Re: [openssl-dev] Blog post; changing in email, crypto policy, etc
> On Jan 25, 2018, at 5:11 AM, Richard Levitte wrote: > > This is confusing, and not what was intended. In other words, > openssl-project is *not* a new openssl-dev! If it was, I don't see > why we would even bother making a new list... It is moderated, and won't have misplaced user questions. Technical topics related to the future evolution of OpenSSL should I think be open for discussion on this list if they're not yet sufficiently well formulated for tracking as a GitHub issue. These might be design ideas, clarification of requirements, ... The point being that mailing lists are good for *discussion* and Github is not particularly well suited for that. -- Viktor. -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] Blog post; changing in email, crypto policy, etc
In message on Wed, 24 Jan 2018 13:08:54 -0500, Viktor Dukhovni said: openssl-users> > If we agree that mailing lists are preferrable to openssl-users> > GitHub threads, then we should not close down openssl-users> > openssl-dev. openssl-users> openssl-users> Well, but we now have "openssl-project" for discussions openssl-users> of the ongoing development of OpenSSL. It is mostly openssl-users> for team members, but though it is moderated, IIRC openssl-users> others can join and post. This is confusing, and not what was intended. In other words, openssl-project is *not* a new openssl-dev! If it was, I don't see why we would even bother making a new list... >From the blog entry: > We created a new mailing list, openssl-project, that is for > discussions about the governance and policies of OpenSSL. Anyone can > join this list. Only members of the OMC and committers will be able > to post. Governance and policies (roughly speaking, 'cause there may be some derailing that's shouldn't be there) is not, as far as I understand, "development of OpenSSL". It may be close, thought, such as planning the schedule of the next release. -- Richard Levitte levi...@openssl.org OpenSSL Project http://www.openssl.org/~levitte/ -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] Blog post; changing in email, crypto policy, etc
Viktor Dukhovni wrote: >> On Jan 24, 2018, at 9:27 AM, Michael Richardson wrote: >> >>> email clients are designed to handle hundreds to thousands of messages >>> a day, Github UI isn't > Indeed email is best for informal ad-hoc back and forth threaded > discussion, while Github et. al. are for issue tracking. > If there's a clear problem that requires tracking and resolution, > then the right forum is Github. If there's a topic to discuss, > we have openssl-users. Most openssl-dev threads were more > appropriate for openssl-users. I'm okay with taking more of the "what is the right answer" questions to openssl-users if that's the plan. I truly love github for many many things, but the email interface to issues and pull requests has been a problem for me with projects like tcpdump. I personally don't render HTML parts, and read 90% of my email via emacsclient -nw. Users reasonably post things. 60% are silly requests which a google search or a "man foo" would resolve but it generates emails to the busiest people only (the maintainers), skipping the other users on the list who *also* could answer if they knew there was a well formed question. Is there a stackexchange/serverfault? I took to CC: tcpdump-workers when I answered github issues by email, particularly when there was a question of project goals or policy involved. I realized that there is a bit of a XSS/spam attack facilitated by doing that as the magic reply-to address to get stuff posted to the github issue is now happily archived in the ML! Does github issue process the emails with useful quoting in them usefully? Sorta. So, I'm skeptical, but I am willing to go with the plan. -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works| network architect [ ] m...@sandelman.ca http://www.sandelman.ca/| ruby on rails[ signature.asc Description: PGP signature -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] Blog post; changing in email, crypto policy, etc
> On Jan 24, 2018, at 1:25 PM, Dr. Matthias St. Pierre > wrote: > > Ok, I didn't know that. If anyone seriously participating on GitHub can > join the moderated openssl-project list then this sounds like a good > replacement for openssl-dev, because that list will be more focused > and not bothered with so many misplaced posts that should have > gone to openssl-users. Interested participants can sign up at: https://mta.openssl.org/mailman/listinfo/openssl-project -- Viktor. -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] Blog post; changing in email, crypto policy, etc
On 24.01.2018 19:08, Viktor Dukhovni wrote: > > Well, but we now have "openssl-project" for discussions of the > ongoing development of OpenSSL. It is mostly for team members, > but though it is moderated, IIRC others can join and post. Ok, I didn't know that. If anyone seriously participating on GitHub can join the moderated openssl-project list then this sounds like a good replacement for openssl-dev, because that list will be more focused and not bothered with so many misplaced posts that should have gone to openssl-users. Matthias -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] Blog post; changing in email, crypto policy, etc
> On Jan 24, 2018, at 12:55 PM, Dr. Matthias St. Pierre > wrote: > > As for the two mailing lists openssl-users and openssl-dev: It was always > my understanding that the former was for usability questions starting > from newbie questions up to very sophisticated subjects, whereas > openssl-dev was for discussion around the development process itself. Where "development process" means development of OpenSSL itself, not software dependent on OpenSSL. Since openssl is primarily a developer toolkit, not end-user software, the openssl-users list is really for developers, just not developers of OpenSSL itself. > If we agree that mailing lists are preferrable to GitHub threads, then we > should not close down openssl-dev. Well, but we now have "openssl-project" for discussions of the ongoing development of OpenSSL. It is mostly for team members, but though it is moderated, IIRC others can join and post. > Because openssl-project is readonly for most developers s/developers/users/ > and I don't think it would be a good idea to join openssl-dev > and openssl-users. Well, I've been on both for a long time, and mostly find that I wish the openssl-dev posts were on openssl-users instead, they really mostly aren't about ongoing OpenSSL development. -- Viktor. -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] Blog post; changing in email, crypto policy, etc
Viktor Dukhovni wrote: |> On Jan 24, 2018, at 9:27 AM, Michael Richardson wrote: |>> email clients are designed to handle hundreds to thousands of messages |>> a day, Github UI isn't | |Indeed email is best for informal ad-hoc back and forth threaded |discussion, while Github et. al. are for issue tracking. | |If there's a clear problem that requires tracking and resolution, |then the right forum is Github. If there's a topic to discuss, |we have openssl-users. Most openssl-dev threads were more |appropriate for openssl-users. I see an overwhelming amount of posts on the new list which where somehow missed on -dev, though. As a general note that you might not know, from Germany at least and over my internet account and being not a logged in user i find that github very often fails to generate commit data or cuts directory listings. At least there are no advertisings which consume multiple CPUs for who-knows-what. |So I'm not convinced we need two free-form discussion lists, but |concur that if it is discussion one wants, then email clearly |superior to Github issue tracking. The key question is whether |openssl-users suffices to meet that need. Oh, -dev was a terribly noisy list. So: ch-ch-ch-ch-changes (turn and face the strange). Congratulations for the price you have won. Especially so in respect to, brave new world!, having to go over browser based issue tracker interfaces. I could not do that. --steffen | |Der Kragenbaer,The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt) -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] Blog post; changing in email, crypto policy, etc
On 24.01.2018 18:32, Viktor Dukhovni wrote: > >> On Jan 24, 2018, at 9:27 AM, Michael Richardson wrote: >> >>> email clients are designed to handle hundreds to thousands of messages >>> a day, Github UI isn't > Indeed email is best for informal ad-hoc back and forth threaded > discussion, while Github et. al. are for issue tracking. > > If there's a clear problem that requires tracking and resolution, > then the right forum is Github. If there's a topic to discuss, > we have openssl-users. Most openssl-dev threads were more > appropriate for openssl-users. > > So I'm not convinced we need two free-form discussion lists, but > concur that if it is discussion one wants, then email clearly > superior to Github issue tracking. The key question is whether > openssl-users suffices to meet that need. > Although GitHub issues provide nice features like markdown and syntax highlighting, I agree with Viktor that in general mailing lists are much more suitable for general discussion. If nothing else, then because they are open for everyone to read and search (via the mail archives) and don't require a login. So IMHO GitHub issues should remain for topics like bug reports and specific discussions related to current pull requests. As for the two mailing lists openssl-users and openssl-dev: It was always my understanding that the former was for usability questions starting from newbie questions up to very sophisticated subjects, whereas openssl-dev was for discussion around the development process itself. If we agree that mailing lists are preferrable to GitHub threads, then we should not close down openssl-dev. Because openssl-project is readonly for most developers and I don't think it would be a good idea to join openssl-dev and openssl-users. Matthias -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] Blog post; changing in email, crypto policy, etc
> On Jan 24, 2018, at 9:27 AM, Michael Richardson wrote: > >> email clients are designed to handle hundreds to thousands of messages >> a day, Github UI isn't Indeed email is best for informal ad-hoc back and forth threaded discussion, while Github et. al. are for issue tracking. If there's a clear problem that requires tracking and resolution, then the right forum is Github. If there's a topic to discuss, we have openssl-users. Most openssl-dev threads were more appropriate for openssl-users. So I'm not convinced we need two free-form discussion lists, but concur that if it is discussion one wants, then email clearly superior to Github issue tracking. The key question is whether openssl-users suffices to meet that need. -- Viktor. -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] Blog post; changing in email, crypto policy, etc
Hubert Kario wrote: > that marking a conversation as ignored and going to next one is two key > combinations and less than a second, github ones require me to go to > the web UI which is slow, and if I have to view the issue because > subject is ambiguous it takes ten times as long as it does when using > email +1 > email clients are designed to handle hundreds to thousands of messages > a day, Github UI isn't signature.asc Description: PGP signature -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] Blog post; changing in email, crypto policy, etc
* Hubert Kario: > when I mark project as followed I'm getting messages from all issues > and all PRs - likely dozens if not hundred messages a day But isn't that the point? My main concern with Github is that I have no record of my own actions. (Their single-account policy is also a problem for some of us, but that is perhaps our own fault.) -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] Blog post; changing in email, crypto policy, etc
In message <8c351e82-600b-487e-aef3-a3f42cd23...@akamai.com> on Tue, 23 Jan 2018 14:38:14 +, "Salz, Rich via openssl-dev" said: openssl-dev> openssl-dev> ➢ For the lovers of NNTP: openssl-project has been added to news.gmane.org openssl-dev> as gmane.comp.encryption.openssl.project as readonly list. openssl-dev> openssl-dev> I will always have a fondness for NNTP :) ... except for the trashing of the database disk(s) back in the days if you're running a server... (I did) (on VMS ;-)) But yeah, totally agree otherwise -- Richard Levitte levi...@openssl.org OpenSSL Project http://www.openssl.org/~levitte/ -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] Blog post; changing in email, crypto policy, etc
➢ ah, true, I have those disabled because I use the same account for both my personal and my work projects so no single email address is correct for them At least we figured out the confusion! I have no good answer other than subject line filtering and forwarding, sorry. -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] Blog post; changing in email, crypto policy, etc
On Tuesday, 23 January 2018 16:13:30 CET Salz, Rich wrote: > ➢ github ones require me to go to the web > UI which is slow > > I am confused by that. When someone posts an issue or comment, I get the > text emailed to me. Not just openssl, but all projects I watch. ah, true, I have those disabled because I use the same account for both my personal and my work projects so no single email address is correct for them -- Regards, Hubert Kario Senior Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 115, 612 00 Brno, Czech Republic signature.asc Description: This is a digitally signed message part. -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] Blog post; changing in email, crypto policy, etc
➢ github ones require me to go to the web UI which is slow I am confused by that. When someone posts an issue or comment, I get the text emailed to me. Not just openssl, but all projects I watch. -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] Blog post; changing in email, crypto policy, etc
On 23.01.2018 15:54, Hubert Kario wrote: > On Tuesday, 23 January 2018 15:36:26 CET Salz, Rich wrote: >> ➢ this feature sends notifications about _all_ conversations happening. >> >> For me, I get the actual comments that are posted. Don’t you? > when I comment in an issue/PR or mark it as followed I'm getting only > messages > from that issue/PR > > when I mark project as followed I'm getting messages from all issues and all > PRs - likely dozens if not hundred messages a day Have you checked Github > Settings > Emails > Email preferences ? Maybe yours are set to "Receive all emails"? My settings are as follows: ( ) Receive all emails, except those I unsubscribe from. (*) Only receive account related emails, and those I subscribe to. -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] Blog post; changing in email, crypto policy, etc
On Tuesday, 23 January 2018 15:36:26 CET Salz, Rich wrote: > ➢ this feature sends notifications about _all_ conversations happening. > > For me, I get the actual comments that are posted. Don’t you? when I comment in an issue/PR or mark it as followed I'm getting only messages from that issue/PR when I mark project as followed I'm getting messages from all issues and all PRs - likely dozens if not hundred messages a day > On the > mailing list, you have to explicitly mark/junk conversation threads in your > mail program. You would still have to do that here. > I don’t understand what you see as different? that marking a conversation as ignored and going to next one is two key combinations and less than a second, github ones require me to go to the web UI which is slow, and if I have to view the issue because subject is ambiguous it takes ten times as long as it does when using email email clients are designed to handle hundreds to thousands of messages a day, Github UI isn't or to put it other way: github notifications are perfect if you are directly involved in the project, they suck if you just want to keep tabs on an active project -- Regards, Hubert Kario Senior Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 115, 612 00 Brno, Czech Republic signature.asc Description: This is a digitally signed message part. -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] Blog post; changing in email, crypto policy, etc
➢ For the lovers of NNTP: openssl-project has been added to news.gmane.org as gmane.comp.encryption.openssl.project as readonly list. I will always have a fondness for NNTP :) But that reminds me to nudge the other mailing list distributors, and update the website. Thanks! -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] Blog post; changing in email, crypto policy, etc
➢ this feature sends notifications about _all_ conversations happening. For me, I get the actual comments that are posted. Don’t you? On the mailing list, you have to explicitly mark/junk conversation threads in your mail program. You would still have to do that here. I don’t understand what you see as different? -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] Blog post; changing in email, crypto policy, etc
On Tuesday, 23 January 2018 15:22:13 CET Salz, Rich wrote: > You should be able to just watch the openssl repo (the eyeball/watch notice > in the upper-right side) that's what I was talking about this feature sends notifications about _all_ conversations happening. > On 1/23/18, 7:00 AM, "Hubert Kario" wrote: > > On Friday, 19 January 2018 18:34:57 CET Salz, Rich via openssl-dev > wrote: > > There’s a new blog post at > > > > https://www.openssl.org/blog/blog/2018/01/18/f2f-london/ > > > > > We decided to increase our use of GitHub. In addition to asking that > > all bug > > reports and enhancement requests be reported as issues, we > > now want all major code proposals to be discussed as issues before a > > large pull request shows up. This will let the community discuss the > > feature, offer input on design and such, before having code to look > > at. We hope this will let us all first look at the bigger picture, > > before getting bogged down in the weeds of line-by-line code reviews. > > > does that mean I have to subscribe to all notifications from the openssl > > github project to notice them? that's really suboptimal > > -- > Regards, > Hubert Kario > Senior Quality Engineer, QE BaseOS Security team > Web: www.cz.redhat.com > Red Hat Czech s.r.o., Purkyňova 115, 612 00 Brno, Czech Republic > -- Regards, Hubert Kario Senior Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 115, 612 00 Brno, Czech Republic signature.asc Description: This is a digitally signed message part. -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] Blog post; changing in email, crypto policy, etc
Salz, Rich via open ssl-dev in gmane.comp.encryption.openssl.devel (Fri, 19 Jan 2018 17:34:57 +): >- New mailing list openssl-project for project discussions For the lovers of NNTP: openssl-project has been added to news.gmane.org as gmane.comp.encryption.openssl.project as readonly list. -- Jan -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] Blog post; changing in email, crypto policy, etc
You should be able to just watch the openssl repo (the eyeball/watch notice in the upper-right side) On 1/23/18, 7:00 AM, "Hubert Kario" wrote: On Friday, 19 January 2018 18:34:57 CET Salz, Rich via openssl-dev wrote: > There’s a new blog post at > https://www.openssl.org/blog/blog/2018/01/18/f2f-london/ > We decided to increase our use of GitHub. In addition to asking that all bug > reports and enhancement requests be reported as issues, we now want all > major code proposals to be discussed as issues before a large pull request > shows up. This will let the community discuss the feature, offer input on > design and such, before having code to look at. We hope this will let us > all first look at the bigger picture, before getting bogged down in the > weeds of line-by-line code reviews. does that mean I have to subscribe to all notifications from the openssl github project to notice them? that's really suboptimal -- Regards, Hubert Kario Senior Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 115, 612 00 Brno, Czech Republic -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] Blog post; changing in email, crypto policy, etc
Hello, On Tue, Jan 23, 2018 at 3:00 PM, Hubert Kario wrote: > On Friday, 19 January 2018 18:34:57 CET Salz, Rich via openssl-dev wrote: > > There’s a new blog post at > > https://www.openssl.org/blog/blog/2018/01/18/f2f-london/ > > > We decided to increase our use of GitHub. In addition to asking that all > bug > > reports and enhancement requests be reported as issues, we now want all > > major code proposals to be discussed as issues before a large pull > request > > shows up. This will let the community discuss the feature, offer input on > > design and such, before having code to look at. We hope this will let us > > all first look at the bigger picture, before getting bogged down in the > > weeds of line-by-line code reviews. > > does that mean I have to subscribe to all notifications from the openssl > github project to notice them? that's really suboptimal > Totally agree. -- SY, Dmitry Belyavsky -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] Blog post; changing in email, crypto policy, etc
On Friday, 19 January 2018 18:34:57 CET Salz, Rich via openssl-dev wrote: > There’s a new blog post at > https://www.openssl.org/blog/blog/2018/01/18/f2f-london/ > We decided to increase our use of GitHub. In addition to asking that all bug > reports and enhancement requests be reported as issues, we now want all > major code proposals to be discussed as issues before a large pull request > shows up. This will let the community discuss the feature, offer input on > design and such, before having code to look at. We hope this will let us > all first look at the bigger picture, before getting bogged down in the > weeds of line-by-line code reviews. does that mean I have to subscribe to all notifications from the openssl github project to notice them? that's really suboptimal -- Regards, Hubert Kario Senior Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 115, 612 00 Brno, Czech Republic signature.asc Description: This is a digitally signed message part. -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] Blog post; changing in email, crypto policy, etc
On 1/19/18, 12:52, "Salz, Rich" wrote: >> It appears to me that you could use openssl-dev instead of openssl-project, >> saving cycles on killing >> one and creating the other. > > We discussed that, but it would be harder to “undo” if things don’t work > out, we wanted > to make it very clear that this is a new way of operating, and > openssl-project is a > moderated list. Make sense? I don’t know. I’d still do as I said. But since you guys discussed it (i.e., debated this option), I’ll defer to your judgment. smime.p7s Description: S/MIME cryptographic signature -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] Blog post; changing in email, crypto policy, etc
➢ It appears to me that you could use openssl-dev instead of openssl-project, saving cycles on killing one and creating the other. We discussed that, but it would be harder to “undo” if things don’t work out, we wanted to make it very clear that this is a new way of operating, and openssl-project is a moderated list. Make sense? -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] Blog post; changing in email, crypto policy, etc
It appears to me that you could use openssl-dev instead of openssl-project, saving cycles on killing one and creating the other. -- Regards, Uri Blumenthal On 1/19/18, 12:35, "openssl-dev on behalf of Salz, Rich via openssl-dev" wrote: There’s a new blog post at https://www.openssl.org/blog/blog/2018/01/18/f2f-london/ It contains some important policy changes we decided at our meeting last month. This includes: - Closing the openssl-dev mailing list; use GitHub for issues - New mailing list openssl-project for project discussions - New policy for accepting crypto algorithms, formats, and protocols. - .. several others Please read the posting; the changes described in it affect everyone who uses OpenSSL. Thanks for your interest, and all your efforts to help improve the project! -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev smime.p7s Description: S/MIME cryptographic signature -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] Blog post; changing in email, crypto policy, etc
There’s a new blog post at https://www.openssl.org/blog/blog/2018/01/18/f2f-london/ It contains some important policy changes we decided at our meeting last month. This includes: - Closing the openssl-dev mailing list; use GitHub for issues - New mailing list openssl-project for project discussions - New policy for accepting crypto algorithms, formats, and protocols. - .. several others Please read the posting; the changes described in it affect everyone who uses OpenSSL. Thanks for your interest, and all your efforts to help improve the project! -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev