Re: [Sks-devel] [Announcement] SKS 1.1.6 Released
> >> >> what if they weren't set, sks was upgraded, and the database wasn't >> rebuilt? what sort of failures should server operators expect? > > Errors loading BDB environment / starting SKS. > A couple of nitpicks, peripheral to BDB, specific to SKS, related to pagesize: The sampleConfig/sksconf.typical file includes these lines: # KDB/key 65536 pagesize: 128 # # KDB/keyid 32768 keyid_pagesize: 64 1) The naming of “pagesize” (likely BDB hysterical naming) does not follow the other table(s) naming: one would expect “key_pagesize”. 2) There is no “keyid_pagesize”. In fact, if you set that variable, then sks fails to run with an obscure error. (there’s likely a different config variable name in the sources, haven’t looked). The second failure is seen iff sksconf is in the current directory when running sks_build.sh. Which brings up another another nitpick: if trying to set per-table pagesize using sksconf, then a warning message might be useful if the current directory does *NOT* contain a valid sksconf. (aside: note-to-self) There is likely a way to change pagesize without having to reload from a dump. I’ll see if I can dig out the details. todo++. hth ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel
Re: [Sks-devel] [Announcement] SKS 1.1.6 Released
Thanks for the clarifications, Kristian! followup below about bitbucket: On Mon 2016-08-08 10:16:38 -0400, Kristian Fiskerstrand wrote: >> https://bitbucket.org/skskeyserver/sks-keyserver/downloads >> >> has some very strange text in it: >> >> >> sks-1.1.6.tgz >> >> >> Is there a reason for the newline and leading whitespace? That causes >> debian/watch to fail to discover the new tarball. >> > > You'll have to ask bitbucket.. we don't control the HTML template of the > downloads page. i've opened https://bitbucket.org/site/master/issues/13130/downloads-page-has-spurious-whitespace feel free to nudge them on it -- as a lead on the project they might be more receptive to your prodding than to mine. --dkg signature.asc Description: PGP signature ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel
Re: [Sks-devel] [Announcement] SKS 1.1.6 Released
On 08/08/2016 08:11 AM, Daniel Kahn Gillmor wrote: > On Sun 2016-08-07 10:40:08 -0400, Kristian Fiskerstrand wrote: > .. >> Note when upgrading from earlier versions of SKS >> >> The default values for pagesize settings changed in SKS 1.1.4. To >> continue using an existing DB from earlier versions without rebuilding, >> explicit settings have to be added to the sksconf file. >> pagesize: 4 >> ptree_pagesize: 1 > > it's not clear to me what this means: are these settings that should be > added to sksconf if they weren't already there and you're using an > existing database without rebuilding? yes; if the database was built before 1.1.4 originally (which was released in July 2012), values between 1.1.4, 1.1.5 and 1.1.6 are consistent, so if you've upgraded to 1.1.5 this must already be properly set. > > what if those variables are already set in the sksconf file but they > have different values? Then you retain the different values > > what if they weren't set, sks was upgraded, and the database wasn't > rebuilt? what sort of failures should server operators expect? Errors loading BDB environment / starting SKS. > >> Getting the Software >> >> SKS can be downloaded from >> https://bitbucket.org/skskeyserver/sks-keyserver > > https://bitbucket.org/skskeyserver/sks-keyserver/downloads > > has some very strange text in it: > > > sks-1.1.6.tgz > > > Is there a reason for the newline and leading whitespace? That causes > debian/watch to fail to discover the new tarball. > You'll have to ask bitbucket.. we don't control the HTML template of the downloads page. > >> A check should also be made that the key is signed by >> trustworthy other keys; >> >> gpg --list-sigs 0x41259773973A612A > > This doesn't actually validate the retrieved signatures, fwiw. you > probably want --check-sigs instead of --list-sigs. Fair point, will update announcement template. > > Regards, > > --dkg > -- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP certificate at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 Nomina stultorum scribuntur ubique locorum Fools have the habit of writing their names everywhere signature.asc Description: OpenPGP digital signature ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel
Re: [Sks-devel] [Announcement] SKS 1.1.6 Released
On Sun 2016-08-07 10:40:08 -0400, Kristian Fiskerstrand wrote: > We are pleased to announce the availability of a new stable SKS > release: Version 1.1.6. great, thanks! > Note when upgrading from earlier versions of SKS > > The default values for pagesize settings changed in SKS 1.1.4. To > continue using an existing DB from earlier versions without rebuilding, > explicit settings have to be added to the sksconf file. > pagesize: 4 > ptree_pagesize: 1 it's not clear to me what this means: are these settings that should be added to sksconf if they weren't already there and you're using an existing database without rebuilding? what if those variables are already set in the sksconf file but they have different values? what if they weren't set, sks was upgraded, and the database wasn't rebuilt? what sort of failures should server operators expect? > Getting the Software > > SKS can be downloaded from > https://bitbucket.org/skskeyserver/sks-keyserver https://bitbucket.org/skskeyserver/sks-keyserver/downloads has some very strange text in it: sks-1.1.6.tgz Is there a reason for the newline and leading whitespace? That causes debian/watch to fail to discover the new tarball. > A check should also be made that the key is signed by > trustworthy other keys; > > gpg --list-sigs 0x41259773973A612A This doesn't actually validate the retrieved signatures, fwiw. you probably want --check-sigs instead of --list-sigs. Regards, --dkg signature.asc Description: PGP signature ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel
Re: [Sks-devel] [Announcement] SKS 1.1.6 Released
Maybe someone can create a deb package? I'd rather be updated ASAP. On Sun, 2016-08-07 at 17:02 +0200, Gabor Kiss wrote: > > > Out of curiosity, is there any Debian-type repository one can use to > > > install updates automatically? > > > > > https://packages.debian.org/jessie/sks ??? > > Jessie is the _stable_ version. Its sks package won't be upgraded > unless a major security hole will be found in 1.1.5. > > We hope sid gets 1.1.6 soon. > > Gabor > > ___ > Sks-devel mailing list > Sks-devel@nongnu.org > https://lists.nongnu.org/mailman/listinfo/sks-devel ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel
Re: [Sks-devel] [Announcement] SKS 1.1.6 Released
Gabor Kisswrites: >> > Out of curiosity, is there any Debian-type repository one can use to >> > install updates automatically? >> > >> https://packages.debian.org/jessie/sks ??? > > Jessie is the _stable_ version. Its sks package won't be upgraded > unless a major security hole will be found in 1.1.5. > > We hope sid gets 1.1.6 soon. And I'd expect it on backports shortly after .. just like the 1.1.5 for wheezy Christoph -- 9FED 5C6C E206 B70A 5857 70CA 9655 22B9 D49A E731 Debian Developer | Lisp Hacker | CaCert Assurer ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel
Re: [Sks-devel] [Announcement] SKS 1.1.6 Released
On 08/07/2016 05:02 PM, Gabor Kiss wrote: >>> Out of curiosity, is there any Debian-type repository one can use to >>> install updates automatically? >>> >> https://packages.debian.org/jessie/sks ??? > > Jessie is the _stable_ version. Its sks package won't be upgraded > unless a major security hole will be found in 1.1.5. > > We hope sid gets 1.1.6 soon. > I can't speak for Debian, but Gentoo got 1.1.6 in testing (~arch): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8a311ff7295d65c92ea69d21d33696c6e4c8dbb9 -- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP certificate at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 "If you cannot convince them, confuse them" (Harry S Truman) signature.asc Description: OpenPGP digital signature ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel
Re: [Sks-devel] [Announcement] SKS 1.1.6 Released
> > Out of curiosity, is there any Debian-type repository one can use to > > install updates automatically? > > > https://packages.debian.org/jessie/sks ??? Jessie is the _stable_ version. Its sks package won't be upgraded unless a major security hole will be found in 1.1.5. We hope sid gets 1.1.6 soon. Gabor ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel
Re: [Sks-devel] [Announcement] SKS 1.1.6 Released
On 7 Aug 2016, at 15:43, Pete Stephensonwrote: > Out of curiosity, is there any Debian-type repository one can use to install > updates automatically? > https://packages.debian.org/jessie/sks ??? A___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel
Re: [Sks-devel] [Announcement] SKS 1.1.6 Released
On Aug 7, 2016 16:40, "Kristian Fiskerstrand" < kristian.fiskerstr...@sumptuouscapital.com> wrote: > > Hello lists, > > We are pleased to announce the availability of a new stable SKS > release: Version 1.1.6. Very cool. I'll upgrade shortly. Out of curiosity, is there any Debian-type repository one can use to install updates automatically? Cheers! -Pete ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel