[gentoo-dev] retiring + looking maintainers for sendmail, tenshi, scapy, ftester
Hi folks, I'm retiring. I was maintaining the following packages: app-admin/tenshi (note: I'm upstream as well) mail-mta/sendmail net-analyzer/scapy net-analyzer/ftester (note: I'm upstream as well) So those needs new maintainership. Cheers -- Andrea Barisani <[EMAIL PROTECTED]>.*. Gentoo Linux Infrastructure Developer V ( ) PGP-Key 0x864C9B9E http://dev.gentoo.org/~lcars/pubkey.asc ( ) 0A76 074A 02CD E989 CE7F AC3F DA47 578E 864C 9B9E^^_^^ "Pluralitas non est ponenda sine necessitate" -- gentoo-dev@lists.gentoo.org mailing list
Re: [gentoo-dev] Gentoo list server dropping mail
On Tue, Nov 07, 2006 at 11:34:51AM -0600, Andrew Gaffney wrote: > Chris Gianelloni wrote: > >Andrea has worked pretty hard on this. He's made some changes that he > >thinks has solved the problem. If anyone is having issues currently > >with emails being dropped to the mailing lists, could they please post > >on bug #141904 so Andrea can look at them? You'll definitely want the > >msgid of the failed message for him. > > In that bug, he says he changed some config option but doesn't go into > details. > Andrea, can you give a brief synopsis of the issue, so that it could > possibly help others avoid the same pitfall in the future? > The setup is too much customized, giving an account of the issue wouldn't be useful ( it would only confuse people :) ). Besides the cause and resolution are not precisely identified and at the end I just performed a series of upgrades trying to see if the "hidden" issue got solved. Cheers > -- > Andrew Gaffneyhttp://dev.gentoo.org/~agaffney/ > Gentoo Linux Developer Installer Project > Today's lesson in political correctness: "Go asphyxiate on a phallus" > -- > gentoo-dev@gentoo.org mailing list > -- Andrea Barisani <[EMAIL PROTECTED]>.*. Gentoo Linux Infrastructure Developer V ( ) PGP-Key 0x864C9B9E http://dev.gentoo.org/~lcars/pubkey.asc ( ) 0A76 074A 02CD E989 CE7F AC3F DA47 578E 864C 9B9E^^_^^ "Pluralitas non est ponenda sine necessitate" -- gentoo-dev@gentoo.org mailing list
Re: [gentoo-dev] Project Sunrise thread -- a try of clarification
On Fri, Jun 09, 2006 at 05:22:18PM -0400, Chris Gianelloni wrote: > On Fri, 2006-06-09 at 22:51 +0200, Patrick Lauer wrote: > > On Fri, 2006-06-09 at 16:14 -0400, Chris Gianelloni wrote: > > [snip] > > > > If someone wanted to exploit boxen he'd use a much simpler attack > > > > vector ... our rsync mirrors are wide open. No need to secure the little > > > > window over there when the front door is open ... > > > > > > Really? I'd like you to give me root on rsync.gentoo.org, then. What's > > > that? You can't? What a wonder! > > > > I don't need that ... > > Look, three-step plan to hacking Gentoo boxen: > > > > 1) open a few rsync mirrors and get them into the official rotation > > Umm... the rsync servers in rsync.gentoo.org are all controlled by infra > now. If you're using another rsync server (read, untrusted) then you > get what you deserve. ;] > Right. Besides all distro suffer this same problem, indeed shouting that our mirror system is a wide open door is far from being fair. This new project though could be a nice attack vector, in the FAQ you state that you don't allow eclasses, that's nice...but I can think thousand of other ways for compromises without them using ebuilds. Not pointing fingers here, just stating that if this is an "official" project (whatever that means)...or even if it's not, much caution is advised security-wise in who you trust and what you are going to put in the tree (and most important what the perception of your authority/reliability will be user-wise). Cheers -- Andrea Barisani <[EMAIL PROTECTED]>.*. Gentoo Linux Infrastructure Developer V ( ) PGP-Key 0x864C9B9E http://dev.gentoo.org/~lcars/pubkey.asc ( ) 0A76 074A 02CD E989 CE7F AC3F DA47 578E 864C 9B9E^^_^^ "Pluralitas non est ponenda sine necessitate" -- gentoo-dev@gentoo.org mailing list
Re: [gentoo-dev] Re: ca-certificates PDEPEND
On Mon, Jan 09, 2006 at 06:03:03PM +0100, Jakub Moc wrote: > > 9.1.2006, 17:28:04, Andrea Barisani wrote: > > > On Mon, Jan 09, 2006 at 05:21:42PM +0100, Jakub Moc wrote: > >> > >> 9.1.2006, 17:12:31, Andrea Barisani wrote: > >> > >> > On Mon, Jan 09, 2006 at 11:08:38AM -0500, solar wrote: > >> > >> >> > >> >> Do you think the PDEPEND of the ca-certs should be tied to a USE= flag? > >> >> If so should it be a 'no*certs' flag or a USE=cacerts ? > >> > >> > USE=cacerts sounds the proper course of action to me. > >> > >> NOT until use-based deps are in place, plzktnxbye!!! Don't break the damned > >> realplayer thing again. > > > It's the realplayer thing that should be fixed. Can't believe that > > ca-certificates got relatively quiet as a PDEPEND because of that ;). > > No, it's not, it's FETCHCOMMAND/wget thing. Would like to hear about > alternatives besides those discussed ad nauseam in Bug 101457. > I know I read the bug. My remark wasn't a "strict" one. > Realplayer does *not* depend on ca-certificates in ANY way, it's That's kinda obvious. > FETCHCOMMAND that's broken w/ unknown CA and self-signed certificates. Since > not honoring self-signed certificates by default can be hardly considered as > a bug, hence the depenency on ca-certificates in wget. > Yeah it could be treated as a bug, I'd rather fix that by patching wget (--dont-be-a-pain-with-self-signed-certs yes) or anyway at *that* layer and not by adding ca-certificates as a DEPEND since it has other implications that we already discussed. -- Andrea Barisani <[EMAIL PROTECTED]>.*. Gentoo Linux Infrastructure Developer V ( ) PGP-Key 0x864C9B9E http://dev.gentoo.org/~lcars/pubkey.asc ( ) 0A76 074A 02CD E989 CE7F AC3F DA47 578E 864C 9B9E^^_^^ "Pluralitas non est ponenda sine necessitate" -- gentoo-dev@gentoo.org mailing list
Re: [gentoo-dev] Re: ca-certificates PDEPEND
On Mon, Jan 09, 2006 at 05:21:42PM +0100, Jakub Moc wrote: > > 9.1.2006, 17:12:31, Andrea Barisani wrote: > > > On Mon, Jan 09, 2006 at 11:08:38AM -0500, solar wrote: > > >> > >> Do you think the PDEPEND of the ca-certs should be tied to a USE= flag? > >> If so should it be a 'no*certs' flag or a USE=cacerts ? > > > USE=cacerts sounds the proper course of action to me. > > NOT until use-based deps are in place, plzktnxbye!!! Don't break the damned > realplayer thing again. It's the realplayer thing that should be fixed. Can't believe that ca-certificates got relatively quiet as a PDEPEND because of that ;). -- Andrea Barisani <[EMAIL PROTECTED]>.*. Gentoo Linux Infrastructure Developer V ( ) PGP-Key 0x864C9B9E http://dev.gentoo.org/~lcars/pubkey.asc ( ) 0A76 074A 02CD E989 CE7F AC3F DA47 578E 864C 9B9E^^_^^ "Pluralitas non est ponenda sine necessitate" -- gentoo-dev@gentoo.org mailing list
[gentoo-dev] Re: ca-certificates PDEPEND
On Mon, Jan 09, 2006 at 11:08:38AM -0500, solar wrote: > On Mon, 2006-01-09 at 16:55 +0100, Andrea Barisani wrote: > > Regarding the inclusion of ca-certificates as a PDEPEND (yeah a brief > > exchange of emails already happened on -dev but since it's not so easy to > > track it I'm lagging behind on this) I would like to express that I really > > don't like the fact that we are "trusting" cacert.org certs (among others) > > without providing it as a choice. > > > > Despite all the political views that we can throw in favour of a "cacert.org > > are trying to make the SSL certs world less evil" argument this is some > > major > > policy that we are supporting and it shouldn't be taken that lightly (I > > don't > > remember such a major confrontation about this) and I really don't think > > this > > should be a default policy but rather user's choice. Technically cacert.org > > is not a recognized CA in the "proper" way (and don't point that a proper CA > > is a lame concept and a snake oil thing..this is not the point). > > > [CCing [EMAIL PROTECTED] because this concerns the team as well imho.] > > > > Just my 2 eurocent. > > > > P.S. > > I know that firefox doesn't trust /etc/ssl/certs by default, dunno about > > konqueror. The point is still relevant though. > > > Do you think the PDEPEND of the ca-certs should be tied to a USE= flag? > If so should it be a 'no*certs' flag or a USE=cacerts ? USE=cacerts sounds the proper course of action to me. -- Andrea Barisani <[EMAIL PROTECTED]>.*. Gentoo Linux Infrastructure Developer V ( ) PGP-Key 0x864C9B9E http://dev.gentoo.org/~lcars/pubkey.asc ( ) 0A76 074A 02CD E989 CE7F AC3F DA47 578E 864C 9B9E^^_^^ "Pluralitas non est ponenda sine necessitate" -- gentoo-dev@gentoo.org mailing list
[gentoo-dev] ca-certificates PDEPEND
Regarding the inclusion of ca-certificates as a PDEPEND (yeah a brief exchange of emails already happened on -dev but since it's not so easy to track it I'm lagging behind on this) I would like to express that I really don't like the fact that we are "trusting" cacert.org certs (among others) without providing it as a choice. Despite all the political views that we can throw in favour of a "cacert.org are trying to make the SSL certs world less evil" argument this is some major policy that we are supporting and it shouldn't be taken that lightly (I don't remember such a major confrontation about this) and I really don't think this should be a default policy but rather user's choice. Technically cacert.org is not a recognized CA in the "proper" way (and don't point that a proper CA is a lame concept and a snake oil thing..this is not the point). [CCing [EMAIL PROTECTED] because this concerns the team as well imho.] Just my 2 eurocent. P.S. I know that firefox doesn't trust /etc/ssl/certs by default, dunno about konqueror. The point is still relevant though. -- Andrea Barisani <[EMAIL PROTECTED]>.*. Gentoo Linux Infrastructure Developer V ( ) PGP-Key 0x864C9B9E http://dev.gentoo.org/~lcars/pubkey.asc ( ) 0A76 074A 02CD E989 CE7F AC3F DA47 578E 864C 9B9E^^_^^ "Pluralitas non est ponenda sine necessitate" -- gentoo-dev@gentoo.org mailing list
Re: [gentoo-dev] Decision to remove stage1/2 from installation documentation
On Tue, Nov 22, 2005 at 10:14:04AM -0500, Chris Gianelloni wrote: > On Tue, 2005-11-22 at 15:37 +0100, Andrea Barisani wrote: > > On Tue, Nov 22, 2005 at 02:47:45PM +, Kurt Lieber wrote: > > > We have received *numerous* complaints from users about the decision to > > > remove stage 1 and 2 from the installation documentation. I realize it's > > > still available if users are willing to dig for it, but not all users do. > > > > > > In my years of monitoring [EMAIL PROTECTED], we've received the most > > > complaints about this decision than any other single decision. Is there a > > > way we can re-introduce the stages into the installation documentation, > > > perhaps with gigantic warnings saying, "for advanced users only" or "use > > > at > > > your own risk"? > > > > > > --kurt > > > > > > > I perfectly agree with this request, we should provide the choice and clear > > point that out (along with all the correlated risks) instead of simply > > "hiding" the option. And I sincerely hope there's no intention to remove > > stage1/stage2 tarballs in the future because that would be a really a bad > > thing > > imho. > > The problem with listing risks and such is the users aren't listening. > > They are ignoring our warnings and breaking their own systems, then > filing bugs. The problem is that these are *not* bugs, but issues with > incompatibility. It is impossible to install something that requires a > configured kernel before you have a configured kernel. > I still think that pointing things with a *huge* warning shouldn't be a problem...otherwise we would always end up "hiding" things prone to user error because we think that users are listening. At least let's draft a nice and visible document explaining the change and why people should not use this anymore since judging from the complaints lots of people just don't get it. > Now, on the topic of the tarballs. > > Give me one example of something that you can do with a stage1 or stage2 > tarball that you cannot with a stage3 tarball. > Oh well nothing. I don't doubt that userwise they are not needed...but there might be other needs developerwise where the two stages are useful. So fair enough, remove it from the docs...but at least let's explain why we are doing this since complaints are there (legit or not). -- Andrea Barisani <[EMAIL PROTECTED]>.*. Gentoo Linux Infrastructure Developer V ( ) PGP-Key 0x864C9B9E http://dev.gentoo.org/~lcars/pubkey.asc ( ) 0A76 074A 02CD E989 CE7F AC3F DA47 578E 864C 9B9E^^_^^ "Pluralitas non est ponenda sine necessitate" -- gentoo-dev@gentoo.org mailing list
Re: [gentoo-dev] Decision to remove stage1/2 from installation documentation
On Tue, Nov 22, 2005 at 02:47:45PM +, Kurt Lieber wrote: > We have received *numerous* complaints from users about the decision to > remove stage 1 and 2 from the installation documentation. I realize it's > still available if users are willing to dig for it, but not all users do. > > In my years of monitoring [EMAIL PROTECTED], we've received the most > complaints about this decision than any other single decision. Is there a > way we can re-introduce the stages into the installation documentation, > perhaps with gigantic warnings saying, "for advanced users only" or "use at > your own risk"? > > --kurt > I perfectly agree with this request, we should provide the choice and clear point that out (along with all the correlated risks) instead of simply "hiding" the option. And I sincerely hope there's no intention to remove stage1/stage2 tarballs in the future because that would be a really a bad thing imho. Cheers -- Andrea Barisani <[EMAIL PROTECTED]>.*. Gentoo Linux Infrastructure Developer V ( ) PGP-Key 0x864C9B9E http://dev.gentoo.org/~lcars/pubkey.asc ( ) 0A76 074A 02CD E989 CE7F AC3F DA47 578E 864C 9B9E^^_^^ "Pluralitas non est ponenda sine necessitate" -- gentoo-dev@gentoo.org mailing list
Re: [gentoo-dev] Re: GLEP 38: Status of forum moderators in the Gentoo project
On Tue, Jun 28, 2005 at 05:45:26PM -0700, Duncan wrote: > Lance Albertson posted <[EMAIL PROTECTED]>, excerpted > below, on Tue, 28 Jun 2005 18:14:11 -0500: > > > Ok, after talking with a few folks I want to retract my comment about no > > shell access. I didn't think about the other groups (docs) that already > > have shell access and retain a simliar status as forum mods do in > > Gentoo. I'm just getting ansty about all these new people we're bringing > > on and the security behind it. Thats my main concern at this point, not > > whether your work is more or less than a regular developer. I just > > wanted to make that point before I had a flamewar directed at me :) > > OK, I'm with you on the security thing (being one that would prefer a > USE=clientonly flag, remember, tho I understand the reasons behind not > doing it), but I DO know there's quite the occasional use for someplace to > host scripts, patchlets, and sample config files for reference from > forums/news/lists/irc, that I've personally found useful, that others > would like to see as well. Would devwiki (or something like that) access for hosting files be acceptable? Seriously security_wise and admin_wise I don't see shell access useful neither appropriate imho. Btw how many forums moderators are we talking about? Cheers -- Andrea Barisani <[EMAIL PROTECTED]>.*. Gentoo Linux Infrastructure Developer V ( ) GPG-Key 0x864C9B9E http://dev.gentoo.org/~lcars/pubkey.asc ( ) 0A76 074A 02CD E989 CE7F AC3F DA47 578E 864C 9B9E^^_^^ "Pluralitas non est ponenda sine necessitate" -- gentoo-dev@gentoo.org mailing list
Re: [gentoo-dev] reply-to munging
On Fri, Apr 15, 2005 at 12:52:33PM -0700, Donnie Berkholz wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Andrea Barisani wrote: > | There's no reference to @gentoo.org and our main MX server is > rewriting @gentoo.org > | to @lists.gentoo.org every time. Are you seeing @gentoo.org in those > headers > | in the messages you are getting? > > Something has changed recently. I'm no longer getting both. > > If I go back to a post from April 2 and hit reply all, I get @gentoo.org > and @robin.gentoo.org. Well yeah that was the old configuration, everything was fixed some time ago and I assumed that you were talking about recent messages. Cheers -- Andrea Barisani <[EMAIL PROTECTED]>.*. Gentoo Linux Infrastructure Developer V ( ) GPG-Key 0x864C9B9E http://dev.gentoo.org/~lcars/pubkey.asc ( ) 0A76 074A 02CD E989 CE7F AC3F DA47 578E 864C 9B9E^^_^^ "Pluralitas non est ponenda sine necessitate" -- gentoo-dev@gentoo.org mailing list
Re: [gentoo-dev] reply-to munging
On Thu, Apr 14, 2005 at 09:32:59AM -0700, Donnie Berkholz wrote: > > Reply to List hasn't even worked properly for me since switching to the > new server or whatever. It duplicates to @gentoo.org and > @lists.gentoo.org. I'd guess this has something to do with people > sending to @gentoo.org when the list thinks it's @lists.gentoo.org, and > it never gets things figured out. What MUA are you using? I guess there's something wrong with your setup, let's look at the headers: List-Post: <mailto:gentoo-dev@lists.gentoo.org> Reply-to: gentoo-dev@lists.gentoo.org To: gentoo-dev@lists.gentoo.org There's no reference to @gentoo.org and our main MX server is rewriting @gentoo.org to @lists.gentoo.org every time. Are you seeing @gentoo.org in those headers in the messages you are getting? Bye -- Andrea Barisani <[EMAIL PROTECTED]>.*. Gentoo Linux Infrastructure Developer V ( ) GPG-Key 0x864C9B9E http://dev.gentoo.org/~lcars/pubkey.asc ( ) 0A76 074A 02CD E989 CE7F AC3F DA47 578E 864C 9B9E^^_^^ "Pluralitas non est ponenda sine necessitate" -- gentoo-dev@gentoo.org mailing list
Re: [gentoo-dev] reply-to munging
On Thu, Apr 14, 2005 at 06:06:18PM +0900, Georgi Georgiev wrote: > maillog: 14/04/2005-11:01:19(+0200): Andrea Barisani types > > I'm prefectly happy with removing our reply-to header (and leaving > > user_defined one if any) if the userbase of this ml is happy to deal without > > it. > > Are you gonna start a poll on the forums? > Starting a poll on *forums* about a *ml*, no thanks :). Hope you were being sarcastic. I'm open to suggestions other than the "remove the header and let the flames come" option which unfortunately looks like the only one to me and despite being "right" in many regards I fear it will cause the havoc that we've experienced on gentoo-user. -- Andrea Barisani <[EMAIL PROTECTED]>.*. Gentoo Linux Infrastructure Developer V ( ) GPG-Key 0x864C9B9E http://dev.gentoo.org/~lcars/pubkey.asc ( ) 0A76 074A 02CD E989 CE7F AC3F DA47 578E 864C 9B9E^^_^^ "Pluralitas non est ponenda sine necessitate" -- gentoo-dev@gentoo.org mailing list
Re: [gentoo-dev] reply-to munging
On Thu, Apr 14, 2005 at 10:54:35AM +0200, Paul de Vrieze wrote: > > Hi all, > > It appears that recently the mailing list server has enabled reply to > munging. From previous discussions (about 2 years ago) it was decided not > to do this reply to munging. What I want to ask is do we want to > reconsider this decision, or do we want the reply-to munging be disabled > again? The reply-to was set in almost all mailing lists with the old server. During the migration I kept the Reply-To for all lists, I didn't notice that gentoo-dev wasn't using it. I agree that reply-to munging is a bad idea and I tried removing it from gentoo-user receiving a lot of flames because of that, see also this bug for something related about this topic: http://bugs.gentoo.org/show_bug.cgi?id=82887 I'm prefectly happy with removing our reply-to header (and leaving user_defined one if any) if the userbase of this ml is happy to deal without it. Cheers -- Andrea Barisani <[EMAIL PROTECTED]>.*. Gentoo Linux Infrastructure Developer V ( ) GPG-Key 0x864C9B9E http://dev.gentoo.org/~lcars/pubkey.asc ( ) 0A76 074A 02CD E989 CE7F AC3F DA47 578E 864C 9B9E^^_^^ "Pluralitas non est ponenda sine necessitate" -- gentoo-dev@gentoo.org mailing list
