Greg Stein wrote on 10/10/12 6:44 PM:
I've read this entire thread (whew!), and would actually like to throw out
a contrary position:
No signed keys.
+1
--
Peter Karman . http://peknet.com/ . pe...@peknet.com
-
To
On 10.10.2012 00:01, Marvin Humphrey wrote:
While this protocol does not rely heavily on validating
government-issued IDs, the Debian guidelines quoted above point out
that some people object to giving such IDs too much creedence:
So instead of giving too much credence to government-issued
+1 (mentor)
Sent from my tablet
On Oct 10, 2012 9:00 PM, Andrea Pescetti pesce...@apache.org wrote:
Seeing no objections to my last message, and keeping into account that
this list had been regularly informed about the steps Apache OpenOffice was
taking towards graduation, I'm hereby asking
+1 (mentor)
Sent from my tablet
On Oct 10, 2012 12:25 AM, Steven Gill stevengil...@gmail.com wrote:
This is a call for vote to graduate the Cordova podling from Apache
Incubator.
Cordova entered the Incubator in October of 2011. We have made significant
progress with the project since
+1 (mentor)
Good luck!
On Wed, Oct 10, 2012 at 9:00 PM, Andrea Pescetti pesce...@apache.org wrote:
Seeing no objections to my last message, and keeping into account that this
list had been regularly informed about the steps Apache OpenOffice was
taking towards graduation, I'm hereby asking
Jukka Zitting wrote:
On Wed, Oct 10, 2012 at 10:00 PM, Andrea Pescetti wrote:
Aim of the resolution is to establish the
Apache OpenOffice Project as a Top Level Project.
[x] +1, recommend the resolution to the Board
Good luck, and a big thank you to everyone involved!
Thank you!
The
On 11 Oct 2012, at 00:44, Greg Stein wrote:
Please explain how keys are needed for this ASF release? Consumers are
already told to verify the SHA1 and nothing more. I doubt any more is
needed.
SHA1 offers no more protection than a checksum against MITM attack.
(assume secure
There's that, and also the fact that no two mentors have the same level
of experience anyway, so what you describe is possible within the
current structures, just isn't formalised.
I guess I would encourage you to do as Luciano suggests, and to chat to
mentors on a project that you might help
On 11 October 2012 02:39, Daniel Shahaf d...@daniel.shahaf.name wrote:
Greg Stein wrote on Wed, Oct 10, 2012 at 21:31:30 -0400:
Not too much. We still instruct users take the signatures and verify
them against blah.apache.org/KEYS. John Blackhat could replace the
signatures and install his
On Thu, Oct 11, 2012 at 9:01 AM, Nick Kew n...@apache.org wrote:
You have to extend that assumption not only to our infrastructure but to
every proxy that might come between us and a user, and that might
substitute a trojan along with the trojan's own SHA1.
The same reasoning holds for the
On Thu, Oct 11, 2012 at 9:48 AM, sebb seb...@gmail.com wrote:
On 11 October 2012 02:39, Daniel Shahaf d...@daniel.shahaf.name wrote:
Greg Stein wrote on Wed, Oct 10, 2012 at 21:31:30 -0400:
Not too much. We still instruct users take the signatures and verify
them against
+1
On Thu, Oct 11, 2012 at 1:40 PM, seba.wag...@gmail.com
seba.wag...@gmail.com wrote:
We've moved the project to apache-extras.org
http://code.google.com/a/apache-extras.org/p/drupal-plugin-openmeetings/
Sebastian
2012/9/13 Jukka Zitting jukka.zitt...@gmail.com
Hi,
On Thu, Sep 13,
+1
LieGrue,
strub
- Original Message -
From: Ross Gardler rgard...@opendirective.com
To: general@incubator.apache.org
Cc:
Sent: Thursday, October 11, 2012 9:14 AM
Subject: Re: [VOTE] Recommend to the Board to establish the Apache OpenOffice
Project
+1 (mentor)
Sent from
+1
On Thu, Oct 11, 2012 at 2:53 PM, Mark Struberg strub...@yahoo.de wrote:
+1
LieGrue,
strub
- Original Message -
From: Ross Gardler rgard...@opendirective.com
To: general@incubator.apache.org
Cc:
Sent: Thursday, October 11, 2012 9:14 AM
Subject: Re: [VOTE] Recommend to the
On Thu, Oct 11, 2012 at 10:57 AM, Noah Slater nsla...@tumbolia.org wrote:
Which is why we link to the .md5, .sha, .asc, and KEYS files on our severs.
Unless you're assuming a MITM along the request/response path to apache.org,
in which case all bets are off anyway. No?
Which is why I have my
+1 (IPMC)
Regards,
Dave
On Oct 11, 2012, at 12:14 AM, Ross Gardler wrote:
+1 (mentor)
Sent from my tablet
On Oct 10, 2012 9:00 PM, Andrea Pescetti pesce...@apache.org wrote:
Seeing no objections to my last message, and keeping into account that
this list had been regularly informed
+1 binding.
On Wed, Oct 10, 2012 at 1:32 PM, Ted Dunning ted.dunn...@gmail.com wrote:
+1 (binding)
On Wed, Oct 10, 2012 at 9:37 AM, kishore g g.kish...@gmail.com wrote:
Hi,
I would like to call a vote for accepting Helix for incubation in the
Apache Incubator. I have pasted the full
sebb wrote on Thu, Oct 11, 2012 at 09:48:25 +0100:
On 11 October 2012 02:39, Daniel Shahaf d...@daniel.shahaf.name wrote:
Greg Stein wrote on Wed, Oct 10, 2012 at 21:31:30 -0400:
Not too much. We still instruct users take the signatures and verify
them against blah.apache.org/KEYS. John
On Wed, Oct 10, 2012 at 12:24 AM, Steven Gill stevengil...@gmail.com wrote:
This is a call for vote to graduate the Cordova podling from Apache
Incubator.
+1
...We have prepared and reviewed our charter. You can view it at [5]
IMO related to building cross platform mobile applications
Hi,
Unless I'm mistaken, the list of PMC members below includes a single
individual (Dave Fisher) who's active in more than just the OO
project, all others have joined the ASF via OO incubation.
Are the OO mentors really comfortable with this, considering the
unusual size of this project isn't
On 11 Oct 2012, at 13:19, Benson Margulies wrote:
Over and above that, we could then ask, 'how could we improve
protection against most complex problems?'
Now that's something the ASF might indeed be well-qualified to hack.
Improved end-user tools (e.g. browser plugins) to take advantage of
Hi Michael,
On Oct 10, 2012, at 8:03 PM, Michael Stroucken wrote:
Craig L Russell wrote:
Hi Jukka,
The incubator report in wiki is immutable.
Could you please amend the tashi report:
Change diogo to diego
Please don't, the gentleman's name is Diogo, though I've
misspelled it too on
+1
I'm assuming Benson means the digest (SHA1) by signature. Using those from
the Apache site is probably the first-line for power users and about as much
extra effort that can be expected. The use of download utilities that reliably
check signatures from authentic sources is a small boost
Please cast your votes!
[ ] +1, recommend Ripple to move into the incubator
[ ] +0, abstain/don't care
[ ] -1, do not recommend Ripple to move into the incubator,because...
On Thu, Oct 11, 2012 at 3:16 AM, Ross Gardler
rgard...@opendirective.comwrote:
Great to have you Andrew.
Dan, yes,
On 11 Oct 2012, at 09:57, Noah Slater wrote:
On Thu, Oct 11, 2012 at 9:01 AM, Nick Kew n...@apache.org wrote:
You have to extend that assumption not only to our infrastructure but to
every proxy that might come between us and a user, and that might
substitute a trojan along with the
I see I committed the sin of using signature two different ways, below.
I mean the file digest value (digital hash, SHA1) for what power users and
appropriate downloader utilities check.
I mean the external digital signature and the signers public-key cert in the
Apache keys with regard to
@Nick
I don't understand the supposed attack vector concerning the file digests being
of no value and the WoT being essential.
- Dennis
ANALYSIS
So long as the digest value is obtained from a reliable read-only source, it
doesn't matter where the file comes from, the digest can be verified.
+1
Although I know my vote doesn't count :-)
On Thu, Oct 11, 2012 at 12:04 PM, Gord Tanner gtan...@gmail.com wrote:
Please cast your votes!
[ ] +1, recommend Ripple to move into the incubator
[ ] +0, abstain/don't care
[ ] -1, do not recommend Ripple to move into the incubator,because...
+ 1 (binding).
Great to see the project graduate.
Suresh
On Oct 10, 2012, at 3:00 PM, Andrea Pescetti pesce...@apache.org wrote:
Seeing no objections to my last message, and keeping into account that this
list had been regularly informed about the steps Apache OpenOffice was taking
On Oct 11, 2012, at 4:32 AM, Upayavira u...@odoko.co.uk wrote:
There's that, and also the fact that no two mentors have the same level
of experience anyway, so what you describe is possible within the
current structures, just isn't formalized.
I am not sure if formalizing the role is neded. I
On Thu, Oct 11, 2012 at 9:58 AM, Suresh Marru sma...@apache.org wrote:
But great suggestion Luciano (to use all the incumbent IPMC to help more
while experiences are fresh).
My personal opinion is, the easiest way to look for projects needing help is
during releases. If a project
comes to
On 10/10/12 1:00 PM, Andrea Pescetti wrote:
Seeing no objections to my last message, and keeping into account that
this list had been regularly informed about the steps Apache OpenOffice
was taking towards graduation, I'm hereby asking the IPMC to recommend the
following resolution to the
On 10/11/12 10:04 AM, Gord Tanner wrote:
Please cast your votes!
[ ] +1, recommend Ripple to move into the incubator
[ ] +0, abstain/don't care
[ ] -1, do not recommend Ripple to move into the incubator,because...
+1 (binding)
-- leif
On Thu, Oct 11, 2012 at 1:32 AM, Upayavira u...@odoko.co.uk wrote:
I guess I would encourage you to do as Luciano suggests, and to chat to
mentors on a project that you might help with.
Great. Lets make it practical -- there's a Helix project that is currently
being proposed for incubation. I'm
Great. Lets make it practical -- there's a Helix project that is currently
being proposed for incubation. I'm very much interested in helping
it to grow into a TLP eventually. Given how closely it aligns with some
of the things we're trying to do in Bigtop -- I'm definitely joining the
On 11 Oct 2012, at 17:14, Dennis E. Hamilton wrote:
@Nick
I don't understand the supposed attack vector concerning the file digests
being of no value and the WoT being essential.
- Dennis
ANALYSIS
So long as the digest value is obtained from a reliable read-only source, it
On Thu, Oct 11, 2012 at 10:33 AM, Jakob Homan jgho...@gmail.com wrote:
You go and help the community out in general and, when it comes time
for a release, you do all the things a regular mentor would do. If
you catch issues with the release, this will be a big help. No one is
going to ignore
+1 (non-binding)
On 11 Oct 2012, at 18:04, Gord Tanner wrote:
Please cast your votes!
[ ] +1, recommend Ripple to move into the incubator
[ ] +0, abstain/don't care
[ ] -1, do not recommend Ripple to move into the incubator,because...
Ripple, A Mobile Environment Emulator
+1 binding
Sent from mobile, forgive terseness and errors
On Oct 11, 2012 5:05 PM, Gord Tanner gtan...@gmail.com wrote:
Please cast your votes!
[ ] +1, recommend Ripple to move into the incubator
[ ] +0, abstain/don't care
[ ] -1, do not recommend Ripple to move into the
On Thu, Oct 11, 2012 at 12:00 AM, Branko Čibej br...@apache.org wrote:
So instead of giving too much credence to government-issued IDs, you'd
prefer to give credence to a service provided for free by a commercial
entity with a conceivable interest in inserting backdoors in software or
+1 (binding)
On Thu, Oct 11, 2012 at 6:04 PM, Gord Tanner gtan...@gmail.com wrote:
Please cast your votes!
[ ] +1, recommend Ripple to move into the incubator
[ ] +0, abstain/don't care
[ ] -1, do not recommend Ripple to move into the incubator,because...
Ripple, A Mobile Environment
On Wed, Oct 10, 2012 at 2:36 PM, Nick Kew n...@apache.org wrote:
On 10 Oct 2012, at 17:04, Marvin Humphrey wrote:
In my opinion, we have sufficient expertise here at the ASF to devise an
authentication protocol whose reliability exceeds that of individuals
participating unsupervised in a web
On Thu, Oct 11, 2012 at 10:41 AM, Roman Shaposhnik r...@apache.org wrote:
However, see my 'how would it help to clear 3 +1 IPMC votes hurdle' question
on this thread'?
If you help to audit the IP of the podling and to instill good habits and
values, it will make it considerably easier for the
@Marvin,
Can you say more about Multi-factor? I know commonly-claimed schemes involve
the same factor multiple times (e.g., more things that a party knows, like Aunt
Gracie's dress size). I agree that confirming a picture ID (something the
individual has) is another factor. What other
On Wed, Oct 10, 2012 at 7:21 PM, Jukka Zitting jukka.zitt...@gmail.com wrote:
Hi,
Thanks for the reviews, Benson! I added you as a signer-off on these reports.
As reported and discussed, Kafka remains ready to graduate and will
hopefully complete that transition shortly.
On Fri, Oct 5,
On Thu, Oct 11, 2012 at 3:38 PM, Rob Weir robw...@apache.org wrote:
On Wed, Oct 10, 2012 at 7:21 PM, Jukka Zitting jukka.zitt...@gmail.com
wrote:
Hi,
Thanks for the reviews, Benson! I added you as a signer-off on these reports.
As reported and discussed, Kafka remains ready to graduate and
On Thu, Oct 11, 2012 at 3:53 PM, Benson Margulies bimargul...@gmail.com wrote:
On Thu, Oct 11, 2012 at 3:38 PM, Rob Weir robw...@apache.org wrote:
On Wed, Oct 10, 2012 at 7:21 PM, Jukka Zitting jukka.zitt...@gmail.com
wrote:
Hi,
Thanks for the reviews, Benson! I added you as a signer-off on
Marvin Humphrey wrote on Thu, Oct 11, 2012 at 11:46:23 -0700:
On Wed, Oct 10, 2012 at 2:36 PM, Nick Kew n...@apache.org wrote:
On 10 Oct 2012, at 17:04, Marvin Humphrey wrote:
In my opinion, we have sufficient expertise here at the ASF to devise an
authentication protocol whose
Marvin Humphrey wrote on Thu, Oct 11, 2012 at 11:46:23 -0700:
In my opinion, general@incubator is an appropriate venue to explore ways in
which the system can be improved. That will necessarily mean talking about
I am sure there are crypto minds in the ASF who aren't on general@incubator.
On Thu, Oct 11, 2012 at 1:29 PM, Daniel Shahaf d...@daniel.shahaf.name wrote:
1) RM prepares tarball, signs, uploads for voting
2) voting passes
3) mentor appends his signature to the .asc file
4) artifacts posted to dist/
That solves the problem for end users until the RM attends a
Sent from my iPhone
On Oct 11, 2012, at 3:06 PM, Rob Weir robw...@apache.org wrote:
On Thu, Oct 11, 2012 at 3:53 PM, Benson Margulies bimargul...@gmail.com
wrote:
On Thu, Oct 11, 2012 at 3:38 PM, Rob Weir robw...@apache.org wrote:
On Wed, Oct 10, 2012 at 7:21 PM, Jukka Zitting
Rob Weir wrote:
On Thu, Oct 11, 2012 at 3:53 PM, Benson Margulies bimargul...@gmail.com
wrote:
On Thu, Oct 11, 2012 at 3:38 PM, Rob Weir robw...@apache.org wrote:
On Wed, Oct 10, 2012 at 7:21 PM, Jukka Zitting jukka.zitt...@gmail.com
wrote:
Hi,
Thanks for the reviews, Benson! I
I am concerned about the lack of mail list and JIRA activity for the podling
since the last reporting period. There has been very little activity, but the
report indicates a lot of work was completed. I did see a bunch of commits in
August, but the only e-mails on the list were from the
-Original Message-
From: Franklin, Matthew B. [mailto:mfrank...@mitre.org]
Sent: Wednesday, October 10, 2012 9:18 PM
To: general
Subject: RE: Preparing for the October reports
-Original Message-
From: Jukka Zitting [mailto:jukka.zitt...@gmail.com]
Sent: Wednesday, October 10,
[
https://issues.apache.org/jira/browse/PODLINGNAMESEARCH-15?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13474595#comment-13474595
]
Shane Curcuru commented on PODLINGNAMESEARCH-15:
Geez, you
On Thu, Oct 11, 2012 at 4:52 PM, kishore g g.kish...@gmail.com wrote:
I may have to edit the Helix Proposal wiki. Can you please grant me
the permission. My id is k4j
Done.
Marvin Humphrey
-
To unsubscribe, e-mail:
+1 to Apache Allura. Commented on your Jira.
If you truly want a blessing, a little song or dance would be good,
but not strictly required. 8-)
- Shane
On 10/8/2012 10:41 AM, Rich Bowen wrote:
Trademarks folks,
I've done a name search for 'Allura' and the results of that search are
On 11 October 2012 22:30, David Crossley cross...@apache.org wrote:
Rob Weir wrote:
On Thu, Oct 11, 2012 at 3:53 PM, Benson Margulies bimargul...@gmail.com
wrote:
On Thu, Oct 11, 2012 at 3:38 PM, Rob Weir robw...@apache.org wrote:
On Wed, Oct 10, 2012 at 7:21 PM, Jukka Zitting
58 matches
Mail list logo
