Re: Reminder: Removing < 2048 bit keys from the Debian keyrings
Hi Brian, On 13.11.2014 23:43, Brian Nelson wrote: > I'll show them some identification to prove I'm > a Brian Michael Nelson which, since the other Brian Michael Nelson in > the project retired, means I'm probably the one still active. I'll be > able to submit a stronger key, but what exactly has been gained? for starters: A key that can't be forged with a reasonable number of CPU cycles. This is not about not trusting you, but about others that may use a weak key like your current one as attack vector to do harm to Debian. -- with kind regards, Arno Töll IRC: daemonkeeper on Freenode/OFTC GnuPG Key-ID: 0x9D80F36D signature.asc Description: OpenPGP digital signature
Re: beersigning in Berlin?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, first, this is my confirmation I'll attend (it was even somewhat mine idea). Besides, I believe jhr will attend as well. On 08.07.2011 17:28, Paul Wise wrote: > Any ideas on a venue? this is a proposal from Hauke which sounded reasonable to me: Let's meet on the Sunday, 4:30 PM as pabs suggested on this location: * Warschauer Straße (on the bridge, near the exits of the railway station, towards metro station) * For those whom asked for coordinates :) + 52.506796°, 13.449646° + OSM: http://www.openstreetmap.org/index.html?mlat=52.506796&mlon=13.449646&zoom=15 + Evil Maps: http://maps.google.de/maps?q=52.506796%C2%B0,+13.449646%C2%B0&hl=de&ie=UTF8&ll=52.506877,13.450173&spn=0.001698,0.004823&sll=51.151786,10.415039&sspn=14.353509,39.506836&t=h&z=18 + Evil Maps + Street View: http://maps.google.de/maps?q=warschauer+stra%C3%9Fe&hl=de&ie=UTF8&ll=52.506796,13.449646&spn=0.000193,0.001206&sll=52.506779,13.449631&sspn=0.001714,0.004823&t=h&z=20&layer=c&cbll=52.506779,13.44963&panoid=_caT_zlJAWfqxZJHdr8a8A&cbp=11,132.04,,0,-2.4 - From there we may move further, there should be plenty alternatives reachable by feet. - -- with kind regards, Arno Töll IRC: daemonkeeper on Freenode/OFTC GnuPG Key-ID: 0x9D80F36D -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJOFywEAAoJEMcrUe6dgPNtTjQP/iiwhdkkC7WrM7N+B+l+XZ95 I5KAdbehVFBNn2C+3XsADUED6Vohy1L78l6exklYnsebBMBikVy/JM9FlDAgEvDg cPbRtxogYcj0sNMcQfLAl2Q5hPhxTqmrwzFkh083RsQrfxCN5RwrlaeDNAbQXugh w7lHBWDbg5f0PI++4GdEAFwPCR3cnh6VN9z8Rw0FfyPqF6ncVaWCVcgk6bESiEMc GbVxKg+INOBXu/KSPYgMn+og/XnTO1pxb9kc0X++/MlPDt9ZkX8CL+6qNNmAIj8D DmY4uFURUWmOfg/0oJsSsYuUSZN1kVWjigP0LXlbCwi8nSjpd4IDe1gRPyiYXI9u bQ9BflODatjyQXofhTMvJ7J6vXQ1rK0J6XeRaiimhbsQyKiVQtGsl88kZrlQGzxZ tuLUtqRDC24VG/22lDJLkmIUUsX40LPE2T51jeg7Czn2esfMup5O5ZF97Kk27hkp MZI05S9K1tSYVVBKrVxPf2ePf8+OUfgRucH2bXxZOVTgZPW9PV32ZGHzpt8hXB+j a27c7tFOf5Uk1qD/dSL04omRNe4eJoNhTj5rR9ribXl5z+B/Rz4sa6ms35Ft8i+O 20yMN7q579WYH0uBSENnjqCIBthAb9MVpKXQBvMAOnv4sRzSDeOga9r2cWvsD719 ghh1HGEB5on3sx3ygNM+ =jSVF -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-project-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4e172c05.8010...@toell.net
Re: Report from the debconf11 sponsoring/mentors BoF.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Serafeim, (keeping your CCs:) On 11.09.2011 23:56, Serafeim Zanikolas wrote: > I understand that there's two sides in this effort: debexpo plugins that > produce additional info about certain package features, and a repository of > sponsors' interests/preferences/requirements. Do I understand correctly that > you implement both things within debexpo? Are DDs expected to enter their > preferences via the debexpo web ui? Yes. Debexpo runs certain plugins on incoming packages. Among those several QA plugins, which for example run Lintian, or check bugs being closed by the upload. Have a look to any given package on mentors.d.n to get the idea. On the other hand there are concepts and ideas to extend the mentors platform by social network functionalities to bring together packages with sponsors. Aside of the mentioned metrics, I am referring in particular to Lucas' idea here [1][2]. As far as I know there are currently no concrete plans to work on that though. Regarding the sponsor metrics: Yes, I do expect Debian developer to file their preferences via Debexpo web UI. The third key concept of the mentoring process is the package review itself. That's the part which is currently done by email on the debian-mentors mailing list. As we mentioned in the report you are all invited to join the current discussion going on there, how to improve the situation by moving the discussion part to the BTS (or not). > My idea instead was to maintain DDs' preferences via an ikiwiki instance > (using something structured like yaml), and make the wiki data accessible to > debexpo via a REST interface. At the end of the day, it's up to whoever will > do the work, but it's wise to remember that geeks prefer their favourite text > editor than a web browser. I am not particularly thrilled by that idea. If you want to implement that, feel free to do, but I don't see any real benefit here. Really, I think I don't expect too much from a Debian Developer if I want him/her to register once in Expo and fill out a form if there is some general interest to sponsor packages. That's about two minutes of work if you have no free text to add. Also you should take into account, that human editable semi-structured data is error prone and lacks validation. > Anyhow, thanks for stepping up, and whatever your approach, please share any > code you have with Janos and see whether/how you could work together. Its all in our Git repository [3]. As usual I appreciate any contribution and we certainly need more help and good ideas. [1] https://alioth.debian.org/tracker/index.php?func=detail&aid=313252&group_id=100127&atid=413115 [2] https://alioth.debian.org/tracker/index.php?func=detail&aid=313253&group_id=100127&atid=413115 [3] http://anonscm.debian.org/gitweb/?p=debexpo/debexpo.git - -- with kind regards, Arno Töll IRC: daemonkeeper on Freenode/OFTC GnuPG Key-ID: 0x9D80F36D -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJObiKbAAoJEMcrUe6dgPNtEb4P/jVwf0LNKPxDniFVyrJnAgZl syIEieOaprZ3W/j16IjCWes+FwyWQ2MxeVcZDP7XgETAo9N/WDNbeZA6hTMt7u9H UnAl3kavSwHIDUfviRSiXhntiRxf1JA/ZLYDk7dcgQRvGkiWDm6l3eopAPFraXMA Id4xVZjcX6cyozaADYZG525JWvJhj5NhhwwnIgrbWB+mU1u2+rd5LV2H+h2GBuhY l7Bv9NvZmpMlDHfeIVGqvLb6i5nr5L899D5TNgCfcu/wwsDyikXOmh2hewPk8hog RHoi8u8Sr1eD3/WYZtQ8tSwgQPwQd0MVgH0B4BOLVHatnf6QzjLpDlPgoRujUu7Y zpOKpp3CfLGv5qUYrue6t38SSXBohz4wtvp1xT1npTbtp5KsuoVyTxbmojXpBTAy PuMmIwb2yhFVKOP0SHBWAoLU4lEa/vgDt/NuDwuBJaZvgSvd/6c0yx9EF7xdmX+P KD5g3Hi1yjmRC9APoLJzwQtMe6bsKto13GOWegI0vMZdspyVjRfW41ZmFdfhx4E+ UDnVvZsSZH/wVsEXFL4MedimhHADZ5bWxU8BwD3o9AmGc34T6dPE5T4f6UTi5m4I iW/6W2UZyEX7a7TGgV09F3AZVwmJoP209H7MlII/mGVgYEOiqbZGUmyxRJ0raAcm vDIjw8caJAUp/9Um+g+S =HVHf -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-project-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4e6e229c.5010...@toell.net
Re: Greaat disappointment
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 FTR: http://paste.debian.net/10/ - -- with kind regards, Arno Töll IRC: daemonkeeper on Freenode/OFTC GnuPG Key-ID: 0x9D80F36D -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJOhl/kAAoJEMcrUe6dgPNtXsAQALOHRFvfVOWnvGZNjGqA2Ksj UPpnqehKzgE0KDYKiCvRERNtc8tTiuA1wCxJBaOri+Pfbf6AypGg4/ZLatWhcdDh 7Rd+WYH1OgENjeXpPRfEAPeBhvqZzTFXBgNfVBOylJqnBBe6ryZza0YNMrjlsNPm Be6Bax/2lmaNvDprO/AjMa4AG66Sh2wFOqCuycZ+cymkt54qMdl2mjk6UjfYwGD2 e5En531ZPLwVn33Lzhenc4R0P6v9LCfE28XDNyivGvRTVR3Alqul+iyJdQO1qfrY pF2Shd8FRgJM+0Ixf5zh1nMH3GjZpJn7zrsKjsZOJDpyj9S+VqqAxRAdqVCKri7q +fRoLe9Ox+bpeuLTuS/Tn8r2diBlgeMEeI612Zq3mb27Uj2ssUJxYblcHhX5apfi eDO4KgmjUoixxvLVAP2il108B89A5bpbL7Nl6XeifVv3obWntejRJ83O75TnF4bI N90pw/oytZ0zCWcCXy7JPlYEpGlMdb4HITB2Lhjm+jaVRbykyB5IpTp6zrs5KyNv 3JIUeafCw7vK44Y7AgJVGIgBXLcdq40R+jyTag8mkL/RBqdwuDz5XvoSwUARHKP5 B1G/jVbo0HSHH4PUDwkcqGvyQIfQW3pv6zqPhc362hW+sr97pTArNW2xiCVlwlEv E8XW9KJ+JCfS4U34BfsB =0us9 -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-project-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4e865fe4.1000...@toell.net
Re: Finding sponsors for Debian
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello, On 12.03.2012 19:25, Stefano Zacchiroli wrote: > On Mon, Mar 12, 2012 at 03:16:42AM +0800, Thomas Goirand wrote: >> Over the years, I've always been very surprised to see that >> there's very little money that Debian is able to get. I'm >> convinced that this situation could change with a bit of >> involvement from the DPL, and that such money could help a lot >> the project. For example, sending open letters to big companies, >> and letting them know that we do accept monetary contributions >> could help. > > Let me start by observing the obvious: attracting money is not a > goal per se; Putting them into good use for Debian is. According to > my DPL experience, we have two main chapters in Debian budget: > travel sponsoring and hardware replacement. (cc:-ing -project as that's a more general discussion not directly directed to DPL candidates but related. Maybe follow-ups should be sent there) as somebody who pushed $work to donate money to Debian (i.e. via FFIS), I always wondered about the financial merits of these donations. As much as I am involved to work within Debian, I have no clue what you used "our" money for. I am probably not literally interested what for you spent the money we donated, but I think sponsors would appreciate or be more interested to donate if they could see in a more popular advertisement what Debian spends money for (i.e. something more handsome than SPI board minutes) and possibly getting little "thank you" post cards or some merchandise (e.g. a coffee mug or a T-Shirt) as a symbolic acknowledgement of gratidude. Actually, $boss asked me the other day how to support Debian better as he wasn't very convinced about usefulness of money donations to Debian as he didn't get much feedback about that, other than a tax deductable receipt. - -- with kind regards, Arno Töll IRC: daemonkeeper on Freenode/OFTC GnuPG Key-ID: 0x9D80F36D -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJPXmK9AAoJEMcrUe6dgPNtby8P/0rYaGjV7p1yaCplMS3z3LCV +0/k8DtEb+UZO2aJ9glw54Rn9JO0NVnyHZGiKPG6oPJ0IR4G6ZXscPxk3aqk9zh+ plXQjtdtMbZ/XrFKMaLNH3d2KnIxv1gIwAj6GLtG3Op28XF7YDZLxi5viBJlY8F/ EnPL5wWQ9Bdytj5BIK9uZkLswCT9EvYGUmJ9Tfc0ONfj77/DvMh3/t/fZvXEPqDI n1UuXUwnE7h+wj9JCJ1Pc3qoZrzAqVZfzbzJdXZVjeaVDXqmTqE+Z5Sz5mo1W6Tl olhohuQRMUTnbAfj9if5rFqg98QlsW9GT9mrnnPJIsp7NAfuAE58bSnE/DNU+JAd XO06dqKGXWgdULIeRoKOWlti/dqfBREb0WP8zloNACxy1ksyJ8Da3hegV7X26Sb/ 4ZvNEHOmSDOgrOp/PoPW7H59O9QE3f8jDIVZ3VgzYIdu65VpN0II+G7szHtKqsl6 02C/0J0Pj+DuEz9Lo/voscm/CuM8/gXTkAXuG4Kd0wCWvDYYytz++jXqyq0PZabl ArWctC2N9JSwnpSnInuxiZw2MJarFOd06PXDsAqPimaSPRUz9PDRhVhrpD6xD8Ht KzsEFbOTCyUWBTeFMNFwH4vYoEJlZexC8B6fis+lSMjGMvhz5a1y2Dox3MX2SXPF e2Iwf3EJKcTkIJrzXL9r =sflz -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-project-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4f5e62bd.9060...@toell.net
Re: Finding sponsors for Debian
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, On 12.03.2012 23:19, Gunnar Wolf wrote: >> Actually, $boss asked me the other day how to support Debian >> better as he wasn't very convinced about usefulness of money >> donations to Debian as he didn't get much feedback about that, >> other than a tax deductable receipt. > > We have talked (and I mean in DebConf, that's the area of Debian I > spent most of my orga-work in) about allowing this year for a > better way of identifying precisely _what_ is a donor giving — As > we did many years ago, we will allow sponsors to target their money > to a specific target. So, i.e. we will be able to say "the > conference dinner was kindly sponsored by Toell.net". Does it sound > interesting? :-} heh, except that that's my private address (and you can find us in the DC11 sponsor list with already (Holger can give you details :)), but I'm not here to advertise ourselves). We sponsored both, Debian and DebConf in the past but my boss does not feel very comfortable to sponsor DebConfs because he's more interested to support actual Debian work as a distribution, as Debian is the system we rely upon for our business. I find that understandable from an outsider's point of view as he'd like to show his appreciation for a rock stable distribution with great tools in the first place. However, let me repeat my point is not to mention our individual situation, with my $work hat on. I'm more keen to make Debian a more interesting target to donations and I think Debian lacks some transparency and public-relation work to make us attractive to sponsors. I'm sure there are plenty of links, mailing list posts and asset reports - but is a bunch of links really all we want to throw to a donator? We may like it or not, but it matters much how we present ourselves if we want to collect money from people. - -- with kind regards, Arno Töll IRC: daemonkeeper on Freenode/OFTC GnuPG Key-ID: 0x9D80F36D -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJPXny1AAoJEMcrUe6dgPNtjlcP/Ainp1TtgPoVD5lN9D5POuiy EQs8+tkGGtFMxXBjjedBdpnC/LJsXJ2E1a4kLABGVmacUu1P5Dcxkf1v+OlNY+L2 g1/MxcLJvZANSoG8IeZKtK/kTPfzyX2t641D57Pba8V3/C/66E2h9u2hTMo/SdME /0ssxhZ89oU771/lAzaLXpPnXtm11VCR8MVfo1XnBOjHHCpgRId1hYeHAk7Ouhev BjxTrN9JUirl9LTFFI0QLbeeh8zP/ZQImQGW269IJDxKASiaCoksM1DDbb90rR1f UhdnJwHgVgOPwhbdrRUReEUfEExaei8Yx19Ptxnr8MleB+Lb039JkHUI0ONzSX6T bbhqgvwsq5H5cipiDPw0qCVCln7FyMOwRHQnvhbRKlTXecu7v3hs3hQg2LduqQ0r TtbiS/xs8tfTUdNRe5aCniRVD+08X8FKPa7X/vyXFmBY4xDhVKK9UkeYgPtigjQ5 jMwBNgmwEdm54a52zeP/NHcI9/n2bnN1x0j6WENQVJac+/1mQmtlm1ccf66Zy+MW ahohdLpaOI6n6Y49Y1dP5rLnTNG2dlB/xF96PoZw/maCAMFOLzbJvBEYYFa5j8ZE O3+f7twMU2Rs1EXn65qm7IW3oEjcadyrwJSSPboMmGgZLCe+aHuEOXE7dhbvG/mb h/ucOizor8nBd08BUaEf =T+IK -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-project-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4f5e7cb5.30...@toell.net
Re: Finding sponsors for Debian
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, On 13.03.2012 09:19, Stefano Zacchiroli wrote: > How about the Sprint page I've mentioned in my previous reply? I > know that it has worked well for other $companies, but it'd be > useful to know if your $company find that convincing or not. If > they don't, it would be helpful if you can share your impressions > on why they don't. reporting the outcome of my talk to $boss. [As a disclaimer: He's not involved into Debian development, he has no clue about organizational details and my commitment on Debian is purely private. I mean: I am not paid to work in Debian by him which means his interest is rather cursorily and some points don't reflect my opinion]: As I already reported, he would basically like to see a financial summary for what purpose Debian spends money. It may be all obvious to Debian Developers but it is not to outsiders. He literally said "If I donate Debian 20 servers, I know what they use them for. But I don't know what they do with my money". You know, he's $boss, he has no time (let's pretend it is time :)) to dig mailing lists, SPI board minutes and such to grab the information he's interested in. He probably would like to see some nifty overview tables, some fancy pie charts and actual expenses presented in a fashion someone not involved into Debian can understand. These things should be all coordinated on a central place understandable to everyone and yes, I appreciate any work done on that so far. For example he found the sprints interesting, but he denoted a "not for us" point of view, because he has _no_ clue what "DSA" "FDDAM" and such means and what their roles are. Please keep in mind Debian Developer might find these things obvious but I don't think my boss ever heard of any core team aside of the security team and I can't resent, as that's not really interesting to !Developers who link Debian with the software CD they get in hands every other year. He probably won't read DebConf reports either or would like to hear "$mycompany sponsored this dinner" unless he's a local sponsor attending there. He also suggested, that he'd be willing to give substantial donations if they were earmarked to certain activities/tasks he's interested in. That's perhaps like the sprint thing: If you're a company doing business with groupwares you may be very well interested in the groupware sprint - if you're not, oh well, ... Bear in mind, you have plenty opportunities to donate money. There are lots of organizations which want you to donate - as a donor you have the choice. The winner is that one who made the best impression and I think we could do that better (though not literally meaning "me" by "we"). - -- with kind regards, Arno Töll IRC: daemonkeeper on Freenode/OFTC GnuPG Key-ID: 0x9D80F36D -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJPXzSUAAoJEMcrUe6dgPNthZkP/2pmcyh5t/8NjuNpJmLQtBZR PK+7ni0EiJ16wK7Tmp1hSvRrJ3wdAO9ZxgnY6khgC+nuAs8EEavRd7X0kYxK7WKf 3n6tT+NIM5B99ejR82kEMsiITH/5auwizeavJ3g+fttBPo1OShwY/BuJadMu2i2I WdCgHvaJntwpl76rzec0SefgtPs/HN4h4YmCzWYeWaTE2gkHtEkoOn7q3fUas1HP PIZqD1PC+lGb835BRGGivDehrZjzQDIRTLXeD0W3Lv3HIh1f+d5YPFqyaSmaaM/F BFarA54++HUb/jE8LGLq8SduE0+C7lqt/sub8Xoo9VqIr6DOlXxpn+ZmUoK33RHA lee3pu/ofvSgtD0HmP5EdxMQ+sOahP2OYHEtlyGn8ZvpWnWQmOH4vGTmPn2SMBsk OqC1rkO7ul7KQBbiCH7Qr5YpPqjAn++8ReL+HfPxozBJusDFogMUO3g6XDEDGiTH utj16DuNgLIzUW1ODaQtznJG53azLikpcBBR53are1k0fddbESpXKAuTd/9nLIUT 3YpvorlJF5w5EU8zC+yt9+5+pb32xYzDqivcypbs5BnxjBLk0i2jFbDhH9N4QqI9 E4p2Y1WpPXSg8NpGmoEmw+yoE1L7NJnuJ/jcfvF45w50hYcd+LEnda2g527y6L1D z1TM1x5pqyj5/MwaP1ax =G+K2 -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-project-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4f5f3494.2040...@toell.net
Re: Report from DSA Team Sprint in Oslo
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, On 20.03.2012 02:23, Luca Filipozzi wrote: > [,.] If we are to be successful in implementing a five-year > refresh cycle, we will need improve our philanthropic support. We > need to revamp and probably merge our sponsorship and donations > pages. We need to support both targeted campaigns addressing > specific goals (a particular piece of hardware, say) as well as > "annual giving". We need to provide donors with visibility into > how we have used funds donated to date and with information > regarding our future needs. Well said. I think that's a very good idea and basically in line with my suggestions from [1] to make Debian more attractive to sponsors. Having that said, I wonder if we should discuss the possibility to pre-configure browser's search engines in order to provide Debian some income by referrals. I don't think that's a bad thing and doable without much effort but with a noticeable (huge?) gain virtually "for free". [1] <4f5e62bd.9060...@toell.net> - -- with kind regards, Arno Töll IRC: daemonkeeper on Freenode/OFTC GnuPG Key-ID: 0x9D80F36D -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJPaQ2QAAoJEMcrUe6dgPNtE1cP/iYM5QIdF2ZdloUay4DBmJPb OedbtkYttqcMdUMN54yP4h44Vx4JvNZoIaNnuiVYOv0KGzgtzOS2aCIBbnxA/B36 My72Elgtmlo3CgkNnhJdGErVNP6QvsSFcolcT2Qf3CyT9zGZML8Tfzmg9VgJqDs/ RfEXxBwdPUaYxrlDVSEiHB02gxl0cX/q8ZZIXhGdxUMcYVzhvrpibEARxVjKH6BN I6KBX5rwRx2dwMR6Pb0t9uqdljZj2tWxL0NA6qFJ/lqogVqZzTP9scLJXXnWaCb7 UZPRwB9VsNwceEmX9raU9uithaDGX6BjgVp8a027KNYdZm+pPkJPx1dTfI/0ekft vHn8DSU/YwoKnBGBHnsru4L+fDOOJWJysQFCTAcmkAc90cm12k71RzpcICD5fHRn e2gteF3Sot+IyUaP8L/QkeY38ZU7MMFCdsvB77wuKwfBcZaIBVKJa60tdED91s2Q J5fngePHePGo6iwcFNuNBN51RI6ZvXbsOFQCoxF/Yf/xSjiYQNsyqvZyOh/kEpsh rQw3y8gmWRq1xfEp2aGNYtddq3mhEnSud3blPYgBvQvyx8k7t193sGOfFcr2jZK6 ssepkZoXX1pINYMI+TZsnKyn+N0E1RtFpzh3ypk+lIB/c7gy6EcKCLAG46LP6lrP yO9XjB8HiCvUC+/KlYdf =NaJu -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-project-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4f690d90.5000...@toell.net
Re: General Resolution: Diversity statement results
Hi, On 06.06.2012 18:57, Ben Armstrong wrote: > I wonder how many other votes were affected in this way? I had the same problem for the DPL vote earlier this year. It turned out the actual problem is a quite strange misunderstanding of who is supposed to do mail formatting between Thunderbird (i.e. Icedove) and Enigmail which I used to sign my mails inline. The problem disappears if you switch to detached PGP/MIME signatures. -- with kind regards, Arno Töll IRC: daemonkeeper on Freenode/OFTC GnuPG Key-ID: 0x9D80F36D signature.asc Description: OpenPGP digital signature
Re: Planned changes to Debian Maintainer uploads
Hi, On 10.06.2012 13:57, Ansgar Burchardt wrote: > We plan to instead implement an interface where developers upload a > signed command file to ftp-master to grant upload permissions instead, > similar to dcut. This could end up looking similar to this: the idea looks sensible and good and I welcome this change. Thanks for working on this (being it you or pabs in the end). Having that said, as I briefly asked in IRC already: How do you plan to make that data accessible? One of the few benefits of DMUA is, that it is very visible. You only need to look at the source package and you know about the flag. This is evidently not the case anymore if the permissions are changed by using dak control messages. For people reviewing and mentoring packages it would be a substantial step backwards if they need to dig deep to find out who of the non-DDs are allowed to upload packages themselves. Thus, whatever you implement in the end: keep in mind people really want to know about existing flags for both, people and packages. Both in a machine readable manner, think of the PTS or Debexpo for example. -- with kind regards, Arno Töll IRC: daemonkeeper on Freenode/OFTC GnuPG Key-ID: 0x9D80F36D signature.asc Description: OpenPGP digital signature
Re: Planned changes to Debian Maintainer uploads
Hi, On 11.06.2012 17:26, Gunnar Wolf wrote: > And just thinking about possible complications: I *hope* we don't see > any such behaviour, but this format would allow a DD to "censor" a > given DM's activity. If I send "Deny" actions with somebody's key, it > ends up blocking that person until somebody else is convinced to send > corresponding "Allow" commands. how is that different to the state being? Today, a DD needs to add a DMUA flag, and any DD can do another upload to revoke the DMUA flag again any time. Having that said, this might have happened some times in past, but I don't think we ever had that problem for real. Ansgar is not changing things here, we'd just lower the threshold to actually change something. -- with kind regards, Arno Töll IRC: daemonkeeper on Freenode/OFTC GnuPG Key-ID: 0x9D80F36D signature.asc Description: OpenPGP digital signature
Re: The DM status and its recognition (was: Planned changes to Debian Maintainer uploads)
Hi, On 11.06.2012 22:41, Moray Allan wrote: > It is extremely disappointing to me (but not surprising) that some > people even discourage potential new Debian members from joining, > telling them that DM status should be enough for them. even more, becoming DM seems more and more understood as a suggested and advised procedure towards a full DD status. I do not think this is how the original endorsement was meant. Moreover, at least that's my impression from hanging around in Mentoring mailing lists and channels, many people (and by people I mean primarily developer not involved in sponsoring) also consider the DM status as a "DD light" version, advocated to people who are known as advanced packagers. However, this is not what DM upload permissions actually mean. They are committed to people who are supposed to maintain a single package all alone because they were proofing for a rather short period of time that they act responsible and trustworthy. Not more, not less. -- with kind regards, Arno Töll IRC: daemonkeeper on Freenode/OFTC GnuPG Key-ID: 0x9D80F36D signature.asc Description: OpenPGP digital signature
Re: Planned changes to Debian Maintainer uploads
Hi, On 12.06.2012 00:29, Joey Hess wrote: > Ansgar Burchardt wrote: >> - It applies to all DMs listed as Maintainer/Uploaders. It is not >>possible to grant upload permission to only a specific DM. > > Isn't that the point of listing a DM in the field? Why would you want to > list someone as a Maintainer and not allow them to upload a package? There are plenty of packages in Debian where the sponsored maintainer can't upload themselves at all. That's the rule not an exception. Yet they are and clearly should be listed as a (sole) maintainer of the package in question. It's their work, and that's how we appreciate that. Also, this is how they get bug notifications. -- with kind regards, Arno Töll IRC: daemonkeeper on Freenode/OFTC GnuPG Key-ID: 0x9D80F36D signature.asc Description: OpenPGP digital signature
Re: Introducing http.debian.net, Debian's mirrors redirector
Hi, On 22.06.2012 15:57, green wrote: > > For what it is worth, I was puzzled by the "announcement" because it seemed > to be on an "official" domain but did not seem to be announced through > "official" channels. So I agree with Raphael on this; it would be nice to > make that clear in announcements and on the http.debian.net page. Please > take that as a suggestion for making a good idea even better with regard to > Debian. Actually, Raphael sent it to debian-devel-announce which addresses, well, developers. They are supposed to know the difference. Having that said, this list is a established mean to broadcast debian.net services (as a random example [1]). Furthermore I fail to see why http.debian.net would be better or worse than cdn.debian.net or whatever else may exist in the debian.net name space. You do not seem to be worried about these names, however. So please, calm down and thank Raphael for a service which is certainly improving the situation. As he said, it just exists as a staging service on debian.net until the service is matured enough that DSA accepts it as an official(tm) Debian service. > I feel that I am forced, for the sake of security (even if misguided), to > always differentiate between "official" Debian and other services, hence the > concern about official versus not. You trust Raphael already by using his packages. At least there is no reason to trust him less than any other random Debian mirror provider. The good news is, you don't even need to. Neither has him nor any mirror provider authority over the Debian archive signing key and your apt checks that carefully when downloading archive meta data upon the installation of packages. [1] https://lists.debian.org/debian-devel-announce/2012/01/msg0.html -- with kind regards, Arno Töll IRC: daemonkeeper on Freenode/OFTC GnuPG Key-ID: 0x9D80F36D signature.asc Description: OpenPGP digital signature
Re: RFC - Changing current policy of debian.net entries
Hi, letting alone the expected discussion or its outcome as a whole: On 22.06.2012 23:01, Martin Zobel-Helas wrote: > * Going forward, new user-associated debian.net entries will be added as > 4th-level (or 5th-level, see last section) records in the debian.net > zone in the form of $entry.$uid.debian.net, where $uid is your debian > login name. For example, if I desired to introduce a 'foobar' entry, > then it would be added to the debian.net zone as > foobar.zobel.debian.net. The insertion of $uid would be automatic: you > would not need to add it in the mail you submit to ud-mailgate. why make life so complicated? We could use entirely another second level domain for these kinds of setups. Maybe we could ask dba for debian-maintainers.org? > > * New 3rd-level debian.net entries can still can be added, but would > need to be role-associated (eg. qa, release-team, etc.) rather than > user-associated. For this, I propose that we use this RFC to define > some criteria which would need to be satisfied in order to have a > role-associated 3rd-level entry be created. As a mentors.debian.net maintainer where literally nobody within role teams feels responsible I'm not thrilled about that. Likewise, this approach would suffer from a lock-in effect, as it would be really hard to establish an entirely new role team in a future as it is not entirely incredible they start with a debian.net service. By the way, as a random note: The Apache Software Foundation requires that new projects go through Incubator which follows a similar principle [1]. [1] http://incubator.apache.org/incubation/Incubation_Policy.html -- with kind regards, Arno Töll IRC: daemonkeeper on Freenode/OFTC GnuPG Key-ID: 0x9D80F36D signature.asc Description: OpenPGP digital signature
Re: Debian with Gnome 2 ?
Hi, On 16.09.2012 12:51, Ka Hay wrote: >>> You will need to install squeeze and never upgrade from it: >>> >>> http://www.debian.org/releases/squeeze/ > Is it so bad ? I mean it is updated from the official repositories and > security updates are there and so on.. So I can live with not updating > it . . . and who makes a dist-upgrade on a laptop all the time? Security support is time limited. Roughly one year after Wheezy's release (security) support for Squeeze will terminate. From then on, no updates will be provided anymore. Ever. -- with kind regards, Arno Töll IRC: daemonkeeper on Freenode/OFTC GnuPG Key-ID: 0x9D80F36D signature.asc Description: OpenPGP digital signature
Re: upload processing resumed
Hi, On 07.12.2012 12:20, Jonathan Wiltshire wrote: > Thanks for securing it quickly :) Is there any danger of the vulnerable > code being in use on other systems, e.g. as part of a dak install? Indeed, thanks for fixing the issue so fast. But full disclosure FTW. Now, that the problem is fixed please share some details about the nature of the vulnerability. -- with kind regards, Arno Töll IRC: daemonkeeper on Freenode/OFTC GnuPG Key-ID: 0x9D80F36D signature.asc Description: OpenPGP digital signature
Re: Delegations
Hi, On 05.05.2013 00:35, Moray Allan wrote: > Please could you clarify what delegations are still in effect? while we're at it, could someone enlighten and/or clarify what's the matter with (S)RM delegations? Not to advertise we should be changing anything on the status quo and even less on the people, but I wonder if there is something which was lost in oblivion over the last decade. It looks like (S)RMs were officially delegated in the past, e.g. see [1] but I don't think they are anymore as far as I can tell. On the other hand it could also just be, I missed something which happened between 1999 and $NOW. Either way, please clarify if you know more on that than I do. [1] https://lists.debian.org/debian-devel-announce/1999/03/msg7.html? -- with kind regards, Arno Töll IRC: daemonkeeper on Freenode/OFTC GnuPG Key-ID: 0x9D80F36D signature.asc Description: OpenPGP digital signature
Re: Debian in space
On 09.05.2013 14:23, Lars Wirzenius wrote: > "Debian: still in space" > http://www.debian.org/News/1997/19970708b Apart, do (some) Debian Developers still go to space themselves? -- with kind regards, Arno Töll IRC: daemonkeeper on Freenode/OFTC GnuPG Key-ID: 0x9D80F36D signature.asc Description: OpenPGP digital signature
Re: KickStarter for Debian packages - crowdfunding/donations for development
Hi, On 14.06.2013 15:52, David Kalnischkies wrote: > She/he is doing a lot of work for sure, but I appreciate the software, not > that it is packaged with this. That I can get this software easily while > using Debian is something the whole project is responsible for, not just > the person who happens to maintain this specific package, so appreciation > for the package itself should go to the project as a whole. I disagree. Some packages make _a lot_ of work and some people spend thousands of hours to make Debian an excellent distribution and the package in particular useful and maintainable. This is in many cases not less work than being upstream, it's just another type of work which is often invisible. Not saying we should implement a user interface for (micro-) donations to Debian package maintainers, but I'm sure people being grown up enough to become contractually capable, are also able to differentiate whether they would like to donate to upstream or to the distributor and both deserve their part of the cake. Now, if comes up to discuss whether we should proxy donations from people to maintainers I'm unsure. I'd rather be in favor of collecting these donations to a common pool and divide it equal amongst maintainers who opt-in for very simple reasons: * Opt-In for the reason Mr. Tagliamonte mentioned: Some of us are pseudonymous identities, some may not want to share bank account data etc. * A maintainer is not responsible alone for the work. Personally I cannot value enough the tremendous work the Security Team spends with packages I and $boss uses daily for profit. * A maintainer builds his work on the shoulders of others, like you, being the APT maintainer, like maintainers of dependencies, like the Release Team hating your debdiffs. And, of course, our non-uploading DDs who spend lots of time to maintain the website, make translations, etc. * Obviously some very important packages virtually get zero attention. You know, people donate what they see, be it apache2 (taken because I maintain this), but who would donate for libz we depend upon? This is an imbalance to have in mind. However, is all of that a reason not to accept money from people at all? I don't think so. We should just ensure it's fair and balanced _within_ Debian and clear to people donating that the money goes (to what fraction) to whom. -- with kind regards, Arno Töll IRC: daemonkeeper on Freenode/OFTC GnuPG Key-ID: 0x9D80F36D signature.asc Description: OpenPGP digital signature
Re: Debian companies group
Hi, On 04.09.2013 15:38, Michael Meskes wrote: > There is no definitive answer for this. Let's try collecting a group first, > before getting into those details. You do not found a peer group by inventing random rules meant to exclude people. Even less so in a Debian eco-system which is built on the spirit of transparency and the ability of welcoming everyone. Therefore, as a private comment: While meeting your artificial requirements, I am not interested to join such a list. -- with kind regards, Arno Töll IRC: daemonkeeper on Freenode/OFTC GnuPG Key-ID: 0x9D80F36D signature.asc Description: OpenPGP digital signature
Re: Google contacting (harassing?) new DDs
Hi, On 10.12.2013 18:02, Enrico Zini wrote: > it looks like as soon as one becomes DD, an email arrives from Google > recruiters. actually it's good enough to post on Debian mailing lists. Every now and then the usual suspects [1][2] seem to write everyone appearing on list archives. They seem to contact you whenever they feel like, regardless of your prior communication. Having that said I'm not sure if it's worth the trouble to try to communicate with Google headhunters whom to contact and who not. They send what? One mail every quarter at most? That's next to nothing compared to the hundreds of real[sic!] spam mails all of us get every single day. [1] http://asylum.madhouse-project.org/blog/2011/12/13/google-fail/ [2] http://asylum.madhouse-project.org/blog/2012/08/21/recruitment-mistakes-2/ -- with kind regards, Arno Töll IRC: daemonkeeper on Freenode/OFTC GnuPG Key-ID: 0x9D80F36D signature.asc Description: OpenPGP digital signature
Re: Updates in stable releases
Hi Florian, On 30.12.2013 20:59, Florian Weimer wrote: > I don't think we can switch to a new upstream version of Apache httpd. > But we do backport additional security features from time to time. > (The enhanced DNSSEC support that came with DSA-2054-1 is an example.) please read #733564 for some background on that. Stefan is planning to evaluate how ECDHE support could land into Debian Wheezy nonetheless. -- with kind regards, Arno Töll IRC: daemonkeeper on Freenode/OFTC GnuPG Key-ID: 0x9D80F36D signature.asc Description: OpenPGP digital signature
