I gave up because pipx refuses to install urwid, and I think Debian's version is drumroll way too old. ;)
I wish pipx just had scli. There's an scli package in PyPI, but it's literally an empty placeholder for nothing.
Infuriating.
The funny part about the removal of networking from the default #keepassxc package on #debian, is that they did it for "security" reasons, without thinking that the MOST INSECURE way to transfer a #password to your #browser is via the CLIPBOARD. Absolutely every running app or service can read the clipboard! And yet, that's the default way they expect users to do it now!
🌀 16 years of CVE-2008-0166 - Debian OpenSSL Bug
— 16years.secvuln.info
"A patch in Debian's and Ubuntu's OpenSSL packages broke the random number generator, effectively limiting the number of possible keys to a few ten thousand plausible variations"
On the topic of "key rotation, it's not just for HTTPS", @hanno finds hundreds of DKIM keys apparently generated using the #Debian#OpenSSL predictable PRNG vulenrability from 2008 (CVE-2008-0166):
Schade das der Maintainer des Debian-Paketes nicht ansatzweise die Funktionalität eines Passwortmanagers verstanden hat. Meiner Meinung nach missbraucht hier ein Paketbetreuer seine Kompetenzen. Letzlich schadet er mit seiner Vorgehensweise Debian insgesamt als Linuxdistribution.
@goebbe@bluelupo aber anders herum wäre es besser und Debian konform. KeepassXC mit vollem Funktionsumfang, wie gewohnt und erwartbar, und daneben eine KeepassXC-tiny ohne die Netzwerk- und Browserfunktionen anbieten.
Wenn der Package-Maintainer die Software die er packertiert selber nicht nutzt... Ich hab schon wieder massive Kopfschmerzen...
"...schreibt Klode, dass er die [...] diese Funktionen entfernt. Diese dienten vermutlich dem Nachladen eines favicon einer Webseite, meint der Maintainer. Er gehe davon aus, dass die meisten Leute nicht wollten, dass ihre Passwort-Manager irgendwohin verbinden, wovon sie nichts wüssten."
@wonka trotzdem ist das nicht der richtige Weg. Wenn der Package maintainer meint es besser zu wissen als die Entwickler, dann soll er das Programm forken und unter eigenem Namen weiterführen.
Abgesehen davon wäre es auch nicht das erste Mal, dass Sicherheitslücken erst durch unsachgemäße Patches aufgetreten sind oder ausnutzbar wurden
@nixCraft Using it with Pi-Hole for a couple years or so, works like a charm!
Didn't know it has built-in support for blocking, but Pi-Hole at least has a great Web UI with stats et al. 😉
The whole #KeePassXC#Debian thing is kinda giving me second thoughts wrt. the whole #Linux distro and #opensource packaging thing in general. My understanding of the implied agreement between me as a dev and a distro's package maintainer is: the maintainer, to the best of their ability, tries to make my software work "as intended". In return, they get to publish it under my software's name.
That's clearly not how Debian views things. And I can't accept distros publishing broken sw w/ my name.
@deshipu Yeah, I get that. But the "threat model" here isn't really "someone else writes different software and releases it under the same name as my software", but "Debian takes my source code, breaks it in key ways, and releases it under the same name"
I see some people are really disappointed about Debian packaging a stripped-down version of KeePassXC. But hey, I actually wish there was also a minimal @thunderbird package without integrations of IRC or Matrix etc, just with core email functionality.
@thunderbird I joined Mozilla Connect just to submit this proposal. From what I've seen, submissions on there tend to be lengthy paragraphs lacking in clarity. I've written it in the structured style of Fedora changes, thanks to @Conan_Kudo :P
@triskelion@Conan_Kudo Okay, thanks not only for posting the submission AND for doing it with such an awesome template! (We're sort of a fan of Neal's here!)
This "packagers thinking they know better than the developers, and unilaterally patching things" mentality, along with distros often shipping outdated versions, is why many upstream software developers dislike dealing with Debian (& any LTS distro), and now ask users to test/run #Flatpak versions of their applications first and foremost.
@nekohayo@keepassxc Honestly, that sounds like a reasonable take, especially considering the reply of the former maintainer below.
Still, a compromise in providing both the full and a hardened minimal version could surely be done to make everyone happy with it, that's what is done with Nginx and many other packages as well.
Flatpak is indeed a platform for third-party apps while distros never were, they are called "distributions" for a reason. Distros' packages serve a different purpose that is: reconfiguring an OS (sometimes to include more apps) so of course a distro modifies upstream projects to integrate them.
That said, does Flatpak platform already provide the API needed by those KeepassXC features? When the needed API are (yet) not available the distro's manual integration is needed
Well #Debian I'm not sure I agree with your decision to automatically set up systemd-boot as my UEFI boot manager just because I'm installing the systemd-boot package.
I literally just wanted to read the manpage and play around with bootctl.
I especially disagree with your decision to first fuck with my existing, working GRUB2 installation and then copy kernel and initrd to /boot/efi, which turns out to be not large enough on my system, leading to a somewhat broken boot setup.
@scy that sucks. Sounds like one of the reasons why I am so happy about hourly btrfs snapshots of everything under the sun including /boot, / or even /etc as a subvolume.. I can roll back with a few commands.
Good luck with the clean up 😬
I'm kind of a noob when it comes to how SB works, but the way I understand it, since sd-boot only works with UKIs, I need to combine Debian's signed kernel and initramfs into a UKI and thus self-sign anyway.
@scy@dunkelstern Ah sorry, then I skipped a lot of steps in my initial reply.
So from the wiki page, only shim is signed by Microsoft, the others (including GRUB) are signed by Debian, which tracks with what I know. So the Microsoft signed shim is required if you want to use SB but not roll your own keys, as most consumer hardware has only the Microsoft CA installed and not the Debian one. Instead, shim contains the Debian CA and then verifies the Debian signed GRUB, I believe. [1/3]
Mal eine Frage in die Gemeinschaft.
Vor längerer Zeit hatte ich Mal eine Anleitung wie man in ein #Debian stable einbaut das manche (nicht alles) Pakete aus dem #Testing oder #unstable installiert werden. Mit allen Risiken ich weiß.
Leider finde ich die nicht mehr.
Hat hier jemand einen Tipp 🤔
@txt_file Didn't you know, to build software you absolutely need npm, cargo, nuget, pip, .... and MAKE SURE to always specify EXACT VERSIONS, you can easily deploy all that stuff with snap, appimage, flatpak, or better play it safe and just deploy docker images!!!!
On #Debian 11, the whole system along with #XFce was taking 500 MB of RAM. On Debian 12, the system takes 850 MB of RAM. On Trixie/Sid-unstable, it takes 1.3 GB. I honestly don't know what they're shoving in it.
With #Cinnamon and #Gnome, it takes 1.6 GB on idle. Since when Cinnamon, a gnome2/gtk3 fork takes (or should take) as much RAM as Gnome4/gtk4? Something's amiss.
@eugenialoli With kernel caching etc. (i.e. "unused RAM is wasted RAM"), is it still meaningful to compare total RAM usage across DEs, vs analyzing individual RAM usage of components/applications to look for a more specific anomaly?
But even then, my observation in the past few years is that the more RAM you have available in a system, the more it tends to use it anyway.
Ok, je sèche.
Je voudrais connecter mon iphone 12 mini a mon sony vaio violet trop mignon sous debian 12.
J'ai suivit pas à pas ceci : https://wiki.debian.org/fr/iPhone
et je n'arrive toujours pas a accéder à mes photos, ni même au contenu de mon iphone. Par contre il est reconnu en partage de connexion...
Des idées ?
PS : pas la peine de me proposer autre chose, c'est ça que je veux faire #debian#debian12#iphone
Le repouet fait pouet pouet
