Re: [gentoo-dev] Kerberos Maintainence
Hi Paul, On Wednesday 13 February 2008, Paul B. Henson wrote: On Tue, 12 Feb 2008, Sune Kloppenborg Jeppesen wrote: On Monday 10 December 2007 15:41:47 Doug Klima wrote: [snip] One of my staff members is currently being mentored to become a developer, he is going to offer to maintain MIT Kerberos once he's done. We're running Kerberos on Gentoo here and it's rather important to us. I'm not sure of the current state of his mentorship, but he did just have his first baby Monday so it's probably not the top thing on his mind :)... Congratulations that sounds excellent! Do we have any rough ETA of when we have a maintainer? -- Sune Kloppenborg Jeppesen Gentoo Linux Security Team -- gentoo-dev@lists.gentoo.org mailing list
Re: [gentoo-dev] Kerberos Maintainence
On Monday 10 December 2007 15:41:47 Doug Klima wrote: [snip] Short version, we need a Heimdal and MIT-KRB5 maintainer. Preferably 2 since Heimdal and MIT are different. Did we get any maintainers for these packages? metadata/herds is still empty. If we don't get any maintainers I think we should consider Gentoo Kerberos for the future. -- Sune Kloppenborg Jeppesen Gentoo Linux Security Team -- gentoo-dev@lists.gentoo.org mailing list
Re: [gentoo-dev] Good-bye
On Sunday 25 November 2007, Seemant Kulleen wrote: I wanted to add this bit of info, sorry: Despite my efforts, I've been unable to find any replacements to take over kerberos maintenance. Obviously, heimdal has been unmaintained for even longer, but mit-krb5 is now orphaned as well. I would encourage interested devs or interested users to see about taking care of those packages. I bet the security team would also be grateful for someone taking care of kerberos. Best of luck to you Seemant. -- Sune Kloppenborg Jeppesen Gentoo Linux Security Team -- [EMAIL PROTECTED] mailing list
Re: [gentoo-dev] RFC: new project gentoo-extreme-security
On Monday 22 October 2007 06:04:58 Donnie Berkholz wrote: On 01:42 Mon 22 Oct , Alexander Gabert wrote: this is a request for comments on a new project: http://www.gentoo.org/proj/en/extreme-security/ This sounds interesting, though the project page is not very specific. I'm curious whether this would be better-placed as a subproject of either the security or hardened projects. Why do you think it would be better off independent? The Security Team as it stands now is mostly reactive and not proactive so I don't think it would fit very well as a sub project of security. Hardened is another matter. -- Sune Kloppenborg Jeppesen (Jaervosz) Gentoo Linux Security Team http://security.gentoo.org -- [EMAIL PROTECTED] mailing list
Re: [gentoo-dev] Zombie: Sven Vermeulen (swift)
On Wednesday 18 July 2007 23:22, Petteri Räty wrote: Your doc zombie Sven Vermeulen has risen from his grave and is back to beat www.gentoo.org/doc/en with his fingers. Give him the usual welcome with nice head shots. A bit late but welcome back Sven! -- Sune Kloppenborg Jeppesen Gentoo Linux Security Team -- [EMAIL PROTECTED] mailing list
Re: [gentoo-dev] New developer: Pierre-Yves Rofes (p-y)
Please give him the usual flamy welcome. /me hugs Pierre-Yves -- Sune Kloppenborg Jeppesen Gentoo Linux Security Team -- [EMAIL PROTECTED] mailing list
Re: [gentoo-dev] ML changes
On Friday 13 July 2007 01:17, Marius Mauch wrote: On Thu, 12 Jul 2007 15:43:59 -0700 Chrissy Fullam [EMAIL PROTECTED] wrote: An additional method discussed was to have all non-dev emails on a timeout, pick a number of hours, and then the email if not moderated would be released. (non-dev sends his email, time period expires and no one booted it, so the email rolls through) For what it's worth, _IF_ this proposal goes through I'd strongly prefer that mode of operation, so that moderation can't become a limiting factor. Marius PS: Am I the only one who missed both reminders for the meeting? No, I missed them and the meeting as well:-( Before I recently joined the council I was against implementing the Proctors but now that we they apparently have been disbanded I think we're better off with an open -dev than some form of moderation. Flamefest contributors should be temporarily blacklisted. We can have a -dev-announce or -dev-info for devs that don't want to wade through all the mails here on -dev. We still need -core for private communications and need input on -dev from non-devs. As a very busy person I wouldn't want the extra burden of moderating emails to -dev. /me smacks himself for missing the meeting -- Sune Kloppenborg Jeppesen Gentoo Linux Security Team -- [EMAIL PROTECTED] mailing list
Re: [gentoo-dev] ML changes
On Friday 13 July 2007 03:41, Daniel Ostrow wrote: On Thu, 2007-07-12 at 13:24 -0700, Mike Doty wrote: alot of good stuff snipped Works for me. -- Sune Kloppenborg Jeppesen Gentoo Linux Security Team -- [EMAIL PROTECTED] mailing list
Re: [gentoo-dev] Re: Nominations open for the Gentoo Council 2007/08
On Monday 02 July 2007 21:10, Torsten Veller wrote: Let me nominate the current council members: Sune Kloppenborg Jeppesen jaervosz YES. When I start on my new job I'll be a lot more online. I'll write some more before election time. But already now I can say that I will work for keeping Gentoo as open as possible, I don't think permanent moderation or any form of censorship will really do us any good. -- Sune Kloppenborg Jeppesen Gentoo Linux Security Team -- [EMAIL PROTECTED] mailing list
Re: [gentoo-dev] PHP security status
On Sunday 15 July 2007 15:02, Hanno Böck wrote: Christian is doing a quite well job in the overlay. I'd prefer if we could merge his work into the main tree. I could do that, although I'd prefer to get some review from other devs. php is a hell to maintain I think. Christian just provided an updated, so now would be a good time to give reviews. More security details on bug 180556¹. ¹ https://bugs.gentoo.org/show_bug.cgi?id=180556 -- Sune Kloppenborg Jeppesen Gentoo Linux Security Team -- [EMAIL PROTECTED] mailing list
Re: [gentoo-dev] Determining ebuild stability and the 30 day suggestion
On Tuesday 19 June 2007 06:40, Luis Francisco Araujo wrote: I use to ask for stabilization of the new version of a package immediately if it is supposed to fix an *important* security problem in the package, so that way we spread as soon as possible the new fix to our users. Not sure if this is documented somewhere as an exception to the 30 days rule, but i have not had problems so far and the stabilization teams have been willing to help me in such a cases. We (the security team) ask for stabilization sooner than 30 days according to our policy¹. AFAIR it has only resulted in a few glitches now and then. When they happen they should be assigned to us to fix any regression. ¹ http://www.gentoo.org/security/en/vulnerability-policy.xml -- Sune Kloppenborg Jeppesen Gentoo Linux Security Team -- [EMAIL PROTECTED] mailing list
Re: [gentoo-dev] New (old) Developer: Deedra Waters (dmwaters)
On Monday 04 June 2007 18:08, Christian Heim wrote: So please give Deedra a warm welcome ! Welcome back Deedra! /me hugs dmwaters -- Sune Kloppenborg Jeppesen (Jaervosz) pgp7H8nDOvFZO.pgp Description: PGP signature
Re: [gentoo-dev] Bye Gentoo!
Hi Bryan, On Thursday 31 May 2007 03:35, Bryan Østergaard wrote: It's with a bit of sadness but also a bit of relief that I'm finally retiring from Gentoo. Thanks for all the work you've done for Gentoo, I know it's not always been fun. Good luck with your future projects and please do keep us posted somehow :-). -- Sune Kloppenborg Jeppesen (Jaervosz) pgpix8gA2CDNX.pgp Description: PGP signature
[gentoo-dev] dev-db/firebird needs an active maintainer
dev-db/firebird is without an active maintainer and have an open security bug #120343 ¹. Anyone willing to take care of this package in the future, please update metadata.xml and CC yourself on the bug. ¹ https://bugs.gentoo.org/show_bug.cgi?id=120343 -- Sune Kloppenborg Jeppesen Gentoo Linux Security Team pgpKJF0GcEaEY.pgp Description: PGP signature
Re: [gentoo-dev] Resignation
On Tuesday 17 April 2007 06:01, Jakub Moc wrote: So Long, and Thanks for All the Fish! I'm sad to see you go but I can't say that I don't understand you. It has been great having you shove security bugs our way when needed. Thank you for your work and best of luck with your future endeavours. -- Sune Kloppenborg Jeppesen (Jaervosz) pgpgmvTNPQKW8.pgp Description: PGP signature
[gentoo-dev] media-gfx/imagemagick needs an active maintainer
media-gfx/imagemagick is without an active maintainer and has two open security bugs #152672 and #173186 (sekretarz seems to be MIA) https://bugs.gentoo.org/show_bug.cgi?id=152672 https://bugs.gentoo.org/show_bug.cgi?id=173186 Anyone willing to take care of this package in the future, please update metadata.xml and CC yourself on the bugs. -- Sune Kloppenborg Jeppesen Gentoo Linux Security Team pgpNxy3jBse9s.pgp Description: PGP signature
Re: [gentoo-dev] baselayout-2 and volumes (raid, lvm, crypt, etc)
On Friday 13 April 2007 21:55, Andrej Kacian wrote: On Fri, 13 Apr 2007 21:40:53 +0200 Jan Kundrát [EMAIL PROTECTED] wrote: So just get a beer and be cool, okay? It's friday, after all... No! No beer until my work shift ends! Then I'll join you. Your work shift ending? Hah you're a dev so your shift never ends :) Who want to drink beer friday night when they can dance with Bugzie while staying on their lazy ass? /me invites Bugzie for another dance and swirls off -- Sune Kloppenborg Jeppesen (Jaervosz) pgpUhhgfAXnto.pgp Description: PGP signature
Re: [gentoo-dev] Why I don't think the CoC is a good idea
On Thursday 15 March 2007 10:15, Jeff Gardner wrote: Alexandre Buisse [EMAIL PROTECTED] wrote: [...] But then, why do we need a Code of Conduct at all? I don't see as we need a CoC at all. The Etiquette policy should suffice. We're all adults here and we don't need another babysitter^H^H^H^H^H^H^H police force to watch our every move. +1 The more I read of this, the more I'm convinced that all this yapping amounts to a few people seeking justification for kicking ciaranm off the list. +1 As for gentoo losing developers over a spat on IRC or a ML, well.. I for one question the motivation and dedication of anyone deciding to resign over something so childish And before drobbins kloeri said that there was no major impact (I don't even think he said major but can't find the reference right now). -- Sune Kloppenborg Jeppesen (Jaervosz) pgp5zDjYtICpE.pgp Description: PGP signature
Re: [gentoo-dev] Introducing the Proctors - Draft Code of Conduct for Gentoo
On Wednesday 14 March 2007 01:25, Grant Goodyear wrote: Ubuntu uses Community Council. I suggested Community Relations. *Shrug* Community Relations sounds fine to me. Here's my problem with it: essentially what you're arguing for the proctors to be is the same as what devrel should be (at least for the part of devrel that is supposed to be looking after community standards). If you're creating a new group because of distrust of devrel, then it makes more sense to either fix devrel (assuming it needs fixing), or disband that part, or put your trust in devrel's current incarnation. (My personal view is that we've had a nearly complete turnover in devrel multiple times since the last set of significant problems, so people should give them a chance, but I realize it's not my call to make.) In any event, the fact that devrel/proctor/whatever decisions can be appealed to the council actually does makes claims of bias less tenable. Yeah, that was my argument as well. I fear new rules are not going to change that. In my eyes the essential thing is that we have strong body (devrel/comrel/protctors) to encourage people to follow policy (wether new or old). Making devs live up to higher standards as a good example would also be encouraging to the process I think. -- Sune Kloppenborg Jeppesen (Jaervosz) pgpJvtUKD2IFR.pgp Description: PGP signature
Re: [gentoo-dev] Introducing the Proctors - Draft Code of Conduct for Gentoo
On Wednesday 14 March 2007 23:02, Ciaran McCreesh wrote: On Wed, 14 Mar 2007 20:31:17 -0100 Jorge Manuel B. S. Vicetto [EMAIL PROTECTED] wrote: No, this cannot have any backward application, nor should it. All contributions made while respecting the guidelines, are valid contributions. Yes, it prevents any further contributions in the future - be it package updates, new features, bug corrections or security updates. So you consider it acceptable to leave Gentoo users open to security holes and crashes because of some personal dislikes? As a member of the security team I don't see us banning patches from any developer based on their behaviour. So let's just cut of that part of the discussion here. -- Sune Kloppenborg Jeppesen (Jaervosz) pgphuqmDEEbgG.pgp Description: PGP signature
Re: [gentoo-dev] Introducing the Proctors - Draft Code of Conduct for Gentoo
On Wednesday 14 March 2007 23:09, Ciaran McCreesh wrote: at do you think users will say when told that their system will remain vulnerable to a remote root hole because Gentoo won't accept a fix from a particular person? Do you think they'll smile, nod and accept that their system is about to get taken over by some kid in Russia, or do you think they'll scream and switch to Ubuntu? As I wrote elsewhere in this thread I think I can safely say that the Security Team is not going to check the origin and behaviour of all patch contributors, for one thing we simply don't have the manpower to do this. So let's just cut the security part off here. -- Sune Kloppenborg Jeppesen (Jaervosz) pgpTWCzX6AHP2.pgp Description: PGP signature
Re: [gentoo-dev] Introducing the Proctors - Draft Code of Conduct for Gentoo
Hiya, On Tuesday 13 March 2007 03:12, Christel Dahlskjaer wrote: Hiya all, As some of you are already aware, I was at the last Council meeting given a Task. This Task was to draft a proposed Code of Conduct for Gentoo, and a scheme for enforcing it. The current version of this proposal can be found at http://dev.gentoo.org/~christel/coc.xml comments and suggestions both on- and off-list are appreciated. Any input will have to be received by Thursday, 15 March, 1200GMT in order to be useful; the Council will be voting on it later that day at 2100UTC. I wrote to Christel earlier today about this. But AFAIR we usually have at least a week to discuss such proposals. Apart from that enforcing our users this code of conduct with only three days of discussion is not what I find user friendly. Before getting into any detail, perhaps in another mail, I have one objection to this proposal. I think it is a waste of time giving more paper rules for Devrel to enforce http://svn.digium.com/view/asterisk/branches/1.2/channels/chan_sip.c?r1=58052r2=56230as long as they are in effect powerless to stop Gentoo developers from bad behaviour. As long as we as a group of developers can't even live up to the code of conduct we have agreed upon I don't think it is wise to enforce such conduct on the rest of the community. I do support more power to Devrel but lets try to keep the house clean before we take care of the garden. Thank you for your time. -- Sune Kloppenborg Jeppesen (Jaervosz) pgpeEz7pXgMtj.pgp Description: PGP signature
Re: [gentoo-dev] Introducing the Proctors - Draft Code of Conduct for Gentoo
On Tuesday 13 March 2007 13:05, Sune Kloppenborg Jeppesen wrote: http://svn.digium.com/view/asterisk/branches/1.2/channels/chan_sip.c?r1=580 52r2=56230 Woops just disregard that paste in the middle of it all:-) My mouse is severly lacking on this box while compiling :-( -- Sune Kloppenborg Jeppesen (Jaervosz) pgpA58BtCnUoI.pgp Description: PGP signature
Re: [gentoo-dev] Introducing the Proctors - Draft Code of Conduct for Gentoo
On Tuesday 13 March 2007 13:32, Paul de Vrieze wrote: First of all, I think most part of the code is just common sense. That's also the reason that it is not explicit about many things. Strictly defined rules don't apply in all situations, and jerks find ways around them or to argue that the rule does not apply to them. I agree. -However I fail to see which channels are affected and which are not? -Who's going to enfore it(I just presumed it to be Devrel but it could also be the Council itself)? -What are the appeal options if any? And with only three days for commenting this seems like a rushed proposal that is better postponed to the next meeting. AFAIR we've had similar issues postponed just because of this deadline. Let's give all devs and near devs a chance to speak up. The modus operandi should be: We (council) define what is acceptable behaviour. If you don't like it, vote us off and get a better council. Until that time, comply. To me that is the only way to avoid free for all. We have seen that taping things over doesn't work. So the current situation is: We have both devs and non-devs disregard normal code of conduct. We have a written policy about dev behaviour but haven't enforced it on several occasions so now we are going to try regulating the users instead? Shouldn't we just try to behave ourselves before trying to make others behave? (no flames or blames intended, it's just how I see it) Before getting into any detail, perhaps in another mail, I have one objection to this proposal. I don't see how this is an objection. It sound more like a remark or observation. Naturally the enforcement needs to happen and infrastructure must be supportive to that (e.g. by providing do-it-yourself tools to devrel). As long as Devrel doesn't have the power to enforce it I don't see a point. If the Council has the power to enforce this fairly, then great. I do support more power to Devrel but lets try to keep the house clean before we take care of the garden. Well, I don't consider -dev to be our garden, but rather gentoo's living with an open door policy. Most participants are either devs, or are close to being devs. In any case they are not general users. As for -dev you're right. But again the proposal is so vague it only mentions Gentoo's official communication infrastructure. I take this to mean all mailing lists, forums, IRC. So in my eyes it will affect general users as well. ps. I would also like to suggest that the devrels looks at things like micro bans. That is, banning someone for a couple of days from sending to the mailing list. This could be effective against e.g. people who continue to feed trolls after being warned not to do so. Seems like a better and less heavy handed approach to me. -- Sune Kloppenborg Jeppesen (Jaervosz) pgpHwqWQ94yVp.pgp Description: PGP signature
Re: [gentoo-dev] Introducing the Proctors - Draft Code of Conduct for Gentoo
On Tuesday 13 March 2007 15:11, Chris Gianelloni wrote: We should be enforcing this on all channels. It shouldn't be OK to be an asshole on one medium and not another. Ack. -What are the appeal options if any? Council. Then it should perhaps be mentioned in the proposal. So the current situation is: We have both devs and non-devs disregard normal code of conduct. We have a written policy about dev behaviour but haven't enforced it on several occasions so now we are going to try regulating the users instead? Shouldn't we just try to behave ourselves before trying to make others behave? Uhh, no. This gets enforced on devs and users alike. I wouldn't bring it up in the first place, but we've had previous examples with devs calling other devs not so kind things and to my knowledge it didn't result in any action. I seem to remember a rather active dev taking it not so lightly, resulting in one less dev and no action from Devrel/Council. As long as Devrel doesn't have the power to enforce it I don't see a point. If the Council has the power to enforce this fairly, then great. As many people have stated before, the Council really has as much power as its willing to take. Up until now, we've been very leery of taking on any form of power to reduce the chance of people calling us some kind of cabal. At the same time, we've realized that we were elected to do *exactly this sort of thing* so we've decided collectively to step up and take charge. If people don't like it, they can vote for other people next time around. ;] I look forward to seeing that. However given that the current Council have been active for 8+ months with no action on this subject, I don't see any harm in giving proper time to discuss this? In the mean time we could just try to enforce the dev Etiquette policy that we've had a long time. As for -dev you're right. But again the proposal is so vague it only mentions Gentoo's official communication infrastructure. I take this to mean all mailing lists, forums, IRC. So in my eyes it will affect general users as well. I look at anything with a gentoo.org address as our house. While some might disagree with this statement, I'm pretty sure this is the stance we're taking on it. So this doesn't apply to the Gentoo IRC channels? -- Sune Kloppenborg Jeppesen (Jaervosz) pgpnVSzrRxBd7.pgp Description: PGP signature
Re: [gentoo-dev] Introducing the Proctors - Draft Code of Conduct for Gentoo
On Tuesday 13 March 2007 22:09, Grant Goodyear wrote: Thanks for the work on the new doc; it's much appreciated. snipped Despite how critical I'm being, I really do appreciate the work that has gone into this so far. Thank you very much. I agree on all points. -- Sune Kloppenborg Jeppesen (Jaervosz) pgpMM48inQ5oK.pgp Description: PGP signature
Re: [gentoo-dev] New developer: Vic Fryzel (shellsage)
On Sunday 21 January 2007 12:44, Christian Heim wrote: Please welcome Vic as a new fellow developer among us ! Welcome onboard Vic! -- Sune Kloppenborg Jeppesen Gentoo Linux Security Team -- gentoo-dev@gentoo.org mailing list
Re: [gentoo-dev] Re: Re: Versioning the tree
On Friday 01 December 2006 13:47, Chris Gianelloni wrote: Actually, we would have to review the process, since not everything that gets a security bug ends up with a GLSA. My current loose rule is that if it deserves a GLSA, then it deserves and update, but I don't know the exact criteria the security team uses to decide if something warrants a GLSA or not. http://www.gentoo.org/security/en/vulnerability-policy.xml For relation between severity level and GLSA publication see Dispatch. Basically everything that ends up with Trivial severity level will NOT get a GLSA and everything that ends up with Minor severity level will get a vote from the Security team members. Two yes or no votes normally wins. Everything else gets a GLSA. Then you have to add in Security supported architectures, but that's really of no concern to x86. -- Sune Kloppenborg Jeppesen Gentoo Linux Security Team pgp5S2l2N6A2k.pgp Description: PGP signature
Re: [gentoo-dev] New developer: Charlie Shepherd (masterdriverz)
On Tuesday 21 November 2006 22:13, Petteri Räty wrote: It's my pleasure to introduce to you Charlie masterdriverz Shepherd. He is joining us to help with the multiple kernel sources we have in the tree. Maybe we will have master-sources soon? Previously he has been helping in the sunrise overlay and he is also looking to join other herds than kernel. Yezz, another kernel geek to harass with security updates:-) Welcome onboard Charlie! -- Sune Kloppenborg Jeppesen (Jaervosz) pgp1lZF5scA3E.pgp Description: PGP signature
Re: [gentoo-dev] New Developer: Alexander Færøy (eroyf)
On Monday 06 November 2006 20:03, Bryan Østergaard wrote: Hi all. This announcement is slightly late but Alex never the less deserves a warm welcome for all the good work I'm sure he'll be doing in the future. Alex have a mysterious norwegian background but lives in Denmark (some people are a bit concerned about that fact as well..). Adding to his dubious background is the facts that he's a teenager and works for User Relations and the Alpha and Mips teams :) Please give Alex a warm welcome. /me hugs eroyf Welcome to the Danish conspiracy:-) -- Sune Kloppenborg Jeppesen (Jaervosz) pgpsHed1YnDTD.pgp Description: PGP signature
[gentoo-dev] app-admin/{webmin|usermin} needs a temp maintainer
the maintainer of app-admin/{webmin|usermin} eradicator is not responding to bugmail and the packages have an open security bug. https://bugs.gentoo.org/show_bug.cgi?id=145829 Anyone willing to help take care of these packages please CC yourself on the bugs and provide a bump. -- Sune Kloppenborg Jeppesen Gentoo Linux Security Team pgpz0QQKZaKO0.pgp Description: PGP signature
[gentoo-dev] dev-util/cscope needs a temp maintainer
the maintainer of dev-util/cscope mkennedy is not responding to bugmail and the package has an open security bug. https://bugs.gentoo.org/show_bug.cgi?id=144869 Anyone willing to help take care of this package please CC yourself on the bugs and provide a bump. -- Sune Kloppenborg Jeppesen Gentoo Linux Security Team -- gentoo-dev@gentoo.org mailing list
[gentoo-dev] app-crypt/cfs needs a temp maintainer
the maintainer of app-crypt/cfs mkennedy is not responding to bugmail and has an open security bug. https://bugs.gentoo.org/show_bug.cgi?id=142596 Anyone willing to help take care of this package please CC yourself on the bug and provide a bump. -- Sune Kloppenborg Jeppesen Gentoo Linux Security Team pgpqcVyY00mvX.pgp Description: PGP signature
[gentoo-dev] media-gfx/imagemagick needs a temp maintainer
the maintainer of media-gfx/imagemagick sekretarz is not responding to bugmail and the package has two open security bugs. https://bugs.gentoo.org/show_bug.cgi?id=143533 https://bugs.gentoo.org/show_bug.cgi?id=144091 Anyone willing to help take care of this package please CC yourself on the bugs and provide a bump. -- Sune Kloppenborg Jeppesen Gentoo Linux Security Team pgpGj9PaDz2Md.pgp Description: PGP signature
Re: [gentoo-dev] Democracy: No silver bullet
On Thursday 24 August 2006 02:17, Donnie Berkholz wrote: snip When I think about where Gentoo was when we turned into a democracy years ago, and where Gentoo is now, I don't see much of a difference on the large scale. We lack any global vision for where Gentoo is going, we can't agree on who our audience is, and everyone's just working on pretty much whatever they feel like. Some like it that way others don't I think that is normal when you have elections. If more developers will work for a global vision we will have one. The vocal minority often gets its way, despite 99% of the other developers being happy with any given situation. Yeah, that is a problem. Simple rules and stronger enforcement of those rules would be great. All in all, the vocal minority has done a splendid job of becoming more influential, crippling Gentoo's ability to do anything at all about its members, their flames, their outstanding work at ruining people's fun and enjoyment of Gentoo, and their waste of everyone else's time. Then vote for someone else. Being able to work together long term is this project's greatest asset, one far more important than any set of changes to the code, and turning arguments about code into issues that affect our long-term ability to work harmoniously together is just not worth the trade-off by any conceivable stretch of the imagination. ... I agree. If we can't come up with many global technical objectives this could be a good candidate . I'm not the only one to suggest that a democracy isn't the most productive way to run Gentoo. When people wanted to change in how Gentoo was run, democracy was the only option considered, rather than simply changing the leaders. There's an ongoing assumption that if problems exist, it must be somewhere in the structure rather than in the people. Democracy is not just democracy it can be run in many ways. If I could go back in time a couple of years and prevent this democracy from ever happening, I would. If I could fix these problems myself, I would. But it requires buy-in from the entire Gentoo community if we're to do anything about it. I was only a dev for a few months with drobbins so I don't really have any personal experience from that part of the Gentoo history but I definately would not like to abandon the Foundation and work under some arbitrary chief. Going backwards is not the solution. -- Sune Kloppenborg Jeppesen (Jaervosz) Gentoo Linux Security Team -- gentoo-dev@gentoo.org mailing list
Re: [gentoo-dev] Democracy: No silver bullet
On Thursday 24 August 2006 19:40, Mike Doty wrote: Thierry Carrez wrote: [snip] I for one was quite demotivated to see that the Infra team could overrule the Council (and did it twice). how? I don't recall either instance. AFAIR one thing was staff email adresses (sub domain or not) the other I don't remember off hand. -- Sune Kloppenborg Jeppesen Gentoo Linux Security Team pgp5EU2mDOVw4.pgp Description: PGP signature
Re: [gentoo-dev] Gentoo-Status
On Tuesday 22 August 2006 02:06, Ciaran McCreesh wrote: Bringing up something I proposed previously... How about having teams that are considered 'important' (not a fixed list; this can vary depending upon what's going on) or 'to be having issues' deliver status reports to the council for their monthly meeting? Sounds like a better and more dynamic solution to me. -- Sune Kloppenborg Jeppesen Gentoo Linux Security Team pgpAziDkWp2a1.pgp Description: PGP signature
[gentoo-dev] Re: [gentoo-security] SearchSecurity.com: Linux patch problems: Your distro may vary
Hi there, On Monday 07 August 2006 13:42, Wolfram Schlich wrote: Any comments or thoughts about this? Can we become better? Are we maybe better than the author pretends? Does the security team currently face serious problems that need to be solved, be it inside or outside the security team? I am just curious and would be glad to get some feedback :) I saw the article a few days back and here is a short summary of what I think about it: - I'm a bit disappointed with the result. - The Security Team is short on staff so we're not as speedy as we once was :-/ - The scores are not weighted to take severity into account. - No exact references are given to the vulnerabilities in question making it hard to check. - Secunia release dates are not the same as Gentoo release dates as Secunia seldom work during weekends. - Unstable uses usually get the fix hours or even days before the GLSA is issued. - My own non-scientific research indicates that we're not that bad compared to other community distributions like Debian (at least when you compare the latest GLSAs with the high severity rating). If you want to help out the Security Team and have some relevant skills please consult the link in my signature or send me a private email. -- Sune Kloppenborg Jeppesen (Jaervosz) Operational Manager Gentoo Linux Security Team http://security.gentoo.org pgpPl7ExaAuMy.pgp Description: PGP signature
[gentoo-dev] media-libs/libwmf needs a new maintainer
media-libs/libwmf is without an active ebuild maintainer and has an open security bug [1]. Anyone willing to take care of this package in the future, please update metadata.xml and CC yourself on the bug. [1] https://bugs.gentoo.org/show_bug.cgi?id=139325 -- Sune Kloppenborg Jeppesen (Jaervosz) Gentoo Linux Security Team -- gentoo-dev@gentoo.org mailing list
Re: [gentoo-dev] Project Sunrise resumed again (was Resignation)
On Thursday 03 August 2006 04:56, Brian Harring wrote: snipped alot Besides... frankly it's kind of BS to push the vuln angle onto sunrise when gentoo can't even clean out years old vulnerable packages from gentoo-x86 (that doesn't absolve sunrise from having to watch it, nor a potshot at the understaffed security team, merely that double standards suck). Just to clarify: AFAIR it has never been policy to remove vulnerable ebuilds. The Security Team leaves that up to the maintainers. For some issues it does make sense to keep vulnerable ebuilds in the tree (ie. latest Apache (GLSA 200608-01, when not using mod_rewrite). -- Sune Kloppenborg Jeppesen (Jaervosz) Operational Manager Gentoo Linux Security Team http://security.gentoo.org -- gentoo-dev@gentoo.org mailing list
Re: [gentoo-dev] Nominations open for the Gentoo Council 2007
On Saturday 29 July 2006 15:07, Thierry Carrez wrote: Those were nominated but did not (yet) confirm their participation : jaervosz I'll accept the nomination again this year. -- Sune Kloppenborg Jeppesen Gentoo Linux Security Team pgpMVPo0HIJAx.pgp Description: PGP signature
Re: [gentoo-dev] Resignation (was: Project Sunrise resumed)
On Friday 28 July 2006 01:55, Henrik Brix Andersen wrote: So long and thank you for all the fish, Brix I really hate to return home from a long weekend to read these kind of emails. I'm very sad to see you go, you really improved alot on the wireless experience! Good luck with your future projects and I hope we'll share a beer some day:-) -- Sune Kloppenborg Jeppesen Gentoo Linux Security Team pgpLDVwoMZRF0.pgp Description: PGP signature
Re: [gentoo-dev] I'm frilled to present to you, a new Gentoo developer
On Tuesday 25 July 2006 22:10, Sven Vermeulen wrote: snip Welcome onboard Wolf! To all others: Do remember to wear protective glasses when you're near frilled. He's got some autocompulsary habit of poking people in the eyes :-) -- Sune Kloppenborg Jeppesen (Jaervosz) Operational Manager Gentoo Linux Security Team http://security.gentoo.org -- gentoo-dev@gentoo.org mailing list
Re: [gentoo-dev] xpdf status
On Wednesday 12 July 2006 16:43, [EMAIL PROTECTED] wrote: Guys, The xpdf version we have currently in the tree is a modified one that links to poppler, provided in IRC to genstef by an ubuntu developer (no, ubuntu does not use it); now, I can understand that having a single point of failure is desiderable, but I completely disagree when doing this implies using a thirdy-party version not maintained/hosted anywhere (the reasons being obvious, I hope). Besides, it's improbable that upstream will add support for poppler in xpdf. I really would like to see back the upstream version, what do you think? The reason for this was security I believe. xpdf code is embedded in lots of other packages (see http://glsa.gentoo.org for some examples). By linking to poppler this is fixed in one place. Though if someone is willing to maintain a vanilla xpdf ebuild I'd have no complaints. Genstef? -- Sune Kloppenborg Jeppesen Gentoo Linux Security Team pgpWmc3mu6JfD.pgp Description: PGP signature
[gentoo-dev] Maintainer wanted for dev-lang/pike
dev-lang/pike is without an active maintainer and has an open security bug 136065 https://bugs.gentoo.org/show_bug.cgi?id=136065 Anyone willing to take care of this package in the future, please update metadata/herd info and CC yourself on the bug. -- Sune Kloppenborg Jeppesen Gentoo Linux Security Team pgpgR6RHL8cCk.pgp Description: PGP signature
[gentoo-dev] Maintainer wanted for app-text/wv2
app-text/wv2 is without an active maintainer and has an open security bug #136759 https://bugs.gentoo.org/show_bug.cgi?id=136759 Anyone willing to take care of this package in the future, please update metadata/herd info and CC yourself on the bug. -- Sune Kloppenborg Jeppesen (Jaervosz) Gentoo Linux Security Team -- gentoo-dev@gentoo.org mailing list
[gentoo-dev] Maintainer wanted for sys-auth/pam_mysql
sys-auth/pam_mysql is without an active maintainer and has an open security bug #120842 https://bugs.gentoo.org/show_bug.cgi?id=120842 Anyone willing to take care of this package in the future, please update metadata/herd info and CC yourself on the bug. -- Sune Kloppenborg Jeppesen Gentoo Linux Security Team pgpF26xNqZoTi.pgp Description: PGP signature
Re: [gentoo-dev] New Developer: squinky86
On Tuesday 18 April 2006 20:49, John Mylchreest wrote: I am good with c++, java, assembly, php, and sql. Feel free to ask me about Asterisk, too. It's good to be returning to Gentoo! Welcome back Jon, you're now added to my list of devs to annoy when I have Asterisk questions :-) -- Sune Kloppenborg Jeppesen Gentoo Linux Security Team pgpi2VikhrYk2.pgp Description: PGP signature
[gentoo-dev] www-servers/pound needs new maintainer
www-servers/pound is without an active maintainer and has an open security bug #118541 https://bugs.gentoo.org/show_bug.cgi?id=118541 Anyone willing to take care of this package in the future, please update metadata/herd info and CC yourself on the bug. -- Sune Kloppenborg Jeppesen Gentoo Linux Security Team pgp3Nz1LA9kWV.pgp Description: PGP signature
[gentoo-dev] net-mail/mailman needs a new maintainer
net-mail/mailman is without an ebuild maintainer and has an open security bug #129136 https://bugs.gentoo.org/show_bug.cgi?id=129136 Anyone willing to take care of this package in the future, please update metadata.xml and CC yourself on the bug. -- Sune Kloppenborg Jeppesen Gentoo Linux Security Team pgpxOiuFbho4j.pgp Description: PGP signature
Re: [gentoo-dev] New developers: Martin Ehmsen (ehmsen) and Michal Kurgan (moloh)
Ahh great! Another candidate for the Danish conspiracy:-) Welcome onboard Martin! Also welcome to you Micheal. - Sune Kloppenborg Jeppesen Gentoo Linux Security Team pgpwEfgiZDkAr.pgp Description: PGP signature
Re: [gentoo-dev] Email subdomain
On Saturday 19 November 2005 00:18, Scott Stoddard wrote: Ciaran McCreesh wrote: On Fri, 18 Nov 2005 17:44:53 -0500 Curtis Napier [EMAIL PROTECTED] wrote: Being relatively new to the team, I speak with a bit of naivet'e about the whole thing, but doesn't that seem to make the most sense? @dev.gentoo.org for devs @herd.gentoo.org for herd ATs @staff.gentoo.org for forum admins, PR people, etc I don't see any reason that a GLEP targeted at arch testers should get us to change all email addresses. Keep it simple, every dev contributes to the project and should get a @g.o email addy (or be retired). -- Sune Kloppenborg Jeppesen Gentoo Linux Security Team pgpldk9WOGgfI.pgp Description: PGP signature
Re: [gentoo-dev] Email subdomain
On Saturday 19 November 2005 17:16, Lares Moreau wrote: Is there a possibility to have each 'type' of staff have there own subdomain. ie. @testers.g.o for at/ht @docs.g.o for document persons @infra.g.o for infrastucture etc... @staff.g.o for non-specific staff @g.o for devs As I just mentioned earlier in this thread I see no reason to change every email addy when the GLEP seems to only specify changes for arch tester. This seems like a topic for a new GLEP that will probably raise a bit of discussion:-) -- Sune Kloppenborg Jeppesen Gentoo Linux Security Team pgpF0Bo1bmJzv.pgp Description: PGP signature
Re: [gentoo-dev] Departure of Broeman and Aaby
On Thursday 10 November 2005 11:26, Henrik Brix Andersen wrote: On Wed, Nov 09, 2005 at 05:57:23PM +0100, Sven Vermeulen wrote: With a sad heart I must announce that Jesper broeman Brodersen and Arne aaby Mejholm are leaving the Gentoo Documentation Team as the Danish translation lead/follow-up. They have made the Danish translations quite active (the /doc/da/ counts 109 translated documents) and I thank them for that. Darn - our Danish conspiracy is slowly fading away! Sorry to hear that you guys are leaving the project, you've done a great job. Yeah we have to restart the sekrit recruitment process again:-) Good luck to broeman and aaby -- Sune Kloppenborg Jeppesen (Jaervosz) -- gentoo-dev@gentoo.org mailing list
Re: [gentoo-dev] Re: where goes Gentoo?
On Friday 05 August 2005 03:40, Brian D. Harring wrote: On Thu, Aug 04, 2005 at 05:31:43PM -0400, Chris Gianelloni wrote: It's not an overnight thing, glep19 (stable portage tree) addresses a chunk of concerns when/if it's implemented, but I'm a bit more interested in the the other tools people desire alongside. Offhand, responding to my own snippet, I'd love to know what's going on with glep19... Not much lately I'm afraid:-/ If anyone is willing to help out I guess a mail to [EMAIL PROTECTED] might get it all (re)started. -- Sune Kloppenborg Jeppesen Gentoo Linux Security Team -- gentoo-dev@gentoo.org mailing list
Re: [gentoo-dev] New Dev Bjarke istrup Pedersen (Gurligebis)
On Wednesday 20 July 2005 20:21, Jochen Maes wrote: Hey all, bjarke, our new dev from the vast lands off Denmark, has been added to the team! Another member for the Danish conspiracy:-) Welcome on board Bjarke! -- Sune Kloppenborg Jeppesen Gentoo Linux Security Team pgpUiIRELDSNt.pgp Description: PGP signature
Re: [gentoo-dev] Portage ebuild cruft
On Saturday 30 April 2005 13:12, Marius Mauch wrote: On Sat, 30 Apr 2005 12:31:17 +0200 Sune Kloppenborg Jeppesen [EMAIL PROTECTED] wrote: On Friday 29 April 2005 16:38, Jason Stubbs wrote: Heh, I get that after every invocation of emerge. :) Yep. That's the scanning of all installed packages for any provided virtuals. Why not let Portage print that before scanning? Print what? The scanning is done on the general config parsing, and you can't really do anything before that. Scanning configuration/installed packages or something. It just seems a bit more userfriendly to print something if it takes a long while to do anything. Just my to 0.02 -- Sune Kloppenborg Jeppesen Gentoo Linux Security Team pgpRif01LbrWh.pgp Description: PGP signature