Re: Musings about Usernames in adduser and Debian

Hi, On Wed, Nov 27, 2024 at 04:54:39PM +0100, Marc Haber wrote: > Can you outline an attack/failure scenario? On the failure side, I did a few tests and noticed that on Debian 12 if I create a user with for example é in their username then I can log in by SSH as long as that é is encoded the same

Re: Musings about Usernames in adduser and Debian

On Sat, Nov 23, 2024 at 01:36:48AM +0200, Peter Pentchev wrote: > POSIX says "if you want your applications to be portable, do not use any > funny characters in usernames": But we are not writing applications, we are a distribution. Anything that works with the software we distribute is fine. >

Re: Musings about Usernames in adduser and Debian

On Fri, Nov 22, 2024 at 10:01:24PM +0100, Gioele Barabucci wrote: > your case highlights another problem not mentioned in the original list > posted by Marc: comparison (and normalization). > > Some characters can be encoded in more than one way. For instance, "é" in > "émollier" could we stored a

Re: Musings about Usernames in adduser and Debian

On Fri, Nov 22, 2024 at 08:42:10PM +0100, Étienne Mollier wrote: > Marc Haber, on 2024-11-22: > > I might be naive here , but I don't have much experience with non-ascii > > names since I have the privilege of being fluent in two languages that > > use the latin alphabet. > > I am not sure whether

Re: Musings about Usernames in adduser and Debian

On Sun, Nov 24, 2024 at 02:19:51PM +, Simon McVittie wrote: > I think one good idea that we should certainly adopt from > is its separation between "strict mode" > (the naming convention that it encourages for all uses, and enforces > when a user is created via

Re: Musings about Usernames in adduser and Debian

Hi, On Sun, Nov 24, 2024 at 03:37:36PM +0100, Giuseppe Sacco wrote: > It is true that user account name and user (display) name are > different, of course. But still, when you log in, you use the user > account name to the access system; this is the text shown in file > ownership listing and almos

Re: Musings about Usernames in adduser and Debian

On Sat, Nov 23, 2024 at 12:53:52PM +0100, Gioele Barabucci wrote: > On 23/11/24 09:32, Johannes Schauer Marin Rodrigues wrote: > > But my 2 cents on the topic are: Lets please allow more than ascii in > > usernames. > > Yes please, but opt-in and behind a big red warning that says that it is not >

Re: Musings about Usernames in adduser and Debian

On Sun, Nov 24, 2024 at 06:06:23PM +0100, Philipp Kern wrote: > PS: My personal, ignorant, Latin-world opinion is that it is probably > too hard for most people to type each others' usernames if UTF-8 were to > be allowed. Why would anybody need to type somebody else's user name despite in "su"? I

Re: Musings about Usernames in adduser and Debian

On Sat, Nov 23, 2024 at 09:32:32AM +0100, Johannes Schauer Marin Rodrigues wrote: > But my 2 cents on the topic are: Lets please allow more than ascii in > usernames. I find it very uncomfortable every time I have to tell my students > that sorry, you somehow have to manage writing your name using

Re: Musings about Usernames in adduser and Debian

Hi nick, On Sat, Nov 23, 2024 at 02:48:10AM -0500, nick black wrote: > Marc Haber left as an exercise for the reader: > > (1) > > Should Debian allow UTF-8 user names in the first place or should we > > restrict names for regular users to some us-ascii near set as well? (I > > think yes, we should

Re: Simpler git workflow for packaging with upstreamless repositories

* Marc Haber [241127 13:52]: > On Wed, Nov 27, 2024 at 01:48:33PM +0100, Chris Hofstaedtler wrote: > > * Marc Haber [241127 13:28]: > > > On Wed, Nov 27, 2024 at 04:58:00PM +0500, Andrey Rakhmatullin wrote: > > > > Yup, as I said it makes sense. It just feels fragile to me when the > > > > "prist

Re: Simpler git workflow for packaging with upstreamless repositories

On Wed, Nov 27, 2024 at 01:48:33PM +0100, Chris Hofstaedtler wrote: > * Marc Haber [241127 13:28]: > > On Wed, Nov 27, 2024 at 04:58:00PM +0500, Andrey Rakhmatullin wrote: > > > Yup, as I said it makes sense. It just feels fragile to me when the > > > "pristine" tarball for a given upstream tag in

Re: Simpler git workflow for packaging with upstreamless repositories

* Marc Haber [241127 13:28]: > On Wed, Nov 27, 2024 at 04:58:00PM +0500, Andrey Rakhmatullin wrote: > > Yup, as I said it makes sense. It just feels fragile to me when the > > "pristine" tarball for a given upstream tag in a given repo is not > > determined until someone uploads it. > > I would l

consolation 0.0.10 released

Dear developers, I have released consolation 0.0.10 to be in sync with libinput 1.26. consolation is a program to use the mouse under the linux console that relies on the libinput library. (It is an alternative to GPM) So if you still use the linux console, you might be interested. Cheers, -- B

Re: Simpler git workflow for packaging with upstreamless repositories

On Wed, Nov 27, 2024 at 04:58:00PM +0500, Andrey Rakhmatullin wrote: > Yup, as I said it makes sense. It just feels fragile to me when the > "pristine" tarball for a given upstream tag in a given repo is not > determined until someone uploads it. I would love to have a possibility to just push a n

Re: Simpler git workflow for packaging with upstreamless repositories

On Tue, Nov 26, 2024 at 08:30:31PM -0800, Otto Kekäläinen wrote: > > > > One possible rebuttal to this is "gbp needs to do the right thing then". > > > > Currently gbp by default generates a broken tarball, which is also a > > > > source of confusion for many. > > > > > > Do you have a bug report n

Re: Simpler git workflow for packaging with upstreamless repositories

On 27/11/24 04:30, Otto Kekäläinen wrote: Secondly, it is perfectly valid for evey single package to have a debian/gbp.conf and I would in fact prefer that. For every upstream we need to have metadata on: - do they have tarball releases (pristine-tar true/false) - do they have git tags and what i

Re: Simpler git workflow for packaging with upstreamless repositories

On Tue, Nov 26, 2024 at 08:49:44PM +0100, Simon Josefsson wrote: > >> > >> > Yes, as they don't enable pristine-tar > >> > >> > >> > >> Is pristine-tar still valuable these days? > >> > > > >> > > Unfortunately yes. AFAIK the two options for fixing this that are > >> > > usually proposed are: > >>

Re: Simpler git workflow for packaging with upstreamless repositories

On Tue, Nov 26, 2024 at 08:49:44PM +0100, Simon Josefsson wrote: > Andrey Rakhmatullin writes: > > On Tue, Nov 26, 2024 at 06:54:18PM +0100, Chris Hofstaedtler wrote: > >> This is 1). It cannot be done generically as it requires knowing > >> where to download from, etc. > > > > The archive, when t

Re: Misc Developer News (#60)

On Monday, November 25, 2024 4:57:50 PM MST Soren Stoutner wrote: > On Saturday, November 23, 2024 2:20:45 PM MST Philipp Kern wrote: > > Debian buildds are using sbuild with unshare now > > > > > > The wanna-build team switched all buildds to the

Re: Simpler git workflow for packaging with upstreamless repositories

gregor herrmann writes: > On Tue, 26 Nov 2024 20:49:44 +0100, Simon Josefsson wrote: > >> If you haven't made an upload, then wouldn't you have the tarball >> locally while working on preparing the upload? >> And if someone doesn't have the orig.tar.gz locally, then why would >> anyone want to ge

Re: Simpler git workflow for packaging with upstreamless repositories

On Tue, 26 Nov 2024 20:49:44 +0100, Simon Josefsson wrote: > If you haven't made an upload, then wouldn't you have the tarball > locally while working on preparing the upload? > And if someone doesn't have the orig.tar.gz locally, then why would > anyone want to get it from a random git repository

Re: Simpler git workflow for packaging with upstreamless repositories

* Colin Watson [241126 23:34]: > On Tue, Nov 26, 2024 at 09:25:12PM +0100, Simon Josefsson wrote: > > Colin Watson writes: > > > CI for a new-upstream-release commit you've pushed but haven't uploaded > > > to the Debian archive yet, because you're waiting for CI. > > > > > > pristine-tar certain

Re: Simpler git workflow for packaging with upstreamless repositories

Hi! On Wed, 27 Nov 2024 at 00:47, wrote: > > Hi Johannes, > > Le 2024-11-22 12:45, Johannes Schauer Marin Rodrigues a écrit : > > That's what I'm doing. But that works with tarballs not with upstream > > as git. > > If upstream (deliberately, so this will not change) has DSFG-non-free > > content

Re: Simpler git workflow for packaging with upstreamless repositories

Hi Johannes, Le 2024-11-22 12:45, Johannes Schauer Marin Rodrigues a écrit : That's what I'm doing. But that works with tarballs not with upstream as git. If upstream (deliberately, so this will not change) has DSFG-non-free content in it, then I should not copy that into a git packaging repo t