Re: [arch-general] signature from Thorsten Tpper x...@xxx.xxx is unknown trust
On Mon, 28 Jan 2013 15:56:37 +0100 Sébastien Luttringer se...@seblu.net wrote: Have an archlinux-keyring updated before key expiration is an elegant solution. Cheers, Indeed. Also, it was my mistake not to update the key before it expired and I have to apologize for that. By now there is a new archlinux-keyring package that contains the updated key. I'm sorry for all the trouble this has caused. signature.asc Description: PGP signature
Re: [arch-general] [arch-dev-public] Silent removal of initscripts?
Am 28.01.2013 21:28, schrieb Evangelos Foutras: On 28 January 2013 21:30, Tom Gundersen t...@jklm.no wrote: IMNSHO, it would probably be best to just unequivocally declare the rc scripts as dead and unsupported rather than try to play catch-up now. I agree with this, no half measures. :) You made the announcement [1] in early November; title was pretty clear; time-frame was provided. There's nothing else left to do now but to drop the initscripts and sysvinit packages. [1] https://www.archlinux.org/news/end-of-initscripts-support/ a new announcement would only make sense for those, who totally slept the whole time. the majority of users sticking with initscripts does not do that because of lack of interest in systemd. my vserver hoster (netcup.de, german provider) does not provide an up-to-date kernel and, although first made aware of the upcoming change in september, now begins beta testing a new virtualization (kvm, linux vserver before). its still some time (up to two month) until i can finally migrate to systemd. i would be very glad, if there was a sysvinit-scripts package for the time beeing. thanks for considering.
Re: [arch-general] signature from Thorsten Tpper x...@xxx.xxx is unknown trust
On Mon, Jan 28, 2013 at 4:08 PM, Thorsten Töpper atsut...@freethoughts.de wrote: On Mon, 28 Jan 2013 15:56:37 +0100 Sébastien Luttringer se...@seblu.net wrote: Have an archlinux-keyring updated before key expiration is an elegant solution. Cheers, Indeed. Also, it was my mistake not to update the key before it expired and I have to apologize for that. By now there is a new archlinux-keyring package that contains the updated key. I'm sorry for all the trouble this has caused. Bonus question, why did the key even expire? -- Kwpolska http://kwpolska.tk | GPG KEY: 5EAAEA16 stop html mail| always bottom-post http://asciiribbon.org| http://caliburn.nl/topposting.html
Re: [arch-general] signature from Thorsten Tpper x...@xxx.xxx is unknown trust
On Mon, Jan 28, 2013 at 04:09:54PM +0100, Kwpolska wrote: On Mon, Jan 28, 2013 at 4:08 PM, Thorsten Töpper atsut...@freethoughts.de wrote: On Mon, 28 Jan 2013 15:56:37 +0100 Sébastien Luttringer se...@seblu.net wrote: Have an archlinux-keyring updated before key expiration is an elegant solution. Cheers, Indeed. Also, it was my mistake not to update the key before it expired and I have to apologize for that. By now there is a new archlinux-keyring package that contains the updated key. I'm sorry for all the trouble this has caused. Bonus question, why did the key even expire? That's generally what happens when you put an expiration date on a GPG key and time passes up until the current time exceeds the expiration date.
[arch-general] efi boot kernel file sync - is it still necessary for refind?
According to https://wiki.archlinux.org/index.php/UEFI_Bootloaders#Sync_EFISTUB_Kernel_in_UEFISYS_partition_using_Systemd The recent (and current) version of refind-efi auto-detects efi kernels in /boot and that wiki article says that it is no longer necessary to sync files from /boot/ to /boot/efi/EFI/arch/ Does that mean when first installing arch in a uefi system then it is also no longer necessary to copy the vmlinuz and initramfs files to the EFI /arch/ directory at all? Or is it necessary only once as indicated in the wiki? i.e. is the wiki fully up to date? Thanks. -- mike c
Re: [arch-general] efi boot kernel file sync - is it still necessary for refind?
On Mon, Jan 28, 2013 at 9:10 PM, Mike Cloaked mike.cloa...@gmail.comwrote: According to https://wiki.archlinux.org/index.php/UEFI_Bootloaders#Sync_EFISTUB_Kernel_in_UEFISYS_partition_using_Systemd The recent (and current) version of refind-efi auto-detects efi kernels in /boot and that wiki article says that it is no longer necessary to sync files from /boot/ to /boot/efi/EFI/arch/ Does that mean when first installing arch in a uefi system then it is also no longer necessary to copy the vmlinuz and initramfs files to the EFI /arch/ directory at all? Or is it necessary only once as indicated in the wiki? i.e. is the wiki fully up to date? Thanks. Secondly does the Beginners Guide at https://wiki.archlinux.org/index.php/Beginners%27_Guide need the section on Efistub updating to reflect the same change for using refind-efi? -- mike c
Re: [arch-general] Winter Cleanup of [community]
Alexander Rødseth rods...@gmail.com writes: Hi, It's time again for the yearly cleanup of the [community] repository. Somehow, time passed, and it's now too late for a Christmas Cleanup like last year. Instead I'm announcing a Winter Cleanup, which I think is a better name as well. Well, it looks like espeakup got cleaned. Could someone please add it back? It is pretty much necessary for blind users, of which there are a few. If it really needs a maintainer that badly, I'd consider reapplying for my TU position. Thanks, -- Chris
Re: [arch-general] signature from Thorsten Tpper x...@xxx.xxx is unknown trust
On Mon, Jan 28, 2013 at 6:05 PM, Dave Reisner d...@falconindy.com wrote: That's generally what happens when you put an expiration date on a GPG key and time passes up until the current time exceeds the expiration date. http://www.youtube.com/watch?v=DRMBxnxWiNQ
Re: [arch-general] signature from Thorsten Tpper x...@xxx.xxx is unknown trust
[2013-01-28 23:36:48 -0300] Martín Cigorraga: On Mon, Jan 28, 2013 at 6:05 PM, Dave Reisner d...@falconindy.com wrote: That's generally what happens when you put an expiration date on a GPG key and time passes up until the current time exceeds the expiration date. http://www.youtube.com/watch?v=DRMBxnxWiNQ Please. Dave's answer certainly misses the real question of why Thorsten would want an expiration date on his GPG key, but if that was what you meant to say just spare us the drama and say it. -- Gaetan
Re: [arch-general] signature from Thorsten Tpper x...@xxx.xxx is unknown trust
Hi, Am 29.01.2013 04:37, schrieb Gaetan Bisson: Dave's answer certainly misses the real question of why Thorsten would want an expiration date on his GPG key, Because its good and common practice. There are several reasons for this, one of which is a compromise. When you got compromised and lose your revocation certificate, too, the key will expire at some point in time. I'm not sure about GPG, but in case of X.509 it also helps to keep the certificate revocations lists (CRL) short, as certificates, which are expired anyway, don't have to be listed here explicitly. When doing everything right, this kind of issues shouldn't happen, as you would update the involved keys (and packages) early enough. Obviously we are all just humans and tend to forget about these things, especially when they work just flawlessly for a reasonable amount of time ;). Best regards, Karol Babioch signature.asc Description: OpenPGP digital signature
Re: [arch-general] signature from Thorsten Tpper x...@xxx.xxx is unknown trust
[2013-01-29 04:51:49 +0100] Karol Babioch: Am 29.01.2013 04:37, schrieb Gaetan Bisson: Dave's answer certainly misses the real question of why Thorsten would want an expiration date on his GPG key, Because its good and common practice. There are several reasons for this, one of which is a compromise. When you got compromised and lose your revocation certificate, too, the key will expire at some point in time. So instead of impersonating you for the rest of your life, the attacker who compromised your key can only do so for a whole year? Well, only a few hours generally suffice for them to cause terrible damage - that is certainly true with Arch's package signing infrastructure. Expiring keys trade ease-of-use for a fake sense of security, so better avoid them and actually secure your key and revocation certificates. I'm not sure about GPG, but in case of X.509 it also helps to keep the certificate revocations lists (CRL) short, as certificates, which are expired anyway, don't have to be listed here explicitly. In my opinion, that's a moot technical point which does not concern GPG. Cheers. -- Gaetan pgpWhLTBHEXMy.pgp Description: PGP signature
