Re: [Savannah-hackers-public] Remove resume feature to prevent abuse?
Ineiev writes: > On Thu, Mar 14, 2019 at 12:43:13AM -0400, John Sullivan wrote: >> >> What are the benefits to removing inactive accounts? >> >> I named one, which is security. > > I don't think I understand the threats in question very well. > I am not the expert on Savannah's specifics here, but in general two security risks from old accounts are: 1) people re-use passwords and usernames on multiple sites. The impact of any breach is magnified by the number of accounts; so it is a needless risk magnifier to have lots of old unused accounts around 2) old abandoned accounts that have commit or other kinds of access pose increased security risks to the projects themselves, because it tends to be true that their credentials are not as well protected by their original owners -john -- John Sullivan | Executive Director, Free Software Foundation GPG Key: A462 6CBA FF37 6039 D2D7 5544 97BA 9CE7 61A0 963B https://status.fsf.org/johns | https://fsf.org/blogs/RSS Do you use free software? Donate to join the FSF and support freedom at <https://my.fsf.org/join>.
Re: [Savannah-hackers-public] Remove resume feature to prevent abuse?
Ineiev writes: > On Tue, Mar 12, 2019 at 03:55:34PM -0400, John Sullivan wrote: >> Ineiev writes: >> >> > On Mon, Mar 11, 2019 at 10:11:52AM -0700, John Sullivan wrote: >> >> On March 11, 2019 9:50:20 AM PDT, Ineiev wrote: >> >> >> >> Actually, we wouldn't need a whitelist. >> > >> > By the way, should we blacklist accounts with email like '@mfsa.info$'? >> > >> >> I'm not sure. You mean ones that aren't actually valid email addresses? > > No, I don't: one needs a valid email address in order to at activate > the new account, and unactivated accounts are removed automatically. > > I mean services that supposedly let any visitor read messages > for any 'account'. > I'm not familiar with them, but doesn't sound like a great thing to allow for account registration. > ... >> No, but staff could do it for RMS and any other accounts the FSF needs >> to reserve/keep; hopefully any other account that needs to be kept >> indefinitely despite never logging in would similarly have human >> caretakers associated with it. If not, then I suppose a whitelist would >> be the next step. Such a whitelist would still need to be periodically >> reviewed, so I'm not sure it's any better than just making sure every >> account is actually assigned to a person and put through the normal >> process. > > I doubt this additional maintenance work and other drawbacks would > be justified these days. > What are the benefits to removing inactive accounts? I named one, which is security. -john -- John Sullivan | Executive Director, Free Software Foundation GPG Key: A462 6CBA FF37 6039 D2D7 5544 97BA 9CE7 61A0 963B https://status.fsf.org/johns | https://fsf.org/blogs/RSS Do you use free software? Donate to join the FSF and support freedom at <https://my.fsf.org/join>.
Re: [Savannah-hackers-public] Remove resume feature to prevent abuse?
Ineiev writes: > On Mon, Mar 11, 2019 at 10:11:52AM -0700, John Sullivan wrote: >> On March 11, 2019 9:50:20 AM PDT, Ineiev wrote: >> >> Actually, we wouldn't need a whitelist. > > By the way, should we blacklist accounts with email like '@mfsa.info$'? > I'm not sure. You mean ones that aren't actually valid email addresses? >> The only activity requirement in the >> criteria I've seen in several other places to prevent deletion was logging >> in. > > I think we could use this criterion if we notify the users that, say, > their account is to be deleted unless they log in within the next month; > but some extra caution would be needed when actually deleting: right now, > this may easily break accounts like . > Yes, that's what I meant too -- notify that they need to log in or else the account will be deleted. Good point about the automated accounts, so we'd need someone willing to log in on their behalf -- that seems like a good idea anyway, to ensure there is still some person connected with that automated thing. >> That's not too much to ask every rarely so often. RMS can do it, or staff >> can do it for him. > > This would be a more expensive implementation of a whitelist. > staff can't do it for all Savannah users who would need it, can it? > No, but staff could do it for RMS and any other accounts the FSF needs to reserve/keep; hopefully any other account that needs to be kept indefinitely despite never logging in would similarly have human caretakers associated with it. If not, then I suppose a whitelist would be the next step. Such a whitelist would still need to be periodically reviewed, so I'm not sure it's any better than just making sure every account is actually assigned to a person and put through the normal process. -john -- John Sullivan | Executive Director, Free Software Foundation GPG Key: A462 6CBA FF37 6039 D2D7 5544 97BA 9CE7 61A0 963B https://status.fsf.org/johns | https://fsf.org/blogs/RSS Do you use free software? Donate to join the FSF and support freedom at <https://my.fsf.org/join>.
Re: [Savannah-hackers-public] Remove resume feature to prevent abuse?
On March 11, 2019 9:03:32 AM PDT, Ineiev wrote: >On Sat, Mar 09, 2019 at 09:14:09AM -0800, John Sullivan wrote: >> >> Both make sense to me. Retaining old inactive data is a security risk >-- >> magnifies the impact of any database breach. > >I checked the records for as a datapoint. that account >has never been used in any trackers, and there was a period >of 6 years when essentially no group status for that account >was modified. of course, he did commit to VCS, but this is >considerably harder to check. Yes, I'm sure we would need a whitelist for certain special accounts like RMS. That's not really a data point for anything else, is it?
Re: [Savannah-hackers-public] Remove resume feature to prevent abuse?
Ineiev writes: > On Wed, Mar 06, 2019 at 02:08:54PM -0500, John Sullivan wrote: >> >> The way I've seen other services deal with this is: >> >> * Set a policy about what constitutes inactivity (for example, no log in >> for 3 years) >> >> * Send an email to accounts on the wrong side of that line saying they >> will be deleted in N days unless they log in. >> >> * Send a reminder email shortly before the deletion date to those who >> still meet the criterion >> >> * Delete accounts on the date >> >> * Send confirmation email that account was deleted >> >> Is it worth the effort given current available maintainer resources? Not >> sure. It's probably worth the effort to define the policy (accounts may >> be deleted if inactive for N years, or whatever) and put that publicly >> on the site. Gives more flexibility for quicker action later. > > I don't think we really want to remove old accounts inactive > for any long period, they are few. what we want is removing new > accounts that aren't used for some period, and the period should be > weeks rather than years: most spam accounts were created within last > 5 years, and the number of accounts per month increases: we had > 5k accounts in 2016, 8k in 2017 and 18k in 2018. > Both make sense to me. Retaining old inactive data is a security risk -- magnifies the impact of any database breach. But the point about new accounts makes sense too, and may be higher priority because of the impact of spam on maintenance burden and service performance. -john -- John Sullivan | Executive Director, Free Software Foundation GPG Key: A462 6CBA FF37 6039 D2D7 5544 97BA 9CE7 61A0 963B https://status.fsf.org/johns | https://fsf.org/blogs/RSS Do you use free software? Donate to join the FSF and support freedom at <https://my.fsf.org/join>.
Re: [Savannah-hackers-public] Remove resume feature to prevent abuse?
Bob Proulx writes: > Ineiev wrote: >> Thank you, yesterday I disabled it for the new users until they are >> accepted as members in any group (the skillset is still permitted). > > That seems like a reasonable compromise. If at least they must be > part of any group in order to have a visible resume. However even in > that case is the resume feature useful? > >> The next thing is accounts like . they setup no resume, >> perhaps those who create them hope that people will use the contact >> form to email them (even though one have to login in order to contact >> them), or they think that having just "realname + user_name" on some >> web page is sufficient. removing idle accounts is the only idea how >> to counter them I have. > > I am not sure what can or should be done about idle accounts. Many > people make an account with the best intentions. But then nothing > further happens. I don't think that is an abuse in the general case. > I am sure there are accounts created only for the purpose of abuse but > how does one distinguish between the two cases? That's the problem. The way I've seen other services deal with this is: * Set a policy about what constitutes inactivity (for example, no log in for 3 years) * Send an email to accounts on the wrong side of that line saying they will be deleted in N days unless they log in. * Send a reminder email shortly before the deletion date to those who still meet the criterion * Delete accounts on the date * Send confirmation email that account was deleted Is it worth the effort given current available maintainer resources? Not sure. It's probably worth the effort to define the policy (accounts may be deleted if inactive for N years, or whatever) and put that publicly on the site. Gives more flexibility for quicker action later. -john -- John Sullivan | Executive Director, Free Software Foundation GPG Key: A462 6CBA FF37 6039 D2D7 5544 97BA 9CE7 61A0 963B https://status.fsf.org/johns | https://fsf.org/blogs/RSS Do you use free software? Donate to join the FSF and support freedom at <https://my.fsf.org/join>.
Re: [Savannah-hackers-public] [task #14586] svn import for gnustep-nonfsf
The FSF has no such requirement or even preference. In fact, we have tried multiple times to get this changed, but some GNU folks prefer CVS. We do have painfully limited staff time, but if someone wants to implement other VCS for web pages, I personally would be extremely happy. We would not stand in the way and would do our best to facilitate (after the new server deployment is done). (GNA was not run by FSFE btw.)
Re: [Savannah-hackers-public] SSH host keys for the new machine?
Bob Proulx <b...@proulx.com> writes: > Option 3: Do we use the old keys now through the transition but switch > to the new host keys soon after completing the migration? Soon being > 1-2 weeks. This would keep the immediate disruption minimized. It > would allow us to back out of the switch, briefly return to the > previous hosts if problems were found, without thrashing users. > > I have a mixed reaction. Part of me wants to jump immediately to the > longer key. The older keys definitely need to be migrated away. This > would advertise very loudly to all users that things have changed. We > have put in a lot of effort and it will be nice to sing a little about > it. > > But from a risk mitigation point I want to use the old keys just long > enough for us to switch to the new just in case we need to switch back > for a bit. That would actually allow us to ping-pong if needed > without user thrash. Then switch the host keys after we know we are > successfully there. > > Therefore I think we should execute option #3 above. Assaf, Karl, > What do you guys think? Comments? Personally, I vote for option #3, because it will reduce the number of variables in debugging the inevitable problems that will appear in the transition. But I'm happy to be outvoted by people with more technical expertise, which is all of you. Whenever we do change the keys, we need to make an announcement with the new fingerprint(s) 2-3 days before -- probably to all this mailing list, from the FSF twitter/pump/social account (I think not just fsfstatus for this one, because it will affect so many people), gnu-prog, #fsf, #gnu, #savannah, perhaps in fsf.org/blogs/sysadmin etc. And put the fingerprints prominently on sv.gnu.org itself? The wider we announce the change, the fewer questions we'll get. -john -- John Sullivan | Executive Director, Free Software Foundation GPG Key: A462 6CBA FF37 6039 D2D7 5544 97BA 9CE7 61A0 963B http://status.fsf.org/johns | http://fsf.org/blogs/RSS Do you use free software? Donate to join the FSF and support freedom at <http://my.fsf.org/join>.
Re: [Savannah-hackers-public] Permission issue in the audio-video directory
Thérèse Godefroy <godef...@free.fr> writes: > Le 09/06/2016 07:35, Bob Proulx a écrit : >>> I will go find, chgrp, chown, chmod the files ... >> >> Done. I have fixed everything up into a standard shared group >> configuration. >> >> Therese can you try your updates and let us know if things are good >> for you or not? >> >> Bob >> > > Thank you Bob, John, Karl... The updates worked! :)) > It wasn't that easy, tho. I'm not used to uploading files directly. Awesome, thanks! -john -- John Sullivan | Executive Director, Free Software Foundation GPG Key: 61A0963B | http://status.fsf.org/johns | http://fsf.org/blogs/RSS Do you use free software? Donate to join the FSF and support freedom at <http://my.fsf.org/join>.
Re: [Savannah-hackers-public] Email on fencepost hosed?
Hi Bob and Eli, > You already knew about the pumprock status page. That is good. I > think it is often out of sight and out of mind though and too often > needs prodding to get it updated. I am hoping that changes as the > culture of updating that becomes more ingrained. I am hoping. > Indeed, we are much better at sharing updates than we were 5 years ago, but we still have a ways to go. We're working on it. Please keep reminding us when we could have done better at that. I'll also just emphasize IRC as another method to inquire -- it's most helpful for the initial reports about anything to be in email, but to ask follow-ups, IRC questions on freenode in #fsfsys are welcome (I'm johnsu01, the sysadmins are nully and quidam). -john -- John Sullivan | Executive Director, Free Software Foundation GPG Key: 61A0963B | http://status.fsf.org/johns | http://fsf.org/blogs/RSS Do you use free software? Donate to join the FSF and support freedom at <http://my.fsf.org/join>.
Re: [Savannah-hackers-public] Web CVS server unavailable
l...@gnu.org (Ludovic Courtès) writes: > I emailed this list because… the FSF sysadmin (Ineiev) told me they > cannot do anything about my CVS issue (RT ticket # 1102191). > Ineiev is a GNU webmaster and translation coordinator, not an FSF sysadmin. To contact our sysadmins, it's sysad...@gnu.org. webmast...@gnu.org goes primarily to the gnu.org volunteer webmaster team. -john -- John Sullivan | Executive Director, Free Software Foundation GPG Key: 61A0963B | http://status.fsf.org/johns | http://fsf.org/blogs/RSS Do you use free software? Donate to join the FSF and support freedom at <http://my.fsf.org/join>.
Re: [Savannah-hackers-public] Mailman lagging behind, again
Eli Zaretskii <e...@gnu.org> writes: >> From: John Sullivan <jo...@fsf.org> >> Cc: savannah-hackers-public@gnu.org >> Date: Mon, 16 Nov 2015 18:03:12 -0500 >> >> Eli Zaretskii <e...@gnu.org> writes: >> >> > Once again, mailman on GNU lists lags behind, by about 2 days. E.g., >> > messages that appear under today's date in emacs-devel's archives were >> > mostly sent on Nov 14. >> > >> > Is this another case of some attack on the list server? Can something >> > be done to rectify the situation? >> >> We're aware and are working on it, and are improving our alerts to >> do a better job notifying us about this. > > Thank you. > Should be better now. A list moderator was running a rogue script that was sending tens of thousands of messages. Alerts have been updated to catch things like that earlier. -john -- John Sullivan | Executive Director, Free Software Foundation GPG Key: 61A0963B | http://status.fsf.org/johns | http://fsf.org/blogs/RSS Do you use free software? Donate to join the FSF and support freedom at <http://my.fsf.org/join>.
Re: [Savannah-hackers-public] Mailman lagging behind, again
Eli Zaretskii <e...@gnu.org> writes: > Once again, mailman on GNU lists lags behind, by about 2 days. E.g., > messages that appear under today's date in emacs-devel's archives were > mostly sent on Nov 14. > > Is this another case of some attack on the list server? Can something > be done to rectify the situation? We're aware and are working on it, and are improving our alerts to do a better job notifying us about this. -john -- John Sullivan | Executive Director, Free Software Foundation GPG Key: 61A0963B | http://status.fsf.org/johns | http://fsf.org/blogs/RSS Do you use free software? Donate to join the FSF and support freedom at <http://my.fsf.org/join>.
[Savannah-hackers-public] Number of committers within a time period?
I remember some data was being compiled about Savannah contributions. Do we have an easy way to see how many individuals committed code within a time period, without caring about which project the commits were to? I'm curious about the time period October 1 2013 to September 30 2014 inclusive. :) But also just whether it's possible. -john -- John Sullivan | Executive Director, Free Software Foundation GPG Key: 61A0963B | http://status.fsf.org/johns | http://fsf.org/blogs/RSS Do you use free software? Donate to join the FSF and support freedom at http://www.fsf.org/register_form?referrer=8096.
Re: [Savannah-hackers-public] Include the FSF fundraising banner in GNU Savannah!.
Thanks, Bob! -john -- John Sullivan | Executive Director, Free Software Foundation GPG Key: 61A0963B | http://status.fsf.org/johns | http://fsf.org/blogs/RSS Do you use free software? Donate to join the FSF and support freedom at http://www.fsf.org/register_form?referrer=8096.
Re: [Savannah-hackers-public] Decommissioning inactive projects / users?
k...@freefriends.org (Karl Berry) writes: old accounts vulnerable to hijacking I suppose so. Or instead of removing accounts, they could be locked after some number of years Locking makes sense to me after X years, especially on accounts meeting the criteria Sylvain checked (= completely unused). and unanswered email pings. I would never go to the trouble of pinging people about sv accounts. I wouldn't suggest anyone do it manually. -john -- John Sullivan | Executive Director, Free Software Foundation GPG Key: 61A0963B | http://status.fsf.org/johns | http://fsf.org/blogs/RSS Do you use free software? Donate to join the FSF and support freedom at http://www.fsf.org/register_form?referrer=8096.
Re: [Savannah-hackers-public] Decommissioning inactive projects / users?
Karl Berry k...@freefriends.org writes: Does Savannah have any policy/system in place for removing projects or users that are inactive? No. Also, I'm not sure inactive is the right criteria for any deletion. A nonexistent project which has never had a commit or any other substantive content would make sense to me to delete. Otherwise, I doubt it. I hope to write more about this later today. As for users, I see no criteria to apply. Maybe after a few more years we could say hasn't logged in in 20 years, but even 10 years seems too aggressive to me :). I'm crazy I guess ... Well, I think there are security reasons to be somewhat concerned with it (old accounts vulnerable to hijacking); also I had in mind migration work. Plus user-friendliness -- possibly freeing up claimed usernames or even project names for people who want to use them for active purposes. Or instead of removing accounts, they could be locked after some number of years and unanswered email pings. I wouldn't want to put barriers for no reason in the way of anyone who decided to reappear and wanted to make a contribution after many years. But having *some* kind of process for this seems wise. As a related issue, I'm just also interested in activity level information, which we'll need to formulate the best approach for migration / deployment of a new site -- what do user and project activity levels look like. I'm not proposing anything now, just something for discussion and I wanted to know what the current state is (and learned that Sylvain had done a bit of this already). -john -- John Sullivan | Executive Director, Free Software Foundation GPG Key: 61A0963B | http://status.fsf.org/johns | http://fsf.org/blogs/RSS Do you use free software? Donate to join the FSF and support freedom at http://www.fsf.org/register_form?referrer=8096.
[Savannah-hackers-public] Decommissioning inactive projects / users?
Does Savannah have any policy/system in place for removing projects or users that are inactive? -john -- John Sullivan | Executive Director, Free Software Foundation GPG Key: 61A0963B | http://status.fsf.org/johns | http://fsf.org/blogs/RSS Do you use free software? Donate to join the FSF and support freedom at http://www.fsf.org/register_form?referrer=8096.
[Savannah-hackers-public] [gnu.org #912039] Migrate gnu.org/nongnu.org from CVS
[karl - Thu May 01 17:51:59 2014]: 3. regardless of all that, it would be a new and significant source of complication on the savannah side. we already cannot come close to keeping up with support requests. I believe the CVS checkout-by-cron system has been identified as a major source of load on Savannah in the past. With git's hook system (and better efficiency), this could help address that current problem -- changes would be pushed when they are made rather than doing polling. -john -- John Sullivan | Executive Director, Free Software Foundation GPG Key: 61A0963B | http://status.fsf.org/johns | http://fsf.org/blogs/RSS Do you use free software? Donate to join the FSF and support freedom at http://www.fsf.org/register_form?referrer=8096
Re: [Savannah-hackers-public] Migrate gnu.org/nongnu.org from CVS
b...@gnu.org writes: Hi all, I was wondering if you had a grand plan to migrate from CVS to Git for the gnu.org/nongnu.org webpages. It could also be done by letting projects specify the update method so we avoid a hairy troll, if we have the manpower to support that ;) I'm willing to give a hand, using my past Savannah and current Gna.org admin experience (FYI Gna is using a Subversion branch for webpages). I'm adding sysadmin@ and sv-hackers@ in Cc: to discuss :) There was quite a bit of discussion on www-disc...@gnu.org about this previously. But that was to move to bzr. Maybe given the discussion among Emacs developers, people would want to consider git now. We don't have the sysadmin resources to drive a change from CVS right now (though it is something we would get to at some point), but if others took up the cause and were able to help a lot with the work, we would do our best to facilitate as it's something we'd love to see done successfully this year. -john -- John Sullivan | Executive Director, Free Software Foundation GPG Key: 61A0963B | http://status.fsf.org/johns | http://fsf.org/blogs/RSS Do you use free software? Donate to join the FSF and support freedom at http://www.fsf.org/register_form?referrer=8096.
Re: [Savannah-hackers-public] Cleaning Up Contributors Wanted
Christian Bryant christ...@gnulinuxlibre.org writes: Hello, I'll be embarking on a contact effort over the next couple weeks to query posters of help wanted for projects [1] from oldest on up as to whether the help is still needed, and if not, that they please close the request. If help _is_ still needed, I'll encourage them to refresh the request and also post some news regarding their projects if they are indeed active. I'm reviewing earlier efforts at this for ideas to write up some polite and encouraging text. Drop me a line if you have any requests/recommendations/questions. That sounds very useful, thanks for doing it! Once you reach point where you think it's worth it, we'd love to publish a short blog post at fsf.org from you announcing that the list has been updated and encouraging people to look there for ways to contribute. -john -- John Sullivan | Executive Director, Free Software Foundation GPG Key: 61A0963B | http://status.fsf.org/johns | http://fsf.org/blogs/RSS Do you use free software? Donate to join the FSF and support freedom at http://www.fsf.org/register_form?referrer=8096.
Re: [Savannah-hackers-public] our wiki status
Can pandoc help you with the conversion? -- Sent from my Replicant phone with K-9 Mail.
Re: [Savannah-hackers-public] ikiwiki on savannah
k...@freefriends.org (Karl Berry) writes: Bob, Michael, John, Ineiev, anyone - Others answered with the info I know; I'd just add that afaik, git is the recommended backend VCS, but we are still using it with Subversion internally at the FSF (Subversion was initially the officially recommended backend) and it works fine. We do intend to switch it to git though eventually. Also, Joey Hess (joeyh on freenode and OFTC IRC), the original ikiwiki author, is a very nice guy and an FSF supporter -- he might be willing to help a little if you get stuck. I believe they use #ikiwiki on OFTC. -john -- John Sullivan | Executive Director, Free Software Foundation GPG Key: 61A0963B | http://status.fsf.org/johns | http://fsf.org/blogs/RSS Do you use free software? Donate to join the FSF and support freedom at http://www.fsf.org/register_form?referrer=8096.
Re: [Savannah-hackers-public] ssl cert for savannah.gnu.org
k...@freefriends.org wrote: John - the ssl certificate for savannah expires in a month. (We just got a reminder.) I figured it couldn't hurt to start the process now :). TIA. (I suggest getting a multi-year certificate this time, if possible.) karl Thanks Karl. We're on it.
Re: [Savannah-hackers-public] Projects for Android in GNU Savannah
Michael J. Flickinger mjfl...@gnu.org writes: On 12/24/11 6:46 PM, Tomasz Konojacki wrote: Provided Savannah's maintainers have the capacity, projects running on Replicant may be hosted on Savannah. Projects having dependencies on non-free software, such as proprietary software drivers or AndroidOS, are not permissible. Shouldn't there be for instead of or? I was referring to drivers or the non-free operating system. I think that sounds too broad, since a dependency on AndroidOS code won't be a problem unless it's dependent on a small set of drivers. How about just going with Projects having dependencies on non-free software, such as Android drivers requiring proprietary firmware, are not permissible. -- John Sullivan | Executive Director, Free Software Foundation GPG Key: 61A0963B | http://identi.ca/johnsu01 | http://fsf.org/blogs/RSS Do you use free software? Donate to join the FSF and support freedom at http://www.fsf.org/register_form?referrer=8096.
Re: [Savannah-hackers-public] [invalid.nore...@gnu.org: [task #11659] Submission of Magia DNI]
k...@freefriends.org (Karl Berry) writes: John (or anyone) ... what now? Do we require the OP to actually have Replicant? That would be a very high bar. And I doubt any of us have it, unless you do, and you probably have other things to do than actually perform the experiment. Just take it at face value and accept it? Or? I'd suggest having the OP ask someone in the #replicant channel on freenode to test. Replicant also has a mailing list where he could ask. I think it's a bar we have to live with -- otherwise we'd be compromising the Savannah standard that all of the software hosted there runs on a fully free operating system. -john -- John Sullivan | Executive Director, Free Software Foundation GPG Key: 61A0963B | http://identi.ca/johnsu01 | http://fsf.org/blogs/RSS Do you use free software? Donate to join the FSF and support freedom at http://www.fsf.org/register_form?referrer=8096.
Re: [Savannah-hackers-public] Projects for Android in GNU Savannah
k...@freefriends.org (Karl Berry) writes: Here is the project description, from https://savannah.gnu.org/task/?11659: Magiadni is an Android application that uses the device's camera to read OCR data on Spanish identity cards, then calculates its check digit and displays it. This may be an issue -- I don't think any Replicant devices have a working camera yet. The Replicant developers would know for sure, but IIRC, all of the current cameras require proprietary firmware right now. -john -- John Sullivan | Executive Director, Free Software Foundation GPG Key: 61A0963B | http://identi.ca/johnsu01 | http://fsf.org/blogs/RSS Do you use free software? Donate to join the FSF and support freedom at http://www.fsf.org/register_form?referrer=8096.
Re: [Savannah-hackers-public] Projects for Android in GNU Savannah
k...@freefriends.org (Karl Berry) writes: Should we accept software targeted for Android in GNU Savannah?. Currently there is https://savannah.gnu.org/task/?11659 I am not sure. On the one hand, fsf.org has a page about free software on Android: http://www.fsf.org/working-together/next-steps/free-software-for-android. That would imply it is ok for us to host such free software projects. On the other hand, rms's essay (http://www.gnu.org/philosophy/android-and-users-freedom.html) concludes Android remains effectively nonfree. Which implies we shouldn't do any hosting. I guess I will ask Brett and see if he can advise us. I have formerly approved similar projects Regardless of what happens in the future, I would feel very bad about kicking out previously-approved projects due to our mistake, especially in such a borderline case of this. I don't think we've ever done that and I don't think we should start. I suggest we approve them as long as they do not rely on the nonfree bits of Android and work with versions of Android for which the source has been released (that includes the most current ones). This helps make it possible to use Android with only free software. This might mean excluding projects that rely on wifi or bluetooth, since AFAIK there is no existing Android hardware that has those features using only free software. Unless of course they are projects to make those features available :). The test would be to ask if the project works with Replicant -- that's the equivalent of our test if the project works on a free GNU/Linux distro. -john -- John Sullivan | Executive Director, Free Software Foundation GPG Key: 61A0963B | http://identi.ca/johnsu01 | http://fsf.org/blogs/RSS Do you use free software? Donate to join the FSF and support freedom at http://www.fsf.org/register_form?referrer=8096.
Re: [Savannah-hackers-public] fsf fundraiser is over
k...@freefriends.org (Karl Berry) writes: The FSF fundraiser ended a few days ago. Can we remove the blurb from the savannah home page now, please? Since it's gone from everywhere else ... This doesn't have to be done manually, AFAIK it's just including the widget we provide from fsf.org/widget. The problem was that we haven't changed the widget back yet (I noticed it this morning too) -- so as soon as we've fixed that, it'll revert back to the nonfundraiser one, which is helpful to have there. -- John Sullivan Free Software Foundation Manager of Operations GPG Key: 61A0963B Do you use free software? Donate to join the FSF and support freedom at http://www.fsf.org/register_form?referrer=8096.
Re: [Savannah-hackers-public] FSF fundraising widget
Michael J. Flickinger mjfl...@gnu.org writes: On 12/14/2010 12:51 PM, John Sullivan wrote: Savannah hackers, In previous years (last year IIRC), Savannah has displayed the FSF fundraising widget for the months of December and January, to promote our appeal and help raise resources -- some of which are of course spent on equipment and staff resources related to Savannah. Can you do that again? The widget code is at https://my.fsf.org/associate/widget/. The slim version for use in the sidebar might be the best choice. Thanks, Hi John, I added this to Savannah's left menu. Feel free to comment if you don't like its position or have any other concerns. Works, for me, thanks!
[Savannah-hackers-public] FSF fundraising widget
Savannah hackers, In previous years (last year IIRC), Savannah has displayed the FSF fundraising widget for the months of December and January, to promote our appeal and help raise resources -- some of which are of course spent on equipment and staff resources related to Savannah. Can you do that again? The widget code is at https://my.fsf.org/associate/widget/. The slim version for use in the sidebar might be the best choice. Thanks, -- John Sullivan Free Software Foundation Manager of Operations
Re: [Savannah-hackers-public] Access to GNU projects' webpages by GNU webmasters
Sylvain Beucler b...@gnu.org writes: Yavor, I clearly remember that at a point, I saw a communication from a GNU webmaster stating that it was no longer necessary to provide a way for 'www' members to access to per-projects webpages (www.gnu.org/s/*). I don't mind re-enabling this, but I'd like to know whether my memory is failing me. GNU webmasters do need this, afaik. In fact we were just discussing with the GAC committee the idea of webmasters using it more, by offering maintainers assistance with maintaining their webpages. John
Re: [Savannah-hackers-public] Savannah FOSDEM video
Sylvain Beucler b...@gnu.org writes: On Mon, Mar 29, 2010 at 12:46:47PM -0700, John Sullivan wrote: Sylvain Beucler b...@gnu.org writes: On Fri, Mar 26, 2010 at 03:30:38PM -0700, John Sullivan wrote: Sylvain Beucler b...@gnu.org writes: A video of my talk is available :) http://video.fosdem.org/2010/lightningtalks/saturday/05-sat-savannah.xvid.avi also at http://www.youtube.com/fosdemtalks#p/u/26/W4wy5qq57yo Sadly the sound quickly gets out of sync and gets ahead of the video, I'll contact the staff. Do you want to put this on audio-video.gnu.org? I think it'd be good. Sure. I notice that their licensing is CC-BY-ND-SA though. That must be a mistake -- you can't have ND-SA. The point of SA is to lay out the terms for derivative works. If it's CC-BY-ND, that would be okay. CC-BY-NC-SA - yes (written in the first frames of the video). I'm not sure in what way they can decide on the licensing of their recording of my performance - any clue? I have a clue but it would be better and friendlier just to get a straight answer from them about it before thinking about whether that question needs to be resolved. Well I had asked them about the sound de-sync and they didn't even answer :/ Yeah, the NC would be a problem. I'm not sure whether they can license the video that way without your consent (or prevent you from licensing it in another way), but you could ask licens...@fsf.org. I think it's worth pursuing, it would be a nice addition to the site. -- John Sullivan Free Software Foundation Manager of Operations GPG Key: AE8600B6
Re: [Savannah-hackers-public] Savannah FOSDEM video
Sylvain Beucler b...@gnu.org writes: On Fri, Mar 26, 2010 at 03:30:38PM -0700, John Sullivan wrote: Sylvain Beucler b...@gnu.org writes: A video of my talk is available :) http://video.fosdem.org/2010/lightningtalks/saturday/05-sat-savannah.xvid.avi also at http://www.youtube.com/fosdemtalks#p/u/26/W4wy5qq57yo Sadly the sound quickly gets out of sync and gets ahead of the video, I'll contact the staff. Do you want to put this on audio-video.gnu.org? I think it'd be good. Sure. I notice that their licensing is CC-BY-ND-SA though. That must be a mistake -- you can't have ND-SA. The point of SA is to lay out the terms for derivative works. If it's CC-BY-ND, that would be okay. I'm not sure in what way they can decide on the licensing of their recording of my performance - any clue? I have a clue but it would be better and friendlier just to get a straight answer from them about it before thinking about whether that question needs to be resolved. -- John Sullivan Free Software Foundation Manager of Operations GPG Key: AE8600B6
Re: [Savannah-hackers-public] Need info from fencepost
Sebastian Gerhardt sebgerha...@gmx.net writes: Hello, can anyone please confirm or refute that this project has been a GNU package. https://savannah.gnu.org/task/?9365 Yes, it's listed in the maintainers file on fp. -- John Sullivan Manager of Operations GPG Key: AE8600B6
Re: [Savannah-hackers-public] [la...@yahoo.com: Remove me from all projects please.]
Nicodemo Alvaro nicodemo.alv...@gmail.com writes: But it sounds odd that he would quit all his projects, because of what I did. I don't think this is related, but if it is, it would be good to know and see if we can do something to remedy it -- Leo was doing quite a lot of work for GNU and the FSF... -- John Sullivan Manager of Operations GPG Key: AE8600B6
Re: [Savannah-hackers-public] [la...@yahoo.com: Remove me from all projects please.]
Yavor Doganov ya...@gnu.org writes: John Sullivan wrote: Leo was doing quite a lot of work for GNU and the FSF... Not speaking about Leo personnaly... ...but that's a problem with nearly all volunteers for the big pile of unexciting tasks. They start with a truckload of enthusiasm, but after N months they eventually run out of steam; there's another round of recruitment via various channels, education + work, good work, work, burning out + no work... in a loop. I hear you, but in this case Leo was also taking on some larger projects that were more than just the usual unexciting tasks. -- John Sullivan Manager of Operations GPG Key: AE8600B6
Re: [Savannah-hackers-public] Revisiting hosted wiki software
Noah Slater nsla...@gnu.org writes: The World's largest MediaWiki installation, Wikipedia, doesn't seem to have an overwhelming problem with spam, and neither does the FSF run wiki. Similarly, MoinMoin is in widespread use at the ASF and there are no spam problems that I am aware of. Perhaps it's not a big a problem as you're imagining? Perhaps we can ask the FSF admins what anti-spam techniques they are using? We haven't advertised it much (it's a work in progress) so our wiki does not get much traffic -- probably not a great gauge for this sort of thing. But, we do require an fsf.org login in order to edit pages. -- John Sullivan Manager of Operations GPG Key: AE8600B6
[Savannah-hackers-public] [Sharif Oerton via RT] [gnu.org #382445] Volunteering to help with Savannah
I have not written back to Sharif except to say that I passed on his contact information. Could one of you follow up, or let me know what I should say? ---BeginMessage--- A NEW TICKET HAS BEEN CREATED, REPLIES GO TO REQUESTORS BY DEFAULT. Mon Oct 13 15:31:39 2008: Request 382445 was acted upon. Transaction: Ticket created by [EMAIL PROTECTED] Queue: campaigns Subject: Volunteering to help with Savannah Owner: Nobody Requestors: [EMAIL PROTECTED] CCs: Status: new Ticket URL: http://rt.gnu.org/Ticket/Display.html?id=382445 Greetings! I was reading the GNU help wanted list at http://www.gnu.org/help/help.html and I notice that a high priority is given to improving Savannah: * Help improve Savannah. We are looking for technical volunteers to help handle pending project submissions, improve older PHP code, work on the Perl backend, and help with various anti-spam systems. If you can help with any of these items, please email us at [EMAIL PROTECTED]. Improving Savannah will make development easier for the nearly 3,000 free software projects hosted there. I am able to help handle pending project submissions, as well as improving older PHP code (I have about two years' experience with PHP). I hope that you will email me back with more information as to how I might best help. Regards, Sharif Oerton ---End Message--- -- John Sullivan Manager of Operations GPG Key: AE8600B6
Re: [Savannah-hackers-public] any need for a perl monger?
Sylvain Beucler [EMAIL PROTECTED] writes: Yes, we weren't contacted about it (before or after this was posted or updated). Coordination, coordination... :) You participated on the thread with rms, karl and I where we decided on this message to post, and the last time you said this I showed you the message. I'm all for updating the message but I don't understand why you are under the impression that you were not involved in choosing it. I recently referred Jeffrey Sites (http://lists.gnu.org/archive/html/savannah-hackers-public/2008-09/msg00019.html) who was willing to do project evaluations. Has anyone followed up with him? -- John Sullivan Manager of Operations GPG Key: AE8600B6
Re: [Savannah-hackers-public] coordination
Sylvain Beucler [EMAIL PROTECTED] writes: Hi, Yes, we weren't contacted about it (before or after this was posted or updated). Coordination, coordination... :) You participated on the thread with rms, karl and I where we decided on this message to post, and the last time you said this I showed you the message. I'm all for updating the message but I don't understand why you are under the impression that you were not involved in choosing it. Well, it may just be me, I don't remember the Savannah hackers being told where this was placed, that is was placed, whether the contact should be 'campains' rather than 'savannah-hackers-public', or proof-reading the posted text. We discussed it with you in October 2007 and then again in April of this year. That discussion included the placement and the text that was to be posted. I recently referred Jeffrey Sites (http://lists.gnu.org/archive/html/savannah-hackers-public/2008-09/msg00019.html) who was willing to do project evaluations. Has anyone followed up with him? More exactly, you took the liberty to tell a volunteer interested in PHP development to help with project reviews, which he hadn't mention and didn't react to. Which goes back to the original thread: there isn't mentoring support available right now for project reviewers. This hasn't been working so well, better look for alternatives. I'm going to tell Steve about previously exposed plan B tomorrow, unless precise it more. That's not what I did. I wrote to to Jeffrey asking if he would also be willing to help with project reviews. I did not *tell* him to do anything. When Jeffrey said he would also be happy to help with that, I then followed up with SteveR on #savannah to pass that information on. -- John Sullivan Manager of Operations GPG Key: AE8600B6
[Savannah-hackers-public] Re: [gnu.org #375671] Savannah volunteer work
Sites, Jeffrey A via RT [EMAIL PROTECTED] writes: To Whom It May Concern, I was perusing the GNU and FSF websites and saw the Savannah page itself was in need of improvements to the older PHP code. I have previously worked in web development in PHP and would love to help in any way I could. If any information is required, I'd be more than happy to supply that information to expedite the process. I have also had experience with MySQL for databases, if that is an issue. If the need for PHP developers is no longer present, if there is anything else in a similar state of need of improvement, please let me know so I can assist to the best of my ability. Thank you for your time. Jeff Sites A+ Certified Shales 304 317.402.2883 [EMAIL PROTECTED] Thank you very much for the offer! I am copying your information to the Savannah hackers list, and they will let you know how you can best help. One thing in particular that would be helpful is if you can spend some time each week reviewing and approving or responding to new project submissions to Savannah. This isn't such glamorous work but it is critical and is the biggest bottleneck right now. -- John Sullivan Manager of Operations GPG Key: AE8600B6
Re: [Savannah-hackers-public] SSL certificates
[EMAIL PROTECTED] (Karl Berry) writes: Hi Noah, [Firefox 3 https ugline] Would it be possible to get a trusted certificate for Savannah? Since https://www.fsf.org has a certificate from ipsCA, which I'm guessing is a trusted cert, personally I think it would make sense for https://savannah.gnu.org (and ...nongnu.org) to have certs from there (or somewhere) as well. But it's not up to me. Sylvain, John? I've put in the order for both savannah.gnu.org and savannah.nongnu.org. So I hope we'll get them soon. -- John Sullivan Manager of Operations GPG Key: AE8600B6
[Savannah-hackers-public] [chetan tandon via RT] [gnu.org #369218] Savannah
Potential volunteer. ---BeginMessage--- A NEW TICKET HAS BEEN CREATED, REPLIES GO TO REQUESTORS BY DEFAULT. Tue Jul 29 23:50:34 2008: Request 369218 was acted upon. Transaction: Ticket created by [EMAIL PROTECTED] Queue: campaigns Subject: Savannah Owner: Nobody Requestors: [EMAIL PROTECTED] CCs: Status: new Ticket URL: http://rt.gnu.org/Ticket/Display.html?id=369218 Hi, My self chetan, i am a software engineer. i want to contribute in the development of savannah. i can provide technical help for this. please let me how i can proceed. thanks chetan. thanks and regards, tandon c.c ---End Message--- -- John Sullivan Manager of Operations GPG Key: AE8600B6
Re: [Savannah-hackers-public] Suggestions for sidebar links
[EMAIL PROTECTED] (Karl Berry) writes: IMO, Anonymous CVS doesn't help much here. If this is the goal, it seems like it should be under Site Help and should be something like CVS Instructions? Works for me. I moved it and renamed it. Cryptographic Software Notice could be moved under Site Help I moved it to FSF, since it's not actually interesting to any normal user, and being a legal thing, seems like it belongs more to our legal entity than anything else. Not that it really belongs there, but having it be the only entry under Developer Info looked wrong. Now Developer Info is gone altogether. See what you think ... I like -- now what did people think about removing the This Page section? -- John Sullivan Manager of Operations GPG Key: AE8600B6
Re: [Savannah-hackers-public] Suggestions for sidebar links
Sylvain Beucler [EMAIL PROTECTED] writes: Hi, A couple caveats: On Mon, Jun 09, 2008 at 11:11:15AM -0400, John Sullivan wrote: [EMAIL PROTECTED] (Karl Berry) writes: I think the GNU Task List item should be removed, since it's a subset of Help GNU. Seems like Dev Documentation should be under Developer Info. Now that so many vc's are supported, is Anonymous CVS really worth having in the sidebar? The specific instructions on the project pages are much more useful IMHO. I second all of these suggestions. After removing Anonymous CVS, That's a request from RMS, because sometimes people are not clever enough to find the CVS instructions and ask the Emacs mailing list. CVS is also still the most widely used VCS. IMO, Anonymous CVS doesn't help much here. If this is the goal, it seems like it should be under Site Help and should be something like CVS Instructions? I think the Cryptographic Software Notice could be moved under Site Help (does it even need to be so prominent?), Yes, it needs to be proeminent. RMS asked to put it clearly. This is the remnent of the law against exportation of cryptographic software in the US, which was recently relaxed. Consider this text a legal obligation (check http://www.kernel.org/ for a more proeminent notice). OK. and the Developer Info heading removed. The Free Software Directory is not part of the GNU Project, but I don't know how to fix that. That heading could be changed to GNU FSF, or something like that. I'm in favor of keeping 'GNU' and 'FSF' separate concepts :) What do you mean by this? Is that a yes or no to having the heading be GNU FSF? -- John Sullivan Manager of Operations GPG Key: AE8600B6
Re: [Savannah-hackers-public] Suggestions for sidebar links
[EMAIL PROTECTED] (Karl Berry) writes: I think the GNU Task List item should be removed, since it's a subset of Help GNU. Seems like Dev Documentation should be under Developer Info. Now that so many vc's are supported, is Anonymous CVS really worth having in the sidebar? The specific instructions on the project pages are much more useful IMHO. I second all of these suggestions. After removing Anonymous CVS, I think the Cryptographic Software Notice could be moved under Site Help (does it even need to be so prominent?), and the Developer Info heading removed. The Free Software Directory is not part of the GNU Project, but I don't know how to fix that. That heading could be changed to GNU FSF, or something like that. One more -- what's the use case for the This Page section? I wouldn't think that printing pages from Savannah is common enough to justify it, and a Clean Reload is achieved via browser controls, no need for a link there. We need a 2008 year in the copyright footer :). -- John Sullivan Manager of Operations GPG Key: AE8600B6
[Savannah-hackers-public] Suggestions for sidebar links
I think that a couple of the sidebar links on the front page under GNU Project can probably go. The events link in particular points to a very outdated page. The mirrors link is to instruction for mirroring rather than a list of mirrors, and really, mirrors aren't such an important thing that they need a link on the front page anymore IMO. What do you think about just removing both of those links? The GNU Webmasters also don't really need their own little section there. We have our own mailing list and documentation, so webmasters don't have to depend on prominent Savannah links to get around to the resources they need to get around to. I'd suggest removing that whole section. Thoughts? -- John Sullivan Manager of Operations GPG Key: AE8600B6
Re: [Savannah-hackers-public] Suggestions for sidebar links
[EMAIL PROTECTED] (Jonathan Gonzalez V.) writes: John Sullivan [EMAIL PROTECTED] writes: Hi all, I think that a couple of the sidebar links on the front page under GNU Project can probably go. The events link in particular points to a very outdated page. The mirrors link is to instruction for mirroring rather than a list of mirrors, and really, mirrors aren't such an important thing that they need a link on the front page anymore IMO. What do you think about just removing both of those links? I'm agree with john, but there's any updated page with GNU events? There is http://www.fsf.org/events, but I don't really think we need to link to it specifically. Seems like just a link to gnu.org and a link to fsf.org would be good enough, and people can find everything they want from there. The GNU Webmasters also don't really need their own little section there. We have our own mailing list and documentation, so webmasters don't have to depend on prominent Savannah links to get around to the resources they need to get around to. I'd suggest removing that whole section. Thoughts? Maybe we can point a page of the GNU Webmaster under the GNU Project topic, there's any link for it? I just don't think it makes sense to have it on the front page, the number of active GNU webmasters is very small, and to everyone else that's just extra text on the page. We can (and probably do) talk about being a webmaster in the Help section. -- John Sullivan Manager of Operations GPG Key: AE8600B6
[Savannah-hackers-public] [turha_chan...@emc.com via RT] [gnu.org #361190] Helping Savannah
Here's another possible volunteer for you. ---BeginMessage--- A NEW TICKET HAS BEEN CREATED, REPLIES GO TO REQUESTORS BY DEFAULT. Thu May 01 13:24:10 2008: Request 361190 was acted upon. Transaction: Ticket created by [EMAIL PROTECTED] Queue: campaigns Subject: Helping Savannah Owner: Nobody Requestors: [EMAIL PROTECTED] CCs: Status: new Ticket URL: http://rt.gnu.org/Ticket/Display.html?id=361190 Hi, This is Chandra Shekhar from Bangalore EMC data storage. I happen to read about you here http://www.fsf.org/ and came to know about current GNU project where the work is going on. Then I came to know about savannah where the free GNU software are hosted. It seems that there some work needs to be done for this site - - Help improve Savannah http://savannah.gnu.org . We are looking for technical volunteers to help handle pending project submissions, improve older PHP code, work on the Perl backend, and help with various anti-spam systems. If you can help with any of these items, please email us at [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] . Improving Savannah will make development easier for the nearly 3,000 free software projects hosted there. Could you please let me know more in details as to what is the requirements? Thanks in advance, Shekhar. ---End Message--- -- John Sullivan Manager of Operations GPG Key: AE8600B6
[Savannah-hackers-public] [Sahid Ferdjaoui via RT] [gnu.org #360924] PHP developer for savanah
Possible volunteer for you. ---BeginMessage--- A NEW TICKET HAS BEEN CREATED, REPLIES GO TO REQUESTORS BY DEFAULT. Sun Apr 27 08:21:25 2008: Request 360924 was acted upon. Transaction: Ticket created by [EMAIL PROTECTED] Queue: campaigns Subject: PHP developer for savanah Owner: Nobody Requestors: [EMAIL PROTECTED] CCs: Status: new Ticket URL: http://rt.gnu.org/Ticket/Display.html?id=360924 Hello, I'm french, i'm 23 years, i'm passionte by open sources projects in particulary gnu project. Currently i'm computer programmer for comunity web site, developed with PHP, Apache, MySQL and Memcached. i have developed for this web site, a MySQL and Memcached abstracts classes, a secure payment's API with GUI's admin, SOAP and REST web services. if you want my CV contact me. you can see my french blog http://sahid.funraill.org Thanks Sahid Ferdjaoui -- ~sahid http://sahid.funraill.org ---End Message--- -- John Sullivan Manager of Operations GPG Key: AE8600B6
[Savannah-hackers-public] Re: Recordings of my speeches
Sylvain Beucler [EMAIL PROTECTED] writes: Hi, The audio-video Savannah project is: https://savannah.gnu.org/p/audio-video Its associated download area can be accessed through sftp/scp/rsync: https://savannah.gnu.org/forum/forum.php?forum_id=4691 :) Any progress on your side? We've made some steps; discussed a new arrangement for the web pages, started accumulating urls of recordings to fetch.. Thanks for setting this up. So should we start transferring the files that currently live in Nick's home directory to this new area? That will break the current site at audio-video.gnu.org, right? -- John Sullivan Program Administrator| Phone: (617)542-5942 x23 51 Franklin Street, 5th Fl. | Fax: (617)542-2652 Boston, MA 02110-1301 USA| GPG: AE8600B6
[Savannah-hackers-public] Re: Mailman upgrade
Paul D. Smith [EMAIL PROTECTED] writes: Thanks John, that's good to know... does anyone have any idea WHEN they'll be getting better; how much of the backlog is left to clear and how quickly is it going through? I tried to login to the mail server but it won't let me :-). We'll post a status update soon. I'm going to hold off getting the answers to the questions here because of that --- should be something posted at www.fsf.org/news or www.fsf.org/blogs in the near future. I'll ping back to this thread when the info is up. -- John Sullivan Program Administrator| Phone: (617)542-5942 x23 51 Franklin Street, 5th Fl. | Fax: (617)542-2652 Boston, MA 02110-1301 USA| GPG: AE8600B6
