Re: Four people decided the fate of debian with systemd. Bad faith likely
On 02/03/2014, Jack j...@jackpot.uk.net wrote: First off, I'm not a Debian Developer. The way Debian is constituted, it's ultimately up to DDs to decide what direction Debian takes (so I understand). So my remarks below should be read in the light of the fact I'm not a DD, just a user - I don't speak ith any authority. Systemd scares me. [...] Anyway, those are some of *my* reasons for viewing the CTTE's decision with apprehension. I hope you think they're based in fact, and not nostalgia or emotion. I share your concerns, and since I'm also not a DD, I share your powerlessness. Matthew Vernon has proposed a vote to preserve freedom of choice of init systems in Debian: https://lists.debian.org/debian-vote/2014/03/msg0.html If any DDs are reading this, and are willing, please second Matthew Vernon's proposal as an expression of solidarity with Debian users' concerns; and please vote for it once it is open to voting. Regards, Sam -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CAD-JurJn=7QLpCJ6VE4xgpWjr_oJYK-RvJjC0S1ci1SCvSgB=q...@mail.gmail.com
Re: How secure is an installation with with no non-free packages?
On 13/09/2013, Jonathan Perry-Houts jperryho...@gmail.com wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 My understanding of the microcode binary blobs is that they provide updates to your processor / BIOS that usually have no free alternative. So basically, your BIOS is probably already non-free and you might as well have the latest version... so yes, installing the firmware-linux-nonfree package is probably wise. This page has a little more information on what microcode is and why these binary blobs are unfortunately often necessary: https://wiki.archlinux.org/index.php/Microcode Someone with more specific knowledge should feel free to chime in here as I am not an expert on this subject. I am also not an expert (not by a long shot!) but believe this page may be of interest to people reading this discussion thread: http://www.fsf.org/campaigns/free-bios.html Regards, Sam -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CAD-JurLk=ivauo-9pn6afvdx3crtal0nlusprlw5m7uau4z...@mail.gmail.com
Re: crappy mouse patch from security perspective
Hi Shirish, 2011/1/9 shirish शिरीष shirisha...@gmail.com But as I'm not a programmer hence would like the debian community to take a look at that , see if there are any inadverant goof-ups or anything before I take the plunge of applying the patch. I'm not sure the community will look too sympathetically on this request. Unless Jim Hill is the upstream committer, someone else will audit at any upstream patch eventually, but if you want help faster than that, I can think of two options that might be more fruitful for you: 1. Ask instead for help understanding the code in the patch. It's the give a man a fish and you feed him for a day; teach him to fish and you feed him for life principle: people are much more likely to volunteer to help you learn to perform patch audits than they are to volunteer to carry out patch audits for you. They might not hold your hand all the way, but I expect they'd at least try to help you get started. If you want real-time assistance with this sort of thing, IRC might be a good option. 2. Pay a programmer to audit the patch for you: e.g. either someone you know or someone from a company you trust. Good luck with your quest! - spk
Re: crappy mouse patch from security perspective
2011/1/9 shirish शिरीष shirisha...@gmail.com hmm. true true. While I do understand I don't think I'm capable enough for the 'understanding the code' part of thing. If you're capable of navigating the mailing lists and the Debian repositories, I don't see why you shouldn't be able to learn how to read the code for a mouse driver. Not that I've read the code for a mouse driver myself (I prefer coding for the Web), but still - if other people can do it, why not you? This is on top of my head but are there any tools which one could run on any code and atleast know of the obvious or maybe not so obvious issues. On a patch alone? Doubt it. Maybe an antivirus program would work? Running an antivirus on the relevant program once the patch has been inserted into the code might be worthwhile, though, if you're worried. Maybe Clam or some other package like that. I'm afraid that's all I can contribute to this thread, as I'm short of time, but I repeat my wish for good luck in your quest! - spk
Re: Backport for OpenSSH CBC Mode Information Disclosure Vulnerability
2009/6/30 Nico Golde debian-security...@ngolde.dedebian-security%2...@ngolde.de Hi, * Niko Thome niko.th...@1und1.de [2009-06-30 11:47]: I stumbled upon a vulnerability in OpenSSH reported back in November 2008. http://www.securityfocus.com/bid/32319 I was a bit concerned about that flaw, and tried to find out if it is fixed due a backport of some openSSH 5.2 upstream code. But I didn't find neither a bug nor a DSA for that flaw. Can you tell me how this bug is handled by Debian? http://security-tracker.debian.net/tracker/CVE-2008-5161 Ouch! I agree with the note.
Re: Linux infected ?
2009/1/29 Rodrigo Hashimoto rodh...@gmail.com In the first attempt the iceweasel didn't respond, then I tried again and I realized the iceweasel was trying to use the wine. I never let weasels drink alcohol ;-) Seriously, though, I hope you get to the bottom of this. I've long wondered about cross-platform security risks like this, though I'm afraid I'm not knowledgeable enough about them to help out in your case. -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org