Re: [gentoo-dev] [PATCH] profiles/targets/desktop: Do not enable ldap USE flag by default

2020-09-10 Thread John Helmert III
On Thu, Sep 10, 2020 at 11:59:31AM +0300, Mikle Kolyada wrote:
> 
> On 10.09.2020 08:35, Hans de Graaff wrote:
> > On Wed, 2020-09-09 at 13:35 +0300, Mikle Kolyada wrote:
> >> Closes: https://bugs.gentoo.org/741380
> > Could you provide a rationale for removing this? The bug only has a
> > single anecdotal report of a user who can run a desktop without it. I'm
> > not sure if that is reason enough to remove this. I guess we won't be
> > able to figure out easily how many of our desktop profile users are
> > actually using LDAP, but changing this may cause surprises and I'm not
> > sure if that's warranted.
> >
> > Hans
> 
> 
> Hi.
> 
> It is dictated by common sense.
> 
> I barely can imagine a case where you need ldap support in each and 
> every package you install.
> 
> This should rather be per-package enabled as something non-trivial.

Maybe this change should be introduced with a news item just to help
limit surprises?


signature.asc
Description: PGP signature


Re: [gentoo-dev] Crypto/GPG-related packages up for grabs

2020-09-07 Thread John Helmert III
On Mon, Sep 07, 2020 at 07:44:33PM +0200, Michał Górny wrote:
> Hi,
> 
> The following packages are up for grabs due to their maintainer being
> MIA.
> 
> acct-group/monkeysphere
> acct-user/monkeysphere
> app-crypt/ekeyd
> app-crypt/monkeysphere
> app-crypt/nasty
> app-crypt/pinentry
> app-eselect/eselect-pinentry
> dev-libs/libgcrypt
> dev-libs/npth
> net-misc/sks
> www-apps/ampache

Note that ampache is currency masked for removal:

# Sam James  (2020-08-30)
# Serious security vulns, outdated.
# bug 699834. Removal in 30 days.
www-apps/ampache

https://bugs.gentoo.org/699834

> 
> -- 
> Best regards,
> Michał Górny
> 




signature.asc
Description: PGP signature


Re: [gentoo-dev] Bug #733802, USE 'scp' now defaults to off in net-misc/openssh

2020-07-25 Thread John Helmert III
On Sat, Jul 25, 2020 at 08:05:14PM -0400, Rich Freeman wrote:
> On Sat, Jul 25, 2020 at 7:40 PM Joshua Kinard  wrote:
> >
> > This seems like something that needs a news entry, or
> > at least a "heads up" on the mailing list?
> 
> Definitely not a "heads up" on the mailing list - that is not an
> appropriate way to communicate anything to users - not even devs are
> required to read this list.
> 
> The two appropriate ways to communicate something like this are
> einfo/ewarn/etc or news.  Never hurts to use news.  Ideally I'd point
> to a substitute, and I'd suggest one myself if I were aware of one...

Just to have this information here for easy access, this is upstream's
response from that bug's URL [1]. They recommend "rsync or something else":

The scp command is a historical protocol (called rcp) which relies
upon that style of argument passing and encounters expansion
problems. It has proven very difficult to add "security" to the scp
model. All attempts to "detect" and "prevent" anomalous argument
transfers stand a great chance of breaking existing workflows. Yes,
we recognize it the situation sucks. But we don't want to break the
easy patterns people use scp for, until there is a commonplace
replacement. People should use rsync or something else instead if
they are concerned.

[1] https://github.com/cpandya2909/CVE-2020-15778/


signature.asc
Description: PGP signature


Re: [gentoo-dev] Last-rites: dev-util/cutter

2020-07-24 Thread John Helmert III
On Fri, Jul 24, 2020 at 02:06:56PM +0300, Joonas Niilola wrote:
> # Unmaintained in Gentoo, broken, multiple bugs open.
> # Removal in ~30 days. #733324

Hi, I've opened a PR to take this. The newest version fixes the build
issue present with the version we have in-tree and it seems that like
most (if not all) of the open bugs have been obsoleted.

https://github.com/gentoo/gentoo/pull/16806


signature.asc
Description: PGP signature


Re: [gentoo-dev] */*: Mask Py2 only packages

2020-06-25 Thread John Helmert III
On Thu, Jun 25, 2020 at 07:32:04AM -0400, Michael Orlitzky wrote:
> On 2020-06-24 16:08, Michał Górny wrote:
> > 
> > $ git grep -l mgo...@gentoo.org '**/metadata.xml' | cut -d/ -f1-2 |
> > xargs gpy-py2 2>/dev/null
> > 
> 
> The big problem with this is that it misses any aliases (like graphics@)
> that you're a member of. But let's golf; this is POSIX sh, doesn't use
> grep to parse XML, and takes the maintainer's email address as an argument:
> 
> REPO=/var/db/repos/gentoo
> XPATH="/pkgmetadata/maintainer/email[normalize-space(text()) = '${1}']"
> 
> find -L "${REPO}" \
>   -mindepth 3 \
>   -maxdepth 3 \
>   -name 'metadata.xml' \
>   -exec sh -c "
> for f in \"\${@}\"; do
>   xmllint --xpath \"${XPATH}\" \"\${f}\" >/dev/null 2>&1 && \
> echo \"\$(dirname -- \"\${f}\")\" | sed \"s:${REPO%/}/::\"
> done
>   " - {} +
> 

We can instead avoid parsing XML at all if we're not averse to using
`pquery`, and we can avoid the limitation of scanning the entire tree
for a single name/email by outputting the maintainers for all of the
problematic packages at once (in this case, packages output by
`gpy-py2`) in a greppable format. Not sure why pquery doesn't see
maintainers for things like automake:1.9, so this implementation is
imperfect, but here:

REPO=/var/db/repos/gentoo

for pkg in $(gpy-py2 -r "${REPO}"); do
maint=$(pquery ${pkg} --one-attr maintainers | tail -1)
if [[ ${maint} ]]; then
echo "${pkg}: ${maint}"
else
echo "${pkg}: maintainer-needed"
fi
done


signature.asc
Description: PGP signature


Re: [gentoo-dev] [RFC] Anti-spam for goose

2020-05-22 Thread John Helmert III
On Fri, May 22, 2020 at 12:53:03PM -0700, Brian Dolbec wrote:
> We cannot exclude overlays which will have cat/pkg not in the main
> gentoo repo.  So, we should not excludea submission that includes a few
> of these.

To avoid this problem, even if imperfectly, it should be possible to
track what repository a given package is installed from and then check
its validity based on a list of valid packages for a given overlay.


signature.asc
Description: PGP signature


Re: [gentoo-dev] News item v2: Python 3.7 to become the default target

2020-04-21 Thread John Helmert III
On Tue, Apr 21, 2020 at 07:56:16AM +0200, Michał Górny wrote:
> Display-If-Installed: dev-lang/python:3.6
> 
> On 2020-05-06 (or later), Python 3.7 will replace Python 3.6 as one
> of the default Python targets for Gentoo systems.  The new default
> values will be:
> 
> PYTHON_TARGETS="python2_7 python3_7"
> PYTHON_SINGLE_TARGET="python3_7"

It might be prudent to also show this for python:3.7 in case anyone has
already rebuilt their system with these flags to let them know these
flags are the new defaults and can be removed from their configs.


signature.asc
Description: PGP signature