The debian-private mailing list leak, part 1. Volunteers have complained about Blackmail. Lynchings. Character assassination. Defamation. Cyberbullying. Volunteers who gave many years of their lives are picked out at random for cruel social experiments. The former DPL's girlfriend Molly de Blanc is given volunteers to experiment on for her crazy talks. These volunteers never consented to be used like lab rats. We don't either. debian-private can no longer be a safe space for the cabal. Let these monsters have nowhere to hide. Volunteers are not disposable. We stand with the victims.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Central register of package use

To: John Goerzen <jgoerzen@complete.org>
Subject: Re: Central register of package use
From: Jim Pick <jim@jimpick.com>
Date: Sat, 01 Feb 1997 12:25:59 -0800
Cc: debian-private@lists.debian.org
Importance: low
In-reply-to: Your message of "Sat, 01 Feb 1997 02:25:11 CST." <Pine.LNX.3.95q.970201022329.88C-100000@complete.org>
Priority: non-urgent
Resent-from: debian-private@lists.debian.org
Resent-message-id: <"Rw4YP1.0.e54.MWwyo"@master.debian.org>
Resent-reply-to: debian-private@lists.debian.org
Resent-sender: debian-private-request@lists.debian.org

> On Tue, 28 Jan 1997, Steve McIntyre wrote:
> 
> > What I'm thinking of is something along the lines of a cron job running
> > 
> > #!/bin/bash
> > HOSTNAME=hostname -f
> > dpkg --get-selections |grep -ve deinstall -ve purge | \
> > 	mail -s "$HOSTNAME selections" selections@debian.org
> 
> Good idea, although it would be best to know the versions of each package
> in use.
> 
> Additionally, this functionality for each individual Debian system should
> be in a separate package.  And it should be very clear that the package is
> NOT required.  I'd suggest putting it in the "Extra" section.  And explain
> to the user very clearly what is going on.  We want to avoid at all costs
> any problem with people complaining about people spying on systems and/or
> people complaining about unknown mails.
> 
> John Goerzen          | Running Debian GNU/Linux (www.debian.org)

I agree.  And when the user selects it, the postinst script will display a
warning, and prompt the user.  Also, the mail should be cc:'d to the system
administrator.

Also, when the mail is sent to selections, it should not be made available
to the public in such a way that someone can determine which packages are
running on someone's system.  I think that could be a major security hole
because "hackers" could just scan the listing for someone who has a
vulnerable version of sendmail installed, for example.  I think we also
have the same issue in regards to people running dwww on open web servers.

Cheers,

 - Jim

Attachment: pgpgvhCxFerC7.pgp
Description: PGP signature

Follow-Ups:
- Re: Central register of package use
  - From: Joey Hess <joey@kite.ml.org>
- Re: Central register of package use
  - From: Steve McIntyre <stevem@chiark.greenend.org.uk>

References:
- Re: Central register of package use
  - From: John Goerzen <jgoerzen@complete.org>

Prev by Date: Re: new maintainer verification
Next by Date: I'm in trouble now
Previous by thread: Re: Central register of package use
Next by thread: Re: Central register of package use
Index(es):
- Date
- Thread