Re: tomb (2.7+dfsg2-1) ready for review and upload

2019-11-06 Thread Eriberto 
Em qua., 6 de nov. de 2019 às 19:17, Eriberto
 escreveu:
> Sorry. It was a mistake mine.

Please, join the lines.

Re: tomb (2.7+dfsg2-1) ready for review and upload

2019-11-06 Thread Eriberto 
Em qua., 6 de nov. de 2019 às 19:15, Sven Geuer
 escreveu:

> Hi Eriberto,
>
> I just followed the example you gave before for the GPL-2+ group:
>
> > > Files: extras/test/aggregate-results
> > >extras/test/Makefile
> > >extras/test/sharness extras/test/Makefile
> > > Copyright: 2005-2012 Git project 
> > >2005-2012 Junio C Hamano 
> > >2008-2012 Git project 
> > >2011-2012 Mathias Lafeldt 
> > > License: GPL-2+
>
> Git project is mentioned twice.
>
> Is my assumption correct that '2008-2012 Git project <
> https://git-scm.com>' should be dropped then?


Sorry. It was a mistake mine.

Re: tomb (2.7+dfsg2-1) ready for review and upload

2019-11-06 Thread Sven Geuer 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Am Mittwoch, den 06.11.2019, 18:02 -0300 schrieb Eriberto:
> Em qua., 6 de nov. de 2019 às 17:33, Sven Geuer
>  escreveu:
> > Hi Eriberto,
> > 
> > I think I've covered all your requests. Please review what I pushed
> > to
> > salsa just minutes ago [1].
> 
> A very good work again. A detail only: Denis Roio is duplicate in
> first block. The right way is use 2007-2019.
> 

Hi Eriberto,

I just followed the example you gave before for the GPL-2+ group:
 
> > Files: extras/test/aggregate-results
> >extras/test/Makefile
> >extras/test/sharness extras/test/Makefile
> > Copyright: 2005-2012 Git project 
> >2005-2012 Junio C Hamano 
> >2008-2012 Git project 
> >2011-2012 Mathias Lafeldt 
> > License: GPL-2+

Git project is mentioned twice.

Is my assumption correct that '2008-2012 Git project <
https://git-scm.com>' should be dropped then?

Cheers,
Sven



-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEPfXoqkP8n9/QhvGVrfUO2vit1YUFAl3DRgYACgkQrfUO2vit
1YUqqg//bvo3588uMs2eiwljg9PFhoL8KLvzfavA6f4l25hSbvU5xOWIG6XQjLfn
HqoHT/fmjzqoDB4qy2m9cX9f1GXBNuwQm0oJ8OFzdKvIN9AU8N08CfV+XWeVHqxu
4ojaA6dKs0XEctCsR6Wpm4iZian40NgtA3KXFt1jTvp8Zyyx6bxkEmQm9I/sFTTT
x7KPGrGn6/sN6Iqoe0+VnNTZl9VF3ybBcCR7K1VywAgrIu1boL5eze5QQWEkXHBU
6oVocyk03CrDGf+GsJwWpjeOax1uPdPau/HR9y7D0z0v7Ets39aRqDLzV7ewsqY1
pL9/o8fhpV1VJB3SdoX2PYAYOmcotKmc0CRvasG1eylB++0lAPMHMith5b/iycU6
f3nxCF8M0LJrqgcBjytRLcyg7RbRPCTw0bNPdiKsi//N9Mmr8sUdjJ8otCQXmb2r
E5hDziGdoZQvuGrSxpCNYserQgBhdUXwuvh+VdikkCXZeHRvfs5MonAL80GnstRU
QdO9iWjOy79FpuZ7sBg7UYmhyeUnGDo+xhkGtkkr4ehQcElVVCNRkcmyJTcCJ/gd
yuD689oYVTA5bb2F9VPK/x9hssk5eAan+fooSjPrGcrgrMx/yiapeu5Br02Xndv7
rnOR10V6Ys6ldjuGwtaaHxXmCtcGe7jQHdWFh/9ErpiJuwGJmKA=
=7lSP
-END PGP SIGNATURE-

Re: tomb (2.7+dfsg2-1) ready for review and upload

2019-11-06 Thread Eriberto 
Em qua., 6 de nov. de 2019 às 17:33, Sven Geuer
 escreveu:
>
> Hi Eriberto,
>
> I think I've covered all your requests. Please review what I pushed to
> salsa just minutes ago [1].

A very good work again. A detail only: Denis Roio is duplicate in
first block. The right way is use 2007-2019.

Re: tomb (2.7+dfsg2-1) ready for review and upload

2019-11-06 Thread Sven Geuer 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Hi Eriberto,

I think I've covered all your requests. Please review what I pushed to
salsa just minutes ago [1].

Cheers,
Sven

[1] https://salsa.debian.org/pkg-security-team/tomb

Am Mittwoch, den 06.11.2019, 15:40 -0300 schrieb Eriberto:
> Em ter., 5 de nov. de 2019 às 20:22, Sven Geuer
>  escreveu:
> > Hi Eriberto,
> > Hello Team,
> > 
> > I believe I've sorted out all the copyright issues. As a result
> > Tomb
> > 2.7+dfsg1-1 became 2.7+dfsg2-1, I had to drop another doc file from
> > the
> > original upstream tarball.
> 
> Hi Sven,
> 
> Thanks a lot for your nice work. I have a last request before upload.
> 
> 1. Please, group all files and authors by licensing. If possible, put
> the files one per line and in sorted order. It is nice to make the
> conference easier. See my example for GPL-2+:
> 
> Files: extras/test/aggregate-results
>extras/test/Makefile
>extras/test/sharness extras/test/Makefile
> Copyright: 2005-2012 Git project 
>2005-2012 Junio C Hamano 
>2008-2012 Git project 
>2011-2012 Mathias Lafeldt 
> License: GPL-2+
> 
> For GPL-3+ you will need 'Files: *' only, not a list of files.
> Considering that GPL-3+ block will have several names, please, add a
> Upstream-Contact field in header to indicate that 'Dyne.org
> Foundation
> ' is the main upstream.
> 
> You can see the package volatility if you have doubts (but feel free
> to ask me).
> 
> 2. debian/*: I can't see Raphael Hertzog name in debian/changelog
> working in 2019. If I am right, please, remove the 2019 year and put
> Raphael's name before SZ Lin. If I am wrong, please, put Raphael's
> name before SZ Lin.
> 
> Cheers,
> 
> Eriberto
> 
-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEPfXoqkP8n9/QhvGVrfUO2vit1YUFAl3DLfkACgkQrfUO2vit
1YV9IA//avLzC7WRp+/bRGKMT42OCR3QG7APwpPdsfjDvAdjuK4o9P183o+ncEKR
4lVJgXA12N8EbSLLw02ErCIfus/JocJ67S09XeIdItworlL8A+A0R6qrb3I9YA+i
CYVc9b1g5UaRcNEGQ/jrcuMIfKZnN5qNRWGShUWyAInp+gkj70pQHCgcyTdkKn5Z
5uZZIW+Dfj+ekMCCMAN0dISdYBbpCXSzRwx/PItIH16pMGzSa6QnuKVXndZhfvUW
pISvEklwRqILKj0yHlI6YVYgt+ZQBeRFVyudtzcE7E2M8QZkXIDL56zOFoDDnHox
g3u+znMGerQNT/kAwF7oB6L6Y/y3pAZ3/TpZoNxCSBxVA8+7/gTNqCaTXzGMjnJS
BQzWc+Ves81GkSwvOFU/pQXxTXpxLnIVsxov6byMGwMG2HcC5ArRqghLHT/xv8wV
yDpHBBvwVfllYpxRCznzwcKcc5OeQlBUT/x34JXiX7ics8Nb7T4rHzL7xxxUGcIQ
t3tCr4IOI1nSRNKeX5fGFSaWTlvjXk8DaQuQrO4fdc9Zh4vn52pjjqsT7RzYps3g
J355zlsBEE7EGtR5RV8mtT5EUM5x7UTpNHLFniBndxBEm7K3lNZc8vF1NDPgGucn
n8L7yroSRYlnNmdZqJz4Jl0pMLYhFCnInnPP+IDv6ErzVDI2/Wg=
=4cbd
-END PGP SIGNATURE-

Re: tomb (2.7+dfsg2-1) ready for review and upload

2019-11-06 Thread Eriberto 
Em ter., 5 de nov. de 2019 às 20:22, Sven Geuer
 escreveu:
> Hi Eriberto,
> Hello Team,
>
> I believe I've sorted out all the copyright issues. As a result Tomb
> 2.7+dfsg1-1 became 2.7+dfsg2-1, I had to drop another doc file from the
> original upstream tarball.

Hi Sven,

Thanks a lot for your nice work. I have a last request before upload.

1. Please, group all files and authors by licensing. If possible, put
the files one per line and in sorted order. It is nice to make the
conference easier. See my example for GPL-2+:

Files: extras/test/aggregate-results
   extras/test/Makefile
   extras/test/sharness extras/test/Makefile
Copyright: 2005-2012 Git project 
   2005-2012 Junio C Hamano 
   2008-2012 Git project 
   2011-2012 Mathias Lafeldt 
License: GPL-2+

For GPL-3+ you will need 'Files: *' only, not a list of files.
Considering that GPL-3+ block will have several names, please, add a
Upstream-Contact field in header to indicate that 'Dyne.org Foundation
' is the main upstream.

You can see the package volatility if you have doubts (but feel free to ask me).

2. debian/*: I can't see Raphael Hertzog name in debian/changelog
working in 2019. If I am right, please, remove the 2019 year and put
Raphael's name before SZ Lin. If I am wrong, please, put Raphael's
name before SZ Lin.

Cheers,

Eriberto

Re: [request-for-help] o-saft maintenance and openssl

2019-11-06 Thread Achim 
Hi Robert, 
thanks for the information. I will try that on my kali and check if it works
and also Net::SSLeay can be compiled against it it.

Next challenge (for me) is to use it together with an TLSv3-enabled openssl ...

Ciao
Achim

Am 06.11.19 um 10:49 schrieb Raphael Hertzog:
> Hi,
> 
> On Sun, 13 Oct 2019, Samuel Henrique wrote:
>> You see, o-saft needs an old version of openssl to be able to check for
>> old ssl things (ciphers etc.).
>>
>> I know there has been some talk about getting an "openssl-insecure"
>> package for the testssl.sh[0] package for the same reason. I think we
>> should rather talk with upstream and propose some bundling of this
>> required version of openssl into o-saft.
> 
> FWIW, another upstream with similar needs created "unsafeopenssl"
> and we packaged it in Kali:
> http://pkg.kali.org/pkg/unsafeopenssl
> 
> It's basically openssl 1.0 with the build system tweaked to create
> the library under another name. Beware that those changes are currently
> made in debian/rules (in the kali/master branch) and are not part of the
> master branch which just has plain openssl:
> https://github.com/gremwell/unsafeopenssl-pkg-deb
> 
> Cheers,
>

Re: [request-for-help] o-saft maintenance and openssl

2019-11-06 Thread Raphael Hertzog 
Hi,

On Sun, 13 Oct 2019, Samuel Henrique wrote:
> You see, o-saft needs an old version of openssl to be able to check for
> old ssl things (ciphers etc.).
> 
> I know there has been some talk about getting an "openssl-insecure"
> package for the testssl.sh[0] package for the same reason. I think we
> should rather talk with upstream and propose some bundling of this
> required version of openssl into o-saft.

FWIW, another upstream with similar needs created "unsafeopenssl"
and we packaged it in Kali:
http://pkg.kali.org/pkg/unsafeopenssl

It's basically openssl 1.0 with the build system tweaked to create
the library under another name. Beware that those changes are currently
made in debian/rules (in the kali/master branch) and are not part of the
master branch which just has plain openssl:
https://github.com/gremwell/unsafeopenssl-pkg-deb

Cheers,
-- 
Raphaël Hertzog ◈ Debian Developer

Support Debian LTS: https://www.freexian.com/services/debian-lts.html
Learn to master Debian: https://debian-handbook.info/get/