Re: We need a maintained-by-TU chrome/chromium... (Juan Diego) There are enough arch user maintained repo's, you could ask them to package it beside that how much work is AUR ;) 2009/11/18 <arch-general-request@xxxxxxxxxxxxx> > Send arch-general mailing list submissions to > arch-general@xxxxxxxxxxxxx > > To subscribe or unsubscribe via the World Wide Web, visit > http://mailman.archlinux.org/mailman/listinfo/arch-general > or, via email, send a message with subject or body 'help' to > arch-general-request@xxxxxxxxxxxxx > > You can reach the person managing the list at > arch-general-owner@xxxxxxxxxxxxx > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of arch-general digest..." > > > Today's Topics: > > 1. Re: MUA (Alexandr Bashmakov) > 2. Re: pam settings INSECURE (bender02) > 3. Re: pam settings INSECURE (Xavier) > 4. Re: pam settings INSECURE (bender02) > 5. Re: pam settings INSECURE (Jan de Groot) > 6. We need a maintained-by-TU chrome/chromium... (Hamo) > 7. Re: pam settings INSECURE (Xavier) > 8. Re: We need a maintained-by-TU chrome/chromium... (Daenyth Blank) > 9. Re: We need a maintained-by-TU chrome/chromium... (Juan Diego) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Wed, 18 Nov 2009 17:26:04 +0700 > From: Alexandr Bashmakov <alex.teorver@xxxxxxxxx> > Subject: Re: [arch-general] MUA > To: General Discusson about Arch Linux <arch-general@xxxxxxxxxxxxx> > Message-ID: > <7d16d2700911180226q14e0d1bbtf1ad3095687a38a5@xxxxxxxxxxxxxx> > Content-Type: text/plain; charset=UTF-8 > > http://notmuchmail.org/ > > > ------------------------------ > > Message: 2 > Date: Wed, 18 Nov 2009 12:58:46 +0100 > From: bender02 <bender02@xxxxxxxxxxxx> > Subject: Re: [arch-general] pam settings INSECURE > To: General Discusson about Arch Linux <arch-general@xxxxxxxxxxxxx> > Message-ID: > <6eefa5460911180358n14f3937esc3a3dea388c09ef3@xxxxxxxxxxxxxx> > Content-Type: text/plain; charset=ISO-8859-1 > > 2009/11/18 Ng Oon-Ee <ngoonee@xxxxxxxxx>: > > The *disadvantage* is that the devs/maintainers have to patch up-stream. > > This should be kept to a minimum, primarily to reduce their workload, > > and also because it is ASSUMED that if you use Arch, you're capable of > > doing the Right Thing (tm) according to your situation, or at least > > finding out how to. > > If you would take the time to look at the packages that are involved > in this (namely shadow and kdebase-workspace), you'd see that both > /etc/pam.d/login and /etc/pam.d/kde are manually suplied alongside the > PKGBUILDs. So in this case, it's not "patching" but straight > "replacing" the "upstream". > > > ------------------------------ > > Message: 3 > Date: Wed, 18 Nov 2009 14:07:39 +0100 > From: Xavier <shiningxc@xxxxxxxxx> > Subject: Re: [arch-general] pam settings INSECURE > To: General Discusson about Arch Linux <arch-general@xxxxxxxxxxxxx> > Message-ID: > <91752840911180507l43f7899ncea46da9f73e2e1e@xxxxxxxxxxxxxx> > Content-Type: text/plain; charset=ISO-8859-1 > > On Wed, Nov 18, 2009 at 6:40 AM, Caleb Cushing <xenoterracide@xxxxxxxxx> > wrote: > > so here's the problem I've discovered > > > http://xenoterracide.blogspot.com/2009/11/bypassing-disabled-accounts-with-kdm.html > > < links to arch bug included posting here because I believe both kde's > > and arch's developers responses are less than satisfactory. This is a > > security bug an easy to fix without making users lives more difficult. > > > > so I'm starting with /etc/pam.d/login > > > > auth ? ? ? ?required ? ?pam_shells.so #add this: why let someone login > > who has an invalid shells. > > > > > > /etc/pam.d/kdm # I'm pretty sure it should be 99% the same as login > > since it allows logins. > > > > #%PAM-1.0 > > auth ? ? ? ?requisite ? pam_nologin.so > > auth ? ? ? ?required ? ?pam_unix.so nullok > > auth ? ? ? ?required ? ?pam_shells.so # as my blog says setting an > > invalid shell is a common way of disabling accounts. > > auth ? ? ? ?required ? ?pam_tally.so onerr=succeed file=/var/log/faillog > > # use this to lockout accounts for 10 minutes after 3 failed attempts > > #auth ? ? ? required ? ?pam_tally.so deny=2 unlock_time=600 onerr=succeed > file=/ > > account ? ? required ? ?pam_access.so > > account ? ? required ? ?pam_time.so > > account ? ? required ? ?pam_unix.so > > password ? ?required ? ?pam_unix.so > > #password ? required ? ?pam_cracklib.so difok=2 minlen=8 dcredit=2 > ocredit=2 ret > > #password ? required ? ?pam_unix.so md5 shadow use_authtok > > session ? ? required ? ?pam_unix.so > > session ? ? required ? ?pam_env.so > > session ? ? required ? ?pam_limits.so > > > > also I believe pam_tally2 replaces pam_tally may wish to consider > > migrating (non urgent next release?) > > > > So basically you just need to add "auth required > pam_shells.so" to all pam files related to login, correct ? > Or what were the other problematic settings of pam.d/kde ? > > The comments about this being an upstream problem are invalid, as > these pam files are all shipped by arch : > http://repos.archlinux.org/wsvn/packages/kdebase-workspace/trunk/ > http://repos.archlinux.org/wsvn/packages/shadow/trunk/login > > Note that this problem probably exists with all login managers. For > example gdm does not have pam_shells.so either. > http://repos.archlinux.org/wsvn/packages/gdm/trunk/ > > And I am curious to know what the pam settings of other distro are > (debian,fedora,gentoo,..). > > Finally, maybe it makes sense to try keeping all the different pam > login files as consistent as possible. But I don't know enough about > pam to tell. > > > ------------------------------ > > Message: 4 > Date: Wed, 18 Nov 2009 14:17:24 +0100 > From: bender02 <bender02@xxxxxxxxxxxx> > Subject: Re: [arch-general] pam settings INSECURE > To: General Discusson about Arch Linux <arch-general@xxxxxxxxxxxxx> > Message-ID: > <6eefa5460911180517m50a1edcbt518c04950f7203bb@xxxxxxxxxxxxxx> > Content-Type: text/plain; charset=ISO-8859-1 > > On Wed, Nov 18, 2009 at 2:07 PM, Xavier <shiningxc@xxxxxxxxx> wrote: > > And I am curious to know what the pam settings of other distro are > > (debian,fedora,gentoo,..). > > > > Finally, maybe it makes sense to try keeping all the different pam > > login files as consistent as possible. But I don't know enough about > > pam to tell. > > Some other distros (opensuse, ubuntu, fedora at least) use > 'common-auth' (and probably some other 'common-*' files) in > /etc/pam.d/, which are then included in the particular pam files. > Hence all pam files are consistent. On the other hand, if you need > more fine-grained control, you need to edit and consolidate more files > than with the current arch setup. [I like arch's system better, but > who cares about that :)] > > > ------------------------------ > > Message: 5 > Date: Wed, 18 Nov 2009 14:24:24 +0100 > From: Jan de Groot <jan@xxxxxxxxxxxxxx> > Subject: Re: [arch-general] pam settings INSECURE > To: General Discusson about Arch Linux <arch-general@xxxxxxxxxxxxx> > Message-ID: <1258550664.4737.4.camel@jan> > Content-Type: text/plain; charset="UTF-8" > > On Wed, 2009-11-18 at 14:17 +0100, bender02 wrote: > > On Wed, Nov 18, 2009 at 2:07 PM, Xavier <shiningxc@xxxxxxxxx> wrote: > > > And I am curious to know what the pam settings of other distro are > > > (debian,fedora,gentoo,..). > > > > > > Finally, maybe it makes sense to try keeping all the different pam > > > login files as consistent as possible. But I don't know enough about > > > pam to tell. > > > > Some other distros (opensuse, ubuntu, fedora at least) use > > 'common-auth' (and probably some other 'common-*' files) in > > /etc/pam.d/, which are then included in the particular pam files. > > Hence all pam files are consistent. On the other hand, if you need > > more fine-grained control, you need to edit and consolidate more files > > than with the current arch setup. [I like arch's system better, but > > who cares about that :)] > > The reason for shipping custom pam files is because we don't have > common-* files in arch. The gdm file is a straight copy from the login > file, with some added modules for gnome-keyring to get that daemon > started on login. With common-auth, we could just @include common-auth > from the pam file, which is much easier. > > > > ------------------------------ > > Message: 6 > Date: Wed, 18 Nov 2009 21:48:26 +0800 > From: Hamo <hamo.by@xxxxxxxxx> > Subject: [arch-general] We need a maintained-by-TU chrome/chromium... > To: arch-general@xxxxxxxxxxxxx > Message-ID: > <55b9903b0911180548r19eda9b9x1687aab9085c11eb@xxxxxxxxxxxxxx> > Content-Type: text/plain; charset=ISO-8859-1 > > Dear Archlinux users, > Chrome is likely to be a daily-use web browser and with the Chrome OS > releasing,it will become more and more reliable.Archlinux is a > rolling-release distribution and it aims at being bleeding edge.So we > should have a maintained-by-TU chrome/chromium and it is really > useful... > > -- > Nick Name:Hamo > Website:http://hamobai.com/ > > > ------------------------------ > > Message: 7 > Date: Wed, 18 Nov 2009 14:52:42 +0100 > From: Xavier <shiningxc@xxxxxxxxx> > Subject: Re: [arch-general] pam settings INSECURE > To: General Discusson about Arch Linux <arch-general@xxxxxxxxxxxxx> > Message-ID: > <91752840911180552u6626b43at10e6e2c7667a2426@xxxxxxxxxxxxxx> > Content-Type: text/plain; charset=ISO-8859-1 > > On Wed, Nov 18, 2009 at 2:24 PM, Jan de Groot <jan@xxxxxxxxxxxxxx> wrote: > > On Wed, 2009-11-18 at 14:17 +0100, bender02 wrote: > >> On Wed, Nov 18, 2009 at 2:07 PM, Xavier <shiningxc@xxxxxxxxx> wrote: > >> > And I am curious to know what the pam settings of other distro are > >> > (debian,fedora,gentoo,..). > >> > > >> > Finally, maybe it makes sense to try keeping all the different pam > >> > login files as consistent as possible. But I don't know enough about > >> > pam to tell. > >> > >> Some other distros (opensuse, ubuntu, fedora at least) use > >> 'common-auth' (and probably some other 'common-*' files) in > >> /etc/pam.d/, which are then included in the particular pam files. > >> Hence all pam files are consistent. On the other hand, if you need > >> more fine-grained control, you need to edit and consolidate more files > >> than with the current arch setup. [I like arch's system better, but > >> who cares about that :)] > > > > The reason for shipping custom pam files is because we don't have > > common-* files in arch. The gdm file is a straight copy from the login > > file, with some added modules for gnome-keyring to get that daemon > > started on login. With common-auth, we could just @include common-auth > > from the pam file, which is much easier. > > > > > > That sounds good. > I filed http://bugs.archlinux.org/task/17188 > > > ------------------------------ > > Message: 8 > Date: Wed, 18 Nov 2009 08:54:40 -0500 > From: Daenyth Blank <daenyth+arch@xxxxxxxxx <daenyth%2Barch@xxxxxxxxx>> > Subject: Re: [arch-general] We need a maintained-by-TU > chrome/chromium... > To: General Discusson about Arch Linux <arch-general@xxxxxxxxxxxxx> > Message-ID: > <ea09a6380911180554w59527b1bg81fd22d94fa75d55@xxxxxxxxxxxxxx> > Content-Type: text/plain; charset=UTF-8 > > On Wed, Nov 18, 2009 at 08:48, Hamo <hamo.by@xxxxxxxxx> wrote: > > Dear Archlinux users, > > Chrome is likely to be a daily-use web browser and with the Chrome OS > > releasing,it will become more and more reliable.Archlinux is a > > rolling-release distribution and it aims at being bleeding edge.So we > > should have a maintained-by-TU chrome/chromium and it is really > > useful... > > > If you're interested, I recommend finding a sponsor so that you can > apply... > > There are lots of software projects that would be good to have, but it > only makes sense to keep them in the repos if someone is interested in > maintaining them. > > > ------------------------------ > > Message: 9 > Date: Wed, 18 Nov 2009 23:05:06 +0900 > From: Juan Diego <juantascon@xxxxxxxxx> > Subject: Re: [arch-general] We need a maintained-by-TU > chrome/chromium... > To: General Discusson about Arch Linux <arch-general@xxxxxxxxxxxxx> > Message-ID: > <b3095c50911180605h211fe211oee2a7b3902ab482a@xxxxxxxxxxxxxx> > Content-Type: text/plain; charset=UTF-8 > > I would be happy to maintain that package, but unfortunately Im not a TU > > dont you think archlinux should have something similar to ppa from > ubuntu so that it will be easier to maintain and promote personal > repositories, aur is a good option but if I would have to choose > between using a packages from aur or using a package from a personal > repository from somebody I wouldnt think it twice, I would choose the > personal repo one. > > On Wed, Nov 18, 2009 at 10:54 PM, Daenyth Blank <daenyth+arch@xxxxxxxxx<daenyth%2Barch@xxxxxxxxx>> > wrote: > > On Wed, Nov 18, 2009 at 08:48, Hamo <hamo.by@xxxxxxxxx> wrote: > >> Dear Archlinux users, > >> Chrome is likely to be a daily-use web browser and with the Chrome OS > >> releasing,it will become more and more reliable.Archlinux is a > >> rolling-release distribution and it aims at being bleeding edge.So we > >> should have a maintained-by-TU chrome/chromium and it is really > >> useful... > >> > > If you're interested, I recommend finding a sponsor so that you can > apply... > > > > There are lots of software projects that would be good to have, but it > > only makes sense to keep them in the repos if someone is interested in > > maintaining them. > > > > > ------------------------------ > > _______________________________________________ > arch-general mailing list > arch-general@xxxxxxxxxxxxx > http://mailman.archlinux.org/mailman/listinfo/arch-general > > > End of arch-general Digest, Vol 61, Issue 39 > ******************************************** > -- Jelle
