Re: Moving apt (and hence bootstraps) from GnuPG to Sequioa (via gpgv-sq)
On Mon, 25 Nov 2024 08:20:43 - (UTC) Sune Vuorela wrote: > On 2024-11-22, Frank Guthausen wrote: > > > > Which kind of default incompatibility is implemented in GnuPG 2.4? > > [...] > > LWN did an article in december about it. Do you mean the schism article[1]? I'll take this one as a starting point to dive into the matter. [1] https://lwn.net/Articles/953797/ kind regards Frank
Re: GnuPG 2.4 before Trixie freeze
On Sat, 04 Jan 2025 08:42:10 + Stephan Verbücheln wrote: > Please note that GnuPG 2.2 is also end of life now. > > https://gnupg.org/download/index.html GnuPG 2.4.7 is in experimental[1] but neither yet in sid[2] or trixie[3] (where it is version 2.2.45-2 in both repositories). The trixie freeze timeline is not yet announced[4] but compared to bookworm[5] one might guess this will happen in the near future. Is there enough time to shift GnuPG 2.4 into trixie until the planned summer release? [1] https://packages.debian.org/experimental/gnupg [2] https://packages.debian.org/sid/gnupg [3] https://packages.debian.org/trixie/gnupg [4] https://release.debian.org/testing/freeze_policy.html [5] https://release.debian.org/bookworm/freeze_policy.html -- kind regards Frank pgpbbWDEuT4jK.pgp Description: OpenPGP digital signature
Contents indices files
Hello. Maybe this question belongs more to debian-devel than debian-user: According to the repository format wiki page[1] there exists contents indices files, e.g. in Debian bookworm main[2]. How are they generated? Is there documentation in the Debian wiki? Some tool to support this? I created a repository with reprepro, but this generates Release and Packages files only, not the Contens-*.gz files. The content of this repository is invisible to apt-file. [1] https://wiki.debian.org/DebianRepository/Format#A.22Contents.22_indices [2] https://ftp.debian.org/debian/dists/bookworm/main/ -- kind regards Frank pgp_qroOE1Mfy.pgp Description: OpenPGP digital signature
Re: Contents indices files
On Wed, 18 Dec 2024 21:06:34 +0200 Peter Pentchev wrote: > On Wed, Dec 18, 2024 at 07:46:03PM +0100, Frank Guthausen wrote: > > > > I created a repository with reprepro, but this generates Release > > and Packages files only, not the Contens-*.gz files. The content > > of this repository is invisible to apt-file. > > I'm pretty sure I could find some info on the format of the Contents > files (they seem to be pretty much "path > section/pkgname"), but if your question is really about reprepro, I understood the format, but not the/any tool to create those files. > then take a look at the "Contents" option in the definition of a > distribution (the conf/distributions file); putting "Contents:" on a > line by itself will make reprepro generate the files. This was exactly the missing point. I regenerated the repository with this option and now apt-file sees all the files in the packages. THX -- kind regards Frank pgpCZBlAXe5Zf.pgp Description: OpenPGP digital signature
Directory structure suggestion for configuration in /etc
Hello. A lot of packages do default configuration in /etc/project.conf and admin related stuff in /etc/project.d/whatsoever.conf to separate the distribution part from local overrides. Every now and then it might be useful to switch changes on and off. The Debian apache2 package uses sites-available/ and sites-enabled/ folders. This is convenient. I use this idea as a blueprint for administration. I put local configuration stuff into /etc/project.available/ folders and symlinks into /etc/project.d/ folders. This allows to toggle on/off mode easily and is a coherent scheme (besides the little deviation in apache2). Is it reasonable to use this idea as "best practice" and implement it into Debian style administration recommendations? It works very well e.g. for repository usage /etc/apt/sources.list.available/ where an admin can look what is possible even if not part of the live system yet. This would allow to ship a bunch of suggestions without enabling them by default and without the need to edit the project.conf file. Please share your thoughts with the community. Was anything like this discussed previously? -- kind regards Frank pgpINqh6vdMEj.pgp Description: OpenPGP digital signature
Re: Directory structure suggestion for configuration in /etc
On Thu, 19 Dec 2024 09:01:09 +0100 Marco d'Itri wrote: > > No: the expected default for systemd-managed services is to use > /etc/$SERVICE/ . Debian GNU/Systemd is only an unofficial subdistribution of Debian GNU/Linux. YMMV -- kind regards Frank pgp3MLhxRVRIo.pgp Description: OpenPGP digital signature
Re: Directory structure suggestion for configuration in /etc
On Thu, 19 Dec 2024 18:03:06 +0900 Simon Richter wrote: > On 12/19/24 16:17, Frank Guthausen wrote: > > > A lot of packages do default configuration in /etc/project.conf and > > admin related stuff in /etc/project.d/whatsoever.conf to separate > > the distribution part from local overrides. > > It depends on the package. Sure. The idea can be restricted to those projects which already offer an project.d/ folder. And it can be extended/modified to project.example/ folders. From my point of view both would be a lot of help for admins. This concept can be implemented in an indepent an parallel way by introducing packages ``project-extra-config'', which might be flagged as recommended or suggested. This reduces risk of breaking things or established workflows. -- kind regards Frank pgpCty6zT8mVO.pgp Description: OpenPGP digital signature
Re: Directory structure suggestion for configuration in /etc
On Thu, 19 Dec 2024 11:00:03 +0100 Ansgar 🙀 wrote: > On Thu, 2024-12-19 at 10:09 +0100, Frank Guthausen wrote: > > > > Debian GNU/Systemd is only an unofficial > > subdistribution of Debian GNU/Linux. YMMV > > Please keep such messages to appropriate mailing lists such as the > Devuan list As long as Debian ships System-V-like init in the official repository[1] I'm pretty sure I'm on the correct mailing list. There is no need to assume that everything related to Debian is coupled to systemd. It's the user's or admin's choice which init system is to be used, regardless of Debian's decision what the default is. I can not conclude what Devuan has got to do with this. If you want to extend the debate to a broader auditorium, think about Debian GNU/Hurd and Debian GNU/kFreeBSD in the first place. If my suggestions do not apply to situations where systemd is used, I'd suggest systemd advocates to stay quiet because the topic does not concern them. TIA [1] https://packages.debian.org/bookworm/sysvinit-core -- kind regards Frank pgpV9KhZUY_Mh.pgp Description: OpenPGP digital signature
Re: Directory structure suggestion for configuration in /etc
On Fri, 20 Dec 2024 02:05:30 -0800 Josh Triplett wrote: > > I'm talking about the "empty /etc" model here, which is why I'm trying > to find a solution so that people who *want* the file-full-of-comments > have it, without installing it for people who *don't* want it. This sounds to be a reasonable philosophy. I support this idea. > No, the model I was describing would have *no* file in /etc if you > remove `etc-commented-defaults`. The point here is to support the > users who want an empty /etc and the users who want files full of > commented-out defaults. This model approach seems to be an universal solution. Shifting the decision to users'/admins' choice and style would be a huge improvement. -- kind regards Frank pgpY0NO2woZKG.pgp Description: OpenPGP digital signature
Re: Moving apt (and hence bootstraps) from GnuPG to Sequioa (via gpgv-sq)
> 1. The GnuPG upstream forked the OpenPGP standard into his own >thing called LibrePGP, and GnuPG 2.4 implements that new thing >and is by default incompatible with other OpenPGP implementations. Which kind of default incompatibility is implemented in GnuPG 2.4? kind regards Frank
Re: GnuPG 2.4 before Trixie freeze
On Tue, 7 Jan 2025 19:01:51 +0100 Andreas Metzler wrote: > > Afaik there is no /known/ blocker except for the > libgnupg-interface-perl test error #1088155. According to bug report[1] there are failed subtests in 2.4.6 but these are not specified. What causes this failures and what needs to be done to resolv the bug? Is the situation unchanged with 2.4.7? Is there a patch missing? Configuration issue? Is this a bug in the test suite itself? [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088155 -- kind regards Frank pgpFcnqo0h8cZ.pgp Description: OpenPGP digital signature
Re: Bits from the Release Team: trixie freeze dates
On Tue, 28 Jan 2025 09:34:37 +0100 Emilio Pozuelo Monfort wrote: > On 27/01/2025 23:15, Andrea Bolognani wrote: > > > >https://release.debian.org/trixie/freeze_policy.html > > Updated Almost - there are still the first three TBAs in the 2nd table row. -- kind regards Frank pgpFVLmM08Tzp.pgp Description: OpenPGP digital signature
Re: GnuPG 2.4 before Trixie freeze
On Fri, 10 Jan 2025 19:33:01 +0100 Andreas Metzler wrote: > On 2025-01-10 Frank Guthausen wrote: > > > > Is this still a problem with GnuPG 2.4.7? Can this be adjusted by > > changing default configuration in the Debian package? Does it need > > a code patch? > > Patch. This is about AEAD OCB. Does this path exist already? Is there an overview which pathches are required and which are available? What are the open todos and stoppers to be dealt with before shifting to sid and trixie? Is there anything the community can do to support and speed up the workflow? Is there a list of tests which need to be done and could be crowdsourced? -- kind regards Frank pgp7mJgLP2O1A.pgp Description: OpenPGP digital signature
Re: GnuPG 2.4 before Trixie freeze
On Thu, 09 Jan 2025 18:29:02 -0500 Daniel Kahn Gillmor wrote: > On Thu 2025-01-09 07:55:36 +0100, Stephan Verbücheln wrote: > > GnuPG 2.4 was released in 2022, long before the LibrePGP schism. It > > is generally not clear to me how the divergence from upstream is a > > reason to favor 2.2 over 2.4, except that patches have to be ported > > (once?). > > sadly, 2.4 was released at a time when the LibrePGP schism was on the > horizon, I reconstructed the following timeline: Debian bullseye hard freeze[1]: 2021-03-12 According to Upstream[2], GnuPG 2.4 birth: 2021-04-07 (maybe as devel) Debian bullseye full freeze[1]: 2021-07-17 First package (2.4.0) in experimental[3]: 2022-12-25 Debian bookworm hard freeze[4]: 2023-03-12 Debian bookworm full freeze[4]: 2023-05-24 Ubuntu 24.04 LTS (Noble Numbat) release[5]: 2024-04 RNP LibrePGP support[6]:2024-07-22 OpenPGP RFC 9580 release[7]:2024-07-31 > For example, OpenPGP certificates produced by earlier versions of 2.4 > and imported into Thunderbird advertised non-standardized encryption > mechanisms that Thunderbird didn't support, which led to unreadable > mails for those users. Is this still a problem with GnuPG 2.4.7? Can this be adjusted by changing default configuration in the Debian package? Does it need a code patch? Thunderbird seems to use the RNP[8] crypto library which supports a cooperative workflow with GnuPG via LibrePGP. Are there patches to remove this behaviour in Debian? > That's why we delayed bringing 2.4 into debian, so that our users > wouldn't get locked into non-standard or suboptimal cryptographic > mechanisms. Still having GnuPG 2.2 in Debian is similarly suboptimal. At the moment users are locked into using a software version tree which started 2014-11-06 which is more than a decade ago. [1] https://release.debian.org/bullseye/freeze_policy.html [2] https://gnupg.org/download/index.html [3] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022702 [4] https://release.debian.org/bookworm/freeze_policy.html [5] https://ubuntu.com/about/release-cycle [6] https://www.rnpgp.org/blog/2024-07-22-rnp-and-librepgp/ [7] https://datatracker.ietf.org/doc/rfc9580/ [8] https://www.rnpgp.org/ -- kind regards Frank pgpfd5fIRMT3R.pgp Description: OpenPGP digital signature
Re: Can the community team remove packages or kick me out for not removing packages?
On Thu, 17 Jul 2025 11:45:44 +0200 Antoine Le Gonidec wrote: > > Does that make it clearer where I am standing on this topic? AFAIU: All animals are equal, but cis animals are less equal than others. Does this summarize it correctly? -- kind regards Frank pgpuVZDf3ODs6.pgp Description: OpenPGP digital signature
