we'd need is a nagios check that tells us for a given host
whether its (security) mirror is current.
Stop by in #debian-admin on OFTC if you want to help.
Cheers,
--
| .''`. ** Debian **
Peter Palfrader | : :' : The univers
s.debian.org/ (dsa-guest:*).
https://anonscm.debian.org/cgit/mirror/dsa-nagios.git/ has the nagios
config and checks.
--
| .''`. ** Debian **
Peter Palfrader | : :' : The universal
https://www.palfr
On Wed, 13 Apr 2016, Henrique de Moraes Holschuh wrote:
> On Wed, Apr 13, 2016, at 02:32, Peter Palfrader wrote:
> > There's also nothing inherently wrong with just having a single address
> > in an RRSet.
>
> It means a single point of failure for that region:
A de
[1]
https://anonscm.debian.org/cgit/mirror/dsa-mini-nag.git/tree/
also see
https://anonscm.debian.org/cgit/mirror/dsa-auto-dns.git/tree/
--
| .''`. ** Debian **
Peter Palfrader | : :' : The universal
https://www.palfrader.org/ |
ning your issues (e.g., lack of IPv6
> connectivity)? Advising people to hard code security mirrors isn't the right
> solution.
There's also nothing inherently wrong with just having a single address
in an RRSet.
--
| .''`. ** Debian *
No. We derotate mirrors regularly for maintenance work. We don't want
users to pick their security.d.o mirror.
--
| .''`. ** Debian **
Peter Palfrader | : :' : The universal
https://www.palfrader.org/ | `. `'
party security mirrors. In fact, we actively
discourage them. Don't use them.
--
| .''`. ** Debian **
Peter Palfrader | : :' : The universal
https://www.palfrader.org/ | `. `' Operating System
| `-https://www.debian.org/
may be
> causing other people issues as well - is anybody able to resolve
> this?
Thanks for the report. Fixed now, I think.
Cheers,
--
| .''`. ** Debian **
Peter Palfrader | : :' : The universal
https
. Mirrors, even if you trusted them, don't
use authenticated syncing protocols.
--
| .''`. ** Debian **
Peter Palfrader | : :' : The universal
http://www.palfrader.org/ | `. `' Operating System
s work.
--
| .''`. ** Debian **
Peter Palfrader | : :' : The universal
http://www.palfrader.org/ | `. `' Operating System
| `-http://www.debian.org/
--
To UNSUBSCRIBE, email to debian-security-requ...@lists.de
DSA-2075-1 update for xulrunner)
> through the security.debian.org infrastructure. The updates are
> currently not available. We hope to resolve that soon.
Looks like all is well now.
Cheers,
--
| .''`. ** Debian GNU/Linux **
Peter P
every weird
combination out there, but it seems to do a pretty good job of helping
us not forget to reboot systems.
I'm sure the interested parties can butcher it for parts if they don't
want all it does (i.e. maybe not everyone wants the get_avail magic).
Cheers,
weasel
--
hin an xterm?
Not amused,
Peter
--
| .''`. ** Debian GNU/Linux **
Peter Palfrader | : :' : The universal
http://www.palfrader.org/ | `. `' Operating System
| `-http://www.debian.org/
--
To UN
e but the root of any cert chains
you encounter.
--
| .''`. ** Debian GNU/Linux **
Peter Palfrader | : :' : The universal
http://www.palfrader.org/ | `. `' Operating System
| `-http://www.debian.org/
--
To UNSUBSCRIBE, email to debi
On Sun, 08 Jun 2008, Jim Popovitch wrote:
> I would think that neither of those cases immediately passes muster
> with concerned security minded folks. And, just because you are OK
> with it, it doesn't mean I have to be. ;-)
Clearly the people in charge are. Can we move on to relevant stuff no
On Mon, 05 May 2008, Peter Palfrader wrote:
> On Mon, 05 May 2008, Bernd Eckenfels wrote:
>
> > In article <[EMAIL PROTECTED]> you wrote:
> > > Apropos. Is there a way to get that information from a vmlinuz file on
> > > disk? Without booting it, tha
On Mon, 05 May 2008, Bernd Eckenfels wrote:
> In article <[EMAIL PROTECTED]> you wrote:
> > Apropos. Is there a way to get that information from a vmlinuz file on
> > disk? Without booting it, that is.
>
> Interesting enough my (somewhat older) file command does only print "x86
> boot sector",
On Mon, 05 May 2008, Bernd Eckenfels wrote:
> In article <[EMAIL PROTECTED]> you wrote:
> > Apropos. Is there a way to get that information from a vmlinuz file on
> > disk? Without booting it, that is.
>
> Interesting enough my (somewhat older) file command does only print "x86
> boot sector",
On Sat, 03 May 2008, Dominic Hargreaves wrote:
> cat /proc/version
>
> will give you the full version of the booted kernel.
Apropos. Is there a way to get that information from a vmlinuz file on
disk? Without booting it, that is.
Peter
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a s
On Thu, 24 Nov 2005, Patrick wrote:
> I have an server running sshd on Sarge. I want all users to be able to
> access the computer from within the internal network - but restrict
> access from the internet (to users in a particular group). Can this be
> achieved by combining the /etc/hosts.allow o
On Tue, 11 Oct 2005, Benjamin Maerte wrote:
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact
> [EMAIL PROTECTED]
>
Learn to read the mails you're replying to, will you?
Peter
--
Gurer fubhyq or fbzr fbeg bs vagryyvtrapr grfg orsber lbh'er
On Mon, 19 Sep 2005, Florian Weimer wrote:
> > Is there a reason not to simply read the "Precedence: list" header
> > and simply not respond at all ?
>
> "Precedence: list" is non-standard. Technically speaking,
> RFC-compliant software should not use it. 8-/
That's not quite correct, software
On Wed, 03 Dec 2003, Russell Coker wrote:
> On Wed, 3 Dec 2003 00:56, Peter Palfrader <[EMAIL PROTECTED]> wrote:
> > > I've attached a modified version, please check it out. I've changed some
> > > of the things to do it in the recommended manner (eg the
&
On Wed, 03 Dec 2003, Russell Coker wrote:
> On Wed, 3 Dec 2003 00:56, Peter Palfrader <[EMAIL PROTECTED]> wrote:
> > > I've attached a modified version, please check it out. I've changed some
> > > of the things to do it in the recommended manner (eg the
&
On Tue, 02 Dec 2003, Russell Coker wrote:
> On Tue, 2 Dec 2003 18:32, Peter Palfrader <[EMAIL PROTECTED]> wrote:
> > > There is currently no uucp policy (it seems that no SE Linux users are
> > > using it).
> >
> > I have one, but it does only allow what
On Tue, 02 Dec 2003, Russell Coker wrote:
> On Tue, 2 Dec 2003 18:32, Peter Palfrader <[EMAIL PROTECTED]> wrote:
> > > There is currently no uucp policy (it seems that no SE Linux users are
> > > using it).
> >
> > I have one, but it does only allow what
/Linux **
messages preferred.| : :' : The universal
| `. `' Operating System
http://www.palfrader.org/ | `-http://www.debian.org/
#DESC UUCP - Unix to Unix Copy Program
#
# Author: Peter Palfrader <[EMAIL PROTECTED]>
#
# TODO: the d
/Linux **
messages preferred.| : :' : The universal
| `. `' Operating System
http://www.palfrader.org/ | `-http://www.debian.org/
#DESC UUCP - Unix to Unix Copy Program
#
# Author: Peter Palfrader <[EMAIL PROTECTED]>
#
# TODO: the d
Hi Christian!
On Wed, 27 Dec 2000, Christian Kurz wrote:
> > You probably misconfigured your mutt.
>
> No, I mixed up Mail-Followup-To and Mail-Copies-To. Now this mail has
> the correct "Mail-Copies-To: never", which means that I don't want any
> copies of the answers.
Your mail followup2 head
Hi Christian!
On Wed, 27 Dec 2000, Christian Kurz wrote:
> On 00-12-27 David Wright wrote:
> > Quoting Christian Kurz ([EMAIL PROTECTED]):
> > > [ Stop sending me unnecessary Ccs.]
> > | Date: Tue, 26 Dec 2000 16:02:30 +0100
> > | From: Christian Kurz <[EMAIL PROTECTED]>
> > | To: debian-secu
Hi Christian!
On Wed, 27 Dec 2000, Christian Kurz wrote:
> > You probably misconfigured your mutt.
>
> No, I mixed up Mail-Followup-To and Mail-Copies-To. Now this mail has
> the correct "Mail-Copies-To: never", which means that I don't want any
> copies of the answers.
Your mail followup2 hea
Hi Christian!
On Wed, 27 Dec 2000, Christian Kurz wrote:
> On 00-12-27 David Wright wrote:
> > Quoting Christian Kurz ([EMAIL PROTECTED]):
> > > [ Stop sending me unnecessary Ccs.]
> > | Date: Tue, 26 Dec 2000 16:02:30 +0100
> > | From: Christian Kurz <[EMAIL PROTECTED]>
> > | To: [EMAIL PRO
Hi Michael!
On Fri, 03 Nov 2000, Michael Meskes wrote:
> On Thu, Nov 02, 2000 at 01:17:21PM +0100, Peter Palfrader wrote:
> > It is. For a (not so) small set of hosts. Assuming your box is 62.1.2.3 you
> > will be an open relay for the entire _class_A_ net 62.
>
> Unfor
Hi Michael!
On Fri, 03 Nov 2000, Michael Meskes wrote:
> On Thu, Nov 02, 2000 at 01:17:21PM +0100, Peter Palfrader wrote:
> > It is. For a (not so) small set of hosts. Assuming your box is 62.1.2.3 you
> > will be an open relay for the entire _class_A_ net 62.
>
> Unfor
Hi Ethan!
On Thu, 02 Nov 2000, Ethan Benson wrote:
> > If you do not set mynetworks postfix guesses it from the interfaces and
> > allows
> > all hosts on the classful subnets of those interfaces to relay through you.
>
> ah! i see didn't think of that one... so you need to specify
> mynetworks
Hi!
On Thu, 02 Nov 2000, Borut Mrak wrote:
> On Thu, Nov 02, 2000 at 02:24:36AM -0900, Ethan Benson wrote:
> > so my question now is postfix a open relay by default or not?
>
> No.
It is. For a (not so) small set of hosts. Assuming your box is 62.1.2.3 you
will be an open relay for the entir
Hi Ethan!
On Thu, 02 Nov 2000, Ethan Benson wrote:
> > If you do not set mynetworks postfix guesses it from the interfaces and allows
> > all hosts on the classful subnets of those interfaces to relay through you.
>
> ah! i see didn't think of that one... so you need to specify
> mynetworks wit
Hi!
On Thu, 02 Nov 2000, Borut Mrak wrote:
> On Thu, Nov 02, 2000 at 02:24:36AM -0900, Ethan Benson wrote:
> > so my question now is postfix a open relay by default or not?
>
> No.
It is. For a (not so) small set of hosts. Assuming your box is 62.1.2.3 you
will be an open relay for the enti
Hi David!
On Tue, 26 Sep 2000, David Wright wrote:
> Quoting Simon Huggins ([EMAIL PROTECTED]):
>
> > There used to be an annoying dependency that stopped portmap being
> > removed at all. I think this has gone now (*removes portmap*) yep, but
> > the policy of Debian IMHO wrt open ports/daemon
Hi David!
On Tue, 26 Sep 2000, David Wright wrote:
> Quoting Simon Huggins ([EMAIL PROTECTED]):
>
> > There used to be an annoying dependency that stopped portmap being
> > removed at all. I think this has gone now (*removes portmap*) yep, but
> > the policy of Debian IMHO wrt open ports/daemo
Hi Alexander!
On Mon, 25 Sep 2000, Alexander Hvostov wrote:
> Mo,
>
> Red Hat security is always lousy ;)
>
> Unlike Red Hat, Debian gets security bugs and such fixed in a timely
> manner, especially if you are using the current `unstable' distribution
> (which is presently `woody'); `at' shoul
Hi Alexander!
On Mon, 25 Sep 2000, Alexander Hvostov wrote:
> Mo,
>
> Red Hat security is always lousy ;)
>
> Unlike Red Hat, Debian gets security bugs and such fixed in a timely
> manner, especially if you are using the current `unstable' distribution
> (which is presently `woody'); `at' shou
Hi Carlos, Hi List!
On Tue, 19 Sep 2000, Carlos Carvalho wrote:
> Lots of people are replying about the advantages/disadvantages of
> using ssh **OR** otp. I fully agree; in fact I installed both here.
>
> What I said is that it's nonsense to use ssh **AND** otp at the same
> time, for the same
Hi Carlos, Hi List!
On Tue, 19 Sep 2000, Carlos Carvalho wrote:
> Lots of people are replying about the advantages/disadvantages of
> using ssh **OR** otp. I fully agree; in fact I installed both here.
>
> What I said is that it's nonsense to use ssh **AND** otp at the same
> time, for the same
Hi,
I just set up libpam-opie and it works quite well from the console as
well as with ssh. Unfortunatly it does not show wich OTPasswd it expects
with ssh login but this is another story.
In order to get it working I had to change /etc/pam.d/ssh from:
| auth required pam_nologin.so
| a
Hi,
I just set up libpam-opie and it works quite well from the console as
well as with ssh. Unfortunatly it does not show wich OTPasswd it expects
with ssh login but this is another story.
In order to get it working I had to change /etc/pam.d/ssh from:
| auth required pam_nologin.so
|
Hi Steve!
On Mon, 11 Sep 2000, Steve wrote:
> # losetup -e serpent /dev/loop0 cryptfile
> Unsupported encryption type serpent
>
> My feeling is that the versions of the binaries for util-linux are not
> patched to handle crypto. However, I installed from the non-US disks
> (ala mirror.a
Hi Steve!
On Mon, 11 Sep 2000, Steve wrote:
> # losetup -e serpent /dev/loop0 cryptfile
> Unsupported encryption type serpent
>
> My feeling is that the versions of the binaries for util-linux are not
> patched to handle crypto. However, I installed from the non-US disks
> (ala mirror.
Hi Brian!
On Sun, 30 Apr 2000, Brian May wrote:
> >>>>> "Peter" == Peter Palfrader <[EMAIL PROTECTED]> writes:
> Peter> Pollywog, you really should not include signatures of other
> Peter> mails in replies :)
>
> but that mail was
Hi Ethan!
On Sat, 29 Apr 2000, Ethan Benson wrote:
> > mutt thinks:
> > > [-- PGP output follows (current time: Sun Apr 30 03:33:11 2000) --]
> > > gpg: Signature made Sun Apr 30 02:17:24 2000 CEST using DSA key ID
> > > 2C447AFC
> > > gpg: BAD signature from "Ethan R. Benson <[EMAIL PROTECTED]>
Hi Pollywog!
> mutt thinks:
> > [-- PGP output follows (current time: Sun Apr 30 03:33:11 2000) --]
> > gpg: Signature made Sun Apr 30 02:17:24 2000 CEST using DSA key ID 2C447AFC
> > gpg: BAD signature from "Ethan R. Benson <[EMAIL PROTECTED]>"
> > [-- End of PGP output --]
Argl. I really should
Hi Pollywog!
mutt thinks:
> [-- PGP output follows (current time: Sun Apr 30 03:33:11 2000) --]
> gpg: Signature made Sun Apr 30 02:17:24 2000 CEST using DSA key ID 2C447AFC
> gpg: BAD signature from "Ethan R. Benson <[EMAIL PROTECTED]>"
> [-- End of PGP output --]
What might be the reason?
On
Hi Pollywog!
On Sun, 30 Apr 2000, Pollywog wrote:
> Where does one get the extensions?
You'll find it at your local gpg mirror.
e.g:
http://gd.tuwien.ac.at/privacy/gnupg/contrib/
You want {idea,rsa{,ref}}.c
Don't forget to put
load-extension idea
load-extension rsa
into your ~/.gnupg/opti
Hi Jure!
On Tue, 02 May 2000, Jure Mercun wrote:
> I don't have a lot of experiences with
> PGP and GPG but it seems that PGP doesn't
> recognize GPG's keys and vice versa. Is
> there some way, to make a key that would
> work on both?
GPG cannot handle RSA keys (pgp 2.6.x) out of the box. Instal
54 matches
Mail list logo