On Apr 29, 2012, at 7:17 PM, Christoph Anton Mitterer wrote:
> On Sun, 2012-04-29 at 16:03 -0500, John Clizbe wrote:
>> I wouldn't call the project's Google Code downloads page "Unofficial" :-)
>
> Surely, but the advantage of distros having their repostories... you get
> something that is tailo
On Apr 29, 2012, at 7:14 PM, Christoph Anton Mitterer wrote:
> Jeffrey, it's a bit strange, to read you claiming Debian would have lack
> of skill / etc. while you try to convince us of static linking, or at
> least that's what I think you do.
>
Its equally strange to receive hostile comments
On Sun, 2012-04-29 at 16:03 -0500, John Clizbe wrote:
> I wouldn't call the project's Google Code downloads page "Unofficial" :-)
Surely, but the advantage of distros having their repostories... you get
something that is tailored toward the distro and its other packages,...
someone (maintainer) ha
Jeffrey, it's a bit strange, to read you claiming Debian would have lack
of skill / etc. while you try to convince us of static linking, or at
least that's what I think you do.
Whether BDB has a big CVE record or not doesn't matter at all, as
security holes (or other critical) bugs can just alway
On Apr 29, 2012, at 6:24 PM, Robert J. Hansen wrote:
>> You are very very confused: db-1.85 went end-of-life
>> in like 1994
>
> Not at all. That advisory, if you missed it, is from 2009.
>
> I really don't care if db-1.85 was EOLed in 1994, 1984, or 1974. What I
> care about is that it *is s
> You are very very confused: db-1.85 went end-of-life
> in like 1994
Not at all. That advisory, if you missed it, is from 2009.
I really don't care if db-1.85 was EOLed in 1994, 1984, or 1974. What I
care about is that it *is still used today* and there are, within recent
memories, reports of
On Apr 29, 2012, at 6:07 PM, Robert J. Hansen wrote:
> On 04/29/2012 05:42 PM, Jeffrey Johnson wrote:
>> If there were any BDB "security releases", you might have a point.
>
> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1436
>
> Yes, that's actually a bug in the libc db interface,
On 04/29/2012 05:42 PM, Jeffrey Johnson wrote:
> If there were any BDB "security releases", you might have a point.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1436
Yes, that's actually a bug in the libc db interface, not BDB itself, but
the point still stands: this is something that
On Apr 29, 2012, at 5:22 PM, Robert J. Hansen wrote:
> The other major problem with static linking is it forces the maintainers
> to sync their releases with BDB security releases. If a defect is found
> in BDB and sks is statically linked, a new sks has to be released. If a
> defect is found i
On Apr 29, 2012, at 4:59 PM, Christoph Anton Mitterer wrote:
> On Mon, 2012-04-23 at 18:59 -0400, Jeffrey Johnson wrote:
>> And your opinion is contrary to what was recommended.
> Well this is not just my opinion but decades of lectures learned in
> software design…
>
I'm reporting what was rec
The other major problem with static linking is it forces the maintainers
to sync their releases with BDB security releases. If a defect is found
in BDB and sks is statically linked, a new sks has to be released. If a
defect is found in BDB and sks is dynamically linked, no new release of
sks need
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1,SHA256
Christoph Anton Mitterer wrote:
> On Thu, 2012-04-26 at 12:01 +0200, Sebastian Urbach wrote:
>> I just want to offer tho host the debian sks packages anyplace,
>> anywhere, anytime so to say.
> I guess one should really try to get updated packag
On Mon, 2012-04-23 at 18:59 -0400, Jeffrey Johnson wrote:
> And your opinion is contrary to what was recommended.
Well this is not just my opinion but decades of lectures learned in
software design...
I'm not generally against static linking, but there must be really
really really strong reasons t
On Thu, 2012-04-26 at 12:01 +0200, Sebastian Urbach wrote:
> I just want to offer tho host the debian sks packages anyplace,
> anywhere, anytime so to say.
I guess one should really try to get updated packages into Debian itself
and not some unofficial place somewhere...
Cheers,
Chris.
smime.p7s
Hi Phil (2012.04.29_07:04:57_+0200)
> I got around to adding region-based sub-pool entries in my experimental
> playground SKS pool definition, with six regions (below); I'm only
> actually seeing entries for North America and Europe, though.
>
> I suspect that this is a geocoding failure, rather
15 matches
Mail list logo