On Sat, Jun 08, 2019 at 09:24:35AM +0800, Paul Wise wrote:
On Sat, Jun 8, 2019 at 5:26 AM Michael Stone wrote:
https://historical.packages.debian.org/ has a search function that
returns "The requested URL /cgi-bin/dispatcher.fcgi/search was not found
on this server." At the bottom o
https://historical.packages.debian.org/ has a search function that
returns "The requested URL /cgi-bin/dispatcher.fcgi/search was not found
on this server." At the bottom of the page is "This service is
sponsored by Example1 Sponsor, Inc.."
How is www.debian.org/devel/people generated? A large number of packages
seem to be assigned to debr...@willem.engen.nl for no apparant reason.
E.g., aaphoto has Maintainer: Andras Horvath but is
under the debrepo entry.
Mike Stone
--
To UNSUBSCRIBE, email to debian-www-requ...@lists.debian
On Mon, Jul 07, 2008 at 09:54:17PM +0200, Thijs Kinkhorst wrote:
I see the following solutions:
1) Use the current script parse-advisory.pl. It may be ugly but it does the
trick in nearly all cases. DSA's are committed automatically and the web
team reads the commit diffs and corrects after
Is anything going to have to be done to get the web servers to notice
the security/2006 directory, or should that eventually happen
automatically?
Mike Stone
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
On Fri, Jul 01, 2005 at 04:35:02PM +0200, you wrote:
DSAs have to be manually committed; one can use
webwml/english/security/parse-advisory.pl for most of the grunt work
of converting the DSA to a .wml and a .data file. It's no problem
if one of the debian-www people should do that, we only have
Anyone have a clue why dsa-735 is missing from the page? Was there a
problem parsing the advisory?
Mike Stone
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
On Fri, Aug 29, 2003 at 01:46:02PM +0200, you wrote:
Still, this leaves us with two DSA 374 now.
well, since the number for the node advisory is horribly screwed up
anyway, is there a problem with just changing it to 375?
Mike Stone
On Fri, Aug 29, 2003 at 11:29:08AM +0200, you wrote:
Joeys recent advisory for node was named 374 too and added to the
archive with that number.
Hmm. My copy says:
[SECURITY] [DSA 274-1] New node packages fix remote root vulnerability
(note: *2*74, not 374)
Mike Stone
Affected Packages: sendmail, sendmail-wide
Mark Dowd of ISS X-Force found a bug in the header parsing routines
of sendmail: it could overflow a buffer overflow when encountering
addresses with very long comments. Since sendmail also parses headers
when forwarding emails this vulnerability can
On Wed, Mar 05, 2003 at 02:35:26PM +0100, you wrote:
a completely different package (different source package). I have no
ideas how to incorporate the data nicely into the dsa-257.{data,wml}
files -- you guys (security-team) have to decide.
This has been done before, IIRC. Just put all the pac
could whoever's doing web pages for security advisories these days take
a look at dsa 257?
Mike Stone
On Wed, Jan 29, 2003 at 07:20:32PM +0900, Tomohiro KUBOTA wrote:
would ask to change name order, I would certainly stimulate the
core part of flamewar and Japanese members of Debian might drop
their activity as developers.)
Well, this is simply an example of how you can't please all of the
peop
On Sat, Jan 18, 2003 at 10:45:43PM +0900, Tomohiro KUBOTA wrote:
Do you still try to force me not to use UPPERCASE surname, though
I said I don't care how other people write my name? I don't like
flamewar. I just want you not to join Japanese people's flamewar
which continues about 10 years.
On Mon, Jun 24, 2002 at 03:52:29PM +0200, Josip Rodin wrote:
> That isn't really a convincing argument, both because we don't address only
> users of Debian, but those that don't use it, and because we always aim to
> support maximum possible users. Just like we keep m68k support, we keep
> support
On Mon, Jun 10, 2002 at 12:14:05PM +0200, Noel Koethe wrote:
> shouldn't we change the "potato" in the apt line on this
> page to "stable", so we don't have to change it every release?
Nice theory. Unfortunately, the archive path tends to change. :)
--
Mike Stone
--
To UNSUBSCRIBE, email to [
On Sat, Feb 09, 2002 at 01:15:43PM +, Rob Bradford wrote:
> I agree, this renders horifically on Galeon in X, there is soo much
> spacing between the boxes they seems to be jumbled up and a mess.
Ack. With my mozilla the boxes seem to be positioned completely at
random. I feel like I'm playing
On Fri, Jul 27, 2001 at 11:57:58AM +0200, Endre Steigum wrote:
> To remain included in our bookmark list for a year, we ask you to
> place an Opera banner or button on your Web site in a highly visible
> spot, preferably on the front page. It should be linked to
> http://www.opera.com/download. Pl
On Sat, May 05, 2001 at 08:58:10PM +0100, Sergio Brandano wrote:
> There is of course a more general problem too.
> By letting the main search sites to link all
> the emails of these lists, we are overloading
> the net! I understand that those mail may be
Come on, people, stop feeding the troll.
On Tue, Apr 24, 2001 at 06:23:16PM -0500, James A. Treacy wrote:
> At a minimum, there should be a link to the appropriate page in the
> list archives.
now that's a useful plan. what about a link to the pgp-signed advisory
with a note that md5's are available there rather than actually putting
the
On Tue, Apr 24, 2001 at 08:30:38PM +0200, Josip Rodin wrote:
> Joey requested that MD5 checksums are put in security advisories on the web
> pages, so I've added them, in a kludgey kinda way. Should we add a
nonononono! We *already* have the md5's available in a web-accessible
form in the mailing
On Thu, Mar 15, 2001 at 02:25:06PM +0100, Martin Quinson wrote:
> I would like to know if the log message I used for this mail makes sense in
> english. I want to say that the translation was not so good, and that we've
> maid a rewording to correct it.
The log message was great. But you probably
On Sun, Jan 14, 2001 at 06:34:12PM +0100, Josip Rodin wrote:
> Why is it necessary to have those ugly DSA-?? strings in the indices for
> security web pages? IMO they only clutter the list, and for no purpose. Why
> would a random user/admin need to care about that number before the package
> name?
On Fri, Dec 08, 2000 at 04:23:32PM -0700, Jason Gunthorpe wrote:
> On Fri, 8 Dec 2000, Michael Stone wrote:
> > The apt line is what I'm talking about. The structure of the security
> > site has changed for every release, and apt lines have not been
>
> If you want to ke
On Fri, Dec 08, 2000 at 02:56:38PM -0500, James A. Treacy wrote:
> On Fri, Dec 08, 2000 at 12:50:31PM -0500, Michael Stone wrote:
> > We have never (not even once) had a security url that worked between
> > releases. I don't want to pretend that we do unless there's som
On Fri, Dec 08, 2000 at 11:54:32AM -0500, James A. Treacy wrote:
> On Fri, Dec 08, 2000 at 11:58:23AM +0100, Christoph Fabianek wrote:
> > the line deb http://security.debian.org/ potato/updates main contrib
> > non-free
> > did not work for me, and after a look at the server I saw that it should
On Tue, Dec 05, 2000 at 11:34:48PM -0500, James A. Treacy wrote:
> BTW, are you subscribed to debian-www, Michael?
Yes.
--
Mike Stone
security/2000/2902a.wml and an update to security/2000/2901.wml
have yet to make it onto the web pages.
--
Mike Stone
On Thu, Aug 17, 2000 at 03:19:46PM +0200, Josip Rodin wrote:
> potato machines. Considering everyone should be using potato nowadays
> because it is the release named stable, this shouldn't be a problem.
Yes. All sites have an instant upgrade system.
--
Mike Stone
pgpp88HvGI66c.pgp
Description
On Wed, Aug 09, 2000 at 09:58:50PM -0600, Jason Gunthorpe wrote:
> The perl upgrade has foobar'd many web cgi's for some reason.. Randolph is
> working on the ones we detect, but someone must make sure these changes
> get where they belong.
Is someone making notes on why things broke, so we can tr
On Sun, Jul 23, 2000 at 04:46:23PM -0600, Jason Gunthorpe wrote:
> It seems to me that it a much better idea to just fix the main web site so
> that it doesn't have a huge latency. Pushing our 'fast' content out to
> other boxes because of that problem seems like a cheap hack.
If you provide a way
On Thu, Jul 20, 2000 at 04:58:48PM -0400, James A. Treacy wrote:
> On Thu, Jul 20, 2000 at 12:40:16PM -0400, Michael Stone wrote:
> > security.d.o/ currently redirects to w.d.o/security/. I propose
> > reversing that, so that security updates are independent of the mirror
> &
security.d.o/ currently redirects to w.d.o/security/. I propose
reversing that, so that security updates are independent of the mirror
latency. Comments?
--
Mike Stone
Overfiend pointed out that the green-on-white for not vulnerable is a
bit hard to read. I'd like to darken it a bit, but I'd hate to rebuild
the whole security tree just for that. Are there any other changes
pending that I could piggy-back this onto?
--
Mike Stone
pgpjKLFCwvZjd.pgp
Description:
On Thu, Mar 16, 2000 at 08:35:24PM -0800, Darren O. Benham wrote:
> [22:31]:~> df
We're back to this again? I'll give you a drive if you really need it.
(But I thought the disk space issue was resolved, or at least that
people with more money that I have were offering equipment.)
> Also, it would
There should be a /security/2000/227 and /security/2000/229;
they're in cvs but the website hasn't been updated. Could someone look
into that?
--
Mike Stone
pgpX3MhtI0u9E.pgp
Description: PGP signature
On Mon, Feb 28, 2000 at 02:30:49PM +0100, Wichert Akkerman wrote:
> This is a request from one of the guys running linuxsecurity.com.
> He said he would like a link on our security webpage to their site;
> currently we don't have any links to other sites and I don't want
> to give him a special pos
On Sat, Feb 19, 2000 at 12:32:19PM -0500, James A. Treacy wrote:
> I looked into namazu a few months ago. I seem to recall that it was
> missing some functionality that was needed. I'll take another look
> 'soon' and talk to the upstream about adding any missing features
> needed.
Hmm. As understa
On Mon, Jan 31, 2000 at 11:19:29PM -0800, Darren O. Benham wrote:
> This might not be a bad idea... or... we might have to bite the weene and
> go non-free...
Or we can stop aiming for perfection and put in a free search engine
that's "good enough." If something better comes along we can always
ch
On Tue, Jan 11, 2000 at 01:10:23PM +0100, peter karlsson wrote:
> > Can someone tell me what I missed in order to get the security/2000/
> > directory to build?
>
> To add the 2000 directory to the SUBS variable of the Makefile in the
> security directory, and make it depend on the 2000 files inst
Can someone tell me what I missed in order to get the security/2000/
directory to build?
--
Mike Stone
On Sun, Sep 12, 1999 at 11:10:14AM -0700, Guy Maor wrote:
> It's better to have something where you can easily modify the data
> coming in and out of it. So something designed as a freetext search
> rather than a web server is more appropriate for mailing list
> searches.
I'm not sure I understan
On Sat, Sep 11, 1999 at 10:35:19AM -0700, Guy Maor wrote:
> "Sean 'Shaleh' Perry" <[EMAIL PROTECTED]> writes:
> > http://www.mds.rmit.edu.au/mg/
>
> This looks promising. Thanks for the pointer.
Just curious--have you looked at htdig?
Mike Stone
On Sun, Aug 08, 1999 at 09:07:43PM +0200, peter karlsson wrote:
> What needs to be done is to change all the occurances of dates in the news
> and security pages to -MM-DD format, and for translators to add a
> template for the news dates to ctime.wml (unless they want the "Dd Mmm Yyyy"
> forma
On Mon, Jul 19, 1999 at 07:44:24PM -0700, Darren O. Benham wrote:
> Our current problem is not bandwidth, it's diskspace on www.debian.org. We
> need to solve that before we worry about solving a problem that isn't a
> problem.
Well, I believe that there was a suggestion to seperate bugs.debian.
On Mon, Jul 19, 1999 at 04:24:11PM -0700, Darren O. Benham wrote:
> Do you normally use one of the mirrors? Why not collect the opinion of
> people who routinly use mirrors for browsing... which mirror do they use
> and do they go back to the main site to use the BTS or stick with thier
> mirror.
On Mon, Jul 19, 1999 at 04:24:19PM -0600, Jason Gunthorpe wrote:
> About 3-6meg/day depending on what you are mirroring, which means most
> mirrors use more resources than they save ;>
That's about what I expected. I think breaking off bugs.debian.org would
definately be a good thing. Think about
On Mon, Jul 19, 1999 at 11:52:41PM +0800, Andrew Howell wrote:
> We seem to get a small amount of traffic (70 meg a month) at
> www.au.debian.org but I'm quite happy mirroring everything.
How much bw does it take to maintain the mirror?
Mike Stone
pgp56uZK03ugz.pgp
Description: PGP signature
On Sun, Jul 18, 1999 at 10:42:12PM +0200, Georg Hitsch wrote:
> I think the easiest thing would be, to put the list-archives on an own
> virtual server, which mirrors dont have to mirror.
>
> (And Bugs same...)
Especially the bugs. What's the point of reading what the bug reports
were yesterday?
On Wed, Jul 07, 1999 at 03:45:57PM -0700, Joey Hess wrote:
> If you go to
> http://www.debian.org/News/weekly/current/issue/ , you'll see a directory
> listing with an index.html in it. Why isn't that index.html shown by default?
> http://www.debian.org/News/weekly/current/issue/index works.
It wo
On Fri, Apr 23, 1999 at 03:09:07AM -0400, James A. Treacy wrote:
> wml has a suggest on libgd-perl. It is needed if you have .gif images.
> Before anyone screams that we should get rid of all gifs:
> 1. You are free to convert them anytime
> 2. The official release of mozilla should give widesp
How much trouble would it be to generate png's of the graphics? Since we
already have content negotiation, we could use png's as the default and gif's
as a fallback, right? It would be nice if we could eventually phase out the
gif's so it wouldn't be necessary to have non-free programs to build the
On Wed, Feb 17, 1999 at 10:42:27PM -0500, Michael Stone wrote:
> I'm thinking about making this a priority this weekend.
Well, that didn't happen. :( But it's finally nearing completion. :) I'm
soliciting suggestions on a couple of final issues: first, where should the
co
On Wed, Feb 17, 1999 at 11:22:37PM -0500, James A. Treacy wrote:
> I'm still leaning toward simply having the security pages link the relevant
> page in the Packages section of the web site and deal with linking packages
> in proposed-updates directory there. Only security updates are supposed to
>
Any more thoughts on making the security urls track updates in the ftp site?
I'm looking at a lot of stuff that needs to be updated right now, and I'd
prefer to just update once to a "Right Way" than to make a short-term patch.
(Unless the Right Way looks like it might be delayed. :) I'm thinking a
On Sat, Feb 13, 1999 at 12:49:03PM -0500, James A. Treacy wrote:
> One solution is not point to an exact version, but the directory it will be
> in and state that the version should be greater than x. For the case above
> that would be:
>
> ftp://ftp.debian.org/debian/dists/stable/main/source/net>
On Sat, Feb 13, 1999 at 12:25:12PM -0500, James A. Treacy wrote:
> Only standard items are translated automatically. For example, 'Date
> Reported', 'Affected Packages', etc. As stated near the end, it is NOT the
> responsibility of the maintainers of the security pages to translate any
> other tex
Ok. I didn't see this until after I wrote the other message. This is looking
good.
On Sat, Feb 13, 1999 at 01:30:10AM -0500, James A. Treacy wrote:
> href=ftp://ftp.debian.org/debian/dists/stable/main/source/net/netstd_3.07.orig.tar.gz>ftp://ftp.debian.org/debian/dists/stable/main/source/net/nets
On Sat, Feb 13, 1999 at 12:02:57AM -0500, James A. Treacy wrote:
> I haven't had a chance to look at how the security pages were set up, but
> most parts of the security pages can be set up for automatic translation,
> similar to how the template files are done. The textual parts of the page,
> giv
What's the scheduling for web pages to make it from cvs to
www.debian.org? I put a preliminary security announce in last night, and
put the final version in tonight. But nothing showed up on the web page
until the preliminary page came up tonight (after I put the final
version into cvs).
Mike Ston
Quoting Darren Benham ([EMAIL PROTECTED]):
> Based on what I see from my system this morning (10:00 -8) the only difference
> is the inclusion of 1998 in the ./security/ page. If that's what you're
> refering to, it takes two get_recent_list() commands to get two years... the
> index file, therefo
Quoting Michael Stone ([EMAIL PROTECTED]):
> My local root-level index.html.en wasn't building properly (it didn't
> reflect changes to the security pages.) What I did was modify the
> top-level Makefile by copying the logic used to check the dependencies
> in the News dir
My local root-level index.html.en wasn't building properly (it didn't
reflect changes to the security pages.) What I did was modify the
top-level Makefile by copying the logic used to check the dependencies
in the News directory. Let me know if that was incorrect.
Mike Stone
Quoting Darren Benham ([EMAIL PROTECTED]):
> I decided not to track proposed-updates because, supposedly, the changed
> package will soon be moved into the "real" location. If you put a link to
> proposed-updates, you'd have to watch it for the package move and then update
> the page(s) according
1. wml::debian::security::fixes_link generates a link to the Packages
section of the web site, but that area doesn't track packages in
proposed-updates. Is there a standard way to generate a link into
proposed-updates, or should I just include an href in the wml?
2. fixes_link allows you to put Al
Quoting Darren Benham ([EMAIL PROTECTED]):
> Well.. I got the old security pages converted to the new look. Now
> I'm going to get the last 6 months of alerts added. In the mean time,
> the existing pages should be onsite in a day or two. I would
> appreciate people going over them and giving me
Quoting Jules Bean ([EMAIL PROTECTED]):
> Please take your offer of help over to debian-www, where we will pleased to
> accept it :-)
Okay, I'm here. I put a copy of what I have on
http://www.cs.loyola.edu/~mstone/debian_security.html. I'm still not
entirely happy with it -- for one thing, I think
67 matches
Mail list logo
