| Author |
Message |
Anthony Towns
*nix forums Guru Wannabe
Joined: 06 Mar 2005
Posts: 274
|
 Posted: Thu Nov 24, 2005 2:40 am Post subject:
Re: dpkg-sig support wanted?
|
|
|
On Wed, Nov 23, 2005 at 04:37:05PM -0200, Henrique de Moraes Holschuh wrote:
| Quote: | On Thu, 24 Nov 2005, Anthony Towns wrote:
Personally, I think it's cryptographic snake oil, at least in so far
A signed deb has a seal of procedence and allows one to track the path it
made through the system, and who changed it.
|
That's what the .changes file is for.
| Quote: | something that provides DD-to-user package signatures at least in some
cases is very desirable indeed.
debian-devel-changes provides this.
Not in a very useable form, and only for Debian packages uploaded to the
official Debian archive. This is hardly good enough.
|
Uh, packages not uploaded to the official Debian archive can do whatever
they want.
Cheers,
aj |
|
| Back to top |
|
 |
Anthony Towns
*nix forums Guru Wannabe
Joined: 06 Mar 2005
Posts: 274
|
| Posted: Thu Nov 24, 2005 2:40 am Post subject:
Re: dpkg-sig support wanted?
|
|
|
On Thu, Nov 24, 2005 at 12:38:37AM +0100, Goswin von Brederlow wrote:
| Quote: | I know this is a contrived use case, but Ubuntu doesn't use any .debs from
Debian.
One could prove that. 
|
No, one couldn't -- the signatures could just be removed from the debs,
no recompilation needed.
Cheers,
aj |
|
| Back to top |
|
|
Anthony Towns
*nix forums Guru Wannabe
Joined: 06 Mar 2005
Posts: 274
|
| Posted: Thu Nov 24, 2005 2:40 am Post subject:
Re: dpkg-sig support wanted?
|
|
|
On Thu, Nov 24, 2005 at 09:09:21AM +1100, Matthew Palmer wrote:
| Quote: | 2) A signature from dinstall saying "this package was installed in the
Debian archive" would provide a means of automatic "assurance" of the source
of a binary package, when I'm putting together custom CDs or package repos.
|
You can already use release signatures for this. Further, changing the
deb after upload would make it much more difficult to check the deb was
what was uploaded -- you can no longer just use md5sum, you've instead
got to use special tools.
| Quote: | 3) I can verify the provenance of a particular package in my own custom
repos at any time (did that come from Debian? Did someone build it
internally? What's going on?) I can kinda-sorta do that if I manually sign
each binary package I download & verify against the Packages->Release chain
with a special "came from Debian" key, and I can verify the source of the
source (heh) package via the dsc signature, but having a complete "chain of
custody" on a binary package seems like a "nice" thing to have.
|
Sure; but why do that inside the .deb? You can verify a detached signature
just as easily as an inline one (gpgv sig file // gpgv file), and you
can verify a signature of a hash just as easily as a signature of a file.
If you're worried you might lose the detached, signed information, either
keep it with the data it's authenticating (pool/main/f/foo/foo.origin,
eg), or keep good backups, or both.
| Quote: | At the very least, though, I can't find a hole which makes binary package
signatures, done properly, any less secure than per-archive signing.
|
That's easy: you trust the Packages file to be correct when using apt,
and it's not verified at all by per-package signatures.
| Quote: | Is your
objection to binary-package signing that it is "no better" than archive
signing, or that it is actively *worse* than per-archive signing (again, if
both are done "properly", whatever we may define that to mean).
|
My objection is that it's *useless* for *Debian*. Debian has too many
sources for packages for key management to be plausible, and keeps
packages unchanged over too long a period for the keys to be guaranteed
secure for the lifetime of a package. Additionally, packages can be
authenticated both via Packages.gz files and .changes files, which
already exist and are usable.
| Quote: | One scenario, which initially seems compelling, but which I've since
rejected, is that of "offline signing" of binary packages -- the idea that
the archive can be authenticated via signatures applied to packages before
they hit the archive.
|
This is what .changes files are for, and it's useful both for recovering
from compromises and in a "cvs blame" sort of sense. Note that they also
give more information than a simple signature on the .deb.
Hrm, I see queue/done (which contains .changes files going back to the
dark ages) isn't even being mirrored to merkel properly at the moment.
That's not so constructive.
Cheers,
aj |
|
| Back to top |
|
|
Matthew Palmer
*nix forums Guru Wannabe
Joined: 20 Feb 2005
Posts: 146
|
| Posted: Thu Nov 24, 2005 3:20 am Post subject:
Re: dpkg-sig support wanted?
|
|
|
On Thu, Nov 24, 2005 at 11:54:33AM +1000, Anthony Towns wrote:
| Quote: | On Wed, Nov 23, 2005 at 04:37:05PM -0200, Henrique de Moraes Holschuh wrote:
On Thu, 24 Nov 2005, Anthony Towns wrote:
Personally, I think it's cryptographic snake oil, at least in so far
A signed deb has a seal of procedence and allows one to track the path it
made through the system, and who changed it.
That's what the .changes file is for.
|
Only possible if the .changes file is still accessable, and going through
the d-d-c archives isn't exactly convenient.
On that score, the description for d-d-c says that it includes buildd logs,
but a quick scroll through doesn't appear to find any. Are they sent
somewhere else now, or am I just going blind? Certainly, if we're going to
be verifying binary packages from the .changes files, we need to have all of
the buildd .changes files available in an archive *somewhere*.
- Matt |
|
| Back to top |
|
|
Matthew Palmer
*nix forums Guru Wannabe
Joined: 20 Feb 2005
Posts: 146
|
| Posted: Thu Nov 24, 2005 3:40 am Post subject:
Re: dpkg-sig support wanted?
|
|
|
On Thu, Nov 24, 2005 at 12:30:37PM +1000, Anthony Towns wrote:
| Quote: | On Thu, Nov 24, 2005 at 09:09:21AM +1100, Matthew Palmer wrote:
3) I can verify the provenance of a particular package in my own custom
repos at any time (did that come from Debian? Did someone build it
internally? What's going on?) I can kinda-sorta do that if I manually sign
each binary package I download & verify against the Packages->Release chain
with a special "came from Debian" key, and I can verify the source of the
source (heh) package via the dsc signature, but having a complete "chain of
custody" on a binary package seems like a "nice" thing to have.
Sure; but why do that inside the .deb? You can verify a detached signature
just as easily as an inline one (gpgv sig file // gpgv file), and you
can verify a signature of a hash just as easily as a signature of a file.
If you're worried you might lose the detached, signed information, either
keep it with the data it's authenticating (pool/main/f/foo/foo.origin,
eg), or keep good backups, or both.
|
Then there's the opposite argument about "why not do that inside the .deb?".
On the one hand, if I copy a detached-signed .deb around, I need to remember
to copy the .origin file around with it. Conversely, if I use in-file sigs,
I can no longer rely on the md5sum of the .deb as originally provided to
verify original provenance.
I think the final judgment in this issue is going to come down to personal
taste and needs more than anything else.
| Quote: | At the very least, though, I can't find a hole which makes binary package
signatures, done properly, any less secure than per-archive signing.
That's easy: you trust the Packages file to be correct when using apt,
and it's not verified at all by per-package signatures.
|
That's a good point. However, what damage can be done with a bodgy Packages
file, if only well-signed .debs are actually accepted for installation on
the system? The only thing that comes to mind is wasting some time and
bandwidth on downloading dodgy debs (or their equally-dodgy dependencies),
but if the system checks the signatures before installing anything, can
anything actually be damaged?
| Quote: | Is your
objection to binary-package signing that it is "no better" than archive
signing, or that it is actively *worse* than per-archive signing (again, if
both are done "properly", whatever we may define that to mean).
My objection is that it's *useless* for *Debian*. Debian has too many
sources for packages for key management to be plausible, and keeps
packages unchanged over too long a period for the keys to be guaranteed
secure for the lifetime of a package. Additionally, packages can be
authenticated both via Packages.gz files and .changes files, which
already exist and are usable.
|
Don't the same arguments about key longevity apply to checking the
signatures on .changes files, too?
| Quote: | One scenario, which initially seems compelling, but which I've since
rejected, is that of "offline signing" of binary packages -- the idea that
the archive can be authenticated via signatures applied to packages before
they hit the archive.
This is what .changes files are for, and it's useful both for recovering
from compromises and in a "cvs blame" sort of sense. Note that they also
give more information than a simple signature on the .deb.
Hrm, I see queue/done (which contains .changes files going back to the
dark ages) isn't even being mirrored to merkel properly at the moment.
That's not so constructive.
|
Is there a publically accessable form of queue/done somewhere that people
can download the .changes files from? That would be quite handy for people
to use to verify binary packages (and would be a darn sight easier to use
than trolling d-d-c archives).
- Matt |
|
| Back to top |
|
|
Anthony Towns
*nix forums Guru Wannabe
Joined: 06 Mar 2005
Posts: 274
|
| Posted: Thu Nov 24, 2005 6:30 am Post subject:
Re: dpkg-sig support wanted?
|
|
|
On Thu, Nov 24, 2005 at 02:31:22PM +1100, Matthew Palmer wrote:
| Quote: | Then there's the opposite argument about "why not do that inside the .deb?".
|
Simple answers: unnecessary bloat, unwarranted feeling of security
leading to bad decisions.
Whenever anyone asks "how do you manage the keys", the answer is usually
"automatically sign by dinstall" which means the deb is modified after it
leaves the builders system (invalidating existing authentication methods)
and usually means changing the deb after its entered the archive (for
signatures identifying packages released as part of sarge / etch, or in
the case where an old key expires).
| Quote: | I think the final judgment in this issue is going to come down to personal
taste and needs more than anything else.
|
That's fine for personal repositories, it's not sufficient for Debian's
archive.
| Quote: | At the very least, though, I can't find a hole which makes binary package
signatures, done properly, any less secure than per-archive signing.
That's easy: you trust the Packages file to be correct when using apt,
and it's not verified at all by per-package signatures.
That's a good point. However, what damage can be done with a bodgy Packages
file, if only well-signed .debs are actually accepted for installation on
the system?
|
Add a "Depends: some-random-package" that you know has a security hole
to dpkg's entry in the Packages and it'll be automatically installed by
apt. Add a "Conflicts: dpkg" to some package's entry and it'll never be
installed by apt or aptitude. You can possibly be trickier by pointing
apt at a completely different file too, so that the user thinks they're
installing foo, but end up with bar instead only noticing if they see
dpkg say "Unpacking bar (from .../foo_*.deb)". IIRC, it's tricky to make
that actually work.
| Quote: | The only thing that comes to mind is wasting some time and
bandwidth on downloading dodgy debs (or their equally-dodgy dependencies),
but if the system checks the signatures before installing anything, can
anything actually be damaged?
|
There are plenty of packages signed by developers, or that have been
included in the archive, that have exploitable security issues.
| Quote: | My objection is that it's *useless* for *Debian*. Debian has too many
sources for packages for key management to be plausible, and keeps
packages unchanged over too long a period for the keys to be guaranteed
secure for the lifetime of a package. Additionally, packages can be
authenticated both via Packages.gz files and .changes files, which
already exist and are usable.
Don't the same arguments about key longevity apply to checking the
signatures on .changes files, too?
|
Sure, that's why we don't encourage users to worry about them.
The advantage is there's no great difficulty to providing new detached
certificates with new signatures, if the need arises. The debs only need
to be changed if they're actual content needs to change. (Which is also
an advantage for users, who correspondingly don't have to worry about
redownloading them)
| Quote: | Hrm, I see queue/done (which contains .changes files going back to the
dark ages) isn't even being mirrored to merkel properly at the moment.
That's not so constructive.
Is there a publically accessable form of queue/done somewhere that people
can download the .changes files from?
|
No, there isn't anything, apparently the mirroring to merkel got disabled
due to the inode usage / rsync time. There's some 700k odd changes
files. I think the theory is they'll start getting regularly tar.bz2'ed
up and made available with an index file.
| Quote: | That would be quite handy for people
to use to verify binary packages (and would be a darn sight easier to use
than trolling d-d-c archives).
|
No lie.
Cheers,
aj |
|
| Back to top |
|
|
Marc Haber
*nix forums Guru
Joined: 20 Feb 2005
Posts: 646
|
| Posted: Thu Nov 24, 2005 6:50 am Post subject:
Re: dpkg-sig support wanted?
|
|
|
On Thu, 24 Nov 2005 11:54:33 +1000, Anthony Towns
<aj@azure.humbug.org.au> wrote:
| Quote: | On Wed, Nov 23, 2005 at 04:37:05PM -0200, Henrique de Moraes Holschuh wrote:
Not in a very useable form, and only for Debian packages uploaded to the
official Debian archive. This is hardly good enough.
Uh, packages not uploaded to the official Debian archive can do whatever
they want.
|
It would, however, be convenient to be able to upload a package to
Debian and to be able to use the same package for different things.
Allowing things like these is what makes it possible for some people
to work for Debian during their paid time.
Greetings
Marc
--
-------------------------------------- !! No courtesy copies, please !! -----
Marc Haber | " Questions are the | Mailadresse im Header
Mannheim, Germany | Beginning of Wisdom " | http://www.zugschlus.de/
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 621 72739834 |
|
| Back to top |
|
|
Matthew Palmer
*nix forums Guru Wannabe
Joined: 20 Feb 2005
Posts: 146
|
| Posted: Thu Nov 24, 2005 7:50 am Post subject:
Re: dpkg-sig support wanted?
|
|
|
On Thu, Nov 24, 2005 at 03:48:15PM +1000, Anthony Towns wrote:
| Quote: | On Thu, Nov 24, 2005 at 02:31:22PM +1100, Matthew Palmer wrote:
I think the final judgment in this issue is going to come down to personal
taste and needs more than anything else.
That's fine for personal repositories, it's not sufficient for Debian's
archive.
|
Well, I think that personal taste is sufficient for Debian's archive, and it
seems obvious that Those In The Know have decided that they prefer one taste
over another. <grin>
| Quote: | At the very least, though, I can't find a hole which makes binary package
signatures, done properly, any less secure than per-archive signing.
That's easy: you trust the Packages file to be correct when using apt,
and it's not verified at all by per-package signatures.
That's a good point. However, what damage can be done with a bodgy Packages
file, if only well-signed .debs are actually accepted for installation on
the system?
Add a "Depends: some-random-package" that you know has a security hole
to dpkg's entry in the Packages and it'll be automatically installed by
apt.
|
You're a lot more devious than I am, AJ, as I'd never considered these
possibilities.
| Quote: | Hrm, I see queue/done (which contains .changes files going back to the
dark ages) isn't even being mirrored to merkel properly at the moment.
That's not so constructive.
Is there a publically accessable form of queue/done somewhere that people
can download the .changes files from?
No, there isn't anything, apparently the mirroring to merkel got disabled
due to the inode usage / rsync time. There's some 700k odd changes
files.
|
Ouch. rsync must be *loving* those.
- Matt |
|
| Back to top |
|
|
Stefano Zacchiroli
*nix forums beginner
Joined: 14 Mar 2005
Posts: 49
|
| Posted: Thu Nov 24, 2005 9:50 am Post subject:
Re: dpkg-sig support wanted?
|
|
|
On Thu, Nov 24, 2005 at 12:56:15AM +0100, Marc 'HE' Brockschmidt wrote:
| Quote: | I will fill a whishlist bugreport against debuild to support dpkg-sig
side by side with debuild.
There is already #247825. #247824 is the wishlist bug for
dpkg-buildpackage support.
|
Indeed, I spotted them just after the post.
--
Stefano Zacchiroli -*- Computer Science PhD student @ Uny Bologna, Italy
zack@{cs.unibo.it,debian.org,bononia.it} -%- http://www.bononia.it/zack/
If there's any real truth it's that the entire multidimensional infinity
of the Universe is almost certainly being run by a bunch of maniacs. -!- |
|
| Back to top |
|
|
Roger Leigh
*nix forums Guru
Joined: 28 Feb 2005
Posts: 364
|
| Posted: Thu Nov 24, 2005 11:00 am Post subject:
Re: dpkg-sig support wanted?
|
|
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
John Hasler <jhasler@debian.org> writes:
| Quote: | Marc Haber writes:
So, most of the DD's do not care about security at all.
I think that DD's do not use dpkg-sig and debsigs because they believe them
to be hard to use and not supported by the infrastructure or by policy.
|
ACK. I certainly care about security, and I'll sign my packages just
as soon as debsign supports it.
Regards,
Roger
- --
Roger Leigh
Printing on GNU/Linux? http://gimp-print.sourceforge.net/
Debian GNU/Linux http://www.debian.org/
GPG Public Key: 0x25BFB848. Please sign and encrypt your mail.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.8+ <http://mailcrypt.sourceforge.net/>
iD8DBQFDhZtKVcFcaSW/uEgRAp4CAJ93sOae+cyRL9KsTgrIYkme1vHjOwCfXZ4N
zmom+bKRm2tMU16IklDxSNk=
=seoz
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org |
|
| Back to top |
|
|
Marc Haber
*nix forums Guru
Joined: 20 Feb 2005
Posts: 646
|
| Posted: Thu Nov 24, 2005 11:20 am Post subject:
Re: dpkg-sig support wanted?
|
|
|
On Thu, 24 Nov 2005 10:51:55 +0000, Roger Leigh
<rleigh@whinlatter.ukfsn.org> wrote:
| Quote: | John Hasler <jhasler@debian.org> writes:
Marc Haber writes:
So, most of the DD's do not care about security at all.
I think that DD's do not use dpkg-sig and debsigs because they believe them
to be hard to use and not supported by the infrastructure or by policy.
ACK. I certainly care about security, and I'll sign my packages just
as soon as debsign supports it.
|
So you wouldn't use dpkg-sig even if it were still supported by the
archive?
Greetings
Marc
--
-------------------------------------- !! No courtesy copies, please !! -----
Marc Haber | " Questions are the | Mailadresse im Header
Mannheim, Germany | Beginning of Wisdom " | http://www.zugschlus.de/
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 621 72739834 |
|
| Back to top |
|
|
Wouter Verhelst
*nix forums Guru
Joined: 04 Apr 2005
Posts: 558
|
| Posted: Thu Nov 24, 2005 11:20 am Post subject:
Re: dpkg-sig support wanted?
|
|
|
On Thu, Nov 24, 2005 at 02:11:45PM +1100, Matthew Palmer wrote:
| Quote: | On Thu, Nov 24, 2005 at 11:54:33AM +1000, Anthony Towns wrote:
On Wed, Nov 23, 2005 at 04:37:05PM -0200, Henrique de Moraes Holschuh wrote:
On Thu, 24 Nov 2005, Anthony Towns wrote:
Personally, I think it's cryptographic snake oil, at least in so far
A signed deb has a seal of procedence and allows one to track the path it
made through the system, and who changed it.
That's what the .changes file is for.
Only possible if the .changes file is still accessable, and going through
the d-d-c archives isn't exactly convenient.
On that score, the description for d-d-c says that it includes buildd logs,
|
Then that description is wrong. It never did include buildd logs, and
AFAIK, there are no plans to that effect, either.
--
..../ -/ ---/ .--./ / .--/ .-/ .../ -/ ../ -./ --./ / -.--/ ---/ ..-/ .-./ / -/
.../ --/ ./ / .--/ ../ -/ ..../ / -../ ./ -.-./ ---/ -../ ../ -./ --./ / --/
-.--/ / .../ ../ --./ -./ .-/ -/ ..-/ .-./ ./ .-.-.-/ / --/ ---/ .-./ .../ ./ /
.../ .../ / ---/ ..-/ -/ -../ .-/ -/ ./ -../ / -/ ./ -.-./ ..../ -./ ---/ .-../
---/ --./ -.--/ / .-/ -./ -.--/ .--/ .-/ -.--/ .-.-.-/ / ...-.-/
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org |
|
| Back to top |
|
|
Frank Küster
*nix forums Guru
Joined: 20 Feb 2005
Posts: 432
|
| Posted: Thu Nov 24, 2005 11:21 am Post subject:
Re: dpkg-sig support wanted?
|
|
|
Marc Haber <mh+debian-devel@zugschlus.de> wrote:
| Quote: | On Thu, 24 Nov 2005 10:51:55 +0000, Roger Leigh
rleigh@whinlatter.ukfsn.org> wrote:
John Hasler <jhasler@debian.org> writes:
Marc Haber writes:
So, most of the DD's do not care about security at all.
I think that DD's do not use dpkg-sig and debsigs because they believe them
to be hard to use and not supported by the infrastructure or by policy.
ACK. I certainly care about security, and I'll sign my packages just
as soon as debsign supports it.
So you wouldn't use dpkg-sig even if it were still supported by the
archive?
|
I think these are bogus questions. I am a complete non-expert in these
security things. I am sure that if the project comes to the conclusion
that signing debs is a good thing, more people will do it irrespective
of how convenient the procedure is in the beginning. If it finds its
way into the Developer's Reference, even more will use it (and start
integrating it into debsign or whatever). To me, it's not a question of
whether it's easy to use, but rather whether I can be convinced that it
is worth it.
So far, I could not draw any conclusion from this discussion - both the
counter and the pro arguments contain some truth, and uneducated as I am
I cannot judge at the moment.
However, if there was no technical reason to reject signed binary
packages, it seems to me as if making that change to DAK is an abuse of
ftpmaster's powers: This is a design decision, and it should be made
after thorough public discussion, either by finding a consensus or by
using our constitutional means of making a decision. Changes should not
be made in advance, except if there is an unrelated technical reason (I
don't know whether this is the case).
Regards, Frank
--
Frank Küster
Inst. f. Biochemie der Univ. Zürich
Debian Developer |
|
| Back to top |
|
|
Adam D. Barratt
*nix forums beginner
Joined: 02 Feb 2005
Posts: 23
|
| Posted: Thu Nov 24, 2005 11:40 am Post subject:
Re: dpkg-sig support wanted?
|
|
|
On Thursday, November 24, 2005 11:17 AM, Wouter Verhelst <wouter@debian.org>
wrote:
| Quote: | On Thu, Nov 24, 2005 at 02:11:45PM +1100, Matthew Palmer wrote:
[...]
On that score, the description for d-d-c says that it includes
buildd logs,
Then that description is wrong. It never did include buildd logs, and
AFAIK, there are no plans to that effect, either.
|
It doesn't say that.
It says:
"Notices about uploaded packages for the unstable distribution, from
developers, buildds and katie, the archive sentinel."
i.e. the only e-mails from buildds involved are "notices about uploaded
packages", not logs.
Adam
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org |
|
| Back to top |
|
|
Matthew Palmer
*nix forums Guru Wannabe
Joined: 20 Feb 2005
Posts: 146
|
| Posted: Thu Nov 24, 2005 12:00 pm Post subject:
Re: dpkg-sig support wanted?
|
|
|
On Thu, Nov 24, 2005 at 11:38:45AM -0000, Adam D. Barratt wrote:
| Quote: | On Thursday, November 24, 2005 11:17 AM, Wouter Verhelst <wouter@debian.org
wrote:
On Thu, Nov 24, 2005 at 02:11:45PM +1100, Matthew Palmer wrote:
[...]
On that score, the description for d-d-c says that it includes
buildd logs,
Then that description is wrong. It never did include buildd logs, and
AFAIK, there are no plans to that effect, either.
It doesn't say that.
It says:
"Notices about uploaded packages for the unstable distribution, from
developers, buildds and katie, the archive sentinel."
i.e. the only e-mails from buildds involved are "notices about uploaded
packages", not logs.
|
Sorry, that was a massive typo on my part. I thought "buildd output", and
wrote "buildd logs" when I meant "buildd .changes files". My question, as
amended, though, still holds -- are the .changes associated with the upload
of autobuilt packages supposed to go to d-d-c, and if so, are they there and
I'm just not seeing them in the list archive?
- Matt |
|
| Back to top |
|
|
Google
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
Forum index
»
*nix
»
Linux
»
Distributions
»
Debian
»
devel
