Hi together,
The 7.1-i386-ftp version is out, finally. We've had problems with some
packages before we could release it to the public. The 7.1 ftp version
contains some newer packages than the CD version - the security updates
have been merged as well as many many bugs have been squished.
This time, the ftp version of the distribution is something special: For
the first time, there is no seperate German/non-US and a US version any
more. The international version contains all crypto packages that usually
only the German distribution has. This has been made possible by removing
all occurrences of patented cryptographical code and/or substituting it
with free code. In the end, it turns out that we can live without
commercial code...
This particular circumstance leads to an easier update structure of the
ftp servers: All 7.1 updates, all distributions, will be available on
ftp.suse.com (which is located in Oakland, CA), none on ftp.suse.de (which
is in Nürnberg, Germany).
Also, not an "official" announcement: Efforts are underway to merge the
ftp.suse.de update tree with the ftp.suse.com update tree for the older
distributions, too. I'll publically announce it when it is getting time
(and this will take some weeks...).
Thanks,
Roman.
--
- -
| Roman Drahtmüller
On Wed, Mar 21, 2001 at 03:10:46AM +0100, Roman Drahtmueller wrote:
The 7.1-i386-ftp version is out, finally. We've had problems with some packages before we could release it to the public. The 7.1 ftp version contains some newer packages than the CD version - the security updates have been merged as well as many many bugs have been squished.
Roman, just one question. - I have installed the 7.1 from the DVD (1st edition) - I have installed all the update packages from ftp.suse.com (read: one of its mirrors) What do I have to do further in order to get the same "level of removed bugs and problems" as installing the FTP version? Thanks in advance, Frank
Roman,
just one question.
- I have installed the 7.1 from the DVD (1st edition) - I have installed all the update packages from ftp.suse.com (read: one of its mirrors)
What do I have to do further in order to get the same "level of removed bugs and problems" as installing the FTP version?
No problem, you're on the top level. Bugfixes and security fixes can be found in the update trees and have been merged into 7.1-ftp. Everything else can be categorized "minor bugfix". Like spelling mistakes, package dependency fixes, annoyances and noise.
Thanks in advance, Frank
Thanks,
Roman.
--
- -
| Roman Drahtmüller
Roman, when you call this the ftp version I'm assuming that you mean it is available for ftp download. If one were to download all 5GB of this beast how would one use it? Is it intended to be nfs mounted and client installs made over the network? Can it be used as an ftp install tree? Could one do an nfs or ftp install directly from your server? Gerry "The lyf so short, the craft so long to learne" Chaucer
* gerry@dorfam.ca (gerry@dorfam.ca) [010321 07:48]:
Roman, when you call this the ftp version I'm assuming that you mean it is available for ftp download. If one were to download all 5GB of this beast how would one use it?
Er...
Is it intended to be nfs mounted and client installs made over the network? Can it be used as an ftp install tree? Could one do an nfs or ftp install directly from your server?
You can do an ftp installation by downloading the bootdisk (and modules disk if you you need it). You can't do an nfs installation from ftp.suse.com but if you need to install to a lot of machines it's definitely worth the trouble to setup a local nfs server. -- -ckm
: On Wed, 21 Mar 2001 08:02:28 -0800, Christopher Mahmood wrote:
You can do an ftp installation by downloading the bootdisk (and modules disk if you you need it).
I can certify that this will work (at least to the extent that it completes :->), having completed an FTP install from ftp://ftp.gwdg.de/ a few minutes ago. The thing to watch out for is FTP server timeouts. Once past that, all is smooth. The one remaining problem that I fear will creep up as soon as I try to boot into the system: I suspect that yast (text) allowed me to get away with installing *NO* kernel at all - it got an error downloading the 2.4 kernel - and yast still proceeded to the end, with lilo complaining <g>. IOW, recovery from that error seems to have been somewhat ... sub-optimal. Let's see whether I can complete the installation by other means. Are there plans to release a smallish "eval" ISO download for a tiny base system?
You can do an ftp installation by downloading the bootdisk (and modules disk if you you need it).
I can certify that this will work (at least to the extent that it completes :->), having completed an FTP install from ftp://ftp.gwdg.de/ a few minutes ago. The thing to watch out for is FTP server timeouts. Once past that, all is smooth.
Daniel Bischof and I have migrated the ftp.suse.com ftp server from proftpd to good-old wuftpd along with xinetd. During the migration we had to boot one time because the socket wasn't released, and the whole thing might have been a bit bumpy at times. However, we believe that most of the problems that people reported (and that we couldn't reproduce) will vanish.
The one remaining problem that I fear will creep up as soon as I try to boot into the system: I suspect that yast (text) allowed me to get away with installing *NO* kernel at all - it got an error downloading the 2.4 kernel - and yast still proceeded to the end, with lilo complaining <g>. IOW, recovery from that error seems to have been somewhat ... sub-optimal.
Boot using the bootfloppy, run the installed system, Get ftp://ftp.suse.com/pub/suse/i386/7.1/suse/images/k_deflt.rpm install the rpm, execute "mk_initrd" and run lilo afterwards. You may have to go through configuring lilo again, though.
Let's see whether I can complete the installation by other means.
May have been the bumpy ftp server operation today.
Are there plans to release a smallish "eval" ISO download for a tiny base system?
Negative, this is not planned for the nearest future.
Regards,
Roman.
--
- -
| Roman Drahtmüller
If I may ask, why the move from proFTPD to wu-FTPD? I believe the latter is less secure than the former. Is there something I am missing? Roman Drahtmueller wrote:
Daniel Bischof and I have migrated the ftp.suse.com ftp server from proftpd to good-old wuftpd along with xinetd. During the migration we had to boot one time because the socket wasn't released, and the whole thing might have been a bit bumpy at times. However, we believe that most of the problems that people reported (and that we couldn't reproduce) will vanish.
-- Nadeem Hasan nhasan@nadmm.com http://www.nadmm.com/
If I may ask, why the move from proFTPD to wu-FTPD? I believe the latter is less secure than the former. Is there something I am missing?
If you have followed the security lists in the last two years, there
hasn't been a single problem with wuftpd-2.4 since Thomas Biege made a
complete security audit of it.
proftpd isn't mature enough for high performance use. It has a severe
memory leak in the master daemon, the system call overhead is enormous (it
caused our ftp server to bump into max loads of around 60-90!), and my
description about stability lacks the right words. When I waded through
the code to fix these ugly performance problems (each daemon kills each
other daemon with SIGCONT, just to make sure it's alive. Wonderful...), I
fixed some format string bugs on the fly. Nono...
We needed per-ip connection limits, and now we got them (since xinetd has
a feature that can handle it).
Btw, does anybody know an ftp server that can throttle throughput?
Roman.
--
- -
| Roman Drahtmüller
Btw, does anybody know an ftp server that can throttle throughput?
I believe Chris will be adding that to vsftpd. ProFTPD currently has it
He didn't actually say so, at least I didn't see it. But Alan mumbled that it's needed, which doesn't say anything. I'll ask Chris.
(RateReadBPS). I believe some of the BSD ones have it too.
Really? Sounds crazy to me... Need to take a look at this. Thanks.
-Kurt
Roman.
--
- -
| Roman Drahtmüller
At 05:47 AM 22/03/2001, you wrote:
Daniel Bischof and I have migrated the ftp.suse.com ftp server from proftpd to good-old wuftpd along with xinetd. During the migration we had to boot one time because the socket wasn't released, and the whole thing might have been a bit bumpy at times. However, we believe that most of the problems that people reported (and that we couldn't reproduce) will vanish.
eeek.. Whats wrong with proftpd? /me loves his proftpd lovin... I can't see any advantages to going to wu(compromised often)ftpd???? just MHO --- Nix - nix@susesecurity.com http://www.susesecurity.com
ProFTPD has had a TON of problems, they really need to audit it. If you want
secure I suggest vsftpd from chris evans:
ftp://ferret.lmh.ox.ac.uk/pub/linux/
it's what I use now.
Kurt Seifried, seifried@securityportal.com
Securityportal - your focal point for security on the 'net
----- Original Message -----
From: "Nix"
At 05:47 AM 22/03/2001, you wrote:
Daniel Bischof and I have migrated the ftp.suse.com ftp server from proftpd to good-old wuftpd along with xinetd. During the migration we had to boot one time because the socket wasn't released, and the whole thing might have been a bit bumpy at times. However, we believe that most of the problems that people reported (and that we couldn't reproduce) will vanish.
eeek.. Whats wrong with proftpd? /me loves his proftpd lovin... I can't see any advantages to going to wu(compromised often)ftpd????
just MHO
--- Nix - nix@susesecurity.com http://www.susesecurity.com
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
On 22 Mar 2001, at 11:47, Nix wrote:
eeek.. Whats wrong with proftpd? /me loves his proftpd lovin... I can't see any advantages to going to wu(compromised often)ftpd????
Hi, if they see advantages just let them do it. I use proftpd too, und it works perfectly for me, but I have only some 20 people to have ftp access and I am not too much concerned about high volume. As a proftpd user I am not too happy with the last 8 month development and it shurely looks like proftpd lost some professionality. mike
[ OT for suse-security, but maybe of interest for SuSE folks ] On Wed, Mar 21, 2001 at 08:02 -0800, Christopher Mahmood wrote:
You can do an ftp installation by downloading the bootdisk (and modules disk if you you need it).
Which reminds me ... Last time I checked I had SuSE 7.0 floppies which refused to install from a publicfile server (DJB software) in FTP mode. Neither did I check HTTP mode nor SuSE 7.1 floppies. I guess it's due to the unexpected listing layout, no client I know has problems getting single files when requested with a pathname while only few can list out directory contents (putting squid between the client and the server helps a lot:). And from what I've seen scanning the list output is a little different: it's not about counting positions but about searching for separators / field identifiers. Does the SuSE installer not only request expected files but list directories, too? I don't see the reason for it to fail ... NB: OpenBSD's as well as FreeBSD's installers cope fine with publicfile servers and have done so for quite some time.
You can't do an nfs installation from ftp.suse.com but if you need to install to a lot of machines it's definitely worth the trouble to setup a local nfs server.
This scenario (local NFS servers to install from) is often found in .edu style institutions (universities and the like) or huge enterprises. Ask your local admin. :) I'm not positive whether any uni admin will provide this service publically or if SuSE will consider doing this (since Ramon only attacks RH machines ... :> ). virtually yours 82D1 9B9C 01DC 4FB4 D7B4 61BE 3F49 4F77 72DE DA76 Gerhard Sittig true | mail -s "get gpg key" Gerhard.Sittig@gmx.net -- If you don't understand or are scared by any of the above ask your parents or an adult to help you.
Which reminds me ...
Last time I checked I had SuSE 7.0 floppies which refused to install from a publicfile server (DJB software) in FTP mode. Neither did I check HTTP mode nor SuSE 7.1 floppies.
Is "publicfile server" an ftp server software? Sorry for my ignorance, but I don't know it...
Does the SuSE installer not only request expected files but list directories, too? I don't see the reason for it to fail ...
Yes, it requests directory listings. I've fixed a bug in the mirror.pl script lately, it might be a similar problem with yast. But we don't have any bug reports concerning ftp installation mode.
NB: OpenBSD's as well as FreeBSD's installers cope fine with publicfile servers and have done so for quite some time.
Hmmm.
You can't do an nfs installation from ftp.suse.com but if you need to install to a lot of machines it's definitely worth the trouble to setup a local nfs server.
This scenario (local NFS servers to install from) is often found in .edu style institutions (universities and the like) or huge enterprises. Ask your local admin. :)
I've asked myself many many times...
I'm not positive whether any uni admin will provide this service publically or if SuSE will consider doing this (since Ramon only attacks RH machines ... :> ).
I don't think that this is feasible. UDP traffic over longer distances
isn't really worth the try because it's not efficient. Use ftp - it works
well enough.
Thanks,
Roman.
--
- -
| Roman Drahtmüller
On Thu, Mar 22, 2001 at 15:47 +0100, Roman Drahtmueller wrote:
Last time I checked I had SuSE 7.0 floppies which refused to install from a publicfile server (DJB software) in FTP mode. Neither did I check HTTP mode nor SuSE 7.1 floppies.
Is "publicfile server" an ftp server software? Sorry for my ignorance, but I don't know it...
It's a tiny and thus (said to be) fast, secure and reliable HTTP and FTP server. It depends on your needs whether you find its readonly (anonymous, no authentication, no PUT / POST / etc) as well as "pure documents only" (no scripts, no pipes, no gimmicks) mode of operation to be advantageous or not. Find more info about it at http://cr.yp.to/publicfile.html (it obviously serves DJB's domain, he's known for using his own software:>).
I've fixed a bug in the mirror.pl script lately, it might be a similar problem with yast. But we don't have any bug reports concerning ftp installation mode.
I will contact you off list for this. It's more of a feature request than a bug. Apparently "everyone else" runs different FTP server software. :) virtually yours 82D1 9B9C 01DC 4FB4 D7B4 61BE 3F49 4F77 72DE DA76 Gerhard Sittig true | mail -s "get gpg key" Gerhard.Sittig@gmx.net -- If you don't understand or are scared by any of the above ask your parents or an adult to help you.
participants (10)
-
Christopher Mahmood
-
Frank Derichsweiler
-
Gerhard Sittig
-
gerry@dorfam.ca
-
Kurt Seifried
-
Nadeem Hasan
-
Nix
-
Roman Drahtmueller
-
Stefan Hoffmeister
-
Thomas Michael Wanka