Debian Bug report logs - #361954
ITP: ossec-hids -- Host-based intrusion detection system

Package: wnpp; Maintainer for wnpp is wnpp@debian.org;

Reported by: Alberto Furia <straluna@email.it>

Date: Tue, 11 Apr 2006 12:33:27 UTC

Owned by: Jose Antonio Quevedo Muñoz <joseantonio.quevedo@gmail.com>

Severity: wishlist

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, debian-devel@lists.debian.org, <wnpp@debian.org>, alberto furia <straluna@email.it>:
Bug#361954; Package wnpp. Full text and rfc822 format available.

Acknowledgement sent to Alberto Furia <straluna@email.it>:
New Bug report received and forwarded. Copy sent to debian-devel@lists.debian.org, <wnpp@debian.org>, alberto furia <straluna@email.it>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Alberto Furia <straluna@email.it>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: ITP: OSSEC HIDS -- Host-based intrusion detection system.
Date: Tue, 11 Apr 2006 14:31:13 +0200
Package: wnpp
Severity: wishlist
Owner: Alberto Furia <straluna@email.it>

* Package name    : ossec-hids
  Version         : 0.7
  Upstream Author : Daniel B. Cid <dcid at ossec dot net>
* URL             : http://www.ossec.net/
* License         : GPL
  Programming Lang: C
  Description     : Host-based intrusion detection system. 

OSSEC HIDS is an open source host-based intrusion detection system. It performs
log analysis, integrity checking, rootkit detection, time-based alerting and
active response.
If you have only one system to monitor, you can install the OSSEC HIDS locally
on that box and do everything from there. However, if you have a few systems to
monitor, you can have one as the server and the others as agents, forwading
events to the server for analysis. One of the greatest benefits of the OSSEC
HIDS is its scalability, allowing you to monitor multiple systems from a central
point.


-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.13.4
Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to it_IT.UTF-8)



Changed Bug title. Request was from Thomas Huriaux <thomas.huriaux@gmail.com> to control@bugs.debian.org. Full text and rfc822 format available.

Forcibly Merged 361954 407121. Request was from Thomas Huriaux <thomas.huriaux@gmail.com> to control@bugs.debian.org. Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, <wnpp@debian.org>, alberto furia <straluna@email.it>:
Bug#361954; Package wnpp. Full text and rfc822 format available.

Acknowledgement sent to Vincent Bernat <bernat@luffy.cx>:
Extra info received and forwarded to list. Copy sent to <wnpp@debian.org>, alberto furia <straluna@email.it>. Full text and rfc822 format available.

Message #14 received at 361954@bugs.debian.org (full text, mbox):

From: Vincent Bernat <bernat@luffy.cx>
To: 361954@bugs.debian.org
Subject: Any news for this ITP of OSSEC ?
Date: Sat, 27 Jan 2007 19:30:51 +0100
Hello !

Is there any news about this ITP ? Is it a package ready ?

Thanks !
-- 
Test input for validity and plausibility.
            - The Elements of Programming Style (Kernighan & Plauger)



Information forwarded to debian-bugs-dist@lists.debian.org, <wnpp@debian.org>, alberto furia <straluna@email.it>:
Bug#361954; Package wnpp. Full text and rfc822 format available.

Acknowledgement sent to Yaroslav Halchenko <debian@onerussian.com>:
Extra info received and forwarded to list. Copy sent to <wnpp@debian.org>, alberto furia <straluna@email.it>. Full text and rfc822 format available.

Message #19 received at 361954@bugs.debian.org (full text, mbox):

From: Yaroslav Halchenko <debian@onerussian.com>
To: 361954@bugs.debian.org
Cc: Alberto Furia <straluna@email.it>
Subject: please update on the status
Date: Mon, 11 Jun 2007 16:32:36 -0400
Dear Alberto,

Are you still planning to furnish ossec for debian? Please let know so
may be some other interested party (like me) takes over the ITP since
there has been no progress reported on packaging since over a year ago.

Cheers
-- 
Yaroslav Halchenko
Research Assistant, Psychology Department, Rutgers-Newark
Student  Ph.D. @ CS Dept. NJIT
Office: (973) 353-5440x263 | FWD: 82823 | Fax: (973) 353-1171
        101 Warren Str, Smith Hall, Rm 4-105, Newark NJ 07102
WWW:     http://www.linkedin.com/in/yarik        



Information forwarded to debian-bugs-dist@lists.debian.org, <wnpp@debian.org>, alberto furia <straluna@email.it>:
Bug#361954; Package wnpp. Full text and rfc822 format available.

Acknowledgement sent to straluna <straluna@email.it>:
Extra info received and forwarded to list. Copy sent to <wnpp@debian.org>, alberto furia <straluna@email.it>. Full text and rfc822 format available.

Message #24 received at 361954@bugs.debian.org (full text, mbox):

From: straluna <straluna@email.it>
To: Yaroslav Halchenko <debian@onerussian.com>, 361954@bugs.debian.org
Subject: Re: Bug#361954: please update on the status
Date: Tue, 12 Jun 2007 11:42:33 +0200
On Mon, 11 Jun 2007 16:32:36 -0400
Yaroslav wrote:

> Dear Alberto,
> 
> Are you still planning to furnish ossec for debian? 

Ciao Yaroslav,
i can't fornish ossec for debian in this moment: for me it's ok if
you want to package it.

I'll update the status asap.

Thx!

bye,
a.



Information forwarded to debian-bugs-dist@lists.debian.org, <wnpp@debian.org>, alberto furia <straluna@email.it>:
Bug#361954; Package wnpp. Full text and rfc822 format available.

Acknowledgement sent to Matej Vela <vela@debian.org>:
Extra info received and forwarded to list. Copy sent to <wnpp@debian.org>, alberto furia <straluna@email.it>. Full text and rfc822 format available.

Message #29 received at 361954@bugs.debian.org (full text, mbox):

From: Matej Vela <vela@debian.org>
To: 361954@bugs.debian.org
Cc: control@bugs.debian.org, Alberto Furia <straluna@email.it>, Alex de Oliveira Silva <enerv@host.sk>, Vincent Bernat <bernat@luffy.cx>, Yaroslav Halchenko <debian@onerussian.com>
Subject: Bug#361954: ITP: ossec-hids -- Host-based intrusion detection system
Date: Thu, 22 Nov 2007 01:16:31 +0100
owner 361954 !
unmerge 407121
close 407121
thanks

On Tue, Jun 12, 2007 at 11:42:33 +0200, Alberto Furia wrote:
> Ciao Yaroslav,
> i can't fornish ossec for debian in this moment: for me it's ok if
> you want to package it.

Since no one jumped in, I guess I'm taking over the ITP.  Of course,
co-maintainers are more than welcome.  I'm also closing #407121 so that
we don't have two bugs to keep track of.

Here's my to-do list so far:

  * Make sure there's no licensing conflict between GPL and the bundled
    OpenSSL code.  Upstream has graciously agreed to add the usual
    exception [1], so this should be a non-issue in short order.

  * Map to an FHS layout, using symlinks if necessary.  Tentatively:

    /var/ossec/bin        -> /usr/bin
    /var/ossec/etc        -> /etc/ossec
    /var/ossec/logs       -> /var/log/ossec
    /var/ossec/queue      -> /var/spool/ossec
    /var/ossec/var/run    -> /var/run/ossec
    /var/ossec (the rest) -> /var/lib/ossec

  * Debconf-iscate as much of install.sh as possible.

  * Link against zlib1g rather than an embedded copy, to avoid giving
    more headaches to the Security Team [2].

I'll keep this bug posted.

[1] <http://marc.info/?t=119567120200010>
[2] <http://wiki.debian.org/EmbeddedCodeCopies>

Cheers,

Matej




Owner changed from alberto furia <straluna@email.it> to Matej Vela <vela@debian.org>. Request was from Matej Vela <vela@debian.org> to control@bugs.debian.org. (Thu, 22 Nov 2007 00:21:03 GMT) Full text and rfc822 format available.

Disconnected #407121 from all other report(s). Request was from Matej Vela <vela@debian.org> to control@bugs.debian.org. (Thu, 22 Nov 2007 00:21:04 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, <wnpp@debian.org>, Matej Vela <vela@debian.org>:
Bug#361954; Package wnpp. Full text and rfc822 format available.

Acknowledgement sent to Yaroslav Halchenko <debian@onerussian.com>:
Extra info received and forwarded to list. Copy sent to <wnpp@debian.org>, Matej Vela <vela@debian.org>. Full text and rfc822 format available.

Message #38 received at 361954@bugs.debian.org (full text, mbox):

From: Yaroslav Halchenko <debian@onerussian.com>
To: Matej Vela <vela@debian.org>
Cc: 361954@bugs.debian.org, control@bugs.debian.org, Alberto Furia <straluna@email.it>, Alex de Oliveira Silva <enerv@host.sk>, Vincent Bernat <bernat@luffy.cx>
Subject: Re: Bug#361954: ITP: ossec-hids -- Host-based intrusion detection system
Date: Wed, 21 Nov 2007 20:50:38 -0500
Hi Matej

That would be great if you accomplish the mission. Unfortunately I had
no time to look into it closely, but in my memory comes the fact that I
found sources of client and server be 99% identical besides 1 part and
configuration files, so I thought that they might be composed as a
single package. I wanted to ask upstream mailing list but never got
there.

Please keep the bug posted ;)
Yarik


On Thu, 22 Nov 2007, Matej Vela wrote:

> owner 361954 !
> unmerge 407121
> close 407121
> thanks

> On Tue, Jun 12, 2007 at 11:42:33 +0200, Alberto Furia wrote:
> > Ciao Yaroslav,
> > i can't fornish ossec for debian in this moment: for me it's ok if
> > you want to package it.

> Since no one jumped in, I guess I'm taking over the ITP.  Of course,
> co-maintainers are more than welcome.  I'm also closing #407121 so that
> we don't have two bugs to keep track of.
-- 
Yaroslav Halchenko
Research Assistant, Psychology Department, Rutgers-Newark
Student  Ph.D. @ CS Dept. NJIT
Office: (973) 353-5440x263 | FWD: 82823 | Fax: (973) 353-1171
        101 Warren Str, Smith Hall, Rm 4-105, Newark NJ 07102
WWW:     http://www.linkedin.com/in/yarik        




Information forwarded to debian-bugs-dist@lists.debian.org, <wnpp@debian.org>, Matej Vela <vela@debian.org>:
Bug#361954; Package wnpp. Full text and rfc822 format available.

Acknowledgement sent to "Carlos Eduardo Pedroza Santiviago" <carlos@santiviago.com>:
Extra info received and forwarded to list. Copy sent to <wnpp@debian.org>, Matej Vela <vela@debian.org>. Full text and rfc822 format available.

Message #43 received at 361954@bugs.debian.org (full text, mbox):

From: "Carlos Eduardo Pedroza Santiviago" <carlos@santiviago.com>
To: 361954@bugs.debian.org
Subject: Any update on OSSEC packages?
Date: Sat, 3 May 2008 12:16:08 -0300
Hi,

Any update on this? I really would like to help if possible.

-- 
Carlos Eduardo Pedroza Santiviago - <carlos at santiviago.com>
http://softwarelivre.net | Passo-a-passo rumo à liberdade!

Removed annotation that Bug was owned by Matej Vela <vela@debian.org>. Request was from Matej Vela <vela@debian.org> to control@bugs.debian.org. (Tue, 03 Feb 2009 08:09:02 GMT) Full text and rfc822 format available.

Changed Bug title to `RFP: ossec-hids -- Host-based intrusion detection system' from `ITP: ossec-hids -- Host-based intrusion detection system'. Request was from Raphael Geissert <atomo64@gmail.com> to control@bugs.debian.org. (Mon, 09 Feb 2009 07:33:19 GMT) Full text and rfc822 format available.

Changed Bug title to 'ITP: ossec-hids -- Host-based intrusion detection system' from 'RFP: ossec-hids -- Host-based intrusion detection system' Request was from Jose Antonio Quevedo <joseantonio.quevedo@gmail.com> to control@bugs.debian.org. (Wed, 29 Jul 2009 09:45:08 GMT) Full text and rfc822 format available.

Owner recorded as joseantonio.quevedo@gmail.com. Request was from Jose Antonio Quevedo <joseantonio.quevedo@gmail.com> to control@bugs.debian.org. (Wed, 29 Jul 2009 09:45:09 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, <wnpp@debian.org>, joseantonio.quevedo@gmail.com:
Bug#361954; Package wnpp. (Tue, 26 Jan 2010 18:27:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Jose Antonio Quevedo Muñoz <joseantonio.quevedo@gmail.com>:
Extra info received and forwarded to list. Copy sent to <wnpp@debian.org>, joseantonio.quevedo@gmail.com. (Tue, 26 Jan 2010 18:27:03 GMT) Full text and rfc822 format available.

Message #56 received at 361954@bugs.debian.org (full text, mbox):

From: Jose Antonio Quevedo Muñoz <joseantonio.quevedo@gmail.com>
To: 361954@bugs.debian.org
Subject: Status update
Date: Tue, 26 Jan 2010 07:30:17 +0100
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi all,

first of all, I'd like to thank Matej Vela for his last notes in this
thread, it was a very good place to start analyzing the package.

Today Ossec cannot be distributed by Debian because of a license issue
that was notified to the upstream around 2 months ago. They have to add
an OpenSSL exception to the license and they are discussing this issue.
We are now waiting for news about this, Daniel B. Cid (upstream) said
that he doesn't think that this issue would be a problem, so we can
continue working on it hoping this change will happen, but we cannot
distribute this code with the current license.

So now I'm looking for all those changes that would be nice to be done
on the upstream code.

I'll thank any advise about any aspect relative to this package.

Thanks for all.
Best regards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iQIcBAEBCAAGBQJLXov0AAoJEBwLEnROdHjaaC0P+wUOHZaqLTKHaGgm7ImGRhq3
PHM3A5qh/eGG6qCZ68KFfeJ/29bSQc2Cm/EYJrpJ51WnCTaDxFiaOgWmxK+MdXaY
7yCMk+AxmBxjrhALMf/Rl0GtnqSFol/WG4O07t5C7k2DkGp6K3jxu0KOoRPZzyN6
HX5N8oDKRM5Osd+BXDGR2DipWx0ZAA/2O2g23qABUNAuuHcB10ARgyid/uy7hrwH
To38xzBSvgH+fjQHOFWlhpSbwi/rEOvaCOWXf+Iq+l/xvRtYbyrMHNm7Og0bfH42
T7xlSYYqEGnl1gQ3JdRU/ox54JA4C26P9ftum19aaciGy8g+cErTzi2mf1W0Mj/5
1bp574J4IJVuAEsRul5ORnDG7TU70JQmcCR/boOt3G0CbesSUAHgoM+Q/l9P2uF6
ZbYFdO4CxppAPK6spe7wte2DJQ/O5xyuXnTICXLBMTBXh1f167Qc0511du7EQ6jI
nKu2WgDKkK/pnIX3j6Ltq86vowKp2YVjZpLhajwrPyKQUGpzLFoSsYtx22nyZqJB
KFV16WJnkSeKPZfSq2G0F0H0yt0CHDAgQyEkxU7PsA/JcqVpiLkhuZIIbA1GZRAW
FSVHCwp8axiKu1sF53r2zRaWMeSwHGuoQlmLNhdTDJlxDA0tn3XjMr6xq/nyODbv
C/sm5n6/+CJy2cUpaDMe
=jN2Z
-----END PGP SIGNATURE-----




Information forwarded to debian-bugs-dist@lists.debian.org, wnpp@debian.org, joseantonio.quevedo@gmail.com:
Bug#361954; Package wnpp. (Sun, 30 May 2010 14:09:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Jose Antonio Quevedo Muñoz <joseantonio.quevedo@gmail.com>:
Extra info received and forwarded to list. Copy sent to wnpp@debian.org, joseantonio.quevedo@gmail.com. (Sun, 30 May 2010 14:09:06 GMT) Full text and rfc822 format available.

Message #61 received at 361954@bugs.debian.org (full text, mbox):

From: Jose Antonio Quevedo Muñoz <joseantonio.quevedo@gmail.com>
To: 361954@bugs.debian.org
Subject: Bug#361954: Status update
Date: Sun, 30 May 2010 16:08:37 +0200
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi all again,

an improvements list about ossec v2.3 was uploaded to upstream on April
13th, 2010.

This improvements are about license issues, how this software works
(security issues), and secondary functionality.

Now we are waiting for the first 2 improvements to be done to continue
working on this package.

Best regards,

- - --
Jose Antonio Quevedo Muñoz
Key fingerprint: 4123 17A5 42F0 10BC 1C8D 88A9 1C0B 1274 4E74 78DA

- - --
Ever tried. Ever failed. No matter.
Try again. Fail again. Fail better.
~ Samuel Beckett ~
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iQIcBAEBCAAGBQJMAnFjAAoJEBwLEnROdHjalo0P/RI+EJQT5cUtCBLqs+kIkZn0
B1KlWj/CqGnqUnco88GEZhdE0/HI16X9ZxkC6S2eBkrFETPtbVrzo6gW4MhKlZOo
S/wuOXcN49ahy3pZKBzudyu08ojdR8ozRdGGRJIon8AqPtIdbFgXRcXinPivB2I8
PgSfESAtn0N8RdQ0sbPwduHYfvSbhGvbL4SBryys3Q2S1McK+zOctJbNTyPt7urL
+gQomPQygMGnlavQawyGzznp3fP1DkfNZkaAI0dbNcy26NzVG4WToS2XVwJW8vtd
xh0Nkz+1klKrJy7/pm/qKCyvOJ2xAi/yRktD3KoX6wx+ZBRb8yz6vddvmUYbqSx6
ZijNtlUJTzeF6ttmOZU90XHw8cEc8j88GkZSCveKEwOZkdAJjWsp9WDZEtTgpiW7
ntYiZEOm4osdRr0PyPpMHXHkDBbet9e7qstVyMcA2t+3n8OOwMyjWvGjXWDKWaeK
Qvwzw5mrMpRPuA57iHNozQRsdnaQ/izGe7Tj8oy7BmkwttAOMkwHfm87Gm+1TQjH
yWul1m80go6+MDBZFqqRtFUvfyx0hAWn9ZqMNo80CF8/WUp/4z5fyJv1pgu+p7JH
9PXqDm8ubpQ59E8yapE//4AGG9zHnHhkYRDYH4h7vbtSNJi3hg+hx+PgUW5lwxsJ
cyjDAkybnyM22kAYTAeE
=dnFk
-----END PGP SIGNATURE-----




Information forwarded to debian-bugs-dist@lists.debian.org, wnpp@debian.org, joseantonio.quevedo@gmail.com:
Bug#361954; Package wnpp. (Wed, 22 Sep 2010 16:06:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Vincent Blut <vincent.debian@free.fr>:
Extra info received and forwarded to list. Copy sent to wnpp@debian.org, joseantonio.quevedo@gmail.com. (Wed, 22 Sep 2010 16:06:04 GMT) Full text and rfc822 format available.

Message #66 received at 361954@bugs.debian.org (full text, mbox):

From: Vincent Blut <vincent.debian@free.fr>
To: 361954@bugs.debian.org
Subject: Bug#361954: Status update
Date: Wed, 22 Sep 2010 18:03:32 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi all,

Any news about the first 2 improvement ?

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkyaRPMACgkQfwer1QPZVNIhjQCfXMxJofk98XZUhp38XlicltxL
SsYAoKx5dYuCt205+cC7T3H/UKKTAIxU
=8wwA
-----END PGP SIGNATURE-----





Information forwarded to debian-bugs-dist@lists.debian.org, wnpp@debian.org, joseantonio.quevedo@gmail.com:
Bug#361954; Package wnpp. (Fri, 24 Sep 2010 07:51:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Jose Antonio Quevedo Muñoz <joseantonio.quevedo@gmail.com>:
Extra info received and forwarded to list. Copy sent to wnpp@debian.org, joseantonio.quevedo@gmail.com. (Fri, 24 Sep 2010 07:51:06 GMT) Full text and rfc822 format available.

Message #71 received at 361954@bugs.debian.org (full text, mbox):

From: Jose Antonio Quevedo Muñoz <joseantonio.quevedo@gmail.com>
To: Vincent Blut <vincent.debian@free.fr>
Cc: 361954@bugs.debian.org
Subject: Re: Bug#361954: Status update
Date: Fri, 24 Sep 2010 09:49:18 +0200
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi everyone,

about the last status update report:
- - secondary functionality was already included in last upstream code,
- - security concerns were overriden,
- - the license exception for OpenSSL haven't been included by upstream yet.

The OpenSSL exception is needed because Ossec links against the OpenSSL
libraries.
There are two ways to avoid this issue: the first one is to wait for
upstream to include this exception into the legal code, the second one
is to patch the code to make it link against GnuTLS instead of OpenSSL.

While we keep waitting for upstream to path his legal code, we have
recently begun coding this patch so, if you are really interested in
having Ossec packaged for Debian, you are invited to code your own patch.
If you do so remember to forward it to this bug or
to me directly as you prefer.

Best regards,

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBCAAGBQJMnFf6AAoJEMPXPF2CJFgiZWAP/3c3SGjkyT6NJH5NKW5SWcmJ
Tn8YpVKRgLpXlTiepIoUaXHrPTxVdCNdfCP7K3eaP8rr05ur085JvdZR0I7FWYMW
mMMP29do0k1SEvX4U8X5FRbpq7NKqP6baM+CZ76paE3jWHViGkALfYdK9vKtRjRg
GzJVaU1Z078Nn85GqV4g7N4BBk3c9EpnwBKQvrG2bQPvGJfglXsDvQ4fEij2dqtH
ZnnDcfALnbLpVj8nh+HIHpCfm16HnHYb4IeGcqMbYxwFEL/IvA3B/n+I67rt4zDL
TF8dzRiSgKO7W7S4S6SiXPHQfIjOaKu8urS+J9YXRwJIMBWTZ0RiWGaCaLgP4nZl
D2b2JnE+RDupIEvdrpk+2s8o3NOU3doKc7wGYysdrlVVBUlV2PXNlPS0eNBRJUYR
Y9EM6Oio8waMM3FATag8/c7W6BaDq7/LBmyX9+bcOArxD/+qP916SP3Fsvx1m8e/
yxRhUaF/k8xzUmEZNR+1hc5v2nRebv6g4Myce06+ZQ6G7CvQWS1XSEuplzf5FiIH
Mg1IgQaiuPfRH8EDs2NMOr2urDLdqv9V2XboB9M58ZqtdEPe1DmCTrMXG/3J0NJ4
Cwgt6h+VGgLGb6mYHw5VODhfprSoJopdzFJhrSGizB+HT367KAx/0IlLmnHzLXW0
wDAEJEnoUWidQ0KG/DGL
=tr/p
-----END PGP SIGNATURE-----




Message sent on to Alberto Furia <straluna@email.it>:
Bug#361954. (Mon, 20 Dec 2010 11:51:05 GMT) Full text and rfc822 format available.

Message #74 received at 361954-submitter@bugs.debian.org (full text, mbox):

From: Javier Fernández-Sanguino Peña <jfs@computer.org>
To: 361954-submitter@bugs.debian.org, Jose Antonio Quevedo Muñoz <joseantonio.quevedo@gmail.com>
Subject: Preventing use of OpenSSL in OSSEC to package it for Debian
Date: Mon, 20 Dec 2010 12:48:40 +0100
[Message part 1 (text/plain, inline)]
Hi,

It seems that this ITP is stuck for 4 years due to OSSEC's use of OpenSSL.
However, digging at the sources I only see OSSEC using OpenSSL in
src/os_crypto/sha1/sha1_op.c  in order to generate SHA1 digests.

However, this code seems to compile fine if you just do *not* define
USE_OPENSSL and remove the comments that disable the following code:

---------------------------------
#ifndef USE_OPENSSL
#include "sha.h"
#include "sha_locl.h"
#else
#include <openssl/sha.h>
#endif
---------------------------------

The code at src/os_crypto/blowfish/ also includes some openssl references but
these seem to be disabled if you do not define USE_OPENSSL.

Wouldn't it be possible to provide packages without USE_OPENSSL defined? it
seems that for this work only the above change to src/os_crypto/sha1/sha1_op.c
as well as changing src/Makeall needs to be changed (the latter to prevent it
from defining USE_OPENSSL) *even* if the OpenSSL libraries are available.

Are there any preliminary Debian packages I could work with to see if this
could be a viable approach? I don't seem to find any URL to any "under-construction"
packages before they are uploaded to Debian proper. It would be good if these
were made available (maybe at people.debian.org) to help with tinkering and
testing.

Best regards,


Javier


[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, wnpp@debian.org, joseantonio.quevedo@gmail.com:
Bug#361954; Package wnpp. (Tue, 01 Mar 2011 13:24:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to ciaran@linux.ie:
Extra info received and forwarded to list. Copy sent to wnpp@debian.org, joseantonio.quevedo@gmail.com. (Tue, 01 Mar 2011 13:24:03 GMT) Full text and rfc822 format available.

Message #79 received at 361954@bugs.debian.org (full text, mbox):

From: Ciarán Handley <ciaran@linux.ie>
To: 361954@bugs.debian.org
Subject: status update?
Date: Tue, 1 Mar 2011 13:20:11 +0000
[Message part 1 (text/plain, inline)]
Jose,

Are you having discussions about this with the developer outside of their
mailing lists?  From what I found on the different lists at
http://www.ossec.net/main/support/ there haven't been any updates since '09.
 It seems to me that for them to add exception/s is a trivial change.  Why
is this taking so long?  What can we do to speed this up a bit?  I took the
liberty of making the 'suggestion' on their request page (
http://ossec.uservoice.com/forums/18254-general/suggestions/1543503-debian-package),
if people would like to vote it up.

Cheers,
Ciarán
[Message part 2 (text/html, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, wnpp@debian.org, joseantonio.quevedo@gmail.com:
Bug#361954; Package wnpp. (Tue, 22 Mar 2011 22:42:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Jose Antonio Quevedo <joseantonio.quevedo@gmail.com>:
Extra info received and forwarded to list. Copy sent to wnpp@debian.org, joseantonio.quevedo@gmail.com. (Tue, 22 Mar 2011 22:42:03 GMT) Full text and rfc822 format available.

Message #84 received at 361954@bugs.debian.org (full text, mbox):

From: Jose Antonio Quevedo <joseantonio.quevedo@gmail.com>
To: ciaran@linux.ie
Cc: 361954@bugs.debian.org
Subject: Re: Bug#361954: status update?
Date: Tue, 22 Mar 2011 23:38:35 +0100
[Message part 1 (text/plain, inline)]
Hi folks,

this package have been stuck while we were waitting for the OpenSSL
exception to be added to the Ossec's legal code. Today this exception
haven't been added, but Daniel Cid (upstream) wants to keep his code as GPL,
so we can continue working hoping to solve the OpenSSL issue later.
There are two ways to avoid the OpenSSL exception: disabling OpenSSL or
migrate the code from OpenSSL to GNU/TLS.

Now we already know, thanks to Javier Fernandez-Sanguino, that we can
disable OpenSSL and make it work pretty easily.

But the other question would be, what do you think about the impact of
disabling openssl on Ossec? OpenSSL has some interesting features that
should be considered.
We can disable OpenSSL and make it work, but doing this we could be
releasing a dangerous software, so IMHO it would be quite interesting to
have an OpenSSL-2-GNUTLS.patch.

Now I'm looking for the way to publish the source code of this package as
it's developed.
Maybe you already know a good place to do this and would like to share? Then
please, let us know. I'm thinking in a git repository.

Happy hacking,

2011/3/1 Ciarán Handley <ciaran@linux.ie>

> Jose,
>
> Are you having discussions about this with the developer outside of their
> mailing lists?  From what I found on the different lists at
> http://www.ossec.net/main/support/ there haven't been any updates since
> '09.  It seems to me that for them to add exception/s is a trivial change.
>  Why is this taking so long?  What can we do to speed this up a bit?  I took
> the liberty of making the 'suggestion' on their request page (
> http://ossec.uservoice.com/forums/18254-general/suggestions/1543503-debian-package),
> if people would like to vote it up.
>
> Cheers,
> Ciarán
>



-- 
Jose Antonio Quevedo Muñoz
Key fingerprint: C88A AAFA CF91 F556 E1D5  52FC C3D7 3C5D 8224 5822
--
Ever tried. Ever failed. No matter.
Try again. Fail again. Fail better.
~ Samuel Beckett ~
[Message part 2 (text/html, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, wnpp@debian.org, joseantonio.quevedo@gmail.com:
Bug#361954; Package wnpp. (Tue, 19 Jul 2011 00:18:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Jose Antonio Quevedo Muñoz <joseantonio.quevedo@gmail.com>:
Extra info received and forwarded to list. Copy sent to wnpp@debian.org, joseantonio.quevedo@gmail.com. (Tue, 19 Jul 2011 00:18:03 GMT) Full text and rfc822 format available.

Message #89 received at 361954@bugs.debian.org (full text, mbox):

From: Jose Antonio Quevedo Muñoz <joseantonio.quevedo@gmail.com>
To: 361954@bugs.debian.org
Subject: Bug#361954: new Alioth project, mail list, git repository && irc channel
Date: Tue, 19 Jul 2011 02:16:17 +0200
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi folks,

it's a pleasure to announce that thanks to Javier Fernández-Sanguino we
have recently created an Alioth project called *pkg-ossec* [1] to track
the Ossec's packaging process.

There we have a git repository and a mail list for development purposes
[2] where you can track and discuss the recent and forthcoming commits.

We have created an irc channel at irc.debian.org called #pkg-ossec.

And please, take a look at [3] if you want more information about how to
contribute to this project as it contains most of the policy we'll use
to handle the code.

Thanks for all your contributions.
See you there,

[1] https://alioth.debian.org/projects/pkg-ossec/
[2] https://lists.alioth.debian.org/mailman/listinfo/pkg-ossec-devel
[3] http://www.eyrie.org/~eagle/notes/debian/git.html


On 22/03/11 23:38, Jose Antonio Quevedo wrote:
> Hi folks,
> 
> this package have been stuck while we were waitting for the OpenSSL
> exception to be added to the Ossec's legal code. Today this exception
> haven't been added, but Daniel Cid (upstream) wants to keep his code as
> GPL, so we can continue working hoping to solve the OpenSSL issue later.
> There are two ways to avoid the OpenSSL exception: disabling OpenSSL or
> migrate the code from OpenSSL to GNU/TLS.
> 
> Now we already know, thanks to Javier Fernandez-Sanguino, that we can
> disable OpenSSL and make it work pretty easily.
> 
> But the other question would be, what do you think about the impact of
> disabling openssl on Ossec? OpenSSL has some interesting features that
> should be considered.
> We can disable OpenSSL and make it work, but doing this we could be
> releasing a dangerous software, so IMHO it would be quite interesting to
> have an OpenSSL-2-GNUTLS.patch.
> 
> Now I'm looking for the way to publish the source code of this package
> as it's developed.
> Maybe you already know a good place to do this and would like to share?
> Then please, let us know. I'm thinking in a git repository.
> 
> Happy hacking,
> 
> 2011/3/1 Ciarán Handley <ciaran@linux.ie <mailto:ciaran@linux.ie>>
> 
>     Jose,
> 
>     Are you having discussions about this with the developer outside of
>     their mailing lists?  From what I found on the different lists at
>     http://www.ossec.net/main/support/ there haven't been any updates
>     since '09.  It seems to me that for them to add exception/s is a
>     trivial change.  Why is this taking so long?  What can we do to
>     speed this up a bit?  I took the liberty of making the 'suggestion'
>     on their request page
>     (http://ossec.uservoice.com/forums/18254-general/suggestions/1543503-debian-package),
>     if people would like to vote it up.
> 
>     Cheers,
>     Ciarán
> 
> 
> 
> 
> -- 
> Jose Antonio Quevedo Muñoz
> Key fingerprint: C88A AAFA CF91 F556 E1D5  52FC C3D7 3C5D 8224 5822
> --
> Ever tried. Ever failed. No matter.
> Try again. Fail again. Fail better.
> ~ Samuel Beckett ~
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBCAAGBQJOJMzKAAoJEMPXPF2CJFgiI9oQAJJyWzNj1zG0VefubSK0adyR
rWaPRVazeTy/AQW/hjp907VC+RPM5ZazHmsb7cdH8qznv/rLvoG3/fCJKuciv23o
2y5bbLQ00mR0tkcnluKVhTCJ3e+x83nhLPvIQx1CrBl7bmULBivFGUbUlv0UKj9U
TZ8wJhAcoYZacwXh73j/aQZxmT2KsuzozitZtP3CA0TsdcFHDJ8m3cpFkeo22/ZQ
leinFapG+pbMmdl2QU597qVUfG7+kToDKyuYzhBF9+vfBDFJQR7Q9VPCgoY8ZwpA
L2JiSqPpwUEC6RYLzBw0AXLEnwavb8BOW1v/xUTkClUb5bE09ai/SDWizYq7EEN0
3FpPrET4raIU84y2bk6cALLKkNfl7quONNj8oTpflXAcVfYDgGnhtNjMPjzS/SYv
c48K0x2ijjMWesxy8tVXGxmnqd5+gN8pruDYBh4VPcD5s2OBmBnI6iuyVxfIiSig
PUpFk/LcDSxHpgkww+b4vE/LVzVu2tBe0n7e5yMcUSXpU76UVNumaJ3e0KAzOH3c
wh/DsA//NdFJXuxfyE9XR98bPmiCnZutawdHu3Sc8wo1GchgkgcWOejMwX6/kBfo
mw2SL+08lD8TkS1w0bLov3/BRmYlxWByjWtI6aofwSoWzDAhHb18a2/l/1CVcNFm
2OFryHKzBqz35B8QdZnn
=mzs7
-----END PGP SIGNATURE-----




Information forwarded to debian-bugs-dist@lists.debian.org, wnpp@debian.org, joseantonio.quevedo@gmail.com:
Bug#361954; Package wnpp. (Mon, 01 Aug 2011 23:45:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Jose Antonio Quevedo Muñoz <joseantonio.quevedo@gmail.com>:
Extra info received and forwarded to list. Copy sent to wnpp@debian.org, joseantonio.quevedo@gmail.com. (Mon, 01 Aug 2011 23:45:03 GMT) Full text and rfc822 format available.

Message #94 received at 361954@bugs.debian.org (full text, mbox):

From: Jose Antonio Quevedo Muñoz <joseantonio.quevedo@gmail.com>
To: ossec-dev@googlegroups.com
Cc: dcid@ossec.net, pkg-ossec-devel@lists.alioth.debian.org, 361954@bugs.debian.org
Subject: OpenSSL exception
Date: Tue, 02 Aug 2011 01:41:35 +0200
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi everyone,

I'm packaging your software, Ossec, for Debian [1] and, there's an
ambiguity issue between GPL and OpenSSL licenses when they are being
redistributed together.

It would be great if you could add the OpenSSL exception to Ossec's
legal code as it's described in this email [2] because, although I
already have a patch to avoid linking against OpenSSL, and sysadmins can
use other software (like OpenVPN) to send information through OpenSSL
tunnels, this is an interesting feature that I'm sure we all would be
glad of being able to use in our Ossec server-agent installation.

I'll be waitting for your answer here or within your code.

Thanks in advance,

[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=361954
[2] http://lists.debian.org/debian-legal/2004/05/msg00595.html

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBCAAGBQJONzmnAAoJEMPXPF2CJFgiCTQP/jFLpAshgTv+u4/MnKO8p7VP
tLD/huEFDy9aGx49cIATNsWkgWNEmWltVVMxae8dNgeU0L9Gbql7XeQSkYY2d6Ny
mJYJbIa+OmhRRS1iQq6H8XoUvWPviafbG7Ljjoc322sJqfcRgbJC7XomUuiFbrYD
FRjUpT86HUrm5SPFhHsRQsaFhGzPQO2dbxR4DP+rsQoKCZe//J92tSlDeubjJnjg
4lE6VZDhgTPInAM9aWKLX4nvE6sN0UhVI2/styd30t3Gg7/YMRrezUWZduaMcAoR
vDFbP4iKBllGQDkDcihTbhw5yM/9FFm0F8PKFENXsa3re3DPGSTv8m//wXxPhjCH
J+rUaWg2QTQFBo2UQ2NrZ74OMraqUYfEyViVQUbJXQIp07bePWWcCRZSVvXZlofE
OSXY0+NUkx5Ksafn2cp+cgLBNo3e+SeDtBdZMs5kT+ObO3fkYhFfNU8ooc47M/Pk
S+oVJ1dVHRCj+gGpY5211w60sIAPjQhUym5VlUwiToSbynNiWRrBWjkJ9QnsuVlJ
cy4vFSZ2KrX0ZcSO4yIQXhgnq9buTujLSffFVAp0R5Q5qszCuC53aH7+VREppwbA
p4tNgkkC50YAiLYIMStgNSJRBoa5QLWTCoqKLo0GYa2PsCbDoHIPGw4/Jd6icfqy
0v4mwvfgdVHJXNGoluuN
=Cj4n
-----END PGP SIGNATURE-----




Information forwarded to debian-bugs-dist@lists.debian.org, wnpp@debian.org, joseantonio.quevedo@gmail.com:
Bug#361954; Package wnpp. (Wed, 03 Aug 2011 14:39:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Daniel Cid <daniel.cid@gmail.com>:
Extra info received and forwarded to list. Copy sent to wnpp@debian.org, joseantonio.quevedo@gmail.com. (Wed, 03 Aug 2011 14:39:03 GMT) Full text and rfc822 format available.

Message #99 received at 361954@bugs.debian.org (full text, mbox):

From: Daniel Cid <daniel.cid@gmail.com>
To: ossec-dev@googlegroups.com
Cc: pkg-ossec-devel@lists.alioth.debian.org, 361954@bugs.debian.org
Subject: Re: [ossec-dev] OpenSSL exception
Date: Wed, 3 Aug 2011 11:37:54 -0300
So what exactly needs to be added to the license? I will send that to
the Trend team for addition...

Also, OpenSSL doesn't need to be added (and everything should work
fine). In fact, that's how we support
systems without openssl-dev installed... We just link to it for small
performance gains (when generating the
sha1 hashes).

thanks,


2011/8/1 Jose Antonio Quevedo Muñoz <joseantonio.quevedo@gmail.com>:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Hi everyone,
>
> I'm packaging your software, Ossec, for Debian [1] and, there's an
> ambiguity issue between GPL and OpenSSL licenses when they are being
> redistributed together.
>
> It would be great if you could add the OpenSSL exception to Ossec's
> legal code as it's described in this email [2] because, although I
> already have a patch to avoid linking against OpenSSL, and sysadmins can
> use other software (like OpenVPN) to send information through OpenSSL
> tunnels, this is an interesting feature that I'm sure we all would be
> glad of being able to use in our Ossec server-agent installation.
>
> I'll be waitting for your answer here or within your code.
>
> Thanks in advance,
>
> [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=361954
> [2] http://lists.debian.org/debian-legal/2004/05/msg00595.html
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.11 (GNU/Linux)
>
> iQIcBAEBCAAGBQJONzmnAAoJEMPXPF2CJFgiCTQP/jFLpAshgTv+u4/MnKO8p7VP
> tLD/huEFDy9aGx49cIATNsWkgWNEmWltVVMxae8dNgeU0L9Gbql7XeQSkYY2d6Ny
> mJYJbIa+OmhRRS1iQq6H8XoUvWPviafbG7Ljjoc322sJqfcRgbJC7XomUuiFbrYD
> FRjUpT86HUrm5SPFhHsRQsaFhGzPQO2dbxR4DP+rsQoKCZe//J92tSlDeubjJnjg
> 4lE6VZDhgTPInAM9aWKLX4nvE6sN0UhVI2/styd30t3Gg7/YMRrezUWZduaMcAoR
> vDFbP4iKBllGQDkDcihTbhw5yM/9FFm0F8PKFENXsa3re3DPGSTv8m//wXxPhjCH
> J+rUaWg2QTQFBo2UQ2NrZ74OMraqUYfEyViVQUbJXQIp07bePWWcCRZSVvXZlofE
> OSXY0+NUkx5Ksafn2cp+cgLBNo3e+SeDtBdZMs5kT+ObO3fkYhFfNU8ooc47M/Pk
> S+oVJ1dVHRCj+gGpY5211w60sIAPjQhUym5VlUwiToSbynNiWRrBWjkJ9QnsuVlJ
> cy4vFSZ2KrX0ZcSO4yIQXhgnq9buTujLSffFVAp0R5Q5qszCuC53aH7+VREppwbA
> p4tNgkkC50YAiLYIMStgNSJRBoa5QLWTCoqKLo0GYa2PsCbDoHIPGw4/Jd6icfqy
> 0v4mwvfgdVHJXNGoluuN
> =Cj4n
> -----END PGP SIGNATURE-----
>




Information forwarded to debian-bugs-dist@lists.debian.org, wnpp@debian.org, joseantonio.quevedo@gmail.com:
Bug#361954; Package wnpp. (Wed, 03 Aug 2011 21:51:07 GMT) Full text and rfc822 format available.

Acknowledgement sent to Javier Fernández-Sanguino Peña <jfs@computer.org>:
Extra info received and forwarded to list. Copy sent to wnpp@debian.org, joseantonio.quevedo@gmail.com. (Wed, 03 Aug 2011 21:51:07 GMT) Full text and rfc822 format available.

Message #104 received at 361954@bugs.debian.org (full text, mbox):

From: Javier Fernández-Sanguino Peña <jfs@computer.org>
To: Daniel Cid <daniel.cid@gmail.com>
Cc: ossec-dev@googlegroups.com, pkg-ossec-devel@lists.alioth.debian.org, 361954@bugs.debian.org
Subject: Re: [Pkg-ossec-devel] [ossec-dev] OpenSSL exception
Date: Wed, 3 Aug 2011 23:47:11 +0200
[Message part 1 (text/plain, inline)]
On Wed, Aug 03, 2011 at 11:37:54AM -0300, Daniel Cid wrote:
> So what exactly needs to be added to the license? I will send that to
> the Trend team for addition...

I believe the following text should do it:

"In addition, as a special exception, the copyright holders give permission
to link the code of portions of this program with the OpenSSL library under
certain conditions as described in each individual source file, and
distribute linked combinations including the two.

You must obey the GNU General Public License in all respects for all of the
code used other than OpenSSL. If you modify file(s) with this exception, you
may extend this exception to your version of the file(s), but you are not
obligated to do so. If you do not wish to do so, delete this exception
statement from your version. If you delete this exception statement from all
source files in the program, then also delete it here."

This should be added in the header of source files that link to OpenSSL. See
attached example file (gpl-openssl-header.txt) for a header.

In addition, to clarify the situation, the attached file LICENSE.OpenSSL
could be added to the source code's alongside the LICENSE file

For more information see:
 - http://people.gnome.org/~markmc/openssl-and-the-gpl.html
 - http://lists.debian.org/debian-legal/2004/05/msg00595.html

> Also, OpenSSL doesn't need to be added (and everything should work
> fine). In fact, that's how we support
> systems without openssl-dev installed... We just link to it for small
> performance gains (when generating the
> sha1 hashes).

In OSSEC you are actually embedding OpenSSL code directly, so the exception
is required, regardless of whether (in the build) the code links to the
OpenSSL's system libraries or to the OpenSSL code built from the OpenSSL
code you include.

More specifically, the files src/os_crypto/sha1/md32_common.h,
src/os_crypto/sha1/sha.h, and src/os_crypto/sha1/sha_locl.h seem to come
straight form the OpenSSL library.

This being the case, the license exception needs to be added. If you want to
prevent this exception then you could replace the OpenSSL implementation and
use the GNU TLS library, which provides the same functions you use. This
library is GPL-compatible.

Historically, some projects have decided in the past to move from the OpenSSL
library to the GNU TLS because of these license incompatibilities.


Regards


Javier






[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, wnpp@debian.org, joseantonio.quevedo@gmail.com:
Bug#361954; Package wnpp. (Wed, 03 Aug 2011 22:06:22 GMT) Full text and rfc822 format available.

Acknowledgement sent to Javier Fernández-Sanguino Peña <jfs@computer.org>:
Extra info received and forwarded to list. Copy sent to wnpp@debian.org, joseantonio.quevedo@gmail.com. (Wed, 03 Aug 2011 22:06:22 GMT) Full text and rfc822 format available.

Message #109 received at 361954@bugs.debian.org (full text, mbox):

From: Javier Fernández-Sanguino Peña <jfs@computer.org>
To: Daniel Cid <daniel.cid@gmail.com>, ossec-dev@googlegroups.com, pkg-ossec-devel@lists.alioth.debian.org, 361954@bugs.debian.org
Subject: Re: [Pkg-ossec-devel] [ossec-dev] OpenSSL exception
Date: Thu, 4 Aug 2011 00:05:42 +0200
[Message part 1 (text/plain, inline)]
On Wed, Aug 03, 2011 at 11:47:11PM +0200, Javier Fern?ndez-Sanguino Pe?a wrote:
> 
(....)
> This should be added in the header of source files that link to OpenSSL. See
> attached example file (gpl-openssl-header.txt) for a header.
> 
> In addition, to clarify the situation, the attached file LICENSE.OpenSSL
> could be added to the source code's alongside the LICENSE file
(...)

Sorry, I forgot to attach the aforementioned files. They are attached to this
email.

Regards

Javier
[LICENSE.OpenSSL (text/plain, attachment)]
[gpl-openssl-header.txt (text/plain, attachment)]
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, wnpp@debian.org, joseantonio.quevedo@gmail.com:
Bug#361954; Package wnpp. (Tue, 23 Aug 2011 08:21:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Amaya <amaya@debian.org>:
Extra info received and forwarded to list. Copy sent to wnpp@debian.org, joseantonio.quevedo@gmail.com. (Tue, 23 Aug 2011 08:21:04 GMT) Full text and rfc822 format available.

Message #114 received at 361954@bugs.debian.org (full text, mbox):

From: Amaya <amaya@debian.org>
To: Daniel Cid <daniel.cid@gmail.com>, ossec-dev@googlegroups.com, pkg-ossec-devel@lists.alioth.debian.org, 361954@bugs.debian.org
Subject: [Bug #361954] Any news?
Date: Tue, 23 Aug 2011 10:21:11 +0200
Hi all!

Any updates on the changes needed for ossec to be packaged in Debian?
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=361954
Thanks!

-- 
 .''`. Trouble always comes at the wrong time
: :' :
`. `'
  `-         Proudly running Debian GNU/Linux




Information forwarded to debian-bugs-dist@lists.debian.org, wnpp@debian.org, joseantonio.quevedo@gmail.com:
Bug#361954; Package wnpp. (Tue, 30 Aug 2011 07:39:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Jose Antonio Quevedo <joseantonio.quevedo@gmail.com>:
Extra info received and forwarded to list. Copy sent to wnpp@debian.org, joseantonio.quevedo@gmail.com. (Tue, 30 Aug 2011 07:39:03 GMT) Full text and rfc822 format available.

Message #119 received at 361954@bugs.debian.org (full text, mbox):

From: Jose Antonio Quevedo <joseantonio.quevedo@gmail.com>
To: Amaya <amaya@debian.org>
Cc: Daniel Cid <daniel.cid@gmail.com>, ossec-dev@googlegroups.com, pkg-ossec-devel@lists.alioth.debian.org, 361954@bugs.debian.org
Subject: Re: [Pkg-ossec-devel] [Bug #361954] Any news?
Date: Tue, 30 Aug 2011 09:37:32 +0200
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi there,

excuse me for this late response.

Although there are some minor issues that are already commented in the
code published in the pkg-ossec git repository, these are the main ones:

- - external zlib: we have compared and discussed around the differences
between original zlib and Ossec's zlib version and, although some of
these modifications seem to be interesting features and will be send
some of them to zlib upstream, IMO this can be overriden and we are
ready to link against the zlib distributed by Debian.
- - OpenSSL exception: we need the OpenSSL exception. We are waitting for
upstream to implement the legal code that avoids this problem but we are
considering to prepare a patch to make things easier to upstream.
- - chroot issue: as you already know, Ossec works in a chrooted
environment, and although this seems to be a a good idea, it's not being
perfectly handled. That's why we are working on a patch to improve this
feature.

Feel free to solve any of the above issues you by yourself and send us a
patch. It would be really helpful.

That's all by now.

Best regards,

2011/8/23 Amaya <amaya@debian.org>

> Hi all!
>
> Any updates on the changes needed for ossec to be packaged in Debian?
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=361954
> Thanks!
>
> --
>  .''`. Trouble always comes at the wrong time
> : :' :
> `. `'
>  `-         Proudly running Debian GNU/Linux
>
> _______________________________________________
> Pkg-ossec-devel mailing list
> Pkg-ossec-devel@lists.alioth.debian.org
> http://lists.alioth.debian.org/mailman/listinfo/pkg-ossec-devel
>



- -- 
Jose Antonio Quevedo Muñoz
Key fingerprint: C88A AAFA CF91 F556 E1D5  52FC C3D7 3C5D 8224 5822
- --
Ever tried. Ever failed. No matter.
Try again. Fail again. Fail better.
~ Samuel Beckett ~


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBCAAGBQJOXJM7AAoJEMPXPF2CJFgiiN0QAIbYX73c1BLVescMpMRnwWd2
ik1XsJhF7+hW6kQ7oEuKHSc/4qiZcwq1Wi+Qkqj2MLpMIa3RPTZndALc0mxiPUzm
clikaz7EplwRe3xGqhuWqYWyNoglRb6U0uDBMZGx/fUya/P0+pe5lYIRuHw7zPN1
xuwMj4OdUoum6QwLwyySuy5FO0U+rKOOBQHcndobW8veTXW3wXtHs8jUiP+eacrA
LbtOlpuiqkdRobKKYjBNZngt5MKsmCwnFauXvPUs7aDHgZUDlfHOiRcgqUfEMUMw
qEuivsLl9YYqRvi3xVl9flBOLhHp2VDK7YCb5uTZjVDWlUaKYQNI/O/6q2ajWg2D
zCFGXEggcdjE7CJllAkcOTmkykG2m8dcynFWgNzjqdebuIP7Ig4sy5zs0WaPDZp4
XWfFwdnuRCWclhSmgaE9tFgGDYYs0fNgl/Sem0ilD84ky7DGDEJPz5qsKPc4LcHc
bifubW0mEQlGHrRLFoIOoKzNWdtiTRNbuy8XUzpGEe2/Ts7+CGejHfYqNElxkWrm
0+IE6SAkCkLqeahMY7kISIgVVSzqa5TlImclPR8kqcIPYqJFnUaObKrLDGfxBTT2
mZFWiLjvqfFZjnPM+n/AYeCP5wF4BQ66hnAkHKoE7JkzuSCxEJLduBAxXjkXq6gS
9n8jbMRsJd52s+R6HjL/
=NmyD
-----END PGP SIGNATURE-----




Information forwarded to debian-bugs-dist@lists.debian.org, wnpp@debian.org, joseantonio.quevedo@gmail.com:
Bug#361954; Package wnpp. (Mon, 27 May 2013 14:09:21 GMT) Full text and rfc822 format available.

Acknowledgement sent to Lucas Nussbaum <lucas@debian.org>:
Extra info received and forwarded to list. Copy sent to wnpp@debian.org, joseantonio.quevedo@gmail.com. (Mon, 27 May 2013 14:09:21 GMT) Full text and rfc822 format available.

Message #124 received at 361954@bugs.debian.org (full text, mbox):

From: Lucas Nussbaum <lucas@debian.org>
To: 361954@bugs.debian.org
Cc: control@bugs.debian.org
Subject: ossec-hids: changing back from ITP to RFP
Date: Mon, 27 May 2013 15:24:26 +0200
retitle 361954 RFP: ossec-hids -- Host-based intrusion detection system
noowner 361954
tag 361954 - pending
thanks

Hi,

This is an automatic email to change the status of ossec-hids back from ITP
(Intent to Package) to RFP (Request for Package), because this bug hasn't seen
any activity during the last 12 months.

If you are still interested in adopting ossec-hids, please send a mail to
<control@bugs.debian.org> with:

 retitle 361954 ITP: ossec-hids -- Host-based intrusion detection system
 owner 361954 !
 thanks

However, it is not recommended to keep ITP for a long time without acting on
the package, as it might cause other prospective maintainers to refrain from
packaging that software. It is also a good idea to document your progress on
this ITP from time to time, by mailing <361954@bugs.debian.org>.

Thank you for your interest in Debian,
-- 
Lucas, for the QA team <debian-qa@lists.debian.org>



Changed Bug title to 'RFP: ossec-hids -- Host-based intrusion detection system' from 'ITP: ossec-hids -- Host-based intrusion detection system' Request was from Lucas Nussbaum <lucas@debian.org> to control@bugs.debian.org. (Mon, 27 May 2013 14:40:02 GMT) Full text and rfc822 format available.

Removed annotation that Bug was owned by joseantonio.quevedo@gmail.com. Request was from Lucas Nussbaum <lucas@debian.org> to control@bugs.debian.org. (Mon, 27 May 2013 14:40:02 GMT) Full text and rfc822 format available.

Changed Bug title to 'ITP: ossec-hids -- Host-based intrusion detection system' from 'RFP: ossec-hids -- Host-based intrusion detection system' Request was from Jose Antonio Quevedo Muñoz <joseantonio.quevedo@gmail.com> to control@bugs.debian.org. (Mon, 29 Jul 2013 21:36:05 GMT) Full text and rfc822 format available.

Owner recorded as Jose Antonio Quevedo Muñoz <joseantonio.quevedo@gmail.com>. Request was from Jose Antonio Quevedo Muñoz <joseantonio.quevedo@gmail.com> to control@bugs.debian.org. (Mon, 29 Jul 2013 21:36:05 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Fri Apr 18 16:07:56 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.