Re: removing permissions for long unused accounts, take 2

2022-07-12 Thread Dmitry Selyutin 
Hi Bruno,

On Wed, Jul 13, 2022 at 8:18 AM Bruno Haible  wrote:
>
>  Dmitry Selyutin
> OK to proceed?

I'm fine with revoking my write permissions. I still have plans to
check on Python gnulib, but, if I will do it, it's simple to restore
the permissions. Until then, let's follow the principle of least
privilege.

P.S. By the way, it's amazing to be in one list with such people, even
though we're talking of those who must have their permissions revoked.
:-)

-- 
Best regards,
Dmitry Selyutin

removing permissions for long unused accounts, take 2

2022-07-12 Thread Bruno Haible 
Hi,

I started this topic in 2021, in [1]: a proposal to remove write
permissions from accounts who haven't pushed in a long while.
There was agreement [2] that contributors who had not directly pushed
a commit in a year could be revoked the write permission.

The discussion ended with the question who of the gnulib savannah
admins wanted to do it.

What has changed since then:

  * The log4j incident in December 2021 and a couple of similar
incidents in the npm world have brought to everyone's attention
that software supply chain is critical.
As a reaction, the Linux Foundation has created a sub-foundation [3],
GitHub will make 2FA mandatory by the end of 2023 [4], and similar
moves are underway in the Ruby and Python communities [5].

In GNU, Gnulib is probably, together with the Autotools, one of the
most critical elements of the software supply chain. If a trojan/malware
commit gets into Gnulib, we would have big trouble.

Also:

  * Since July 2021, I am co-maintainer of Gnulib, and one of the gnulib
savannah admins.

Therefore I would now like to actually do it.

Dmitry's recipe [6] gives the following result:

$ git log --pretty=fuller --since='1 year' | git shortlog -c -s
 1  Akim Demaille
 1  Ben Pfaff
 4  Bernhard Voelker
   262  Bruno Haible
 5  Jim Meyering
31  Karl Berry
 2  Marc Nieper-Wißkirchen
   214  Paul Eggert
 5  Pádraig Brady
 1  Reuben Thomas
17  Simon Josefsson

Also, I wouldn't want to remove Eric Blake, since he's an admin too.

So, the list of people (to notify per mail and to remove from the
membership list on savannah) are the following:

  Assaf Gordon
  Andreas Gruenbacher
  Bruce Korb
  Ludovic Courtès
  Derek Robert Price
  Eli Zaretskii
  Gary V. Vaughan
  Gerd Moellmann
  Dmitry Selyutin
  Sergey Poznyakoff
  James Youngman
  Joel E. Denny
  Kamil Dudka
  Dmitry V. Levin
  Stefan Monnier
  Richard M. Stallman
  Ralf Wildenhues
  Siddhesh Poyarekar
  Stefano Lattarini
  Daiki Ueno
  Jeff Bailey

OK to proceed?

  Bruno

[1] https://lists.gnu.org/archive/html/bug-gnulib/2021-02/msg00070.html
[2] https://lists.gnu.org/archive/html/bug-gnulib/2021-02/msg00085.html
[3] 
https://www.linuxfoundation.org/blog/linux-foundation-defending-the-global-software-supply-chain-from-cyberattacks-in-2021/
[4] 
https://www.theverge.com/2022/5/4/23056799/github-contributors-2fa-two-factor-authentication-2023
[5] 
https://portswigger.net/daily-swig/pypi-repo-to-distribute-4-000-security-keys-to-maintainers-of-critical-projects-in-2fa-drive
[6] https://lists.gnu.org/archive/html/bug-gnulib/2021-02/msg00087.html

Re: bug#56524: doc: timezone offset conversion/info

2022-07-12 Thread Paul Eggert 

On 7/12/22 15:57, Karl Berry wrote:


$ TZ=UTC-4 date -d 'TZ="UTC" 2022-07-24 15:00'


This doesn't mean what you want, because TZ=UTC-4 means "My time zone is 
abbreviated 'UTC', and it's four hours east of Greenwich" which is not a 
useful setting.


You're not the first person to run afoul of POSIX TZ strings, which are 
poorly designed. I installed the attached patch to Gnulib to give 
another example, which I hope clarifies things a bit. I'll cc this email 
to bug-gnulib since the problem is in Gnulib not Coreutils proper.



If the offset syntax is documented anywhere, I couldn't find it. Sorry.


It's documented in the glibc manual, and this part of the Coreutils 
manual (actually, taken from Gnulib) has a cross-reference to that.



BTW, in neither case did --debug clarify anything for me. In fact, it
confused me more, because the output seemingly did not include anything
about the offset at all, just reporting "UTC".


It'd be nice if --debug could diagnose invalid TZ settings. However, 
this would likely require glibc support along the lines of what's in 
tzcode and NetBSD (the tzalloc function).From f65d00ebacc891e57cca729041d028d07d1883bb Mon Sep 17 00:00:00 2001
From: Paul Eggert 
Date: Tue, 12 Jul 2022 17:11:26 -0700
Subject: [PATCH] parse-datetime: improve doc for TZ="<-07>7" etc.

* doc/parse-datetime.texi (Specifying time zone rules):
Give examples of POSIX TZ strings that specify UTC offsets (Bug#56524).
---
 ChangeLog   |  6 ++
 doc/parse-datetime.texi | 24 +---
 2 files changed, 27 insertions(+), 3 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index cd01e0208e..f245082aa6 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2022-07-12  Paul Eggert  
+
+	parse-datetime: improve doc for TZ="<-07>7" etc.
+	* doc/parse-datetime.texi (Specifying time zone rules):
+	Give examples of POSIX TZ strings that specify UTC offsets (Bug#56524).
+
 2022-07-10  Bruno Haible  
 
 	sigsegv: Optimize stackvma implementation for AIX 7.
diff --git a/doc/parse-datetime.texi b/doc/parse-datetime.texi
index 44305d136c..7939273691 100644
--- a/doc/parse-datetime.texi
+++ b/doc/parse-datetime.texi
@@ -554,9 +554,27 @@ The @samp{tz} database includes a wide variety of locations ranging
 from @samp{Arctic/Longyearbyen} to @samp{Antarctica/South_Pole}, but
 if you are at sea and have your own private time zone, or if you are
 using a non-GNU host that does not support the @samp{tz}
-database, you may need to use a POSIX rule instead.  Simple
-POSIX rules like @samp{UTC0} specify a time zone without
-daylight saving time; other rules can specify simple daylight saving
+database, you may need to use a POSIX rule instead.
+The previously-mentioned POSIX rule @samp{UTC0} says that the time zone
+abbreviation is @samp{UTC}, the zone is zero hours away from
+Greenwich, and there is no daylight saving time.
+Simple POSIX rules like this can also specify nonzero Greenwich offsets.
+For example, the following shell transcript answers the question
+``What time is it five and a half hours east of Greenwich when a clock
+seven hours west of Greenwich shows 9:50pm on July 12, 2022?''
+
+@example
+$ TZ="<+0530>-5:30" date --date='TZ="<-07>7" 2022-07-12 21:50'
+Wed Jul 13 10:20:00 +0530 2022
+@end example
+
+@noindent
+This example uses the somewhat-confusing POSIX convention for TZ strings.
+@samp{TZ="<-07>7"} says that the time zone abbreviation is @samp{-07}
+and the time zone is 7 hours west of Greenwich, and
+@samp{TZ="<+0530>-5:30"} says that the time zone abbreviation is @samp{+0530}
+and the time zone is 5 hours 30 minutes east of Greenwich.
+More-complex POSIX TZ strings can specify simple daylight saving
 regimes.  @xref{TZ Variable,, Specifying the Time Zone with @code{TZ},
 libc, The GNU C Library}.
 
-- 
2.34.1