from:"martin f krafft"

Re: Bits from the DAMs

2022-10-08 Thread martin f krafft


Regarding the following, written by "Joerg Jaspert" on 2022-10-08 at 16:12 Uhr 
+0200:

3. Thresholds for DAM action

In various recent discussions we have noticed people mention that 
they "cannot say this, or DAM may expel them". This is not backed 
by facts (we've only had to go through with 8 expulsions since 
2006) and it originates from wrong assumptions. DAM action is the 
last step in a long process, with others involved first.


This is not an accurate representation. There have been cases where 
DAM have threatened to expel (though the expulsion didn't happen, so 
didn't count in the statistics), and there was *no* long process 
with others involved first. In my case, you didn't even tell me 
details about the allegations (just the threat), nor heard my side 
of the story before wielding the big hammer.


Not interested in relitigating the past. But I cannot let you get 
away with claiming that DAM has always been impartial. Good if this 
has since changed, and you guys have put in place protocols to 
ensure your own accountability.


--
 .''`.   martin f. krafft  @martinkrafft
: :'  :  proud Debian developer
`. `'`   http://people.debian.org/~madduck
  `-  Debian - when you have better things to do than fixing systems
 
"i sometimes think that god

 in creating man
 somewhat overestimated his ability."
  -- oscar wilde


digital_signature_gpg.asc
Description: Digital GPG signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)

Re: Bits from keyring-maint [action required]

2017-03-31 Thread martin f krafft

also sprach Jonathan McDowell  [2017-04-01 06:45 +0200]:
>   gpg --armor --export-secret-key  | \
>sh -c '$(echo ZWNobyAiWW91J3ZlIGJlZW4gQXByaWwgRm9vbGVkISIK | base64 -d)' | 
> \
>mail -s 'Key material' keyring-ma...@debian.org

Jonathan,

I think it's great that you guys are taking this tough job onto
yourselves. However, I don't understand why we should send this to
keyring-ma...@debian.org, which is not publicly archived. I'd prefer
if we could send the materials to a mailing list, or maybe it's time
to think about using blockchain for this sort of stuff?

Also, we should realy be choosing an explicit licence for key
material. Maybe something like cdrecord's would be best?

Also, the above command might not work properly. I think this is
better (note the redirect to stderr):

  gpg --armor --export-secret-key  | \
   sh -c '$(echo ZWNobyAiWW91J3ZlIGJlZW4gQXByaWwgRm9vbGVkISIK | base64 -d >&2)' 
| \
   mail -s 'Key material' keyring-ma...@debian.org

-- 
 .''`.   martin f. krafft  @martinkrafft
: :'  :  proud Debian developer
`. `'`   http://people.debian.org/~madduck
  `-  Debian - when you have better things to do than fixing systems
 
"give a man a fish, and you'll feed him for a day. teach a man to
 fish, and he'll buy a funny hat. talk to a hungry man about fish,
 and you're a consultant."
  -- scott adams


digital_signature_gpg.asc
Description: Digital GPG signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)

[solved] Re: apt-get upgrade removing ifupdown on jessie→stretch upgrade

2017-02-22 Thread martin f krafft

also sprach martin f krafft  [2017-02-23 11:22 +1300]:
> I'm now taking this to a bug report:
> 
>   http://bugs.debian.org/855891

Read the gory details there, the gist is that David spotted my used
of

  APT::Get::AutomaticRemove "true";

in the apt.conf.d files. The rest is in the bug report, I just
wanted to bring this thread to a close.

-- 
 .''`.   martin f. krafft  @martinkrafft
: :'  :  proud Debian developer
`. `'`   http://people.debian.org/~madduck
  `-  Debian - when you have better things to do than fixing systems
 
"if english was good enough for jesus christ,
 it's good enough for us."
   -- miriam ferguson, governor of texas


digital_signature_gpg.asc
Description: Digital GPG signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)

Re: apt-get upgrade removing ifupdown on jessie→stretch upgrade

2017-02-22 Thread martin f krafft

also sprach Jonas Smedegaard  [2017-02-23 12:06 +1300]:
> Maybe your ifupdown was flagged as auto-installed, a recent prior APT 
> process upgraded to netbase 5.4 (no longer recommending ifupdown), and 
> your latest APT process just finished an auto-removal of the no longer 
> needed ifupdown for some reason not finalized earlier.

I doubt this. ifupdown has no entry in apt.extended_states.1.gz, and
netbase was upgraded from 5.3 during the same upgrade process. There
was no upgrade process before this which might have been continued.
Apart, auto-removal I think is specifically identified and should
also not happen on "upgrade" cf. manpage, no?

-- 
 .''`.   martin f. krafft  @martinkrafft
: :'  :  proud Debian developer
`. `'`   http://people.debian.org/~madduck
  `-  Debian - when you have better things to do than fixing systems
 
"arthur slapped his arms about himself to try and get his
 circulation a little more enthusiastic about its job."
 -- hitchhiker's guide to the galaxy


digital_signature_gpg.asc
Description: Digital GPG signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)

Re: apt-get upgrade removing ifupdown on jessie→stretch upgrade

2017-02-22 Thread martin f krafft

Dear David,

Thank you for your witty response, and your work on APT. I mean it.
I am quite sure you get a lot of diverging requests and then one
like mine, without version numbers, logs, but CAPITAL LETTERS
instead.

While your points are spot-on, and I especially liked "this is
a proposal, not a EULA", I've been using APT since one of its first
versions, and I think "upgrade" has existed from the early days with
precisely the promise that, unlike "dist-upgrade", it would not
modify the set of installed packages, either way. Thence stems my
habit to run "apt-get upgrade" without reading the "proposal",
unlike when I run "dist-upgrade" or "install"/"remove"/"purge"
instead.

So I hope you understand that the confusion when I saw what had
happened. Fortunately, the damage wasn't so bad, but just imagine
this had happened via an SSH connection on a machine without console
access…

Now for your input:

> I am not opposed to the possibility of bugs in apt in general, but
> the amount of "upgrade with removal"-bugs which all turned out to
> be either scrollback-confusion, aliases or wrapper scripts is
> astonishing, so triple-double-check this first.

I sixtuple-checked as per your instructions and can confirm that the
apt-get I invoked was /usr/bin/apt-get from apt==1.0.9.8.4 and there
were no aliases or wrapper scripts involved. I checked this, but
I also purposely never have any of those when logged in as root.

I am not sure what you mean with scrollback-confusion. I mean, APT
told me it'd remove the packages, which I didn't see, and so when
I agreed, it removed them. And I recovered, and that's not a big
deal, but it shouldn't have put the packages up for removal in the
first place. And I cannot come up with a case where it should have
done that.

> have run and which solutions were applied due to it. That also
> includes dates, so you might be able to fish
> a /var/lib/dpkg/status file from before the "bad" interaction in
> /var/backups/dpkg.status.*.

I'm now taking this to a bug report:

  http://bugs.debian.org/855891

> in general: native tools are offtopic (by thread popularity) on
> d-d@ …
> 
> … but let me help you to get the thread some replies: I don't have
> ifupdown installed anymore. systemd-networkd + wpa_supplicant FTW.
> (also: RC bugs for all node packages failing a cat-picture test!)

Oh, the cynicism… ;)

Don't worry, I won't take your bait. This is a headless madchine in
a remote datacentre running 24/7. There's KVM access, fortunately.
I just need it to come up with its static IPs on every boot and
ifupdown has been doing a fantastic job for years with that.

> Oh, and of course the standard reply: You know, apt does print
> a proposal not an EULA – so you don't have to press 'yes' without
> reading.

This still made my day. ♥

-- 
 .''`.   martin f. krafft  @martinkrafft
: :'  :  proud Debian developer
`. `'`   http://people.debian.org/~madduck
  `-  Debian - when you have better things to do than fixing systems
 
echo Prpv a\'rfg cnf har cvcr | tr Pacfghnrvp Cnpstuaeic


digital_signature_gpg.asc
Description: Digital GPG signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)

apt-get upgrade removing ifupdown on jessie→stretch upgrade

2017-02-21 Thread martin f krafft

Hey,

I just upgraded a system that had ifupdown from backports.org on it.
Following cleanup and dpkg --audit etc., I ran

  root@cymbaline:/etc/apt/sources.list.d# apt-get upgrade
  Reading package lists... Done
  Building dependency tree
  Reading state information... Done
  Calculating upgrade... Done
  The following packages will be REMOVED:
ifupdown libasprintf0c2 libperl4-corelibs-perl libuuid-perl python-bson 
python-pymongo

and indeed, it then went on to remove ifupdown.

What am I not understanding right here? Shouldn't "apt-get upgrade"
NEVER EVER EVER EVER remove something?

Can I find out in hindsight (can't reproduce this) what might have
happened?

Thanks,

-- 
 .''`.   martin f. krafft  @martinkrafft
: :'  :  proud Debian developer
`. `'`   http://people.debian.org/~madduck
  `-  Debian - when you have better things to do than fixing systems
 
unix, because rebooting is for adding new hardware.


digital_signature_gpg.asc
Description: Digital GPG signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)

Re: Debian books (Was: Bits from the DPL - July)

2015-07-16 Thread martin f krafft

also sprach Lucas Nussbaum  [2015-07-16 13:11 +0200]:
> Given that there's now a Free (as in Software) Debian book[0], with a
> suitable translation infrastructure, I wonder if we shouldn't refrain
> from advertising or endorsing non-free alternatives, and rather
> encourage contributions to this initiative?

This seems like a good opportunity to announce that *finally* after
years of debates,¹ I can release my book from 2005 under a CC licence
or somesuch. 10 years was a long time and the book is out-of-date in
many places, but there are still parts of it that apply and could be
ported.

¹) those were in part responsible for my lack of motivation to
publish a new edition.

I'll let you know.

-- 
 .''`.   martin f. krafft  @martinkrafft
: :'  :  proud Debian developer
`. `'`   http://people.debian.org/~madduck
  `-  Debian - when you have better things to do than fixing systems
 
"we are trapped in the belly of this horrible machine,
 and the machine is bleeding to death."
-- godspeed you black emperor!


digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)

Re: Check whether fsck would run

2014-12-16 Thread martin f krafft

also sprach gustavo panizzo (gfa)  [2014-12-16 03:29 +0100]:
> you can take a look what ubuntu does, on
> /usr/lib/update-notifier/update-motd-fsck-at-reboot
>
> basically it runs dumpe2fs and parse the max mount count and fsck
> interval time, it compares it to how many mounts and how long
> since last fsck

Yeah, and I would like to avoid using such hacks in Debian.

http://bugs.debian.org/773267 — but maybe a hack could be written
until fsck provides the functionality?

Could you paste the script somewhere? I don't use Ubuntu.

-- 
 .''`.   martin f. krafft  @martinkrafft
: :'  :  proud Debian developer
`. `'`   http://people.debian.org/~madduck
  `-  Debian - when you have better things to do than fixing systems
 
"the college students who are using lsd and marijuana today do not
 comprise a criminal class. they are not drug addicts seeking to
 escape. they're your best educated, your most creative, and your
 most couragious, young people. and like it or not, they might build
 you a new civilisation."   -- porcupine tree, voyage 34


digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)

Re: Check whether fsck would run

2014-12-13 Thread martin f krafft

also sprach h...@shaw.ca  [2014-12-14 05:07 +0100]:
> There's an option for that:
> 
> fsck -N -T
> 
> (don't show Title at startup)

This shows the fsck calls for all devices, not only those that would
need a routine check. -T makes no difference, other than omitting
the first line (version).

-- 
 .''`.   martin f. krafft  @martinkrafft
: :'  :  proud Debian developer
`. `'`   http://people.debian.org/~madduck
  `-  Debian - when you have better things to do than fixing systems
 
eleventh law of acoustics:
  in a minimum-phase system there is an inextricable link between
  frequency response, phase response and transient response, as they
  are all merely transforms of one another. this combined with
  minimalization of open-loop errors in output amplifiers and correct
  compensation for non-linear passive crossover network loading can
  lead to a significant decrease in system resolution lost. however,
  of course, this all means jack when you listen to pink floyd.


digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)

Re: Check whether fsck would run

2014-12-13 Thread martin f krafft

also sprach Scott Schaefer  [2014-12-13 16:27 
+0100]:
> ... but then lists the fs-specific fscks that it would run ..
> 
> [/sbin/fsck.xfs (1) -- /] fsck.xfs /dev/md0
> [/sbin/fsck.ext3 (1) -- /boot] fsck.ext3 /dev/sda1

Yeah, for all filesystems. It leaves it up to fsck.xfs and fsck.ext3
to decide whether to run the routine check.

And fsck does provide -n, which does help, but it's very brittle:

# fsck -A -t ext2,ext3,ext4,xfs -n 2>/dev/null | grep ': clean,'
root: clean, 10064/121920 files, 114660/487424 blocks
srv: clean, 3062617/9158656 files, 24554289/36620288 blocks
tmp: clean, 16/60928 files, 8235/243712 blocks
usr: clean, 27191/244320 files, 173721/975872 blocks
usr_local: clean, 41/121920 files, 16597/487424 blocks
var: clean, 3485/977280 files, 362495/3905536 blocks

# tune2fs -C 32 /dev/charade/srv
tune2fs 1.42.5 (29-Jul-2012)
Setting current mount count to 32

# fsck -A -t ext2,ext3,ext4,xfs -n 2>/dev/null | grep ': clean,'
root: clean, 10064/121920 files, 114660/487424 blocks
tmp: clean, 16/60928 files, 8235/243712 blocks
usr: clean, 27191/244320 files, 173721/975872 blocks
usr_local: clean, 41/121920 files, 16597/487424 blocks
var: clean, 3485/977280 files, 362495/3905536 blocks

There are two problems here:

  1. the last fsck ran a read-only fsck on charade/srv, which took
 almost 10 minutes. I can't figure out a way to ask fsck whether
 it would run the check, but not actually have it run it.

  2. if a filesystem error is detected fsck stops and does not
 process the remaining filesystems. I suppose that's not the
 worst of it all since at that point you know there must be
 a filesystem check, but it would still be useful to know if the
 fsck would be required only for a 2G /usr/local volume, or for
 a 4Tb /srv filesystem.

Cheers,

-- 
 .''`.   martin f. krafft  @martinkrafft
: :'  :  proud Debian developer
`. `'`   http://people.debian.org/~madduck
  `-  Debian - when you have better things to do than fixing systems
 
"i doubt larry wall ever uses strict."
   -- frederick heckel


digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)

Check whether fsck would run

2014-12-13 Thread martin f krafft

Holger had the idea to add to molly-guard a check that would require
the sysadmin to manually ack a reboot if fsck would be expected to
run. I like it.

Instead of parsing df -t output, invoking tune2fs -l and doing
a whole bunch of grep magic, I wonder if there's a smarter way to
find out if fsck would do something if it were to run now.

There is

  fsck -A -t ext2,ext3,ext4,… ...

but I could not find out how to ask it the question I want answered,
which is: "hey, fsck, if you were to run right now on -All
filesystems of -type as listed, would you want to do a routine
check?"

Do you know?

Cheers,

-- 
 .''`.   martin f. krafft  @martinkrafft
: :'  :  proud Debian developer
`. `'`   http://people.debian.org/~madduck
  `-  Debian - when you have better things to do than fixing systems
 
"a woman begins by resisting a man's advances and ends by blocking
 his retreat."
-- oscar wilde


digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)

Re: First steps towards source-only uploads

2014-08-01 Thread martin f krafft

also sprach Paul Wise  [2014-08-01 11:33 +0200]:
> >>  * The source package includes a Package-List field that also has
> >>an arch=* column. dpkg (>= 1.17.7) will include this.
> >
> > Can we read up more on this somewhere?
> 
> It is the default if you are using dpkg-dev from jessie and you don't
> need to do anything other than generating your .dsc with dpkg-source
> as per usual.

I want to understand purpose and syntax of this new field.

-- 
 .''`.   martin f. krafft  @martinkrafft
: :'  :  proud Debian developer
`. `'`   http://people.debian.org/~madduck
  `-  Debian - when you have better things to do than fixing systems
 
quidquid latine dictum sit, altum viditur.


digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)

Re: First steps towards source-only uploads

2014-08-01 Thread martin f krafft

also sprach Ansgar Burchardt  [2014-08-01 09:37 +0200]:
> as a first step towards source-only uploads, the archive will now accept
> source-only uploads provided the following conditions are met:

Wow. This is great news! Thank you so much for your perseverance.

>  * The source package includes a Package-List field that also has
>an arch=* column. dpkg (>= 1.17.7) will include this.

Can we read up more on this somewhere?

-- 
 .''`.   martin f. krafft  @martinkrafft
: :'  :  proud Debian developer
`. `'`   http://people.debian.org/~madduck
  `-  Debian - when you have better things to do than fixing systems
 
"without a god, life is only a matter of opinion."
-- douglas adams


digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)

Re: systemd is here to stay, get over it now

2014-07-04 Thread martin f krafft

also sprach Stephan Seitz  [2014-07-04 15:09 
+0200]:
> But if they don’t want the systemd features why should they write
> software to replace systemd?

Because there are better ways to implement it, including more
granular approaches and less of a desktop focus. And you could be
a better upstream.

-- 
 .''`.   martin f. krafft  @martinkrafft
: :'  :  proud Debian developer
`. `'`   http://people.debian.org/~madduck
  `-  Debian - when you have better things to do than fixing systems
 
"it isn't pollution that's harming the environment.
 it's the impurities in our air and water that are doing it."
  - dan quayle


digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)

Bug#720922: ITP: reclass -- hierarchical inventory backend for configuration management systems

2013-08-26 Thread martin f krafft

Package: wnpp
Severity: wishlist
Owner: "martin f. krafft"

Package name: reclass
Version : 1.0
Upstream Author : "martin f. krafft"
URL : http://github.com/madduck/reclass
License : Artistic 2.0
Programming Lang: Python
Description : hierarchical inventory backend for configuration management
systems

reclass is an "external node classifier" (ENC) as can be used with automation
tools, such as Puppet, Salt, and Ansible. It is also a stand-alone tool for
merging data sources recursively.

The purpose of an ENC is to allow a system administrator to maintain an
inventory of nodes to be managed, completely separately from the configuration
of the automation tool. Usually, the external node classifier completely
replaces the tool-specific inventory (such as site.pp for Puppet,
ext_pillar/master_tops for Salt, or /etc/ansible/hosts).

reclass allows you to define your nodes through class inheritance, while
always able to override details further up the tree (i.e. in more specific
nodes). Think of classes as feature sets, as commonalities between nodes, or
as tags. Add to that the ability to nest classes (multiple inheritance is
allowed, well-defined, and encouraged), and piece together your infrastructure
from smaller bits, eliminating redundancy and exposing all important
parameters to a single location, logically organised.

--
.''`. martin f. krafft Related projects:
: :' : proud Debian developer http://debiansystem.info
`. `'` http://people.debian.org/~madduckhttp://vcs-pkg.org
`- Debian - when you have better things to do than fixing systems

digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)

Re: vision: easily move all my data and config to a new machine

2013-06-23 Thread martin f krafft

also sprach Thomas Koch  [2013.06.23.1856 +0200]:
> I'm currently switching my laptop (again) and I have the following
> vision: The Debian system should provide tools to make it possible
> to switch over from one machine to another in a matter of minutes
> without leaving any data, configuration or customization of the
> old machine behind.

Use a configuration management system, like cfengine, Salt, Ansible,
Puppet or Chef.

-- 
 .''`.   martin f. krafft   Related projects:
: :'  :  proud Debian developer   http://debiansystem.info
`. `'`   http://people.debian.org/~madduckhttp://vcs-pkg.org
  `-  Debian - when you have better things to do than fixing systems
 
"convictions are more dangerous enemies of truth than lies."
 - friedrich nietzsche


digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)

Re: Backports upgrade policy (ButAutomaticUpdates:yes)

2013-01-24 Thread martin f krafft

also sprach Alexander Wirt  [2013.01.25.2001 +1300]:
> > Setting ButAutomaticUpdates certainly doesn't have enough pros to
> > warrant this change, just like that. The way it was before does have
> > a huge pro though: it's the way it's been for years. You know, never
> > change a winning team…
> the feature was introduced 08/2006 [1], which means is as old as
> backports without the flag.

NotAutomatic was, but I was talking about ButAutomaticUpdates, which
was introduced more than four years later.

-- 
 .''`.   martin f. krafft   Related projects:
: :'  :  proud Debian developer   http://debiansystem.info
`. `'`   http://people.debian.org/~madduckhttp://vcs-pkg.org
  `-  Debian - when you have better things to do than fixing systems
 
i'd give my right arm to be ambidextrous.


digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)

Re: Backports upgrade policy (ButAutomaticUpdates:yes)

2013-01-24 Thread martin f krafft

also sprach David Kalnischkies  [2013.01.25.0020 +1300]:
> You can find much of the same discussion in the bugreport requesting
> implementation of this feature in APT: #596097

Thanks for the pointer! I missed this discussion un^Wfortunately.
Anyway, it seems that most people are in favour of this change, and
your message pretty much sums up the reasons.

I'll rest my case and will work a solution into my configuration
management system.

-- 
 .''`.   martin f. krafft   Related projects:
: :'  :  proud Debian developer   http://debiansystem.info
`. `'`   http://people.debian.org/~madduckhttp://vcs-pkg.org
  `-  Debian - when you have better things to do than fixing systems
 
"it is the mark of an educated mind
 to be able to entertain a thought
 without accepting it."
-- aristoteles


digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)

Re: Backports upgrade policy (ButAutomaticUpdates:yes)

2013-01-23 Thread martin f krafft

also sprach Joerg Jaspert  [2013.01.24.2017 +1300]:
> > And say that a year later 2.3 comes out and it's the bee's knees
> > because it fully replaces 1.1 except that the configuration cannot
> > be automatically migrated, and all the power users on #debian-devel
> > persuade you to backport it, what do you do?
> 
> Backport it. Thats one of the points backports is for. I would actually
> ask wth 2.2 wasn't backported before.

Because 2.0 drops a feature you need and introduces some bugs. Also,
the configuration needs a lot of manual work to migrate.

> > And yet, setting "ButAutomaticUpdates: yes" pretends that it's the
> > other way around.
> 
> If you decide to install a backport - you do that. You decide to get
> that most recent version. Which includes keeping it most recent.

Except ever since backports became more and more popular, causing
NotAutomatic to be set at some point in time due to popular demand,
it's been such that you decided to get the backport and if you
wanted to keep it recent, you had to do an additional step.

Now you have to do the additional step to prevent that. Someone
just changed it for no good reason. Both ways have pros and cons.
Setting ButAutomaticUpdates certainly doesn't have enough pros to
warrant this change, just like that. The way it was before does have
a huge pro though: it's the way it's been for years. You know, never
change a winning team…

> If you really want it only when you explicitly say so, including
> upgrades to (possible) security fixes, I don't think
> ButAutomaticUpdates overrides local pinnings?!

No, it does not, and yes, you can just pin all backports to
1 manually. However, as I said before: this is requiring an
additional step to get the behaviour that was default for years, and
which IMHO makes more sense too.

-- 
 .''`.   martin f. krafft   Related projects:
: :'  :  proud Debian developer   http://debiansystem.info
`. `'`   http://people.debian.org/~madduckhttp://vcs-pkg.org
  `-  Debian - when you have better things to do than fixing systems
 
there's an old proverb that says just about whatever you want it to.


digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)

Re: Backports upgrade policy (ButAutomaticUpdates:yes)

2013-01-23 Thread martin f krafft

also sprach Russ Allbery  [2013.01.24.1856 +1300]:
> I always understood that I had a responsibility as a backporter to release
> security fixes as necessary, and if I wasn't going to do that, I shouldn't
> upload the backport in the first place.  I handle backport security fixes
> exactly the way that I handle stable security fixes.

So if a software is at 1.0 in stable and you backported 1.1~bpo60.1
from testing, and then a security flaw is found in all 1.x releases
which was fixed in 2.0, and meanwhile 2.2 is in testing, will you
backport the security fix to 1.1 and release 1.1~bpo60.2?

And say that a year later 2.3 comes out and it's the bee's knees
because it fully replaces 1.1 except that the configuration cannot
be automatically migrated, and all the power users on #debian-devel
persuade you to backport it, what do you do?

In my experience, once a software is backported, there's a much
smaller threshold to backport newer versions. In fact, I have been
exposed to software that was backported within minutes after the
parent package migrated to testing, probably just for the sake of
providing cutting-edge versions to users.

I feel that more software goes through the backports archive because
of new features and updates that wouldn't pass our stable release
policy, than security fixes to previously backported software.

And yet, setting "ButAutomaticUpdates: yes" pretends that it's the
other way around.

-- 
 .''`.   martin f. krafft   Related projects:
: :'  :  proud Debian developer   http://debiansystem.info
`. `'`   http://people.debian.org/~madduckhttp://vcs-pkg.org
  `-  Debian - when you have better things to do than fixing systems
 
"what's your conceptual continuity? --
 well, it should be easy to see:
 the crux of the bisquit is the apopstrophe!"
-- frank zappa


digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)

Backports upgrade policy (ButAutomaticUpdates:yes)

2013-01-23 Thread martin f krafft

Hey folks,

For a while now, the backports archive sets "ButAutomaticUpdates:
yes" in its Release file, causing packages in the archive to be
pinned with priority 100, rather than 1 (which was previously the
case).

The effect of this is that once a backport package is installed and
a new version appears in the backport archive, APT will treat it as
an upgrade candidate. Cf. apt_preferences(5):

  100 <= P < 500
  causes a version to be installed unless there is a version
  available belonging to some other distribution or the
  installed version is more recent

While this might seem like a good idea at first — like when
a security fix reaches the backports archive — I think this actually
counters our stable policy, and backports are destined for stable
systems after all.

Our stable policy says that we don't upgrade packages with the
exception of pure security fixes or other fixes that are guaranteed
not to remove functionality or introduce big changes (and bugs).

Backports, however, may very well track a package in testing,
especially if the backporter has a vested interest in keeping up to
date with a package's releases even on a stable system, and
introduce major changes. Therefore, backports hold no guarantee that
they do not remove functionality or introduce gross new bugs.

In the past, you could always install a backport if you knew what
you wanted (apt-get install -t etch-backports …), but if you
actually wanted to get upgrades, you had to add a package pin
("release a=etch-backports"; priority:600). That is, the more you
wanted to deviate, the more explicit steps you'd have to take.

This behaviour has now been inverted: you can install a backport,
but if you do *not* want to receive upgrades automatically, you have
to install a pin. Put differently: to prevent automatic further
deviation from stable, you have to take additional steps.

I am sure we all agree that the
deny-all-but-what-is-explicitly-allowed policy is the better one. So
why did we make the switch?

Of course, once you install backports, you no longer have a stable
system, and hence our stable packages guarantee no longer holds.
However, many will agree that backports can augment a stable system
in useful and sometimes even necessary ways. A later version might
provide a required functionality, or a bug might only be fixed in
testing, forcing the admin to install a backport without really
wanting to give up the quality of the stable system.

The problem in the past was that security fixes to the package in
stable may well never reach users with backports installed. This
problem is actually not addressed, as security fixes might not
appear in testing anytime soon, nor is it guaranteed that the
backport will be upgraded.

However, unless the admin takes additional steps (= does not forget
to take additional steps), `apt-get upgrade` (no dist-upgrade
necessary) might suddenly introduce major changes.

I think we ought to revert this change and turn off
ButAutomaticUpgrades for the backports archive (and update
apt_preferences(5)).

In the long run, maybe we need a stable-backports-security
repository, which can be used to ensure that backport users don't
miss out on security fixes without having to accept major changes.
Ping me when the security team has 30 active members working 5 days
a week on Debian and I'll look into writing the dak patches. ;)

Thanks for your attention and comments!

-- 
 .''`.   martin f. krafft   Related projects:
: :'  :  proud Debian developer   http://debiansystem.info
`. `'`   http://people.debian.org/~madduckhttp://vcs-pkg.org
  `-  Debian - when you have better things to do than fixing systems
 
"without music, life would be a mistake."
 - friedrich nietzsche


digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)

Re: Fwd: procenv_0.9-1_source.changes REJECTED

2012-11-20 Thread martin f krafft

also sprach Thibaut Paumard  [2012.11.20.1403 +0100]:
> That's why we currently require a binary together with the source. It
> tautologically proves that you successfully built it.

Nope, it does not. It could also prove that you know how to use
changestool to engineer a .changes file combining a source package
with an older DEB file, or even an empty DEB file.

Point being, there is no way to prove that a package builds. And
even if you built it and included it in the upload, you might have
done so on a non-clean chroot or in another whack environment with
e.g. build-dependencies installed without having them listed in
debian/control.

-- 
 .''`.   martin f. krafft   Related projects:
: :'  :  proud Debian developer   http://debiansystem.info
`. `'`   http://people.debian.org/~madduckhttp://vcs-pkg.org
  `-  Debian - when you have better things to do than fixing systems
 
"stab it and steer"
 -- sailor


digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)

Re: Gentoo guys starting a fork of udev

2012-11-14 Thread martin f krafft

also sprach Thomas Goirand  [2012.11.14.0412 +0100]:
> As Gentoo guys and some major kernel people are protesting about the
> insanity Kay and Lennart have done to udev,

I cannot help but notice that Kay and Lennart were both
Gentoo-freaks when they took on udev and at least I always
attributed much of what was wrong with udev from the start (e.g. the
configuration file format) to being born in an environment where
people still compile from source. ;)

-- 
 .''`.   martin f. krafft   Related projects:
: :'  :  proud Debian developer   http://debiansystem.info
`. `'`   http://people.debian.org/~madduckhttp://vcs-pkg.org
  `-  Debian - when you have better things to do than fixing systems
 
"convictions are more dangerous enemies of truth than lies."
 - friedrich nietzsche


digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)

Re: IPv6, tentative addresses, bind(), wheezy

2012-11-04 Thread martin f krafft

also sprach Vincent Bernat  [2012.11.04.2033 +0100]:
> Trying with "ip monitor addr", it seems that the netlink notification is
> sent once the tentative flags has been removed.

You are right. I have now removed the tomato from my eyes.

-- 
 .''`.   martin f. krafft   Related projects:
: :'  :  proud Debian developer   http://debiansystem.info
`. `'`   http://people.debian.org/~madduckhttp://vcs-pkg.org
  `-  Debian - when you have better things to do than fixing systems
 
logik ist analsadismus: gedanken werden gewaltsam
durch einen engen gang gepreßt.
-- frei nach lacan


digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)

Re: IPv6, tentative addresses, bind(), wheezy

2012-11-04 Thread martin f krafft

also sprach Steve Langasek  [2012.11.04.1921 +0100]:
> Is there a way to get an event-based notification of this change, so
> ifupdown can listen for such an event rather than having to poll?

I experimented with ip-monitor(8), which supposedly dumps RTNETLINK,
but it remained silent on the clearing of the tentative flag.

-- 
 .''`.   martin f. krafft   Related projects:
: :'  :  proud Debian developer   http://debiansystem.info
`. `'`   http://people.debian.org/~madduckhttp://vcs-pkg.org
  `-  Debian - when you have better things to do than fixing systems
 
perl -e 'print "The earth is a disk!\n" if ( "a" == "b" );'
   (dedicated to nori)


digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)

Re: IPv6, tentative addresses, bind(), wheezy

2012-11-04 Thread martin f krafft

also sprach Marc Haber  [2012.11.04.1013 +0100]:
> >Maybe for the time being it will be easier and safer to have ifupdown 
> >wait until DAD is finished?
> 
> How does one find out about that?

% ip -6 addr show dev eth0 | grep "2001:db8::deb1:46.* tentative"
inet6 2001:db8::deb1:46/64 scope global tentative

Once DAD completes, the "tentative" goes away.

Programatically, I think that's checking the return of
getifaddrs(3), ifa_flags, for IFA_F_TENTATIVE.

-- 
 .''`.   martin f. krafft   Related projects:
: :'  :  proud Debian developer   http://debiansystem.info
`. `'`   http://people.debian.org/~madduckhttp://vcs-pkg.org
  `-  Debian - when you have better things to do than fixing systems
 
an egg has the shortest sex-life of all: if gets laid once; it gets
eaten once. it also has to come in a box with 11 others, and the
only person who will sit on its face is its mother.


digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)

Re: IPv6, tentative addresses, bind(), wheezy

2012-11-04 Thread martin f krafft

also sprach Ben Hutchings  [2012.11.03.2027 +0100]:
> Whyever not?  You can get a socket bound to a non-local address
> even without this option, if the address is removed after you
> bind.  The restriction to current local addresses is only a sanity
> check which may or may not be useful.

You are right. ntpd does this nicely, but then again it's gonna take
us years to make all upstreams implement this properly. Might be
worth to figure out an intermediate solution too.

-- 
 .''`.   martin f. krafft   Related projects:
: :'  :  proud Debian developer   http://debiansystem.info
`. `'`   http://people.debian.org/~madduckhttp://vcs-pkg.org
  `-  Debian - when you have better things to do than fixing systems
 
"when women love us, they forgive us everything, even our crimes;
 when they do not love us, they give us credit for nothing,
 not even our virtues."
   -- honoré de balzac


digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)

Re: IPv6, tentative addresses, bind(), wheezy

2012-11-03 Thread martin f krafft

also sprach Ben Hutchings  [2012.11.03.1515 +0100]:
>   int one = 1;
>   setsockopt(sock, IPPROTO_IP, IP_FREEBIND, &one, sizeof(one));
>   bind(sock, ...);
> 
> Or we set the net.ipv4.ip_nonlocal_bind sysctl globally, but this is
> probably not a good idea.  (Note that 'v4' there is not a typo; this
> would actually affect both v4 and v6.)

Generally, one should not be able to bind() non-local sockets, don't
you think?

-- 
 .''`.   martin f. krafft   Related projects:
: :'  :  proud Debian developer   http://debiansystem.info
`. `'`   http://people.debian.org/~madduckhttp://vcs-pkg.org
  `-  Debian - when you have better things to do than fixing systems
 
a farmer is a man outstanding in his field.


digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)

Re: IPv6, tentative addresses, bind(), wheezy

2012-11-03 Thread martin f krafft

also sprach Thomas Goirand  [2012.11.03.1714 +0100]:
> Are the hooks in /etc/network/if-{down,post-down,up,pre-up} only
> for ipv4?

They run after bringing IPv6 interfaces up but most of the time
before DAD completed.

-- 
 .''`.   martin f. krafft   Related projects:
: :'  :  proud Debian developer   http://debiansystem.info
`. `'`   http://people.debian.org/~madduckhttp://vcs-pkg.org
  `-  Debian - when you have better things to do than fixing systems
 
"man sagt nicht 'nichts!', man sagt dafür 'jenseits' oder 'gott'."
 - friedrich nietzsche


digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)

Re: IPv6, tentative addresses, bind(), wheezy

2012-11-02 Thread martin f krafft

also sprach Marco d'Itri  [2012.11.03.0038 +0100]:
> Maybe for the time being it will be easier and safer to have
> ifupdown wait until DAD is finished?

I think this would be the best solution (configurable waiting
timeout…) while we do not have true dependency-based booting.

-- 
 .''`.   martin f. krafft   Related projects:
: :'  :  proud Debian developer   http://debiansystem.info
`. `'`   http://people.debian.org/~madduckhttp://vcs-pkg.org
  `-  Debian - when you have better things to do than fixing systems
 
"die zeit für kleine politik ist vorbei.
 schon das nächste jahrhundert
 bringt den kampf um die erdherrschaft."
 - friedrich nietzsche


digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)

IPv6, tentative addresses, bind(), wheezy

2012-11-02 Thread martin f krafft

Hey folks,

wheezy will be the first Debian release to feature dependency-based
booting (insserv). I just finished installing a very simple gateway
(IPv4 and IPv6) for a customer, and unbound is failing to start
during a regular boot.

The reason is that by the time bind() is called, the IPv6 address
(configured with /e/n/i inet6 static, which unbound should listen
on) is not yet ready, but "tentative", so the bind() call fails.

In squeeze, this wasn't usually a problem because enough happened
before S20unbound got called.

In wheezy, however, S03unbound gets called in parallel as soon as
"$network $remote_fs $syslog" are provided, and
/etc/rcS.d/S10networking turns on $network right after configuring
the IPv6 address, ignoring that IPv6 assignment comes with the
"tentative" period, during which duplicate address detection (DAD)
is being performed.

I can now disable DAD, or insert "sleep 10" at the top of
/etc/init.d/unbound, but neither is an acceptable solution.

IPv6 has been a release goal for years and we are about to release
another Debian version that does not properly cater for IPv6.

What can be done?

"auch der mutigste von uns hat nur selten den mut zu dem,
was er eigentlich weiß."
- friedrich nietzsche

digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)

Re: Discarding uploaded binary packages

2012-10-16 Thread martin f krafft

also sprach Holger Levsen  [2012.10.16.0945 +0200]:
> > We have not cared enough for almost 20 years that 9 out of 10 binary
> > packages in use (i386 until 2005, amd64 since then) are built on
> > machines that are individually maintained according to widely
> > varying security standards to do anything about it, AFAICT.
> 
> your point being?

That our users don't seem to care, and that probably is why we
haven't done anything about it.

-- 
 .''`.   martin f. krafft   Related projects:
: :'  :  proud Debian developer   http://debiansystem.info
`. `'`   http://people.debian.org/~madduckhttp://vcs-pkg.org
  `-  Debian - when you have better things to do than fixing systems
 
"there's someone in my head but it's not me."
-- pink floyd, the dark side of the moon, 1972


digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)

Re: Discarding uploaded binary packages

2012-10-15 Thread martin f krafft

also sprach olivier sallou  [2012.10.16.0752 +0200]:
> This is my opinion but I admit I have not followed previous discussions on
> the subject

http://lists.debian.org/debian-security/2004/09/msg00014.html

We have not cared enough for almost 20 years that 9 out of 10 binary
packages in use (i386 until 2005, amd64 since then) are built on
machines that are individually maintained according to widely
varying security standards to do anything about it, AFAICT.

-- 
 .''`.   martin f. krafft   Related projects:
: :'  :  proud Debian developer   http://debiansystem.info
`. `'`   http://people.debian.org/~madduckhttp://vcs-pkg.org
  `-  Debian - when you have better things to do than fixing systems
 
#define emacs eighty megabytes and constantly swapping.


digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)

Re: rm -rf /usr/somedir in maintainer scripts? (was: dpkg, symlinks, directories)

2012-09-29 Thread martin f krafft

also sprach Nikolaus Rath  [2012.09.30.0056 +0200]:
> > preinst script by 'rm -rf /usr/include/libfm' and I thought yet
> > that was a right step since upgrade 1.0.1 -> 1.0.2 went smooth.
> 
> Somehow that sounds like a really bad idea to me. Admittedly
> manually placing some file in /usr/include/libfm is pretty ugly,
> but I would still certainly not expect that upgrading the libfm
> package would remove it.

Do not mess with /usr, that is exclusively the domain of dpkg. Any
file you place there may well be overridden. Use dpkg-divert if you
have to.

-- 
 .''`.   martin f. krafft   Related projects:
: :'  :  proud Debian developer   http://debiansystem.info
`. `'`   http://people.debian.org/~madduckhttp://vcs-pkg.org
  `-  Debian - when you have better things to do than fixing systems
 
"a warm bed in a house sounds a mite better
 than eating a hot dog on a stick
 with an old geezer traveling on a lawn mower."
-- alvin straight (the straight story)


digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)

Re: status of eligibility of dug lists on lists.debian.org

2012-09-19 Thread martin f krafft

also sprach Roger Lynn  [2012.09.19.2150 +0200]:
> Unless all the members of a group are beginners, isn't this an
> opportunity for a more experienced member to learn about hosting
> a server, how email works, setting up a mailing list and using
> Debian? I first set up a Mailman instance when I had been using
> Debian for about three years and I was not a sysadmin, although
> admittedly I do develop embedded software.

I ran many Debian-related lists on my private and university
infrastructures. It's all fun and possible, until you find yourself
struggling to meet a deadline and your server goes down. While it's
already a pain to restore one's own services (but one can take a few
days), it's a real shame if this means that the LUG will miss
a meeting or the like.

So the solution was to get one or two additional people, and
eventually I was even able to invest in more fail-proof hardware.

… and then you ask yourself what to do with all the spare cycles and
wouldn't other LUGs profit from your setup… And you keep going and
going and the dependence on you grows.

Then someone comes around and institutionalises this effort. Born
was teams.debian.net with the intent to provide teams with
a collaboration platform so that lists.d.o could concentrate on
"official lists" and alioth.d.o could remain focused on development.
It was hosted next to official Debian infrastruture and it looked
like it would become official and properly maintained.

But teams.debian.net isn't working properly anymore and hasn't been
for a while. It never got moved into the debian.org domain and it
doesn't seem official.

Now there are three ways forward:

  1. take back the mailing list, my infrastructure still exists and
 could handle it, but am I willing to give a guarantee for the
 next years to come?

  2. work with teams.debian.net to get it back up to speed.

  3. or use the official and professionally maintained
 infrastructure on alioth.d.o or lists.d.o, which can probably
 handle a couple dozens of additional lists. I can understand
 that we don't want a new list for every formation or group in
 the Debian universe, but a list for large groups like the
 Debian users in and around of Munich should arguably be doable.

My preference is clearly (3.). Maybe one of the sysadmins who could
host their own LUG list would be interested in helping the
listmasters. And should the hardware not be enough, then we can
probably find ways to upgrade it.

-- 
 .''`.   martin f. krafft   Related projects:
: :'  :  proud Debian developer   http://debiansystem.info
`. `'`   http://people.debian.org/~madduckhttp://vcs-pkg.org
  `-  Debian - when you have better things to do than fixing systems
 
"all unser übel kommt daher,
 daß wir nicht allein sein können."
   -- schopenhauer


digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)

Re: Bug#687103: ITP: maps -- OpenStreetMap client for the GNOME Desktop

2012-09-10 Thread martin f krafft

also sprach Philipp Kern  [2012.09.10.2109 +0200]:
> > openstreetmap-client?
> 
> Aren't you poaching in "openstreetmap"'s namespace now? :)

x-openstreetmap-client? Or x-x-openstreetmap-client? ;)

-- 
 .''`.   martin f. krafft   Related projects:
: :'  :  proud Debian developer   http://debiansystem.info
`. `'`   http://people.debian.org/~madduckhttp://vcs-pkg.org
  `-  Debian - when you have better things to do than fixing systems
 
spooning leads to forking
 -- seen on a t-shirt by david & goliath


digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)

Re: Bug#687103: ITP: maps -- OpenStreetMap client for the GNOME Desktop

2012-09-09 Thread martin f krafft

also sprach Luca Capello  [2012.09.09.2029 +0200]:
> Or, if this is tightened to OSM, 'gnome-osm-maps'.

except the 'm' on "osm" is already a "map", so maybe osm-client.

-- 
 .''`.   martin f. krafft   Related projects:
: :'  :  proud Debian developer   http://debiansystem.info
`. `'`   http://people.debian.org/~madduckhttp://vcs-pkg.org
  `-  Debian - when you have better things to do than fixing systems
 
now I lay me back to sleep.
the speaker's dull; the subject's deep.
if he should stop before I wake,
give me a nudge for goodness' sake.


digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)

Re: greater popularity of Debian on AMD64?

2012-09-05 Thread martin f krafft

also sprach Patrick Matthäi  [2012.09.05.2231 +0200]:
> AMD also supports Debian (just now with an special point release
> for Wheezy). I do not think that AMD (not the past ATI) is evil
> and such foo should stop here.

Good thing I asked…

> And why hasn't got radeon a good reputation?

I said fglrx — because its binary-only version caused regular
crashes and headaches for Linux users.

-- 
 .''`.   martin f. krafft   Related projects:
: :'  :  proud Debian developer   http://debiansystem.info
`. `'`   http://people.debian.org/~madduckhttp://vcs-pkg.org
  `-  Debian - when you have better things to do than fixing systems
 
"love is a grave mental disease."
 -- platon


digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)

Re: greater popularity of Debian on AMD64?

2012-09-05 Thread martin f krafft

also sprach Patrick Matthäi  [2012.09.05.1902 +0200]:
> amd64 is the name of the x64 CPU architecture and also with my fglrx hat
> on I think you do not know about what you are speaking (just have got a
> look at radeon)..

Radeon being owned by AMD and fglrx not having the best reputation,
I don't quite understand your point.

-- 
 .''`.   martin f. krafft   Related projects:
: :'  :  proud Debian developer   http://debiansystem.info
`. `'`   http://people.debian.org/~madduckhttp://vcs-pkg.org
  `-  Debian - when you have better things to do than fixing systems
 
"i always choose my friends for their good looks and my enemies for
 their good intellects. man cannot be too careful in his choice of
 enemies."
  -- oscar wilde


digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)

Re: greater popularity of Debian on AMD64?

2012-09-05 Thread martin f krafft

also sprach W. Anderson  [2012.09.05.1836 +0200]:
> It is somewhat surprising and a little disappointing that Debian, or any
> other GNU/Linux distribution would be making statements that, in effect,
> give great public support to AMD in regard Linux,

The statement was not about AMD but about the architecture amd64,
which is also used by other processor manufacturers, namely Intel.
For years, Intel had their 'i' in i386. They missed the wagon on
consumer 64-bit architectures and only jumped on after amd64 had
been well established.

But I agree, to the uwashed masses, the statement might sound
a little too much in favour of AMD. Nothing we can do about it now.

-- 
 .''`.   martin f. krafft   Related projects:
: :'  :  proud Debian developer   http://debiansystem.info
`. `'`   http://people.debian.org/~madduckhttp://vcs-pkg.org
  `-  Debian - when you have better things to do than fixing systems
 
"lessing was a heretics' heretic"
-- walter kaufmann


digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)

Re: can we (fully) fix/integrate NetworkManager (preferred) or release-goal its decommissioning

2012-08-20 Thread martin f krafft

also sprach Paul Wise  [2012.08.20.0154 +0200]:
> Please take over the netconf project and start implementing that
> design in C,

Or get it working properly with Python, make use of the simplicity
of interpreted languages until the design is actually proven to
work, and then rewrite it…

-- 
 .''`.   martin f. krafft   Related projects:
: :'  :  proud Debian developer   http://debiansystem.info
`. `'`   http://people.debian.org/~madduckhttp://vcs-pkg.org
  `-  Debian - when you have better things to do than fixing systems
 
quantum mechanics: the dreams stuff is made of.


digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)

Re: Bug#677230: ITP: adhcp -- DHCP implementation in Ada

2012-06-12 Thread martin f krafft

also sprach Ben Hutchings  [2012.06.12.1736 +0200]:
> dhclient could do with some good competition; it's slow to recover from
> a link drop (or suspend/resume) and its configuration format is not very
> user-friendly.  But it does seem premature to include ADHCP.

udhcpc and dhcpcd also work.

-- 
 .''`.   martin f. krafft   Related projects:
: :'  :  proud Debian developer   http://debiansystem.info
`. `'`   http://people.debian.org/~madduckhttp://vcs-pkg.org
  `-  Debian - when you have better things to do than fixing systems
 
save the plankton - eat a whale.


digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)

Re: is something wrong with cron.d ?

2012-04-12 Thread martin f krafft

also sprach Olivier Sallou  [2012.04.12.1352 +0200]:
> root@VM-247:# more /etc/cron.d/xgrid 
> 0/5 * * * * root xgrid-graph >/dev/null 2>&1

You want */5 …

-- 
 .''`.   martin f. krafft   Related projects:
: :'  :  proud Debian developer   http://debiansystem.info
`. `'`   http://people.debian.org/~madduckhttp://vcs-pkg.org
  `-  Debian - when you have better things to do than fixing systems
 
"i think, therefore i'm single"
  -- lizz winstead


digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)

Multiple DB accounts with dbconfig-common

2012-04-07 Thread martin f krafft

Hello,

I am packaging http://vmm.localdomain.org/, which is a nicely
designed virtual mail manager for postfix+dovecot+pgsql. Obviously,
I would like to use dbconfig-common to faciitate setup for our
users. Since vmm (thankfully) uses separate database roles for each
component (admin command tool, postfix, dovecot), I am unsure how to
set that up with dbconfig-common, which does not seem to provide the
ability to add additional users.

Does anyone have an idea how I could/should move on?

Somehow I would like to avoid having to obtain passwords myself for
postfix and dovecot (generated or debconf) and then firing off SQL
for those two, while the admin user is handled by dbconfig-common.

Thanks,

-- 
 .''`.   martin f. krafft   Related projects:
: :'  :  proud Debian developer   http://debiansystem.info
`. `'`   http://people.debian.org/~madduckhttp://vcs-pkg.org
  `-  Debian - when you have better things to do than fixing systems
 
"life is what happens to you while you're busy making other plans."
-- john lennon


digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)

Re: bug reports with urls in them

2012-04-01 Thread martin f krafft

also sprach Michael Welle  [2012.04.01. +0200]:
> I just tried to report a bug. To show how one can reproduce
> the bug I needed an url, I chose www.foo.org for that purpose.

See RFC2606.

-- 
 .''`.   martin f. krafft   Related projects:
: :'  :  proud Debian developer   http://debiansystem.info
`. `'`   http://people.debian.org/~madduckhttp://vcs-pkg.org
  `-  Debian - when you have better things to do than fixing systems
 
"distrust all those who love you extremely
 upon a very slight acquaintance and without any visible reason."
  -- lord chesterfield


digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)

Re: Bug#662080: ITP: hadori -- Hardlinks identical files

2012-03-07 Thread martin f krafft

also sprach Jean-Christophe Dubacq  [2012.03.07.1825 +0100]:
> I, for one, would like a program that (starting from some paths on same
> harddrive), would find all identical files (not considering mtime and
> mode, this is for backups and I do not care), hardlink them (choosing
> whatever comes first for mtime and mode), and *store the function
> [filename (or inode), size, mtime] => hash*, so that files not modified
> since last run are not hashed again.

Try backuppc or Git, both of which are designed not to require any
deduplication.

-- 
 .''`.   martin f. krafft   Related projects:
: :'  :  proud Debian developer   http://debiansystem.info
`. `'`   http://people.debian.org/~madduckhttp://vcs-pkg.org
  `-  Debian - when you have better things to do than fixing systems
 
"mirrors should reflect a little before throwing back images."
   -- jean cocteau


digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)

Re: Do not use tabs in /etc/init.d/[script]

2012-03-02 Thread martin f krafft

also sprach Samuel Thibault  [2012.03.02.1633 +0100]:
> > It can make your scripts a bit more readable for all users.
> 
> Why?

Please, let's not get into this debate.

-- 
 .''`.   martin f. krafft   Related projects:
: :'  :  proud Debian developer   http://debiansystem.info
`. `'`   http://people.debian.org/~madduckhttp://vcs-pkg.org
  `-  Debian - when you have better things to do than fixing systems
 
the unix philosophy basically involves
giving you enough rope to hang yourself.
and then some more, just to be sure.


digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)

Re: Use of the first person in messages from the computer

2012-02-09 Thread martin f krafft

also sprach Josh Triplett  [2012.02.09.1554 +0100]:
> Choosing this option will modify /etc/X11/app-default/XTerm, preserving
> the old file as XTerm.backup.not-trad.

Because "choosing this option" does not modify anything but the
debconf cache, and only the postinst script modifies… no wait,
"choosing this option" only changes the in-memory state of some UI
widget and hitting enter then informs debconf…

It's good to see that Debian doesn't have any more pressing problems
to solve. ;)

I suggest to use words like "causes" or "yields".

-- 
 .''`.   martin f. krafft   Related projects:
: :'  :  proud Debian developer   http://debiansystem.info
`. `'`   http://people.debian.org/~madduckhttp://vcs-pkg.org
  `-  Debian - when you have better things to do than fixing systems
 
mulutlitithtrhreeaadededd s siigngnatatuurere


digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)

Re: Bug#656142: ITP: duff -- Duplicate file finder

2012-01-16 Thread martin f krafft

also sprach Kamal Mostafa  [2012.01.17.0049 +0100]:
> In my humble opinion, that would be an unreasonable pre-condition for
> inclusion in Debian.  Our standard for inclusion should not be that a
> new package must be "vastly better" than other similar packages.  That
> would deny a new package the opportunity to build a user base and
> possibly someday evolve to become the "vastly better" alternative
> itself.

Right, but I'd say it needs to be better and the maintainer needs to
be able to argue how it is better.

-- 
 .''`.   martin f. krafft   Related projects:
: :'  :  proud Debian developer   http://debiansystem.info
`. `'`   http://people.debian.org/~madduckhttp://vcs-pkg.org
  `-  Debian - when you have better things to do than fixing systems
 
"die zeit für kleine politik ist vorbei.
 schon das nächste jahrhundert
 bringt den kampf um die erdherrschaft."
 - friedrich nietzsche


digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)

Re: Bug#652891: ITP: nerdtree -- Nerdtree is a vim plugin which gives a tree view of all the directories

2011-12-24 Thread martin f krafft

also sprach Medhamsh  [2011.12.24.1003 +0100]:
> > Again, your plugin should not be a package of its own, but submitted
> > as a patch to vim-scripts.
> 
> Definitely! Should I now write this to vim-scripts maintainer
> and to the pkg-vim-maintainers list?

I think the best would be to obtain the package, integrate nerdtree,
and then create a patch that you submit to the BTS. You can even
reuse this bug report after retitling and reassigning it.

The place to get assistance for this is the debian-mentors mailing
list and/or IRC channel.

-- 
 .''`.   martin f. krafft   Related projects:
: :'  :  proud Debian developer   http://debiansystem.info
`. `'`   http://people.debian.org/~madduckhttp://vcs-pkg.org
  `-  Debian - when you have better things to do than fixing systems
 
"auch der mutigste von uns hat nur selten den mut zu dem,
 was er eigentlich weiß."
 - friedrich nietzsche


digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)

Re: Bug#652891: ITP: nerdtree -- Nerdtree is a vim plugin which gives a tree view of all the directories

2011-12-24 Thread martin f krafft

also sprach Medhamsh  [2011.12.24.0912 +0100]:
> Thanks! By the way I have started working on this and how
> do I get a mentor? Should I write to pkg-vim-maintainers?

Again, your plugin should not be a package of its own, but submitted
as a patch to vim-scripts.

-- 
 .''`.   martin f. krafft   Related projects:
: :'  :  proud Debian developer   http://debiansystem.info
`. `'`   http://people.debian.org/~madduckhttp://vcs-pkg.org
  `-  Debian - when you have better things to do than fixing systems
 
why didn't noah swat those two mosquitoes?


digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)

Re: Bug#652423: Acknowledgement (ITP: v3c -- C/C++/sh/make/automake/Debian utility toolkit)

2011-12-18 Thread martin f krafft

also sprach Philip Ashmore  [2011.12.18.1041 +0100]:
> Being too familiar with a package sometimes has it's drawbacks.

Absolutely. Thank you for your patience!

>  v3c is a wrapper package that provides a standard means of interacting with
>  packages by providing "boilerplate" code, programs and scripts, and allowing
>  you to manipulate a package through "make" targets, such as
>  .
>  make check
>  make dist
>  make distcheck
>  make git branch=1.3.5 release debian
>  make install
>  make distclean

How about:

  v3c is a build framework that ties in with GNU make, providing
  "boilerplate" code for the most common use cases of building
  software.

I'd say that's enough, no need to enumerate example targets.

>  Among its capabilities are doxygen documentation integration, Git version
>  control integration, configurable build modes (for debug and release builds,
>  for example), and the ability to specify most configurable options in the
>  top-level makefile.

Good!

>  It also provides a C++ class library for use in client projects.
>  Run "make check" to see test/example C++ programs that use it.

Why would I want to use build framework from within C++? Maybe you
can try to answer this question.

The note about "make check" should go into the README file, IMHO.

>  See treedb, meta-treedb, v3c-dcom and v3c-qt as examples of
>  projects that use the v3c build framework.

Ok. I am still somewhat confused why the project v3c-dcom and v3c-qt
carry the name of the build framework in the package names, but
I suppose I would look at those packages' descriptions to find out
more.

Cheers,

-- 
 .''`.   martin f. krafft   Related projects:
: :'  :  proud Debian developer   http://debiansystem.info
`. `'`   http://people.debian.org/~madduckhttp://vcs-pkg.org
  `-  Debian - when you have better things to do than fixing systems
 
"toleranz heißt, die fehler der anderen entschuldigen.
 takt heißt, sie nicht bemerken."
-- arthur schnitzler


digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)

Re: Bug#652423: Acknowledgement (ITP: v3c -- C/C++/sh/make/automake/Debian utility toolkit)

2011-12-18 Thread martin f krafft

also sprach Philip Ashmore  [2011.12.18.0834 +0100]:
> If no one has any more issues with the new long description then
> I'll assume all is well.

Hello Philip,

a long description is neither a text of marketing, nor should it be
a complete list of features. The former can go on a website, the
latter should be found in a README file.

The long description should preemptively provide a user with enough
information so that s/he can make a choice. It should be written
with complete sentences in free text, with an informative, objective
style.

A rough guidelines of questions to be answered across three
paragraphs could be:

  1. What is the general purpose of the software in this package, or
 the collection of software that this package belongs to?

  2. What distinguishes this software from other software? For what
 use cases was the software designed?

  3. How does this package fit in into a collection (unless it's
 a single package)? Are there any other noteworthy things that
 the user might need to know to decide for or against a piece of
 software?

Compare this to the description you propose in

  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652423#15

  utility C/C++ include files
  libv3c - a C/C++ library
  v3c - a utility program meant to be used in scripts or from the
  command line
  makefile includes - see v3c's client projects "makefile" for examples
  automake/aclocal m4 macros - see v3c's client projects for examples

What you are doing is providing a list of contents. Instead, I would
suggest this:

  v3c is a C++ programming toolkit that …. It was written because ….

  The intended use cases of v3c are …. Compared to other software
  (e.g. example1, example2), it is optimised for ….

  This package provides a utility program to interact … and control
  ….

-- 
 .''`.   martin f. krafft   Related projects:
: :'  :  proud Debian developer   http://debiansystem.info
`. `'`   http://people.debian.org/~madduckhttp://vcs-pkg.org
  `-  Debian - when you have better things to do than fixing systems
 
"the unexamined life is not worth living"
 -- platon


digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)

Re: Bug#651858: ITP: etm -- event and task manager using simple text files

2011-12-13 Thread martin f krafft

also sprach Thomas Koch  [2011.12.13.1121 +0100]:
> I couldn't find any version control system for this software and the 
> versioning scheme seems weird.

What's weird? Are you missing a dot? All that matters is that it's
increasing. ;)

-- 
 .''`.   martin f. krafft   Related projects:
: :'  :  proud Debian developer   http://debiansystem.info
`. `'`   http://people.debian.org/~madduckhttp://vcs-pkg.org
  `-  Debian - when you have better things to do than fixing systems
 
"we americans, we're a simple people...
 but piss us off, and we'll bomb your cities."
 -- robin williams, good morning vietnam


digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)

Re: ITP: ipmiutil -- Easy-to-use IPMI server management utilities

2011-11-28 Thread martin f krafft

also sprach tony mancill  [2011.11.29.0030 +0100]:
> I concur.  The more Debian can do to ease its introduction into mixed
> and/or non-Debian environments, the more potentially attractive it is to
> users.  Having impiutil part of Debian, provided that it is not buggy
> and is well-maintained, means one less headache for sysadmins out there.

Noone has argued that ipmiutil should not be packaged because there
are others already. But the package descriptions should help users
decide between them. Ideally, therefore, wishlist reports should be
filed against the other packages with suggestions to improve.

-- 
 .''`.   martin f. krafft   Related projects:
: :'  :  proud Debian developer   http://debiansystem.info
`. `'`   http://people.debian.org/~madduckhttp://vcs-pkg.org
  `-  Debian - when you have better things to do than fixing systems
 
"in the country of the blind,
 the one-eyed man is not king.
 he is taken to be a hallucinating lunatic."
 -marshall mcluhan


digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)

Re: Appreciation

2011-11-21 Thread martin f krafft

also sprach Raphael Hertzog  [2011.11.21.1606 +0100]:
> That said I don't share your point of view, most of the new Ubuntu
> contributors (at least those involved in packaging)

There are still many old ones that think Ubuntu can do without
Debian. Community "management" is not about writing webpages that
are only read by "most of the new people".

-- 
 .''`.   martin f. krafft   Related projects:
: :'  :  proud Debian developer   http://debiansystem.info
`. `'`   http://people.debian.org/~madduckhttp://vcs-pkg.org
  `-  Debian - when you have better things to do than fixing systems
 
the only difference between a car salesman and a computer salesman
is that the car salesman knows he's lying.


digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)

Re: Appreciation

2011-11-21 Thread martin f krafft

also sprach Michael Hall  [2011.11.21.0100 +0100]:
> The Ubuntu community is holding a community appreciation day[1]
> today, and I wanted to extend that to the entire Debian community
> as well.

Thanks. It's good to see that there are still people in the Ubuntu
community who have a grasp of the big picture. The community
managers in Ubuntu don't seem to care to inform new members (and
make sure existing members know) where Ubuntu is coming from.

Best of luck, and keep up the good work!

-- 
 .''`.   martin f. krafft   Related projects:
: :'  :  proud Debian developer   http://debiansystem.info
`. `'`   http://people.debian.org/~madduckhttp://vcs-pkg.org
  `-  Debian - when you have better things to do than fixing systems
 
time wounds all heels.
   -- groucho marx


digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)

Re: /tmp as tmpfs and consequence for imaging software

2011-11-13 Thread martin f krafft

also sprach Lars Wirzenius  [2011.11.13.1204 +0100]:
> A fixed policy is going to interact badly with real systems and
> per-site decisions about, say, disk partitioning and provisioining
> of RAM for various purposes.
>
> The proper policy, IMHO, is that a) all software that uses temporary
> files should obey TMPDIR if set (and fall back on /tmp if not)
> and b) all software must deal with out-of-disk-space errors in a
> sensible way (where the exact details may depend on the software).

Fully agreed.

Please do not try to (ab)use policy to tell me how I have to
administer/manage my systems. Use policy to dictate how programs we
provide as part of The Debian System must behave.

I would welcome if TMPDIR-related bugs and bugs related to
temporary file handling would become release-critical.

I think it's great that Debian provides the flexibility to easily
make /tmp a tmpfs. However, I don't think that should be the
default (cf. RAMRUN, RAMLOCK).

-- 
 .''`.   martin f. krafft   Related projects:
: :'  :  proud Debian developer   http://debiansystem.info
`. `'`   http://people.debian.org/~madduckhttp://vcs-pkg.org
  `-  Debian - when you have better things to do than fixing systems
 
people with narrow minds usually have broad tongues.


digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)

Re: making encrypted $HOME as easy and convenient as possible

2011-09-12 Thread martin f krafft

also sprach Rolf Kutz  [2011.09.12.0941 +0200]:
> There might be different use cases. An encrypted /home can still
> be backuped easily by administrators without being able to see
> inside.

True. At the same time, it exposes quite a lot of information, e.g.
structure of the tree. I don't know how much of that could be used
in a plain-text attack.

Note, however, that I don't really know ecryptfs. I only briefly
looked at encfs and was horrified by some of its design choices.
Maybe ecryptfs is better. Meanwhile, however, I chose to stay with
dm-crypt, which simply seems saner.

-- 
 .''`.   martin f. krafft   Related projects:
: :'  :  proud Debian developer   http://debiansystem.info
`. `'`   http://people.debian.org/~madduckhttp://vcs-pkg.org
  `-  Debian - when you have better things to do than fixing systems
 
people with narrow minds usually have broad tongues.


digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)

Re: making encrypted $HOME as easy and convenient as possible

2011-09-11 Thread martin f krafft

also sprach intrigeri  [2011.09.11.2246 +0200]:
> The d-i already supports easy *full* system encryption, swap
> included.

I think this is what people should be using, not a high-level hack
like ecryptfs.

However, I suppose you can only set this up during installation, and
converting a system later is not trivially possible. Or is it?

-- 
 .''`.   martin f. krafft   Related projects:
: :'  :  proud Debian developer   http://debiansystem.info
`. `'`   http://people.debian.org/~madduckhttp://vcs-pkg.org
  `-  Debian - when you have better things to do than fixing systems
 
"the strength of women comes from the fact
 that psychology cannot explain us.
 men can be analyzed, women merely adored."
-- oscar wilde


digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)

Re: Patch mgmt workflow proposal

2011-08-02 Thread martin f krafft

also sprach Ben Finney  [2011.08.02.0223 
+0200]:
> > This comes about ¾ of the way to the history pollution done by TopGit.
> 
> I consider it very useful information, when needed. It's only pollution
> if you let it be so.

That is a very wise statement, and I agree.

> > Not only would users potentially get confused by this additional
> > branch (which is an implementation detail), it would also get in
> > the way in gitk output (cf. pristine-tar) and annoy even the
> > unconfused.
> 
> That's an argument not for hobbling a useful branching-and-merging
> workflow, but for improving the output of those programs. Advocate
> with Git (and other VCSen) to hide merged revisions by default,
> the way Bazaar does.

One person's reasonable default is another person's nightmare.

Fact is that we have new contributors who are being shyed away by
complexity.

Fact is also that you can already hide information explicitly.

I have already dipped my foot in the water on this
[http://bugs.debian.org/636228], but I feel somewhat it's an
uphill battle.

In the end, the best solution is one that doesn't expose
implementation details in the first place. The discussion at

  http://www.spinics.net/lists/git/msg162549.html

is shaping up to be interesting.

-- 
 .''`.   martin f. krafft   Related projects:
: :'  :  proud Debian developer   http://debiansystem.info
`. `'`   http://people.debian.org/~madduckhttp://vcs-pkg.org
  `-  Debian - when you have better things to do than fixing systems
 
http://lavender.cime.net/~ricky/badgers.txt


digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)

Re: Patch mgmt workflow proposal

2011-08-01 Thread martin f krafft

also sprach Thomas Koch  [2011.08.01.1914 +0200]:
> So as a variation of the described workflow you can establish
> a special branch that holds references to all feature branch
> commits in its history.

This comes about ¾ of the way to the history pollution done by
TopGit. Not only would users potentially get confused by this
additional branch (which is an implementation detail), it would also
get in the way in gitk output (cf. pristine-tar) and annoy even the
unconfused.

I am currently investigating means to store information outside the
worktree in an immutable and automatically tracked-and-shared way:

  http://permalink.gmane.org/gmane.comp.version-control.git/178349
  (msgid 20110801121946.ga...@fishbowl.rw.madduck.net)
  http://permalink.gmane.org/gmane.comp.version-control.git/178393
  (msgid 20110801182015.ga3...@fishbowl.rw.madduck.net)

Feedback welcome, of course.

-- 
 .''`.   martin f. krafft   Related projects:
: :'  :  proud Debian developer   http://debiansystem.info
`. `'`   http://people.debian.org/~madduckhttp://vcs-pkg.org
  `-  Debian - when you have better things to do than fixing systems
 
there is no place like ~


digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)

Re: Call for teams interested in collaborating on a 'standard' Git workflow

2011-07-30 Thread martin f krafft

also sprach Thomas Koch  [2011.07.29.1613 +0200]:
> I've attached a draft of a description of the workflow.

It would be good to put this onto the vcs-pkg-discuss mailing list.

-- 
 .''`.   martin f. krafft   Related projects:
: :'  :  proud Debian developer   http://debiansystem.info
`. `'`   http://people.debian.org/~madduckhttp://vcs-pkg.org
  `-  Debian - when you have better things to do than fixing systems
 
"i believe that the moment is near when by a procedure
 of active paranoiac thought, it will be possible
 to systematise confusion and contribute to
 the total discrediting of the world of reality."
  -- salvador dali


digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)

Help sought for mdadm

2011-06-17 Thread martin f krafft

Dear colleagues,

real life is taking over, I am barely finding time for computer
work, let alone my Debian duties.

The problem is mainly that I am still the sole maintainer of mdadm.

I need one or two co-maintainers. I am willing to set aside an hour
for introductory IRC talking, and I am not going to impose any form
of maintenance guidelines (but rather cooperatively establish
them…).

Anyone?

-- 
 .''`.   martin f. krafft   Related projects:
: :'  :  proud Debian developer   http://debiansystem.info
`. `'`   http://people.debian.org/~madduckhttp://vcs-pkg.org
  `-  Debian - when you have better things to do than fixing systems
 
"when faced with a new problem, the wise algorithmist
 will first attempt to classify it as np-complete.
 this will avoid many tears and tantrums as
 algorithm after algorithm fails."
  -- g. niruta


digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)

network-manager as default? No! (was: Bits from the Release Team - Kicking off Wheezy)

2011-04-03 Thread martin f krafft

also sprach Josselin Mouette  [2011.04.02.2229 +0200]:
> I wonder what amount of features we are missing for network-manager to
> do the job; instead of rewriting a daemon from scratch, we might as well
> use one that was designed mostly for the same purpose. It’s
> event-driven, it’s extensible, and its features list is already
> impressive. Although it has some bugs remaining to fix, this would also
> be the case of the new implementation.

It was originally designed as a graphical tool, which is like taking
a wrong turn in square one. It has come a long way since then, but
last I checked, for instance, it was not possible to hook up two
network cards with DHCP.

Anyway, netconf is nowhere near and noone seems interested enough to
touch it, so…

But if network-manager would become default and ifupdown an optional
replacement, I would question Debian's capacity to make technically
excellent decisions and wonder, how much we have been dragged along
by "user-friendly distros" and slid off the track.

-- 
 .''`.   martin f. krafft   Related projects:
: :'  :  proud Debian developer   http://debiansystem.info
`. `'`   http://people.debian.org/~madduckhttp://vcs-pkg.org
  `-  Debian - when you have better things to do than fixing systems
 
"it is the mark of an educated mind
 to be able to entertain a thought
 without accepting it."
-- aristoteles


digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)

Re: Bits from the Release Team - Kicking off Wheezy

2011-03-31 Thread martin f krafft

also sprach Vincent Danjean  [2011.03.31.0925 +0200]:
> Martin F. Krafft started to implement a replacement of ifupdown
> that is better designed. But, due to lack of manpower I think,
> this project did not finish. See this archives of
> netconf-de...@lists.alioth.debian.org for more info.

Sadly, nothing has changed, and I am further away from computers
these days than I've ever been…

-- 
 .''`.   martin f. krafft   Related projects:
: :'  :  proud Debian developer   http://debiansystem.info
`. `'`   http://people.debian.org/~madduckhttp://vcs-pkg.org
  `-  Debian - when you have better things to do than fixing systems
 
military justice is to justice what military music is to music.
   -- groucho marx


digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)

Re: git and quilt

2010-02-03 Thread martin f krafft

also sprach Russ Allbery  [2010.02.04.1208 +1300]:
> I generally do not.  Doing so with a tool like TopGit is a little awkward
> and requires more steps, and I don't see much utility in doing so.  I
> think it's easier to just manage Git branches.

All that TopGit really does is help you in merging depending
branches into dependent ones if the former have updated. You also
don't have to always update them, as TopGit works quite well even if
branches are out-of-date. tg-summary is still useful to keep an
overview.

But yes, there are still some open issues with TopGit that prevent
me from unconditionally adovating it.

  
http://bugs.debian.org/cgi-bin/pkgreport.cgi?pkg=topgit;exclude=tags:fixed;exclude=tags:fixed-upstream;exclude=tags:pending;exclude=tags:wontfix;exclude=pending:done;dist=unstable

-- 
 .''`.   martin f. krafft   Related projects:
: :'  :  proud Debian developer   http://debiansystem.info
`. `'`   http://people.debian.org/~madduckhttp://vcs-pkg.org
  `-  Debian - when you have better things to do than fixing systems
 
"sometimes the urge to do bad is nearly overpowering"
  -- ben horne


digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/)

Re: Panam á MiniDebConf 2010 - March

2010-01-28 Thread martin f krafft

also sprach René Mayorga  [2010.01.29.1216 +1300]:
> I'm pleased to announce that we will be arranging a MiniDebConf starting on 
> 19/Mar/2010
> ending on 21/Mar/2010 on Panamá City[0]

Note that this coincides with the Thai DebCamp[0]. Maybe you can use
the timezone difference for some serious around-the-clock bugfixing?
;)

0. http://wiki.debian.org/DebianThailand/MiniDebCamp2010

-- 
 .''`.   martin f. krafft   Related projects:
: :'  :  proud Debian developer   http://debiansystem.info
`. `'`   http://people.debian.org/~madduckhttp://vcs-pkg.org
  `-  Debian - when you have better things to do than fixing systems
 
(on the statement print "42 monkeys"+"1 snake") btw,
both perl and python get this wrong.
perl gives 43 and python gives "42 monkeys1 snake",
when the answer is clearly "41 monkeys and 1 fat snake".
 -- jim fulton


digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/)

Bug#558739: RFH: hibernate -- smartly puts your computer to sleep (suspend to RAM or disk)

2009-11-30 Thread martin f krafft

Package: wnpp
Severity: normal

I request assistance with maintaining the hibernate package since
I don't use it anymore.

The package description is:
 The hibernate script helps you in putting your computer to sleep, using one
 of the various methods available in the kernel.
 .
 Hibernate can take care of loading and unloading modules, provides various
 hacks needed to get some video cards to resume properly under X, can
 optionally restart networking and system services, and basically do whatever
 else you ask it. It can be extended by writing new "scriptlets" which run at
 different points during the suspend process.
 .
 Currently the script supports all suspend mechanisms available through the
 /sys/power/state interface (including ACPI suspend and the in-kernel software
 suspend), as well as Software Suspend 2 (http://www.suspend2.net)

Thanks,

-- 
 .''`.   martin f. krafft   Related projects:
: :'  :  proud Debian developer   http://debiansystem.info
`. `'`   http://people.debian.org/~madduckhttp://vcs-pkg.org
  `-  Debian - when you have better things to do than fixing systems


digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/)

Re: New source package formats now available

2009-11-26 Thread martin f krafft

also sprach Raphael Hertzog  [2009.11.26.0920 +0100]:
> I would be ok to add support for this in "3.0 (quilt)":
> - add an option "--single-debian-patch" that could be set in
>   debian/source/options. With this option dpkg-source would update
>   debian/patches/debian-changes (instead of debian-changes-)
> - support a debian/source/debian-patch-header that would be used
>   as header of the automatic patch (debian/patches/debian-changes in this
>   case)
> 
> How does that sound? (Thanks to mrvn who suggested me the ideas)

How about implying --single-debian-patch when
debian/source/debian-patch-header exists?

-- 
 .''`.   martin f. krafft   Related projects:
: :'  :  proud Debian developer   http://debiansystem.info
`. `'`   http://people.debian.org/~madduckhttp://vcs-pkg.org
  `-  Debian - when you have better things to do than fixing systems
 
"a human being should be able to change a diaper, plan an invasion,
 butcher a hog, conn a ship, design a building, write a sonnet,
 balance accounts, build a wall, set a bone, comfort the dying, take
 orders, give orders, cooperate, act alone, solve equations, analyze
 a new problem, pitch manure, program a computer, cook a tasty meal,
 fight efficiently, die gallantly. specialization is for insects."
  -- robert heinlein


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Re: Bug#550860: ITP: gnaughty -- downloader for adult content

2009-10-13 Thread martin f krafft

> Do you know about bug 283578 ?

The name 'hot-babe' referenced a gender. gnaughty references
a natural tendency (and a graphical toolkit). I don't see how
#550860 is any different from a normal ITP for the Universal
Operating System, and should thus not receive any more attention.

-- 
 .''`.   martin f. krafft   Related projects:
: :'  :  proud Debian developer   http://debiansystem.info
`. `'`   http://people.debian.org/~madduckhttp://vcs-pkg.org
  `-  Debian - when you have better things to do than fixing systems
 
la lune, c'est comme les canards
il faut aimer caresser les chats
pour avoir envie d'y aller.


digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/)

Re: Explicitely Cc bug reporters

2009-09-10 Thread martin f krafft

also sprach Samuel Thibault  [2009.09.10.1545 +0200]:
> I'd like to remind maintainers that in order to reach bug reporters to
> ask for tests etc. you _need_ to explicitely Cc the bug reporter, else
> he won't receive the mail and of course not do the tests etc.  It's now
> quite a few times that I have received a "you didn't answer" mail...

As others have stated, I think this is wrong and the submitter
should receive all mail. In the mean time, those submitters who
would like not to wait debbugs to do the IMHO sensible thing can do
what I did:

  http://madduck.net/blog/2008.06.20:auto-subscribing-to-debian-bugs-i-file/

-- 
 .''`.   martin f. krafft   Related projects:
: :'  :  proud Debian developer   http://debiansystem.info
`. `'`   http://people.debian.org/~madduckhttp://vcs-pkg.org
  `-  Debian - when you have better things to do than fixing systems
 
fighting for peace is like screwing for virginity.
 -- the irish times, washington dc


digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/)

mdadm and udev (was: udev 146 in experimental)

2009-08-22 Thread martin f krafft

also sprach Marco d'Itri  [2009.08.22.1402 +0200]:
> I uploaded to experimental[1] udev 146, considering the major changes I
> recommend extended testing by anybody who can, especially d-i
> developers.
> Current status: "installs and boots in a kvm image".
> 
> It will make mdadm uninstallable until it will be fixed to use blkid.

Thanks, Marco, for the heads-up, for uploading to experimental, and
for #541884.

I do not see myself in the position to work on mdadm in the next
weeks. NMUs (and co-maintainers) welcome. #537993

-- 
 .''`.   martin f. krafft   Related projects:
: :'  :  proud Debian developer   http://debiansystem.info
`. `'`   http://people.debian.org/~madduckhttp://vcs-pkg.org
  `-  Debian - when you have better things to do than fixing systems
 
time wounds all heels.
   -- groucho marx


digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/)

Bug#539944: RFH: logcheck / also an idea for a logcheck rewrite

2009-08-04 Thread martin f krafft

Package: wnpp
Severity: normal

We could use help with logcheck, specifically:

- bug triaging, which is mainly updating rule files
- bug fixing of features and faults
- implementing templates for rules, e.g. @IPADDR@ and refactoring
  the rule files so that there aren't seven dozens different regexps
  for IP addresses
- improving the performance and usefulness
  * only process filters for packages that are installed
  * find a way to avoid the multipass approach logcheck currently
takes

The package is maintained with Git, but there are no branches, so
use is trivial.

If you're interested, please pass me your alioth.debian.org account
so that I can give you commit access.

* * *

In the long run, I'd love to see a rewrite of logcheck with some of
the following features:

- tag-based, so that an admin can choose whether to see e.g. daemon
  restart messages, authentication attempts for invalid/nonexistent
  accounts, etc.
- runs as a daemon and can process new log entries instantly.
- possibly interfaces directly with rsyslog to avoid having to go
  via log files
- configurable actions, e.g. mail, jabber, file, postgresql
- provide patterns/templates and easy instructions (possibly
  automatic filter generators) to encourage package maintainers to
  provide the files themselves.
- possibly require message samples with each filter to allow for
  a test suite.
- and many more.

Please send further ideas to this bug report.

Talk to me if you're interested in this, and I'd be happy to assist.
I don't have time to do it myself.

-- 
 .''`.   martin f. krafft   Related projects:
: :'  :  proud Debian developer   http://debiansystem.info
`. `'`   http://people.debian.org/~madduckhttp://vcs-pkg.org
  `-  Debian - when you have better things to do than fixing systems


digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/)

Re: What to do with (packages like) Blender?

2009-08-03 Thread martin f krafft

also sprach Maximiliano Curia  [2009.08.03.1529 +0200]:
> distrodev.org seems to have died sometime around 2007, do you know
> if there is any "replacement" for this?

No, but maybe we can revive it? Would you write to the domain owner?

-- 
 .''`.   martin f. krafft   Related projects:
: :'  :  proud Debian developer   http://debiansystem.info
`. `'`   http://people.debian.org/~madduckhttp://vcs-pkg.org
  `-  Debian - when you have better things to do than fixing systems
 
"for her, the dashed lines on the freeway were like grains of sand
 slipping, through an hour glass, ticking away the seconds, the
 minutes, and the hours of her life. if she got home a few minutes
 early on any given afternoon, it gave her a thrill as if she had
 stolen a little something back from death."
-- mc 900 ft jesus (http://www.theendoftheworld.org/900/spider1.shtml)


digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/)

Re: What to do with (packages like) Blender?

2009-08-03 Thread martin f krafft

also sprach Cyril Brulebois  [2009.08.02.2130 +0200]:
> Before going deeper into it, I have to say I've been trying to
> resist the urge of going public with it, and coping with my duties
> as much as I could. But it's just too much now. Members of the
> French Cabal (which of course doesn't exist) can tell you how I've
> been made *angry* about the current state of that piece of “free
> software”.

As I understand it, upstream is uncooperative, and others have
already hinted at distributi...@freedesktop, which I second. Someone
has also mentioned vcs-pkg, which is why I'd like to take the
opportunity to clarify its goal:

Without doubt, upstream should be the place where cross-distro
integration happens. However, if upstream is not interested, then
the idea of vcs-pkg is to have a repo used by all distros, which is
suitable for everyone. It doesn't matter where this repo will be
hosted, but I think in the long run, vcs-pkg.org or maybe
distrodev.org should have storage for those. vcs-pkg.org is on
alioth, but non-Debian people might not like being -guests.

-- 
 .''`.   martin f. krafft   Related projects:
: :'  :  proud Debian developer   http://debiansystem.info
`. `'`   http://people.debian.org/~madduckhttp://vcs-pkg.org
  `-  Debian - when you have better things to do than fixing systems
 
a friend is someone with whom
you can dare to be yourself


digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/)

a workflow based on rebasing? (was: RFC: DEP-3: Patch Tagging Guidelines)

2009-07-22 Thread martin f krafft

also sprach Guido Günther  [2009.07.22.1523 +0200]:
> Sure. I think I do understand what James is talking about. It's
> basically a matter of taste if you rebase patch branches or use
> topgit - both have their up and downsides.

With reference to
http://lists.alioth.debian.org/pipermail/vcs-pkg-discuss/2009-May/000616.html,
I'd love to see a detailed account of your workflow. I am failing to
wrap my head around how it would work and would appreciate being
able to learn from you.

-- 
 .''`.   martin f. krafft   Related projects:
: :'  :  proud Debian developer   http://debiansystem.info
`. `'`   http://people.debian.org/~madduckhttp://vcs-pkg.org
  `-  Debian - when you have better things to do than fixing systems
 
"the word yellow wandered through his mind in search of something to
 connect with."
 -- hitchhiker's guide to the galaxy


digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/)

Bug#537993: RFH: mdadm -- tool to administer Linux MD arrays (software RAID)

2009-07-22 Thread martin f krafft

Package: wnpp
Severity: normal

I request assistance with maintaining the mdadm package. I can still
maintain it, but would like to pass it to someone else in the long
run, so now would be a good time to get into it.

The package description is:
 The mdadm utility can be used to create, manage, and monitor MD
 (multi-disk) arrays for software RAID or multipath I/O.
 .
 This package automatically configures mdadm to assemble arrays during the
 system startup process. If not needed, this functionality can be disabled.


-- 
 .''`.   martin f. krafft   Related projects:
: :'  :  proud Debian developer   http://debiansystem.info
`. `'`   http://people.debian.org/~madduckhttp://vcs-pkg.org
  `-  Debian - when you have better things to do than fixing systems


digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/)

piuparts and sbuild integration (was: piuparts run by every uploader)

2009-07-21 Thread martin f krafft

also sprach gregor herrmann  [2009.07.21.1736 +0200]:
> But I have to admit that I run it very rarely because it takes way
> too long (including the time to unpack pbuilder's base.tgz).

Has anyone integrated it with sbuild? After all, couldn't it just
use the current chroot in which a package was built to piuparts-test
that package? Would the chroot need to be clean of the build-deps?

-- 
 .''`.   martin f. krafft   Related projects:
: :'  :  proud Debian developer   http://debiansystem.info
`. `'`   http://people.debian.org/~madduckhttp://vcs-pkg.org
  `-  Debian - when you have better things to do than fixing systems
 
the reason the mainstream is thought of as a stream
is because it is so shallow.


digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/)

piuparts run by every uploader (was: lintian-like tools in teams / early lintian stories)

2009-07-21 Thread martin f krafft

also sprach Lars Wirzenius  [2009.07.21.1527 +0200]:
> piuparts is _intended_ to be run by every uploader, actually. Or
> at least that was my intention back when I wrote it.

Okay, that wasn't my impression, sorry for spreading FUD.

Largely due to the need of maintaining a full chroot just for its
use, I thought piuparts had too high of a barrier of
entry/maintenance to be used by everyone. Am I completely wrong?

Can you estimate how many people are using it for their own packages
only?

-- 
 .''`.   martin f. krafft   Related projects:
: :'  :  proud Debian developer   http://debiansystem.info
`. `'`   http://people.debian.org/~madduckhttp://vcs-pkg.org
  `-  Debian - when you have better things to do than fixing systems
 
"alas, i am dying beyond my means."
-- oscar wilde


digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/)

Re: lintian-like tools in teams / early lintian stories

2009-07-21 Thread martin f krafft

also sprach Thomas Koch  [2009.07.21.1454 +0200]:
> are you interested only in Debian-Teams?

Mostly, but …

> The eZComponents project[0] uses codesniffer[1] to check for coding styles, 
> e.g. indentation, necessary documentation blocks, deprecated php functions.

… thanks for the pointer.

Thus far, I learnt about PET and packagecheck.

Several people also hinted at piuparts, but that's not exactly what
I wanted, since piuparts is really more of a general quality
assurance tool, intended mostly to be run by few people over many
packages, whereas lintian and packagecheck are tools that are run by
maintainers as part of their workflows.

Cheers,

-- 
 .''`.   martin f. krafft   Related projects:
: :'  :  proud Debian developer   http://debiansystem.info
`. `'`   http://people.debian.org/~madduckhttp://vcs-pkg.org
  `-  Debian - when you have better things to do than fixing systems
 
i wish this wish not to be granted!
-- achilles (hofstadter's geb)


digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/)

lintian-like tools in teams / early lintian stories

2009-07-20 Thread martin f krafft

Hey folks,

As part of my research[0], I have two questions:

Do you know any tools or teams using tools that, like lintian,
automatically check packages (or whatever it is that the team is
working on) and thereby helps to maintain a common baseline?

Also, do any of you remember stories from the early lintian days?

0. http://phd.martin-krafft.net

Thank you,

-- 
 .''`.   martin f. krafft   Related projects:
: :'  :  proud Debian developer   http://debiansystem.info
`. `'`   http://people.debian.org/~madduckhttp://vcs-pkg.org
  `-  Debian - when you have better things to do than fixing systems
 
"the stripes on the highway began to unreel beneath her in a dizzying
 blur as if all those grains of sand had lost their bearings and were
 falling all over each other just trying to get out of the way to make
 room for the next moment, or instant, or tick of the clock"
-- mc 900 ft jesus (http://www.theendoftheworld.org/900/spider1.shtml)


digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/)

Re: [Debconf-discuss] keysi gning in Cáceres: list and keyring files were released

2009-07-15 Thread martin f krafft

also sprach Aníbal Monsalve Salazar  [2009.07.16.0546 +0200]:
> Both list and keyring files were uploaded to
> http://people.debian.org/~anibal/ksp-dc9/

To prevent wasting copious amounts of paper, please consider loading
the list onto your laptop, bring something to affix your ID to the
outer case so you don't have to hold it, and see if you can take
notes on it like that while standing up.

-- 
 .''`.   martin f. krafft 
: :'  :  DebConf orga team; press officer
`. `'`
  `-  DebConf9: 24-30 Jul 2009, Extremadura, ES: http://debconf9.debconf.org
 
a friend is someone with whom
you can dare to be yourself


digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/)

Re: [Debconf-discuss] Call for keys for keysigning in Cáceres , Extremadura, Spain during DebConf9

2009-07-10 Thread martin f krafft

also sprach Christian Perrier  [2009.07.10.0655 +0200]:
> What about publishing what you already got? That could help those of us who
> want to check if their mail was properly received on your side..

Bad Christian!

  """
  Your keys will be processed manually and if the submitted keys are
  valid, an e-mail will be sent back to you and the key IDs will be
  listed at http://people.debian.org/~anibal/ksp-dc9/names.html. If
  you find an error write immediately to ani...@debian.org. 
  """

;)

-- 
 .''`.   martin f. krafft 
: :'  :  DebConf orga team; press officer
`. `'`
  `-  DebConf9: 24-30 Jul 2009, Extremadura, ES: http://debconf9.debconf.org
 
"welcome to american airlines, sir. here's your avocado - remember to
 keep it turned on and with you at all times. please turn your luggage
 over to the armadillos for rootling."
  -- http://azure.humbug.org.au/~aj/armadillos.txt


digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/)

Re: [Debconf-discuss] GPG keysigning?

2009-06-25 Thread martin f krafft

also sprach Steve Langasek  [2009.06.25.0703 +0200]:
> > You are putting *way* too much weight and importance into the
> > government-issued document, and basically none into the identity of
> > the holder. Seriously: we're supposed to be certifying identities,
> > not the authenticity of a government document.
> 
> I thought this was suitably rebutted years ago after the DC6
> keysigning.

I don't recall. Do you have a link to the suitable rebuttal?

> The government IDs are relevant because when we're collaborating
> on an OS where there's minimal code review of the work done by
> maintainers and a well-chosen malicious package could cause
> millions or billions of dollars in damage to our users, we[1] want
> to be able to hold someone accountable in the real world.  Not an
> "identity", but a physical person that we can prosecute and send
> to jail.

I challenged this and have not heard anything else. How exactly do
you think Debian would sue me, assuming I am in Switzerland, or
let's say Russia, Korea, or Senegal?

-- 
 .''`.   martin f. krafft 
: :'  :  DebConf orga team; press officer
`. `'`
  `-  DebConf9: 24-30 Jul 2009, Extremadura, ES: http://debconf9.debconf.org
 
don't hate yourself in the morning -- sleep till noon.


digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/)

Re: [Debconf-discuss] using OpenPGP notations to indicate keysigning practices [was: Re: GPG keysigning?]

2009-06-23 Thread martin f krafft

also sprach Daniel Kahn Gillmor  [2009.06.23.1949 
+0200]:
> --> govt-iss...@wot.debian.org might be a distinguished name
> identifying the apparent issuer of any validated identification,
> such as /C=US/ST=NY/ for a NY State (USA) driver's license and
> /C=US/ for an American passport. If you checked two IDs, you could
> include this notation twice.  Maybe this should somehow include
> the type of document as well?

Additional metadata, e.g. number and expiration date would
be helpful.

On the other hand, just some clear guidelines that participants HAVE
TO abide by, would help, e.g. a commitment to a signing policy for
all keys that are to appear in a Debian keyring.

I will always challenge the "government-issued ID" due to the vastly
differing standards across the globe, but "travel document" is
actually a term that someone uttered earlier, which raises the bar
a lot higher.

Cheers,

-- 
 .''`.   martin f. krafft 
: :'  :  DebConf orga team; press officer
`. `'`
  `-  DebConf9: 24-30 Jul 2009, Extremadura, ES: http://debconf9.debconf.org
 
"i believe that the moment is near when by a procedure
 of active paranoiac thought, it will be possible
 to systematise confusion and contribute to
 the total discrediting of the world of reality."
  -- salvador dali


digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/)

Re: [Debconf-discuss] GPG keysigning?

2009-06-23 Thread martin f krafft

also sprach Johannes Wiedersich  
[2009.06.23.1117 +0200]:
> The fact that different governments may have different levels of
> security/reliablity attached to their documents does not render the
> process arbitrary. Sticking to government IDs is a simple *rule*,
> sticking to some more or less vague other proofs of identity was
> *arbitrary* [1].

It's arbitrary in the level of additional security it brings, and
thus misleading. While a EU identity document has very high levels
of credibility, Gunnar has stated that e.g. the Mexican counterpart
has no comparable standards.

It's a bit like saying that every dog has to be on a leash, but the
thickness of the leash is left to the owner.

-- 
 .''`.   martin f. krafft   Related projects:
: :'  :  proud Debian developer   http://debiansystem.info
`. `'`   http://people.debian.org/~madduckhttp://vcs-pkg.org
  `-  Debian - when you have better things to do than fixing systems
 
"the ships hung in the sky in much the same way that bricks don't."
 -- hitchhiker's guide to the galaxy


digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/)

Re: [Debconf-discuss] GPG keysigning?

2009-06-22 Thread martin f krafft

also sprach Manoj Srivastava  [2009.06.23.0325 +0200]:
> Now, Madduck wants us to say that there is no need for this
> broader identity verification mechanism, that oe should just trust
> him, and there shall be a means of smiting evil doers just the
> same -- but after debconf 6 --- his track record for trust on
> identification schemes runs pretty low.

This is an accusation for which you have no data. Do you know which
keys I signed since then, and on what basis?

I also never said that you should trust me.

Anyway, no interest to continue this discussion on a personal level.

-- 
 .''`.   martin f. krafft   Related projects:
: :'  :  proud Debian developer   http://debiansystem.info
`. `'`   http://people.debian.org/~madduckhttp://vcs-pkg.org
  `-  Debian - when you have better things to do than fixing systems
 
a c programmer asked whether computers have buddha's nature.
as the answer, the master did "rm -rf" on the programmer's home
directory. and then the c programmer became enlightened...


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Re: [Debconf-discuss] GPG keysigning?

2009-06-22 Thread martin f krafft

also sprach Russ Allbery  [2009.06.23.0158 +0200]:
> > However, if you want to tie that key owner to a real person, to
> > somehow (my speculation) bring down the wrath on the community
> > on someone who does something nasty or  subverts the DMUP or
> > causes the FSM to weep, well, you need the meet and greet and
> > key signing stuff. Smiting evil dooers seems to be the major
> > cause that justifies this exerciser, since otherwise the person
> > can just dump their key, change their email, and get away scot
> > free. Hard to smite them then.
> 
> I think this is the key point, plus just a general sort of raising
> the effort required for someone to subvert the system as Manoj
> also mentions.

Right, but where's the borderline? Having gone through the process
of getting an ID from the Transnational Republic, I would have no
trouble imagining that somewhere else on this earth there's a lot
less scrutiny involved when a government ID is issued.

While I still maintain that a community-signed GPG key of a meanie
is not going to allow for a better indictment in court, I see the
argument about the proxy. However, given the broad spectrum of
governments and their standards, I think the cut-off point is
convenient, but not really useful.

Obviously we cannot pick an elite group of countries and deny
signing to citizens whose governments don't have the resources for
rigorous processes or fancy documents, or who are simply corrupt, so
we just accept them all, as long as it's a government.

It might be asking a bit much to expect people to know whether
a given country actually exists, too. I remember people asking me
where the Transnational Republic was.

> Meeting in person and exchanging government ID or something that
> looks good enough to fool people is a compromise position, but
> I do think there's a general feeling that it's close to a sweet
> spot in that tradeoff for what we want out of our web of trust.

Alright, I agree that it's not as useless as I sometimes portray it.
But it's still woefully arbitrary.

-- 
 .''`.   martin f. krafft 
: :'  :  DebConf orga team; press officer
`. `'`
  `-  DebConf9: 24-30 Jul 2009, Extremadura, ES: http://debconf9.debconf.org
 
it is ok to let your mind go blank, but please turn off the sound.


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

popcon.d.o? (was: gluck.debian.org (aka oldpeople.d.o) about to be shut down)

2009-06-22 Thread martin f krafft

also sprach Martin Zobel-Helas  [2009.06.20.0127 +0200]:
> If you care about any data you might have there please get it while you
> can.
> 
> Current plan is to shut down current gluck by end of June (so in about
> 10 days).

Where is popcon being run now? DNS says bellini, but gluck still
seems to accumulate data. Since I am snapshotting popcon data for my
research, I would appreciate to know when I have to change to
bellini.

-- 
 .''`.   martin f. krafft   Related projects:
: :'  :  proud Debian developer   http://debiansystem.info
`. `'`   http://people.debian.org/~madduckhttp://vcs-pkg.org
  `-  Debian - when you have better things to do than fixing systems
 
"they redundantly repeated themselves over and over,
 incessantly without end and ad infinitum"
 -- ibid


digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/)

Re: postfix as default-mta? [Re: Bug#508644: new release goal default-mta?]

2009-05-09 Thread martin f krafft

also sprach Peter Eisentraut  [2009.05.09.1142 +0200]:
> There are really two orthogonal things being discussed here: One question is 
> whether the default MTA should be a full or proper implementation versus a 
> tiny and limited implementation (or -- the latest idea -- none at all).  The 
> other is whether, if the full implementation is chosen, it should be Exim or 
> Postfix.  It might lead this argument to a clearer conclusion if those two 
> issues are treated separately.

There's a third, issue, which is #508644: to abstract default-mta
(or similar), to make any such transition feasible in a future-proof
way.

Maybe we ought to concentrate on that first?

I think I am to blame a bit for adding to the fuel of the
postfix-exim4 debate with the doodle link, which just took us away
from the actual discussion. Sorry.

-- 
 .''`.   martin f. krafft   Related projects:
: :'  :  proud Debian developer   http://debiansystem.info
`. `'`   http://people.debian.org/~madduckhttp://vcs-pkg.org
  `-  Debian - when you have better things to do than fixing systems
 
"although occasionally there is something to be said for solitude."
  -- special agent dale cooper


digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/)

Re: postfix as default-mta? [Re: Bug#508644: new release goal default-mta?]

2009-05-07 Thread martin f krafft

also sprach Josselin Mouette  [2009.05.07.1423 +0200]:
> Both have a very good security track record, so I don’t think the design
> alone justifies a possibly painful transition.

Where's the pain?

  0.  figure out how to solve #508644 properly, and not only for
  default-mta, but default-syslog etc.
  1a. make it a release goal for squeeze.
  1b. make sure postfix packaging is up to the task, give Lamont
  some minions (/me volunteers)
  2.  switch to postfix

Anyway, with this postfix discussion, we ought not lose focus of
#508644... The open questions are

  1. whether to use the chance and implement lsb-sendmail-cmd in
 addition to default-mta,
  and 2. whether to use virtual or dummy packages.

I think raising the issue of (1) in the process and letting each
maintainer do the proper thing is sensible.

I also think virtual packages for (2) are up to the task, and if we
have the policy on our side, we can be reasonably sure that none of
those default-* packages get provided more than once... and if they
did during a transition, well, it wouldn't actually harm...

-- 
 .''`.   martin f. krafft   Related projects:
: :'  :  proud Debian developer   http://debiansystem.info
`. `'`   http://people.debian.org/~madduckhttp://vcs-pkg.org
  `-  Debian - when you have better things to do than fixing systems
 
"computer science is no more about computers
 than astronomy is about telescopes."
 -- edsgar w. dijkstra


digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/)

Re: postfix as default-mta? [Re: Bug#508644: new release goal default-mta?]

2009-05-07 Thread martin f krafft

also sprach Josselin Mouette  [2009.05.07.1328 +0200]:
> How is that an improvement over Exim?

There are some of us that have a greater trust level into the
security and design of postfix.

-- 
 .''`.   martin f. krafft   Related projects:
: :'  :  proud Debian developer   http://debiansystem.info
`. `'`   http://people.debian.org/~madduckhttp://vcs-pkg.org
  `-  Debian - when you have better things to do than fixing systems
 
"alas, i am dying beyond my means."
-- oscar wilde


digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/)

Re: postfix as default-mta? [Re: Bug#508644: new release goal default-mta?]

2009-05-06 Thread martin f krafft

also sprach Joerg Jaspert  [2009.05.07.0002 +0200]:
> As much as i like postfix and hate exim: no. If we change, please
> go to something like nullmailer|ssmtp|whateversimple.

Correct me if I am wrong, but I think those do not do queueing,
which will break the default assumption that I've seen almost
everywhere, which is that when sendmail returns, your email is
getting delivered, or you'll get a DSN.

Nullmailer is not LSB-compliant.

And neither of the small ones handle mail to root on the local
system (cron, apticron, logcheck, etc.) in an acceptable manner,
I think.

-- 
 .''`.   martin f. krafft   Related projects:
: :'  :  proud Debian developer   http://debiansystem.info
`. `'`   http://people.debian.org/~madduckhttp://vcs-pkg.org
  `-  Debian - when you have better things to do than fixing systems
 
"if beethoven's seventh symphony
 is not by some means abridged,
 it will soon fall into disuse."
 -- philip hale, boston music critic, 1837


digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/)

Re: postfix as default-mta? [Re: Bug#508644: new release goal default-mta?]

2009-05-06 Thread martin f krafft

also sprach Marco d'Itri  [2009.05.06.2338 +0200]:
> > Maybe we should also consider changing the default MTA to postfix?
> Agreed, it's about time.

http://doodle.com/exre35q7ckruyxpx 

-- 
 .''`.   martin f. krafft   Related projects:
: :'  :  proud Debian developer   http://debiansystem.info
`. `'`   http://people.debian.org/~madduckhttp://vcs-pkg.org
  `-  Debian - when you have better things to do than fixing systems
 
"the human brain is like an enormous fish --
 it is flat and slimy
 and has gills through which it can see."
   -- monty python


digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/)

Bug#508644: new release goal default-mta? (was: stable-p-u: mdadm 2.6.7.2-2)

2009-05-05 Thread martin f krafft

also sprach martin f krafft  [2009.05.05.1706 +0200]:
> spu: 
> http://git.debian.org/?p=pkg-mdadm/mdadm.git;a=commitdiff;h=541c07a775104848ed99e2cb5935496c8718807a

Carsten correctly identified my failure to update the changelog, so
I give you also:
  
http://git.debian.org/?p=pkg-mdadm/mdadm.git;a=commitdiff;h=3feeb8e1d826ea9f16eb27dbd6d1c5a1d4ca58d0

-- 
 .''`.   martin f. krafft   Related projects:
: :'  :  proud Debian developer   http://debiansystem.info
`. `'`   http://people.debian.org/~madduckhttp://vcs-pkg.org
  `-  Debian - when you have better things to do than fixing systems


digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/)

Bug#508644: new release goal default-mta? (was: stable-p-u: mdadm 2.6.7.2-2)

2009-05-05 Thread martin f krafft

also sprach Carsten Hey  [2009.05.05.1645 +0200]:
> Depending on default-mta | mta in a upload to s-p-u does not fix
> anything since there is no default-mta in stable.  This would possibly
> even break pinning in unexpected ways for users with stable and testing
> in their source.list.  Thus please consider depending on exim4 | mta or
> postfix | mta in your upload to s-p-u and changing the dependency as
> discussed for your next upload to sid.

Of course.

sid: 
http://git.debian.org/?p=pkg-mdadm/mdadm.git;a=commitdiff;h=93eecf12c706c1c01f1d0a8c45c20639ca8afe3f
spu: 
http://git.debian.org/?p=pkg-mdadm/mdadm.git;a=commitdiff;h=541c07a775104848ed99e2cb5935496c8718807a

I cannot leave it at postfix|mta apparently, because that's frowned
upon (although the policy does not back up this complaint).

FWIW, Ubuntu did what I consider the right thing:

http://launchpadlibrarian.net/21235281/mdadm_2.6.7.1-1ubuntu4_2.6.7.1-1ubuntu5.diff.gz

-- 
 .''`.   martin f. krafft   Related projects:
: :'  :  proud Debian developer   http://debiansystem.info
`. `'`   http://people.debian.org/~madduckhttp://vcs-pkg.org
  `-  Debian - when you have better things to do than fixing systems


digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/)

Bug#508644: new release goal default-mta? (was: stable-p-u: mdadm 2.6.7.2-2)

2009-05-04 Thread martin f krafft

[moving debian-rele...@l.d.o to Bcc, continuing discussion in bug log]

also sprach Andreas Metzler  [2009.05.04.1856 
+0200]:
> FWIW as previously discussed on debian-devel starting with the
> lastest upload (4.69-10) exim4-daemon-light provides default-mta.

Excellent. If there are no objections, I'll formulate a squeeze
release goal and file the bugs.

(updated mdadm coming to s-p-u on Thursday, are there other
comments?
http://lists.debian.org/debian-release/2009/05/msg00024.html)

-- 
 .''`.   martin f. krafft   Related projects:
: :'  :  proud Debian developer   http://debiansystem.info
`. `'`   http://people.debian.org/~madduckhttp://vcs-pkg.org
  `-  Debian - when you have better things to do than fixing systems


digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/)

Re: RFC: Better formatting for long descriptions

2009-03-20 Thread martin f krafft

also sprach Andreas Tille  [2009.03.20.1445 +0100]:
> I tried to find a clear advise how to reasonable format lists inside long
> descriptions of packages.  The only thing I know is that lines with two
> leading spaces is considered verbose.  This leaves a lot of freedom to
> simulate for instance itemize lists.  I'd like to give some examples for
> package names starting with 'a' and stopped with the first package names
> of 'b'.  If you are bored by these examples continue reading below the
>   -- line.

What we really should do, instead of clinging to the NIH-behaviour,
reinventing the wheel, and polishing it over and over again is ditch
the pseudo-RFC822 format we have and use Yaml instead.

http://www.yaml.org/start.html
http://yaml.org/spec/1.2/

-- 
 .''`.   martin f. krafft   Related projects:
: :'  :  proud Debian developer   http://debiansystem.info
`. `'`   http://people.debian.org/~madduckhttp://vcs-pkg.org
  `-  Debian - when you have better things to do than fixing systems
 
"den stil verbessern, das heißt den gedanken verbessern."
 - friedrich nietzsche


digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/)

Re: Support of new source packages in squeeze

2009-03-09 Thread martin f krafft

also sprach Stefano Zacchiroli  [2009.03.09.2210 +0100]:
> It is more expressive, and can give more easily access to
> individual patches (e.g. for pushing them upstream) when they get
> entangled with others.  I'm using it because I'm convinced that it
> implements the right® packaging work-flow, as no other tool we
> currently have in our toolbox.

Actually, it all boils down to the distinction between who will do
the conflict resolution: you or the consumer. Manoj and I had long
debates about this on vcs-pkg-discuss.

With quilt, you are asking all consumers to do the conflict
resolution, in case a patch depends on an earlier one. 

With plain feature branches, you have to do the conflict resolution
every time you pull them together to create a package.

TopGit can do both. You can maintain a simple stack, or a queue, or
anything in between. It allows^W encourages you to lean towards the
latter, so if a patch really depends on another, then upstream will
need both anyway. Then B depends on A. If a patch does not depend on
another, then B coexists with A and can be used separately.

> ... but it is, still, way more complex than legacy patch systems.
> Also, it requires serious git-fu if you get stuck.

Yes, it's definitely too complex right now, and just like Git, it
exposes too much of the internals.

I also feel it's the right direction, but it needs work. Having
experience people feed back their input and patches (!) will help.

-- 
 .''`.   martin f. krafft   Related projects:
: :'  :  proud Debian developer   http://debiansystem.info
`. `'`   http://people.debian.org/~madduckhttp://vcs-pkg.org
  `-  Debian - when you have better things to do than fixing systems
 
"there are more things in heaven and earth, horatio,
 than are dreamt of in your philosophy."
 -- hamlet


digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/)

1 2 3 4 5 6 7 8 9 >

1 - 100 of 897 matches

Mail list logo