Re: [gentoo-dev] SSL-Certificates and CAcert

2007-09-28 Thread Lars Weiler 
* Robin H. Johnson [EMAIL PROTECTED] [07/09/27 15:11 -0700]:
 Go and read ALL of this bug:
 http://bugs.gentoo.org/show_bug.cgi?id=108944
 Pylon and myself, as folk in favour of CA-Cert tried to get the ball
 rolling to get Organization-level certs from CACert. It seems to have
 long blocked on trustees and paperwork - both on our side, and on the
 side of CACert (Inclusion in Mozilla is blocking on the CACert internal
 audit).

Funny thing, I just checked my CACert-account (as I had to
assure some other people) and found out that I'm listed as
Org Admin for gentoo.org, but with the comment to be
completed.

I filed a request to CACert in March, but it seems that I
must have missed the response or they are waiting for the
paperwork by the foundation.  I'll look into the open issues
and will keep you informed about the process (preferably in
the named bug).

Regards, Lars

-- 
Lars Weiler  [EMAIL PROTECTED]  +49-171-1963258
Instant Messaging : [EMAIL PROTECTED]
Gentoo Linux PowerPC  : Developer
Gentoo Infrastructure : CVS/SVN Administrator


pgpMcaAEaeLMy.pgp
Description: PGP signature

Re: [gentoo-dev] SSL-Certificates and CAcert

2007-09-28 Thread Mike Williams 
On Friday 28 September 2007 01:10:48 Robin H. Johnson wrote:
  Is there a reason that my Godaddy suggestion in the bug isn't being
  considered? Regardless of what you may think of them as a company, they
  offer the same free type of certificate to open source projects just like
  cacert, and with what looks to be considerable less overhead.  I
  understand that cacert is more open sourcy than godaddy, but if they're
  as much of a roadblock as the Trustees are in this case, maybe going that
  route would enable us to move forward?

 See my comment #14, regarding regenerating the certs [1] each time the set
 of SSL vhosts on a box changes. For mail services, this isn't really an
 issue, but for web services it's a big one. Wildcards only work in
 Mozilla, and nowhere else [2].

 [1]
 http://wiki.cacert.org/wiki/VhostTaskForce#head-7236c4e2c9932ef42056b3ff6d3
67053081887de [2] http://wiki.cacert.org/wiki/WildcardCertificates

Wildcard certs work with all browsers, even wget and lynx, and one wildcard 
will cover anything *.gentoo.org, but not *.*.gentoo.org. No regeneration 
necessary.
That wiki page I believe only talks about *'s in different places, which is 
not supported.
I personally use the same wildcard cert for webmail via apache, imap/pop via 
courier, and SMTP.

-- 
Mike Williams
--
[EMAIL PROTECTED] mailing list

[gentoo-dev] Re: SSL-Certificates and CAcert

2007-09-28 Thread Duncan 
Robin H. Johnson [EMAIL PROTECTED] posted
[EMAIL PROTECTED], excerpted below, on 
Thu, 27 Sep 2007 17:10:48 -0700:

 If there aren't too many AND we can get a dedicated IP for each of those
 services, I'd like to suggest the following, as an easily doable and
 low-overhead (in terms of Trustees/paperwork) solution:
 
 1. On the services identified, get extra IPs, and use the free GoDaddy
 certs.
 2. On other services use the Gentoo-CA approach.

There's probably a reason this won't work, since I've yet to see it 
brought up here and it's not mentioned on the bug either, but hey, I 
don't know said reason, and it's worth the shot...

Would it be possible to setup a gentoo-certs package, versioned like any 
other, with USE flags if necessary for installing where various browsers, 
etc can see them?

The idea being, any time a certificate changes you create a new version 
of gentoo-certs.  Security-clueless users can simply be told about this 
package, and should reasonably quickly get the idea of checking for an 
upgrade any time they get a security warning.  Certs in this package 
would then be accepted by default, while allowing users the option of 
installing the package or not, plus the possible USE flags, as well as 
configuring their browser manually to reject the certs, if desired.

That would be easier in some ways and harder in others, than setting up a 
full Gentoo-CA.  However, Gentoo devs deal with packages every day, while 
I doubt many deal with CA signing every day (umm... from the bug it looks 
like a couple devs do... enough anyway if not every day), so it might be 
more routine and thus easier for Gentoo to go the package route, even if 
it's harder in the absolute.

I'd think you need to merge or update this package would suffice for 
the security-clueless, while the security-clueful already know the 
deal, so no big deal for them, tho it'd lessen the hassle factor for them 
as well.

-- 
Duncan - List replies preferred.   No HTML msgs.
Every nonfree program has a lord, a master --
and if you use the program, he is your master.  Richard Stallman

-- 
[EMAIL PROTECTED] mailing list

Re: [gentoo-dev] Last rites: app-cdr/kover

2007-09-28 Thread Wulf C. Krueger 
On Tuesday, 21. August 2007 14:23:44 Wulf C. Krueger wrote:
 # Wulf C. Krueger [EMAIL PROTECTED] (21 Aug 2007)
 # Stable version doesn't compile, unstable version is partly broken.
 # Application is conceptionally wrong. More details on bug 187251.
 # Use app-cdr/koverartist instead.
 # Masked for removal in 30 days.
 app-cdr/kover

Gone from both the tree and package.mask.


signature.asc
Description: This is a digitally signed message part.

Re: [gentoo-dev] Re: SSL-Certificates and CAcert

2007-09-28 Thread Robin H. Johnson 
On Fri, Sep 28, 2007 at 09:31:24AM +, Duncan wrote:
 Would it be possible to setup a gentoo-certs package, versioned like any 
 other, with USE flags if necessary for installing where various browsers, 
 etc can see them?
That fails/makes-it-complicated for somebody accessing the Gentoo SSL
services outside a Gentoo system.

-- 
Robin Hugh Johnson
Gentoo Linux Developer  Infra Guy
E-Mail : [EMAIL PROTECTED]
GnuPG FP   : 11AC BA4F 4778 E3F6 E4ED  F38E B27B 944E 3488 4E85


pgpHq4JdfDhGF.pgp
Description: PGP signature

[gentoo-dev] stripping out the DO NOT REPLY from bugzie emails

2007-09-28 Thread Andrew Gaffney 
It seems that not everybody loves the new DO NOT REPLY TO THIS EMAIL header at 
the top of every bugzie email as much as robbat2 does. Because of that, robbat2, 
KingTaco, and I came up with a procmail recipe that uses sed to filter that new 
message out of bugzie emails.


This has not actually been tested on incoming mails, so it may rape/eat your 
dog/sister. Enjoy.


# Strip out DO NOT REPLY lines from bugzie emails
:0 Hfw
* ^From: [EMAIL PROTECTED]
| sed -e '/^DO NOT REPLY TO THIS EMAIL/,+2d'

--
Andrew Gaffney http://dev.gentoo.org/~agaffney/
Gentoo Linux Developer Catalyst/Installer + x86 release coordinator
--
[EMAIL PROTECTED] mailing list

Re: [gentoo-dev] stripping out the DO NOT REPLY from bugzie emails

2007-09-28 Thread Andrew Gaffney 

Andrew Gaffney wrote:
It seems that not everybody loves the new DO NOT REPLY TO THIS EMAIL 
header at the top of every bugzie email as much as robbat2 does. Because 
of that, robbat2, KingTaco, and I came up with a procmail recipe that 
uses sed to filter that new message out of bugzie emails.


This has not actually been tested on incoming mails, so it may rape/eat 
your dog/sister. Enjoy.


# Strip out DO NOT REPLY lines from bugzie emails
:0 Hfw
* ^From: [EMAIL PROTECTED]
| sed -e '/^DO NOT REPLY TO THIS EMAIL/,+2d'


Okay, I just had it tested in the wild. It works just fine. Double enjoy!

--
Andrew Gaffney http://dev.gentoo.org/~agaffney/
Gentoo Linux Developer Catalyst/Installer + x86 release coordinator
--
[EMAIL PROTECTED] mailing list

[gentoo-dev] Re: [gentoo-commits] gentoo-x86 commit in media-video/mplayer: ChangeLog mplayer-1.0_rc1_p20070927.ebuild

2007-09-28 Thread Donnie Berkholz 
On 15:35 Thu 27 Sep , Steve Dibb (beandog) wrote:
 beandog 07/09/27 15:35:24
 
   Modified: ChangeLog
   Added:mplayer-1.0_rc1_p20070927.ebuild
   Log:
   Subversion bump, install a52 by default with dvd use flag, switch xvmc 
 linking back to generic lib
   (Portage version: 2.1.3.9)

 1.1  media-video/mplayer/mplayer-1.0_rc1_p20070927.ebuild
 
 file : 
 http://sources.gentoo.org/viewcvs.py/gentoo-x86/media-video/mplayer/mplayer-1.0_rc1_p20070927.ebuild?rev=1.1view=markup
 plain: 
 http://sources.gentoo.org/viewcvs.py/gentoo-x86/media-video/mplayer/mplayer-1.0_rc1_p20070927.ebuild?rev=1.1content-type=text/plain

   # DVB / Video4Linux / Radio support
   if ( use dvb || use v4l || use v4l2 || use radio ); then

There's no reason to use a subshell here.

   if ( use dvb || use v4l || use v4l2 )  use radio; then

Same here, although I might switch the logic around so 'use radio' is 
first.

   if [ -e /dev/.devfsd ]; then

Dependence on the build system is bad.

   echo ${myconf}  ${T}/configure-options

Quotes on T.

   make prefix=${D}/usr \
BINDIR=${D}/usr/bin \
LIBDIR=${D}/usr/$(get_libdir) \
CONFDIR=${D}/etc/mplayer \
DATADIR=${D}/usr/share/mplayer \
MANDIR=${D}/usr/share/man \
install || die Failed to install MPlayer!

emake broken here? Also needs quotes on D.

   if [ -d ${ROOT}/usr/share/mplayer/Skin/default ]

This needs quotes or double brackets.

   if [ -L ${ROOT}/usr/share/mplayer/font -a \
! -e ${ROOT}/usr/share/mplayer/font ]
   then
   rm -f ${ROOT}/usr/share/mplayer/font
   fi
 
   if [ -L ${ROOT}/usr/share/mplayer/subfont.ttf -a \
! -e ${ROOT}/usr/share/mplayer/subfont.ttf ]
   then
   rm -f ${ROOT}/usr/share/mplayer/subfont.ttf

Quotes here too.

Thanks,
Donnie
-- 
[EMAIL PROTECTED] mailing list

[gentoo-dev] Re: [gentoo-commits] gentoo-x86 commit in dev-java/java-gnome: ChangeLog java-gnome-4.0.4.ebuild

2007-09-28 Thread Donnie Berkholz 
On 20:13 Thu 27 Sep , Petteri Raty (betelgeuse) wrote:
 betelgeuse07/09/27 20:13:33
 
   Modified: ChangeLog
   Added:java-gnome-4.0.4.ebuild
   Log:
   Version bump for bug #193951.
   (Portage version: 2.1.3.9)

 1.1  dev-java/java-gnome/java-gnome-4.0.4.ebuild
 
 file : 
 http://sources.gentoo.org/viewcvs.py/gentoo-x86/dev-java/java-gnome/java-gnome-4.0.4.ebuild?rev=1.1view=markup
 plain: 
 http://sources.gentoo.org/viewcvs.py/gentoo-x86/dev-java/java-gnome/java-gnome-4.0.4.ebuild?rev=1.1content-type=text/plain

 src_compile() {
   ./configure --prefix=/usr || die
 
   make || die Compilation of java-gnome failed
 
   if use doc; then
   make doc || die Making documentation failed
   fi
 }

It can't use econf or emake? Would be nice to add some comments to that 
effect.

Thanks,
Donnie
-- 
[EMAIL PROTECTED] mailing list

[gentoo-dev] Re: [gentoo-commits] gentoo-x86 commit in sys-apps/portage: ChangeLog portage-2.1.3.11.ebuild portage-2.1.3.10.ebuild

2007-09-28 Thread Donnie Berkholz 
On 23:10 Fri 28 Sep , Zac Medico (zmedico) wrote:
 zmedico 07/09/28 23:10:10
 
   Modified: ChangeLog
   Added:portage-2.1.3.11.ebuild
   Removed:  portage-2.1.3.10.ebuild
   Log:
   2.1.3.11 bump. This fixes bugs #192706, #193548, and #194081. Most
   important is bug #194081 which is a regression in 2.1.3.10 that causes
   'Device or resource busy' errors during unmerge. Bug #194041 tracks
   all bugs fixed since 2.1.3.9.
   (Portage version: 2.1.3.11)
 
 Revision  ChangesPath
 1.446sys-apps/portage/ChangeLog
 
 file : 
 http://sources.gentoo.org/viewcvs.py/gentoo-x86/sys-apps/portage/ChangeLog?rev=1.446view=markup
 plain: 
 http://sources.gentoo.org/viewcvs.py/gentoo-x86/sys-apps/portage/ChangeLog?rev=1.446content-type=text/plain
 diff : 
 http://sources.gentoo.org/viewcvs.py/gentoo-x86/sys-apps/portage/ChangeLog?r1=1.445r2=1.446

 @@ -43,24 +51,6 @@
08 Sep 2007; Joseph Jezak [EMAIL PROTECTED] portage-2.1.2.12.ebuild:
Marked ppc64 stable for bug #189289.
  
 -*portage-2.1.3.8 (07 Sep 2007)
 -
 -  07 Sep 2007; Zac Medico [EMAIL PROTECTED] +portage-2.1.3.8.ebuild:
 -  2.1.3.8 bump. This fixes bugs #110443, #190144, #190214, #190268,
 -  #190406. Bug #181949 tracks all bugs fixed since 2.1.2.x. This release
 -  also includes a merge order optimization that causes installed
 -  dependencies to be rebuilt earlier which helps avoid build failures
 -  during `emerge -e system` after the CHOST has been changed (like when
 -  building a stage3 from a stage2).
 -

You deleted a huge chunk of the ChangeLog. Might want to check for bugs 
in whatever tool you're using.

Thanks,
Donnie
-- 
[EMAIL PROTECTED] mailing list

[gentoo-dev] Re: [gentoo-commits] gentoo-x86 commit in app-misc/supercat: ChangeLog supercat-0.5.2.ebuild

2007-09-28 Thread Donnie Berkholz 
On 00:23 Sat 29 Sep , Olivier Crete (tester) wrote:
 1.1  app-misc/supercat/supercat-0.5.2.ebuild
 
 file : 
 http://sources.gentoo.org/viewcvs.py/gentoo-x86/app-misc/supercat/supercat-0.5.2.ebuild?rev=1.1view=markup
 plain: 
 http://sources.gentoo.org/viewcvs.py/gentoo-x86/app-misc/supercat/supercat-0.5.2.ebuild?rev=1.1content-type=text/plain
 
 Index: supercat-0.5.2.ebuild
 ===
 # Copyright 1999-2007 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
 # $Header: /var/cvsroot/gentoo-x86/app-misc/supercat/supercat-0.5.2.ebuild,v 
 1.1 2007/09/29 00:23:14 tester Exp $
 
 DESCRIPTION=A text file colorizer using powerful regular expressions
 HOMEPAGE=http://supercat.nosredna.net;
 SRC_URI=http://supercat.nosredna.net/${P}.tar.gz;
 
 LICENSE=GPL-3
 SLOT=0
 KEYWORDS=~amd64 ~x86
 IUSE=
 
 DEPEND=
 RDEPEND=
 src_install() {
   emake DESTDIR=${D} install || die Install failed!
 
   dodoc ChangeLog
 }

This is a pretty simple ebuild, but it still manages to have basic QA 
issues like quoting on D.

Thanks,
Donnie
-- 
[EMAIL PROTECTED] mailing list