VectorLinux

Please login or register.

Login with username, password and session length
Advanced search  

News:

Visit our home page for VL info. For support and documentation, visit the Vector Linux Knowledge Center or search the Knowledge Center and this Forum using the search box above.

Pages: 1 ... 4 5 [6] 7

Author Topic: New test website  (Read 90164 times)

caitlyn

  • Packager
  • Vectorian
  • ****
  • Posts: 2878
    • The Linux Works
Re: New test website
« Reply #75 on: July 26, 2008, 11:15:09 am »

The link to the Wiki is broken.  Is the Wiki down or???
Logged
eMachines EL-1300G desktop, 1.6GHz AMD Athlon 2650e CPU, 4GB RAM, nVidia GeForce 6150 SE video
CentOS 6.5 (will try VL64-7.1 soon)

Toshiba Satellite A135-S4727,  Intel Pentium T2080 / 1.73 GHz, 2GB RAM, Intel GMA 950

HP Mini 110 netbook, 1.6GHz Intel Atom CPU, 2GB RAM, Intel 950 video, VL 7.1

vector

  • Administrator
  • Vectorite
  • *****
  • Posts: 484
Re: New test website
« Reply #76 on: July 26, 2008, 11:49:41 am »

yeah we have yet to reconstruct the wiki after the move. It should return soon.......................:)

vec
Logged

caitlyn

  • Packager
  • Vectorian
  • ****
  • Posts: 2878
    • The Linux Works
Re: New test website
« Reply #77 on: September 15, 2008, 11:51:20 am »

I have one serious concern about our new website now.  The news section on the right shows security updates.  This is a good thing.  However, it looks like we haven't had a security update since July.  If that was true we'd have all sorts of interesting unpatched vulnerabilities.

The thing is, we have had security updates since then.  xine-lib-1.1.15 in is patches (VL 5.9) and I just put a package for it in testing for VL 6.0.  It closes security vulnerabilities in previous versions that could have allowed a DoS attack or a buffer overflow. 

How do we get current security update information onto the news section?
Logged
eMachines EL-1300G desktop, 1.6GHz AMD Athlon 2650e CPU, 4GB RAM, nVidia GeForce 6150 SE video
CentOS 6.5 (will try VL64-7.1 soon)

Toshiba Satellite A135-S4727,  Intel Pentium T2080 / 1.73 GHz, 2GB RAM, Intel GMA 950

HP Mini 110 netbook, 1.6GHz Intel Atom CPU, 2GB RAM, Intel 950 video, VL 7.1

todds

  • Member
  • *
  • Posts: 14
Re: New test website
« Reply #78 on: September 24, 2008, 02:13:42 pm »

I have one serious concern about our new website now.  The news section on the right shows security updates.  This is a good thing.  However, it looks like we haven't had a security update since July.  If that was true we'd have all sorts of interesting unpatched vulnerabilities.

The thing is, we have had security updates since then.  xine-lib-1.1.15 in is patches (VL 5.9) and I just put a package for it in testing for VL 6.0.  It closes security vulnerabilities in previous versions that could have allowed a DoS attack or a buffer overflow. 

How do we get current security update information onto the news section?

i agree with caitlyn everthing looks very good,but we need a consistent approach to security,for example i haven`t received one security bulletin since signing up for the security newsletter,it is these small things that need sorting out really...

thanks

todders
Logged
VL 6.0 RC3 on Athlon AMD Athlon™ 2650e Emachines D620

rbistolfi

  • Packager
  • Vectorian
  • ****
  • Posts: 2303
Re: New test website
« Reply #79 on: September 24, 2008, 02:20:22 pm »

I have one serious concern about our new website now.  The news section on the right shows security updates.  This is a good thing.  However, it looks like we haven't had a security update since July.  If that was true we'd have all sorts of interesting unpatched vulnerabilities.

The thing is, we have had security updates since then.  xine-lib-1.1.15 in is patches (VL 5.9) and I just put a package for it in testing for VL 6.0.  It closes security vulnerabilities in previous versions that could have allowed a DoS attack or a buffer overflow. 

How do we get current security update information onto the news section?

Cait, we are having som tech difficulty with my permissions in the website and I cant add content now, please be patience the site will be updated soon.
Thanks.
Logged
"There is a concept which corrupts and upsets all others. I refer not to Evil, whose limited realm is that of ethics; I refer to the infinite."
Jorge Luis Borges, Avatars of the Tortoise.

--
Jumalauta!!

Masta

  • Global Moderator
  • Vectorian
  • *****
  • Posts: 725
Re: New test website
« Reply #80 on: September 24, 2008, 04:28:26 pm »

Yeah, so please put away the tire irons, the baseball bats, the spiked balls on chains, the flaming torches, and whatever else you're staffing there.

 :D
Logged

caitlyn

  • Packager
  • Vectorian
  • ****
  • Posts: 2878
    • The Linux Works
Re: New test website
« Reply #81 on: September 24, 2008, 07:26:19 pm »

Red hot flaming tongs.  I'll leave it to your imagination where I'd apply them   ;D

Seriously, security issues are something I am very paranoid about since I've done so much security work in recent years.  I've cleaned up the mess after an incident and that is a whole lot of no fun, though it is usually good for lots of overtime and the bank account.

We've had three security announcements today alone, BTW.  No new packages yet, though.
Logged
eMachines EL-1300G desktop, 1.6GHz AMD Athlon 2650e CPU, 4GB RAM, nVidia GeForce 6150 SE video
CentOS 6.5 (will try VL64-7.1 soon)

Toshiba Satellite A135-S4727,  Intel Pentium T2080 / 1.73 GHz, 2GB RAM, Intel GMA 950

HP Mini 110 netbook, 1.6GHz Intel Atom CPU, 2GB RAM, Intel 950 video, VL 7.1

Dweeberkitty

  • Packager
  • Vectorian
  • ****
  • Posts: 836
    • Multimedia Bonus Disc
Re: New test website
« Reply #82 on: September 24, 2008, 09:08:54 pm »

Red hot flaming tongs.  I'll leave it to your imagination where I'd apply them   ;D

Seriously, security issues are something I am very paranoid about since I've done so much security work in recent years.  I've cleaned up the mess after an incident and that is a whole lot of no fun, though it is usually good for lots of overtime and the bank account.

We've had three security announcements today alone, BTW.  No new packages yet, though.

Maybe we can get a script built that automatically pulls security updates from slacky.eu or wherever, does a convertpkg on them, and then uploads them to the repo? Just a thought, but if we automate it, all we'd have to do is monitor it to make sure it keeps working. Maybe I'm missing something and it wouldn't work at all like that, but possibly worth a shot? That way we don't have to rely on our manpower to build security updates.
Logged
Registered Linux User #443399
Desktop: Intel Pentium D 3.33Ghz, 320GB hard drive, 2 gigs DDR2 533mhz RAM, NVIDIA Geforce 7800 GS, X2GEN 22" widescreen monitor;
Laptop: Dell Mini 9, Intel Atom 1.6Ghz, 1GB ram
Multimedia Bonus Disc website: http://www.vectorlinuxsolutions.com/

kidd

  • Packager
  • Vectorian
  • ****
  • Posts: 682
Re: New test website
« Reply #83 on: September 25, 2008, 01:04:13 am »

rbistolfi and I already did that script.   Unfortunately, things are usually nicer in your imagination than reality, and many packages need extra tweaking to package them for VL.  We could do a kind of db for tweaks and automate it when we've done them once.

I can't find the code, maybe rbistolfi can paste it here or point where is it

rbistolfi

  • Packager
  • Vectorian
  • ****
  • Posts: 2303
Re: New test website
« Reply #84 on: September 25, 2008, 09:12:03 am »

I am at "work" now ;D, I will look for the code at home. It is for our Slackware based packages, i.e. the core of VectorLinux. It is what I use for our slack based packages.
Anyway, the problem now is not the availability of the packages! They are available in the repository very soon, with just a few exceptions. I dont think we should use slacky.eu packages or other 3rd party packages but slackware ones, is just too dangerous  we just dont know how they build them.

Red hot flaming tongs.  I'll leave it to your imagination where I'd apply them   ;D

Seriously, security issues are something I am very paranoid about since I've done so much security work in recent years.  I've cleaned up the mess after an incident and that is a whole lot of no fun, though it is usually good for lots of overtime and the bank account.

We've had three security announcements today alone, BTW.  No new packages yet, though.

Hehe, don't be paranoid, we need you healthy ;)
I have done security work as well and there is nothing to clean up now :P

Logged
"There is a concept which corrupts and upsets all others. I refer not to Evil, whose limited realm is that of ethics; I refer to the infinite."
Jorge Luis Borges, Avatars of the Tortoise.

--
Jumalauta!!

caitlyn

  • Packager
  • Vectorian
  • ****
  • Posts: 2878
    • The Linux Works
Re: New test website
« Reply #85 on: September 25, 2008, 11:49:13 am »

Rodrigo, thanks for working on this so quickly.

Well.. the slightly heated discussion about security in the forum seems to have lit a fire under a number of people.  Vector already has a firefox 3.0.2 package in the repository.  I don't know how quickly the new seamonkey and postgresql packages will show up but I did notice that Joe1962 announced those issues very quickly as well.  If we all do a little and work together I think we can keep VL easy to secure and keep updated for our user community without becoming overwhelmed or buried in "work".

Again, thanks for all the efforts here.  That's one thing I love about the VL devs, both the core folks and all the volunteers:  when they see a problem they do their best to solve it right away.  Some other unnamed distros get all defensive and circle the wagons instead.  I like the VL way much better.

Oh, and Rodrigo, paranoia can be very healthy sometimes.
Logged
eMachines EL-1300G desktop, 1.6GHz AMD Athlon 2650e CPU, 4GB RAM, nVidia GeForce 6150 SE video
CentOS 6.5 (will try VL64-7.1 soon)

Toshiba Satellite A135-S4727,  Intel Pentium T2080 / 1.73 GHz, 2GB RAM, Intel GMA 950

HP Mini 110 netbook, 1.6GHz Intel Atom CPU, 2GB RAM, Intel 950 video, VL 7.1

rbistolfi

  • Packager
  • Vectorian
  • ****
  • Posts: 2303
Re: New test website
« Reply #86 on: September 25, 2008, 11:50:57 am »

Well, finally the following announcements were added to the news section and the VL security feed:

http://vectorlinux.com/collections/security/RSS
Quote
Seamonkey security upgrade
Link-grammar  (Abiword plugin) security upgrade
Xine-lib security upgrade
Libxslt security upgrade
Net-snmp security upgrade
OpenSSH upgrade
OpenSSL security update
Pcre security upgrade

Duh, I missed the python upgrade from vec7 ;D. I will have to add that one. If I am missing some other please let me know.
Thanks everybody for understanding, we will be working for avoiding this kind of problem in the future :)
Logged
"There is a concept which corrupts and upsets all others. I refer not to Evil, whose limited realm is that of ethics; I refer to the infinite."
Jorge Luis Borges, Avatars of the Tortoise.

--
Jumalauta!!

rbistolfi

  • Packager
  • Vectorian
  • ****
  • Posts: 2303
Re: New test website
« Reply #87 on: September 25, 2008, 12:00:19 pm »

Rodrigo, thanks for working on this so quickly.

Well.. the slightly heated discussion about security in the forum seems to have lit a fire under a number of people.  Vector already has a firefox 3.0.2 package in the repository.  I don't know how quickly the new seamonkey and postgresql packages will show up but I did notice that Joe1962 announced those issues very quickly as well.  If we all do a little and work together I think we can keep VL easy to secure and keep updated for our user community without becoming overwhelmed or buried in "work".

Again, thanks for all the efforts here.  That's one thing I love about the VL devs, both the core folks and all the volunteers:  when they see a problem they do their best to solve it right away.  Some other unnamed distros get all defensive and circle the wagons instead.  I like the VL way much better.

Oh, you posted while I was writting :)
Well I dont see a reason to get all defensive, nobody was attacking VL and we are all part of the same project right? We all want the best for VL that is why the discussions are so nice ;D
The security discussion is interesting and I hope we can still follow it, maybe in another thread.

I take postgresql for tonight, Incognu already submited Seamonkey upgrades for 5.8, 5.9 and 6.0, wow incognu you are awesome. I will announce Firefox 3 upgrade as well. I think at this point we are missing only FF 2.0.0.16 and Thunderbird. I promise to pkg those as soon as I can make the time. If someone wants to jump in please do it ;D

Quote
Oh, and Rodrigo, paranoia can be very healthy sometimes.

Not in my dictionary but that was a joke nothing more, I don't wanna start a Psicology flamewar ;D
Logged
"There is a concept which corrupts and upsets all others. I refer not to Evil, whose limited realm is that of ethics; I refer to the infinite."
Jorge Luis Borges, Avatars of the Tortoise.

--
Jumalauta!!

Joe1962

  • Administrator
  • Vectorian
  • *****
  • Posts: 2499
    • Joe1962's Website
Re: New test website
« Reply #88 on: September 25, 2008, 12:06:17 pm »

Heh, and you posted when I clicked "Reply", lol. Luckily the Forum warned me. Anyway, like you mentioned, incognu already did SeaMonkey, as I knew he would soon enough. It's great that he is maintaining it for 3 versions of VL! About PostgreSQL, toothandnail PMed me and I sent him my template and script for it, but I'm sure he won't be angry if I send it to you too in case he is busy today.
Logged
O'Neill (RE the Asgard): "Usually they ask nicely before they ignore us and do what they damn well please."
http://joe1962.bigbox.info
Running: VL 7 Std 64 + self-cooked XFCE-4.10

caitlyn

  • Packager
  • Vectorian
  • ****
  • Posts: 2878
    • The Linux Works
Re: New test website
« Reply #89 on: September 25, 2008, 12:12:25 pm »

I probably won't get to build postgresql.  This repository maintenance stuff is time consuming and my time today and tomorrow is limited.  I'll just be happy to get all the new packages in place, the scripts run, and the announcements made.

I still have a ton of stuff i want to build for VL 6 internationalization/localizaton too.
Logged
eMachines EL-1300G desktop, 1.6GHz AMD Athlon 2650e CPU, 4GB RAM, nVidia GeForce 6150 SE video
CentOS 6.5 (will try VL64-7.1 soon)

Toshiba Satellite A135-S4727,  Intel Pentium T2080 / 1.73 GHz, 2GB RAM, Intel GMA 950

HP Mini 110 netbook, 1.6GHz Intel Atom CPU, 2GB RAM, Intel 950 video, VL 7.1
Pages: 1 ... 4 5 [6] 7