Hi there,
let me summarise what we will carry out during the upcoming hackathon
besides a load of other stuff:
- (mandatory) introduction of HTTPS besides http support
- (mandatory) sorting the maintainership/ownership of suckless repos
(incl. the right to commit/accept/deny patch contributions)
my grandmother also got all her pots stolen when she gave it to a
person promising to bless them against bad ghosts. pgp is just a more
modern version of that tale they told.
some are apparently using the pgp tale to associate their names to
random software projects. probably didn't manage to get
I’m curious as to what the general criticisms of PGP are that sparked much of
this discussion - I’m somewhat ignorant on the subject but the general
consensus elsewhere seems to be that more PGP usage = better overall security.
Would really like to learn a bit more about what issues it has.
nsm
I also support using openPGP signatures, at least optionally. I think that
HTTPS would allay most of my concerns, but I'd like the option for further
validation, and it's not hard to automate.
-Chris
On Aug 24, 2017, at 3:41 PM, hiro <23h...@gmail.com> wrote:
>> does not hurt anyone and does n
Le 24/08/2017 à 01:59, fao_ a écrit :
Is the suckless project packing a replacement to my favorite pager,
less(1)? Or is the advice to just use something like screen or tmux. I
don't really want to bother installing and learning those when `less` meets
my needs perfectly.
As far as I can tell, t
> does not hurt anyone and does not force
> anyone to use it.
wtf is this bullshit rhetoric even called?
i guess i'll keep on calling it mental retardation...
On Thu, Aug 24, 2017 at 12:02:35PM -0500, Joshua Haase wrote:
> Laslo Hunhold writes:
>
> > On Thu, 24 Aug 2017 11:02:46 +0200
> > ilf wrote:
> >
> > As nice as PGP sounds, I think it has seen its best days already for
> > general usage. I know no package manager that implements this model
> > (
Laslo Hunhold writes:
> On Thu, 24 Aug 2017 13:45:35 +0200
> Hiltjo Posthuma wrote:
>
>> I think it's a good idea if we start to (optionally) sign (git)
>> releases. This can be discussed further.
>
> This is something I would support! :) We could go as far to tell
> dl.suckless.org to automatic
Laslo Hunhold writes:
> On Thu, 24 Aug 2017 11:02:46 +0200
> ilf wrote:
>
> As nice as PGP sounds, I think it has seen its best days already for
> general usage. I know no package manager that implements this model
> (tell if there is one). The ones I know use hashes.
pacman uses signatures to
On Thu, 24 Aug 2017 10:41:15 -0600
Aaron Toponce wrote:
Hey Aaron,
> There is no software on that github repository. It's all raw text.
maybe it's all raw text to us now, but who says they won't add
systemd-aarond to interpret this text as instructions to systemd to
turn each and every single c
Quoth Aaron Toponce:
> On Thu, Aug 24, 2017 at 12:45:15AM +0200, hiro wrote:
> > Any responsible suckless person should not download Aaron's software.
> > I cannot guarantee it's not ransomware!
>
> There is no software on that github repository. It's all raw text.
He's just trolling you, while im
On Thu, Aug 24, 2017 at 01:22:33PM +0200, Laslo Hunhold wrote:
> I won't support the PGP snake-oil movement just so you can sleep well
> at night. If you want to go with maximum trust, you can compare the
> tarball-contents with the status of the git-repo at a certain tag.
I'll continue to push ch
On Thu, Aug 24, 2017 at 12:45:15AM +0200, hiro wrote:
> Any responsible suckless person should not download Aaron's software.
> I cannot guarantee it's not ransomware!
There is no software on that github repository. It's all raw text.
--
. o . o . o . . o o . . . o .
. . o . o o o .
On Thu, 24 Aug 2017 13:45:35 +0200
Hiltjo Posthuma wrote:
Hey Hiltjo,
> We must have scripts for this. Generating the SHA256 checksums was
> easy. There were 2 checksums missing for surf which were fixed. If we
> automate this then there is less chance to forget anything. We should
> remove MD5
FWIW, as someone who mostly just a user of suckless stuff, I like
OpenPGP signing too. I don't have a strong opinion of git tags vs
tarballs for signing, either is good. It's nice to have a properly
secure proof of authenticity that doesn't depend on the link not
being compromised.
I'm really
On 24 August 2017 at 13:33, Greg Reagle wrote:
> On Thu, Aug 24, 2017, at 05:01, Anselm R Garbe wrote:
>> On 24 August 2017 at 01:59, fao_ wrote:
>> > Is the suckless project packing a replacement to my favorite pager,
>> > less(1)? Or is the advice to just use something like screen or tmux. I
>>
Laslo Hunhold:
I know no package manager that implements this model (tell if there is
one).
https://wiki.debian.org/SecureApt
Another cool project: https://hannes.nqsb.io/Posts/Conex
But since suckless doesn't have an OS (yet), the debate is not about
package managers, but source releases. An
On Thu, Aug 24, 2017 at 01:22:33PM +0200, Laslo Hunhold wrote:
> On Thu, 24 Aug 2017 11:02:46 +0200
> ilf wrote:
>
> Dear ilf,
>
> > HTTPS is good, and it's the new default:
> > https://www.eff.org/deeplinks/2017/02/were-halfway-encrypting-entire-web
> > The hierarchical trust model of X.509 ma
On Wed, Aug 23, 2017, at 19:59, fao_ wrote:
> Is the suckless project packing a replacement to my favorite pager,
> less(1)? Or is the advice to just use something like screen or tmux. I
> don't really want to bother installing and learning those when `less`
> meets
> my needs perfectly.
>
> As f
On Thu, Aug 24, 2017, at 05:01, Anselm R Garbe wrote:
> On 24 August 2017 at 01:59, fao_ wrote:
> > Is the suckless project packing a replacement to my favorite pager,
> > less(1)? Or is the advice to just use something like screen or tmux. I
> > don't really want to bother installing and learning
On Thu, Aug 24, 2017 at 11:02:46AM +0200, ilf wrote:
> I want to stronly advocate for OpenPGP signatures of releases.
>
> HTTPS is good, and it's the new default:
> https://www.eff.org/deeplinks/2017/02/were-halfway-encrypting-entire-web
> The hierarchical trust model of X.509 make it suitable for
On Thu, 24 Aug 2017 11:02:46 +0200
ilf wrote:
Dear ilf,
> HTTPS is good, and it's the new default:
> https://www.eff.org/deeplinks/2017/02/were-halfway-encrypting-entire-web
> The hierarchical trust model of X.509 make it suitable for many
> things, but for signing code that we build and run on
On Wed, 23 Aug 2017 20:28:12 -0500
Daniel Xu wrote:
Hey Daniel,
> I'm currently familiarizing myself with various pieces of suckless
> code. One thing keeps bothering me, though:
>
> What is EARGF() and ARGF() shorthand for? I can more or less tell what
> they do but the best I can come up with
On Thu, Aug 24, 2017 at 12:59:59AM +0100, fao_ wrote:
> Is the suckless project packing a replacement to my favorite pager,
> less(1)? Or is the advice to just use something like screen or tmux. I
> don't really want to bother installing and learning those when `less` meets
> my needs perfectly.
>
I want to stronly advocate for OpenPGP signatures of releases.
HTTPS is good, and it's the new default:
https://www.eff.org/deeplinks/2017/02/were-halfway-encrypting-entire-web
The hierarchical trust model of X.509 make it suitable for many things,
but for signing code that we build and run on
On 24 August 2017 at 01:59, fao_ wrote:
> Is the suckless project packing a replacement to my favorite pager,
> less(1)? Or is the advice to just use something like screen or tmux. I
> don't really want to bother installing and learning those when `less` meets
> my needs perfectly.
>
> As far as I
Hi everyone!
I have attempted to write patches for some annoying behaviour in dvtm. Resizing
a window while a full-screen application has enabled the alternate buffer can
affect the normal buffer and its cursor in some unexpected ways. I think I
understand what is happening and I have tried wri
27 matches
Mail list logo
