On Thu, 2008-01-10 at 23:37 -0500, Noah Meyerhans wrote:
> On Thu, Jan 10, 2008 at 11:25:07PM -0500, Thomas Bushnell BSG wrote:
> > > Except that the security flaw is in the fileserver, which does not
> > > involve the kernel module at all and runs fine even witho
On Thu, 2008-01-10 at 17:30 -0500, Noah Meyerhans wrote:
> On Thu, Jan 10, 2008 at 05:29:18PM -0500, Thomas Bushnell BSG wrote:
> > This is not sufficient advice for how to upgrade. Merely installing a
> > new version of openafs-modules-source will not build it. Some form of
>
This is not sufficient advice for how to upgrade. Merely installing a
new version of openafs-modules-source will not build it. Some form of
m-a invocation as well will be necessary.
Thomas
On Thu, 2008-01-10 at 21:47 +0100, Noah Meyerhans wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA
This release was quite confusing, because it applies only to sarge, and
yet doesn't say so at all (except in the package names), and even says
that the new packages will "probably be moved into the stable
distribution" which is surely false.
Thomas
On Sat, 2007-06-16 at 04:57 -0600, dann frazier
Florian Weimer <[EMAIL PROTECTED]> writes:
> * Thomas Bushnell:
>
>> Florian Weimer <[EMAIL PROTECTED]> writes:
>>
>>> Suppose that the web browser always crashes when confronted with
>>> certain input, losing all of its state. With tabbed browsing,
>>> multiple browser opened by the same process
Dale Amon <[EMAIL PROTECTED]> writes:
> On Wed, Nov 23, 2005 at 11:10:25PM -0800, Thomas Bushnell BSG wrote:
>> It seems it does not save form entries (which was not mentioned
>> explicitly in Florian's post above), but it certainly does save the
>> tabs and multi
Marc Haber <[EMAIL PROTECTED]> writes:
> On Wed, Nov 23, 2005 at 10:53:46PM -0800, Thomas Bushnell BSG wrote:
>> Florian Weimer <[EMAIL PROTECTED]> writes:
>> > Suppose that the web browser always crashes when confronted with
>> > certain input, losing
Florian Weimer <[EMAIL PROTECTED]> writes:
> Suppose that the web browser always crashes when confronted with
> certain input, losing all of its state. With tabbed browsing,
> multiple browser opened by the same process etc., this means that
> potentially important work is lost.
In the case of g
Henrique de Moraes Holschuh <[EMAIL PROTECTED]> writes:
> Now, please explain to me why a changelog that has had detail added to past
> entries so that information that belongs to a given uploaded version IS in
> the entry for that version, is worse than one that lacks this information,
> OR has t
Joey Hess <[EMAIL PROTECTED]> writes:
> One thing that this bug illustrates pretty well that is quite annoying
> when trying to determine what version of a package actually fixed a
> security hole, is new upstream releases that are listed in the changelog
> as fixing a particular CVE, when the hol
Frans Pop <[EMAIL PROTECTED]> writes:
> On Thursday 27 October 2005 23:34, Henrique de Moraes Holschuh wrote:
>> To me it is a technical matter, as the changelogs are a tool for a
>> technical job.
>
> To me, changelogs are primarily a way of informing the user of changes in
> a package. Includin
Henrique de Moraes Holschuh <[EMAIL PROTECTED]> writes:
> When dealing with Debian matters of a technical nature, yes. When dealing
> with matters outside Debian, or of a non-technical nature, I may decide to
> not take such an instance. And frankly, as long as it is a rule of mine,
> applied to
Henrique de Moraes Holschuh <[EMAIL PROTECTED]> writes:
> Parse error: "... that one?" I am sorry, I am not sure I understood what
> you mean. IF I got it right, my reply is simple: I will not change my mind
> about a technical matter backed by technical reasons, because of the beliefs
> of someo
Henrique de Moraes Holschuh <[EMAIL PROTECTED]> writes:
> But at least we know that this subthread can end right here, right now. It
> is useless to discuss beliefs that exist without a technical backing, and I
> won't waste my time with it.
Do you have a technical backing for your view that it
Frans Pop <[EMAIL PROTECTED]> writes:
> On Thursday 04 August 2005 00:39, Thomas Bushnell BSG wrote:
>> Frans Pop <[EMAIL PROTECTED]> writes:
>> > On Thursday 04 August 2005 00:25, Thomas Bushnell BSG wrote:
>> >> What is wrong with volatile? It'
Frans Pop <[EMAIL PROTECTED]> writes:
> On Thursday 04 August 2005 00:25, Thomas Bushnell BSG wrote:
>> What is wrong with volatile? It's for exactly this case.
>
> No it is not. volatile-sloppy [1] may be (if that's implemented).
>
> [1] http://lists.deb
Mathieu JANIN <[EMAIL PROTECTED]> writes:
> I was thinking about a policy for managing packages built around "never
> patched" softwares like Moz/FireFox.
> Volatile and Security repositories do not fit for that, everybody agrees
> with that.
What is wrong with volatile? It's for exactly this ca
Adeodato Simó <[EMAIL PROTECTED]> writes:
> * Thomas Bushnell BSG [Tue, 02 Aug 2005 16:07:08 -0700]:
>
>> It would be very nice if Mozilla would publish to distributions like
>> ours a description of the security problem, and then a separate patch
>> for that speci
John Hardcastle <[EMAIL PROTECTED]> writes:
> I agree with David's suggestion to just put the latest releases from
> Mozilla into Debian Stable.
This is what volatile is for. Indeed, it was the very first and best
example of why we want volatile.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
Alexander Sack <[EMAIL PROTECTED]> writes:
> Matt Zimmerman wrote:
>>
>> I'm guessing that you're not going to volunteer on the manpower side, and I
>> don't think that it would be a good way to spend resources even if we had
>> them. You're welcome to attempt to convince the Mozilla project to
Willi Mann <[EMAIL PROTECTED]> writes:
> [Thomas, I'm not sure if you are on the debian-security list, so I'm CCing
> you]
>
>> Are you prepared to make sure all the packages that depend on mozilla
>> will have packages ready to enter at once?
>
> This would only be necessary in case of an API/AB
Noah Meyerhans <[EMAIL PROTECTED]> writes:
> On Mon, Aug 01, 2005 at 04:57:31PM -0700, Thomas Bushnell BSG wrote:
>> > IMHO, sloopy security support (by uploading new upstream versions) is
>> > better than no security support.
>>
>> Are you prepared to ma
Willi Mann <[EMAIL PROTECTED]> writes:
> IMHO, sloopy security support (by uploading new upstream versions) is
> better than no security support.
Are you prepared to make sure all the packages that depend on mozilla
will have packages ready to enter at once?
--
To UNSUBSCRIBE, email to [EMAIL
Declan Mullen <[EMAIL PROTECTED]> writes:
> I need to develop appropriate tripwire policy rules for the files and
> directories under "/var/" on Sarge. Being new to Debian, I would
> appreciate receiving any example policy rules/files that I could learn
> from, many thanks.
Um, it sounds as if yo
Florian Weimer <[EMAIL PROTECTED]> writes:
> * Ulrich FÃrst:
>
> > Bernd Eckenfels <[EMAIL PROTECTED]> wrote:
> >> This is a Unix FAQ. You can delete any file if you have write access
> >> to the directory. Actually you dont delete the file, you remove the
> >> "link" to the
> >
> > So if my /ho
Goswin von Brederlow <[EMAIL PROTECTED]> writes:
> The binary is needed because otherwise the -all packages would be
> missing and there would be no deb package in the archive holding the
> source in.
The first problem is solved by having one of the arch's autobuilders
also be responsible for the
martin f krafft <[EMAIL PROTECTED]> writes:
> > The logical conclusion from your arguments is that we should
> > actually remove the ssh package from Debian!
>
> How so?
If we shouldn't sign and check signatures because there are still ways
of subverting one's ssh binary, then we shouldn't even
martin f krafft <[EMAIL PROTECTED]> writes:
> > > I think, adding package signatures will actually make Debian less
> > > secure than it was before, although it's doubtful that the average
> > > user will notice or care.
> >
> > How can it make it less secure?
>
> It gives the users a false sens
Russell Coker <[EMAIL PROTECTED]> writes:
> Removing from active status seems appropriate to me.
But that's a totally different subject. If you want to remove Debian
developers from the list of developers, because they haven't uploaded
in six months (what about packages that don't have bugs?!) t
Russell Coker <[EMAIL PROTECTED]> writes:
> Removing developers who don't meet certain criteria (EG no package
> uploads for 6 months) from active status makes a lot of sense.
> Anyone care to propose a GR?
Careful about terminology here. I wouldn't say "remove", just we drop
them from the list
martin f krafft <[EMAIL PROTECTED]> writes:
> So I guess this email isn't about APT 0.6, which does what it should
> and does so well. It's more about the dangers of having 1000 keys
> allowing write access to the archive, and noone capable of
> playing sheriff with the size of the project anymore
Christian Hammers <[EMAIL PROTECTED]> writes:
> The password for the mysql root user is not property of the system wide
> configuration as I can't force the user to change a file in /etc
> every time they change the users password and, due to mysqls default to
> use the mysql user of the same name
Christian Hammers <[EMAIL PROTECTED]> writes:
> On Mon, Jan 21, 2002 at 01:46:58PM -0800, Thomas Bushnell, BSG wrote:
> > > There is at least one package in Debian that requires you to put
> > > sensitive information in /root. The mysql server package needs you to
Chris Francy <[EMAIL PROTECTED]> writes:
> There is at least one package in Debian that requires you to put
> sensitive information in /root. The mysql server package needs you to
> have a .my.cnf in the /root if you want the logs to rotate. The
> my.cnf contains the clear text version of the ro
Christian Hammers <[EMAIL PROTECTED]> writes:
> The password for the mysql root user is not property of the system wide
> configuration as I can't force the user to change a file in /etc
> every time they change the users password and, due to mysqls default to
> use the mysql user of the same nam
Christian Hammers <[EMAIL PROTECTED]> writes:
> On Mon, Jan 21, 2002 at 01:46:58PM -0800, Thomas Bushnell, BSG wrote:
> > > There is at least one package in Debian that requires you to put
> > > sensitive information in /root. The mysql server package needs you to
Chris Francy <[EMAIL PROTECTED]> writes:
> There is at least one package in Debian that requires you to put
> sensitive information in /root. The mysql server package needs you to
> have a .my.cnf in the /root if you want the logs to rotate. The
> my.cnf contains the clear text version of the r
Benoît Sibaud <[EMAIL PROTECTED]> writes:
> For now, the xscreensaver maintainer disagrees.
> "I disagree. It is NOT a security issue, it has been discussed the last
> 3 times it was brought up, and it's easy enough to change if it bothers
> you. Neither your bug or the discussion you pointed to a
Benoît Sibaud <[EMAIL PROTECTED]> writes:
> For now, the xscreensaver maintainer disagrees.
> "I disagree. It is NOT a security issue, it has been discussed the last
> 3 times it was brought up, and it's easy enough to change if it bothers
> you. Neither your bug or the discussion you pointed to
David Wright <[EMAIL PROTECTED]> writes:
> Quoting Thomas Bushnell, BSG ([EMAIL PROTECTED]):
> > Ian <[EMAIL PROTECTED]> writes:
> > > so surely, if nothing needs to be executed, it is better to mount
> > > noexec?
> >
> > noexec has n
David Wright <[EMAIL PROTECTED]> writes:
> Quoting Thomas Bushnell, BSG ([EMAIL PROTECTED]):
> > Ian <[EMAIL PROTECTED]> writes:
> > > so surely, if nothing needs to be executed, it is better to mount
> > > noexec?
> >
> > noexec has n
Wichert Akkerman <[EMAIL PROTECTED]> writes:
> Previously Thomas Bushnell, BSG wrote:
> > Posix requires a /tmp directory which arbitrary programs can write to,
> > and Posix knows nothing of noexec; a valid program of any sort could
> > well decide to use that fe
Wichert Akkerman <[EMAIL PROTECTED]> writes:
> Previously Thomas Bushnell, BSG wrote:
> > What sort of insecure cgi script are you thinking of?
>
> Trivial protection against stupid rootkits.
>
> > In any case, it's part of the normal conventions of all
Ian <[EMAIL PROTECTED]> writes:
> for example, an insecure cgi script could allow a user to write to /tmp
> and get the web server to execute the script. By mounting /tmp noexec,
> this problem is potentially prevented (aside from the insecure script).
What sort of insecure cgi script are you thi
Ian <[EMAIL PROTECTED]> writes:
> Well, I mount /tmp (and anything else I can get away with) as noexec.
> What is the policy here - should package maintainers not try and exec
> out of /tmp, or should I allow exec on that partition?
There is really no particular reason to mount local partitions n
Wichert Akkerman <[EMAIL PROTECTED]> writes:
> Previously Thomas Bushnell, BSG wrote:
> > Posix requires a /tmp directory which arbitrary programs can write to,
> > and Posix knows nothing of noexec; a valid program of any sort could
> > well decide to use that fe
Wichert Akkerman <[EMAIL PROTECTED]> writes:
> Previously Thomas Bushnell, BSG wrote:
> > What sort of insecure cgi script are you thinking of?
>
> Trivial protection against stupid rootkits.
>
> > In any case, it's part of the normal conventions of all
Ian <[EMAIL PROTECTED]> writes:
> for example, an insecure cgi script could allow a user to write to /tmp
> and get the web server to execute the script. By mounting /tmp noexec,
> this problem is potentially prevented (aside from the insecure script).
What sort of insecure cgi script are you th
Ian <[EMAIL PROTECTED]> writes:
> Well, I mount /tmp (and anything else I can get away with) as noexec.
> What is the policy here - should package maintainers not try and exec
> out of /tmp, or should I allow exec on that partition?
There is really no particular reason to mount local partitions
Ralf Dreibrodt <[EMAIL PROTECTED]> writes:
> well, there are daemons which don't know on which port they should
> run. they look in /etc/services for a special name and want to run
> on the specific port. if they don't find the special name in
> /etc/services they abort with an error message.
Y
"J. Paul Bruns-Bielkowicz" <[EMAIL PROTECTED]> writes:
> > You're not going to become a good Linux-administrator before you realize
> > that you should UNDERSTAND what you do instead of just guessing and be
> > happy because it worked.
>
> Becoming a good administrator is making it work and keepi
Ralf Dreibrodt <[EMAIL PROTECTED]> writes:
> well, there are daemons which don't know on which port they should
> run. they look in /etc/services for a special name and want to run
> on the specific port. if they don't find the special name in
> /etc/services they abort with an error message.
"J. Paul Bruns-Bielkowicz" <[EMAIL PROTECTED]> writes:
> > You're not going to become a good Linux-administrator before you realize
> > that you should UNDERSTAND what you do instead of just guessing and be
> > happy because it worked.
>
> Becoming a good administrator is making it work and keep
Alexander Clouter <[EMAIL PROTECTED]> writes:
> ermdon't diasble them in /etc/services, this normally doesn't work (as
> far as I'm aware). /etc/services is more a 'lookup' service then a 'whether
> I should actually work' service.
Ditto.
> according to /etc/serices 111 is 'portmapper', dar
[EMAIL PROTECTED] (William R. Ward) writes:
> It's been an option on traditional Unix systems for a long time. When
> kernel runs the interpreter listed on the #! line, it does so with
> suid/sgid access enabled. It's not really any more difficult than
> launching binaries.
However, there is
Alexander Clouter <[EMAIL PROTECTED]> writes:
> ermdon't diasble them in /etc/services, this normally doesn't work (as
> far as I'm aware). /etc/services is more a 'lookup' service then a 'whether
> I should actually work' service.
Ditto.
> according to /etc/serices 111 is 'portmapper', da
[EMAIL PROTECTED] (William R. Ward) writes:
> It's been an option on traditional Unix systems for a long time. When
> kernel runs the interpreter listed on the #! line, it does so with
> suid/sgid access enabled. It's not really any more difficult than
> launching binaries.
However, there is
Wichert Akkerman <[EMAIL PROTECTED]> writes:
> Previously Vineet Kumar wrote:
>
> > So are "please" and "thank you," but it's generally considered polite.
>
> Also using Mail-Followup-To is standard and expected behaviour on
> debian lists.
That's a reasonable requirement only when Debian add
Wichert Akkerman <[EMAIL PROTECTED]> writes:
> Previously Vineet Kumar wrote:
>
> > So are "please" and "thank you," but it's generally considered polite.
>
> Also using Mail-Followup-To is standard and expected behaviour on
> debian lists.
That's a reasonable requirement only when Debian adds
John Galt <[EMAIL PROTECTED]> writes:
> The whole problem here is they DIDN'T ask you. You threw in your two
> cents worth without a corresponding pledge of support.
It's a public mailing list, and I was simply contributing my
suggestion. You decided it should be a big Federal case.
I'll ma
John Galt <[EMAIL PROTECTED]> writes:
> They aren't reasonable things to add at the last minute. The search
> happened, AFAICT there is a candidate, yet you had to object now. If it
> was so reasonable, why didn't you mention it when it came up?
> Reasonableness cannot be applied to concepts
John Galt <[EMAIL PROTECTED]> writes:
> On 22 Oct 2001, Thomas Bushnell, BSG wrote:
>
> >John Galt <[EMAIL PROTECTED]> writes:
> >
> >> I take it then that you volunteer. If not, shut up. Throwing artifical
> >> barriers at this office isn'
John Galt <[EMAIL PROTECTED]> writes:
> The whole problem here is they DIDN'T ask you. You threw in your two
> cents worth without a corresponding pledge of support.
It's a public mailing list, and I was simply contributing my
suggestion. You decided it should be a big Federal case.
I'll m
John Galt <[EMAIL PROTECTED]> writes:
> They aren't reasonable things to add at the last minute. The search
> happened, AFAICT there is a candidate, yet you had to object now. If it
> was so reasonable, why didn't you mention it when it came up?
> Reasonableness cannot be applied to concept
John Galt <[EMAIL PROTECTED]> writes:
> On 22 Oct 2001, Thomas Bushnell, BSG wrote:
>
> >John Galt <[EMAIL PROTECTED]> writes:
> >
> >> I take it then that you volunteer. If not, shut up. Throwing artifical
> >> barriers at this office i
John Galt <[EMAIL PROTECTED]> writes:
> I take it then that you volunteer. If not, shut up. Throwing artifical
> barriers at this office isn't going to add volunteers.
How is it a barrier?
John Galt <[EMAIL PROTECTED]> writes:
> I take it then that you volunteer. If not, shut up. Throwing artifical
> barriers at this office isn't going to add volunteers.
How is it a barrier?
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAI
Matt Zimmerman <[EMAIL PROTECTED]> writes:
> On Sun, Oct 21, 2001 at 09:23:03AM -0700, Thomas Bushnell, BSG wrote:
>
> > Martin Schulze <[EMAIL PROTECTED]> writes:
> >
> > > Q: Is a requirement being a Debian developer?
> > >
> > >
Matt Zimmerman <[EMAIL PROTECTED]> writes:
> On Sun, Oct 21, 2001 at 09:23:03AM -0700, Thomas Bushnell, BSG wrote:
>
> > Martin Schulze <[EMAIL PROTECTED]> writes:
> >
> > > Q: Is a requirement being a Debian developer?
> > >
> > >
"Scott Henson" <[EMAIL PROTECTED]> writes:
> Just out of curiosity, but isnt this comercicial spam and subject to
> Debian's Spam policy... I dont know.. maybe debian should go to collect its
> money from this person.
It's not commercial, for the simple reason that it's a serious crime.
If they'r
Martin Schulze <[EMAIL PROTECTED]> writes:
> Q: Is a requirement being a Debian developer?
>
>No. It is my understanding that it would be good to have "fresh
>blood" in the team. Working on security can cost a lot of time,
>thus it could even be helpful not being a Debian developer
"Scott Henson" <[EMAIL PROTECTED]> writes:
> Just out of curiosity, but isnt this comercicial spam and subject to
> Debian's Spam policy... I dont know.. maybe debian should go to collect its
> money from this person.
It's not commercial, for the simple reason that it's a serious crime.
If they'
Martin Schulze <[EMAIL PROTECTED]> writes:
> Q: Is a requirement being a Debian developer?
>
>No. It is my understanding that it would be good to have "fresh
>blood" in the team. Working on security can cost a lot of time,
>thus it could even be helpful not being a Debian developer
"Noah L. Meyerhans" <[EMAIL PROTECTED]> writes:
> Please don't do that. That's an incredibly rude practice. The people
> never asked for your opinion on operating systems or Microsoft. What
> about those who use a Windows mailer at their job and have no choice to
> do otherwise. (and please do
"Noah L. Meyerhans" <[EMAIL PROTECTED]> writes:
> Please don't do that. That's an incredibly rude practice. The people
> never asked for your opinion on operating systems or Microsoft. What
> about those who use a Windows mailer at their job and have no choice to
> do otherwise. (and please d
Juha Jäykkä <[EMAIL PROTECTED]> writes:
> Any other ideas? Or is it really safe to allow root logins to sshd?
> It is just an old rule of thumb that root must never log on over the
> wire but that may be old news from times of telnet - never had any
> need of root logins over the wire until perh
Juha Jäykkä <[EMAIL PROTECTED]> writes:
> Any other ideas? Or is it really safe to allow root logins to sshd?
> It is just an old rule of thumb that root must never log on over the
> wire but that may be old news from times of telnet - never had any
> need of root logins over the wire until per
Robert Mognet <[EMAIL PROTECTED]> writes:
> Mailcrypt isn't part of Debian, so it's not the responciblity of the
> security team.
However, it *ought* to be part of Debian, and indeed, it now is IIUC.
Robert Mognet <[EMAIL PROTECTED]> writes:
> Mailcrypt isn't part of Debian, so it's not the responciblity of the
> security team.
However, it *ought* to be part of Debian, and indeed, it now is IIUC.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Cont
Hubert Chan <[EMAIL PROTECTED]> writes:
> But for the situation we are talking about, they would need to have the
> same interface, since a PGP front end needs to interact with the PGP
> program. So in the PGP front end depends on the "pgp implementation"
> virtual package, but the PGP program do
Florian Weimer <[EMAIL PROTECTED]> writes:
> [EMAIL PROTECTED] (Thomas Bushnell, BSG) writes:
>
> > It's clear to me we need a virtual package for "pgp implementation"
> > that both pgp and gnupg can provide.
>
> Uh, this doesn't work. Even the
Hubert Chan <[EMAIL PROTECTED]> writes:
> But for the situation we are talking about, they would need to have the
> same interface, since a PGP front end needs to interact with the PGP
> program. So in the PGP front end depends on the "pgp implementation"
> virtual package, but the PGP program d
Florian Weimer <[EMAIL PROTECTED]> writes:
> [EMAIL PROTECTED] (Thomas Bushnell, BSG) writes:
>
> > It's clear to me we need a virtual package for "pgp implementation"
> > that both pgp and gnupg can provide.
>
> Uh, this doesn't work. Ev
Christian Kurz <[EMAIL PROTECTED]> writes:
> Would you please check the next time either your box running unstable or
> packages.debian.org? If you had done this before, you would have
> noticed, that mailcrypt from stable also offered an interface to PGP
> (pgp-i, pgp-us and pgp5i are the matchin
Christian Kurz <[EMAIL PROTECTED]> writes:
> Would you please check the next time either your box running unstable or
> packages.debian.org? If you had done this before, you would have
> noticed, that mailcrypt from stable also offered an interface to PGP
> (pgp-i, pgp-us and pgp5i are the matchi
Philipp Schulte <[EMAIL PROTECTED]> writes:
> deb http://ftp.debian.org/debian dists/proposed-updates/
Thanks.
What is the corresponding deb-src line? I tried
deb-src http://ftp.debian.org/debian dists/proposed-updates/
but that blew big chunks.
Thomas
Ethan Benson <[EMAIL PROTECTED]> writes:
> it belongs in non-US/main since that is where gnupg lives. but since
> its not there its not part of debian. also for it to go into
> non-US/main it must remove its dependency on non-free pgp, and
> exclusivly depend on gnupg.
It's clear to me we need
Petr Cech <[EMAIL PROTECTED]> writes:
> nobody ever said anything else. fixed mailcrypt is in proposed-updates, so I
> don't see the problem. maybe it was not at the exact time, as gnupg fix ...
Perhaps I'm confused. Please tell me what sources.list line I should
use to get proposed updates.
Philipp Schulte <[EMAIL PROTECTED]> writes:
> deb http://ftp.debian.org/debian dists/proposed-updates/
Thanks.
What is the corresponding deb-src line? I tried
deb-src http://ftp.debian.org/debian dists/proposed-updates/
but that blew big chunks.
Thomas
--
To UNSUBSCRIBE, email to [EMAIL
Ethan Benson <[EMAIL PROTECTED]> writes:
> it belongs in non-US/main since that is where gnupg lives. but since
> its not there its not part of debian. also for it to go into
> non-US/main it must remove its dependency on non-free pgp, and
> exclusivly depend on gnupg.
It's clear to me we nee
Petr Cech <[EMAIL PROTECTED]> writes:
> nobody ever said anything else. fixed mailcrypt is in proposed-updates, so I
> don't see the problem. maybe it was not at the exact time, as gnupg fix ...
Perhaps I'm confused. Please tell me what sources.list line I should
use to get proposed updates.
Ethan Benson <[EMAIL PROTECTED]> writes:
> On Mon, Jun 18, 2001 at 02:30:19PM -0700, Thomas Bushnell, BSG wrote:
> > > you know, what I've ment. Debian *distribution* is main and non-US/main
> >
> > Thene where are the security releases?
>
> security.d
Ethan Benson <[EMAIL PROTECTED]> writes:
> On Mon, Jun 18, 2001 at 02:30:19PM -0700, Thomas Bushnell, BSG wrote:
> > > you know, what I've ment. Debian *distribution* is main and non-US/main
> >
> > Thene where are the security releases?
>
> security.d
Petr Cech <[EMAIL PROTECTED]> writes:
> On Mon, Jun 18, 2001 at 12:11:39PM -0700 , Thomas Bushnell, BSG wrote:
> > Petr Cech <[EMAIL PROTECTED]> writes:
> >
> > > On Mon, Jun 18, 2001 at 10:55:04AM -0700 , Thomas Bushnell, BSG wrote:
> > > > D
Petr Cech <[EMAIL PROTECTED]> writes:
> On Mon, Jun 18, 2001 at 10:55:04AM -0700 , Thomas Bushnell, BSG wrote:
> > Debian is about a *distribution* and not a random assemblage of
>
> OK, distribution. That's dists/potato/main/binary-/Packages
If that's the
Petr Cech <[EMAIL PROTECTED]> writes:
> On Mon, Jun 18, 2001 at 12:11:39PM -0700 , Thomas Bushnell, BSG wrote:
> > Petr Cech <[EMAIL PROTECTED]> writes:
> >
> > > On Mon, Jun 18, 2001 at 10:55:04AM -0700 , Thomas Bushnell, BSG wrote:
> > > > D
Ethan Benson <[EMAIL PROTECTED]> writes:
> gnupg is installable, if you remove mailcrypt. ;-)
As explained in my previous mail, that is only adequate if the
security team exists to support security in packages, but not the
distribution as a whole.
Wichert Akkerman <[EMAIL PROTECTED]> writes:
> Installing mailcrypt on security.debian.org would immediately suggest
> that mailcrypt itself has a security problem, which is not true.
> It's a bit of a catch 22.
Well, this is a general problem then, which the security team should
think about. Th
Petr Cech <[EMAIL PROTECTED]> writes:
> On Mon, Jun 18, 2001 at 10:55:04AM -0700 , Thomas Bushnell, BSG wrote:
> > Debian is about a *distribution* and not a random assemblage of
>
> OK, distribution. That's dists/potato/main/binary-/Packages
If that's the
Ethan Benson <[EMAIL PROTECTED]> writes:
> gnupg is installable, if you remove mailcrypt. ;-)
As explained in my previous mail, that is only adequate if the
security team exists to support security in packages, but not the
distribution as a whole.
--
To UNSUBSCRIBE, email to [EMAIL PROTECT
1 - 100 of 111 matches
Mail list logo
