On Thu, May 18, 2006 at 02:52:11PM +0900, Chris White wrote:
Relax! Grab some popcorn, enjoy the show! 30 mile threads is what
makes real linux distros real. We actually use them to provide a means
of cooking for the weekly dev BBQ's. Anyways, at this point I'd call
it it a day and say Hey
On Thursday 18 May 2006 22:37, Stephen Bennett wrote:
On Thu, 18 May 2006 21:35:01 +0200
Carsten Lohrke [EMAIL PROTECTED] wrote:
Sure baselayout is. An there're others in the tree, But that doesn't
mean these variants are supported (special cases like embedded
aside).
So they're
On Thursday 18 May 2006 20:35, Carsten Lohrke wrote:
On Thursday 18 May 2006 20:43, Roy Marples wrote:
Yes, part of it. baselayout is another part - and yet it's possible to
run Gentoo on other variants like initng, daemontools and no doubt
others.
Sure baselayout is. An there're others
On Friday 19 May 2006 08:25, Paul de Vrieze wrote:
On Thursday 18 May 2006 22:37, Stephen Bennett wrote:
On Thu, 18 May 2006 21:35:01 +0200
Carsten Lohrke [EMAIL PROTECTED] wrote:
Sure baselayout is. An there're others in the tree, But that doesn't
mean these variants are supported
On Thursday 18 May 2006 22:43, Ciaran McCreesh wrote:
| You say that there is no such a thing as a primary package manager,
| but fail to state any reason (here or in other mails) as to why this
| is true. Instead of arguing why my support is false you just say that
| I am saying things that
On Thu, 18 May 2006 16:41:09 -0400 Peter [EMAIL PROTECTED] wrote:
| However, continuing the thread serves no useful purpose except, IMHO,
| to completely obfuscate the original point of the thread
Nonsense. There is still productive discussion going on in that thread.
The only reason it is
Hi,
there are at least two problems with how portage currently handles locales:
- Firstly some packages fail to build with obscure LC_* settings
The continuous stream of et_EE bugs is annoying: http://tinyurl.com/jsqzb
- and secondly I get my gcc output in german when I have a german locale
The only attack most people really care about is a compromised rsync server. There is no practical way to protect against the other attacks - and at the end of the day, if a developer gets compromised it doesn't matter whether it's a gpg key or ssh key, the effect is the same. The discussion about
What do you think? LC_ALL=C in portage or not?
- Stefan
Well this problem (localized error messages) exists since I know linux
and the solution has always been use per user locale settings and keep
LC_ALL=POSIX or =C as a system default.
Maybe we should just update the docs?
Otoh LC_ALL=C
On Fri, 2006-05-19 at 10:46 +0100, Chris Bainbridge wrote:
The only attack most people really care about is a compromised rsync
server. There is no practical way to protect against the other attacks
- and at the end of the day, if a developer gets compromised it
doesn't matter whether it's a
On Thu, May 18, 2006 at 06:30:47PM -0700, Donnie Berkholz wrote:
[snip]
Hi,
I think I improved the eclass a bit by making it more efficient both
disk and network wise among other things:
- Branchs are supported so different versions of the ebuild can use
different versions of the code
On Fri, May 19, 2006 at 11:38:06AM +0200, Stefan Schweizer wrote:
Hi,
there are at least two problems with how portage currently handles locales:
- Firstly some packages fail to build with obscure LC_* settings
The continuous stream of et_EE bugs is annoying: http://tinyurl.com/jsqzb
-
Harald van Dijk wrote:
is a feature, not a bug. It can indeed be a problem in bugreports, but
it's a much milder one, since it's trivial to look up what any
particular message is translated from.
Well no, I completely disagree. Error output in $random language makes
searching for duplicate
No, it's needlessly unfriendly to users, and encourages broken packages.
et_EE breakage should be fixed, and slowly but surely is, and as for
unreadable error messages, getting German gcc output in a German locale
is a feature, not a bug. It can indeed be a problem in bugreports, but
it's a
Marc Hildebrand wrote:
Otoh LC_ALL=C could help if you intend to use a .utf-8 locale as root,
though. So if it does help solving bugs and causes no trouble, why not.
ok, we have prepared a patch now, so everyone can have a look at it.
http://dev.gentoo.org/~zmedico/tmp/portage_lc_all.patch
On Fri, May 19, 2006 at 09:09:08AM -0400, Patrick McLean wrote:
No, it's needlessly unfriendly to users, and encourages broken packages.
et_EE breakage should be fixed, and slowly but surely is, and as for
unreadable error messages, getting German gcc output in a German locale
is a
Harald van Dijk wrote:
and as for
unreadable error messages, getting German gcc output in a German locale
is a feature, not a bug.
I agree - but only when you use gcc on the command line, or in a
Makefile, or in some other normal usage scenario.
I think Stefan is suggesting just using the
On Fri, May 19, 2006 at 03:13:48PM +0200, Stefan Schweizer wrote:
Marc Hildebrand wrote:
Otoh LC_ALL=C could help if you intend to use a .utf-8 locale as root,
though. So if it does help solving bugs and causes no trouble, why not.
ok, we have prepared a patch now, so everyone can have a
On Fri, May 19, 2006 at 02:44:03PM +0100, Daniel Drake wrote:
Harald van Dijk wrote:
and as for
unreadable error messages, getting German gcc output in a German locale
is a feature, not a bug.
I agree - but only when you use gcc on the command line, or in a
Makefile, or in some other
On Thursday 18 May 2006 22:15, Ciaran McCreesh wrote:
| Sure baselayout is. An there're others in the tree, But that doesn't
| mean these variants are supported (special cases like embedded aside).
Sure, some of them are supported.
By supported I mean all relevant packages in the tree install
On Friday 19 May 2006 09:33, Roy Marples wrote:
Maybe you haven't noticed, but baselayout is a virtual - which does make
things harder as the main forks (vserver and fbsd) sometimes break when
we add new things and they haven't synced up yet.
I have nothing against a virtual. I just don't
On 19/05/06, Patrick Lauer [EMAIL PROTECTED] wrote:
On Fri, 2006-05-19 at 10:46 +0100, Chris Bainbridge wrote:
We already trust the master cvs server admins (and they could just
replace the whole tree anyway), so what benefit does a distributed
signing system like gpg actually give to the
On Friday 19 May 2006 14:54, Carsten Lohrke wrote:
On Thursday 18 May 2006 22:15, Ciaran McCreesh wrote:
| Sure baselayout is. An there're others in the tree, But that doesn't
| mean these variants are supported (special cases like embedded aside).
Sure, some of them are supported.
By
Chris Bainbridge wrote:
It is a single signature across the entire portage tree. It means that
after rsync emerge can check the signature against the retrieved tree
to validate the whole tree (or overlay).
This idea has been brought up before and shot down. Signing the whole tree does
not
On Friday 19 May 2006 16:17, Roy Marples wrote:
I can show you bugs where existing packages have invalid init scripts that
just don't work with any baselayout version in portage. You could argue
that they shouldn't be in the tree - if so then our imap server is
foo-bared as it uses
On Friday 19 May 2006 15:52, Carsten Lohrke wrote:
There will be always someone who goes ahead. Fact is that every dev who
maintains a package installing an init script is expecteted to do so for
baselayout, but is free to say no, when someone requests an initng one, as
long as it isn't the
On 19/05/06, Andrew Gaffney [EMAIL PROTECTED] wrote:
Chris Bainbridge wrote:
It is a single signature across the entire portage tree. It means that
after rsync emerge can check the signature against the retrieved tree
to validate the whole tree (or overlay).
This idea has been brought up
On Fri, 2006-05-19 at 15:13 +0100, Chris Bainbridge wrote:
There are now several hundred gentoo developers. It is more likely
that one of them has a security lapse than cvs.gentoo.org.
One is a local bug, the other one global.
I'd prefer a system that is resilient against two devs going crazy -
On Friday 19 May 2006 08:17, Chris Bainbridge wrote:
On 19/05/06, Andrew Gaffney [EMAIL PROTECTED] wrote:
Chris Bainbridge wrote:
It is a single signature across the entire portage tree. It means that
after rsync emerge can check the signature against the retrieved tree
to validate the
On Fri, May 19, 2006 at 04:17:38PM +0100, Chris Bainbridge wrote:
On 19/05/06, Andrew Gaffney [EMAIL PROTECTED] wrote:
Chris Bainbridge wrote:
It is a single signature across the entire portage tree. It means that
after rsync emerge can check the signature against the retrieved tree
to
On Fri, 2006-05-19 at 16:17 +0100, Chris Bainbridge wrote:
On 19/05/06, Andrew Gaffney [EMAIL PROTECTED] wrote:
Chris Bainbridge wrote:
It is a single signature across the entire portage tree. It means that
after rsync emerge can check the signature against the retrieved tree
to
Harald van Dijk wrote:
[..] encourages broken packages.
et_EE breakage should be fixed, and slowly but surely is[..]
That is your main problem here and I have discussed this in IRC with you and
it is true in my opinion that it does not improve gentoo or make the
distribution any better to close
Grant Goodyear [EMAIL PROTECTED] wrote:
Perhaps it's time to split off a thread or two...?
Perhaps, even a meta-thread!
--
Each night Father fills me with dread
When he sits on the foot of my bed.
I'd not mind that he speaks; In gibbers and squeaks,
But for the seventeen years he's
Stefan Schweizer [EMAIL PROTECTED] posted [EMAIL PROTECTED],
excerpted below, on Fri, 19 May 2006 15:13:48 +0200:
Marc Hildebrand wrote:
Otoh LC_ALL=C could help if you intend to use a .utf-8 locale as root,
though. So if it does help solving bugs and causes no trouble, why not.
ok, we
On Fri, May 19, 2006 at 05:44:34PM +0200, Stefan Schweizer wrote:
Harald van Dijk wrote:
[..] encourages broken packages.
et_EE breakage should be fixed, and slowly but surely is[..]
That is your main problem here and I have discussed this in IRC with you and
it is true in my opinion
On 19/05/06, Patrick Lauer [EMAIL PROTECTED] wrote:
On Fri, 2006-05-19 at 15:13 +0100, Chris Bainbridge wrote:
There are now several hundred gentoo developers. It is more likely
that one of them has a security lapse than cvs.gentoo.org.
One is a local bug, the other one global.
I'd prefer a
On Fri, May 19, 2006 at 01:45:30PM +0200, Fernando J. Pereda wrote:
Also, git-sources *should* use this eclass once it is in the tree since
people using it will save _lots_ of bandwidth and disk space.
Yes, I'll convert it over once you feel it is ready, just let me know.
thanks,
greg k-h
--
On 19/05/06, John Myers [EMAIL PROTECTED] wrote:
On Friday 19 May 2006 08:17, Chris Bainbridge wrote:
We do? What option to emerge enables this behaviour?
RSYNC_EXCLUDES is the name, IIRC...
Well, that would be incompatible with a single signature. I don't
really see that point, but then
On Thu, 18 May 2006 23:45:17 +0200, Patrick Lauer wrote:
Hello all,
snip...
I have a question about package Manifests. On reviewing portage, some
Manifests are signed by various GPG keys, and others are not signed at all!
I submitted something to Patrick off list (largely because I'm not a
On Fri, 19 May 2006 15:13:15 +0100
Chris Bainbridge [EMAIL PROTECTED] wrote:
find /usr/portage -path '/usr/portage/metadata' -prune -o -path
'/usr/portage/distfiles' -prune -o -path '/usr/portage/packages'
-prune -o -type f -exec cat {} /tmp/blah \;
time gpg --detach-sign -a /tmp/blah
I
On 19/05/06, Peter [EMAIL PROTECTED] wrote:
Who signs the Manifests? Why are some unsigned? Is there a single Gentoo
Security Key (like I know Slackware has and some other distros to ensure
the authenticity of their files)?
Individual developers sign the manifests with their own gpg keys. Some
On Fri, 19 May 2006 12:28:04 -0400
Peter [EMAIL PROTECTED] wrote:
Who signs the Manifests?
The dev who commits it.
Why are some unsigned?
Because some devs don't sign Manifests.
Is there a single
Gentoo Security Key (like I know Slackware has and some other distros
to ensure the
On Fri, May 19, 2006 at 06:50:34PM +0200, Marius Mauch wrote:
On Fri, 19 May 2006 15:13:15 +0100
Chris Bainbridge [EMAIL PROTECTED] wrote:
find /usr/portage -path '/usr/portage/metadata' -prune -o -path
'/usr/portage/distfiles' -prune -o -path '/usr/portage/packages'
-prune -o -type f
On Fri, 19 May 2006 15:13:48 +0200
Stefan Schweizer [EMAIL PROTECTED] wrote:
Marc Hildebrand wrote:
Otoh LC_ALL=C could help if you intend to use a .utf-8 locale as
root, though. So if it does help solving bugs and causes no
trouble, why not.
ok, we have prepared a patch now, so
On Fri, 19 May 2006 12:28:04 -0400
Peter [EMAIL PROTECTED] wrote:
Who signs the Manifests? Why are some unsigned? Is there a single
Gentoo Security Key (like I know Slackware has and some other distros
to ensure the authenticity of their files)?
Because the whole signing stuff isn't official,
Marius Mauch wrote:
Why does this have to be fast tracked all of a sudden?
Because someone took care of it eventually and it will fix all the estonian
bugs at once + allow other-LC-people like me to file bugs without having to
run emerge again with LC_ALL=C.
And I think it should go in as soon
On Fri, 19 May 2006 17:10:53 +0100
Chris Bainbridge [EMAIL PROTECTED] wrote:
Well, that would be incompatible with a single signature. I don't
really see that point, but then I've been spoiled with broadband for
years. Do we really have many users on dialup that it would
inconvenience?
It
Disclaimer: I'll only targeting technical aspects here, I won't go into
any security analysis.
On Thu, 18 May 2006 23:45:17 +0200
Patrick Lauer [EMAIL PROTECTED] wrote:
3) Manifest / Manifest2
This is an implementation of a checksum / signature scheme. It is
described in GLEP 44:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Marius Mauch wrote:
On Fri, 19 May 2006 15:13:48 +0200
Stefan Schweizer [EMAIL PROTECTED] wrote:
Marc Hildebrand wrote:
Otoh LC_ALL=C could help if you intend to use a .utf-8 locale as
root, though. So if it does help solving bugs and causes no
On Fri, 19 May 2006 19:27:18 +0200
Stefan Schweizer [EMAIL PROTECTED] wrote:
Also I would want to have it in the stable branch anyway because of
bugreports by first-time users who do not use the latest version of
portage. It is better to add it now while in pre-release phase than
after that
There is also a darcs.eclass in the zugaina overlay (available through
layman) if you need some more inspiration.
I think this is cool and a darcs eclass should definitely live in the tree.
Please add it, so that we can start using it :)
- Stefan
--
gentoo-dev@gentoo.org mailing list
On Fri, May 19, 2006 at 09:08:08AM -0700, Greg KH wrote:
On Fri, May 19, 2006 at 01:45:30PM +0200, Fernando J. Pereda wrote:
Also, git-sources *should* use this eclass once it is in the tree since
people using it will save _lots_ of bandwidth and disk space.
Yes, I'll convert it over once
On Fri, May 19, 2006 at 02:18:05PM -0700, Robin H. Johnson wrote:
On Fri, May 19, 2006 at 09:08:08AM -0700, Greg KH wrote:
On Fri, May 19, 2006 at 01:45:30PM +0200, Fernando J. Pereda wrote:
Also, git-sources *should* use this eclass once it is in the tree since
people using it will save
Robin H. Johnson wrote:
On Fri, May 19, 2006 at 09:08:08AM -0700, Greg KH wrote:
On Fri, May 19, 2006 at 01:45:30PM +0200, Fernando J. Pereda wrote:
Also, git-sources *should* use this eclass once it is in the tree since
people using it will save _lots_ of bandwidth and disk space.
Yes, I'll
Greg KH wrote:
Ok, we'll make it a new ebuild. git-live-sources perhaps? :)
If you just want the latest git rather than snapshots etc, you could do
a git-sources-.ebuild. That seems to have become the standard.
Thanks,
Donnie
signature.asc
Description: OpenPGP digital signature
On Fri, May 19, 2006 at 02:32:13PM -0700, Donnie Berkholz wrote:
Robin H. Johnson wrote:
On Fri, May 19, 2006 at 09:08:08AM -0700, Greg KH wrote:
On Fri, May 19, 2006 at 01:45:30PM +0200, Fernando J. Pereda wrote:
Also, git-sources *should* use this eclass once it is in the tree since
Robin H. Johnson wrote:
Simple case - consider a disconnected machine, that you use sneakernet
to get files to - I've had a few in the past where the hardware was new
enough that networking was broken or not supported yet, and I had to try
a few patches and snapshots before actually getting it
On Friday 19 May 2006 23:44, Donnie Berkholz wrote:
If you just want the latest git rather than snapshots etc, you could do
a git-sources-.ebuild. That seems to have become the standard.
I would suggest a 2.6.999 just to be on the safe side ;)
--
Diego Flameeyes Pettenò -
If there is anything you or genone need to make signing happening you
have to the full support of the council/infra/hardened/security.
On Thu, 2006-05-18 at 21:26 -0700, Robin H. Johnson wrote:
This email is a discussion on why we need to care about more than the simple
key parameters, and why
Along these lines, I added my mercurial.eclass to the tree. I use it
personally for a couple projects, and figured it might help prevent
other people from needing to re-invent the wheel.
Regards,
Aron
--
gentoo-dev@gentoo.org mailing list
On Fri, 2006-05-19 at 09:07 +0200, Henrik Brix Andersen wrote:
Yes, I agree. It is very nice. We're slowly turning into Debian Linux
- the role model of every GNU/Linux distribution out there.
I noticed that about the time GLEPs were introduced. It's a shame
really.
--
Owen Ford [EMAIL
On Thu, May 18, 2006 at 12:22:25PM -0400, Mark Loeser wrote:
This package is currently without a maintainer and has open QA issues;
bug #123708. It was marked as testing on every arch without being
tested and could really use someone to clean it up. It will be booted
in 30 days if no one
Marius Mauch wrote:
On Fri, 19 May 2006 12:28:04 -0400
Peter [EMAIL PROTECTED] wrote:
Who signs the Manifests? Why are some unsigned? Is there a single
Gentoo Security Key (like I know Slackware has and some other distros
to ensure the authenticity of their files)?
Because the whole
63 matches
Mail list logo