unsubscribe
-- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
unsubscribe
Florian Weimer a écrit : * Michael Koch: This is a big field which needs even bigger investigation. The free runtimes can load them but signed jars are still not supported (or was this fixed lately...). Your best action would be to just test it with kaffe or gcj or whatever and report any bugs you find. In the meantime, it occurred to me that the certified key (including the private key) would have to be included in the source package, otherwise the package would fail to build from source. While I see nothing in Sun's form that requires us to keep the private key secret, publishing it still not be such a good idea. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
unsubscribe
Michael Koch a écrit : On Tue, Oct 04, 2005 at 04:01:03PM -0400, Charles Fry wrote: In order to be trusted, the security provider must be signed with a key that was certified by the JCE Code Signing Certification Authority (see Step 5 of the document above). So why can't we ship trusted root certificates for a Debian Code Signing Certification Authority, or trust everything which is present in the file system? Your first proposition sounds reasonable at first glance, though I would like some feedback from others who are more familiar with the free JVMs that ship with Java. I have the strong suspicion that this certificate just asserts that you have signed the CSR form and promised to comply with U.S. export regulations, and nothing else. Maybe this was the result of a deal between BXA/BIS and Sun which permitted Sun to export their implementation. We don't need to follow such a procedure because Debian has different means to comply with the regulations, and we do not distribute Sun's implementation, AFAIK. Though we don't distribute Sun's implementation, java-package provides a straightforward way to insall Sun's installation on a Debian machine. Further, due to what appears to be a Classpath bug, no free JVM that we do ship is able to pass all of the BouncyCastle regression tests (which is why BouncyCastle is currently in contrib). Does anyone from debian-java know how the free JVMs deal with security providers? This is a big field which needs even bigger investigation. The free runtimes can load them but signed jars are still not supported (or was this fixed lately...). Your best action would be to just test it with kaffe or gcj or whatever and report any bugs you find. Cheers, Michael -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
unsubscribe
-- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
unsubscribe
Craig Schneider a écrit : Hi Guys Is there software available that can log the contents of IP_CONTRACK in proc to a webpage similar to IPCOP with port numbers, source and destination IP addresses? Thanks Craig -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
!!!! UNSUSCRIBE !!!!
Vincent Caron a écrit : On Fri, 2005-09-30 at 08:49 +0200, Martin Schulze wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 829-1 [EMAIL PROTECTED] http://www.debian.org/security/ Martin Schulze September 30, 2005 http://www.debian.org/security/faq - -- Package: mysql Vulnerability : buffer overflow Problem type : remote Debian-specific: no CVE ID : CAN-2005-2558 BugTraq ID : 14509 A stack-based buffer overflow in the init_syms function of MySQL, a popular database, has been discovered that allows remote authenticated users who can create user-defined functions to execute arbitrary code via a long function_name field. The ability to create user-defined functions is not typically granted to untrusted users. The following vulnerability matrix shows which version of MySQL in which distribution has this problem fixed: woody sarge sid mysql 3.23.49-8.14 n/a n/a mysql-dfsgn/a 4.0.24-10sarge14.0.24-10sarge1 mysql-dfsg-4.1n/a 4.1.11a-4sarge24.1.14-2 mysql-dfsg-5.0n/an/a5.0.11beta-3 That's not one of our package, I've checked. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]