Mattia, On 4 April 2016 at 21:37, Mattia Rizzolo <mat...@debian.org> wrote: > yep, saw the mail that day, but didn't pay much attention back then.
There's no problem. > This is basically a security feature, I think, not a bug. > > Though you should be able to fix it more manually by directly editing > the HEAD file. > > but this time I just run the command for you :) > > This turned the HEAD file to be group Debian again and I can't have it > back to scm_collab-maint as I'm not in the collab-maint anymore. > > Yeah, permissions on collab-maint (and alioth in general) are just a > mess.... > If you have troubles with file permissions on collab-maint feel free to > mail me if you don't have any nearby DD.. Turns out that the "Debian" group is for DDs... Makes sense. Thanks for fixing this. I'll surely reach you in case I need something like that again. > DSA has nothing to do with alioth (sadly?), there is only one active > person with root on moszumanska (which is the guy that replied to you > last time, iirc), but he won't chgrp the directory (as afaik he made > them gid:Debian exactly because he wants to avoid external messing with > repositories (if the root directory was writable by you you would be > able to do anything with the config and the hooks, and that's a security > trouble on collab-maint where everybody has access). I see. The problem is that the repository is writable by the owner, who can edit any configs/hooks. I had a problem in this case because I was not the one who created it. It is indeed quite hard to take care of a place where so many people can write to. > Yep, even if I'm always wary of this. > I'm a guy who prefers using the tarballs as provided upstream. > I wrote this item before noticing that you used .xz, so a different > tarball than upstream. > Fine by me, I see how this is enough for this case. Now I understood. You mean a byte-to-byte identical tarball, not identical regarding its contents only. I see this as enough by now too. If the upstream starts releasing signed tarballs we can changed that. > ok, yes I know it's more popular. To me it seems "Expat" is known only > within Debian, heh :) Actually, now that you mentioned I guess I had never ever heard of the "Expat License" outside Debian... > going to set myself as owner, will look at it somewhen tomorrow though. Well, looks like you already take a look a few minutes ago. :-) > Well, I uploaded it :D > > I also tagged the repository. It is on the NEW queue right now. The tag detail is also pretty nice. Fetched it. Thank you very much, Mattia! Regards, Tiago. -- Tiago "Myhro" Ilieve Blog: https://blog.myhro.info/ GitHub: https://github.com/myhro LinkedIn: https://br.linkedin.com/in/myhro Montes Claros - MG, Brasil
