Re: GPG Workshop during DebCamp
Hi, On Fri, 2024-07-26 at 14:08 +0900, Justus Winter wrote: > In the OpenPGP ecosystem, we have seen that people think that if GnuPG > accepts an artifact, then it must be okay to emit such an artifact. As > you can see [0], GnuPG still accepts SHA1-based signatures. And, we > have seen big players [1][2] use SHA-1 in their signing keys. > > 0: https://tests.sequoia-pgp.org/#Signature_over_the_shattered_collision > 1: https://github.com/microsoft/linux-package-repositories/issues/47 > 2: https://bugzilla.redhat.com/show_bug.cgi?id=2170878#c19 > > We considerably improved the situation by rejecting these signatures, > even though that caused a considerable amount of pain in the short term. Recently on debian-vote@ it was pointed out repeatedly that SHA-1 is still a perfectly secure hash algorithm for many applications (probably just as MD5). If Debian already relies on SHA-1 to be a cryptographic strong hash, there is probably no reason to not accept SHA-1 signatures nor for hashes other than SHA-1 in Packages/Sources indices (or even just MD5 to save space). Currently dak already has code to reject SHA-1 signatures, but maybe we should also remove that given SHA-1-based signatures are trusted by other parts as well. Ansgar
Re: [DebConf Scedule change] "Let's talk about the elephant in the room" DebConf20 in Israel session
On Sat, 2019-07-27 at 09:07 -0700, Steve Langasek wrote: > On Sat, Jul 27, 2019 at 10:21:18AM +0200, Ansgar wrote: > > + > > > We need to have an open discussion about the political message that > > > this project decision sends, and how it affects the people within > > > our community who support the BDS (Boycott, Disinvestment, > > > Sanctions) movement against the policies of the Israeli Government, > > > all the while reiterating our support to the individual members of > > > the local organizing team, who are our peers in Debian. > > > > > > A campaign has been brewing for a few weeks, calling on the DebConf > > > Committee and the Debian Community to rescind the decision of > > > holding the project’s yearly conference in Israel. > > + > > The BDS movement is widely described as antisemitic. Why should we > > care about it? > > Because the defenders of Israel's racist and genocidal policies describe > everyone that opposes them as antisemitic as a means of shutting down > legitimate criticism, and therefore something being "widely described" as > antisemitic tells you nothing about whether it is antisemitic, only about > whether it opposes some policy of the Israeli state. The previous discussion on debconf-discuss@ gave me enough context; it pretty much looks like the antisemitic case here. See also the quote that was in my original mail; if that's what you want to defend... Ansgar
Re: [DebConf Scedule change] "Let's talk about the elephant in the room" DebConf20 in Israel session
On Sat, 2019-07-27 at 08:27 -0400, micah anderson wrote: > Ansgar writes: > The BDS movement is widely described as antisemitic. Why should we > > care about it? > > No, it is not widely described as antisemitic, it is anti-zionist. There > is a difference. BDS is widely described as antisemitic even when you care about some difference. Ansgar
Re: [DebConf Scedule change] "Let's talk about the elephant in the room" DebConf20 in Israel session
On Fri, 2019-07-26 at 19:18 -0300, Jonathan Carter wrote: > Tomorrow morning in "Sala de Videoconferencia", there will be an open > discussion regarding political concerns around holding DebConf20 in > Israel. Everyone at DebConf is welcome to join this session. > > Read the full description on the DC19 website for more details > : > "Let's talk about the elephant in the room": > https://debconf19.debconf.org/talks/173-lets-talk-about-the-elephant-in- > the-room/ >From that page: + | We need to have an open discussion about the political message that | this project decision sends, and how it affects the people within | our community who support the BDS (Boycott, Disinvestment, | Sanctions) movement against the policies of the Israeli Government, | all the while reiterating our support to the individual members of | the local organizing team, who are our peers in Debian. | | A campaign has been brewing for a few weeks, calling on the DebConf | Committee and the Debian Community to rescind the decision of | holding the project’s yearly conference in Israel. + The BDS movement is widely described as antisemitic. Why should we care about it? To be very honest: if people suggest to kick out people for not agreeing with same-sex marriage, but apparently care about accomodate antisemitic movements, that also sends a political message. One that I don't like very much. Given that the thread on -discuss that started it had such "fun" allegations such as +-- | Any DD who lives in Israel is a direct contributor financially and | morally to apartheid and genocide against the Palestinian people. | [...] | There is no such thing as an innocent Israeli just like there is no | such thing as a innocent Nazi. +--[ https://lists.debian.org/debconf-discuss/2019/03/msg00041.html ] did not really improve my view on the group asking for this... (It rather contributed to the description of BDS as antisemitic.) Does it really need a discussion to say "no" to this? Ansgar
Re: Suggestions, questions and concerns about DebConf19?
John Paul Adrian Glaubitz writes: >>> Or imagine an attendee commits a felony, you need to be able to >>> identify them as well. >> >> Talk to the police. > > Even the police cannot identify a foreigner without passport documents. They can. Why do you think they collect photos and fingerprints when entering the country? Ansgar