Re: debian-security-announce-$lang@lists?
I think as a German I'm allowed to say this: No English, no security. There will always be bits and pieces available in English only. Making DSAs available in foreign languages will help amateurs without sufficient English skills to keep their systems up to date. It might even help professionals, because although I have no problem with understanding english (and even german if required) reading a email in the Dutch language is less strenuous. For professionals, required reading is debian-security (or whatever foo-security list applies to their system), BUGTRAQ, maybe full-disclosure if you can stand it ;-), and some other mailing lists. Agreed, although it's a lot of emails a day if you are on all 3 mailinglists. Ivo van Dongen [EMAIL PROTECTED]:~$ apt-cache show clue Package: clue Priority: optional
Re: debian-security-announce-$lang@lists?
Ricardo Javier Cardenes Medina wrote: Mmmh... Comes to mind... What are the chances for a non-developer to be on writers at CVS now that we're authenticating via developer-related ssh keys? That would be very convenient just as many people (at least on the Spanish team) remain not being Debian Developers themselves, and relay on the developers to upload their changes. We've been thinking on a quite complicated way involving a second CVS on our servers :-D, but it's a lot of burden, if you ask me. Please read http://www.debian.org/devel/website/ Regards, Joey -- GNU GPL: The source will be with you... always. Please always Cc to me when replying to me on the lists.
Re: debian-security-announce-$lang@lists?
On Wed, Aug 14, 2002 at 05:38:35PM +0200, Jan Niehusmann wrote: On Wed, Aug 14, 2002 at 05:12:19PM +0200, Martin Schulze wrote: One could reduce a DSA to do I have this package installed? Yes, then I'd better update.. However, if these people are subscribed to Perhaps this could even be automated: When a new (english) DSA gets released, a script automatically sends a short announcement to the translated lists just containing the message 'there is a new DSA (..) /deja-vu Didn't I propose exactly this? Javi
Re: debian-security-announce-$lang@lists?
On Fri, Aug 16, 2002 at 11:43:25AM +0200, Javier Fernández-Sanguino Peña wrote: /deja-vu Didn't I propose exactly this? Yes, you did. I didn't read the full thread before posting my message. Jan
Re: debian-security-announce-$lang@lists?
Giuseppe Sacco wrote: Il Tue, Aug 13, 2002 at 09:23:57PM +0200, Martin Schulze ha scritto: [...] Currently, all DSAs are released via mail in english on [EMAIL PROTECTED] and copied to www.debian.org afterwards, where they will be picked up by seven[1] fellow translators Just for the records. From this morning we also have Italian :-) This exactly asserts my concern: There is only an Italian version of DSA 149, while 150, 151 and 152 are still missing. Regards, Joey -- Let's call it an accidental feature. --Larry Wall Please always Cc to me when replying to me on the lists.
RE: debian-security-announce-$lang@lists?
I'm not really sure if this is the right place for the language discussion. I believe that everybody on this list at least understands English good enough to be able to get the message and understand the English announcements. Why would someone subscribe to a list she can't follow? And those who will participate in the discussion at least write English well enough to get their message across. Those people don't need translated announcements. In my opinion it is a better idea to post a request for comment on each translated announcement page and see how demand is. I think as a system administrator, one is out of luck if one can't follow the English announcements anyway. I am not an administrator but still I often have to work my way through man pages or HOW-TO's that are not (yet/necessarily) available in my mother tongue. I assume that this is getting more if one is doing this on a professional basis. If one is not a system administrator and one cannot follow the English announcements (How many people are that anyway?) one can probably wait a couple of hours or even days for the announcement to appear in their language on the website. And if timing is really such a big issue, a generic email warning, saying that an issue has been discovered, where the English announcement can be found and where and/or when the translate announcement will appear on a webpage, would suffice. Don't get me wrong. I really appreciate the high level of commitment in the community, but there are probably places where those resources could be better used. If there are people available that can translate the email, then these people can instead translate the announcement and place it on the webpage.
Re: debian-security-announce-$lang@lists?
On Tue, Aug 13, 2002 at 09:23:57PM +0200, Martin Schulze wrote: Given the above, what do you think about establishing localized security-announce lists? Please discuss this issue on debian-security and not on debian-devel or debian-project to reach a larger audience. Not being a CVS guru myself... What about a CVS trigger to automatically maintain the -$lang lists? I know that sending the DSA directly to the list would be much quicker, but the other way we could automatically assemble the text with URLs. Mmmh... Comes to mind... What are the chances for a non-developer to be on writers at CVS now that we're authenticating via developer-related ssh keys? That would be very convenient just as many people (at least on the Spanish team) remain not being Debian Developers themselves, and relay on the developers to upload their changes. We've been thinking on a quite complicated way involving a second CVS on our servers :-D, but it's a lot of burden, if you ask me. Regards, Ricardo.
Re: debian-security-announce-$lang@lists?
I'm not really sure if this is the right place for the language discussion. I believe that everybody on this list at least understands English good enough to be able to get the message and understand the English announcements. Why would someone subscribe to a list she can't follow? And those who will participate in the discussion at least write English well enough to get their message across. Those people don't need translated announcements. So we have to think for those, who aren't able to follow this discussion, too. I think as a system administrator, one is out of luck if one can't follow the English announcements anyway. [snip] I dislike this attitude No English, no IT. In many states school systems aren't good enough or English is not taught as first foreign language. As a side note: I personally know Germans and foreign Chinese students here in Germany working in this business, whose English skills wouldn`t allow reading complicated DSAs. And if timing is really such a big issue, a generic email warning, saying that an issue has been discovered, where the English announcement can be found and where and/or when the translate announcement will appear on a webpage, would suffice. The difference between web pages and mailing lists is, that you get the mail as soon as possible, whereas you must check the web pages manually. Time consuming, annoying, therefore probably an inferior solution. Don't get me wrong. I really appreciate the high level of commitment in the community, but there are probably places where those resources could be better used. If there are people available that can translate the email, then these people can instead translate the announcement and place it on the webpage. The valid point here is, that human resources in this project are limited. So everything depends on some people willing to do the work. But the original idea nevertheless is good, to enable people reading security announcements as fast as possible in a language, they can understand. I can't estimate, if there are enough volunteers already available to get things working. Introducing these lists, with no mails send afterwards, would really be counterproductive. If those knowing the translators who are already involved think, that there are enough volunteers, go for it, IMHO. Ciao Siegbert
Re: debian-security-announce-$lang@lists?
On Wed, 14 Aug 2002, Siegbert Baude wrote: So we have to think for those, who aren't able to follow this discussion, too. I think as a system administrator, one is out of luck if one can't follow the English announcements anyway. [snip] I dislike this attitude No English, no IT. In many states school systems aren't good enough or English is not taught as first foreign language. As a side note: I personally know Germans and foreign Chinese students here in Germany working in this business, whose English skills wouldn`t allow reading complicated DSAs. I do not think these people will (be able to) set up their own debian system: if their foreign language skills are insufficiently evolved to install such a system, there is no need to read the DSAs. this means: problem solved. on the other hand, if they succeed in setting up such a system, and they do not understand the DSA-email information broadcasts, but can decode enough information so that they are still interested in the issue, why wouldn't they use an automated translator such as babelfish? with kind and humble regards, danny. Ciao Siegbert
Re: debian-security-announce-$lang@lists?
On Wednesday, 2002-08-14 at 11:55:29 +0200, Siegbert Baude wrote: I dislike this attitude No English, no IT. In many states school systems aren't good enough or English is not taught as first foreign language. As a side note: I personally know Germans and foreign Chinese students here in Germany working in this business, whose English skills wouldn`t allow reading complicated DSAs. I think as a German I'm allowed to say this: No English, no security. There will always be bits and pieces available in English only. Making DSAs available in foreign languages will help amateurs without sufficient English skills to keep their systems up to date. For professionals, required reading is debian-security (or whatever foo-security list applies to their system), BUGTRAQ, maybe full-disclosure if you can stand it ;-), and some other mailing lists. None of these is available in translation, and mailing lists are generally too fast moving to allow for translation. So while I applaud the effort going into the DSA translations, I don't think any professional admin should skip the English originals. Hence I think a days delay for the translations is allright. (And I admire the people who volunteer to do it in such a short timeframe.) Lupe Christoph -- | [EMAIL PROTECTED] | http://www.lupe-christoph.de/ | || | After a while you give up trying to escape who you are. | | Stephan frears on directing High Fidelity|
Re: debian-security-announce-$lang@lists?
On Wed, Aug 14, 2002 at 12:18:29PM +0200, Danny De Cock wrote: On Wed, 14 Aug 2002, Siegbert Baude wrote: language. As a side note: I personally know Germans and foreign Chinese students here in Germany working in this business, whose English skills wouldn`t allow reading complicated DSAs. I do not think these people will (be able to) set up their own debian system: if their foreign language skills are insufficiently evolved to install such a system, there is no need to read the DSAs. While I agree that sufficient english skills to read a DSA are necessary to do a good job administrating a debian system, I'm very sure it is possible to install debian without understanding english. Some questions are obvious (for example when you have to choose a keyboard layout), others have sensible defaults an you can simply say 'ok'. So you can install debian with some guessing without understanding the actual messages. I think the problem is a different one: In my experience, nearly all people dealing with linux systems know enough english to read DSAs. But many are just to lazy to read anything that is not in their native language. So translating the DSAs may lead to more secure debian systems, and in the end, less vulnerable systems on the net. So I think it's a good idea. At least as long as it doesn't delay the distribution of the english DSA. Jan
RE: debian-security-announce-$lang@lists?
I think as a system administrator, one is out of luck if one can't follow the English announcements anyway. [snip] I dislike this attitude No English, no IT. In many states school systems aren't good enough or English is not taught as first foreign language. As a side note: I personally know Germans and foreign Chinese students here in Germany working in this business, whose English skills wouldn`t allow reading complicated DSAs. Please don't get me wrong. I am not promoting an elite circle of selbstbeweihraeuchernden Goettern as you Germans call it, that distinguishes itself by the fact that they are able to speak English. I would support anything that would open this topic to a broader community. But for the reasons I stated I do not believe that a translated list will help much in this matter. In fact English is not my first foreign language either; it is not even my second foreign language. But I decided to learn enough of it to participate here, not because I like the language so much but because I found I could not get around without it. I was really surprised (in a positive way) to hear from these German and Chinese linux administrators that are doing well without being able to understand english DSA's. I am really wondering how they do it, because I could not do it.
Re: debian-security-announce-$lang@lists?
Jens wrote: I think as a system administrator, one is out of luck if one can't follow the English announcements anyway. Siegbert wrote: [snip] I dislike this attitude No English, no IT. In many states school systems aren't good enough or English is not taught as first foreign language. As a side note: I personally know Germans and foreign Chinese students here in Germany working in this business, whose English skills wouldn`t allow reading complicated DSAs. Jens wrote: Please don't get me wrong. I am not promoting an elite circle of selbstbeweihraeuchernden Goettern as you Germans call it, that distinguishes itself by the fact that they are able to speak English. I would support anything that would open this topic to a broader community. But for the reasons I stated I do not believe that a translated list will help much in this matter. In fact English is not my first foreign language either; it is not even my second foreign language. But I decided to learn enough of it to participate here, not because I like the language so much but because I found I could not get around without it. I was really surprised (in a positive way) to hear from these German and Chinese linux administrators that are doing well without being able to understand english DSA's. I am really wondering how they do it, because I could not do it. Maybe the different opinions here are on one side based on the assumption that Debian is for the professionals only. IMHO, that's wrong. The people I talk about with the lack of English knowledge are in the IT business, but they aren't sysadmins. But they own debian boxes for private use (DSL-router, firewall, ...) and yes, it was me, who recommended Debian. Was it wrong doing so, should I have sent them to Suse or Mandrake instead? I don't check the English skills before I install a box for a friend, so the assumption that every Debian installation refers to an English speaking box owner is simply wrong, too. BTW, Lehmann's book store sells a specially crafted Debian CD set here in Germany with German installation documentation. I'm sure similar things exist in other countries, too. But we all know, that even private boxes should be as secure as possible to prevent misuse, which also affects professionally maintained systems. So any effort to strengthen security on all Debian boxes spread over the world is much appreciated. If there would be international debian-security-announce lists, we could simply reach more people, as we could advise them on install time to subscribe to a security list with a language they understand. So information will make its way through to them. Relying on them, to check regularly some web sites is suboptimal, as we all know this simply won't work in everyday's life. So if there are volunteers, who will do the work, I really can't see any downside. If there aren't, drop this idea. That's it, IMHO. Ciao Siegbert P.S.: Of course, it is much easier to be able to speak English; but this world is imperfect both security and education wise. :-)
Re: debian-security-announce-$lang@lists?
El mié, 14-08-2002 a las 11:03, Javier Fernández-Sanguino Peña escribió: I do not see the benefit of this push method if we take in account that we already provide an RDF channel for advisories and users can configure their user agents (like Evolution) to retrieve them automatically. Hey, I knew nothing about it - Where can I learn more about polling such info with Evolution? Thanks! Pope -- Luis Gómez Miralles InfoEmergencias - Technical Department Phone (+34) 654 24 01 34 Fax (+34) 963 49 31 80 [EMAIL PROTECTED] PGP Public Key available at http://www.infoemergencias.com/lgomez.asc
Re: debian-security-announce-$lang@lists?
Giuseppe Sacco wrote: We decided to translate from the english wml, so in order to start a translation we wait for the english published version. Is it the right way? In any case I will subscribe to debian-security-announce to get quicker translations. That's the proper way. However, due to a small delay in sending mail, the advisories tend to hit the cvs archive a couple of minutes *earlier* than the lists -- when I'm releasing the advisories, which has happend for a while now. There'll be an opposite delay when other team members release the advisory, but it's normally only a couple of hours maximum. So basically, yes, it's the proper way. Regards, Joey -- Let's call it an accidental feature. --Larry Wall Please always Cc to me when replying to me on the lists.
Re: debian-security-announce-$lang@lists?
InfoEmergencias - Luis Gómez wrote: El mié, 14-08-2002 a las 11:03, Javier Fernández-Sanguino Peña escribió: I do not see the benefit of this push method if we take in account that we already provide an RDF channel for advisories and users can configure their user agents (like Evolution) to retrieve them automatically. Hey, I knew nothing about it - Where can I learn more about polling such info with Evolution? Check out http://www.debian.org/security/dsa.rdf Regards, Joey -- Let's call it an accidental feature. --Larry Wall Please always Cc to me when replying to me on the lists.
Re: debian-security-announce-$lang@lists?
Jan Niehusmann wrote: On Wed, Aug 14, 2002 at 12:18:29PM +0200, Danny De Cock wrote: On Wed, 14 Aug 2002, Siegbert Baude wrote: language. As a side note: I personally know Germans and foreign Chinese students here in Germany working in this business, whose English skills wouldn`t allow reading complicated DSAs. One could reduce a DSA to do I have this package installed? Yes, then I'd better update.. However, if these people are subscribed to a translation list and no translator is available at the moment, they'll end up with a knowingly vulnerable system until they receive the translated DSA. This delay is what I am concerned about, since it's easy to become infinitive when people are unavailable, on holiday, on debconf or whatever. I do not think these people will (be able to) set up their own debian system: if their foreign language skills are insufficiently evolved to install such a system, there is no need to read the DSAs. While I agree that sufficient english skills to read a DSA are necessary to do a good job administrating a debian system, I'm very sure it is possible to install debian without understanding english. Looking at the gratuous (sp?) effort with translating everything, granted for sure. I think the problem is a different one: In my experience, nearly all people dealing with linux systems know enough english to read DSAs. But many are just to lazy to read anything that is not in their native language. So translating the DSAs may lead to more secure debian systems, and in the end, less vulnerable systems on the net. So I think it's a good idea. At least as long as it doesn't delay the distribution of the english DSA. These people already have the chance of reading DSAs in their native tongue at the web server, though, imposing a delay, based on the work of the translator and the website rebuild. Hence, there is already a chance for these people to read DSAs in their native tongue. I'm counting one I'm in favour of translated -announce lists Regards, Joey -- Let's call it an accidental feature. --Larry Wall Please always Cc to me when replying to me on the lists.
Re: debian-security-announce-$lang@lists?
On Wed, Aug 14, 2002 at 05:12:19PM +0200, Martin Schulze wrote: One could reduce a DSA to do I have this package installed? Yes, then I'd better update.. However, if these people are subscribed to Perhaps this could even be automated: When a new (english) DSA gets released, a script automatically sends a short announcement to the translated lists just containing the message 'there is a new DSA regarding the package XXX, the english version is available from YYY. A translated DSA should follow soon, but if it gets delayed, please try to read the english one'. Of course, this message should be translated as well, but as it is a constant text with some fields filled in, this doesn't need human interaction. That way, people reading the translated lists do not miss DSAs when a translator is unavailable. They have to decide themselves if they wait for the translated version or try to understand the english one. Jan
Re: debian-security-announce-$lang@lists?
Martin Schulze: what do other developers think about localized lists for security advisories, such as [EMAIL PROTECTED] That sounds like a good idea. However, to make sure that the information is sent out as soon as possible, I think it would be a good idea that, whenever a new advisory is issued in English, a message is automatically sent out to the languages' announce lists, pointing to where the original announcement can be found (either in the list archives, or on the web), awaiting the translation. -- \\// Peter - I do not read or respond to mail with HTML attachments. Statement concerning unsolicited e-mail according to Swedish law: http://www.softwolves.pp.se/peter/reklampost.html
Re: debian-security-announce-$lang@lists?
Em Tue, 13 Aug 2002 21:23:57 +0200, Martin Schulze [EMAIL PROTECTED] escreveu: Hi, Hello! Establishing localized -announce lists could impose an unacceptable delay before the translated advisory gets posted to the localized list. This will probably be the case especially with long advisories[2] or when translators are on their holidays or simply too busy to maintain the translation properly[3] or if Debian releases a couple of advisories on one day[4]. I agree this may be a problem, but I thought about some solutions: Adding a big DISCLAIMER at the beginning of every message explaining that the translation is there just for information and that people who need to care about the security updates of a server should subscribe to the original debian-security-announce to receive notifications as soon as possible. Also, it may be usefull to set up cron jobs to send a special DISCLAIMER message every week or so. People won't read is not a good argument, IMO. If they're not going to read a big DISCLAIMER how are they supposed to care about security or about the contents of the advisory? []s! -- [EMAIL PROTECTED]: Gustavo Noronha http://people.debian.org/~kov Debian: http://www.debian.org * http://debian-br.cipsga.org.br Dúvidas sobre o Debian? Visite o Rau-Tu: http://rautu.cipsga.org.br pgpLkvEoZMmj6.pgp Description: PGP signature
Re: debian-security-announce-$lang@lists?
Oohara Yuuma wrote: For your information, this is how the Japanese translation of DSAs works: 1. Kenshi Muto forwards the English DSA to [EMAIL PROTECTED] as soon as possible (usually in 24 hours) 2. Seiji Kaneko translates the e-mail version of DSA into Japanese and post it to [EMAIL PROTECTED] Hmm, so the DSAs are all received twice at least. Well, people will be informed about incidents earlier than the translation is ready, which is good. I'd say the following two should be optimized by Mariko requesting an account on www.debian.org so he doesn't need Tomohiro for committing. :) 3. Mariko GODA translates the wml version of DSA into Japanese and post it to [EMAIL PROTECTED] (this takes a while) 4. Tomohiro KUBOTA commits the translated DSA wml to the CVS server Regards, Joey -- Let's call it an accidental feature. --Larry Wall Please always Cc to me when replying to me on the lists.
debian-security-announce-$lang@lists?
Hi, what do other developers think about localized lists for security advisories, such as [EMAIL PROTECTED] Currently, all DSAs are released via mail in english on [EMAIL PROTECTED] and copied to www.debian.org afterwards, where they will be picked up by seven[1] fellow translators who produce the text part in their native tongue. This means that people who are interested in security, should subscribe to the -announce list for immediate notification. Those who prefer an advisory in their native tongue will have to wait up to one day to see the translation online. Establishing localized -announce lists could impose an unacceptable delay before the translated advisory gets posted to the localized list. This will probably be the case especially with long advisories[2] or when translators are on their holidays or simply too busy to maintain the translation properly[3] or if Debian releases a couple of advisories on one day[4]. This could lead to a false assumtion that no vulnerabilities were found and fixed, leaving a system vulnerable longer than it would be considered acceptable. Given the above, what do you think about establishing localized security-announce lists? Please discuss this issue on debian-security and not on debian-devel or debian-project to reach a larger audience. Regards, Joey 1. Danish, French, German, Japanese, Portuguese, Spanish and Swedish 2. See DSA 134 as a very bad example (Murphy...) or DSA 148 3. No harm intended, this happens to some people all the time (e.g. myself) 4. *cough* DSA 149, 150, 151 and 152 were released at the same day -- Unix is user friendly ... It's just picky about its friends. Please always Cc to me when replying to me on the lists.
Re: debian-security-announce-$lang@lists?
Il Tue, Aug 13, 2002 at 09:23:57PM +0200, Martin Schulze ha scritto: [...] Currently, all DSAs are released via mail in english on [EMAIL PROTECTED] and copied to www.debian.org afterwards, where they will be picked up by seven[1] fellow translators Just for the records. From this morning we also have Italian :-) 1. Danish, French, German, Japanese, Portuguese, Spanish and Swedish Bye, Giuseppe
Re: debian-security-announce-$lang@lists?
On Tue, Aug 13, 2002 at 09:23:57PM +0200, you wrote: what do other developers think about localized lists for security advisories, such as [EMAIL PROTECTED] I don't see the point. People who want up-to-date information will need to follow the english list, and the other translations are available on the web anyway. The web version has the added advantage of making it clear when a new advisory is released but not yet translated. -- Mike Stone