turlutton 2017-02-25 00:49:46
It seems I still have the map
turlutton 2017-02-25 00:53:01
Ha, it did work with a relative path..
qdb 2017-02-25 00:58:42
hello. i have just now made apt-get update, then ... upgrade, and it suggest me to install new linux image (3.16.0-4-58), passwd, login. can i check on some debian official site information about this updates?
themill 2017-02-25 00:59:17
!dsa
dpkg 2017-02-25 00:59:17
[dsa] Debian Security Announcement, see http://www.debian.org/security/ and http://lists.debian.org/debian-security-announce/ ; RSS feeds at http://www.debian.org/security/dsa (titles only) and http://www.debian.org/security/dsa-long (summaries). Ask me about for information about the packages affected. See also , , .
qdb 2017-02-25 01:00:57
i have already opened https://www.debian.org/security/ but did not see there all of them. there is not login and passwd. but there is shadow. there is linux but i cannot see linux version there.
qdb 2017-02-25 01:02:03
here https://lists.debian.org/debian-security-announce/2017/threads.html is similar
themill 2017-02-25 01:02:10
,binaries shadow
judd 2017-02-25 01:02:11
Source shadow in jessie: Binaries: login, passwd, uidmap
qdb 2017-02-25 01:03:18
here https://www.debian.org/security/dsa is similar
themill 2017-02-25 01:03:42
what does "is similar" mean?
themill 2017-02-25 01:04:05
it similarly contains the information you need?
qdb 2017-02-25 01:04:29
themill: "did not see there all of them. there is not login and passwd. but there is shadow. there is linux but i cannot see linux version there"
qdb 2017-02-25 01:05:26
do you have found proof for the login and passwd packages?
themill 2017-02-25 01:05:34
What judd said
qdb 2017-02-25 01:06:27
but when it says affected packages are only shadow in https://www.debian.org/security/2017/dsa-3793
qdb 2017-02-25 01:06:35
why it says
themill 2017-02-25 01:06:53
because the source package is called shadow
dutchfish 2017-02-25 01:07:43
https://tracker.debian.org/pkg/shadow
qdb 2017-02-25 01:07:56
ok. must you add comma before you write "binaries" command here ?
themill 2017-02-25 01:08:17
qdb: you can /msg judd
qdb 2017-02-25 01:08:31
binaries shadow
dutchfish 2017-02-25 01:10:23
qdb, CVE-2017-2616 is already fixed in SID
dutchfish 2017-02-25 01:10:54
fyi
themill 2017-02-25 01:10:58
not very relevant for a jessie user though
dutchfish 2017-02-25 01:11:11
themill, nope, indeed
dutchfish 2017-02-25 01:11:33
themill, oops, that already went to jessie as well
dutchfish 2017-02-25 01:11:42
themill, not stretch
dutchfish 2017-02-25 01:12:10
themill, https://security-tracker.debian.org/tracker/source-package/shadow
qdb 2017-02-25 01:16:17
dutchfish: thank you, i see there list of binaries in left column, and i think it is more trustable source
themill 2017-02-25 01:16:57
qdb: you should be trusting your local apt...
qdb 2017-02-25 01:17:56
i do not trust my computer much , generally
themill 2017-02-25 01:18:23
All tracker.d.o is showing you is the same information that apt is showing you -- what is on the mirror
qdb 2017-02-25 01:18:37
btw i am sitting in windows an debian is in vbox
dutchfish 2017-02-25 01:18:38
qdb, do as themill adviced, there is no absolute trust, check the hashes
themill 2017-02-25 01:18:49
which is what apt does
qdb 2017-02-25 01:19:53
but i would not trust generallt also if i worked in linux, because i cannot check binaries i download, neither sources , because they are big
dutchfish 2017-02-25 01:20:57
qdb, all sources is compressed tho. hence we will get signed kernels
dutchfish 2017-02-25 01:21:12
(soon)
mcrt 2017-02-25 01:21:18
qdb: you trust windows more than linux?
qdb 2017-02-25 01:21:38
but that is other thing, it is trust to debian itself. but in first case, about login and passwd i was checking some third party hack
themill 2017-02-25 01:21:49
but you'd trust your browser
qdb 2017-02-25 01:22:24
i think hackers would be quite lazy to make fake security site
dutchfish 2017-02-25 01:22:45
qdb, wrong, but feel free to join #d-o
qdb 2017-02-25 01:23:37
dutchfish: it is empty channel
SuperTramp83 2017-02-25 01:24:10
debian offtopic, mate
themill 2017-02-25 01:24:10
qdb: at the point where you're hypothesising that someone has come up with fake updates for login and passwd, got them into the repo, got the keys to sign the repo so that your apt trusts it, do you think they'd have trouble making a web page for you?
dutchfish 2017-02-25 01:24:10
qdb, ok, sorry: freenode #debian-offtopic
qdb 2017-02-25 01:28:08
themill: "got them into the repo" - no, i think my windows an debian can be hacked and local keys can be swapped to other keys
Shadow_7 2017-02-25 01:28:11
A lot of hackers are employers by state actors. There is no lazy when it comes to a paycheck
Shadow_7 2017-02-25 01:28:34
s/employers/employed/
themill 2017-02-25 01:29:50
qdb: but you'd trust your browser
qdb 2017-02-25 01:30:34
mcrt: i think linux itself is just a little more trustable than windows itself .
qdb 2017-02-25 01:30:49
themill: browser also have local keys
BluesKaj 2017-02-25 01:31:00
we get the drift , all this letter/word/correct word implies inability to understand typos ...think it's silly
qdb 2017-02-25 01:31:30
mcrt: i mean a linux distro like debian
SuperTramp83 2017-02-25 01:32:18
qdb, definitely #debian-offtopic
dutchfish 2017-02-25 01:33:20
qdb, to my humble opinion, Debian can be the most secure system in the hands of a well skilled admin, the changes that an unskilled admin hoses it up are sometimes bigger. Read the Debian security guidelines and about hardening your systems.
qdb 2017-02-25 01:33:49
mcrt: does anybody sitting and checking all or at least some part of binariy updates , directly, for malware? if so they also can check windows binaries. then their producers can be traced back ...
Dreaman 2017-02-25 01:39:15
!stretch
dpkg 2017-02-25 01:39:16
The release following Debian 8 "Jessie" is codenamed "Stretch" (the rubber octopus in Toy Story 3) and will be Debian 9: https://lists.debian.org/debian-devel-announce/2014/11/msg00005.html. See http://wiki.debian.org/DebianStretch
gdarko 2017-02-25 01:39:50
when i do "mv *.doc Docs" it fails why?
gdarko 2017-02-25 01:39:50
"mv: invalid option -- 'P'"
themill 2017-02-25 01:41:51
gdarko: do you have a filename that starts with a -
