[X2Go-Dev] Looking for your ECCN
Hey guys! We are trying to get x2go added to our approved software list within Verizon, and in order to do so, I need to provide them with an ECCN. Do you have, or can you provide me with the ECCN tied to your software? ___ x2go-dev mailing list x2go-dev@lists.x2go.org http://lists.x2go.org/listinfo/x2go-dev
[X2Go-Dev] Bug#602: X2GoSession clobbers .ssh/known_hosts when add_to_known_hosts is set
Package: python-x2go Version: 0.4.0.9 Whenever a host key is registered using pyhoca-cli or pyhoca-gui, the $HOME/.ssh/known_hosts file gets clobbered: all keys whose type is not either ssh-dss or ssh-rsa (namely, ECDSA and Ed25519 host keys) are removed. Steps to reproduce: 1. register some ECDSA/Ed25519 host keys 2. backup .ssh/known_hosts 3. define a new profile in pyhoca-gui selecting Store SSH host keys under (unique) X2Go session profile ID 4. connect to the host and accept the host key 5. run a diff between the old known_hosts file and the current .ssh/known_hosts file Expected behaviour: there should _only_ be an addition for the new ssh host key registered by python-x2go and no other modification Actual result: there is an addition for the new host key registered by python-x2go and removals for all ecdsa and ed25519 host keys I suspect this is a problem with paramiko not understanding ECDSA and Ed25519 keys in known_hosts and summarily discarding them, nevertheless I'm raising the bug here because the x2go PPA for Ubuntu ships a custom version of paramiko for precise (also because it should probably be noted in the release notes and/or worked around in python-x2go if possible). Client OS Version: Ubuntu 12.04.5 (amd64) Package source: ppa:x2go/stable PyHoca-GUI Version: 0.4.0.9 (0.4.0.9-0~1107~ubuntu12.04.1) python-x2go Version: 0.4.0.9 (0.4.0.9-0~1122~ubuntu12.04.1) python-paramiko Version: 1.11.0-0~664~precise1 (from ppa:x2go/stable) The server bits are mostly irrelevant since this is purely a client-side bug, but it happened with the following server-side configuration: Server OS Version: Ubuntu 14.04.1 (amd64) Package source: ppa:x2go/stable Server x2goserver Version: 4.0.1.15 (4.0.1.15-0~847~ubuntu14.04.1) Server x2goserver-xsession Version: 4.0.1.15 (4.0.1.15-0~847~ubuntu14.04.1) Server nx-libs Version: 3.5.0.27 (2:3.5.0.27-0~446~ubuntu14.04.1) -- Matteo Panella ___ x2go-dev mailing list x2go-dev@lists.x2go.org http://lists.x2go.org/listinfo/x2go-dev
Re: [X2Go-Dev] Looking for your ECCN
(Patrick, please subscribe to X2Go-Dev, so you get to see all the replies and not only the ones CC'ed to your inbox. Instructions on how to subscribe are in the e-mail I sent you off-list.) Am 09.09.2014 um 17:36 schrieb Mullaley, Patrick S: Hey guys! We are trying to get x2go added to our approved software list within Verizon, and in order to do so, I need to provide them with an ECCN. Do you have, or can you provide me with the ECCN tied to your software? Note that this is not legal advice, only the result of my findings after looking up the terms on Wikipedia and Google: http://en.wikipedia.org/wiki/Export_Administration_Regulations explains what an ECCN is. http://en.wikipedia.org/wiki/Wassenaar_Arrangement explains what this is all about: export limitations on dual-use technology. X2Go is a software that was originally coded in Germany (with parts relying on other freely available code, including, but not limited to, the GPL'ed parts of what the Italian-based company NoMachine offered for their NX product, or the free X server for Windows, VcXsrv) and whose web and download servers are hosted in Germany. So, for those software parts actually created by the X2Go developers, my understanding is that German law applies. Things might be a little more complicated with code contributions that we receive from foreign (=non-German) nationals. If this is relevant to the issue at hand, we'd have to investigate further. Now, the Wassenaar Arrangement has been turned into EU law (which, in turn, is binding for Germany): COUNCIL REGULATION (EC) No 428/2009 of 5 May 2009 setting up a Community regime for the control of exports, transfer, brokering and transit of dual-use items, available here: http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2009:134:0001:0269:en:PDF (English) http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2009:134:0001:0269:de:PDF (same in German) The General Software Note (GSN), on Page 14, states, in a nutshell, that Software that is generally available or in the public domain is exempt from this regulation. According to the definitions in this regulation, a software is generally available if it is: 1. Sold from stock at retail selling points, without restriction, by means of: a. Over-the-counter transactions; b. Mail order transactions; c. Electronic transactions; or d. Telephone order transactions; and 2. Designed for installation by the user without further substantial support by the supplier While GPL software isn't public domain, it *can* legally be sold, as the last paragraph of TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION, section 1 of the GPL 2, states You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee. And of course, this is possible in the ways described in 1. Regarding 2., double-clicking a setup.exe and hitting Continue/Next buttons until finished or running the package installation tol of your Linux distribution of choice clearly qualifies as Designed for installation by the user without further substantial support by the supplier. So, we do not have an ECCN, and we do not need one - that is my take on the situation. -Stefan ___ x2go-dev mailing list x2go-dev@lists.x2go.org http://lists.x2go.org/listinfo/x2go-dev
Re: [X2Go-Dev] Looking for your ECCN
Thanks Mike. I appreciate the time and effort. I am sure you saw the email from Stefan on the subject as well. -Original Message- From: Michael DePaulo [mailto:mikedep...@gmail.com] Sent: Wednesday, September 10, 2014 7:31 AM To: Mullaley, Patrick S Cc: x2go-dev@lists.x2go.org Subject: Re: [X2Go-Dev] Looking for your ECCN On Tue, Sep 9, 2014 at 11:36 AM, Mullaley, Patrick S patrick.mulla...@verizon.com wrote: Hey guys! We are trying to get x2go added to our approved software list within Verizon, and in order to do so, I need to provide them with an ECCN. Do you have, or can you provide me with the ECCN tied to your software? Hi Patrick, (I am actually a Verizon FiOS customer at my home. I prefer to to use GMail account for email though.) I think it is safe to assume the answer is no. I'm reading the wikipedia article on ECCN. It sounds like it might be difficult for X2Go to obtain an ECCN because we use SSH and SSL for encryption. https://en.wikipedia.org/wiki/Export_Administration_Regulations Often we do use the Linux distro's provided SSH and SSL packages. But often (primarily on Windows and Mac) we do ship SSH and SSL libraries. Of course, lots of open-source software uses and/or includes SSL libraries. This page seems to have useful advice. http://hecker.org/mozilla/eccn I am open to suggestions. Also, note that X2Go infrastructure such as http://code.x2go.org/releases/ (where the Windows client's binaries are downloaded from) is hosted in Germany. -Mike#2 ___ x2go-dev mailing list x2go-dev@lists.x2go.org http://lists.x2go.org/listinfo/x2go-dev
Re: [X2Go-Dev] Looking for your ECCN
Right. As someone who contributes to X2Go in my free time, I am not opposed to spending a small to moderate amount of my time and effort on obtaining an ECCN. Note that on http://hecker.org/mozilla/eccn , it makes it sound like that you could possibly request an ECCN for X2Go. If so, I'd be happpy to provide you with the technical details you need to know (e.g., which exact encryption libraries/executables we use and for what purpose.) -Mike On Wed, Sep 10, 2014 at 7:55 AM, Mullaley, Patrick S patrick.mulla...@verizon.com wrote: Thanks Mike. I appreciate the time and effort. I am sure you saw the email from Stefan on the subject as well. -Original Message- From: Michael DePaulo [mailto:mikedep...@gmail.com] Sent: Wednesday, September 10, 2014 7:31 AM To: Mullaley, Patrick S Cc: x2go-dev@lists.x2go.org Subject: Re: [X2Go-Dev] Looking for your ECCN On Tue, Sep 9, 2014 at 11:36 AM, Mullaley, Patrick S patrick.mulla...@verizon.com wrote: Hey guys! We are trying to get x2go added to our approved software list within Verizon, and in order to do so, I need to provide them with an ECCN. Do you have, or can you provide me with the ECCN tied to your software? Hi Patrick, (I am actually a Verizon FiOS customer at my home. I prefer to to use GMail account for email though.) I think it is safe to assume the answer is no. I'm reading the wikipedia article on ECCN. It sounds like it might be difficult for X2Go to obtain an ECCN because we use SSH and SSL for encryption. https://en.wikipedia.org/wiki/Export_Administration_Regulations Often we do use the Linux distro's provided SSH and SSL packages. But often (primarily on Windows and Mac) we do ship SSH and SSL libraries. Of course, lots of open-source software uses and/or includes SSL libraries. This page seems to have useful advice. http://hecker.org/mozilla/eccn I am open to suggestions. Also, note that X2Go infrastructure such as http://code.x2go.org/releases/ (where the Windows client's binaries are downloaded from) is hosted in Germany. -Mike#2 ___ x2go-dev mailing list x2go-dev@lists.x2go.org http://lists.x2go.org/listinfo/x2go-dev
[X2Go-Dev] Processed: X2Go issue (in src:x2goclient) has been marked as pending for release
Processing commands for cont...@bugs.x2go.org: tag #597 pending Bug #597 [x2goclient] Text in NSIS Windows installers is still not being rendered properly when version strings are long Added tag(s) pending. fixed #597 4.0.3.0 Bug #597 [x2goclient] Text in NSIS Windows installers is still not being rendered properly when version strings are long There is no source info for the package 'x2goclient' at version '4.0.3.0' with architecture '' Unable to make a source version for version '4.0.3.0' Marked as fixed in versions 4.0.3.0. thanks Stopping processing here. Please contact me if you need assistance. -- 597: http://bugs.x2go.org/cgi-bin/bugreport.cgi?bug=597 X2Go Bug Tracking System Contact ow...@bugs.x2go.org with problems ___ x2go-dev mailing list x2go-dev@lists.x2go.org http://lists.x2go.org/listinfo/x2go-dev
[X2Go-Dev] Bug#597: X2Go issue (in src:x2goclient) has been marked as pending for release
tag #597 pending fixed #597 4.0.3.0 thanks Hello, X2Go issue #597 (src:x2goclient) reported by you has been fixed in X2Go Git. You can see the changelog below, and you can check the diff of the fix at: http://code.x2go.org/gitweb?p=x2goclient.git;a=commitdiff;h=d6041fb The issue will most likely be fixed in src:x2goclient (4.0.3.0). light+love X2Go Git Admin (on behalf of the sender of this mail) --- commit d6041fb26954b18959e9bc78acf1f68cfc0037c2 Author: Mike DePaulo mikedep...@gmail.com Date: Wed Sep 10 09:52:17 2014 -0400 Windows: Fix text not being rendered properly at end of NSIS installer (Fixes: #597) diff --git a/debian/changelog b/debian/changelog index cf0b377..c2f5292 100644 --- a/debian/changelog +++ b/debian/changelog @@ -69,6 +69,8 @@ x2goclient (4.0.3.0-0x2go1) UNRELEASED; urgency=low 9 CVEs announced on 2014-08-06. - Windows: Cygwin OpenSSL updated from 1.0.1h-1 to 1.0.1i-1, which fixes the 9 CVEs announced on 2014-08-06. +- Windows: Fix text not being rendered properly at end of NSIS installer + (Fixes: #597) [ Stefan Baur ] * New upstream version (4.0.3.0): ___ x2go-dev mailing list x2go-dev@lists.x2go.org http://lists.x2go.org/listinfo/x2go-dev
[X2Go-Dev] X2Go: The Gathering 2014 starts 2014-10-31 - please respond ASAP if you want to participate!
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 X2Go: The Gathering 2014 @ Linuxhotel This year's X2Go community event will be a three-day work and play (coding, chatting, sightseeing, socializing) event at Linuxhotel, Essen, Germany. *ATTENTION!* If you want to join us *and* want to sleep in one of the hotel rooms at the Linuxhotel, we need the number of beds and nights you want to reserve, as well as *your full name* (as printed on your passport) and *your nationality* by *2014-09-18* *23:59:59* *CEST* (yes, that's 2014-09-18, *not* 2014-10-18)!!! Very important!!! After that date, we will be unable to reserve a room for you! First come, first serve! Please send your reservation request to x2go-m...@baur-itcs.de with the text The Gathering somewhere in the subject and bug me publicly on the X2Go-Dev list if you don't receive a confirmation by e-mail after a day or two. Currently, the following core team members already have valid registrations and thus do not need to re-register: - - Mike#1 - - Mike#2 - - Stefan Baur - - Heinz-M. Graesing (Sat/Sun only, so far) (@Heinz-M. Graesing: Please let me know ASAP regarding Fri/Sat.) If for some reason or other you do *not* need a place to sleep at Linuxhotel, but *do* want to join us, please *still* let us know in advance that you're planning to visit. There's no such hard deadline as for the room reservations, but you will need to check in (see Admission fee below) for our gathering with the Linuxhotel staff, so please *do* let us know in advance. *Costs for Linuxhotel hotel rooms* Rooms are available at 15 EUR/night (and since we're a two-night-, three-day event, expect to pay 30 EUR total for the room). Note that this is the price for a *shared* room, i.e. you will have at least one other person (in some rooms, even two) sleeping in the same room with you. If you want a *single room*, the *price doubles* and we need to know *ASAP*, as the amount of single rooms at Linuxhotel is *very* limited - only 3 rooms available! It is also possible to book only one of the two nights if you can't make it for the entire weekend, but don't want to miss out on all the fun. *Admission fee* 5 EUR/day, again, since we're a three-day event, expect to 15 EUR total. This is a per-person conference room/infrastructure rent and beverages flat rate - *this includes beer and wine*! Food is not included in this fee. Expect that there will be no lunch/dinner served by Linuxhotel, thus it's totally cool with the Linuxhotel management if you bring your own (if you're flying in from abroad, please check import restrictions) or order from a delivery service. *Payment* You will have to pay in cash *upon arriving at Linuxhotel*. Sorry, we can't accept credit cards, debit cards, wire transfers, bitcoins or other forms of payment for this event - *cash only*. Also, all payments must be made in *Euro, not in foreign currencies*. Sorry about that, too. The processing fees for non-cash and/or non-Euro payments would drive up the prices. We will be updating the Wiki page http://wiki.x2go.org/doku.php/events:start?#x2gothe_gathering_2014_linuxhotel as more information becomes available. Certain things, like our breakfast options, or having lunch/dinner served by Linuxhotel instead of having to order from a delivery service (as it stands now), can only be planned once we know the exact number of participants. *For now, here's the Wiki text* X2Go: The Gathering 2014 @ Linuxhotel Date: 2014-10-31 to 2014-11-02 Three-day event at http://www.linuxhotel.de (for conditions, see: https://www.linuxhotel.de/community.html / http://www.linuxhotel.de/community.en.html, Essen (work and play gathering; grid power, wifi, hotel style rooms, youth hostel-like service, recreational facilities available, sightseeing tours/group entertainment available in the evening) Plan for Friday 2014-10-31: - arrival: 1800 hours/6pm local time (CET - Central European Time - note that daylight saving time in Germany ends a few days before this date) - option to order Pizza, bringing your own food is OK, too. - get-together in the chimney room (there's Wi-Fi and power, so if you want to code away, feel free to do so) Plan for Saturday 2014-11-01: - breakfast between 0900 hours/9am - 1000 hours/10am local time - coding session in meeting room - English guided tour: http://www.zollverein.de/angebote/about-coal-and-miners starting 1500 hours/3pm local time (note that we will have to leave Linuxhotel/Unperfekthaus before that, as our teleporter and time machine are still undergoing repairs ;-)) - depending on majority vote, we will either have lunch before the guided tour, or dinner afterwards. We will go to the http://www.unperfekthaus.de restaurant, as they offer flat rate food and all items on their menu are tagged in English and German. Plan for Sunday 2014-11-02: - breakfast between 0900 hours/9am - 1000
