Re: xz backdoor

There's also a very through exploration at https://github.com/amlweems/xzbot Including, very interestingly, a discussion of format(s) of the payload(s), and a mechanism to replace the backdoor key to play with executing commands against a popped sshd, as well as some code to go along with it.

Re: xz backdoor

On Tue, Apr 2, 2024 at 5:12 PM Pierre-Elliott Bécue wrote: > If you have a master key on your laptop, when a yubikey is in, while > running gpg --edit-key your_main_key, you can use the "addcardkey" to > create a subkey on the Yubikey directly. > Yeah, seconded for sure. This is the

Re: Questionable Package Present in Debian: fortune-mod

On Sat, Aug 19, 2023 at 2:29 PM Roberto C. Sánchez wrote: > The reasons why the FTP masters might reject a package from the archive > are public [0]. Nowhere on the list is there an entry that says > "somebody doesn't like this package" or "it has stuff that might offend > someone" as a valid

Re: Legal advice regarding the NEW queue

I seemed to remember we retain actual outside council last i knew. Is that still the case? This request ought to come from the ftp team if we do do this, fwiw Paul On Tue, Feb 1, 2022, 4:12 AM Stephan Lachnit wrote: > On Mon, Jan 31, 2022 at 10:47 AM Jonathan Carter wrote: > > > > As for

Mass filing on Python 3.7 async module import?

Hey DPMT (BCC'ing -devel, let's keep conversaion on DPMT), I see that Python 3.7 now raises a syntax error when you try to import a module that is named `async`. ``` $ python3.6 Python 3.6.6 (default, Jun 27 2018, 14:44:17) [GCC 8.1.0] on linux Type "help", "copyright", "credits" or "license"

Re: Debian 9: FAILED to start Network Time Synchronization. systemd-timesyncd.service' with boot...

I had a similar bug on my machine that was due to a missing systemd-timesyncd user. I didn't report it because I assumed it was user error Paul On Jan 13, 2018 11:57 AM, "Simon McVittie" wrote: > On Sat, 13 Jan 2018 at 13:50:00 +0100, André Verwijs wrote: > > Debian 9:

Bug#886238: Please introduce official nosystemd build profile

Conversely, if the patches are invasive and unmaintainable, its not on Debian to merge them. On Jan 3, 2018 9:09 AM, "Wouter Verhelst" wrote: On Wed, Jan 03, 2018 at 01:59:05PM +0100, Andrew Shadura wrote: > Hi, > > On 3 January 2018 at 13:12, Hleb Valoshka <375...@gmail.com>

Re: dput: Call for feedback: What should change? What should stay the same? [and 1 more messages]

FWIW, I don't think any of the dput-ng hackers particularly mind if it changes, changing API could just happen for both together, at the same time. Or maybe just consolidate :) Paul On Dec 28, 2016 4:34 PM, "Ian Jackson" wrote: > Ben Finney writes ("dput: Call

Re: Autogenerated -dbgsym packages made my package by REJECTed

IIRC it will, it stores seen signature hashes On Oct 29, 2016 7:29 PM, "Ian Jackson" wrote: > Julien Cristau writes ("Re: Autogenerated -dbgsym packages made my package > by REJECTed"): > > Right, fasolo had jessie's lintian. Upgraded to jessie-backports now, >

Re: Bug#824057: ITP: bitkeeper -- source code management system

http://www.openwall.com/lists/oss-security/2016/05/10/5 <-- link to that discussion! On Wed, May 11, 2016 at 4:55 PM, Russ Allbery wrote: > Daniel Stender writes: > >> Distributed source control management/revision control system. Known as >> being used for

Re: golang naming scheme (was: re Bug#819591: ITP: golang-github-peterbourgon-diskv)

That's correct. This is no different than saying the Python importable name is the package name. And why we see stuff like: python-foo.bar, since you import foo.bar. You import that URL. The package name is just the import name. No different than Python. Cheers, Paul On Thu, Mar 31, 2016 at

Re: oauth2 sprint at DebConf?

Sure. I'll show up. I've implemented oauth2 for stuff at work, and I know a bit about consuming it. If we had an oauth2 project in Python (3), I'd love to add support for U2F keys too! Cheers, Paul On Fri, Apr 24, 2015 at 11:09 AM, Antonio Terceiro terce...@debian.org wrote: On Thu, Mar 19,

Re: Sources licensed under PHP License and not being PHP are not distributable

Unless its renamed AFAICT. T On Jul 7, 2014 4:19 AM, The Wanderer wande...@fastmail.fm wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 07/07/2014 03:39 AM, Thomas Goirand wrote: On 07/01/2014 05:22 AM, Clint Byrum wrote: Unless I'm mistaken, the wording in the PHP license

Re: MATE 1.8 has now fully arrived in Debian

+1 :) On Jul 1, 2014 6:39 PM, Norbert Preining prein...@logic.at wrote: On Wed, 02 Jul 2014, Thomas Goirand wrote: I don't think so. I think it encourages to be more easy going, and have fun, but never mind. Let's keep Debian boring^W^Wportland weird. :) +1 Fun is missing, humour even

Re: Sketches and diagrams in open source software development

I've got some I drew up, I'll add them shortlyish On Jan 30, 2014 1:10 AM, Paul Wise p...@debian.org wrote: On Wed, Jan 29, 2014 at 9:29 PM, Sebastian Baltes wrote: Any ideas where I can find sketches and diagrams that are related to the development of Debian? I just created a page of

Re: Bug#729660: ITP: xemacs21 -- highly customizable text editor

Out of curiosity, how do you plan on solving it's six rc bugs? On Nov 15, 2013 9:10 AM, Mark Brown broo...@debian.org wrote: On Fri, Nov 15, 2013 at 01:29:50PM +0100, Alberto Garcia wrote: On Fri, Nov 15, 2013 at 12:02:18PM +, Mark Brown wrote: * Package name: xemacs21

Re: Bug#727708: Arguments for tech-ctte (Was: Proposal: let’s have a GR about the init system)

This has now been discussed ad nauseam. Can we please stop posting about this on -devel and let the tech-ctte work? Thanks, Paul On Fri, Nov 8, 2013 at 10:30 AM, John Paul Adrian Glaubitz glaub...@physik.fu-berlin.de wrote: On 11/08/2013 02:54 PM, Marko Randjelovic wrote: Additional

Re: Decision on R datasets

(On my phone) The real question is it less *distributable*? If its GPL and contains things *not* in preferred form, I'd say yes, that would be less distributable, since its a GPL violation and results in breech of license - which means we can't distribute. My 2 cents (as a DD), Paul On Sep 21,

Re: Nitpicking in the NEW queue.

On my phone, excuse the Cc and (I'm guessing HTML mail) Hi, Charles. On Sep 1, 2013 10:59 PM, Charles Plessy ple...@debian.org wrote: Answering on a broader audience because I think that there is really a drift from ensuring archive integrity to massive and arbitrary top-down nitpicking. Le

Re: Bug#704124: codename 'rc-buggy' not handled correctly

Just as unstable has sid, experimental is rc-buggy, the rc car from toy story. Hilarious joke :) T On Mar 28, 2013 6:36 AM, John Paul Adrian Glaubitz glaub...@physik.fu-berlin.de wrote: On 03/28/2013 11:21 AM, Julien Cristau wrote: rc-buggy is not a codename, it's a bad joke. Don't use

Re: DM upload permission

On Mar 6, 2013 8:09 AM, Holger Levsen hol...@layer-acht.org wrote: On Mittwoch, 6. März 2013, Paul Tagliamonte wrote: Fwiw since it is backwards compatible, dput-ng works fine from git in-place your point being? If you don't want to, you don't have to purge the old dput, as you seemed