Re: Debian: automated embedded code copy discovery
I think it will be ok to avoid using CFinder. It was originally used as an alternative algorithm to find embedded code relationships. However, it has a much higher false positive rate (it detects false relationships when it shouldn't). I was originally considering not using this part of the system for Debian because of the false positive problems. -- Silvio On Tue, Feb 21, 2012 at 11:35 PM, Paul Wise wrote: > On Tue, 2012-02-21 at 19:04 +1100, Silvio Cesare wrote: > >> Hi. I think I'll be able to spend March working on it. I will rewrite >> parts of and clean up the code and get it ready for packaging. > > Great! > >> The system uses a closed source tool called CFinder >> (http://www.cfinder.org/) to perform clique detection. The license of >> that software is: > ... >> Is this license ok? If not, it is possible that I could find other >> software to replace it. However, I would have to do more investigation >> to see what else is available. It is possible to not use it at all, >> but it means some useful features would not be available in the final >> system. > > That license is definitely non-free and is not yet available in Debian. > I think that we would not accept using it in Debian infrastructure. What > features would we miss out on if CFinder were unavailable? Have you > tried asking the CFinder copyright holders to re-license it under a > standard Free Software license like the GNU GPL, BSD or MIT licenses? > > I wonder if qiime could be a replacement: > > http://packages.debian.org/experimental/qiime > > If not, perhaps a standard stats/maths package could help? Or maybe the > Debian science team could help you find something useful: > > http://wiki.debian.org/Science > > -- > bye, > pabs > > http://wiki.debian.org/PaulWise -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/ca+ygn1jvsg_t+madkvz1y6wzmlvvrnxfgo98akafeqqfauk...@mail.gmail.com
unsuscribe
-Mensaje original- From: Nico Golde Sent: Tuesday, February 21, 2012 7:54 PM To: debian-security-annou...@lists.debian.org Subject: [SECURITY] [DSA 2414-1] fex security update -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2413-1 secur...@debian.org http://www.debian.org/security/Nico Golde February 21, 2012 http://www.debian.org/security/faq - - Package: fex Vulnerability : insufficient input sanitization Problem type : remote Debian-specific: no CVE ID : CVE-2012-0869 Nicola Fioravanti discovered that F*X, a web service for transferring very large files, is not properly sanitizing input parameters of the "fup" script. An attacker can use this flaw to conduct reflected cross-site scripting attacks via various script parameters. For the stable distribution (squeeze), this problem has been fixed in version 20100208+debian1-1+squeeze2. For the testing distribution (wheezy), this problem will be fixed soon. For the unstable distribution (sid), this problem has been fixed in version 20120215-1. We recommend that you upgrade your fex packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iEYEARECAAYFAk9EIJ0ACgkQHYflSXNkfP9sRwCguCPbt0Ip6mCJMnfv0HXBLmKj HvwAnjwOhMw8QqcSWQsgVJFA8KWcyg9g =mRCu -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-security-announce-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120221225421.ga2...@ngolde.de -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/bay169-ds6b13aa71e7a6afd2a2c4e83...@phx.gbl
Re: Debian: automated embedded code copy discovery
On Tue, 2012-02-21 at 19:04 +1100, Silvio Cesare wrote: > Hi. I think I'll be able to spend March working on it. I will rewrite > parts of and clean up the code and get it ready for packaging. Great! > The system uses a closed source tool called CFinder > (http://www.cfinder.org/) to perform clique detection. The license of > that software is: ... > Is this license ok? If not, it is possible that I could find other > software to replace it. However, I would have to do more investigation > to see what else is available. It is possible to not use it at all, > but it means some useful features would not be available in the final > system. That license is definitely non-free and is not yet available in Debian. I think that we would not accept using it in Debian infrastructure. What features would we miss out on if CFinder were unavailable? Have you tried asking the CFinder copyright holders to re-license it under a standard Free Software license like the GNU GPL, BSD or MIT licenses? I wonder if qiime could be a replacement: http://packages.debian.org/experimental/qiime If not, perhaps a standard stats/maths package could help? Or maybe the Debian science team could help you find something useful: http://wiki.debian.org/Science -- bye, pabs http://wiki.debian.org/PaulWise signature.asc Description: This is a digitally signed message part
Re: Tales from the DNSCrypt: Linux Rising
On lun., 2012-02-20 at 19:50 -0200, Henrique de Moraes Holschuh wrote: > [1] or anything else that properly secures DNS sessions Note that you can have integrity protection / authentication using TSIG (though key distribution is still an issue). -- Yves-Alexis signature.asc Description: This is a digitally signed message part
Re: Debian: automated embedded code copy discovery
Hi. I think I'll be able to spend March working on it. I will rewrite parts of and clean up the code and get it ready for packaging. At this point, providing nothing else comes up I think a rough timeline is March - Refine code so it runs nicely in a Debian environment for Debian as Debian wants it. April - Package for Debian. Give to Debian security team for testing. Make any requested changes. May - Finished. The system uses a closed source tool called CFinder (http://www.cfinder.org/) to perform clique detection. The license of that software is: *** Copyright (c) Department of Biological Physics, Eötvös University, Budapest. 2005-2010. For non-profit users the permission to use, copy, and modify this software and its documentation for any purpose is hereby granted without fee, provided that the above copyright notice appears in all copies and that both the copyright notice and this permission notice appear in supporting documentation. All other users are kindly requested to contact the holders of the license (see below for contact information). The holders of the license make no representations about the suitability of this software for any purpose. It is provided "as is" without express or implied warranty. *** Is this license ok? If not, it is possible that I could find other software to replace it. However, I would have to do more investigation to see what else is available. It is possible to not use it at all, but it means some useful features would not be available in the final system. -- Silvio On Sat, Feb 18, 2012 at 10:58 PM, Paul Wise wrote: > On Tue, 2011-11-29 at 19:21 +1100, Silvio Cesare wrote: > >> I am likely able to start work on it in the new year. > > How is your availability now? Are you now able to work on incorporating > automated detection of embedded code copies into Debian? > > -- > bye, > pabs > > http://wiki.debian.org/PaulWise -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CA+ygN1Lx0XiX1Japn7eiW6tB9rMxqfV3mXcjfgVVfr+G0=g...@mail.gmail.com