ubuntu-server Digest, Vol 31, Issue 29
Philippe Gayot
phgayot at gmail.com
Fri Jul 25 12:06:35 UTC 2008
Hi,
I'm responding to myself because I'd a look to this link :
http://ubuntuforums.org/showthread.php?p=4813109#post4813109 and it's good.
Phg
2008/7/25 <ubuntu-server-request at lists.ubuntu.com>:
> Send ubuntu-server mailing list submissions to
> ubuntu-server at lists.ubuntu.com
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
> or, via email, send a message with subject or body 'help' to
> ubuntu-server-request at lists.ubuntu.com
>
> You can reach the person managing the list at
> ubuntu-server-owner at lists.ubuntu.com
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of ubuntu-server digest..."
>
>
> Today's Topics:
>
> 1. Re: Server Team 20080722 meeting minutes (Ante Karamatic)
> 2. Re: Server Team 20080722 meeting minutes (Soren Hansen)
> 3. Re: Server Team 20080722 meeting minutes (Etienne Goyer)
> 4. Re: SSLv2 - do we really need it? (Michael Casadevall)
> 5. Re: Server Team 20080722 meeting minutes (Steve Langasek)
> 6. Re: SSLv2 - do we really need it? (Scott Kitterman)
> 7. Re: Server Team 20080722 meeting minutes (David Portwood)
> 8. Re: Server Team 20080722 meeting minutes (Soren Hansen)
> 9. How to change the kernel (Philippe Gayot)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Thu, 24 Jul 2008 13:09:39 +0200
> From: Ante Karamatic <ivoks at grad.hr>
> Subject: Re: Server Team 20080722 meeting minutes
> To: ubuntu-devel at lists.ubuntu.com
> Cc: ubuntu-server at lists.ubuntu.com
> Message-ID: <20080724130939.7cdaa1d9 at titanium>
> Content-Type: text/plain; charset=US-ASCII
>
> On Wed, 23 Jul 2008 12:50:22 -0700
> Scott Kitterman <ubuntu at kitterman.com> wrote:
>
> > Definitely. Let's drop it and drop it soon so we have some time to
> > deal with any packages that have problems.
>
> Patch is located here:
>
> http://www.init.hr/dev/openssl-nossl2.patch
>
>
>
> ------------------------------
>
> Message: 2
> Date: Thu, 24 Jul 2008 15:05:32 +0200
> From: Soren Hansen <soren at ubuntu.com>
> Subject: Re: Server Team 20080722 meeting minutes
> To: Steve Langasek <steve.langasek at ubuntu.com>,
> ubuntu-devel at lists.ubuntu.com, ubuntu-server at lists.ubuntu.com
> Message-ID: <20080724130532.GA13441 at ralph.linux2go.dk>
> Content-Type: text/plain; charset="us-ascii"
>
> On Wed, Jul 23, 2008 at 12:26:43PM -0700, Steve Langasek wrote:
> > On Wed, Jul 23, 2008 at 02:11:05PM -0400, Mathias Gug wrote:
> >> ivoks prepared patches for a couple of packages to disable sslv2 in
> >> their configuration. He also sent an email on ubuntu-devel about
> >> disabling sslv2 directly in the openssl package. Discussion is
> >> ongoing, with a proposal to create an openssl-sslv2 package in
> >> universe that would be built with sslv2 enabled.
> > FWIW, I think creating an openssl-sslv2 package would be the worst
> > possible solution: duplicating security-sensitive code, and making it
> > available with lesser security support. I think dropping SSLv2
> > support would be better.
>
> Err.. I don't think I follow. I imagine, we'd build the SSLv2-enabled
> packages from the same source package and just put the binary in
> universe? I believe someone in another thread gave specific examples of
> 3rd party stuff that needed SSLv2 to function. Forcing them to compile
> OpenSSL themselves seems worse to me.
>
> --
> Soren Hansen |
> Virtualisation specialist | Ubuntu Server Team
> Canonical Ltd. | http://www.ubuntu.com/
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: not available
> Type: application/pgp-signature
> Size: 307 bytes
> Desc: Digital signature
> Url :
> https://lists.ubuntu.com/archives/ubuntu-server/attachments/20080724/71dfe6cd/attachment-0001.pgp
>
> ------------------------------
>
> Message: 3
> Date: Thu, 24 Jul 2008 08:52:45 -0400
> From: Etienne Goyer <etienne.goyer at canonical.com>
> Subject: Re: Server Team 20080722 meeting minutes
> To: ubuntu-server at lists.ubuntu.com
> Message-ID: <48887B1D.1080706 at canonical.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> Mathias Gug wrote:
> > ==== RAILS integration ====
> >
> > macd reported that mod_rails has been packaged and uploaded to REVU.
> mathiaz
> > reviewed it and sent his feedback to Neil (the packager). Overall it
> looks
> > good.
> >
> > macd also mentioned the discussions he's having with the Debian
> maintainers
> > for ruby/rubygems that is taking place in bug 145267[8]. There was some
> > discussion about the issue which boils down to a PATH issue. The debian
> gems
> > and the source installed gems don't end up in the same place. Rails apps
> looks
> > in a specific place and rails isn't capable of looking in more than one
> place.
> > soren, macd and persia discussed the path issue and deferred it to
> #ubuntu-
> > server after the meeting.
> >
> > [8]: https://launchpad.net/bugs/145267
>
> There was a guy speaking at Ubuntu Live 2007 about how he deployed Rails
> on Ubuntu. He have a blog post about some of the stuff he do to
> automate the work. He is working outside the packaging framework, so I
> do not know how much of it is applicable for us, but there it is:
>
> http://blog.railsmachine.com/2007/5/25/ann-machinify-stack-toolkit
>
>
> Right now, I understand he deploy mostly on CentOS + KVM, but does his
> development on Ubuntu + KVM so he must have a clue. I will try to poke
> him in joining the list and sharing his experience.
>
>
> --
> Etienne Goyer, Senior Ubuntu System Support Analyst
> Ubuntu Certified Instructor
> Canonical, Ltd
>
>
>
> ------------------------------
>
> Message: 4
> Date: Wed, 23 Jul 2008 21:50:38 -0400
> From: "Michael Casadevall" <sonicmctails at gmail.com>
> Subject: Re: SSLv2 - do we really need it?
> To: "Ante Karamatic" <ivoks at grad.hr>
> Cc: ubuntu-server at lists.ubuntu.com, ubuntu-devel at lists.ubuntu.com
> Message-ID:
> <5a1037520807231850l5b0ce34k2a875fbef1688383 at mail.gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Well, if a user has both Universe and Main enabled, if we have a
> openssl-sslv2, which is the same package expect with SSLv2 compiled in, all
> it needs is a Replaces/Conflicts/Provides which removes the sslv3-only
> package.
>
> That way, any users who need it (and those who need likely already know)
> are
> simply an aptitiude command away from having the necessary support.
>
> On Tue, Jul 22, 2008 at 9:43 AM, Ante Karamatic <ivoks at grad.hr> wrote:
>
> > On Tue, 22 Jul 2008 08:22:13 -0500
> > "Dustin Kirkland" <kirkland at canonical.com> wrote:
> >
> > > And as soon as we get to the point where no packages depend on that,
> > > we remove it?
> >
> > Our packages shouldn't be the problem (I doubt we have sslv2-only
> > clients or servers). If there are problematic packages, then by
> > definition those problems are bugs.
> >
> > Problems are third party packages, like XYZ IMAP client from ABCD
> > company which supports only SSLv2 (I'm not aware of any program like
> > that, but you get my point). For sysadmins of servers which have
> > clients like that, openssl with SSLv2 is must have.
> >
> > I like the idea of additional package in universe. But how much
> > problems could that produce?
> >
> > --
> > ubuntu-devel mailing list
> > ubuntu-devel at lists.ubuntu.com
> > Modify settings or unsubscribe at:
> > https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
> >
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
> https://lists.ubuntu.com/archives/ubuntu-server/attachments/20080723/9ff85d0c/attachment-0001.htm
>
> ------------------------------
>
> Message: 5
> Date: Thu, 24 Jul 2008 11:02:44 -0700
> From: Steve Langasek <steve.langasek at ubuntu.com>
> Subject: Re: Server Team 20080722 meeting minutes
> To: ubuntu-devel at lists.ubuntu.com, ubuntu-server at lists.ubuntu.com
> Message-ID: <20080724180244.GV31253 at dario.dodds.net>
> Content-Type: text/plain; charset=us-ascii
>
> On Thu, Jul 24, 2008 at 03:05:32PM +0200, Soren Hansen wrote:
> > On Wed, Jul 23, 2008 at 12:26:43PM -0700, Steve Langasek wrote:
> > > On Wed, Jul 23, 2008 at 02:11:05PM -0400, Mathias Gug wrote:
> > >> ivoks prepared patches for a couple of packages to disable sslv2 in
> > >> their configuration. He also sent an email on ubuntu-devel about
> > >> disabling sslv2 directly in the openssl package. Discussion is
> > >> ongoing, with a proposal to create an openssl-sslv2 package in
> > >> universe that would be built with sslv2 enabled.
> > > FWIW, I think creating an openssl-sslv2 package would be the worst
> > > possible solution: duplicating security-sensitive code, and making it
> > > available with lesser security support. I think dropping SSLv2
> > > support would be better.
>
> > Err.. I don't think I follow. I imagine, we'd build the SSLv2-enabled
> > packages from the same source package and just put the binary in
> > universe? I believe someone in another thread gave specific examples of
> > 3rd party stuff that needed SSLv2 to function. Forcing them to compile
> > OpenSSL themselves seems worse to me.
>
> Oh. That's much more sensible than the strawman I'd apparently constructed
> in my mind.
>
> :-)
>
> Do you have a pointer to the examples of stuff still needing SSLv2? I
> hadn't seen any listed on ubuntu-devel.
>
> --
> Steve Langasek Give me a lever long enough and a Free OS
> Debian Developer to set it on, and I can move the world.
> Ubuntu Developer http://www.debian.org/
> slangasek at ubuntu.com vorlon at debian.org
>
>
>
> ------------------------------
>
> Message: 6
> Date: Thu, 24 Jul 2008 16:03:47 -0400
> From: Scott Kitterman <ubuntu at kitterman.com>
> Subject: Re: SSLv2 - do we really need it?
> To: ubuntu-server at lists.ubuntu.com
> Message-ID: <200807241603.48170.ubuntu at kitterman.com>
> Content-Type: text/plain; charset="utf-8"
>
> On Wednesday 23 July 2008 21:50, Michael Casadevall wrote:
> Top posting fixed ...
> > On Tue, Jul 22, 2008 at 9:43 AM, Ante Karamatic <ivoks at grad.hr> wrote:
> > > On Tue, 22 Jul 2008 08:22:13 -0500
> > >
> > > "Dustin Kirkland" <kirkland at canonical.com> wrote:
> > > > And as soon as we get to the point where no packages depend on that,
> > > > we remove it?
> > >
> > > Our packages shouldn't be the problem (I doubt we have sslv2-only
> > > clients or servers). If there are problematic packages, then by
> > > definition those problems are bugs.
> > >
> > > Problems are third party packages, like XYZ IMAP client from ABCD
> > > company which supports only SSLv2 (I'm not aware of any program like
> > > that, but you get my point). For sysadmins of servers which have
> > > clients like that, openssl with SSLv2 is must have.
> > >
> > > I like the idea of additional package in universe. But how much
> > > problems could that produce?
> > >
> > Well, if a user has both Universe and Main enabled, if we have a
> > openssl-sslv2, which is the same package expect with SSLv2 compiled in,
> all
> > it needs is a Replaces/Conflicts/Provides which removes the sslv3-only
> > package.
> >
> > That way, any users who need it (and those who need likely already know)
> > are simply an aptitiude command away from having the necessary support.
> >
> So SSLv2 is not sufficiently cryptographically secure for Main, but it's OK
> for Universe? I know Canonical does not promise security support for
> Universe and it's mostly done by the community, but I don't think there is
> a
> difference in the desired security level between Main and Universe.
>
> My view is that if SSLv2 is OK for Universe, we should just leave it as is
> and
> suck up the pain of updating the individual applications.
>
> Scott K
>
>
>
> ------------------------------
>
> Message: 7
> Date: Thu, 24 Jul 2008 16:55:52 -0500
> From: David Portwood <dzp at bellsouth.net>
> Subject: Re: Server Team 20080722 meeting minutes
> To: Etienne Goyer <etienne.goyer at canonical.com>
> Cc: ubuntu-server at lists.ubuntu.com
> Message-ID: <1216936552.30988.2.camel at wk5>
> Content-Type: text/plain
>
> On Thu, 2008-07-24 at 08:52 -0400, Etienne Goyer wrote:
> > Mathias Gug wrote:
> > > ==== RAILS integration ====
> > >
> > > macd reported that mod_rails has been packaged and uploaded to REVU.
> mathiaz
> > > reviewed it and sent his feedback to Neil (the packager). Overall it
> looks
> > > good.
> > >
> > > macd also mentioned the discussions he's having with the Debian
> maintainers
> > > for ruby/rubygems that is taking place in bug 145267[8]. There was some
> > > discussion about the issue which boils down to a PATH issue. The debian
> gems
> > > and the source installed gems don't end up in the same place. Rails
> apps looks
> > > in a specific place and rails isn't capable of looking in more than one
> place.
> > > soren, macd and persia discussed the path issue and deferred it to
> #ubuntu-
> > > server after the meeting.
> > >
> > > [8]: https://launchpad.net/bugs/145267
> >
> > There was a guy speaking at Ubuntu Live 2007 about how he deployed Rails
> > on Ubuntu. He have a blog post about some of the stuff he do to
> > automate the work. He is working outside the packaging framework, so I
> > do not know how much of it is applicable for us, but there it is:
> >
> > http://blog.railsmachine.com/2007/5/25/ann-machinify-stack-toolkit
> >
> >
> > Right now, I understand he deploy mostly on CentOS + KVM, but does his
> > development on Ubuntu + KVM so he must have a clue. I will try to poke
> > him in joining the list and sharing his experience.
> >
> Would be great to get another head in this. His post does seem to
> indicate he is outside of packaging, but may have osme insight on the
> deployment side of a sample app.
>
>
> >
> > --
> > Etienne Goyer, Senior Ubuntu System Support Analyst
> > Ubuntu Certified Instructor
> > Canonical, Ltd
> >
>
>
>
>
> ------------------------------
>
> Message: 8
> Date: Fri, 25 Jul 2008 08:29:25 +0200
> From: Soren Hansen <soren at ubuntu.com>
> Subject: Re: Server Team 20080722 meeting minutes
> To: ubuntu-server at lists.ubuntu.com, ubuntu-devel at lists.ubuntu.com
> Cc: Steve Langasek <steve.langasek at ubuntu.com>
> Message-ID: <20080725062925.GA14103 at ralph.linux2go.dk>
> Content-Type: text/plain; charset="us-ascii"
>
> On Thu, Jul 24, 2008 at 11:02:44AM -0700, Steve Langasek wrote:
> >> I believe someone in another thread gave specific examples of 3rd
> >> party stuff that needed SSLv2 to function. Forcing them to compile
> >> OpenSSL themselves seems worse to me.
> > Do you have a pointer to the examples of stuff still needing SSLv2? I
> > hadn't seen any listed on ubuntu-devel.
>
> I've tried looking through the ubuntu-server and ubuntu-devel{,-discuss}
> mailing list archives, and I can't seem to find it. Same for my
> irclogs. I appear to be making it all up. I suppose if noone can come up
> with a single example of anything that requires SSLv2, then I guess it's
> all a moot point and we can just disable it, and deal with the fallout
> if any should turn up.
>
> --
> Soren Hansen |
> Virtualisation specialist | Ubuntu Server Team
> Canonical Ltd. | http://www.ubuntu.com/
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: not available
> Type: application/pgp-signature
> Size: 307 bytes
> Desc: Digital signature
> Url :
> https://lists.ubuntu.com/archives/ubuntu-server/attachments/20080725/75a3ff3f/attachment-0001.pgp
>
> ------------------------------
>
> Message: 9
> Date: Fri, 25 Jul 2008 12:29:02 +0200
> From: "Philippe Gayot" <phgayot at gmail.com>
> Subject: How to change the kernel
> To: ubuntu-server at lists.ubuntu.com
> Message-ID:
> <ecb0dcfd0807250329i7260a6bfkf20449a2359fa74d at mail.gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> Hi,
>
> To learn about "ubuntu-server", I want to install this OS on a notebook
> Dell
> D505 (Pentium M) and I have this error :
> "This kernel requires the following features not present on the CPU : 0:6
> Unable to boot - please use a kernel appropriate for your CPU"
>
> How to choose & to install the good kernel ?
>
> Thanks
>
> --
> Ph. Gayot
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
> https://lists.ubuntu.com/archives/ubuntu-server/attachments/20080725/819986a1/attachment.htm
>
> ------------------------------
>
> --
> ubuntu-server mailing list
> ubuntu-server at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
> More info: https://wiki.ubuntu.com/ServerTeam
>
> End of ubuntu-server Digest, Vol 31, Issue 29
> *********************************************
>
--
Ph. Gayot
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-server/attachments/20080725/3070dbb2/attachment.html>
More information about the ubuntu-server
mailing list