* Thomas Bushnell BSG ([EMAIL PROTECTED]) wrote:
Stephen Frost [EMAIL PROTECTED] writes:
Leaving around unused accounts is plainly wrong too, and also a
potential security risk.
Can you outline the risk please?
Sure. Locking accounts isn't necessairly perfect. Checking that an
* Thomas Bushnell BSG ([EMAIL PROTECTED]) wrote:
We aren't talking about log files created by the package, but by the
sysadmin.
What if the sysadmin has taken the sensitive log and squirreled it
away, saving it for future reference? Is that no longer a supported
thing?
One would hope
On Wed, Oct 26, 2005 at 06:29:57PM +0200, Andreas Barth wrote:
Problem being, if daemons don't remove their (supposedly exclusive-use)
accounts, you can end in two years with 100 unnecessary accounts in a
workstation.
How many daemon packages do you install in two years? I even doubt that
This one time, at band camp, Javier Fernández-Sanguino Peña said:
On Wed, Oct 26, 2005 at 08:18:42AM +0200, Marc Haber wrote:
On Tue, 25 Oct 2005 22:21:18 +0200, Javier Fernández-Sanguino Peña
[EMAIL PROTECTED] wrote:
Creating system users needs to cope with the fact that users might
have
Stephen Frost [EMAIL PROTECTED] writes:
* Thomas Bushnell BSG ([EMAIL PROTECTED]) wrote:
Stephen Frost [EMAIL PROTECTED] writes:
Leaving around unused accounts is plainly wrong too, and also a
potential security risk.
Can you outline the risk please?
Sure. Locking accounts isn't
This one time, at band camp, Thomas Bushnell BSG said:
Stephen Frost [EMAIL PROTECTED] writes:
* Thomas Bushnell BSG ([EMAIL PROTECTED]) wrote:
Stephen Frost [EMAIL PROTECTED] writes:
Leaving around unused accounts is plainly wrong too, and also a
potential security risk.
Stephen Gran [EMAIL PROTECTED] writes:
Many authentiaction systems do not use pam or shadow authentication.
That's the point of the counter argument.
So how does removing the line from the password file suddenly change
things?
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject
On Wed, Oct 26, 2005 at 08:18:42AM +0200, Marc Haber wrote:
On Tue, 25 Oct 2005 22:21:18 +0200, Javier Fernández-Sanguino Peña
[EMAIL PROTECTED] wrote:
Creating system users needs to cope with the fact that users might
have greated them before hand.
adduser copes with that. If a system user
This one time, at band camp, Thomas Bushnell BSG said:
Stephen Gran [EMAIL PROTECTED] writes:
Many authentiaction systems do not use pam or shadow authentication.
That's the point of the counter argument.
So how does removing the line from the password file suddenly change
things?
Javier == Javier Fernández-Sanguino Peña [EMAIL PROTECTED] writes:
Thus, in most cases, a single call to adduser is all that's
needed to create a system user in postinst.
Javier I have yet to see a package that just calls
Javier adduser. Some remove the user (and fail to
On Mon, 24 Oct 2005 16:13:18 +0200, Javier Fernández-Sanguino Peña
[EMAIL PROTECTED] wrote:
On Sun, Oct 23, 2005 at 11:32:45PM -0700, Steve Langasek wrote:
On Mon, Oct 24, 2005 at 08:13:12AM +0200, Marc Haber wrote:
If so, we need an adduser interface which properly handles LDAP and
NIS. This
On Mon, Oct 24, 2005 at 11:10:28PM +0200, Marc Haber wrote:
Which things would your dh_user do more than adduser does currently?
IMHO, a 'dh_user' would produce automatically the code I introduced in the
Developer's reference, so that maintainers just need to add:
dh_user $SERVER_USER
* Steve Langasek:
Frank Lichtenheld has already posted an announcement[4] detailing the
release team's plans for the question of non-DFSG documentation in main.
Just to clarify, is technical documentation that is only available in
non-editable formats (e.g. Postscript files) or can only be
On Tue, 25 Oct 2005 12:52:40 +0200, Javier Fernández-Sanguino Peña
[EMAIL PROTECTED] wrote:
On Mon, Oct 24, 2005 at 11:10:28PM +0200, Marc Haber wrote:
Which things would your dh_user do more than adduser does currently?
IMHO, a 'dh_user' would produce automatically the code I introduced in the
On Tue, Oct 25, 2005 at 03:30:14PM +0200, Marc Haber wrote:
On Tue, 25 Oct 2005 12:52:40 +0200, Javier Fernández-Sanguino Peña
[EMAIL PROTECTED] wrote:
On Mon, Oct 24, 2005 at 11:10:28PM +0200, Marc Haber wrote:
Which things would your dh_user do more than adduser does currently?
IMHO, a
On Sat, 22 Oct 2005 10:23:24 +0200, Petter Reinholdtsen
[EMAIL PROTECTED] wrote:
[Steve Langasek]
This seems like an opportune time for someone to write a config
interface for /etc/pam.d/common-*, so that we have a generally
useful means of enabling other PAM modules as well.
Good idea. We
[Marc Haber]
If so, we need an adduser interface which properly handles LDAP and
NIS. This is something that our current adduser does not do, and the
corresponding bugs are open for many years.
Well, it would be nice to have, but is not really a requirement.
Those of us using LDAP and NIS are
On Mon, Oct 24, 2005 at 08:13:12AM +0200, Marc Haber wrote:
On Sat, 22 Oct 2005 10:23:24 +0200, Petter Reinholdtsen
[EMAIL PROTECTED] wrote:
[Steve Langasek]
This seems like an opportune time for someone to write a config
interface for /etc/pam.d/common-*, so that we have a generally
On Mon, 24 Oct 2005 08:22:44 +0200, Petter Reinholdtsen
[EMAIL PROTECTED] wrote:
[Marc Haber]
If so, we need an adduser interface which properly handles LDAP and
NIS. This is something that our current adduser does not do, and the
corresponding bugs are open for many years.
Well, it would be
On Mon, Oct 24, 2005 at 10:10:31AM +0200, Marc Haber wrote:
And where do system accounts generated by packages on installations go
to? adduser's interaction with LDAP and NIS is abysmally bad, and
nobody seems to care.
It is a very bad idea to add system accounts to LDAP/NIS automatically
On Sun, Oct 23, 2005 at 11:32:45PM -0700, Steve Langasek wrote:
On Mon, Oct 24, 2005 at 08:13:12AM +0200, Marc Haber wrote:
If so, we need an adduser interface which properly handles LDAP and
NIS. This is something that our current adduser does not do, and the
corresponding bugs are open
[Steve Langasek]
This seems like an opportune time for someone to write a config
interface for /etc/pam.d/common-*, so that we have a generally
useful means of enabling other PAM modules as well.
Good idea. We need a better way to enable LDAP and NIS authentication
then to tell every admin to
On Sat, Oct 22, 2005 at 10:23:24AM +0200, Petter Reinholdtsen wrote:
[Steve Langasek]
This seems like an opportune time for someone to write a config
interface for /etc/pam.d/common-*, so that we have a generally
useful means of enabling other PAM modules as well.
Good idea. We need a
(CC in case you don't follow -devel that closely given your current
situation, Manoj. Please accept my apologies in advance if you do...)
At this point, most of the major packages that have to be
modified to enable a bare SELinux Debian system are in place, with
coreutils being the
On Fri, 21 Oct 2005 07:05:29 +0200, Christian Perrier [EMAIL PROTECTED] said:
(CC in case you don't follow -devel that closely given your current
situation, Manoj. Please accept my apologies in advance if you
do...)
At this point, most of the major packages that have to be modified
to
Hi Christian!
Christian Perrier [2005-10-21 7:05 +0200]:
At this point, most of the major packages that have to be
modified to enable a bare SELinux Debian system are in place, with
coreutils being the last holdout.
Myself and other shadow package maintainers were wondering
Oh, that's not needed. SElinux uses PAM to mediate access to
the password (there is a SELinux PAM module now). So, people who want
to enable SELinux on their machine have to do something like so:
,[ Add SELinux capability to the system ]
| if ! grep pam_selinux.so
On Fri, Oct 21, 2005 at 06:09:21PM +0200, Christian Perrier wrote:
Oh, that's not needed. SElinux uses PAM to mediate access to
the password (there is a SELinux PAM module now). So, people who want
to enable SELinux on their machine have to do something like so:
,[ Add
On Fri, 14 Oct 2005 00:02:17 -0700, Steve Langasek [EMAIL PROTECTED] said:
Pet release goals
~
There are a number of other systematic improvements on the drawing
board for etch which we consider worthwhile even if we don't
consider them blockers. We would like as many of
Thomas Bushnell BSG [EMAIL PROTECTED] wrote:
Paul TBBle Hampson [EMAIL PROTECTED] writes:
Didn't there used to be a delayed queue for NMUs to go into so that the
maintainer has time to nix it if neccessary? ^_^
Sure, but at the moment, I only know one way to use dupload since the
upload
Thomas Bushnell BSG [EMAIL PROTECTED] wrote:
Olaf van der Spek [EMAIL PROTECTED] writes:
On 10/17/05, Thomas Bushnell BSG [EMAIL PROTECTED] wrote:
Simon Richter [EMAIL PROTECTED] writes:
That is why I ask that before an NMU, someone should show me the patch,
and if I reply I don't have
On Mon, Oct 17, 2005 at 02:56:57PM -0700, Thomas Bushnell BSG wrote:
Paul TBBle Hampson [EMAIL PROTECTED] writes:
Didn't there used to be a delayed queue for NMUs to go into so that the
maintainer has time to nix it if neccessary? ^_^
Sure, but at the moment, I only know one way to use
On Mon, Oct 17, 2005 at 10:33:04AM +0200, Simon Richter wrote:
Steve Langasek wrote:
It's easy to understand why people are opposed to too-frequent NMUs. They
don't want to be seen as bad maintainers for having too many NMUs on their
packages; they worry about new bugs being introduced in
On Tue, Oct 18, 2005 at 08:59:01AM +0100, Colin Watson wrote:
On Mon, Oct 17, 2005 at 02:56:57PM -0700, Thomas Bushnell BSG wrote:
Paul TBBle Hampson [EMAIL PROTECTED] writes:
Didn't there used to be a delayed queue for NMUs to go into so that the
maintainer has time to nix it if
On Tue, Oct 18, 2005 at 01:12:49PM +0200, Javier Fernández-Sanguino Peña wrote:
On Tue, Oct 18, 2005 at 08:59:01AM +0100, Colin Watson wrote:
On Mon, Oct 17, 2005 at 02:56:57PM -0700, Thomas Bushnell BSG wrote:
Paul TBBle Hampson [EMAIL PROTECTED] writes:
Didn't there used to be a
Em Ter, 2005-10-18 às 01:03 -0700, Steve Langasek escreveu:
I think a good balance would be something like:
What if all NMUs are delayed for N days, but if maintainer agrees the
NMU skips the delay...
daniel
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe.
Frank Küster [EMAIL PROTECTED] writes:
Can't the patch be posted to the BTS and NMUed after two days if
there's no response (in general)?
Yeah, but golly, sometimes there is no patch because the patch is
blindingly obvious.
No, no, no. Please not. There's always a patch, and if it's only
Hi,
Steve Langasek wrote:
It's easy to understand why people are opposed to too-frequent NMUs. They
don't want to be seen as bad maintainers for having too many NMUs on their
packages; they worry about new bugs being introduced in the process; they
worry about sloppy fixes hiding bugs and
Simon Richter [EMAIL PROTECTED] writes:
That is why I ask that before an NMU, someone should show me the patch,
and if I reply I don't have time right now, okay to NMU that if you
like then it's fine (and in fact it is going to be the answer you will
hear most from me ATM).
What if you
On 10/17/05, Thomas Bushnell BSG [EMAIL PROTECTED] wrote:
Simon Richter [EMAIL PROTECTED] writes:
That is why I ask that before an NMU, someone should show me the patch,
and if I reply I don't have time right now, okay to NMU that if you
like then it's fine (and in fact it is going to be
On Mon, Oct 17, 2005 at 07:27:14PM +0200, Olaf van der Spek wrote:
On 10/17/05, Thomas Bushnell BSG [EMAIL PROTECTED] wrote:
Simon Richter [EMAIL PROTECTED] writes:
That is why I ask that before an NMU, someone should show me the patch,
and if I reply I don't have time right now, okay to
Olaf van der Spek [EMAIL PROTECTED] writes:
On 10/17/05, Thomas Bushnell BSG [EMAIL PROTECTED] wrote:
Simon Richter [EMAIL PROTECTED] writes:
That is why I ask that before an NMU, someone should show me the patch,
and if I reply I don't have time right now, okay to NMU that if you
like
Paul TBBle Hampson [EMAIL PROTECTED] writes:
On Mon, Oct 17, 2005 at 07:27:14PM +0200, Olaf van der Spek wrote:
On 10/17/05, Thomas Bushnell BSG [EMAIL PROTECTED] wrote:
Simon Richter [EMAIL PROTECTED] writes:
That is why I ask that before an NMU, someone should show me the patch,
and if
[Let's please keep this discussion on debian-devel, as debian-release is not
a discussion list, and not exactly widely followed either]
On Sun, Oct 16, 2005 at 10:28:33AM +0200, Roland Stigge wrote:
Steve Langasek wrote:
NMU policy
~~
After lots of experimentation with NMU
So I guess that taking four months for the release team to comment on
the release of sarge makes the sarge release itself seem timely and
efficient... right? (Of course right.)
Since I already blogged a round of thanks[0] back in June which many of
you have likely already read, I don't intend to
I am no debian developer (At least I am not involved in debian uploads and
releases). I have just followed the discussion, and have nothing to lose,
because I am not part of the community anyway. But I have seen a lot of
wise things said on the mailing list, but not assembled in one text. So
801 - 846 of 846 matches
Mail list logo