj2UnE8=
=/VeH
-END PGP SIGNATURE-


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Please unblock eject

2008-05-20 Thread Neil McGovern 
On Tue, May 20, 2008 at 02:12:50PM +0200, Frank Lichtenheld wrote:
> Please unblock eject 2.1.5-8, which is blocked for
> its udeb. Changes:
> 
>* Don't issue an error message about missing dmcrypt script.
>  This avoids some spurios warnings in d-i. Closes: #470760
>* Debhelper:
>  - Increase compat level to 6
>  - Use dh_lintian to install override. Needs
>build-depends debhelper >= 6.0.7.
>* Debconf translations:
>  - Albanian added. Closes: #480280
>  - Belarusian added. Closes: #480922
>  - Irish added. Closes: #480876
>* Program translations:
>  - Eperanto added. Closes: #478957
> 

CC-ing -boot

Neil
-- 
 Ganneff is just a big cuddly teddy bear.
 Our photo proves it.


signature.asc
Description: Digital signature

Re: More give-backs

2008-05-20 Thread Julien Cristau 
On Tue, May 20, 2008 at 13:48:02 +0100, Thiemo Seufer wrote:

> bin-prot# (arm mips) [mipsel needs dep-wait on 
> libtype-conv-camlp4-dev]
> sexplib310  # (arm hppa ia64 mips) [mipsel needs dep-wait on 
> libtype-conv-camlp4-dev]
> type-conv # (mipsel)
> ocaml-res # (mipsel)
> 
These should probably wait for now, they'll need rebuilt against ocaml
3.10.2 soon anyway.

Cheers,
Julien


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: updates bind9 package for etch?

2008-05-20 Thread Jan Wagner 
On Tuesday 20 May 2008 14:14, Thijs Kinkhorst wrote:
> On Tuesday 20 May 2008 14:11, Jan Wagner wrote:
> > malice or not, if the old L would have answered with false (in which way
> > ever) answers, there would be a significant part of users affected. Users
> > (of users) of a stock bind9 right out of stable are also affected.
>
> True, but it doesn't, so there's nothing affected.

Beside the judge, how urgent this should be fixed in any distribution (like 
debian is one), it should be fixed urgently in any operational resolving 
nameserver. You don't know if this "fix" is permanent. There are many issues 
on the global routing table clowd. For an example, have a look into 
http://www.ripe.net/news/study-youtube-hijacking.html. So to have a broken 
system (like DNS it is with this root file) a bit more unbroken, the 
resolvers should be fixed. Such an issue is one reason for DNSSEC[1], which 
also have issues anyways.

> > > bit more nuance to it. We're getting multiple mails of people already
> > > that read your post without reading ICANN's and think there's something
> > > dangerous going on.
> >
> > WTF?!? I can't get, that people don't read the refered document, if they
> > are so worried. It was not my intention to provide misleading
> > informations, sorry.
>
> I don't promote people not reading well, but it's unfortunately a fact of
> life. Stolen has a denotation of malice and bad faith, so I think it's
> desirable not to use such inflated terminology to start with. Of couse it's
> your blog so you put on it what you want, but I think it would be better
> for everyone to pick words that accurately describe the issue we're under,
> and not something "just to get attention". But anyway, this gets off topic.

I updated the article once 13:20 CEST and now again, which hopefully makes it 
much more clear. Any yes, it _was_ "stolen", cause the system was out of 
control of the legitim operators, this word was not used to get "just" the 
attention.

> I'll just keep replying to those people emailing us that there's no
> security issue here.

Into which input channel do you get these mails? [EMAIL PROTECTED]

With kind regards, Jan.
[1] http://en.wikipedia.org/wiki/DNSSEC
-- 
Never write mail to <[EMAIL PROTECTED]>, you have been warned!
-BEGIN GEEK CODE BLOCK-
Version: 3.1
GIT d-- s+: a- C+++ UL P+ L+++ E- W+++ N+++ o++ K++ w--- O M V- PS PE
Y++ PGP++ t-- 5 X R tv- b+ DI- D++ G++ e++ h-- r+++ y+++
--END GEEK CODE BLOCK--


pgpH2CCftHdyk.pgp
Description: PGP signature

More give-backs

2008-05-20 Thread Thiemo Seufer 
Please give back the following packages, they should build now:

libhildonhelp   # (mipsel)
hildon-desktop  # [mipsel needs dep-wait on libhildonhelp0]
bin-prot# (arm mips) [mipsel needs dep-wait on libtype-conv-camlp4-dev]
sexplib310  # (arm hppa ia64 mips) [mipsel needs dep-wait on 
libtype-conv-camlp4-dev]

Also, the mipsel buildds had a hiccup which kept some packages in
"Building" state. Some of those packages have bugs anyway, but the
remaining ones could do with re-try:

gecode  # (mipsel)
postgresql-plruby # (mipsel)
gdb # (mipsel)
type-conv   # (mipsel)
ocaml-res   # (mipsel)


Thiemo


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: updates bind9 package for etch?

2008-05-20 Thread Thijs Kinkhorst 
On Tuesday 20 May 2008 14:11, Jan Wagner wrote:
> malice or not, if the old L would have answered with false (in which way
> ever) answers, there would be a significant part of users affected. Users
> (of users) of a stock bind9 right out of stable are also affected.

True, but it doesn't, so there's nothing affected.

> > bit more nuance to it. We're getting multiple mails of people already
> > that read your post without reading ICANN's and think there's something
> > dangerous going on.
>
> WTF?!? I can't get, that people don't read the refered document, if they
> are so worried. It was not my intention to provide misleading informations,
> sorry.

I don't promote people not reading well, but it's unfortunately a fact of 
life. Stolen has a denotation of malice and bad faith, so I think it's 
desirable not to use such inflated terminology to start with. Of couse it's 
your blog so you put on it what you want, but I think it would be better for 
everyone to pick words that accurately describe the issue we're under, and 
not something "just to get attention". But anyway, this gets off topic. I'll 
just keep replying to those people emailing us that there's no security issue 
here.


bye,
Thijs


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Please unblock eject

2008-05-20 Thread Frank Lichtenheld 
Please unblock eject 2.1.5-8, which is blocked for
its udeb. Changes:

   * Don't issue an error message about missing dmcrypt script.
 This avoids some spurios warnings in d-i. Closes: #470760
   * Debhelper:
 - Increase compat level to 6
 - Use dh_lintian to install override. Needs
   build-depends debhelper >= 6.0.7.
   * Debconf translations:
 - Albanian added. Closes: #480280
 - Belarusian added. Closes: #480922
 - Irish added. Closes: #480876
   * Program translations:
 - Eperanto added. Closes: #478957

Gruesse,
-- 
Frank Lichtenheld <[EMAIL PROTECTED]>
www: http://www.djpig.de/


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: updates bind9 package for etch?

2008-05-20 Thread Jan Wagner 
Hi Thijs,

On Tuesday 20 May 2008 13:40, Thijs Kinkhorst wrote:
> I think your blog post with title "stolen" suggests malice and is not
> representative of the real severity of the issue. I suggest that you add a

malice or not, if the old L would have answered with false (in which way ever) 
answers, there would be a significant part of users affected. Users (of 
users) of a stock bind9 right out of stable are also affected.
Yes, it was my intention have a strikingly subject to get the 
attention/awareness of the issue.

> bit more nuance to it. We're getting multiple mails of people already that
> read your post without reading ICANN's and think there's something
> dangerous going on.

WTF?!? I can't get, that people don't read the refered document, if they are 
so worried. It was not my intention to provide misleading informations, 
sorry.

With kind regards, Jan.
-- 
Never write mail to <[EMAIL PROTECTED]>, you have been warned!
-BEGIN GEEK CODE BLOCK-
Version: 3.1
GIT d-- s+: a- C+++ UL P+ L+++ E- W+++ N+++ o++ K++ w--- O M V- PS PE
Y++ PGP++ t-- 5 X R tv- b+ DI- D++ G++ e++ h-- r+++ y+++
--END GEEK CODE BLOCK--


pgpbbG32AYXgG.pgp
Description: PGP signature

Re: updates bind9 package for etch?

2008-05-20 Thread Thijs Kinkhorst 
On Tuesday 20 May 2008 13:36, Jan Wagner wrote:
> On Tuesday 20 May 2008 11:58, Thijs Kinkhorst wrote:
> > Reading that blog post, it becomes clear to me that there's no immediate
> > problem with this address, only that it ideally "shouldn't have been done
> > this way". I don't see a ground for doing this "asap".
>
> with "asap" wasn't meant DSA-like.

I think your blog post with title "stolen" suggests malice and is not 
representative of the real severity of the issue. I suggest that you add a 
bit more nuance to it. We're getting multiple mails of people already that 
read your post without reading ICANN's and think there's something dangerous 
going on.


thanks,
Thijs


pgptvati5Tgrg.pgp
Description: PGP signature

Re: updates bind9 package for etch?

2008-05-20 Thread Jan Wagner 
Hi Thijs,

On Tuesday 20 May 2008 11:58, Thijs Kinkhorst wrote:
> Reading that blog post, it becomes clear to me that there's no immediate
> problem with this address, only that it ideally "shouldn't have been done
> this way". I don't see a ground for doing this "asap".

with "asap" wasn't meant DSA-like.

> Of course such an update could be put into the next point update if the
> maintainer provides it and the SRM's think it's ok. Alternatively we could
> roll it into another DSA for bind if an issue with bind would come up
> sometime in the future.

Lets see what LaMont says. :)

With kind regards, Jan.
-- 
Never write mail to <[EMAIL PROTECTED]>, you have been warned!
-BEGIN GEEK CODE BLOCK-
Version: 3.1
GIT d-- s+: a- C+++ UL P+ L+++ E- W+++ N+++ o++ K++ w--- O M V- PS PE
Y++ PGP++ t-- 5 X R tv- b+ DI- D++ G++ e++ h-- r+++ y+++
--END GEEK CODE BLOCK--


pgpzxxVdMTsOf.pgp
Description: PGP signature

Re: updates bind9 package for etch?

2008-05-20 Thread Thijs Kinkhorst 
On Tuesday 20 May 2008 11:28, Jan Wagner wrote:
> While reading about the issues of renumbering L.ROOT-SERVERS.NET on
> http://blog.icann.org/?p=309, we should provide asap an up to date db.root
> file.

Reading that blog post, it becomes clear to me that there's no immediate 
problem with this address, only that it ideally "shouldn't have been done 
this way". I don't see a ground for doing this "asap".

Of course such an update could be put into the next point update if the 
maintainer provides it and the SRM's think it's ok. Alternatively we could 
roll it into another DSA for bind if an issue with bind would come up 
sometime in the future.


cheers,
Thijs


pgp2ZMGbqkYKr.pgp
Description: PGP signature

updates bind9 package for etch?

2008-05-20 Thread Jan Wagner 
Package: bind9
Version: 1:9.3.4-2etch1
Severity: important

While reading about the issues of renumbering L.ROOT-SERVERS.NET on 
http://blog.icann.org/?p=309, we should provide asap an up to date db.root 
file.

The actual file can be obtained from: http://www.internic.net/zones/named.root

Thanks and with kind regards, Jan.
-- 
Never write mail to <[EMAIL PROTECTED]>, you have been warned!
-BEGIN GEEK CODE BLOCK-
Version: 3.1
GIT d-- s+: a- C+++ UL P+ L+++ E- W+++ N+++ o++ K++ w--- O M V- PS PE
Y++ PGP++ t-- 5 X R tv- b+ DI- D++ G++ e++ h-- r+++ y+++
--END GEEK CODE BLOCK--


pgpIOOykHiAPy.pgp
Description: PGP signature

ghc6 transition overview

2008-05-20 Thread Joachim Breitner 
Hi,

Am Dienstag, den 20.05.2008, 01:03 +0100 schrieb Thiemo Seufer:
> Several packages are stuck in "Building" status for 47 days on peri, for
> no apparent reason:
> 
> gcj-4.1
> haskell-hsql-odbc
> haskell-hsql-postgresql
> haskell-hsql-mysql
> 
> Maybe giving them back helps.

Thanks Thiemo.

Here is a small overview of the ghc6 related packages.

A lot of haskell packages are in state "Building", although not for so
long yet, which is very good:

All on powerpc:
  * haskell-anydbm
  * ftphs
  * haskelldb
  * haxml
  * haskell-hgl
  * haskell-hsh
  * haskell-hsql
All on s390:
  * haskell-glut
All on mipsel:
  * haskell-hgl
All on mips:
  * pandoc

pandoc on mips is currently building, so hopefully will be in that state
soon as well.


These can be restarted, dependencies are available:
haskell-http # (powerpc)
haskell-hgl # (s390)


So this still needs to happen for the ghc6 transition:
* pandoc needs to build on powerpc (it’s already given back)
* build problem of hdbc-sqlite3 on hppa debugged


Things are looking good, thanks to all those involved,

Joachim

-- 
Joachim "nomeata" Breitner
Debian Developer
  [EMAIL PROTECTED] | ICQ# 74513189 | GPG-Keyid: 4743206C
  JID: [EMAIL PROTECTED] | http://people.debian.org/~nomeata


signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil