Hi,
Jonas Smedegaard (2022-04-19):
> In other words: Please let's take this is multiple steps, first being to
> distinguish non-free firmware from other non-free code, without deciding
> yet exactly how strongly we then allow that new section to be integrated
> with our "pure" parts.
I tend to
Package: wnpp
Severity: normal
X-Debbugs-Cc: debian-devel@lists.debian.org,
pkg-apparmor-t...@alioth-lists.debian.net
Control: affects -1 src:apparmor
Hi,
I request assistance with maintaining the apparmor package.
AppArmor has been enabled by default on the Linux ports of Debian
since Buster.
Package: wnpp
Severity: normal
X-Debbugs-Cc: debian-devel@lists.debian.org, da...@debian.org
Hi,
on behalf of its maintainer David Paleino, I request assistance about
the asciio package.
The package description is:
This gtk2-perl application allows you to draw ASCII diagrams in a
modern (but
Hi,
Dmitry Smirnov (2020-02-06):
> Now when we have a proper package for a while what excuse do you
> have to continue to use vendor binaries that could not be accepted
> to Debian?
I'd love if you would use wording less morally/emotionally loaded than
"excuse" here: for me at least, "excuse" is
to actually use what
> they produce.
FYI, a UX designer using themselves the product they've designed is
only one tool in the UX toolbox for validating such work, and by far
not the best.
This being said, I'm glad you care about the appearance and user
experience of the Debian desktop :)
Cheers,
--
intrigeri
Adrian Bunk:
> Outreachy is a complete failure.[1]
> […]
> [1] If anyone has data to prove that I am wrong, please let me to know.
I only have one single data point: the only person I've been an
Outreachy mentor for is now an active, uploading DD.
Cheers,
--
intrigeri
Paul Wise:
> There doesn't appear to be anything like devilspie in Debian for GNOME
> on Wayland.
The "Auto Move Windows" GNOME Shell extension (in the
gnome-shell-extensions package) provides parts of
devilspie's functionality.
Cheers,
--
intrigeri
eeds.
> Our solution here is AppArmour.
Sadly, AppArmor is not very well suited _for desktop apps_ at the
moment. Approaches based on sandboxing + portals seem to be a much
better design.
Cheers,
--
intrigeri
Hi,
a year ago, on August 4 2017, intrigeri wrote:
> tl;dr: I hereby propose we enable AppArmor by default in testing/sid,
> and decide one year later if we want to keep it this way in the
> Buster release.
Here are some data points relevant to this decision making process.
I think w
uld be discussed with the team.
I doubt the current team members have enough bandwidth to tackle
this big new task so quite some additional time/energy needs to be
injected into the team for this to work.
Cheers,
--
intrigeri
W. Martin Borgert:
> We have apparmor (maybe even by default!) to prevent network accesss
> of a music application,
Not quite yet: AppArmor network rules are not supported in Linux
mainline yet (#712451).
Cheers,
--
intrigeri
can definitely relate to that feeling and have been frustrated about
this for years. Thankfully things have changed drastically recently:
quite a few features have been upstreamed to Linux mainline in 4.13
and 4.14, and more is upcoming, so I'm now hopeful :)
Cheers,
--
intrigeri
usiastic
users willing to enforce SELinux today on their Debian testing/sid
desktop system and report how it goes.
Cheers,
--
intrigeri
led by default
in Buster we should reconsider this though. Regardless of bug
severity, I want to keep fixing these bugs. If you need help with
AppArmor-related issues, you can ensure they're on pkg-apparmor-team's
radar this way:
https://wiki.debian.org/AppArmor/Reportbug#Usertags
Cheers,
--
intrigeri
Hi,
Ben Caradoc-Davies:
> On 18/11/17 14:34, Ben Caradoc-Davies wrote:
>> On 18/11/17 04:27, intrigeri wrote:
>>> Thanks in advance, and sorry for any inconvenience it may cause (e.g.
>>> the AppArmor policy for Thunderbird has various issues in sid; all of
>>
e maintainer and I'd like to write an
> apparmor profile for one of the binaries in my package, where do
> I start".
Some of this doc has been written by Ulrike Uhlig a few years ago:
https://wiki.debian.org/AppArmor/Contribute#Ship_an_AppArmor_profile_in_.22your.22_package
Cheers,
--
intrigeri
Hi,
intrigeri:
> The next upload of the linux-image packages will "Recommends: apparmor".
Done ⇒ AppArmor is now enabled by default in sid.
Let the experiment begin!
Now is time to report and fix bugs. To make sure they are on the radar
of the AppArmor team, please apply the rel
finitely one of these complex cases so let's
keep an eye on it: if AppArmor is too disruptive there then we will
disable it by default for Thunderbird.
Cheers,
--
intrigeri
e definitely not the first one — and Ulrike has documented
where things are:
https://wiki.debian.org/AppArmor/Contribute/Upstream#Debian_.2F_Upstream_relationship
Cheers,
--
intrigeri
[…]
The next upload of the linux-image packages will "Recommends: apparmor".
Cheers,
--
intrigeri
Hi,
intrigeri:
> Chris Lamb:
>> So… in the spirit of taking (reversible!) risks, can you briefly outline
>> what's blocking us enabling this today? :)
> Thanks for asking!
> I've scheduled time on October 23-27 to:
We made good progress. Thanks a lot to V
ree more.
Thankfully we already have another, cheap solution to address the "how
to enable the AppArmor LSM in the kernel" problem :) So now I'd rather
focus on the other, remaining problem, i.e. "how to pull in the
AppArmor policy + userspace tools".
Cheers,
--
intrigeri
s a lot for your carefully worded and extremely well sourced
email! I've already learned quite a few interesting things.
> intrigeri wrote:
>> Why AppArmor and not SELinux?
>> -
>>
>> SELinux is another LSM that tackles similar problems.
[...]
Hi,
intrigeri:
> tl;dr: I hereby propose we enable AppArmor by default in testing/sid,
> and decide one year later if we want to keep it this way in the
> Buster release.
Thanks a lot to everyone who participated on this thread, tried
AppArmor and reported bugs, or expressed support
Hi,
John Johansen:
> On 09/09/2017 12:49 PM, intrigeri wrote:
>> John Johansen:
>> Christian Seiler put it clearly (quoted above) but here's a more
>> practical example: say 1. D-Bus mediation lands in Linux
>> 4.15 (totally made up, but this would be nice!); 2. I
one that would benefit the most
from being shipped in src:totem, provided a good workflow is set up
so users, Totem maintainers and AppArmor people are all happy.
Cheers,
--
intrigeri
should be for the LSM enabled
by default in Debian IMO. In at least one case we realized only after
I had fixed the bug and submitted a fix upstream that their own, local
workaround was identical to my own fix, which I find enlightening wrt.
the AppArmor learning curve.
Cheers,
--
intrigeri
by humans.
> If we don't see a radical improvement soon, I'll
> simply disable building live images altogether to remove the false
> promises they're making.
This sounds entirely reasonable. I'm all for our Debian heroes &
martyrs going on strike, and for not hiding problems! Take care, and
thanks for making this move :)
Cheers,
--
intrigeri
Hi John et al,
John Johansen:
> On 08/09/2017 02:31 PM, intrigeri wrote:
>> Moritz Mühlenhoff:
>>> Christian Seiler schrieb:
>>>> Another thing to consider: if a profile is too restrictive, but the
>>>> part that is too restrictive isn't in the up
Hi,
Christian Seiler:
> On 08/09/2017 10:33 PM, intrigeri wrote:
>>> Or, conversely, is there a possibility to add a flag to the AppArmor
>>> profile to say "fail to load it if something is not understood"? In
>>> that case all profiles shipp
Raphael Hertzog:
> https://debian-handbook.info/browse/stable/sect.apparmor.html
Thanks, added to https://wiki.debian.org/AppArmor#External_links :)
Cheers,
--
intrigeri
re set being used to
something else than the version of the running kernel, e.g.
with a file shipped in a new package built from src:linux with
appropriate versioned dependencies.
> Also, I'm wondering about the status of kernel support which is
> currently not upstreamed: intrigeri men
Christian Seiler:
> On 08/06/2017 05:32 PM, intrigeri wrote:
>> Rules that are not supported by the running kernel are silently
>> ignored, i.e. the operation is allowed.
> Is there at least a warning during the load of the profile?
There used to be a warning, but it w
pArmor logs, and apparmor-notify won't change that.)
Cheers,
--
intrigeri
ins why only one
systemd unit installed on my system bothers doing so.
* To limit read access, AFAIK with systemd one can only list
forbidden places and everything else is allowed by default.
No wonder InaccessiblePaths= is not used by any unit installed
on my system.
Cheers,
--
intrigeri
way:
* the same profile can be shared between distros, regardless of
whether they apply not-upstreamed-yet AppArmor kernel patches;
* once new AppArmor features land in Linux mainline, we automatically
benefit from stronger confinement that's already implemented in our
AppArmor policy.
Cheers,
--
intrigeri
Dr. Bas Wijnen:
> Enabling it by default doesn't mean it can't be switched off, right?
Yes, passing apparmor=0 on the kernel command line will turn it off.
Cheers,
--
intrigeri
ount & integrated, and helped me
change my mind here and there: Christian Boltz, gregoa, Guido Günther,
Jamie Strandboge, John Johansen, Sebastien Delafond, Simon McVittie
and Solveig! Sorry to those I forgot. I shamelessly stole bits of text
they wrote. I absolutely do *not* imply they endorse this proposal.
Thanks a lot to my pkg-apparmor team-mates, to Kees Cook who
introduced AppArmor in Debian in the first place, and to all AppArmor
contributors upstream and in other distros :)
Cheers,
--
intrigeri
Package: wnpp
Owner: intrigeri
Severity: wishlist
X-Debbugs-CC: debian-devel@lists.debian.org, debian-p...@lists.debian.org
* Package name: libgtk3-simplelist-perl
Version : 0.15
Upstream Author : Thierry Vignaud
* URL : https://metacpan.org/release/Gtk3-SimpleList
iles, that live in the upstream PuppetDB Git repository,
and are distributed in PuppetDB upstream tarballs.
Also, see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=673515#38
for a potential problem wrt. versioning of PuppetDB vs.
puppetdb-termini.
Cheers,
--
intrigeri
IW, https://labs.riseup.net/code/issues/7950 has some pointers that
might save a little bit of time to anyone willing to look closer.
Cheers,
--
intrigeri
d then, the debate we
should have is about the reasoning itself; its possible resemblance
with Microsoft's sayings feels completely off-topic to me.
Cheers,
--
intrigeri
Package: wnpp
Owner: intrigeri
Severity: wishlist
X-Debbugs-CC: debian-devel@lists.debian.org, debian-p...@lists.debian.org
* Package name: libdist-zilla-plugin-test-eol-perl
Version : 0.18
Upstream Author : Florian Ragwitz , Caleb Cushing
, Karen Etheridge
* URL
Package: wnpp
Owner: intrigeri
Severity: wishlist
X-Debbugs-CC: debian-devel@lists.debian.org,debian-p...@lists.debian.org
* Package name: libmemory-usage-perl
Version : 0.201
Upstream Author : Dave O'Neill
* URL : https://metacpan.org/release/Memory-Usage
* Li
ided to accept
Bitcoins, and explained why:
https://www.eff.org/deeplinks/2013/05/eff-will-accept-bitcoins-support-digital-liberty
Cheers,
--
intrigeri
--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.d
X32 / X60 / X61 class.
FWIW, I share Ben's good experience in KVM guests.
Cheers,
--
intrigeri
--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/8538cp14ct@boum.org
(with his Kali hat) in this proposal. With my Tails hat, I do concur.
Cheers,
--
intrigeri
--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/85a974lmz7@boum.org
from Debian experimental.
Cheers,
--
intrigeri
--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/85a982euwy@boum.org
m, so
no wonder it hasn't taken off yet. Help is welcome:
https://wiki.debian.org/AppArmor/Contribute
If interested in more background information:
https://lists.debian.org/debian-security/2014/01/msg8.html
Cheers,
--
intrigeri
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrige
Package: wnpp
Owner: intrigeri
Severity: wishlist
X-Debbugs-CC: debian-devel@lists.debian.org,debian-p...@lists.debian.org
* Package name: libdist-zilla-plugin-localemsgfmt-perl
Version : 1.203
Upstream Author : Patrick Donelan
* URL : https://metacpan.org/release
et/view/chroot-installation/
.. configured in this Git repository:
http://anonscm.debian.org/gitweb/?p=users/holger/jenkins.debian.net.git;a=summary
Cheers,
--
intrigeri
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir
Hi,
we have documented how one can improve Tails by working on Debian:
https://tails.boum.org/contribute/how/debian/
I'm posting this here in the hope it may be useful for other
derivatives, for Debian, and for Tails. Feedback is welcome.
Cheers,
--
intrigeri
| GnuPG key @
sion is archived there.
Cheers,
--
intrigeri
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc
--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscri
Hi,
FYI there's an ongoing discussion on the debian-security list
about this.
Cheers,
--
intrigeri
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc
--
To UNSUBSCRIBE, email to debian-
(I've no
idea which one it is in GNOME flashback 3.8, sorry) -- and many thanks
for maintaining the flashback session!
Cheers,
--
intrigeri
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc
-
Package: wnpp
Owner: intrigeri
Severity: wishlist
X-Debbugs-CC: debian-devel@lists.debian.org,debian-p...@lists.debian.org
* Package name: libtypes-path-tiny-perl
Version : 0.005
Upstream Author : David Golden
* URL : https://metacpan.org/release/Types-Path-Tiny
Package: wnpp
Owner: intrigeri
Severity: wishlist
X-Debbugs-CC: debian-devel@lists.debian.org,debian-p...@lists.debian.org
* Package name: libmoox-late-perl
Version : 0.014
Upstream Author : Toby Inkster
* URL : https://metacpan.org/release/MooX-late
* License
plemented in a newer upstream version and will
wonder why it's not in testing yet, or they'll suffer from some other
bug and will have a look at the PTS.
In all of this cases, "$PACKAGE is not in testing anymore" is likely
to be a stronger "help is needed" signal for them
Package: wnpp
Owner: intrigeri
Severity: wishlist
X-Debbugs-CC: debian-devel@lists.debian.org,debian-p...@lists.debian.org
* Package name: libdist-zilla-plugin-test-notabs-perl
Version : 0.04
Upstream Author : Florian Ragwitz
* URL : https://metacpan.org/release/Dist
Package: wnpp
Owner: intrigeri
Severity: wishlist
X-Debbugs-CC: debian-devel@lists.debian.org,debian-p...@lists.debian.org
* Package name: libdist-zilla-plugin-test-perl-critic-perl
Version : 2.112410
Upstream Author : Jerome Quelin
* URL :
https://metacpan.org
Package: wnpp
Owner: intrigeri
Severity: wishlist
X-Debbugs-CC: debian-devel@lists.debian.org,debian-p...@lists.debian.org
* Package name: libdist-zilla-plugin-installguide-perl
Version : 1.21
Upstream Author : Marcel Grünauer , Mike Doherty
* URL : https
bian Live
systems, too.
In any case, thanks for considering switching to ESR!
Cheers,
--
intrigeri
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc
--
To UNSUBSCRIBE, email to debian-d
FWIW, the GNOME archive manager (file-roller) knows how to use unar
since 3.6, which is in experimental. The version in Wheezy does not
(but knows how to use at least the non-free unrar).
Cheers,
--
intrigeri
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
|
Arno Töll wrote (12 Dec 2012 13:19:14 GMT) :
> How is this better/different to incron(d) [1]?
We also have inoticoming to deal with the simplest case.
--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
A
Hi,
Ben Hutchings wrote (04 Aug 2012 17:28:19 GMT) :
> This is expected in the absence of 3D acceleration, which is not yet
> supported in qemu so far as I know.
With a virtual QXL video adapter in the guest,
xserver-xorg-video-qxl installed in the guest,
and a Spice -enabled virtualization envir
Package: wnpp
Owner: intrigeri
Severity: wishlist
X-Debbugs-CC: debian-devel@lists.debian.org,debian-p...@lists.debian.org
* Package name: libarchive-tar-wrapper-perl
Version : 0.16
Upstream Author : Mike Schilli
* URL : http://search.cpan.org/dist/Archive-Tar
Hi,
Anton Zinoviev wrote (12 May 2012 12:04:31 GMT) :
> Yves-Alexis Perez wrote on debian-devel:
>>
>> What do you mean with “this doesn't work in Debian”? Some people do use
>> encrypted root and they do have a working console asking for the
>> passphrase.
> As far as I know currently the conso
Package: wnpp
Owner: intrigeri
Severity: wishlist
X-Debbugs-CC: debian-devel@lists.debian.org,debian-p...@lists.debian.org
* Package name: libfindbin-libs-perl
Version : 1.64
Upstream Author : Steven Lembark http://search.cpan.org/dist/FindBin-libs/
* License : Artistic
Package: wnpp
Owner: intrigeri
Severity: wishlist
X-Debbugs-CC: debian-devel@lists.debian.org,debian-p...@lists.debian.org
* Package name: libtest-bdd-cucumber-perl
Version : 0.07
Upstream Author : ['Peter Sergeant ']
* URL : http://search.cpan.org/dis
Package: wnpp
Owner: intrigeri
Severity: wishlist
X-Debbugs-CC: debian-devel@lists.debian.org,debian-p...@lists.debian.org
* Package name: libcairo-gobject-perl
Version : 1.001-1
Upstream Author : Torsten Schoenfeld
* URL : http://search.cpan.org/dist/Cairo-GObject
pdfimposer is a Python module to achieve some basic imposition on PDF
documents, especially designed to work on booklets.
.
BookletImposer is a commandline and GTK+ interface to pdfimposer.
.
The bookletimposer package ships both.
Cheers,
--
intrigeri
--
To UNSUBSCRIBE, email to debian-devel
?
Bye,
--
intrigeri
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc
| Do not be trapped by the need to achieve anything.
| This way, you achieve everything.
--
To UNSUBSCRIBE, email to debian-deve
Package: wnpp
Owner: intrigeri+deb...@boum.org
Severity: wishlist
* Package name: mat
Version : 0.1
Upstream Author : Julien Voisin
* URL or Web page : https://gitweb.torproject.org/user/jvoisin/mat.git
* License : GPL-2
Description : Metadata anonymising toolkit
Package: wnpp
Owner: intrigeri+deb...@boum.org
Severity: wishlist
* Package name: nautilus-wipe
Version : 0.1
Upstream Author : Colomban Wendling
* URL or Web page : http://wipetools.tuxfamily.org/nautilus-wipe.html
* License : GPL-3+
Description : Secure deletion
Package: wnpp
Owner: intrigeri+deb...@boum.org
Severity: wishlist
* Package name: libgsecuredelete
Version : 0.1
Upstream Author : Colomban Wendling
* URL or Web page : http://wipetools.tuxfamily.org/libgsecuredelete.html
* License : GPL-3+
Description : wrapper
Package: wnpp
Owner: intrigeri+deb...@boum.org
Severity: wishlist
* Package name: parcimonie
Version : 0.5.1
Upstream Author : intrigeri
* URL or Web page : https://gaffer.ptitcanardnoir.org/intrigeri/code/parcimonie/
* License : Artistic or GPL-1+
Description
Package: wnpp
Owner: intrigeri+deb...@boum.org
Severity: wishlist
* Package name: onioncat
Version : 0.2.2
Upstream Author : Bernhard R. Fischer
* URL or Web page : http://www.cypherpunk.at/onioncat/
* License : GPL-3
Description : IP-Transparent Tor Hidden Service
of Perl 5 you may have available.
Description : NetAddr::IP related types and coercions library for Moose
No open bug in RT, code is sane, almost perfect CPAN Testers reports.
Every dependency is in Debian already.
Bye,
--
intrigeri
--
To UNSUBSCRIBE, email to debian-devel-requ
type library for Moose
Almost perfect CPAN Testers reports, no open bug in RT, code is sane.
Copyright and license information seems clear enough to me in the source.
Bye,
--
intrigeri
--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe"
-license the code to a DFSG compliant license if anyone is
interested in maintaining this extension as a Debian package.
Bye,
--
intrigeri
--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.o
80 matches
Mail list logo