On Wed, Nov 16, 2016 at 1:58 PM, Pau Garcia i Quiles
wrote:
[...]
> OpenSSL 1.0 only
> =
[...]
> * Some obscure feature (e. g. BlaBla20) may be missing or be difficult
> to support on a limited number of packages (e. g. apache2)
[...]
Sorry, it's ChaCha20, not
ime.
Of course, that's just my suggestion. Feel free to disagree.
--
Pau Garcia i Quiles
http://www.elpauer.org
1.1.0 the
default for 1 year (and even then, we should be checking the case
where something links directly to one version of OpenSSL, and also
links to something that dlopen's some other version of OpenSSL).
Thank you
--
Pau Garcia i Quiles
http://www.elpauer.org
will generate suboptimal, if not straight insecure, software just for
their packages not to be removed, and/or to stop those "hey hey, RC bug on
you!" mails. Please, delay the "only 1.1 migration" for 1 year.
--
Pau Garcia i Quiles
http://www.elpauer.org
lication into an insecure application due to incorrect patches.
If possible, I would rather have both 1.0.2 and 1.1.0 in the archive, and
move to 1.1.0 as upstream moves. I do not feel comfortable at all touching
security-related stuff, it's not my specialty. Even less if we are talking
a
e I provide static libraries,
for the second use case I provide shared libraries.
One problem my users find is many libraries in Debian do not provide a
static library, rendering my static libraries useless.
--
Pau Garcia i Quiles
http://www.elpauer.org
not going to release more than
one snapshot a day (and I guess very few people do -- I rarely do!), then
it's something to consider, definitely. Hmmm I'll have to think what to do
next time I'm going to package snapshots! :-)
Thank you for sharing!
--
Pau Garcia i Quiles
http://www.elpauer.org
(Due to my workload, I may need 10 days to answer)
r release coincided with your birthday.
>
> I will use this scheme from now on:
>
> 0.4+20150911
>
>
What if you take a second snapshot on that day?
--
Pau Garcia i Quiles
http://www.elpauer.org
(Due to my workload, I may need 10 days to answer)
On Mon, Sep 14, 2015 at 11:04 AM, Jakub Wilk wrote:
* Pau Garcia i Quiles , 2015-09-14, 10:46:
>
>> 0.5+git20150531T211420-cdd9d98f2c-1~vivid~pgquiles1
>>
>
> Still shorter than 1.31~pre0.8052aabdd159bc9050e7dc264f33782c5acce05f-1.
> You're not trying hard enough.
if there are two snapshots in one
day, they may get the wrong sorting order due to the git commit id.
Do you think it's ugly? Wait to see what it gets to when I upload packages
to my Ubuntu PPA :-)
0.5+git20150531T211420-cdd9d98f2c-1~vivid~pgquiles1
IMHO it'd be great if we could standard
nnection is
available) or use a second ISO/USB.
- Do this no matter what hardware is available. E. g. many Broadcom wifi
chipsets provide Bluetooth too but Bluetooth and some advanced wireless
stuff (for instance, 802.11ac) will only work after loading the proprietary
firmware.
'"version":
"2\.[0-9]+\.[0-9]+"' /usr/lib/nodejs/uglify-js/package.json) ifeq
($(IS_UGLIFY2),)# Legacy: uglifyjs < 2.xMINIFIER_FLAGS=-c
--no-seqs -nc else# uglifyjs >= 2.x MINIFIER_FLAGS=-c
sequences=false endifelse MINIFIER=/usr/bin/yui-comp
'"version":
"2\.[0-9]+\.[0-9]+"' /usr/lib/nodejs/uglify-js/package.json) ifeq
($(IS_UGLIFY2),)# Legacy: uglifyjs < 2.xMINIFIER_FLAGS=-c
--no-seqs -nc else# uglifyjs >= 2.x MINIFIER_FLAGS=-c
sequences=false endifelse MINIFIER=/usr/bin/yui-comp
This repository is maintained by the official Debian/Ubuntu maintainer but
it is not endorsed or supported by Debian/Ubuntu."
Answering "yes" would install a /etc/apt/sources.list.d/wt.list file.
Is this acceptable? Has anyone ever done this and can talk about his
experience?
--
en done
in the past.
And before someone mentions it: I don't think it's too late. It's getting
too late because nobody with the right to act is doing anything. In the
end, our users are the ones being harmed and we are left wondering why they
are increasingly moving to other distrib
's not the first
time in Debian and it has happened in other distributions too) with what
goal?... forcing a worse library in technical regards? OMG. Pointless.
--
Pau Garcia i Quiles
http://www.elpauer.org
(Due to my workload, I may need 10 days to answer)
s. Looks
good to me. Maybe Andreas should have made a not-so-polite proposal?
--
Pau Garcia i Quiles
http://www.elpauer.org
(Due to my workload, I may need 10 days to answer)
k than 100 *really*
> minor security updates.
>
How is it better to have libav, which does a lot less security bugfixing,
in?
I'd rather have a library that fixes bugs than one that passes in order to
look "more secure". When in fact it's less.
--
Pau Garcia i Quiles
http://www
rouble with Qt right now because I'm using the commercial SDK
which indirectly uses ffmpeg to provide some codecs on Linux.
--
Pau Garcia i Quiles
http://www.elpauer.org
(Due to my workload, I may need 10 days to answer)
longer but easier to understand and
sorts as expected.
--
Pau Garcia i Quiles
http://www.elpauer.org
(Due to my workload, I may need 10 days to answer)
also include their own version of Skia.
--
Pau Garcia i Quiles
http://www.elpauer.org
(Due to my workload, I may need 10 days to answer)
make releases, tags, or anything like that. You download from Subversion
and the svn revision is all you have.
Is there a policy on how to package software that does not make releases?
http://en.wikipedia.org/wiki/Skia_Graphics_Engine
https://code.google.com/p/skia/
Thank you
--
Pau Garcia i Q
celona on 15-16 March 2014, where Debian enthusiasts from
> far and wide will gather to talk about the latest Debian changes
> and the Debian community, as well as to meet new and old friends.
>
[...]
Is this conference limited to women only? (it's not clear from the CfP or
the webs
I still do not understand why libav to take over the name
ffmpeg in the archive
--
Pau Garcia i Quiles
http://www.elpauer.org
(Due to my workload, I may need 10 days to answer)
XFCE could be an
interesting talk, BTW.
--
Pau Garcia i Quiles
http://www.elpauer.org
(Due to my workload, I may need 10 days to answer)
you
choose what (broad) features you want in the install image, dependencies
are automagically added, install image is generated and downloaded.
--
Pau Garcia i Quiles
http://www.elpauer.org
(Due to my workload, I may need 10 days to answer)
nes which only have a CD
reader can use USB or an external DVD unit and let the project move to
DVDs.
--
Pau Garcia i Quiles
http://www.elpauer.org
(Due to my workload, I may need 10 days to answer)
tem-market-share.aspx?qprid=11&qpcustomb=0
Five year old desktop doesn't matter as long as you can install recent
applications. That's not a problem on Windows or Mac, and it's not a
problem on Linux (or any other Unix) either thanks to RPATH/RUNPATH with
$ORIGIN .
--
Pau Garcia i
7;t respond?
>
>
Then, and only then, as a last resort, the Security Team / LTS Team takes
care of the problem
--
Pau Garcia i Quiles
http://www.elpauer.org
(Due to my workload, I may need 10 days to answer)
On Tue, Aug 27, 2013 at 12:03 PM, Lars Wirzenius wrote:
On Tue, Aug 27, 2013 at 11:53:47AM +0200, Pau Garcia i Quiles wrote:
> > But I'd like to stress we need *all* developers to be involved fix bugs
> > (esp. security) in their packages in all the supported releases, not on
;s how I'd like the Security Team to work. It would
alleviate the burden on them and move the bugfixing/security fixing to the
people who know the package better and are probably in touch with upstream.
--
Pau Garcia i Quiles
http://www.elpauer.org
(Due to my workload, I may need 10 days to answer)
e, especially if we
want 5 years support for the *whole* archive (IMHO Ubuntu did a smart move
in regards to support when it split the archive in main/universe/multiverse
and decided to support only main).
--
Pau Garcia i Quiles
http://www.elpauer.org
(Due to my workload, I may need 10 days to answer)
th are real problems, regardless of why DreamHost decided to
give up on Debian.
--
Pau Garcia i Quiles
http://www.elpauer.org
(Due to my workload, I may need 10 days to answer)
o, IMHO we need to do something. Debian is losing relevance as
an "installation" release and it's becoming more and more an "upstream for
distributions" (Ubuntu, Mint, etc), like SourceForge or GitHub are for us
:-(
--
Pau Garcia i Quiles
http://www.elpauer.org
(Due to my workload, I may need 10 days to answer)
hem? When I backport
something, I send it to upstream as a courtesy, in case they want to
release a patch version, not because I expect them to give me the OK
--
Pau Garcia i Quiles
http://www.elpauer.org
(Due to my workload, I may need 10 days to answer)
we won't
> have an LTS.
Maybe I'm wrong but I fail to see why "security support for LTS" should be
a different team than "security support for stable". To me, it should be
the same team, and maintainers and packages should be #1 in the list of
people to work on fixes, as I said above.
--
Pau Garcia i Quiles
http://www.elpauer.org
(Due to my workload, I may need 10 days to answer)
or RHEL, SLES and Ubuntu LTS due to customers
asking. That's why there is an option to "load drivers from disk" at the
very beginning of installation (isolinux prompt) on RHEL, SLES and Ubuntu.
--
Pau Garcia i Quiles
http://www.elpauer.org
(Due to my workload, I may need 10 days to answer)
f support (because we won't release the next version until at
least 1 year later) + 6 months
- In April 2016 we release Debian 10.0. LTS release. It will get again 3
years of updates and 5 years of security updates. This means support for
Debian 9.0 will end in October 2016 (LTS release date + 6 m
stable versions of
Debian would help (3 years?).
Also, many advanced users of Ubuntu end up contacting the Debian packager
for updates, fixes, backports, etc Even through Launchpad directly (the
Debian maintainer is shown as the package maintainer and receives e-mail
automatically)
--
Pau Garcia i Q
hiago Macieira: C++11 use in Qt5: Challanges and Solutions -
http://www.youtube.com/watch?v=olSSGA_nD1Q
[4] http://lists.boost.org/Archives/boost/2013/05/203762.php
<http://www.youtube.com/watch?v=olSSGA_nD1Q>--
Pau Garcia i Quiles
http://www.elpauer.org
(Due to my workload, I may need 10 days to answer)
b for a
> couple of years. We recently ran Mayhem on almost all ELF binaries of
> Debian Wheezy (~23K binaries) [2], and it reported thousands of
> crashes.
>
--
Pau Garcia i Quiles
http://www.elpauer.org
(Due to my workload, I may need 10 days to answer)
aving any data,
> configuration or customization of the old machine behind.
>
http://tldp.org/HOWTO/Hard-Disk-Upgrade/
It just needs an update to the latest changes in FHS (/run, /sys, etc),
replace LILO with grub, etc
--
Pau Garcia i Quiles
http://www.elpauer.org
(Due to my workload, I may need 10 days to answer)
been
available for one solid month :-/
-- Forwarded message --
From: Pau Garcia i Quiles
Date: Fri, May 31, 2013 at 10:09 AM
Subject: Fwd: Debian RT
To: secur...@rt.debian.org
Cc: secur...@debian.org, t...@security.debian.org, Vincent Bernat <
ber...@debian.org>
Hello,
I
On Fri, May 17, 2013 at 4:31 AM, Chow Loong Jin wrote:
> On 17/05/2013 01:01, Pau Garcia i Quiles wrote:
> >
> > Patch releases are NOT available as zip files and the list of
> wrongdoings is long:
> > - Patch releases are only available
#x27;ing and sanitizing the
proper commit/tag
Advantage: always the same packaging, always the right version
Problem: ignoring upstream's zip files (is this a real problem?)
I cannot be the only one suffering from this kind of problems. What have
others done in the past?
Thank you
--
Pau
t really like (no dput, censored main archive, etc).
--
Pau Garcia i Quiles
http://www.elpauer.org
(Due to my workload, I may need 10 days to answer)
ed the
latest changes introduced by libjpeg8:
http://mail.kde.org/pipermail/digikam-devel/2013-January/066256.html
Why should Debian use a library which generates non-standard JPEG files?
And it's even worse for libjpeg9, IIUC from that discussion in the Digikam
mailing list.
--
Pau Garcia i Qui
Key ID 0x25771B31
> mail: mike.gabriel@das-netzwerkteam.**de,
> http://das-netzwerkteam.de
>
> freeBusy:
> https://mail.das-netzwerkteam.**de/freebusy/m.gabriel%40das-**
> netzwerkteam.de.xfb<https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb>
--
Pau Garcia i Quiles
http://www.elpauer.org
(Due to my workload, I may need 10 days to answer)
oo much,
everywhere, one could say it's fashionable.
--
Pau Garcia i Quiles
http://www.elpauer.org
(Due to my workload, I may need 10 days to answer)
ot noticed)
* FLOS = FreeDesktop.org + Linux + we don't care about non-Linux, NOT Free
Libre Open Source
--
Pau Garcia i Quiles
http://www.elpauer.org
(Due to my workload, I may need 10 days to answer)
mple, super-fast,
super-minimal and super-brilliant udev replacement any minute now.
--
Pau Garcia i Quiles
http://www.elpauer.org
(Due to my workload, I may need 10 days to answer)
--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Co
nrelated
> packages, possibly many of them, will become RC-instabuggy.
I'd say it's not a problem.
If one day the package containing the corresponding source vanishes
from the archive, the other package (witty, in my case) would not be
buildable, as witty build-depends on libjs-jquer
s tarball. But what's FTP masters stance on this?
--
Pau Garcia i Quiles
http://www.elpauer.org
(Due to my workload, I may need 10 days to answer)
--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Troub
a minifier may use generate
shortened variable names randomly.
--
Pau Garcia i Quiles
http://www.elpauer.org
(Due to my workload, I may need 10 days to answer)
--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Co
On Sat, Aug 18, 2012 at 8:06 PM, Jakub Wilk wrote:
> * Pau Garcia i Quiles , 2012-08-17, 13:39:
>
>>> 3) Make a new source package containing every jQuery version existing in
>>> the wild, then build depend on that.
>>
>> FTP Masters do not like that soluti
s of this?
>> http://lintian.debian.org/tags/source-contains-prebuilt-windows-
> binary.html
>
> This includes:
>
> tcltrf (source)
> * win/msvcrt.dll
>
> This is part of Windows. I don't expect Debian has been granted
> permission to distribute it. :)
Are you sur
sing libjs-jquery, I don't need to repack the source tarball
- If upstream is including a a Win32 DLL but I'm not using it for
anything, I don't need to repack the source tarball
etc
--
Pau Garcia i Quiles
http://www.elpauer.org
(Due to my workload, I may need 10 days to answer)
minified JavaScript file, which is distributed under full
compliance with jQuery's license and we have the full source
(un-mininified) and the package build-depends on libjs-jquery and the
package does not use the minified file at all? Give me a break.
--
Pau Garcia i Quiles
http://www.elpauer
or anything?) The users is
not expected to modify jquery.min.js ever, if he wants to rebuild the
binaries for witty, he is expected to modify libjs-jquery.
--
Pau Garcia i Quiles
http://www.elpauer.org
(Due to my workload, I may need 10 days to answer)
--
To UNSUBSCRIBE, email to debian-devel-
On Fri, May 4, 2012 at 6:53 PM, Steve Langasek wrote:
> Hi Pau,
>
> On Fri, May 04, 2012 at 04:24:21PM +0200, Pau Garcia i Quiles wrote:
>> Regarding the often-mentioned "many users run 'node script' from the
>> command-line"... so what? If we can get enou
install nodejs from source to be able to
> use it instead of install it via the package manager.
>
> Regards,
>
> Carl Fürstenberg
>
>
> --
> To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact lis
re a bit ugly but still look sensible
--
Pau Garcia i Quiles
http://www.elpauer.org
(Due to my workload, I may need 10 days to answer)
--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm
On Thu, Nov 10, 2011 at 9:28 AM, Fabian Greffrath wrote:
> Am 09.11.2011 17:04, schrieb Pau Garcia i Quiles:
>>
>> Yes, that would be my advice. Unfortunately mingw32 is now too far
>> behind mingw-w64. The fork has become better than the original
>> project.
>
it
> into packages targeting i686-w64-mingw32 and x86_64-w64-mingw32). Right?
Yes, that would be my advice. Unfortunately mingw32 is now too far
behind mingw-w64. The fork has become better than the original
project.
--
Pau Garcia i Quiles
http://www.elpauer.org
(Due to my workload, I may nee
hreading better.
Back then there were some concerns about mingw-w64 reverse
engineering/clean room practices, but they were not justified and have
been fully cleared.
--
Pau Garcia i Quiles
http://www.elpauer.org
(Due to my workload, I may need 10 days to answer)
--
To UNSUBSCRIBE, email to debi
ls-mingw-w64.
>
> Is there a principle behind all this or where can I help to clean this up?
> ;)
>
> Cheers,
> Fabian
>
>
> --
> To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmas...@l
e what's worse: a malfunctioning application or an insecure one.
Zygmunt's proposal of adding unit testing, etc to upstream is a noble
one but highly unrealistic, IMHO.
--
Pau Garcia i Quiles
http://www.elpauer.org
(Due to my workload, I may need 10 days to answer)
--
To UNSUBSCRI
On Thu, Oct 27, 2011 at 11:34 AM, Zygmunt Krynicki
wrote:
> W dniu 27.10.2011 11:22, Pau Garcia i Quiles pisze:
>
>> I said this in the original thread and I'll repeat it here: if we have
>> the non-minified JavaScript, then I see no problem in providing only
>> the m
the minified JavaScript, ignore both of them and do same as 3
--
Pau Garcia i Quiles
http://www.elpauer.org
(Due to my workload, I may need 10 days to answer)
--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@
be README.Debian should mention "this package embeds the JavaScript
library XXX which is available independently in package libjs-XXX (source
package: libjs-XXX) :-?
--
Pau Garcia i Quiles
http://www.elpauer.org
(Due to my workload, I may need 10 days to answer)
Package: wnpp
Severity: wishlist
Owner: Pau Garcia i Quiles
Please note Spokify 1.0 is not available yet (it will be in a couple of
weeks, according to the author). I am submitting this ITP so that the ITP
for libopenspotify (which Spokify depends on for now) I filed a while
minutes ago is
Package: wnpp
Severity: wishlist
Owner: Pau Garcia i Quiles
* Package name: libopenspotify
Version : 20100217
Upstream Author : Noah Williamsson
* URL : http://eternalmedia.se/openspotify/
* License : BSD
Programming Lang: C
Description : an
: http://projects.tevs.eu/osgppu/downloads/osgPPU-0.4.0.tar.gz
--
Pau Garcia i Quiles
http://www.elpauer.org
(Due to my workload, I may need 10 days to answer)
--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Conta
by the Kopete IM application since KDE
4.2.
.
Download URL:
http://downloads.sourceforge.net/libmsn/libmsn-4.0-beta1.tar.bz2?modtime=1226519186&big_mirror=0
--
Pau Garcia i Quiles
http://www.elpauer.org
(Due to my workload, I may need 10 days to answer)
--
To UNSUBSCRIBE, email to [EM
Quoting Adeodato Simó <[EMAIL PROTECTED]>:
* Pau Garcia i Quiles [Fri, 28 Mar 2008 11:36:59 +0100]:
* Package name: witty
Wt (pronounced 'witty') is a C++ library and application server for
developing and deploying web applications.
If the author names their softwa
Package: wnpp
Severity: wishlist
Owner: Pau Garcia i Quiles <[EMAIL PROTECTED]>
* Package name: witty
Version : 2.1.0
Upstream Author : EmWeb bvba
* URL : http://webtoolkit.eu/
* License : dual licensed (GPLv2, commercial)
Description : C++ web fra
76 matches
Mail list logo