Re: Excluding diffs in CVS mails

Hi, I think At 09:43 2/3/01 -0800, Jon Stevens wrote: >they don't care enough to fix it. sums it up well enough for me ;) Sure it would be nice not to have generated files in CVS but until there is another safe way to do it - well lets just say I am lazy ;) Cheers, Pete *--

Re: Excluding diffs in CVS mails

on 3/2/01 9:27 PM, "Sam Ruby" <[EMAIL PROTECTED]> wrote: > Replace P#4 through P#7 with a single step: "deploysite.sh". Number of > substeps irrelevant. What is important is that the entire process is > entirely automated and hands off. If you like, logs can be generated and > sent to your per

Re: Excluding diffs in CVS mails

Jon Stevens wrote: > > Current system (C) : 5 steps > Proposed system (P) : 7 steps Replace P#4 through P#7 with a single step: "deploysite.sh". Number of substeps irrelevant. What is important is that the entire process is entirely automated and hands off. If you like, logs can be generated

Re: Excluding diffs in CVS mails

on 3/2/01 8:44 PM, "Sam Ruby" <[EMAIL PROTECTED]> wrote: > Could I get you to describe a simple rule - for example, "delete all html > file in the target directory for which there are no corresponding source > files". Based on the rule, I'll either find a way to accomplish what you > describe wi

Re: Excluding diffs in CVS mails

Jon Stevens wrote: > > Nope. Sorry. After thinking about it further (as well as outlining > the steps...see below) I'm against this approach *in this case*. > > I feel that the risk of accidentally removing a non-checked in > directory or file in the website on the server (yes that is sometimes >

Re: Excluding diffs in CVS mails

on 3/2/01 7:33 PM, "Sam Ruby" <[EMAIL PROTECTED]> wrote: > The fix is not to check in generated files. Nope. Sorry. After thinking about it further (as well as outlining the steps...see below) I'm against this approach *in this case*. I feel that the risk of accidentally removing a non-checked

Re: Excluding diffs in CVS mails

Sam Ruby wrote: > > - Sam "pain in the ass" Ruby > > [[ hey: Jon is semi-retired at the moment, so *SOMEBODY* has to do it ]] > I think then you should license his trademark 'Hugs and Kisses'. ;) geir -- Geir Magnusson Jr. [EMAIL PROTECTED] Developing for

Re: Excluding diffs in CVS mails

Peter Donald wrote: > > I got a huge number of complaints when I recently checked in some > generated files to CVS recently (namely web-pages). The fix is not to check in generated files. Right now, the process is roughly: on your machine: checkout, change, build, checkin on the server: c

Re: [TOPIC] Security: Should ASF/Jakarta sign jar files

on 3/2/01 5:59 PM, "Glenn Nielsen" <[EMAIL PROTECTED]> wrote: > Java is available on a number of different OS platforms, not just unix. > Anyone who had the ability to use the signed jar would have the tool to verify > the signer. That is not true for "man md5".

Excluding diffs in CVS mails

Hi, I got a huge number of complaints when I recently checked in some generated files to CVS recently (namely web-pages). The diffs caused large mails to be sent out and annoy everyone :) So I had a look at CVSROOT and it seems that log_accum.pl is the place to "fix" this. What I want to do is h

Re: [TOPIC] Security: Should ASF/Jakarta sign jar files

Jon Stevens wrote: > > on 3/2/01 4:02 PM, "Glenn Nielsen" <[EMAIL PROTECTED]> wrote: > > > Yes, signing the distributions like that does help provide confidence against > > trojans. But users having the knowledge and tools to veryify the dist are not > > as > > prevalent. At least when signing

Re: Determining the intent of the voters... ;-)

Jon Stevens wrote: > > on 3/2/01 4:57 PM, "Sam Ruby" <[EMAIL PROTECTED]> wrote: > > > Currently there are zero committers. > > This *always* leads to failure. I have yet to see a project succeed like > this. Sam's quote was out of context. We actually have nine committers to the proposal. -Te

Re: Determining the intent (long)

"Pier P. Fumagalli" wrote: > To be elected on the PMC, though, is somehow a different story. The PMC is > responsible for organizing the Jakarta community, tracking what different > projects are doing, solving disputes, accepting new code bases. This goes > far beyond a simple judgment on some pie

Re: Determining the intent of the voters... ;-)

on 3/2/01 4:57 PM, "Sam Ruby" <[EMAIL PROTECTED]> wrote: > Currently there are zero committers. This *always* leads to failure. I have yet to see a project succeed like this. Again, unless someone actually steps up to take initiative and do something, nothing will happen and a whole bunch of pe

Re: Determining the intent of the voters... ;-)

Pier Fumagalli wrote: > > Sam, stop being a pain in the ass for everything that anyone does > in not perfect accordance with your "ideas" (I'm kinda getting > bored of this attitude of pointing out any single stupid detail). Pier - I beg to differ. In this case, I am not an ass, I am an idiot, a

Re: [TOPIC] Security: Should ASF/Jakarta sign jar files

on 3/2/01 4:08 PM, "Peter Donald" <[EMAIL PROTECTED]> wrote: > Hi, > > Before you ask whether you should sign the jars - ask what you would gain > from it. Many less respectable peeps encourage people to sign files because > it is so easy to subvert. > > Without signing security consious people

Re: [TOPIC] Security: Should ASF/Jakarta sign jar files

on 3/2/01 4:02 PM, "Glenn Nielsen" <[EMAIL PROTECTED]> wrote: > Yes, signing the distributions like that does help provide confidence against > trojans. But users having the knowledge and tools to veryify the dist are not > as > prevalent. At least when signing jar files, if the user has a JVM,

Re: Determining the intent of the voters... ;-)

Sam Ruby <[EMAIL PROTECTED]> wrote: > While we are waiting on Anil (anybody seen him lately?), I'm trying to > tally the votes received so far. It is clear that Ceki and Diane have the > prerequisite number of votes already. Congratulations. > > However, there are a number of votes which aren'

Re: [TOPIC] Security: Should ASF/Jakarta sign jar files

Hi, Before you ask whether you should sign the jars - ask what you would gain from it. Many less respectable peeps encourage people to sign files because it is so easy to subvert. Without signing security consious people often download the source and rebuild from that. Signing gives them a sens

Re: [TOPIC] Security: Should ASF/Jakarta sign jar files

Jon Stevens wrote: > > on 3/2/01 6:06 AM, "GOMEZ Henri" <[EMAIL PROTECTED]> wrote: > > > Wby not just use the standard ASF (PGP and md5 signatures) > > I have been using that technique for Apache JServ (and the rest of the > projects that I'm involved with) for years now. > > In fact after the

FW: anoncvs off for now

FYI. -jon -- From: Brian Behlendorf <[EMAIL PROTECTED]> Date: Fri, 2 Mar 2001 14:32:29 -0800 (PST) To: <[EMAIL PROTECTED]> Subject: anoncvs off for now Either someone posted to slashdot telling people to use anoncvs to download every module off of apache.org at once, or a denial of ser

Determining the intent of the voters... ;-)

While we are waiting on Anil (anybody seen him lately?), I'm trying to tally the votes received so far. It is clear that Ceki and Diane have the prerequisite number of votes already. Congratulations. However, there are a number of votes which aren't quite so clear. Without trying to prejudice

Re: [TOPIC] Security: Should ASF/Jakarta sign jar files

on 3/2/01 6:06 AM, "GOMEZ Henri" <[EMAIL PROTECTED]> wrote: > Wby not just use the standard ASF (PGP and md5 signatures) I have been using that technique for Apache JServ (and the rest of the projects that I'm involved with) for years now. In fact after the white hack break in, I even went back

RE: [TOPIC] Security: Should ASF/Jakarta sign jar files

>Do you think the ASF should sign jar files? Wby not just use the standard ASF (PGP and md5 signatures) exemple : apache_1.3.19.tar.gz apache_1.3.19.tar.gz.asc apache_1.3.19.tar.gz.md5 >If the ASF signs jar's, a host of other questions are raised. > >Should all jar files be signed, even f

Re: [TOPIC] Security: Should ASF/Jakarta sign jar files

I'm think that only the group of user that is using the classes of some web application with Jakarta should sign the classes that are using. Because the private key is a stuff that only those groups should known. With best wishes, Edson Alves Pereira [EMAIL PROTECTED] wrote: > > Java com

[TOPIC] Security: Should ASF/Jakarta sign jar files

Java comes with the ability to sign a jar file with a private key. A signed jar file can the be verified by the user or verified by the JVM at runtime if an application is using the Java SecurityManager. Signing of jar files can help users protect themselves from trojan versions of java jar files

Checking in jars - an update

[moving from library-dev] Peter Donald wrote: > > Danger Will Robinson ! Danger ! Prepare to don a asbestos suit ;) > > This is an arguement done to death ;) Personally I would prefer to suck > down tagged binaries from a known place (ie CJAN) but until the > infrastructure is in place binaries i