retitle 408645 harden-doc: mentions packages not available anymore
thanks
On Sat, Jan 27, 2007 at 04:05:12PM +0100, Dr. Markus Waldeck wrote:
> Hello Javier,
>
> did you really understand Debian Bug report #385420?
Yes, I did. I did a full review of the reference to Debian releases.
> > kernel-
Package: debian-installer
Version: 20061102
Priority: wishlist
[ This is a feature request based on a test install I did quite some time ago
on Openwall Linux. ]
The installation system developed for Open Wall Linux [1] (and open source)
makes use of pam_passwdqc to force the users to setup st
Package: debian-installer
Version: 20061102
Priority: wishlist
[ This is a feature request based on a test install I did quite some time ago
with different Linux distributions ]
RedHat, Fedora [1], and SuSE's installation systems provide currently a way
to, through the installation, select if t
On Tue, Jan 30, 2007 at 02:35:22PM +0100, Dr. Markus Waldeck wrote:
> > > > kernel-patch-int. This patch also adds cryptographic capabilities to
> > (...)
> >
> > That has nothing to do with obsolete releases, it has do with obsolete
> > packages.
>
> Ridiculous!
Is that how you communicate with
tag 409702 moreinfo
thanks
On Sun, Feb 04, 2007 at 09:35:18PM +0100, Adolf Winterer wrote:
> Immediately after invoking the program cheops-agent it segfaults:
> init_osscan(): Initalizing
> Speicherzugriffsfehler
Strange, I cannot reproduce this. This might be something architecture
specific
On Mon, Nov 06, 2006 at 11:42:25PM +0100, Francesco Poli wrote:
> More in detail, web servers must obviously be able to read web content
> (so that they can serve it); hence it seems that web content should at
> least be readable by www-data *group*. Is that right?
> Would it be wise if web conten
On Sat, Nov 11, 2006 at 12:17:13AM +0100, Francesco Poli wrote:
> Firstoff, is having such processes listening on raw sockets dangerous?
No, it's not.
> Of course, Trojans are no good and should be removed, but what about
> IDSes? Is there any danger in having IDSes listening to such raw
> sock
On Thu, Nov 23, 2006 at 11:49:17PM +0100, Francesco Poli wrote:
> Well, I think that this sentence is not really clear: ok, it's
> November 19th, but which year?!?
I think it's 2005.
> Is declaring the date of the last update against the Debian Security
> FAQ really important?
Yes, since the con
Package: exim4-config
Version: 4.63-10
Priority: wishlist
Exim4-config generates /etc/mailname automatically on postinst, based on the
information provided by the user. It fails, however, to remove this
configuration file if the package is purged from the system.
I have recently had to debug a m
Package: exim4-config
Version: 4.63-10
Priority: wishlist
Exim4-config fails to detect if a user introduced non-ASCII characters
in the debconf prompt that might lead to an impromer /etc/mailname being
automatically generated on postinst.
I have recently had to debug a misconfiguration issue whi
On Sat, Nov 25, 2006 at 09:47:21AM +0100, Andreas Metzler wrote:
> On 2006-11-25 Javier Fernández-Sanguino Peña <[EMAIL PROTECTED]> wrote:
> > Package: exim4-config
> > Version: 4.63-10
> > Priority: wishlist
>
> > Exim4-config generates /etc/mailname aut
On Mon, Nov 20, 2006 at 02:00:56PM -0700, dann frazier wrote:
> xvidcap no longer appears in NEW:
> http://qa.debian.org/~anibal/debian-NEW-summary.html
>
> Was it rejected?
Yes, I have to fix some issues and reupload it. But I have not had time to do
so yet.
Regards
Javier
signature.asc
De
On Fri, Nov 24, 2006 at 06:14:31PM +0100, Michelle Konzack wrote:
> Hello Maintainer,
>
> I second this, since if you use ssmtp on the computer cron
> can not pull messages out of the system.
But this should be a separate bug from the one you are using. One thing is
asking cron to source /etc/def
On Sat, Nov 25, 2006 at 11:46:49AM +0100, Andreas Metzler wrote:
> > From my reading of policy 11.6 what I'm suggesting is perfectly compatible
> > (if implemented properly, which might be tricky) with having a shared
> > configuration file across mail-transport-agents in Debian.
>
> The point is
On Sat, Nov 25, 2006 at 11:42:17AM +0100, Marc Haber wrote:
> Agreed. We're going to introduce basic input sanitazion post-etch.
> Sorry, but this is simply too late for etch now.
Maybe it's late (or dangerous) to do so in the config scripts but, ¿how about
chaning exim4's (server) init.d script s
Hi everyone,
I was reviewing the status of #238245 ("Debian web site is licensed under the
OPL which is not considered DFSG-free") and see that there have been no
actions since October last year and no discussion at debian-www.
In summary: The web pages license content should be changed from th
On Thu, Apr 20, 2006 at 01:03:19AM +0200, Francesco Poli wrote:
> I agree that the GNU GPL v2 would be a perfectly reasonable choice for
> the Debian website.
> Several other GPLv2-compatible licenses are good choices too, however.
I'd rather use a simpler license for text content it is more under
On Thu, Apr 20, 2006 at 12:56:57AM +0200, Francesco Poli wrote:
> >
> >I suggest using a BSD-style license. The attached license is such a
> >license. It is based on the FreeBSD documentation license [3] and
> >explicitely mentions translations. In our case (the website) the
> >'
On Sat, Apr 22, 2006 at 01:22:53AM +0200, Javier Fernández-Sanguino Peña wrote:
> On Thu, Apr 20, 2006 at 03:48:09PM -0700, Don Armstrong wrote:
> > Should we decide to change the license, we should either use the MIT
> > license if we don't want it to be copyleft, or
On Thu, Apr 20, 2006 at 03:48:09PM -0700, Don Armstrong wrote:
> Should we decide to change the license, we should either use the MIT
> license if we don't want it to be copyleft, or the GPL if we do. A
> custom license is not something that we want to write, and especially
> not without serious th
On Sat, Apr 22, 2006 at 04:47:53PM +0200, Florian Weimer wrote:
> * Javier Fernández-Sanguino Peña:
>
> > Copyright 1997-2006 Software in the Public Interest, Inc. All rights
> > reserved.
>
> Is this correct? Have all contributors assigned copyright to SPI?
Contri
On Sat, Apr 22, 2006 at 06:40:11AM -0700, Don Armstrong wrote:
> > The only change I made to it was substituting "FreeBSD Documentation
> > Project" for "Debian Project".
>
> You've sent two totally different licenses to the list so far; I was
> refering specifically to the license which was attac
On Wed, Apr 19, 2006 at 11:00:27AM -0400, Filipus Klutiero wrote:
> IMHO, it would be better to wait until wiki.d.o is DFSG-free, as I
> expect readers would expect that from Debian's wiki.
> That could take some time.
IMHO (and since even the website's license is *not* DFSG-free, see #238245)
Af
Package: debian-installer
Version: 20060304
Tags: wishlist
Currently, the debian-installer warns the user to use a "secure" password (6
chars long, with different case letters and punctuation characters) but does
not make an attempt to determine if the user is indeed using one.
Since there are m
On Sun, Apr 23, 2006 at 11:57:00AM +0200, Francesco Poli wrote:
> I think that a page very similar to
> http://spohr.debian.org/~joeyh/testing-security.html
> would help making the public aware of how things are going on for Debian
> stable, from a security point of view.
The problem is, there is
Package: ftp.debian.org
Version: N/A; reported 2006-04-25
Severity: wishlist
Ftp masters, please remove rsbac-admin from the archive. It's RC
buggy, and largely unmaintained and I don't have any interest in working any
more on it.
Thanks
Javier
signature.asc
Description: Digital signature
Package: ftp.debian.org
Version: N/A; reported 2006-04-25
Severity: wishlist
Ftp masters, please remove kernel-patch-adamantix from the archive. It's RC
buggy, and largely unmaintained and I don't have any interest in working any
more on it.
Thanks
Javier
signature.asc
Description: Digital si
On Mon, Apr 24, 2006 at 09:54:11PM -0700, Don Armstrong wrote:
>
> Here we basically have two choices.
Who's *we*? Have you talked to the security team or is this just wishful
thinking?
> 1. Certain people sign NDAs/agreements to get the early disclosure
> information; in return they cannot disc
On Sun, Apr 23, 2006 at 07:25:42AM +0200, Javier Fernández-Sanguino Peña wrote:
> On Wed, Apr 19, 2006 at 11:00:27AM -0400, Filipus Klutiero wrote:
> > IMHO, it would be better to wait until wiki.d.o is DFSG-free, as I
> > expect readers would expect that from Debian's wiki.
On Tue, May 02, 2006 at 03:28:55AM +0200, Birger Brunswiek wrote:
> Package: tiger
> Version: 1:3.2.1-24
>
> /usr/lib/tiger/scripts/check_system reports users that don't have password
> aging
> enabled even if they don't have a password. The checks for password aging are
> performed by /usr/lib/t
On Wed, May 03, 2006 at 05:37:47PM +0200, Martin Pitt wrote:
>
> Recently, an advisory about a remote nessus DoS has been published.
Yes, I was aware of this bug and followed the discussion (both at bugtraq and
in the Nessus mailing list)
> See [1] for details. This is supposedly fixed upstream
severity 366919 wishlist
thanks
On Fri, May 12, 2006 at 03:02:06PM +1000, Cameron Stone wrote:
> Tiger relies (by default) on using the directory /var/run/tiger/work for it's
> temporary files. This directory is create by the
> package install scripts. However, if you're using the varrun filesys
On Wed, Apr 26, 2006 at 06:33:12PM +0200, Ludovic Rousseau wrote:
> Note that I am ready to NMU your package if you do not respond within one
> week since the bug is RC.
Please go ahead.
> Your prerm script can be removed now since the file
> /etc/reader.conf.d/libetoken will not be created now
On Fri, Apr 28, 2006 at 08:12:43PM -0400, Aaron M. Ucko wrote:
> The attached patch addresses both issues; could you please apply it,
> or at least authorize an NMU?
Sure, go ahead and NMU. I've not been able to do so these weeks and might not
be able to through Debconf6.
Thanks for your help
Ja
On Tue, Mar 28, 2006 at 08:02:18AM +0200, Christian Perrier wrote:
>
> >Thanks for taking care of warning translators before uploading a new
> >version with string changes. It's highly appreciated.
>
> ...which is not true, you didn't..:-). But I didn't want to send you
> my standard BR template
On Tue, Mar 28, 2006 at 07:20:24PM -0500, Justin Pryzby wrote:
> Your cheops NMU ftbfs.
What's this? Where's the patch?
Javier
signature.asc
Description: Digital signature
On Sat, Apr 01, 2006 at 09:00:45AM -0500, Jay Berkenbilt wrote:
> At this point, diff1 is still under development and depends upon the
> utm (Universal Truth Machine) and dwim (Do What I Mean) libraries.
> The eventual goal is that diff1 should be "self-hosting" -- the final,
> bug-free version of
Package: installation-reports
Boot method: RARP/TFTP
Image version:
http://http.us.debian.org/debian/dists/sarge/main/installer-sparc/current/images/sparc64/netboot/2.6/
07-Mar-2005 01:32 5.3M boot.img
Date: 2nd April 2006
Machine: Sun Netra X1
Processor:
# cat /proc/cpuinfo
cpu
On Tue, Apr 04, 2006 at 01:13:12PM +0200, Frans Pop wrote:
>
> Thanks for your extensive, well researched and well written report
The merit is not mine, I translated (and edited) the report from a co-worker
:-)
> That said, this won't be fixed for Sarge anymore and the installer for
> Etch no l
On Wed, Nov 02, 2005 at 05:07:34PM +0100, Andreas Barth wrote:
> Hi,
>
> * Javier Fernández-Sanguino Peña ([EMAIL PROTECTED]) [051102 17:04]:
> > Attached is a patch that provides a list of best practices for security
> > review and designed. If there is no intention to add
On Fri, Apr 07, 2006 at 03:01:28PM +0200, Wolfgang Lonien wrote:
> * Package name: zenoss
> Version : x.y.z
Version?
> Description : Zenoss is a powerful, integrated, easy-to-use IT
> infrastructure monitoring software product.
That's too long for a short a description
> Z
On Wed, Apr 05, 2006 at 09:58:56PM -0400, Justin Pryzby wrote:
> For the record, I like the intent of this patch, but I think it is a
> little too long for inclusion in the Developers reference. Perhaps a
> reference to the "Securing Debian" section where it will be included
> will be sufficient?
On Tue, Apr 11, 2006 at 10:28:56AM -0400, Justin Pryzby wrote:
> On Tue, Apr 11, 2006 at 01:30:23PM +0200, Javier wrote:
> > On Wed, Apr 05, 2006 at 09:58:56PM -0400, Justin Pryzby wrote:
>
> > > +Does not run if either the user or the group do not exist:
> > > +
> > > + if getent passwd | grep -
Lichtmaier <[EMAIL PROTECTED]>, 1999.
# Tinguaro Barreno Delgado <[EMAIL PROTECTED]>, 1999.
# Tomás Bautista <[EMAIL PROTECTED]>, 2000.
# Javier Fernández-Sanguino Peña <[EMAIL PROTECTED]>, 2000.
# Santiago Vila <[EMAIL PROTECTED]>, 2000, 2001, 2004.
#
msgid "&quo
Package: alexandria
Version: 0.6.1-0.2
Severity: wishlist
Tags: l10n patch
Please use the attached PO file for the Spanish translation of Alexandria, I
reviewed it recently (January 21st) and provided to the spanish translator
which commited it to CVS [1] a few months ago.
Since a new release of
I forgot to attach the translation, here it is.
Javier
# Alexandria en Español.
# This file is distributed under the same license as Alexandria.
# Miguel Ãngel GarcÃa <[EMAIL PROTECTED]>, 2004
#
# Revisión: Javier Fernández-Sanguino <[EMAIL PROTECTED]>, 2006
#
msgid ""
msgstr ""
"Project-Id-
Package: nmap
Version: 4.00
Priority: wishlist
Tags: l10n
With the new reference Guide being made available in Nmap, a huge translation
effort has been done by translation teams all over the world. As a
consequence it is now translated to ten different languages:
Chinese, Croatian, French, Japane
On Mon, Mar 06, 2006 at 04:12:06AM +1100, David Murn wrote:
> Package: initscripts
> Version: 2.86.ds1-12
> Severity: important
>
> Like many others Im sure, I use my /tmp partition for storing files that I
> dont necessarily want to keep forever, but may for a short period of
> time. As such
Package: ntop
Version: 3:3.2-1
Priority: normal
Tags: patch
Ntop package default answer to the 'Which interface do you want to use?'
debconf question is eth0 and set to 'medium' priority. This is usually OK.
However, in a system which does not have 'eth0' (either because the default
interface is
Package: ntop
Version: 3:3.2-1
Priority: wishlist
Tags: patch
I find the init.d script provided for ntop somewhat lacking proper checks, so
I have included some sanity checks:
- check if the interfaces defined are UP, if they are not, abort with an error.
Rationale: ntop will fail to start if
On Wed, Mar 08, 2006 at 10:21:25PM +0100, Ola Lundqvist wrote:
> Thanks a lot for the patch.
You are welcome.
> A even better solution would be to set the interface configured as defult
> value if eth0 can not be found.
But there is no way you can know which interface the user might want to use.
On Wed, Mar 08, 2006 at 10:25:11PM +0100, Ola Lundqvist wrote:
> Hi
Hi.
> > - don't reload if the daemon is down
>
> Do it start instead then?
No, reload should just reload the daemon. If it's down it should do nothing
(i.e. it does not make sense to 'reload' a daemon which is not active.
> >
On Thu, Mar 09, 2006 at 07:18:43AM +0100, Ola Lundqvist wrote:
> > > > - don't reload if the daemon is down
> > >
> > > Do it start instead then?
> >
> > No, reload should just reload the daemon. If it's down it should do nothing
> > (i.e. it does not make sense to 'reload' a daemon which is not
After reporting lots of SPAM in the debian-lsb mailing list I've found these
which I cannot report due to the lack of a button:
http://lists.debian.org/debian-lsb/2005/07/msg0.html
http://lists.debian.org/debian-lsb/2005/07/msg2.html
http://lists.debian.org/debian-lsb/2005/07/msg6.htm
(Note: I missed Kurt's reply since he mailed the BTS but did not mail me
directly a copy...)
Hi, just a short message to let you guys know that the Nessus server <->
client communication is working perfectly fine with OpenSSL version 0.9.8a-7.
Thanks!
Javier
signature.asc
Description: Digital
merge 356651 356807
thanks
On Tue, Mar 14, 2006 at 09:20:36AM +0100, Bastian Blank wrote:
> There was an error while trying to autobuild your package:
Already reported, see 356651
Regards
Javier
signature.asc
Description: Digital signature
reopen 353151
thanks
They hal maintainer made a typo, this is a bug in 'john', not 'hal'.
Reopening bug.
Javier
signature.asc
Description: Digital signature
Package: mediawiki1.7
Version: N/A; reported 20070419
Priority: wishlist
Tags: l10n patch
Please use the attached PO file to update mediawiki1.7's translation (as
requested by Christian)
Please notice I've marked in the PO file several msgids that need REVIEW
since I belive they need to be fixed
On Sat, Apr 21, 2007 at 10:44:52AM -0700, Matt Kraai wrote:
> tag 419454 patch
> thanks
>
> The attached patch fixes this problem by changing fancyheadings to
> fancyhdr, which, according to the author of fancyheadings, is a
> 99%-compatible replacement.
Thanks. I'm going to try it out and uplo
tags 420408 moreinfo
thanks
> I did finish the upgrade eventually and the host booted OK etc, so the
> upgrade worked. But it was a bit tiresome, could be easier.
Sorry, but we would really appreciate if you submited the information for the
upgrade-report as described in
http://www.debian.org/
Package: texlive-latex-extra
Version: 2007-3
Priority: wishlist
This package, with an installed size of 126180 bytes actually installs 101752
bytes worth of contents under /usr/share/doc/!
That's just too much information being installed and deserves to be in an
independent package. IMHO there's
Package: openssh
Version: 1:4.3p2-11
Priority: wishlist
Tags: l10n patch
As requested by Christian Perrier, I'm attaching an updated and reviewed
Spanish translation for the po-debconf file after its review by
debian-l10n-english.
Regards
Javier
openssh-20070423.es.po.gz
Description: Binary
On Sat, Oct 06, 2007 at 10:25:09AM -0400, [EMAIL PROTECTED] wrote:
> Just to confirm that this bug still exists...
It looks like you have some crontab entries which trigger this bug, could
you please run
sh -x /usr/lib/tiger/scripts/check_crontabs 2>&1
And send me the output?
Regards
Javier
Package: clamav
Version: 0.91.2-4.es.po
Priority: wishlist
Tags: l10n patch
Please find attached the updated po-debconf translation of this package into
Spanish.
Thanks for including it in your next package upload,
Javier
# clamav debconf translation to spanish
# Copyright (C) 2004 Software in
On Sat, Oct 06, 2007 at 01:07:43PM -0400, [EMAIL PROTECTED] wrote:
> The workaround is obvious (expand @daily per the man page), but perhaps
> adding support for the extension would be a feature request?
Since the Tiger module does not care about when the task is executed it might
be better to jus
On Thu, Mar 29, 2007 at 05:59:01PM -0600, dann frazier wrote:
> Package: release-notes
>
> The current draft of the etch release-notes for ia64 contains a
> section about running lilo:
>
> http://www.debian.org/releases/etch/ia64/release-notes/ch-upgrading.en.html#s-rerunlilo
>
> This obviousl
On Wed, Apr 04, 2007 at 05:41:08PM +0300, =?UTF-8?Q? Martin-=C3=89ric?= Racine
wrote:
> >Sorry that we never got around to documenting this issue. As Sarge is
> >about to be replaced with Etch, I'm closing this request.
>
> Is that issue at least documented in Etch release notes? i.e. is the
> cu
701 - 767 of 767 matches
Mail list logo
