only
> do this for smaller applications than something like MariaDB/MySQL due
> the testing effort needed.
They solve completely different problems, though. One handles PAM
sessions, the other handles services.
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
]] Daniel Black
> How User= systemd directives work with lbpam-tmpdir I'm not sure,
> however without a setuid there shouldn't be an invalid TMPDIR env
> variable there.
systemd doesn't start a new PAM session for services, so there's no
interaction there.
--
Tollef Fog Heen
UNI
]] Robie Basak
> On Thu, Nov 10, 2022 at 05:37:53PM +0100, Tollef Fog Heen wrote:
> > I think it's more wide than that: If you change UID, you need to
> > sanitise the environment. Your HOME is likely to be wrong. PATH might
> > very well be pointing at directories whic
t maintainer scripts can have
about the environment they're running in, and how do we make those
expectations hold? This should probably then be documented in policy.
Cheers,
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
o
ahead.
Cheers,
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
sing the file name and the
uploader gets an error message, I don't know.)
Cheers,
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
led packages match what exist in those
sources, or have a passlist in the «receive report» stage on the server
that looks at which distribution is being reported for and validate that
those packages (and possibly versions) exist or have existed in the
past.)
--
Tollef Fog Heen
UNIX is user friendl
ly not GPLv3.
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
]] Hanno 'Rince' Wagner
> Hi everbody,
>
> On Sun, 24 Apr 2022, Tollef Fog Heen wrote:
>
> > I don't think we have docs for running with a different root of trust
> > than MS'. To be honest, I'm not sure we even _should_ have a lot of docs
> > around it,
with the instructions without understanding
the implications.
As for it being more secure, for that to be a good and meaningful
discussion, we have to agree on what the threat model is. What's the
threat you want to protect against by using your own or Debian's keys?
--
Tollef Fog Heen
UNIX is user f
which means it needs to be somewhere we manage, and treat
source packages as generated artifacts that can't be turned back into
the actual source.
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
-sensitive software in C, so I'm going to ask for its removal
unless it's adopted by somebody fairly quickly.
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
ails from a Debian
> machine via POP? I really would love to separat ma Debian box
> fromothers.
We (debian/DSA) do not provide email hosting. We provide email
forwarding.
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
good thing overall. I should
probably upload it just to get some of the dust off it.)
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
]] Adrian Bunk
> Something will break (like in the mlocate case), and people might only
> start noticing when they are doing fresh installs of buster after the
> release.
Which mlocate case is this?
--
Tollef Fog Heen, mlocate maintainer
UNIX is user friendly, it's just picky abou
stemd setup; in sysvinit it's in rc2.d,
whereas with systemd it just waits for apparmor.service,
system-random-seed.service and systemd-tmpfiles-setup.service, so the
risk of it being blocked is much smaller.
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
ll
for it, by logging to an mmap-ed file and using that as a circular
buffer.
While Varnish is certainly an extreme case, I'd be surprised if it's the
only one doing something that doesn't fit into a traditional syslog
model.
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
unlike your option number three,
but without the guarantee part. That's an essential point of the
reproducible builds effort: if you build the same sources, you should
end up with the same binary. A question is how far does that goal
stretch?
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
]] Russ Allbery
> Tollef Fog Heen writes:
>
> > I think we should (over time) aim towards non-reproducible builds being
> > release critical bugs, and I think «builds differently in an unclean
> > chroot» is a class of non-reproducibleness we need to tackle («fails to
&
e whether or not that bug
> is RC.
Build-Conflicts should ideally only be used when properly fixing what
causes the difference in behaviour to be hard to fix. If it's possible
without expending too much effort, one should rather try to fix what
causes the problem rather than working around it.
If people want English output, they should set their locale parameters
appropriately.
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Sun, 27 Jan 2019 05:56:33 +0100
Source: pkg-config
Binary: pkg-config
Architecture: source
Version: 0.29-6
Distribution: unstable
Urgency: medium
Maintainer: Tollef Fog Heen
Changed-By: Tollef Fog Heen
Description:
pkg-config
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Thu, 24 Jan 2019 10:01:45 +0100
Source: pkg-config
Binary: pkg-config
Architecture: source
Version: 0.29-5
Distribution: unstable
Urgency: medium
Maintainer: Tollef Fog Heen
Changed-By: Tollef Fog Heen
Description:
pkg-config
ise, this looks like a good idea to me.
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
ent
setup is wrong.
One problem with providing outbound SMTP service is that we'd end up
with a bunch of user support requests when inevitably something didn't
work. DSA already has enough work to do that we'd rather not have that
extra load.
--
Tollef Fog Heen
UNIX is user friendly, it's just picky
e:
For the record, the TC expects maintainers to continue to support the
multiple available init systems in Debian. That includes merging
reasonable contributions, and not reverting existing support without
a compelling reason.
Cheers,
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
a, stuff 3 years old gets dropped from
> the official drivers while 2 years old doesn't get Linux support yet -- and
> nouveau has problems on its own.
es2gears_x11 works fine on my GF116 board (release date: 2011-03-15)
using the proprietary drivers (on an otherwise testing system).
-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Wed, 14 Nov 2018 20:04:27 +0100
Source: mlocate
Binary: mlocate
Architecture: amd64 source
Version: 0.26-3
Distribution: unstable
Urgency: medium
Maintainer: Tollef Fog Heen
Changed-By: Tollef Fog Heen
Closes: 602485 770699
he WAT/MIA dance. If
people can't be bothered to reply to a single email saying «yup, another
year please» with some reasonable amount of pinging and time to reply,
they are effectively MIA, at least if they haven't let people know on
-private or similar.)
--
Tollef Fog Heen
UNIX is user friend
]] Michael Stone
> On Tue, Oct 23, 2018 at 10:05:35PM +0200, Tollef Fog Heen wrote:
> >We should not be in the business of distributing known-vulnerable
> >software. There are practical considerations around point releases and
> >such which makes this not-really-true for a
each point release. If
you look cdimage.d.o, we are only distributing the latest point release.
I think the same standard should apply to cloud images.
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
G installed on the system» and let the user know
that? No need to actually disable PGP support.
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
]] Ivan Shmakov
> >>>>> Sune Vuorela writes:
> >>>>> On 2018-10-21, Jonas Smedegaard wrote:
> >>>>> Tollef Fog Heen writes:
>
> [I see I’ve managed to botch References: for the
> news:linux.debian.devel readers; my ap
on gnupg. It's the kind of dependencies
that individually make sense, but where libgpgme11 should probably
have a Recommends: gnupg, not Depends.
This is pretty easy to find out by using apt-file show $package and
apt-cache show $package, btw.
--
Tollef Fog Heen
UNIX is user friendly, it's j
]] Anthony DeRobertis
> This works at least as far back as Wheezy.
IIRC, I wrote the patches for this in the hacklab (aka the
decommissioned church) at Debconf 7 in Edinburgh. Guillem wrote code
based on that, which was merged mid-2010.
--
Tollef Fog Heen
UNIX is user friendly, it's j
g it's small enough, using a pipe (or possibly a FIFO) could
work. That's kernel memory and iirc it won't be swapped out. (I'm
happy to be corrected on this, I'm basing it on what I've heard before
and my recollection of it.)
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Sat, 09 Jun 2018 22:33:23 +0200
Source: sash
Binary: sash
Architecture: source
Version: 3.8-5
Distribution: unstable
Urgency: medium
Maintainer: Tollef Fog Heen
Changed-By: Tollef Fog Heen
Description:
sash - Stand-alone
]] Russell Stuart
> On Thu, 2018-06-07 at 18:14 +0200, Tollef Fog Heen wrote:
> > Packages does not imply automation (lots of people maintain machines
> > by logging into each one and running apt by hand and $EDITOR on their
> > configuration files; I suspect this ap
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Thu, 07 Jun 2018 21:43:54 +0200
Source: norwegian
Binary: inorwegian wnorwegian aspell-no myspell-nb myspell-nn
Architecture: source
Version: 2.2-4
Distribution: unstable
Urgency: medium
Maintainer: Tollef Fog Heen
Changed
ose few things that they care about deeply is more
> dubious and often doesn't add much value for them.
This is a good point.
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
he hosts and maintain those,
but we don't run all our services, so we'd rather not be on the critical
path for updating various services (which we'd need to be if those came
from packages).
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
ely.
We'd like somebody else to run the service since we already have plenty
enough to do and there's no real reason for it to be something that
needs to be provided by DSA.
Cheers,
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
ve yet to
discuss it.)
Cheers,
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
t the most fun job in the
world, but it's at least possible to automate somewhat.
I'm curious what, if anything, we can do to better support the second
model. In particular because (as you note) it's very much in vogue with
lots of upstreams those days.
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
]] Ian Jackson
There is still no need to Cc folks on Debian lists unless explicitly
requested.
> Tollef Fog Heen writes ("Re: udftools, pktsetup and init scripts"):
> >] Pali Rohár
> >
> > > What do you think about moving pktsetup into own binary package?
e it over. (I'm the maintainer.)
Cheers,
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
he primary effort of
maintaining your package is updating the Standards-Version header then
just don't include it?
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
of «on error: exit» is useful, especially for
simplistic control loops.)
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
policy, this is considered a
> serious bug.
No, it's not. Not complying with policy is anything from wishlist to
critical all depending.
> We would spare a lot of developer time by not using this field
> anymore.
I don't think so, I think we save quite a bit of effort by having it due
to
t such thing probably needs more discussion or announcement in
> changelog... etc... as existing system configurations needs to be
> updated.
If you do split it, udftools need to depend on pktsetup for the next
release at least so people don't lose that functionality.
--
Tollef Fog Heen
UNI
ith the
> aa-disable command).
I think they (in general) should be RC for whatever is shipping the
buggy apparmor profile.
Having packages that are broken out of the box is not the kind of distro
we should be shipping.
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
]] Simon McVittie
> On Thu, 05 Oct 2017 at 21:43:20 +0200, Tollef Fog Heen wrote:
> > However, if you just do the IMO more common sudo $command, you get a lot
> > more:
> >
> > $ sudo env | wc -l
> > 87
>
> Is that under default configuration? My /etc/s
and
adds some SUDO_* settings.
However, if you just do the IMO more common sudo $command, you get a lot
more:
$ sudo env | wc -l
87
It does clean up PATH, but it does not filter out my normal settings, so
say, LESS and LESSOPEN leak through to dpkg.
--
Tollef Fog Heen
UNIX is user friendly, it's j
]] Ivan Shmakov
> >>>>> Tollef Fog Heen <tfh...@err.no> writes:
> >>>>> Ivan Shmakov
> >>>>> Hans-Christoph Steiner <h...@eds.org> writes:
>
> >>> Package: dpkg-dev
>
> >>> More and more packag
etween it and bokmaal so that
people without Norwegian keyboard (or without compose keys) can type it
too, but the canonical name is bokmål, not bokmaal.
(I see there's a small bug where the symlink is the wrong way around,
I'll get that fixed.)
å is in latin1, though so fonts should not be a problem in y
y could
implement the APIs and produce, say, PDFs, or print using a hand-built
printer. For the first case, you could easily run that on a general
purpose system.
You say that the requirement for an implementation to be useful is
orthogonal to whether it's suitable for main. Does that also hol
tes that can't be
packaged. Having the source (and redistribution rights) to some cloud
provider's software would not really put us that much closer to having
what they offer and make them attractive.
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
]] Adrian Bunk
> On Fri, Aug 18, 2017 at 10:07:49PM +0200, Tollef Fog Heen wrote:
> > ]] Adrian Bunk
> >...
> > The PCI consortium extended the deadline until June
> > 2018. Assuming that deadline holds, people with older machines will not
> > be able to acces
r. «We need to do this because this change is coming, whether we
want it or not.»
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Sun, 30 Jul 2017 09:59:51 +0200
Source: librt-extension-commandbymail-perl
Binary: librt-extension-commandbymail-perl
Architecture: source all
Version: 3.00-1
Distribution: unstable
Urgency: medium
Maintainer: Tollef Fog Heen <
hat version out of the box (isync being referred to elsethread).
Finding and fixing those bugs is good.
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Thu, 20 Jul 2017 19:57:07 +0200
Source: norwegian
Binary: inorwegian wnorwegian aspell-no myspell-nb myspell-nn
Architecture: source all amd64
Version: 2.2-3
Distribution: unstable
Urgency: medium
Maintainer: Tollef Fog Heen <
ted from the archive. (Yes, we'd need to publish
them somewhere and record where they came from and there's a lot of
practical questions.)
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Sun, 16 Jul 2017 19:13:30 +0200
Source: sash
Binary: sash
Architecture: source amd64
Version: 3.8-4
Distribution: unstable
Urgency: medium
Maintainer: Tollef Fog Heen <tfh...@debian.org>
Changed-By: Tollef Fog Hee
]] Marc Haber
> On Thu, 13 Jul 2017 19:37:52 +0200, Tollef Fog Heen <tfh...@err.no>
> wrote:
> >]] Marc Haber
> >> My finger memory will still type tcpdump -i eth0 before the brain can
> >> intervene ten years from now.
> >
> >In that partic
emainAfterExit=yes
[Install]
WantedBy=multi-user.target
work to hook into when a link unit is activated?
(Or just a Wants and Before in the foo.link unit)
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
mer files in /etc/udev/rules.d
> anyway. At least that's what I do.
FWIW, I've (almost) never done this. I generally just use the provided
names and don't really care what they are as long as they don't jump
around.
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
appens on. YMMV, of course.
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
ve with PRs.
I'm not sure why this is very useful. It can, in some cases, be a
useful data point, but in general, as the maintainer, I'll want to
review the patch in the same way no matter whether it came from somebody
with a key in the keyring or not.
--
Tollef Fog Heen
UNIX is user friendly,
ystems are free to implement them if they so want.
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
l/mostly due to the
> use of metapackages.
A package can only be in a single section.
I'd look at tagging the packages with debtags and doing a debtags search
on installed packages instead of faffing with metapackages.
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
ld talk to Packagecloud and see if they're interested. Not sure
what the size of the repo is, their open source offering is for up to
25G.
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
]] Akash Sarda
> Description : Create a MD5 hash with hex encoding
node-md5-o-matic provides an md5 function that seems to do the same, can
you use that instead?
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
]] Aarti Kashyap
Hi,
> Description : Get the PATH environment variable key cross-platform
This seems to be a subset of what node-osenv provides, can you use that
instead?
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
iption : Cross-platform home directory retriever
>
> This Script can retrieve your Home Directory
Do we need a fourth node.js package to do this? We already have
node-resolve-dir, node-expand-tilde and node-osenv which all seems to do
the same.
--
Tollef Fog Heen
UNIX is user friend
t-ip-address-configuration/ :
config ipif System ipaddress 192.168.2.2/24
Cisco does it differently, and I'm sure some others do too, but the
$ip/prefixlen notation is pretty common in the networking world at
least.
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
]] Josh Triplett
> Does this seem like a reasonable approach?
I think it sounds fine, but please remember that it's pkg-config, not
pkgconfig. :-)
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
]] Pirate Praveen
> Description : Check if gulplog is available before attempting to
> use it
Is there a node-has-has-gulplog too, to check for if has-gulplog is
available before attempting to use it? This package sounds a bit weird,
even as Node.js packages go.
--
Tollef Fog Hee
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Sun, 13 Nov 2016 20:15:00 +0100
Source: norwegian
Binary: inorwegian wnorwegian aspell-no myspell-nb myspell-nn
Architecture: source all amd64
Version: 2.2-2
Distribution: unstable
Urgency: medium
Maintainer: Tollef Fog Heen <
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Sun, 13 Nov 2016 13:24:24 +0100
Source: mlocate
Binary: mlocate
Architecture: source amd64
Version: 0.26-2
Distribution: unstable
Urgency: medium
Maintainer: Tollef Fog Heen <tfh...@debian.org>
Changed-By: Tollef Fog Hee
sounds like you have had very different interactions with the release
team than I have. In my experience, they're doing a difficult job, and
doing it well, trying to accomodate everybody while still making
progress towards releasing.
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
professionnally and would like to package and maintain
> Falco in Debian.
Yay, great to see this packaged! I've wanted to poke at it for a while,
but ENOTIME so far.
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
Fastly to see if we
can get a process to get this improved, but this should be rare(r) for
legacy IP.
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
response header seems to be important, given that it
> is sent twice, but apart from that…
Not really, it's just that it passes through multiple caches on the way.
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Wed, 26 Oct 2016 21:54:36 +0200
Source: norwegian
Binary: inorwegian wnorwegian aspell-no myspell-nb myspell-nn
Architecture: source all amd64
Version: 2.2-1
Distribution: unstable
Urgency: medium
Maintainer: Tollef Fog Heen <
in the past)
> and on to considering the apt https transport and thoughts on how this
> could become part of the base install.
Note that the performance of HTTPS there is worse than for HTTP due to a
lack of SRV support in apt-transport-https, though, which means it falls
back to doing HTTP re
en getting the SRV record won't help much, you want to know what IP it
resolved to and what headers you got from the backend to uniquely
identify problems with a single POP or machine in a POP.
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
s just done declaratively and then we
could scan the archive. If we have a manually-maintained list, it will
get out of sync with reality pretty quickly.
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
]] Ian Jackson
> Tollef Fog Heen writes ("Re: Bug#820036: No bug mentioning a Debian KEK and
> booting use it."):
>
> > So far, I don't believe there are any.
>
> this is rather discouraging, at least for those who think this signed
> image
can look at this. So far, I don't believe there are any.
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
]] Ian Campbell
> Have we gotten to the point where we consider deb.d.o suitable for
> production use? The web page still says Experimental (so I would assume
> "not production yet")
As of this morning, the bit about experimental was removed from the web
page.
--
Tollef Fo
erybody has the same set of
problems. At the same time, if we can design a solution that works well
for everybody, that's of course preferable.
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
No. However, it requires more
thought and design than just slapping a few letsencrypt certs onto
some hosts.
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
dfront deployed, which is, frankly, a more realistic proposition
than jury-rigging something on the per-country mirrors.
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
read "feel like excuses."
>
> Not ashamed, just bad ;-).
So you're flat-out saying that you're intentionally behaving like a
dick.
Go away and don't come back until your behaviour's changed. People
trolling and behaving like dicks are not welcome in Debian.
--
Tollef Fog Hee
n try to find the information/answer the
questions). In the former case, was there something wrong with the bug
report? Did it even reach a human? Did they just not care? It's hard
to know, and it's completely inactionable (unactionable?) from the
submitter's point of view.
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
waste of CPU cycles is the least of the problems dependencies try to
fix. Incorrect operation is a much more interesting one.
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
ntil it's packaged, I think it's pretty irrelevant to our discussions
here.
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
llings.
If you don't want to detract from your message, don't add intentional
speed bumps to it.
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
]] Wookey
> On 2016-07-23 18:58 +0200, Tollef Fog Heen wrote:
> > ]] Geert Stappers
> >
> > > FWIW I agree with both '"main package "should have documentation'
> > > and 'additional documentation in separate doc package'.
> >
> > I
1 - 100 of 1665 matches
Mail list logo