Re: [aur-general] GPG Key Signing

[Gaetan Bisson]

[2011-12-02 07:59:10 +0100] Thomas Bächler:
> Am 01.12.2011 23:08, schrieb Gaetan Bisson:
> > [2011-12-01 09:08:39 -0600] Thomas Dziedzic:
> >> I don't think anyone has actually verified that any of the given names
> >> are real names.
> > 
> > Well, actually, CAcert (which Dan relies on) is all about verifying
> > people's actual identity, in particular their name and birth date.
> 
> And that information is useful to you because ...?

Your question is irrelevant here. I was just asserting that, yes, the
names of certain devs have actually been verified.

> >> What's important is that you're verified that you use the key to sign
> >> your packages in case someone does get compromised or decides to go
> >> rogue, then we will have a way to easily track which packages should
> >> become void.
> > 
> > That feature was already achieved by permissions on gerolde/sigurd...
> 
> It wasn't.

Yes, it was.

> > The whole point of package signing is to neutralize attacks against our
> > repositories (our servers but also third-party mirrors).
> 
> That's only part of the point. The other part is - as mentioned - the
> ability to revoke trust from rogue packagers.

No. From that standpoint, package signing does nothing more than
permissions on gerolde/sigurd - as mentioned.

> I'll ask you the same question I asked before, when we already had this
> discussion: What benefit does knowing someone's real identity give you?
> (and please, I'd really like to get an answer this time)

You had an answer (actually, several answers, and not just from me) last
time - it's just that you didn't like them so you chose to ignore them,
but they're still all in your email archives.

(See, I can be disagreeable too.)

-- 
Gaetan


pgp1OFSLvE8aJ.pgp
Description: PGP signature

Re: [aur-general] GPG Key Signing

[Thomas Bächler]

Am 01.12.2011 23:08, schrieb Gaetan Bisson:
> [2011-12-01 09:08:39 -0600] Thomas Dziedzic:
>> I don't think anyone has actually verified that any of the given names
>> are real names.
> 
> Well, actually, CAcert (which Dan relies on) is all about verifying
> people's actual identity, in particular their name and birth date.

And that information is useful to you because ...?

>> What's important is that you're verified that you use the key to sign
>> your packages in case someone does get compromised or decides to go
>> rogue, then we will have a way to easily track which packages should
>> become void.
> 
> That feature was already achieved by permissions on gerolde/sigurd...

It wasn't.

> The whole point of package signing is to neutralize attacks against our
> repositories (our servers but also third-party mirrors).

That's only part of the point. The other part is - as mentioned - the
ability to revoke trust from rogue packagers.

> I find Dan's verification requirements quite reasonable, and I am
> pleased he takes a different approach than other master key holders:
> what would be the point of everyone verifying the same thing?
> 
> Yes, that Xyne person (well, it could even be a group of people, for all
> we know) has pushed good packages to the repos, but developers and
> trusted users are not just package producing machines, and it doesn't
> strike me as odd that a distro expects a little transparency from them.

I'll ask you the same question I asked before, when we already had this
discussion: What benefit does knowing someone's real identity give you?
(and please, I'd really like to get an answer this time)

TBH, I wish I would have chosen a pseudonym when I started doing things
publicly on the internet. I wish I never would have given anyone my real
name. It's too late for that now, I'm afraid.

> Of course, that is only my opinion: verification policy is for each
> master key holder to decide individually - that's what they were
> entrusted with when they were selected.

We should have agreed on a common policy on this matter. It sends mixed
signals when a packager is only signed by some key holders and not
others. And, IMO, it is an affront to this community to reject someone
who has been contributing for years.



signature.asc
Description: OpenPGP digital signature

Re: [aur-general] GPG Key Signing

[Allan McRae]

On 02/12/11 12:37, Loui Chang wrote:
> Let Ionut be the first to provide
> enough personal information to satisfy naysayers. I've never met him, so
> I have my doubts. :P

Such as

> gpg --list-sigs Ionut
pub   2048R/615137BC 2011-04-19
uid  Ionut Biru 
sig P65D0FD58 2011-04-19  CA Cert Signing Authority (Root CA)

Re: [aur-general] GPG Key Signing

[Loui Chang]

On Fri 02 Dec 2011 01:23 +0100, Xyne wrote:
> Ionut Biru wrote:
>
> > why are you so sure that I'll sign it?
>
> I no longer am, but until you replied I never had any reason to doubt it.
>
> As for the discussion about my name:
>
> I could easily claim a fake name to make you happy and you would never
> know the difference. The name means absolutely nothing.

You ought to just for fun. ;)

> As I said to keenerd in a private email, if this is really an issue
> for some of you then start a discussion and call a vote to remove me
> as a TU. Even if the vote passes I may resign if I see many that would
> like me gone, so you win.

Such a vote should never pass, otherwise every Trusted User would have
to positively identified be fair. Let Ionut be the first to provide
enough personal information to satisfy naysayers. I've never met him, so
I have my doubts. :P

Re: [aur-general] GPG Key Signing

[Seblu]

On Fri, Dec 2, 2011 at 1:23 AM, Xyne  wrote:
> Ionut Biru wrote:
>
>> why are you so sure that I'll sign it?
>
> I no longer am, but until you replied I never had any reason to doubt it.
>
>
> As for the discussion about my name:
>
> As stated, there could be many reasons. Perhaps I do not wish to be found by
> someone for whatever reason. Perhaps my name appears in publications and I do
> not wish to have people who read them contact me here. Perhaps I simply enjoy
> anonymity for the sake of anonymity.
>
> I could easily claim a fake name to make you happy and you would never know 
> the
> difference. The name means absolutely nothing.
>
> I have been an active member of this community for over 3 years and a TU for
> about 2.5. I have made numerous contributions during that time. I have had
> ample opportunity to be malicious had I so chosen (e.g. when
> powerpill/bauerbill were way up on the package stats).
>
> You know me through my deeds here. They mean much more than some random name.
>
> Also, consider this. I am much more civil to people behind an anonymous
> identity than people like Angel are behind their (presumably) real names. That
> in itself should say something about my character.
>
> As I said to keenerd in a private email, if this is really an issue for some 
> of
> you then start a discussion and call a vote to remove me as a TU. Even if the
> vote passes I may resign if I see many that would like me gone, so you win.
>
> For what it's worth, I really do like this community and I hope to continue to
> contribute to it. This has never been an issue before and the only reason it
> might be an issue now is because some people confuse trivial knowledge with
> intimacy and trust. Trust should be built on deeds and experience, not how 
> many
> blanks you can fill in on a piece of paper.
>

Even if it's more plesant to talk to people who don't hide their
identities, I agree with Xyne and Thomas.

The relationships we build together by sharing, packaging, hacking is
a higher level of trust that a real identity or a 5 minutes meeting in
a café.

I'm wondering, reading this thread, why packages signing, which is a
wonderful technical way to be sure that someone who claims doing a
package is really him, become, a way to ask to developer or tu to
prove their _real_ identities.

Cheers,

-- 
Sébastien Luttringer
www.seblu.net

Re: [aur-general] Unsigned packages in [community-testing]

[Eric Bélanger]

On Thu, Dec 1, 2011 at 8:09 AM, Jelle van der Waa  wrote:
> On 30/11/11 19:43, Lukas Fleischer wrote:
>> On Wed, Nov 30, 2011 at 11:07:28AM -0600, Dan McGee wrote:
>>> TUs,
>>>
>>> There are only three unsigned "packages" in [community-testing] right
>>> now: fail2ban (since April!), and packagekit for both architectures.
>>> Can these please be rebuilt so we can mark all of [core], [testing],
>>> and [community-testing] as signatures required?
>>
>> Done :)
>>
>>>
>>> Thanks!
>>> -Dan
> Thanks, fail2ban is still in [community-testing] for TodoList "Remove
> /var/run/* and /var/lock/* from packages". Or can it be moved to
> [community] now?
>

You can move it in community. Packages on this todo list can go
straight in the regular repo (extra/community).

>
> --
> Jelle van der Waa

Re: [aur-general] Mass un-notify?

[Xyne]

Kwpolska wrote:

> On Wed, Nov 30, 2011 at 10:22 PM, Xyne  wrote:
> > Magnus Therning wrote:
> >
> >> I'll skip the explanation of how this situation came about and instead
> >> just ask the question:
> >>
> >> Is there a convenient way to remove notifications from the around 2000
> >> packages that I currently receive notifications on?
> >>
> >> The easiest way seems to put in an email address that doesn't work,
> >> but that doesn't feel very nice.
> >>
> >> /M
> >
> >
> > Do you have a list of the AURIDs? If so, you could write a script to do it.
> > Take a look at the POST form attached to the "unnotify" button.
> >
> > If you don't have the IDs then you can scrape the search pages for them.
> 
> or:
> http://aur.archlinux.org/rpc.php?type=msearch&arg=[subject name here]

I thought about that too, but I think he already orphaned the packages. The
msearch may work with "orphan" or "nobody", but there may be too many results
for the interface to handle.

Re: [aur-general] GPG Key Signing

[Xyne]

Ionut Biru wrote:

> why are you so sure that I'll sign it?

I no longer am, but until you replied I never had any reason to doubt it.


As for the discussion about my name:

As stated, there could be many reasons. Perhaps I do not wish to be found by
someone for whatever reason. Perhaps my name appears in publications and I do
not wish to have people who read them contact me here. Perhaps I simply enjoy
anonymity for the sake of anonymity.

I could easily claim a fake name to make you happy and you would never know the
difference. The name means absolutely nothing.

I have been an active member of this community for over 3 years and a TU for
about 2.5. I have made numerous contributions during that time. I have had
ample opportunity to be malicious had I so chosen (e.g. when
powerpill/bauerbill were way up on the package stats).

You know me through my deeds here. They mean much more than some random name.

Also, consider this. I am much more civil to people behind an anonymous
identity than people like Angel are behind their (presumably) real names. That
in itself should say something about my character.

As I said to keenerd in a private email, if this is really an issue for some of
you then start a discussion and call a vote to remove me as a TU. Even if the
vote passes I may resign if I see many that would like me gone, so you win.

For what it's worth, I really do like this community and I hope to continue to
contribute to it. This has never been an issue before and the only reason it
might be an issue now is because some people confuse trivial knowledge with
intimacy and trust. Trust should be built on deeds and experience, not how many
blanks you can fill in on a piece of paper.

Regards,
Xyne

Re: [aur-general] GPG Key Signing

[Gaetan Bisson]

[2011-12-01 09:08:39 -0600] Thomas Dziedzic:
> I don't think anyone has actually verified that any of the given names
> are real names.

Well, actually, CAcert (which Dan relies on) is all about verifying
people's actual identity, in particular their name and birth date.

> What's important is that you're verified that you use the key to sign
> your packages in case someone does get compromised or decides to go
> rogue, then we will have a way to easily track which packages should
> become void.

That feature was already achieved by permissions on gerolde/sigurd...
The whole point of package signing is to neutralize attacks against our
repositories (our servers but also third-party mirrors).

Now those inaccuracies are out of the way:

I find Dan's verification requirements quite reasonable, and I am
pleased he takes a different approach than other master key holders:
what would be the point of everyone verifying the same thing?

Yes, that Xyne person (well, it could even be a group of people, for all
we know) has pushed good packages to the repos, but developers and
trusted users are not just package producing machines, and it doesn't
strike me as odd that a distro expects a little transparency from them.

Of course, that is only my opinion: verification policy is for each
master key holder to decide individually - that's what they were
entrusted with when they were selected.

-- 
Gaetan

Re: [aur-general] GPG Key Signing

[Ray Rashif]

On 1 December 2011 23:36, Peter Lewis  wrote:

> On Thursday 01 Dec 2011 09:08:39 Thomas Dziedzic wrote:
> > I do find it kind of abnormal that a TU does want to retain his real
> name.
>
> To be fair that are loads of potential reasons why someone wouldn't want
> their
> actual identity disclosed in a place where discussions are archived on the
> web
> with timestamps and everything. He could be doing all this in a place where
> free use of the Internet is forbidden, could be on a witness protection
> programme, could be doing it while at work and slacking off and not
> wanting to
> get caught, could actually be Kim Jong Il in his spare time. Seriously, we
> have no way to judge reasons or not. And this isn't specific to Xyne, or
> anyone else.
>
> My real name is actually Robert Parks.
>
> Perhaps.
>
> :-p
>
>
> > There may be legitimate reasons for doing this or not, I don't know.
> > But I also have to agree with Thomas on this one.
> > I don't think anyone has actually verified that any of the given names
> > are real names.
> > What's important is that you're verified that you use the key to sign
> > your packages in case someone does get compromised or decides to go
> > rogue, then we will have a way to easily track which packages should
> > become void.
>
> Absolutely. Let's not turn into Google+ over this one...
>
> Pete.
>

I am in full agreement with Thomas as well. There are many valid reasons
for not using your real name on the Internet. Genius people hide behind
screen names and yet we benefit from their work. So there is no reason we
should say "you there, you genius kid. what's yo name? no name? get outta
here we don't need yo charity."

But of course I'm not assuming Xyne is a genius, or a kid.

--
GPG/PGP ID: C0711BF1

Re: [aur-general] Deletion request

[Thomas Dziedzic]

On Thu, Dec 1, 2011 at 9:59 AM, rafael ff1  wrote:
> lib32-allegro5 [1] is not needed anymore, as lib32-allegro was updated
> from 4.x to 5.x
>
> Please delete lib32-allegro5.
>
> [1] http://aur.archlinux.org/packages.php?ID=49527
>
> Thanks

expunged

[aur-general] Deletion request

[rafael ff1]

lib32-allegro5 [1] is not needed anymore, as lib32-allegro was updated
from 4.x to 5.x

Please delete lib32-allegro5.

[1] http://aur.archlinux.org/packages.php?ID=49527

Thanks

Re: [aur-general] Mass un-notify?

[Nick Lanham]

On 11/30/2011 09:42 PM, DJ Mills wrote:

On Wed, Nov 30, 2011 at 3:35 PM, Magnus Therning  wrote:

On Wed, Nov 30, 2011 at 09:33:46PM +0100, Karol Blazewicz wrote:

On Wed, Nov 30, 2011 at 9:30 PM, Magnus Therning  wrote:

On Wed, Nov 30, 2011 at 08:36:46PM +0100, Karol Blazewicz wrote:

On Wed, Nov 30, 2011 at 8:33 PM, Magnus Therning  wrote:

I'll skip the explanation of how this situation came about and instead
just ask the question:

Is there a convenient way to remove notifications from the around 2000
packages that I currently receive notifications on?


Sort by 'Notify', check them all, uncheck the few you still want to be
notified about and pick 'Unnotify' from the actions menu.

That would work beautifully _if_ there was a way to select all
packages shown on a page with one press of the mouse button.  AFAIKS
I'd have to select each of the 2000 packages individually, hardly
"convenient" I'd say ;)


Have your kid brother / sister do it ;P
Oh c'mon, it's just 8 pages (250 packages each). Play some music and
an hour later you'll be through.

Or I can change the email address on my account in less than 1 minute.

/M

--
Magnus Therning  OpenPGP: 0xAB4DFBA4
email: mag...@therning.org   jabber: mag...@therning.org
twitter: magthe   http://therning.org/magnus

Most software today is very much like an Egyptian pyramid with
millions of bricks piled on top of each other, with no structural
integrity, but just done by brute force and thousands of slaves.
 -- Alan Kay


patches welcome for a "select all" feature :)

Just submitted one to aur-dev.  Not sure if it'll be accepted though :)

Re: [aur-general] Mass un-notify?

[Kwpolska]

On Wed, Nov 30, 2011 at 10:22 PM, Xyne  wrote:
> Magnus Therning wrote:
>
>> I'll skip the explanation of how this situation came about and instead
>> just ask the question:
>>
>> Is there a convenient way to remove notifications from the around 2000
>> packages that I currently receive notifications on?
>>
>> The easiest way seems to put in an email address that doesn't work,
>> but that doesn't feel very nice.
>>
>> /M
>
>
> Do you have a list of the AURIDs? If so, you could write a script to do it.
> Take a look at the POST form attached to the "unnotify" button.
>
> If you don't have the IDs then you can scrape the search pages for them.

or:
http://aur.archlinux.org/rpc.php?type=msearch&arg=[subject name here]

>
> /X



-- 
Kwpolska 
stop html mail      | always bottom-post
www.asciiribbon.org | www.netmeister.org/news/learn2quote.html
GPG KEY: 5EAAEA16   | Arch Linux x86_64, zsh, mutt, vim.
# vim:set textwidth=70:

Re: [aur-general] GPG Key Signing

[Peter Lewis]

On Thursday 01 Dec 2011 09:08:39 Thomas Dziedzic wrote:
> I do find it kind of abnormal that a TU does want to retain his real name.

To be fair that are loads of potential reasons why someone wouldn't want their 
actual identity disclosed in a place where discussions are archived on the web 
with timestamps and everything. He could be doing all this in a place where 
free use of the Internet is forbidden, could be on a witness protection 
programme, could be doing it while at work and slacking off and not wanting to 
get caught, could actually be Kim Jong Il in his spare time. Seriously, we 
have no way to judge reasons or not. And this isn't specific to Xyne, or 
anyone else.

My real name is actually Robert Parks.

Perhaps.

:-p


> There may be legitimate reasons for doing this or not, I don't know.
> But I also have to agree with Thomas on this one.
> I don't think anyone has actually verified that any of the given names
> are real names.
> What's important is that you're verified that you use the key to sign
> your packages in case someone does get compromised or decides to go
> rogue, then we will have a way to easily track which packages should
> become void.

Absolutely. Let's not turn into Google+ over this one...

Pete.

Re: [aur-general] [REMOVE] plasma-miniplayer-plasmoid 1.0-2

[Bartłomiej Piotrowski]

Done, votes merged into second one.

-- 
Bartłomiej Piotrowski
Arch Linux Trusted User



signature.asc
Description: OpenPGP digital signature

Re: [aur-general] Please remove my AUR account

[Peter Lewis]

On Wednesday 30 Nov 2011 22:14:21 Xyne wrote:
> Dave Reisner wrote:
> > the off topic train goes choo choo crash boom

> Back on topic, I agree with Pierre (as I usually do in issues regarding
> privacy and security).
> 
> AUR accounts should be deletable. Names can be reserved for a fixed
> period (from 3 months to 1 year) to prevent confusion.

I agree. It seems that the AUR isn't hosted in Europe, but this seems like a 
good idea and might be relevant nonetheless:

http://www.telegraph.co.uk/technology/internet/8388033/Online-right-to-be-
forgotten-confirmed-by-EU.html

Pete.

Re: [aur-general] GPG Key Signing

[Thomas Dziedzic]

On Thu, Dec 1, 2011 at 8:21 AM, Thomas Bächler  wrote:
> Am 01.12.2011 12:19, schrieb Xyne:
>> I'm in the process of getting my key signed (Pierre has signed, Thomas and
>> Ionut should sign soon, not sure if Dan will sign due to not knowing my real
>> name).
>
> Dan's way isn't just about knowing the realname. He wants to verify that
> the name is correct.
>
> I can't believe that we are having the identity verification discussion
> again, but here is what I believe: You have been elected TU (or
> Developer) and thus I trust your key. Knowing (or not knowing) your real
> name doesn't change anything. In fact, I did not verify names for anyone.
>
> What's important to me: If I find out that you release packages that are
> harmful in any way, I can revoke my signature and block your packages
> from being installed. Knowing your real name does not make that easier,
> or prevent you from doing harmful things in the first place.
>

I do find it kind of abnormal that a TU does want to retain his real name.
There may be legitimate reasons for doing this or not, I don't know.
But I also have to agree with Thomas on this one.
I don't think anyone has actually verified that any of the given names
are real names.
What's important is that you're verified that you use the key to sign
your packages in case someone does get compromised or decides to go
rogue, then we will have a way to easily track which packages should
become void.

Re: [aur-general] Developer / TU key signing, first master key available

[Peter Lewis]

On Monday 28 Nov 2011 15:12:53 Thomas Bächler wrote:
> Please note: There are many TUs (and some devs) that didn't reply to
> this request yet.

Sorry - I haven't replied to any yet and won't get a chance to until the 
weekend. Hope that doesn't delay anything... :-)

Re: [aur-general] GPG Key Signing

[Thomas Bächler]

Am 01.12.2011 12:19, schrieb Xyne:
> I'm in the process of getting my key signed (Pierre has signed, Thomas and
> Ionut should sign soon, not sure if Dan will sign due to not knowing my real
> name).

Dan's way isn't just about knowing the realname. He wants to verify that
the name is correct.

I can't believe that we are having the identity verification discussion
again, but here is what I believe: You have been elected TU (or
Developer) and thus I trust your key. Knowing (or not knowing) your real
name doesn't change anything. In fact, I did not verify names for anyone.

What's important to me: If I find out that you release packages that are
harmful in any way, I can revoke my signature and block your packages
from being installed. Knowing your real name does not make that easier,
or prevent you from doing harmful things in the first place.



signature.asc
Description: OpenPGP digital signature

Re: [aur-general] GPG Key Signing

[Ionut Biru]

On 12/01/2011 01:19 PM, Xyne wrote:
> Hi Allan,
> 
> I'm in the process of getting my key signed (Pierre has signed, Thomas and
> Ionut should sign soon, not sure if Dan will sign due to not knowing my real
> name).
> 

why are you so sure that I'll sign it?

> How do I get your signature? I can't find an email about it.
> 
> Regards,
> Xyne


-- 
Ionuț



signature.asc
Description: OpenPGP digital signature

Re: [aur-general] GPG Key Signing

[Laurent Carlier]

> Hi Allan,
> 
> I'm in the process of getting my key signed (Pierre has signed, Thomas and
> Ionut should sign soon, not sure if Dan will sign due to not knowing my real
> name).
> 
> How do I get your signature? I can't find an email about it.
> 
> Regards,
> Xyne

https://www.archlinux.org/master-keys/ ?

Re: [aur-general] GPG Key Signing

[Oon-Ee Ng]

On Dec 1, 2011 9:38 PM, "Jelle van der Waa"  wrote:
>
> On 01/12/11 14:27, Ángel Velásquez wrote:
> > 2011/12/1 Xyne :
> >> Hi Allan,
> >>
> >> I'm in the process of getting my key signed (Pierre has signed, Thomas
and
> >> Ionut should sign soon, not sure if Dan will sign due to not knowing
my real
> >> name).
> >
> > I can't understand yet your drama giving your name.
> >
> > Seriously, grow up.
> >
> >
> >
> >
> How rude!
>
> Well actually I would like to know your name too, I don't see any reason
> why wouldn't give it.
>
> --
> Jelle van der Waa

I remember reading something about knowing a person's "true name" giving
you complete power over someone...

Re: [aur-general] GPG Key Signing

[Sergej Pupykin]

At Thu, 1 Dec 2011 12:19:01 +0100,
Xyne  wrote:
> 
> Hi Allan,
> 
> I'm in the process of getting my key signed (Pierre has signed, Thomas and
> Ionut should sign soon, not sure if Dan will sign due to not knowing my real
> name).
> 
> How do I get your signature? I can't find an email about it.

You may use fake name. But as I know GPL2 requires real name. What is
the license of our pkgbuilds?

[aur-general] [REMOVE] plasma-miniplayer-plasmoid 1.0-2

[SpinFlo]

please remove https://aur.archlinux.org/packages.php?ID=23465

switch and update to https://aur.archlinux.org/packages.php?ID=54477

greetings

Re: [aur-general] GPG Key Signing

[Jelle van der Waa]

On 01/12/11 14:27, Ángel Velásquez wrote:
> 2011/12/1 Xyne :
>> Hi Allan,
>>
>> I'm in the process of getting my key signed (Pierre has signed, Thomas and
>> Ionut should sign soon, not sure if Dan will sign due to not knowing my real
>> name).
> 
> I can't understand yet your drama giving your name.
> 
> Seriously, grow up.
> 
> 
> 
> 
How rude!

Well actually I would like to know your name too, I don't see any reason
why wouldn't give it.

-- 
Jelle van der Waa

Re: [aur-general] GPG Key Signing

[Ángel Velásquez]

2011/12/1 Xyne :
> Hi Allan,
>
> I'm in the process of getting my key signed (Pierre has signed, Thomas and
> Ionut should sign soon, not sure if Dan will sign due to not knowing my real
> name).

I can't understand yet your drama giving your name.

Seriously, grow up.




-- 
Angel Velásquez
angvp @ irc.freenode.net
Arch Linux Developer / Trusted User
Linux Counter: #359909
http://www.angvp.com

Re: [aur-general] Unsigned packages in [community-testing]

[Jelle van der Waa]

On 30/11/11 19:43, Lukas Fleischer wrote:
> On Wed, Nov 30, 2011 at 11:07:28AM -0600, Dan McGee wrote:
>> TUs,
>>
>> There are only three unsigned "packages" in [community-testing] right
>> now: fail2ban (since April!), and packagekit for both architectures.
>> Can these please be rebuilt so we can mark all of [core], [testing],
>> and [community-testing] as signatures required?
> 
> Done :)
> 
>>
>> Thanks!
>> -Dan
Thanks, fail2ban is still in [community-testing] for TodoList "Remove
/var/run/* and /var/lock/* from packages". Or can it be moved to
[community] now?


-- 
Jelle van der Waa

Re: [aur-general] Remove perl-test-shared-fork

[Chris Brannon]

Christian Sturm  writes:

> I am the maintainer of perl-test-shared-fork and request its
> removal.

Done.

-- Chris


pgpMYKHNe2axq.pgp
Description: PGP signature

Re: [aur-general] GPG Key Signing

[Xyne]

fail

kindly keep the mocking to a minimum then ignore this

[aur-general] GPG Key Signing

[Xyne]

Hi Allan,

I'm in the process of getting my key signed (Pierre has signed, Thomas and
Ionut should sign soon, not sure if Dan will sign due to not knowing my real
name).

How do I get your signature? I can't find an email about it.

Regards,
Xyne

Re: [aur-general] Developer/TU key signing

[Xyne]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Ionut Biru wrote:

> Hi,
> 
> my arch master key is available [1] with fingerprint 44D4 A033 AC14 0143
> 9273  97D4 7EFD 567D 4C7E A887.
> 
> Every packager please do:
> 
> 1) reply this email in the mailing list, include gerolde/sigurd username
> and sign your reply using your gpg key.
> 2) name at least one package you already signed.
> 
> [1] https://dev.archlinux.org/~ibiru/ionut_AT_master-key.archlinux.org
> 
> 
> -- 
> Ionuț

sigurd: xyne
[community]: ghemical

trying again with inline signing... (testing email client settings)
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)

iQEcBAEBAgAGBQJO12EcAAoJEFztgbfC5cDS6VsIAJgUYuNIAwO5vudMj6NJRfYT
na/n2+vkfVC4rBHVf40HvU2NOzRgZ5DqsM0rmTGi2n0aN7B8c0tdI2yQ/t2GNyn/
qkG9kXX0ovlIA47jNH2M/jqwW2olGRzEcKQNQkzOibRe6qogQfg1x7nEIepDKrs3
8f6LWSE8dZZau5mtZWBZcrOVMk7veD/TtxtijybJHABmFjS2UdTlFhRVtUMh4jid
30mAl805BKLax2TLgS8No/VwVoC5EDHl5mPQLeIk1d9DX8r+8D74c0ZiYjwi8UdY
rc39LvWOVRXkPAuB8mceRhOIAvrOIdjPE4TQWojR/IUsIMNLq3hysS4XmF4G8ds=
=4N8W
-END PGP SIGNATURE-

Re: [aur-general] Developer/TU key signing

[Xyne]

Ionut Biru wrote:

> Hi,
> 
> my arch master key is available [1] with fingerprint 44D4 A033 AC14 0143
> 9273  97D4 7EFD 567D 4C7E A887.
> 
> Every packager please do:
> 
> 1) reply this email in the mailing list, include gerolde/sigurd username
> and sign your reply using your gpg key.
> 2) name at least one package you already signed.
> 
> [1] https://dev.archlinux.org/~ibiru/ionut_AT_master-key.archlinux.org
> 
> 
> -- 
> Ionuț
> 

sigurd: xyne
[community]: ghemical



signature.asc
Description: PGP signature

[aur-general] Remove perl-test-shared-fork

[Christian Sturm]

(Forgive me if this message arrives twice)

I am the maintainer of perl-test-shared-fork and request its
removal.

URL of perl-test-shared-fork:
https://aur.archlinux.org/packages.php?ID=37467

When I created the package I accidentally added a dash in the
shared-fork part of the package name. This Perl module however
is called Test::SharedFork, so the name is wrong. I added this
package as a dependency for perl-test-tcp, which now depends on
the correctly named module, so the removal should not break
anything. The votes could be merged with perl-test-sharedfork.

URL of the correctly named perl-test-sharedfork:
https://aur.archlinux.org/packages.php?ID=54454

[aur-general] Signoff report for [community-testing]

[Arch Website Notification]

=== Signoff report for [community-testing] ===
https://www.archlinux.org/packages/signoffs/

There are currently:
* 9 new packages in last 24 hours
* 0 known bad packages
* 0 packages not accepting signoffs
* 1 fully signed off package
* 68 packages missing signoffs
* 4 packages older than 14 days

(Note: the word 'package' as used here refers to packages as grouped by
pkgbase, architecture, and repository; e.g., one PKGBUILD produces one
package per architecture, even if it is a split package.)


== New packages in [community-testing] in last 24 hours (9 total) ==

* fail2ban-0.8.4-4 (any)
* glom-1.20.1-1 (i686)
* mygui-3.2.0rc1-10 (i686)
* packagekit-0.6.19-3 (i686)
* wt-3.2.0-1 (i686)
* glom-1.20.1-1 (x86_64)
* mygui-3.2.0rc1-10 (x86_64)
* packagekit-0.6.19-3 (x86_64)
* wt-3.2.0-1 (x86_64)


== Incomplete signoffs for [community] (66 total) ==

* eclipse-emf-2.7.1-1 (any)
0/2 signoffs
* fail2ban-0.8.4-4 (any)
0/2 signoffs
* pacman-contrib-4.0.1-1 (any)
1/2 signoffs
* cclive-0.7.7-2 (i686)
0/2 signoffs
* encfs-1.7.4-6 (i686)
0/2 signoffs
* expac-0.07-1 (i686)
0/2 signoffs
* fatrat-1.2.0_beta1-2 (i686)
0/2 signoffs
* frogatto-1.1.1-6 (i686)
0/2 signoffs
* glob2-0.9.4.4-10 (i686)
0/2 signoffs
* glom-1.20.1-1 (i686)
0/2 signoffs
* gnash-0.8.9-7 (i686)
0/2 signoffs
* gpsdrive-2.11-11 (i686)
0/2 signoffs
* i3-wm-4.1-2 (i686)
0/2 signoffs
* i3lock-2.2-2 (i686)
0/2 signoffs
* lightspark-0.5.2.1-3 (i686)
0/2 signoffs
* luxrays-0.8-7 (i686)
0/2 signoffs
* luxrender-0.8-10 (i686)
0/2 signoffs
* mapnik-0.7.1-12 (i686)
0/2 signoffs
* mongodb-2.0.1-3 (i686)
0/2 signoffs
* mygui-3.2.0rc1-10 (i686)
0/2 signoffs
* ogre-1.8.0RC1-3 (i686)
0/2 signoffs
* packagekit-0.6.19-3 (i686)
0/2 signoffs
* performous-0.6.1-11 (i686)
0/2 signoffs
* pingus-0.7.5-2 (i686)
0/2 signoffs
* pion-net-4.0.7-2 (i686)
0/2 signoffs
* pokerth-0.8.3-6 (i686)
0/2 signoffs
* qbittorrent-2.9.2-4 (i686)
0/2 signoffs
* qtcreator-2.4.0rc-1 (i686)
0/2 signoffs
* schroot-1.4.23-3 (i686)
0/2 signoffs
* smc-1.9-13 (i686)
0/2 signoffs
* spring-0.84.0-1 (i686)
0/2 signoffs
* springlobby-0.139-3 (i686)
0/2 signoffs
* tagpy-0.94.8-6 (i686)
0/2 signoffs
* twinkle-1.4.2-12 (i686)
0/2 signoffs
* wt-3.2.0-1 (i686)
0/2 signoffs
* cclive-0.7.7-2 (x86_64)
0/2 signoffs
* encfs-1.7.4-6 (x86_64)
0/2 signoffs
* fatrat-1.2.0_beta1-2 (x86_64)
0/2 signoffs
* frogatto-1.1.1-6 (x86_64)
1/2 signoffs
* glob2-0.9.4.4-10 (x86_64)
0/2 signoffs
* glom-1.20.1-1 (x86_64)
0/2 signoffs
* gnash-0.8.9-7 (x86_64)
0/2 signoffs
* gpsdrive-2.11-11 (x86_64)
0/2 signoffs
* i3-wm-4.1-2 (x86_64)
0/2 signoffs
* i3lock-2.2-2 (x86_64)
0/2 signoffs
* lightspark-0.5.2.1-3 (x86_64)
0/2 signoffs
* luxrays-0.8-7 (x86_64)
0/2 signoffs
* luxrender-0.8-10 (x86_64)
0/2 signoffs
* mapnik-0.7.1-12 (x86_64)
0/2 signoffs
* mongodb-2.0.1-3 (x86_64)
0/2 signoffs
* mygui-3.2.0rc1-10 (x86_64)
0/2 signoffs
* ogre-1.8.0RC1-3 (x86_64)
0/2 signoffs
* packagekit-0.6.19-3 (x86_64)
0/2 signoffs
* performous-0.6.1-11 (x86_64)
1/2 signoffs
* pingus-0.7.5-2 (x86_64)
1/2 signoffs
* pion-net-4.0.7-2 (x86_64)
0/2 signoffs
* pokerth-0.8.3-6 (x86_64)
0/2 signoffs
* qbittorrent-2.9.2-4 (x86_64)
0/2 signoffs
* qtcreator-2.4.0rc-1 (x86_64)
0/2 signoffs
* schroot-1.4.23-3 (x86_64)
0/2 signoffs
* smc-1.9-13 (x86_64)
1/2 signoffs
* spring-0.84.0-1 (x86_64)
0/2 signoffs
* springlobby-0.139-3 (x86_64)
0/2 signoffs
* tagpy-0.94.8-6 (x86_64)
0/2 signoffs
* twinkle-1.4.2-12 (x86_64)
0/2 signoffs
* wt-3.2.0-1 (x86_64)
0/2 signoffs

== Incomplete signoffs for [unknown] (2 total) ==

* percona-server-5.5.17_rel22.1-1 (i686)
0/2 signoffs
* percona-server-5.5.17_rel22.1-1 (x86_64)
0/2 signoffs


== Completed signoffs (1 total) ==

* expac-0.07-1 (x86_64)


== All packages in [community-testing] for more than 14 days (4 total) ==

* expac-0.07-1 (i686), since 2011-10-13
* expac-0.07-1 (x86_64), since 2011-10-13
* qtcreator-2.4.0rc-1 (i686), since 2011-11-17
* qtcreator-2.4.0rc-1 (x86_64), since 2011-11-17


== Top five in signoffs in last 24 hours ==

1. giovanni - 10 signoffs
2. lcarlier - 7 signoffs
3. dan - 2 signoffs
4. foutrelis - 2 signoffs
5. stephane - 1 signoffs