VectorLinux
October 25, 2014, 07:57:47 pm *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Visit our home page for VL info. To search the old message board go to http://vectorlinux.com/forum1. The first VL forum is temporarily offline until we can find a host for it. Thanks for your patience.
 
Now powered by KnowledgeDex.
   Home   Help Search Login Register  
Please support VectorLinux!
Pages: 1 ... 4 5 [6] 7
  Print  
Author Topic: New test website  (Read 84178 times)
caitlyn
Packager
Vectorian
****
Posts: 2876


WWW
« Reply #75 on: July 26, 2008, 10:15:09 am »

The link to the Wiki is broken.  Is the Wiki down or???
Logged

eMachines EL-1300G desktop, 1.6GHz AMD Athlon 2650e CPU, 4GB RAM, nVidia GeForce 6150 SE video
CentOS 6.5 (will try VL64-7.1 soon)

Toshiba Satellite A135-S4727,  Intel Pentium T2080 / 1.73 GHz, 2GB RAM, Intel GMA 950

HP Mini 110 netbook, 1.6GHz Intel Atom CPU, 2GB RAM, Intel 950 video, VL 7.1
vector
Administrator
Vectorite
*****
Posts: 479



« Reply #76 on: July 26, 2008, 10:49:41 am »

yeah we have yet to reconstruct the wiki after the move. It should return soon.......................Smiley

vec
Logged
caitlyn
Packager
Vectorian
****
Posts: 2876


WWW
« Reply #77 on: September 15, 2008, 10:51:20 am »

I have one serious concern about our new website now.  The news section on the right shows security updates.  This is a good thing.  However, it looks like we haven't had a security update since July.  If that was true we'd have all sorts of interesting unpatched vulnerabilities.

The thing is, we have had security updates since then.  xine-lib-1.1.15 in is patches (VL 5.9) and I just put a package for it in testing for VL 6.0.  It closes security vulnerabilities in previous versions that could have allowed a DoS attack or a buffer overflow. 

How do we get current security update information onto the news section?
Logged

eMachines EL-1300G desktop, 1.6GHz AMD Athlon 2650e CPU, 4GB RAM, nVidia GeForce 6150 SE video
CentOS 6.5 (will try VL64-7.1 soon)

Toshiba Satellite A135-S4727,  Intel Pentium T2080 / 1.73 GHz, 2GB RAM, Intel GMA 950

HP Mini 110 netbook, 1.6GHz Intel Atom CPU, 2GB RAM, Intel 950 video, VL 7.1
todds
Member
*
Posts: 14



« Reply #78 on: September 24, 2008, 01:13:42 pm »

I have one serious concern about our new website now.  The news section on the right shows security updates.  This is a good thing.  However, it looks like we haven't had a security update since July.  If that was true we'd have all sorts of interesting unpatched vulnerabilities.

The thing is, we have had security updates since then.  xine-lib-1.1.15 in is patches (VL 5.9) and I just put a package for it in testing for VL 6.0.  It closes security vulnerabilities in previous versions that could have allowed a DoS attack or a buffer overflow. 

How do we get current security update information onto the news section?

i agree with caitlyn everthing looks very good,but we need a consistent approach to security,for example i haven`t received one security bulletin since signing up for the security newsletter,it is these small things that need sorting out really...

thanks

todders
Logged

VL 6.0 RC3 on Athlon AMD Athlon™ 2650e Emachines D620
rbistolfi
Packager
Vectorian
****
Posts: 2288


« Reply #79 on: September 24, 2008, 01:20:22 pm »

I have one serious concern about our new website now.  The news section on the right shows security updates.  This is a good thing.  However, it looks like we haven't had a security update since July.  If that was true we'd have all sorts of interesting unpatched vulnerabilities.

The thing is, we have had security updates since then.  xine-lib-1.1.15 in is patches (VL 5.9) and I just put a package for it in testing for VL 6.0.  It closes security vulnerabilities in previous versions that could have allowed a DoS attack or a buffer overflow. 

How do we get current security update information onto the news section?

Cait, we are having som tech difficulty with my permissions in the website and I cant add content now, please be patience the site will be updated soon.
Thanks.
Logged

"There is a concept which corrupts and upsets all others. I refer not to Evil, whose limited realm is that of ethics; I refer to the infinite."
Jorge Luis Borges, Avatars of the Tortoise.

--
Jumalauta!!
Masta
Global Moderator
Vectorian
*****
Posts: 725



« Reply #80 on: September 24, 2008, 03:28:26 pm »

Yeah, so please put away the tire irons, the baseball bats, the spiked balls on chains, the flaming torches, and whatever else you're staffing there.

 Cheesy
Logged
caitlyn
Packager
Vectorian
****
Posts: 2876


WWW
« Reply #81 on: September 24, 2008, 06:26:19 pm »

Red hot flaming tongs.  I'll leave it to your imagination where I'd apply them   Grin

Seriously, security issues are something I am very paranoid about since I've done so much security work in recent years.  I've cleaned up the mess after an incident and that is a whole lot of no fun, though it is usually good for lots of overtime and the bank account.

We've had three security announcements today alone, BTW.  No new packages yet, though.
Logged

eMachines EL-1300G desktop, 1.6GHz AMD Athlon 2650e CPU, 4GB RAM, nVidia GeForce 6150 SE video
CentOS 6.5 (will try VL64-7.1 soon)

Toshiba Satellite A135-S4727,  Intel Pentium T2080 / 1.73 GHz, 2GB RAM, Intel GMA 950

HP Mini 110 netbook, 1.6GHz Intel Atom CPU, 2GB RAM, Intel 950 video, VL 7.1
Dweeberkitty
Packager
Vectorian
****
Posts: 836



WWW
« Reply #82 on: September 24, 2008, 08:08:54 pm »

Red hot flaming tongs.  I'll leave it to your imagination where I'd apply them   Grin

Seriously, security issues are something I am very paranoid about since I've done so much security work in recent years.  I've cleaned up the mess after an incident and that is a whole lot of no fun, though it is usually good for lots of overtime and the bank account.

We've had three security announcements today alone, BTW.  No new packages yet, though.

Maybe we can get a script built that automatically pulls security updates from slacky.eu or wherever, does a convertpkg on them, and then uploads them to the repo? Just a thought, but if we automate it, all we'd have to do is monitor it to make sure it keeps working. Maybe I'm missing something and it wouldn't work at all like that, but possibly worth a shot? That way we don't have to rely on our manpower to build security updates.
Logged

Registered Linux User #443399
Desktop: Intel Pentium D 3.33Ghz, 320GB hard drive, 2 gigs DDR2 533mhz RAM, NVIDIA Geforce 7800 GS, X2GEN 22" widescreen monitor;
Laptop: Dell Mini 9, Intel Atom 1.6Ghz, 1GB ram
Multimedia Bonus Disc website: http://www.vectorlinuxsolutions.com/
kidd
Packager
Vectorian
****
Posts: 682


« Reply #83 on: September 25, 2008, 12:04:13 am »

rbistolfi and I already did that script.   Unfortunately, things are usually nicer in your imagination than reality, and many packages need extra tweaking to package them for VL.  We could do a kind of db for tweaks and automate it when we've done them once.

I can't find the code, maybe rbistolfi can paste it here or point where is it
Logged

rbistolfi
Packager
Vectorian
****
Posts: 2288


« Reply #84 on: September 25, 2008, 08:12:03 am »

I am at "work" now Grin, I will look for the code at home. It is for our Slackware based packages, i.e. the core of VectorLinux. It is what I use for our slack based packages.
Anyway, the problem now is not the availability of the packages! They are available in the repository very soon, with just a few exceptions. I dont think we should use slacky.eu packages or other 3rd party packages but slackware ones, is just too dangerous  we just dont know how they build them.

Red hot flaming tongs.  I'll leave it to your imagination where I'd apply them   Grin

Seriously, security issues are something I am very paranoid about since I've done so much security work in recent years.  I've cleaned up the mess after an incident and that is a whole lot of no fun, though it is usually good for lots of overtime and the bank account.

We've had three security announcements today alone, BTW.  No new packages yet, though.

Hehe, don't be paranoid, we need you healthy Wink
I have done security work as well and there is nothing to clean up now Tongue

Logged

"There is a concept which corrupts and upsets all others. I refer not to Evil, whose limited realm is that of ethics; I refer to the infinite."
Jorge Luis Borges, Avatars of the Tortoise.

--
Jumalauta!!
caitlyn
Packager
Vectorian
****
Posts: 2876


WWW
« Reply #85 on: September 25, 2008, 10:49:13 am »

Rodrigo, thanks for working on this so quickly.

Well.. the slightly heated discussion about security in the forum seems to have lit a fire under a number of people.  Vector already has a firefox 3.0.2 package in the repository.  I don't know how quickly the new seamonkey and postgresql packages will show up but I did notice that Joe1962 announced those issues very quickly as well.  If we all do a little and work together I think we can keep VL easy to secure and keep updated for our user community without becoming overwhelmed or buried in "work".

Again, thanks for all the efforts here.  That's one thing I love about the VL devs, both the core folks and all the volunteers:  when they see a problem they do their best to solve it right away.  Some other unnamed distros get all defensive and circle the wagons instead.  I like the VL way much better.

Oh, and Rodrigo, paranoia can be very healthy sometimes.
Logged

eMachines EL-1300G desktop, 1.6GHz AMD Athlon 2650e CPU, 4GB RAM, nVidia GeForce 6150 SE video
CentOS 6.5 (will try VL64-7.1 soon)

Toshiba Satellite A135-S4727,  Intel Pentium T2080 / 1.73 GHz, 2GB RAM, Intel GMA 950

HP Mini 110 netbook, 1.6GHz Intel Atom CPU, 2GB RAM, Intel 950 video, VL 7.1
rbistolfi
Packager
Vectorian
****
Posts: 2288


« Reply #86 on: September 25, 2008, 10:50:57 am »

Well, finally the following announcements were added to the news section and the VL security feed:

http://vectorlinux.com/collections/security/RSS
Quote
Seamonkey security upgrade
Link-grammar  (Abiword plugin) security upgrade
Xine-lib security upgrade
Libxslt security upgrade
Net-snmp security upgrade
OpenSSH upgrade
OpenSSL security update
Pcre security upgrade

Duh, I missed the python upgrade from vec7 Grin. I will have to add that one. If I am missing some other please let me know.
Thanks everybody for understanding, we will be working for avoiding this kind of problem in the future Smiley
Logged

"There is a concept which corrupts and upsets all others. I refer not to Evil, whose limited realm is that of ethics; I refer to the infinite."
Jorge Luis Borges, Avatars of the Tortoise.

--
Jumalauta!!
rbistolfi
Packager
Vectorian
****
Posts: 2288


« Reply #87 on: September 25, 2008, 11:00:19 am »

Rodrigo, thanks for working on this so quickly.

Well.. the slightly heated discussion about security in the forum seems to have lit a fire under a number of people.  Vector already has a firefox 3.0.2 package in the repository.  I don't know how quickly the new seamonkey and postgresql packages will show up but I did notice that Joe1962 announced those issues very quickly as well.  If we all do a little and work together I think we can keep VL easy to secure and keep updated for our user community without becoming overwhelmed or buried in "work".

Again, thanks for all the efforts here.  That's one thing I love about the VL devs, both the core folks and all the volunteers:  when they see a problem they do their best to solve it right away.  Some other unnamed distros get all defensive and circle the wagons instead.  I like the VL way much better.

Oh, you posted while I was writting Smiley
Well I dont see a reason to get all defensive, nobody was attacking VL and we are all part of the same project right? We all want the best for VL that is why the discussions are so nice Grin
The security discussion is interesting and I hope we can still follow it, maybe in another thread.

I take postgresql for tonight, Incognu already submited Seamonkey upgrades for 5.8, 5.9 and 6.0, wow incognu you are awesome. I will announce Firefox 3 upgrade as well. I think at this point we are missing only FF 2.0.0.16 and Thunderbird. I promise to pkg those as soon as I can make the time. If someone wants to jump in please do it Grin

Quote
Oh, and Rodrigo, paranoia can be very healthy sometimes.

Not in my dictionary but that was a joke nothing more, I don't wanna start a Psicology flamewar Grin
Logged

"There is a concept which corrupts and upsets all others. I refer not to Evil, whose limited realm is that of ethics; I refer to the infinite."
Jorge Luis Borges, Avatars of the Tortoise.

--
Jumalauta!!
Joe1962
Administrator
Vectorian
*****
Posts: 2499



WWW
« Reply #88 on: September 25, 2008, 11:06:17 am »

Heh, and you posted when I clicked "Reply", lol. Luckily the Forum warned me. Anyway, like you mentioned, incognu already did SeaMonkey, as I knew he would soon enough. It's great that he is maintaining it for 3 versions of VL! About PostgreSQL, toothandnail PMed me and I sent him my template and script for it, but I'm sure he won't be angry if I send it to you too in case he is busy today.
Logged

O'Neill (RE the Asgard): "Usually they ask nicely before they ignore us and do what they damn well please."
http://joe1962.bigbox.info
Running: VL 7 Std 64 + self-cooked XFCE-4.10
caitlyn
Packager
Vectorian
****
Posts: 2876


WWW
« Reply #89 on: September 25, 2008, 11:12:25 am »

I probably won't get to build postgresql.  This repository maintenance stuff is time consuming and my time today and tomorrow is limited.  I'll just be happy to get all the new packages in place, the scripts run, and the announcements made.

I still have a ton of stuff i want to build for VL 6 internationalization/localizaton too.
Logged

eMachines EL-1300G desktop, 1.6GHz AMD Athlon 2650e CPU, 4GB RAM, nVidia GeForce 6150 SE video
CentOS 6.5 (will try VL64-7.1 soon)

Toshiba Satellite A135-S4727,  Intel Pentium T2080 / 1.73 GHz, 2GB RAM, Intel GMA 950

HP Mini 110 netbook, 1.6GHz Intel Atom CPU, 2GB RAM, Intel 950 video, VL 7.1
Pages: 1 ... 4 5 [6] 7
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2013, Simple Machines Valid XHTML 1.0! Valid CSS!