Re: Password-protect grub interactive commands (was: rationale of root access from boot)
On Sat, 2007-11-10 at 14:06 +0800, Nicolas Deschildre wrote: > But then, why not use this password feature by default to avoid anyone > to edit boot parameter and become root? > Because it adds a level of complexity without a significant gain. The additional complexity is that users would have to decide on two passwords during the installation procedure, and remember them both -- which is a large part of the reason we leave the root account locked and use sudo instead. For the simplest installations, GRUB could perhaps read /etc/shadow and accept any user's password -- but that would be error-prone, open to exploit, and wouldn't support the kinds of installations you talk about later in this thread: corporate environments which often use centralised authentication. The reason for no significant gain is that anybody with physical access can simply pop a Live CD into the drive and get at your disk that way. Or open the case and take the drive with them. Our favoured solution to the "data security" problem is to encrypt your filesystem; the passphrase is needed on boot (just as with GRUB) except now any amount of fiddling with boot options cannot bypass it since the data is scrambled without it. Likewise, neither a Live CD or inserting the stolen drive into another machine can get at your data either -- since it's still encrypted and still requires the passphrase to access. The alternate CD provides an option for this today; so if this is important to you, I suggest you use that. Once we're happy with the implementation, and the general feedback of it, it may eventually end up becoming an option in the graphical installer as well. Scott -- Scott James Remnant [EMAIL PROTECTED] signature.asc Description: This is a digitally signed message part -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Windows Program Support
Evan wrote: > On Nov 11, 2007 6:25 PM, Jan Claeys <[EMAIL PROTECTED]> wrote: > >> I suggest you have a look at System -> Preferences -> Removable storage >> & media (in Ubuntu)... >> > > I could be wrong, but doesn't that just automatically launch every binary on > the disk? If it does refer to the autorun I was talking about (like ubuntu > install disks use when put into a machine running windows), then it should > be reworded to better explain that. > > There is nothing wrong, from a security perspective or otherwise, with creating an autorun prompt that allows the user to optionally run an application. That's all we need to do for Windows autorun anyway. Thanks, Scott Ritchie -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Windows Program Support
On Nov 11, 2007 6:25 PM, Jan Claeys <[EMAIL PROTECTED]> wrote: > I suggest you have a look at System -> Preferences -> Removable storage > & media (in Ubuntu)... > I could be wrong, but doesn't that just automatically launch every binary on the disk? If it does refer to the autorun I was talking about (like ubuntu install disks use when put into a machine running windows), then it should be reworded to better explain that. -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Windows Program Support
On Sunday 11 November 2007 21:28, Jan Claeys wrote: > Op zondag 11-11-2007 om 18:27 uur [tijdzone -0500], schreef Scott > > Kitterman: > > On Sunday 11 November 2007 18:21, Jan Claeys wrote: > > > Op vrijdag 09-11-2007 om 02:24 uur [tijdzone +0100], schreef > > > Sebastian > > > > > > Does that need to have a clamav daemon running (IME, it isn't very > > > reliable...)? > > > > If there are problems, please report bugs. We don't have any such > > bugs open right now. > > It's just that on a couple of other distros I have seen it grow in > memory until it crashes and/or gets OOM-killed, and that's not really > useful behaviour. > > So, that remark wasn't Ubuntu-specific, but a more general observation, > and something worth investigation before it gets deployed IMHO. > clamd has been in Ubuntu since roughly forever and is one of the more widely used packages in Universe. When there are problems, we get bugs as a rule, so feel free to investigate and file bugs if you find something. Scott K -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Windows Program Support
Op zondag 11-11-2007 om 18:27 uur [tijdzone -0500], schreef Scott Kitterman: > On Sunday 11 November 2007 18:21, Jan Claeys wrote: > > Op vrijdag 09-11-2007 om 02:24 uur [tijdzone +0100], schreef > > Sebastian > > > Does that need to have a clamav daemon running (IME, it isn't very > > reliable...)? > > If there are problems, please report bugs. We don't have any such > bugs open right now. It's just that on a couple of other distros I have seen it grow in memory until it crashes and/or gets OOM-killed, and that's not really useful behaviour. So, that remark wasn't Ubuntu-specific, but a more general observation, and something worth investigation before it gets deployed IMHO. -- Jan Claeys -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Password-protect grub interactive commands (was: rationale of root access from boot)
Op zaterdag 10-11-2007 om 14:06 uur [tijdzone +0800], schreef Nicolas Deschildre: > But then, why not use this password feature by default to avoid anyone > to edit boot parameter and become root? In addition to what was mentioned already: GRUB only knows about plain us keyboards, while many/most users probably have localised keyboard layouts, causing problems to enter password correctly. Even worse, some characters that they have on their keyboard, and thus could be used in a password, are simply unavailable for entering while in GRUB... -- Jan Claeys -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: A Wine-like compatibility layer to run Mac OS X programs on Linux?
Op vrijdag 09-11-2007 om 05:32 uur [tijdzone +0100], schreef Sebastian Heinlein: > AFAIK you are not allowed to virtualize MacOS. Which is not enforceable in how many countries...? :) -- Jan Claeys -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Windows Program Support
On Sunday 11 November 2007 18:21, Jan Claeys wrote: > Op vrijdag 09-11-2007 om 02:24 uur [tijdzone +0100], schreef Sebastian > Does that need to have a clamav daemon running (IME, it isn't very > reliable...)? If there are problems, please report bugs. We don't have any such bugs open right now. Scott K -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Windows Program Support
Op vrijdag 09-11-2007 om 10:45 uur [tijdzone +0100], schreef Markus Hitter: > Please don't. Autorun is a Windows-ism, even Mac OS X with it's much > applauded GUI refuses to do such nasty things. I suggest you have a look at System -> Preferences -> Removable storage & media (in Ubuntu)... -- Jan Claeys -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Windows Program Support
Op vrijdag 09-11-2007 om 02:24 uur [tijdzone +0100], schreef Sebastian Heinlein: > Perhaps we could perform a ClamAV scan before running a Windows > application? Does that need to have a clamav daemon running (IME, it isn't very reliable...)? (Also, there is ClamFS for FUSE, would that be useful.) -- Jan Claeys -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: GIMP *final* release for Gutsy?
While I realize that there is rarely much difference between rc and final release versions, I'm surprised that Gutsy shipped with the rc version of gimp. I was under the impression that the Ubuntu policy was to ship only stable, released versions of software with each major release. Parts of the new X.Org and KDE 4 were left out of Gutsy for this exact reason. If gimp got specific an exception because the rc was stable as-is, that's fine, but as far as I can see, it would have been better to ship the older, stable version of gimp with Gutsy, not an rc, however stable. I haven't run into any bugs using the rc, which makes me think that this is the case, but the normal user would undoubtedly prefer an older, known-to-be-stable version to a new, apparently-stable-but-officially-unstable release candidate. -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: GIMP *final* release for Gutsy?
> I often report it to both Ubuntu and Upstream. Things tend to get fixed > more quickly that way. Ubuntu bugs can sit for *months* (and even over a > year) untouched. I have run into similar issues. I am being affected by a bug on my server that prevents it from seeing all my drives. The change requires recompiling the kernel with 1 line changed. It's pretty major, but the bug sat for 2-3 weeks. So rather than me constantly complaining, I set a goal for myself. Get involved with triaging bugs. Once I have that down, learn packaging and start packaging apps for Ubuntu. You should understand that the community you are dealing with is volunteer and accept that you don't dictate how the community is run or how they provide services to you. Right now you're just blowing a lot of hot air around and telling a bunch of volunteers to get stuff doneand in my opinion it's kinda like herding cats. If you want it changed pick one of the following: * Go buy support from someone (like Canonical) and have them change it * Learn to change it yourself * Post a bug report if you are having an issue and let the community deal with it as they are able -A > But if a package was buggy (notably those in Universe) in the previous > release of Ubuntu and wasn't causing problems/conflicts with any other > package, it's bumped up to the next release "as is" (with all bugs in tact). > > So much for "QA". Universe is an entirely different animal than the main repos. I don't remember the exact warning, but my system warned me when I enabled universe saying that it contained packages that hadn't gone through the rigorous QA the main packages went through. -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: GIMP *final* release for Gutsy?
> And how do you know that no one is having a problem? Oboviusly > *somebody* is or the latest release would not be 4.0.1. Bug reports. If someone is having a problem and they file a bug report, it will get dealt with. > And just becasuse Ubuntu users haven't reported the bugs that the GIMP > devs cite, doesn't mean they don't exist. So you are saying that we should react to new versions by packaging the up on the basis that there are probably users that could maybe be having bugs but haven't reported them. I'm sure by now just about every package in Gutsy has an updated version. It would take a *TON* of development time constantly updating packages. We react to problems (bug reports), we don't react to 'what ifs' (users possibly having problems but not reporting them). > And lastly, what are the Ubuntu devs *developing* in the case of > compiling existing source code from the GIMP? As far as I can tell > there is nothing different between the version of the GIMP shipped with > Ubuntu Feisty as there was with Fedora 7 (both now *old* Linux distros). Sorry--that didn't make much sense to me. Are you saying that the developers aren't really doing anything except packaging and compiling? (i.e., not actually writing GIMP, just packaging) Yeah? So? I've spent this weekend trying to package an application I wrote with no prior packaging experience. I'm still working on it. Now I'm sure seasoned packagers can repackage GIMP in 30 minutes, but it's still 30 minutes being taken away from getting the next release ready for a knee-jerk 'what if' reason. Combine that with the thousands of packages out there waiting for updates and you are talking about a lot of man-hours. -A -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: GIMP *final* release for Gutsy?
> > Upgrading simply because there is a newer version number is the wrong > > attitude. > > I agree. And if this were about 4.0 to 4.1 or 4.3 to 4.7, I would be > 100% with you. So you agree that upgrading because a change in the MINOR version number or BUILD number is the wrong attitude. > But this is not the case. Ubuntu shipped with a *pre-release* version of ...and then you go on to say that a change in the MINOR or BUILD version is grounds to upgrade. You are contradicting yourself. And you still haven't answered the question about bugs. Are you running into a bug in the release candidate that is causing you issues? If no, there is no point in taking dev time away from something else. If yes, we should have a bug report filed and a developer looking at it. > the GIMPs site you'll note that there are *numerous* bugfixes already > in the .1 release (not unusual .0 releases are notoriously buggy - in > any program). Right, so they fixed bugs. And you are asking us to repackage GIMP simply because they have fixed bugs. So what about next week when they fix more bugs? Time to repachage again? There are always going to be bugs. It's simply a matter of people running into the bugs or not. So once again--are you having a specific issue? > But even if it were 100 bug-free. We're not talking about just a simple > version number change here Yes, we are. x.y-RC to x.y That's a simple change. x.y-RC to x.y+1 is a simple change too. It boils down to this: If users aren't running into bugs, why repackage? -A -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: GIMP *final* release for Gutsy?
> Has anybody considered simply removing the words "Release Candidate" > from the splash screen? So far, the countless emails on this topic seem to point out the shock > and confusion that a new user will experience when seeing "Release > Candidate". The emails seem to try and extend this reasoning to make > points about the exception process, the getdeb project and the > philosophy of "Ubuntu" as a whole. > > Whatever my view on the rest of the issues (the debate on which seems > to generate a lot of noise while progressing very little), I can see > that it isn't very professional to have something labelled "Release > Candidate" in the default install when the final version is available. > Is there any reason that we cannot just wipe off those words? I > appreciate that the included version is not the final version, but > with the patches that Ubuntu includes, it isn't really the release > candidate either. Worst case scenario, we could have the splash screen > without the RC, but with an "Ubuntu version" comment. > > Regards, > > Aaron > > -- > FSF Associate Member: 5632 > > -- > Ubuntu-devel-discuss mailing list > Ubuntu-devel-discuss@lists.ubuntu.com > Modify settings or unsubscribe at: > https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss > If you just change the splash screen and you are not providing a fix which is listed on the widely announced final release and which is experienced by an user, someone is cheating, either there will be a complain to the GIMP devs for providing improper information on the version changes, or to the Ubuntu devs for deliberately faking an "almost" final release for the single user trust purpose, I do not believe that is upstream's friendly. -- João Pinto IRC: Lamego @ irc.freenode.net Jabber ID: [EMAIL PROTECTED] GetDeb Project Manager - http://www.getdeb.net -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: GIMP *final* release for Gutsy?
Dean Sas: > Greg K Nicholson wrote: >> So we're actually getting 2.4.1 (or something very much like it), but >> labelled “2.4.0rc3”? > > Precisely. Often Ubuntu packages might include patches from upstream > that haven't yet been made part of a release. See Emmet's review for the > exact details in this case. When the patches are applied, then, it would make sense for the version number to be bumped to match the upstream release that the Ubuntu version most closely resembles. This would make it clearer to end users what we're actually getting, and prevent some confusion. I believe this is what already happens with Firefox. New confusion arising from Ubuntu's version “2.4.1” being slightly different in some areas from upstream's “2.4.1” should be minimal: Ubuntu's version string includes the suffix “ubuntu”. That can act as a caveat for people who care. (So it's “GIMP 2.4.1-but-Ubuntu's-version” rather than “the actual proper GIMP 2.4.1 for real”. If a bug is supposed to be “fixed in 2.4.1” we'd still have the excuse that it's not “fixed in 2.4.1-ubuntu”.) -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Azureus was - Re: GIMP *final* release for Gutsy?
On Sat, 10 Nov 2007 23:32:03 -0500 Scott Kitterman <[EMAIL PROTECTED]> wrote: > On Saturday 10 November 2007 21:49, Peter wrote: > > > I understand the point of view of not fixing bugs at the end life of > > a cycle, but certain software updates aren't in Ubuntu yet while new > > version have been out for a while now. Azureus for example is still > > 2.5.0.0 in the official repo while 3.0.2.2 has been out before the > > package freeze for Gutsy. > > Azureus is a special case. The packaging was sufficiently convoluted > that no developer was willing to touch it. I substantially more sane > package has been uploaded to Hardy and work is ongoing to backport it > (need to backport iced tea first). > > Scott K > I checked the source of Azureus and the patches applied made me back away from trying to update it but now you are saying because of the patches applied by the Ubuntu developers even they couldn't update it anymore? So what's in place to have this not happen anymore? Because it can happen to any package. -- Peter van der Does GPG key: E77E8E98 IRC: Ganseki on irc.freenode.net Blog: http://blog.avirtualhome.com Jabber ID: [EMAIL PROTECTED] GetDeb Package Builder http://www.getdeb.net - Software you want for Ubuntu signature.asc Description: PGP signature -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Password-protect grub interactive commands (was: rationale of root access from boot)
Nicolas Deschildre wrote the following on 11.11.2007 07:22 > On 11/10/07, Thilo Six <[EMAIL PROTECTED]> wrote: >> Nicolas Deschildre wrote the following on 10.11.2007 07:06 >> >> <<-snip->> >> >>> Thanks for the pointer. >>> But then, why not use this password feature by default to avoid anyone >>> to edit boot parameter and become root? >> because it´s as easy as to plugin a LiveCD and overcome that. announce Ubuntu 8.04 == Hardware Requiments: * 256MB RAM * 2gig Harddisc space * a password protected BIOS * Manuel setup in boot sequenz, where CD comes last <<-snip->> Well i am interessed how this would work out - could be a nice social experiment, don´t you think? Since Chris Warburton made it allready very clear i do not spend more time on this. EOT Thanks -- Thilo key: 0x4A411E09 -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
