friendly should the foo-guest user
> ever wish to become a Debian Member.
This is why having a central approach to account creation, rather than
distributed, is worth considering. I'm in favour of usernames not
changing because one's role changes but that does not mean I'm favour of
divergent namespaces.
--
Luca Filipozzi
signature.asc
Description: PGP signature
entication provider for Debian" thread.
Good point. There's a mix of Debian and Identity acronyms in that
thread. Here's a couple of links to help, I hope:
https://www.identropy.com/blog/iam-blog/bid/77844/commonly-used-acronyms-in-identity-and-access-management
https://wiki.debian.org/Glossary
--
Luca Filipozzi
On Fri, Apr 10, 2020 at 02:08:01PM -0400, Sam Hartman wrote:
> >>>>> "Russ" == Russ Allbery writes:
>
> Russ> Luca Filipozzi writes:
> >> On Fri, Apr 10, 2020 at 11:48:22AM -0400, Sam Hartman wrote:
>
> >>> *
On Fri, Apr 10, 2020 at 12:06:42PM +0200, Bastian Blank wrote:
> On Wed, Apr 08, 2020 at 03:18:58PM +0000, Luca Filipozzi wrote:
> > > - Salsa, how should it work together.
> > Gitlab can use OIDC as an OmniAuth provider.
>
> And here the problems begin.
>
> S
in to Keycloak using their Gitlab accounts.
I reiterate my point that an SP being an IdP. I don't view using
Debian's Gitlab as an IdP to be a prudent move.
--
Luca Filipozzi
Another view point: I don't think that one's username should change as
one's role(s) with the organization changes. If we could avoid that...
--
Luca Filipozzi
; control access to the archive or Debian machines. I think we all
> cringe thinking about that.
Well, given this DPL statement, shall I continue answering other emails
in this thread or no? That is the question now.
--
Luca Filipozzi
On Wed, Apr 08, 2020 at 05:28:37PM +0200, Enrico Zini wrote:
> On Wed, Apr 08, 2020 at 03:00:31PM +0000, Luca Filipozzi wrote:
>
> > > Question: is there something in the proposed Salsa plan that somehow
> > > blocks experimenting with, introducing, or migrating to Keyc
h 2 branches)
The Debian LDAP is atypical in a variety of ways, it's true.
Like LLNG, Keycloak use mappers to pull / transform as necessary.
--
Luca Filipozzi
lications can be protected using handlers, SAML, CAS, OIDC,...
Agree but with order of preference being OIDC, SAML and... way over
there, almost too distant to see... CAS.
>
Very helpful response!
--
Luca Filipozzi
reminder: I'm answering these linearly and i'm speaking from what I know
(keycloak) not what I don't (LLNG). I expect LLNG is generally similar.
On Tue, Apr 07, 2020 at 08:53:47AM +0200, Bastian Blank wrote:
> On Mon, Apr 06, 2020 at 04:09:38PM +0000, Luca Filipozzi wrote:
>
I'm working through the responses linearly, so...
On Tue, Apr 07, 2020 at 09:28:34AM +0200, Enrico Zini wrote:
> On Mon, Apr 06, 2020 at 07:07:26PM +0000, Luca Filipozzi wrote:
>
> > > I don't know keycloak: what are the maintenance costs, and what would be
>
On Mon, Apr 06, 2020 at 08:38:59PM +0200, Enrico Zini wrote:
> On Mon, Apr 06, 2020 at 04:09:38PM +0000, Luca Filipozzi wrote:
>
> > That said, please consider an approach that would see keycloak used as
> > an idenitity broker, allowing external users to create account
t are then promoted to full Debian identities (in
LDAP) if they complete the onboarding process. Could be used as
replacement for debsso, could be used for wiki, could be used for
debconf, could be used for salsa.
Thanks,
Luca
--
Luca Filipozzi
plausible that paying for
> > resources would mean that Debian would end up with *less* resources
> > than we have now, if other volunteers feel the same way.
>
> Well said, and I feel the same way.
Same same.
--
Luca Filipozzi
On Fri, May 31, 2019 at 10:57:51PM +, Holger Levsen wrote:
> On Fri, May 31, 2019 at 10:56:16PM +0000, Luca Filipozzi wrote:
> > > For me this implies that Debian should aim at having at least US$500k
> > > reserves, to be prepared if there is no large donation comin
On Sat, Jun 01, 2019 at 01:50:25AM +0300, Adrian Bunk wrote:
> On Fri, May 31, 2019 at 09:04:24PM +0000, Luca Filipozzi wrote:
> >...
> > When we last crunched the numbers, maintaining a 5y refresh (to stay in
> > warranty, etc.) would require $75k-100k/yr. We've avoide
161003.
-
Personally speaking, I would prefer to keep Debian a volunteer
organization.
-
--
Luca Filipozzi
On Tue, Apr 30, 2019 at 01:47:25PM -0400, Sam Hartman wrote:
> Is the xmpp server part of rtc.debian.org or another service?
Part of the same service.
--
Luca Filipozzi
> >> || JonDowland || Red Hat || 2015 || - ||
>
> The list should have a date at which the user's entry was last
> updated and signed off by them as complete.
Just as delegations are meant to be refreshed annually, I wonder whether CoIs
should be refreshed annually.
as payment for certification. It's too open to
abuse. Charge a fee for certification testing; use the funds to buy hardware.
--
Luca Filipozzi
http://www.crowdrise.com/SupportDebian
any use for some hardware. This would need SPI
> > approval, since that's the entity owning the rights for the Debian logo.
>
> I expect we can probably get a logo created by updating this:
>
> https://wiki.debian.org/DebianArt/RequestArtwork
>
> Often it takes some promotion for the right people to notice though.
--
Luca Filipozzi
http://www.crowdrise.com/SupportDebian
, we could go with a print-on-demand service such as
https://scalablepress.com/ or https://printaura.com/, using a storefront we put
ourselves, use theirs, or use a 3rd party such as https://www.etsy.com.
If this is to be done as 'Debian', then we will need SPI's involvement.
--
Luca Filipozzi
http://www.crowdrise.com/SupportDebian
* ubc-bl3.debian.org
* ubc-bl4.debian.org
* ubc-bl6.debian.org
* ubc-bl7.debian.org
* ubc-bl8.debian.org
* ullmann.debian.org
Thanks,
Luca Filipozzi
Debian System Administration
--
Luca Filipozzi
http://www.crowdrise.com/SupportDebian
signature.asc
Description: Digital signature
Please be reminded of today's outage, impacting the machines enumerated below.
On Thu, Jan 14, 2016 at 07:34:15AM +0000, Luca Filipozzi wrote:
> The following hosts are in the MCLD server room (power outage):
>
> * spontini.debian.org
>
> The following hosts are in the KAIS
On Sun, Sep 13, 2015 at 08:16:17PM +, Luca Filipozzi wrote:
> There is a major power outage at UBC.
>
> Debian equipment and services hosted there are offline.
>
> Technicians have been notified.
>
> They estimate restoration in 4 to 5 hours.
Power has been restored
On Fri, Apr 03, 2015 at 10:10:11PM +0200, martin f krafft wrote:
> also sprach Luca Filipozzi [2015-04-03 08:57 +0200]:
> > I'm prepared to accept pro-forma invoices from commercial organizations,
> > based on their published pricing. Although it could be argued that
> &g
On Fri, Apr 03, 2015 at 07:38:44AM +0200, martin f krafft wrote:
> also sprach Luca Filipozzi [2015-04-03 04:52 +0200]:
> > Consequently, I am in favour of a recognition mechanism that values both
> > cash donations and service donations against the same scale, yielding a
> >
the improvement of Debian.
>
> --
> .''`. martin f. krafft @martinkrafft
> : :' : proud Debian developer
> `. `'` http://people.debian.org/~madduck
> `- Debian - when you have better things to do than fixing systems
>
> "whe
On Sat, Jan 31, 2015 at 08:52:49PM +, Luca Filipozzi wrote:
> DSA found out a little while ago that ubcece would be offline due a scheduled
> power outage in the data centre. I'm heading there in 2h to turn things off.
> Outage is expected to begin at 23:00Z and last for 7h.
D
On Mon, Jul 21, 2014 at 09:02:09PM +, Luca Filipozzi wrote:
> Due to a gas leak, the buildings around the 'ubcece' data centre where Debian
> equipment is located have been powered down.
>
> Most Debian equipment should still be running (the exception being spontini
&g
archive-$l...@debian.org rather than
debian-list-$l...@master.debian.org
I have updated them and let the listmasters know.
Luca
--
Luca Filipozzi
http://www.crowdrise.com/SupportDebian
--
To UNSUBSCRIBE, email to debian-project-requ...@lists.debian.org
with a subject of "unsubscribe"
rd to hearing from you soon,
>
> Bryn Pilney
>
--
Luca Filipozzi
http://www.crowdrise.com/SupportDebian
signature.asc
Description: Digital signature
tion, please consider
generating a new, independent PGP keypair for use with this service.
For the Debian System Administration Team,
Luca
--
Luca Filipozzi
http://www.crowdrise.com/SupportDebian
signature.asc
Description: Digital signature
On Tue, Mar 04, 2014 at 09:44:41PM +, Luca Filipozzi wrote:
> On Tue, Mar 04, 2014 at 10:19:44PM +0100, Jakub Wilk wrote:
> > Somewhere in another universe, someone noticed that many developers
> > have assigned country code “UK” in LDAP:
> >
> > $ ldapsearch -x c
een the userdir-ldap-cgi permitted values (GB) and the
LDAP actual values (UK) and given the RFC specification for 'c', I intend to
mass update 'c=uk' to 'c=gb' in LDAP, shortly.
Complaints are best directed to the IETF and the ISO. For your protesting
convenience, the
voting and the email interfance for
> db.debian.org. I'm not sure if we have any other services
> checking the gpg signatures of emails.
echelon checks the keyring, also.
--
Luca Filipozzi
http://www.crowdrise.com/SupportDebian
signature.asc
Description: Digital signature
ian Proyect per paypal..., please...
> Thanks,
> Gisi
--
Luca Filipozzi
http://www.crowdrise.com/SupportDebian
--
To UNSUBSCRIBE, email to debian-project-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http
dFront, but I remember some
> technical blockers? Could the DPL be of some help to you in that process?
I am in active discussion with another CDN provider and I should restart the
CloudFront conversation. There are technical considerations with Fastly, also,
that Tollef will work through.
We've always been of the opinion that we need two CDN providers. We're just
as concerned about vendor lock-in as anyone.
Thank you for the offer of DPL help. I'll loop you in.
Luca
--
Luca Filipozzi
http://www.crowdrise.com/SupportDebian
signature.asc
Description: Digital signature
On Tue, Jan 21, 2014 at 05:22:28PM +0100, Lucas Nussbaum wrote:
> On 21/01/14 at 15:47 +0000, Luca Filipozzi wrote:
> > And I actively engaged other DDs regarding their VPS opportunities
> > (although no response so far in some cases).
>
> Oh, that's great! I've
e.
We, we haven't said that we wouldn't talk to VPS providers. We've said that
we're more interested in a bytemark-style donation of (real) hardware rather
than virtual machines (since an insecure hypervisor is an insecure virtual
machine - see openssl). That said, vendors like rackspace have "private cloud"
offerings that might be the best of both worlds (we'd have to learn more about
their configuration). And I actively engaged other DDs regarding their VPS
opportunities (although no response so far in some cases).
So, to me at least, the DPL engaging with equipment donors (real or virtual),
beyond the initial securing of a positive relationship, for the possible
development of debian.org services is not kosher. It actively fractures the
landscape.
My thoughts,
Luca
--
Luca Filipozzi
http://www.crowdrise.com/SupportDebian
signature.asc
Description: Digital signature
> delegate their security checks (e.g. SIP can use a RADIUS server to
> verify DIGESTs). In these situations, the service hosting equipment
> does not need to have any copy of the user credentials. The
> verifications are made in the RADIUS server. By exposing services
> such as
ut using dep.debian.org?
I think that's they idea. The underlying box is dillon. That's where a number
of static debian.org websites live.
--
Luca Filipozzi
http://www.crowdrise.com/SupportDebian
--
To UNSUBSCRIBE, email to debian-project-requ...@lists.debian.org
with a subject
!) declaration of a ban.
The public publication of the ban cuts both ways. If the reasoning behind the
ban is sound, then it will enhance our reputation for all the reasons already
mentioned by Steve and others; if it is not, then our reputation is damaged,
and appropriately so. Public publication ke
e made public.
>
> What do the rest of you think?
The counterargument would be that disclosing our reasons for a ban might show
us as capricious ... which is yet another reason to publish the bans so that we
are also held to account for our decisions.
If the above is unclear: I'm in fa
ian event. It just happens that a Debian person or two
attended and are writing a report.
Also, Martin did announce his attendance in advance:
https://lists.debian.org/debian-project/2013/08/msg00065.html
Regards,
Luca
--
Luca Filipozzi
http://www.crowdrise.com/SupportDebian
--
To UNSUBSC
/seller/npo/
And we could consider leveraging CrowdRise (or Network For Good directly) as a
social fundraising platform.
Be the first to give! (see sig)
--
Luca Filipozzi
http://www.crowdrise.com/SupportDebian
--
To UNSUBSCRIBE, email to debian-project-requ...@lists.debian.org
with a sub
325T06&p1=256&ah=1
[3]
https://lists.debian.org/debian-infrastructure-announce/2013/03/msg00001.html
--
Luca Filipozzi
http://www.crowdrise.com/SupportDebian
signature.asc
Description: Digital signature
encouraging developer engagement
/ ingenuity while avoiding debian.net / debian.org confusion (or
embarrassment, as Raphael suggests, in some cases).
--
Luca Filipozzi
--
To UNSUBSCRIBE, email to debian-project-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20120623181626.ga18...@emyr.net
es aren't and probably don't need to be so long as they
can be restored in a reasonable time-frame.
Cheers,
Luca
--
Luca Filipozzi
Member, Debian System Administration Team
--
To UNSUBSCRIBE, email to debian-project-requ...@lists.debian.org
with a subject of "unsubscribe&quo
---
> grnet (new grnet 4) HP DL380VM host; only if needed
> grnet (new grnet 5) HP DL380VM host; only if needed
>
> --
> Tollef Fog Heen
> UNIX is user friendly, it's just picky about who its friends are
>
>
> --
> To UNSUBSCRIBE, email to debian-project-requ...@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
> Archive: http://lists.debian.org/87vckwx2b3@qurzaw.varnish-software.com
>
--
Luca Filipozzi
signature.asc
Description: Digital signature
On Sat, Apr 07, 2012 at 06:57:47PM +0200, "Steffen M?ller" wrote:
> I am starting to enjoy this.
>
> On Sat, Apr 07, 2012 at 11:03:07PM +0000, Luca Filipozzi wrote:
> > On Sat, Apr 07, 2012 at 12:23:21PM +0200, Enrico Zini wrote:
> > > On Thu, Apr 05, 2012 at
;definitions" has unwelcome
> connotations.
The first 'define' might want to be 'identify' and the second 'perceive'
for
"It doesn't matter how you identify yourself or how others perceive
you: we welcome you."
Or possibly:
"It doe
contributions to the
Project in non-technical areas"
micro suggestion: s/will value/values/
the rest of the statment is in present tense; let's not use future tense
for how much we will value and encourage participation; "will" is to
much like "try"; do or do not :)
(thanks francesca)
--
Luca Filipozzi
signature.asc
Description: Digital signature
pplaud Stefano's effort to secure additional funding for
the project.
While I'd prefer having unencumberd cash donations and preferential
(manufacturer's internal cost) hardware pricing, I'm willing to explore
the DDG relationship, especially if we offer users the ability to
o this mail on -project or contacting us at
debian-ad...@lists.debian.org.
Regards,
Luca Filipozzi on behalf of the Debian System Administration Team
--
Luca Filipozzi, Member
Debian System Administration Team
--
To UNSUBSCRIBE, email to debian-project-requ...@lists.debian.org
with a subje
o this mail on -project or contacting us at
debian-ad...@lists.debian.org.
Regards,
Luca Filipozzi on behalf of the Debian System Administration Team
--
Luca Filipozzi, Member
Debian System Administration Team
--
To UNSUBSCRIBE, email to debian-project-requ...@lists.debian.org
with a subje
57 matches
Mail list logo
