Re: [Sks-devel] [Announcement] SKS 1.1.6 Released

2016-08-08 Thread Jeffrey Johnson 
> 
>> 
>> what if they weren't set, sks was upgraded, and the database wasn't
>> rebuilt?  what sort of failures should server operators expect?
> 
> Errors loading BDB environment / starting SKS.
> 

A couple of nitpicks, peripheral to BDB, specific to SKS, related to pagesize:

The sampleConfig/sksconf.typical file includes these lines:

# KDB/key   65536
pagesize:   128
#
# KDB/keyid 32768
keyid_pagesize: 64

1) The naming of “pagesize” (likely BDB hysterical naming) does not
follow the other table(s) naming: one would expect “key_pagesize”.

2) There is no “keyid_pagesize”. In fact, if you set that variable,
then sks fails to run with an obscure error. (there’s likely a different
config variable name in the sources, haven’t looked).

The second failure is seen iff sksconf is in the current directory when running 
sks_build.sh.

Which brings up another another nitpick: if trying to set per-table pagesize 
using
sksconf, then a warning message might be useful if the current directory does 
*NOT*
contain a valid sksconf.

(aside: note-to-self)
There is likely a way to change pagesize without having to reload from a dump. 
I’ll
see if I can dig out the details. todo++.

hth

___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] [Announcement] SKS 1.1.6 Released

2016-08-08 Thread Daniel Kahn Gillmor 
Thanks for the clarifications, Kristian!

followup below about bitbucket:

On Mon 2016-08-08 10:16:38 -0400, Kristian Fiskerstrand wrote:
>> https://bitbucket.org/skskeyserver/sks-keyserver/downloads
>> 
>> has some very strange text in it:
>> 
>>   
>> sks-1.1.6.tgz
>> 
>> 
>> Is there a reason for the newline and leading whitespace?  That causes
>> debian/watch to fail to discover the new tarball.
>> 
>
> You'll have to ask bitbucket.. we don't control the HTML template of the
> downloads page.

i've opened

  
https://bitbucket.org/site/master/issues/13130/downloads-page-has-spurious-whitespace

feel free to nudge them on it -- as a lead on the project they might be
more receptive to your prodding than to mine.

  --dkg


signature.asc
Description: PGP signature
___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] [Announcement] SKS 1.1.6 Released

2016-08-08 Thread Kristian Fiskerstrand 
On 08/08/2016 08:11 AM, Daniel Kahn Gillmor wrote:
> On Sun 2016-08-07 10:40:08 -0400, Kristian Fiskerstrand wrote:
> 

..

>> Note when upgrading from earlier versions of SKS
>> 
>> The default values for pagesize settings changed in SKS 1.1.4. To
>> continue using an existing DB from earlier versions without rebuilding,
>> explicit settings have to be added to the sksconf file.
>> pagesize:   4
>> ptree_pagesize: 1
> 
> it's not clear to me what this means: are these settings that should be
> added to sksconf if they weren't already there and you're using an
> existing database without rebuilding?

yes; if the database was built before 1.1.4 originally (which was
released in July 2012), values between 1.1.4, 1.1.5 and 1.1.6 are
consistent, so if you've upgraded to 1.1.5 this must already be properly
set.

> 
> what if those variables are already set in the sksconf file but they
> have different values?

Then you retain the different values

> 
> what if they weren't set, sks was upgraded, and the database wasn't
> rebuilt?  what sort of failures should server operators expect?

Errors loading BDB environment / starting SKS.

> 
>> Getting the Software
>> 
>> SKS can be downloaded from
>> https://bitbucket.org/skskeyserver/sks-keyserver
> 
> https://bitbucket.org/skskeyserver/sks-keyserver/downloads
> 
> has some very strange text in it:
> 
>   
> sks-1.1.6.tgz
> 
> 
> Is there a reason for the newline and leading whitespace?  That causes
> debian/watch to fail to discover the new tarball.
> 

You'll have to ask bitbucket.. we don't control the HTML template of the
downloads page.

> 
>> A check should also be made that the key is signed by
>> trustworthy other keys;
>>
>> gpg --list-sigs 0x41259773973A612A
> 
> This doesn't actually validate the retrieved signatures, fwiw.  you
> probably want --check-sigs instead of --list-sigs.

Fair point, will update announcement template.
> 
> Regards,
> 
> --dkg
> 


-- 

Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk

Public OpenPGP certificate at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3

Nomina stultorum scribuntur ubique locorum
Fools have the habit of writing their names everywhere



signature.asc
Description: OpenPGP digital signature
___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] [Announcement] SKS 1.1.6 Released

2016-08-08 Thread Daniel Kahn Gillmor 
On Sun 2016-08-07 10:40:08 -0400, Kristian Fiskerstrand wrote:

> We are pleased to announce the availability of a new stable SKS
> release:  Version 1.1.6.

great, thanks!

> Note when upgrading from earlier versions of SKS
> 
> The default values for pagesize settings changed in SKS 1.1.4. To
> continue using an existing DB from earlier versions without rebuilding,
> explicit settings have to be added to the sksconf file.
> pagesize:   4
> ptree_pagesize: 1

it's not clear to me what this means: are these settings that should be
added to sksconf if they weren't already there and you're using an
existing database without rebuilding?

what if those variables are already set in the sksconf file but they
have different values?

what if they weren't set, sks was upgraded, and the database wasn't
rebuilt?  what sort of failures should server operators expect?

> Getting the Software
> 
> SKS can be downloaded from
> https://bitbucket.org/skskeyserver/sks-keyserver

https://bitbucket.org/skskeyserver/sks-keyserver/downloads

has some very strange text in it:

  
sks-1.1.6.tgz


Is there a reason for the newline and leading whitespace?  That causes
debian/watch to fail to discover the new tarball.


> A check should also be made that the key is signed by
> trustworthy other keys;
>
> gpg --list-sigs 0x41259773973A612A

This doesn't actually validate the retrieved signatures, fwiw.  you
probably want --check-sigs instead of --list-sigs.

Regards,

--dkg


signature.asc
Description: PGP signature
___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] [Announcement] SKS 1.1.6 Released

2016-08-07 Thread Hillebrand van de Groep 
Maybe someone can create a deb package? I'd rather be updated ASAP.

On Sun, 2016-08-07 at 17:02 +0200, Gabor Kiss wrote:
> > > Out of curiosity, is there any Debian-type repository one can use to 
> > > install updates automatically?
> > > 
> > https://packages.debian.org/jessie/sks ???
> 
> Jessie is the _stable_ version. Its sks package won't be upgraded
> unless a major security hole will be found in 1.1.5.
> 
> We hope sid gets 1.1.6 soon.
> 
> Gabor
> 
> ___
> Sks-devel mailing list
> Sks-devel@nongnu.org
> https://lists.nongnu.org/mailman/listinfo/sks-devel



___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] [Announcement] SKS 1.1.6 Released

2016-08-07 Thread Christoph Egger 
Gabor Kiss  writes:
>> > Out of curiosity, is there any Debian-type repository one can use to 
>> > install updates automatically?
>> > 
>> https://packages.debian.org/jessie/sks ???
>
> Jessie is the _stable_ version. Its sks package won't be upgraded
> unless a major security hole will be found in 1.1.5.
>
> We hope sid gets 1.1.6 soon.

And I'd expect it on backports shortly after .. just like the 1.1.5 for
wheezy

  Christoph

-- 
9FED 5C6C E206 B70A 5857  70CA 9655 22B9 D49A E731
Debian Developer | Lisp Hacker | CaCert Assurer

___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] [Announcement] SKS 1.1.6 Released

2016-08-07 Thread Kristian Fiskerstrand 
On 08/07/2016 05:02 PM, Gabor Kiss wrote:
>>> Out of curiosity, is there any Debian-type repository one can use to 
>>> install updates automatically?
>>>
>> https://packages.debian.org/jessie/sks ???
> 
> Jessie is the _stable_ version. Its sks package won't be upgraded
> unless a major security hole will be found in 1.1.5.
> 
> We hope sid gets 1.1.6 soon.
> 

I can't speak for Debian, but Gentoo got 1.1.6 in testing (~arch):
https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8a311ff7295d65c92ea69d21d33696c6e4c8dbb9


-- 

Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk

Public OpenPGP certificate at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3

"If you cannot convince them, confuse them"
(Harry S Truman)



signature.asc
Description: OpenPGP digital signature
___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] [Announcement] SKS 1.1.6 Released

2016-08-07 Thread Gabor Kiss 
> > Out of curiosity, is there any Debian-type repository one can use to 
> > install updates automatically?
> > 
> https://packages.debian.org/jessie/sks ???

Jessie is the _stable_ version. Its sks package won't be upgraded
unless a major security hole will be found in 1.1.5.

We hope sid gets 1.1.6 soon.

Gabor

___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] [Announcement] SKS 1.1.6 Released

2016-08-07 Thread Andrew Gallagher 
On 7 Aug 2016, at 15:43, Pete Stephenson  wrote:
> Out of curiosity, is there any Debian-type repository one can use to install 
> updates automatically?
> 
https://packages.debian.org/jessie/sks ???

A___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] [Announcement] SKS 1.1.6 Released

2016-08-07 Thread Pete Stephenson 
On Aug 7, 2016 16:40, "Kristian Fiskerstrand" <
kristian.fiskerstr...@sumptuouscapital.com> wrote:
>
> Hello lists,
>
> We are pleased to announce the availability of a new stable SKS
> release:  Version 1.1.6.

Very cool. I'll upgrade shortly.

Out of curiosity, is there any Debian-type repository one can use to
install updates automatically?

Cheers!
-Pete
___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel